diff --git a/CHANGELOG.md b/CHANGELOG.md index 33e380f143a..6b735d0b19f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,16 @@ +Release v1.44.48 (2022-07-05) +=== + +### Service Client Updates +* `service/config`: Updates service documentation +* `service/models.lex.v2`: Updates service API and documentation +* `service/quicksight`: Updates service API and documentation + * This release allows customers to programmatically create QuickSight accounts with Enterprise and Enterprise + Q editions. It also releases allowlisting domains for embedding QuickSight dashboards at runtime through the embedding APIs. +* `service/rds`: Updates service API, documentation, waiters, paginators, and examples + * Adds waiters support for DBCluster. +* `service/rolesanywhere`: Adds new service +* `service/ssm-incidents`: Updates service API and documentation + Release v1.44.47 (2022-07-01) === diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go index f31b5040cd9..c5473e8df2d 100644 --- a/aws/endpoints/defaults.go +++ b/aws/endpoints/defaults.go @@ -17348,6 +17348,67 @@ var awsPartition = partition{ }: endpoint{}, }, }, + "rolesanywhere": service{ + Endpoints: serviceEndpoints{ + endpointKey{ + Region: "ap-east-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-2", + }: endpoint{}, + endpointKey{ + Region: "ap-northeast-3", + }: endpoint{}, + endpointKey{ + Region: "ap-south-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-1", + }: endpoint{}, + endpointKey{ + Region: "ap-southeast-2", + }: endpoint{}, + endpointKey{ + Region: "ca-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-central-1", + }: endpoint{}, + endpointKey{ + Region: "eu-north-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-1", + }: endpoint{}, + endpointKey{ + Region: "eu-west-2", + }: endpoint{}, + endpointKey{ + Region: "eu-west-3", + }: endpoint{}, + endpointKey{ + Region: "me-south-1", + }: endpoint{}, + endpointKey{ + Region: "sa-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-1", + }: endpoint{}, + endpointKey{ + Region: "us-east-2", + }: endpoint{}, + endpointKey{ + Region: "us-west-1", + }: endpoint{}, + endpointKey{ + Region: "us-west-2", + }: endpoint{}, + }, + }, "route53": service{ PartitionEndpoint: "aws-global", IsRegionalized: boxedFalse, diff --git a/aws/version.go b/aws/version.go index db48f9c71d2..4c80047d606 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.44.47" +const SDKVersion = "1.44.48" diff --git a/models/apis/config/2014-11-12/docs-2.json b/models/apis/config/2014-11-12/docs-2.json index 4bc7364c223..572df67876e 100644 --- a/models/apis/config/2014-11-12/docs-2.json +++ b/models/apis/config/2014-11-12/docs-2.json @@ -37,9 +37,9 @@ "DescribeDeliveryChannelStatus": "

Returns the current status of the specified delivery channel. If a delivery channel is not specified, this action returns the current status of all delivery channels associated with the account.

Currently, you can specify only one delivery channel per region in your account.

", "DescribeDeliveryChannels": "

Returns details about the specified delivery channel. If a delivery channel is not specified, this action returns the details of all delivery channels associated with the account.

Currently, you can specify only one delivery channel per region in your account.

", "DescribeOrganizationConfigRuleStatuses": "

Provides organization Config rule deployment status for an organization.

The status is not considered successful until organization Config rule is successfully deployed in all the member accounts with an exception of excluded accounts.

When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, when you request all the organization Config rules.

", - "DescribeOrganizationConfigRules": "

Returns a list of organization Config rules.

When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, when you request all the organization Config rules.

", + "DescribeOrganizationConfigRules": "

Returns a list of organization Config rules.

When you specify the limit and the next token, you receive a paginated response.

Limit and next token are not applicable if you specify organization Config rule names. It is only applicable, when you request all the organization Config rules.

For accounts within an organzation

If you deploy an organizational rule or conformance pack in an organization administrator account, and then establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated administrator account, you won't be able to see the organizational rule or conformance pack in the organization administrator account from the delegated administrator account or see the organizational rule or conformance pack in the delegated administrator account from organization administrator account. The DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only see and interact with the organization-related resource that were deployed from within the account calling those APIs.

", "DescribeOrganizationConformancePackStatuses": "

Provides organization conformance pack deployment status for an organization.

The status is not considered successful until organization conformance pack is successfully deployed in all the member accounts with an exception of excluded accounts.

When you specify the limit and the next token, you receive a paginated response. Limit and next token are not applicable if you specify organization conformance pack names. They are only applicable, when you request all the organization conformance packs.

", - "DescribeOrganizationConformancePacks": "

Returns a list of organization conformance packs.

When you specify the limit and the next token, you receive a paginated response.

Limit and next token are not applicable if you specify organization conformance packs names. They are only applicable, when you request all the organization conformance packs.

", + "DescribeOrganizationConformancePacks": "

Returns a list of organization conformance packs.

When you specify the limit and the next token, you receive a paginated response.

Limit and next token are not applicable if you specify organization conformance packs names. They are only applicable, when you request all the organization conformance packs.

For accounts within an organzation

If you deploy an organizational rule or conformance pack in an organization administrator account, and then establish a delegated administrator and deploy an organizational rule or conformance pack in the delegated administrator account, you won't be able to see the organizational rule or conformance pack in the organization administrator account from the delegated administrator account or see the organizational rule or conformance pack in the delegated administrator account from organization administrator account. The DescribeOrganizationConfigRules and DescribeOrganizationConformancePacks APIs can only see and interact with the organization-related resource that were deployed from within the account calling those APIs.

", "DescribePendingAggregationRequests": "

Returns a list of all pending aggregation requests.

", "DescribeRemediationConfigurations": "

Returns the details of one or more remediation configurations.

", "DescribeRemediationExceptions": "

Returns the details of one or more remediation exceptions. A detailed view of a remediation exception for a set of resources that includes an explanation of an exception and the time when the exception will be deleted. When you specify the limit and the next token, you receive a paginated response.

Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.

When you specify the limit and the next token, you receive a paginated response.

Limit and next token are not applicable if you request resources in batch. It is only applicable, when you request all resources.

", @@ -76,8 +76,8 @@ "PutEvaluations": "

Used by an Lambda function to deliver evaluation results to Config. This action is required in every Lambda function that is invoked by an Config rule.

", "PutExternalEvaluation": "

Add or updates the evaluations for process checks. This API checks if the rule is a process check when the name of the Config rule is provided.

", "PutOrganizationConfigRule": "

Adds or updates organization Config rule for your entire organization evaluating whether your Amazon Web Services resources comply with your desired configurations.

Only a master account and a delegated administrator can create or update an organization Config rule. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

This API enables organization service access through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. Config verifies the existence of role with GetRole action.

To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegated-administrator for config-multiaccountsetup.amazonaws.com.

You can use this action to create both Config custom rules and Config managed rules. If you are adding a new Config custom rule, you must first create Lambda function in the master account or a delegated administrator that the rule invokes to evaluate your resources. You also need to create an IAM role in the managed-account that can be assumed by the Lambda function. When you use the PutOrganizationConfigRule action to add the rule to Config, you must specify the Amazon Resource Name (ARN) that Lambda assigns to the function. If you are adding an Config managed rule, specify the rule's identifier for the RuleIdentifier key.

The maximum number of organization Config rules that Config supports is 150 and 3 delegated administrator per organization.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

Specify either OrganizationCustomRuleMetadata or OrganizationManagedRuleMetadata.

", - "PutOrganizationConformancePack": "

Deploys conformance packs across member accounts in an Amazon Web Services Organization.

Only a master account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added.

This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.

You can create 50 conformance packs with 25 Config rules in each pack and 3 delegated administrator per organization.

", - "PutRemediationConfigurations": "

Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The API creates the RemediationConfiguration object for the Config rule. The Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.

If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.

This API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.

", + "PutOrganizationConformancePack": "

Deploys conformance packs across member accounts in an Amazon Web Services Organization. For information on how many organization conformance packs and how many Config rules you can have per account, see Service Limits in the Config Developer Guide.

Only a master account and a delegated administrator can call this API. When calling this API with a delegated administrator, you must ensure Organizations ListDelegatedAdministrator permissions are added. An organization can have up to 3 delegated administrators.

This API enables organization service access for config-multiaccountsetup.amazonaws.com through the EnableAWSServiceAccess action and creates a service linked role AWSServiceRoleForConfigMultiAccountSetup in the master or delegated administrator account of your organization. The service linked role is created only when the role does not exist in the caller account. To use this API with delegated administrator, register a delegated administrator by calling Amazon Web Services Organization register-delegate-admin for config-multiaccountsetup.amazonaws.com.

Prerequisite: Ensure you call EnableAllFeatures API to enable all features in an organization.

You must specify either the TemplateS3Uri or the TemplateBody parameter, but not both. If you provide both Config uses the TemplateS3Uri parameter and ignores the TemplateBody parameter.

Config sets the state of a conformance pack to CREATE_IN_PROGRESS and UPDATE_IN_PROGRESS until the conformance pack is created or updated. You cannot update a conformance pack while it is in this state.

", + "PutRemediationConfigurations": "

Adds or updates the remediation configuration with a specific Config rule with the selected target or action. The API creates the RemediationConfiguration object for the Config rule. The Config rule must already exist for you to add a remediation configuration. The target (SSM document) must exist and have permissions to use the target.

If you make backward incompatible changes to the SSM document, you must call this again to ensure the remediations can run.

This API does not support adding remediation configurations for service-linked Config Rules such as Organization Config rules, the rules deployed by conformance packs, and rules deployed by Amazon Web Services Security Hub.

For manual remediation configuration, you need to provide a value for automationAssumeRole or use a value in the assumeRolefield to remediate your resources. The SSM automation document can use either as long as it maps to a valid parameter.

However, for automatic remediation configuration, the only valid assumeRole field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole to remediate your resources.

", "PutRemediationExceptions": "

A remediation exception is when a specific resource is no longer considered for auto-remediation. This API adds a new exception or updates an existing exception for a specific resource with a specific Config rule.

Config generates a remediation exception when a problem occurs executing a remediation action to a specific resource. Remediation exceptions blocks auto-remediation until the exception is cleared.

", "PutResourceConfig": "

Records the configuration state for the resource provided in the request. The configuration state of a resource is represented in Config as Configuration Items. Once this API records the configuration item, you can retrieve the list of configuration items for the custom resource type using existing Config APIs.

The custom resource type must be registered with CloudFormation. This API accepts the configuration item registered with CloudFormation.

When you call this API, Config only stores configuration state of the resource provided in the request. This API does not change or remediate the configuration of the resource.

Write-only schema properites are not recorded as part of the published configuration item.

", "PutRetentionConfiguration": "

Creates and updates the retention configuration with details about retention period (number of days) that Config stores your historical information. The API creates the RetentionConfiguration object and names the object as default. When you have a RetentionConfiguration object named default, calling the API modifies the default object.

Currently, Config supports only one retention configuration per region in your account.

", @@ -2002,12 +2002,12 @@ "MaximumExecutionFrequency": { "base": null, "refs": { - "ConfigRule$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

", + "ConfigRule$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. You can specify a value for MaximumExecutionFrequency when:

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

", "ConfigSnapshotDeliveryProperties$deliveryFrequency": "

The frequency with which Config delivers configuration snapshots.

", "OrganizationCustomPolicyRuleMetadata$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

", "OrganizationCustomPolicyRuleMetadataNoPolicy$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. Your Config Custom Policy rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

", "OrganizationCustomRuleMetadata$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. Your custom rule is triggered when Config delivers the configuration snapshot. For more information, see ConfigSnapshotDeliveryProperties.

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

", - "OrganizationManagedRuleMetadata$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. You are using an Config managed rule that is triggered at a periodic frequency.

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

", + "OrganizationManagedRuleMetadata$MaximumExecutionFrequency": "

The maximum frequency with which Config runs evaluations for a rule. This is for an Config managed rule that is triggered at a periodic frequency.

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

", "SourceDetail$MaximumExecutionFrequency": "

The frequency at which you want Config to run evaluations for a custom rule with a periodic trigger. If you specify a value for MaximumExecutionFrequency, then MessageType must use the ScheduledNotification value.

By default, rules with a periodic trigger are evaluated every 24 hours. To change the frequency, specify a valid value for the MaximumExecutionFrequency parameter.

Based on the valid value you choose, Config runs evaluations once for each valid value. For example, if you choose Three_Hours, Config runs evaluations once every three hours. In this case, Three_Hours is the frequency of this rule.

" } }, @@ -3155,7 +3155,7 @@ "ConfigRuleEvaluationStatus$LastDebugLogDeliveryStatusReason": "

The reason Config was not able to deliver a debug log. This is for the last failed attempt to retrieve a debug log for your Config Custom Policy rules.

", "ConfigStreamDeliveryInfo$lastErrorCode": "

The error code from the last attempted delivery.

", "ConfigStreamDeliveryInfo$lastErrorMessage": "

The error message from the last attempted delivery.

", - "ConfigurationRecorder$roleARN": "

Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.

", + "ConfigurationRecorder$roleARN": "

Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web Services resources associated with the account.

While the API model does not require this field, the server will reject a request without a defined roleARN for the configuration recorder.

", "ConfigurationRecorderStatus$name": "

The name of the configuration recorder.

", "ConfigurationRecorderStatus$lastErrorCode": "

The error code indicating that the recording failed.

", "ConfigurationRecorderStatus$lastErrorMessage": "

The message indicating that the recording failed due to an error.

", @@ -3394,7 +3394,7 @@ "base": null, "refs": { "ConfigurationItem$tags": "

A mapping of key value tags associated with the resource.

", - "PutResourceConfigRequest$Tags": "

Tags associated with the resource.

" + "PutResourceConfigRequest$Tags": "

Tags associated with the resource.

This field is not to be confused with the Amazon Web Services-wide tag feature for Amazon Web Services resources. Tags for PutResourceConfig are tags that you supply for the configuration items of your custom resources.

" } }, "TagsList": { diff --git a/models/apis/models.lex.v2/2020-08-07/api-2.json b/models/apis/models.lex.v2/2020-08-07/api-2.json index 1a2766d3b5a..71de8f65aa2 100644 --- a/models/apis/models.lex.v2/2020-08-07/api-2.json +++ b/models/apis/models.lex.v2/2020-08-07/api-2.json @@ -4130,6 +4130,13 @@ "max":5, "min":1 }, + "MessageSelectionStrategy":{ + "type":"string", + "enum":[ + "Random", + "Ordered" + ] + }, "MessageVariationsList":{ "type":"list", "member":{"shape":"Message"}, @@ -4295,7 +4302,8 @@ "members":{ "messageGroups":{"shape":"MessageGroupsList"}, "maxRetries":{"shape":"PromptMaxRetries"}, - "allowInterrupt":{"shape":"BoxedBoolean"} + "allowInterrupt":{"shape":"BoxedBoolean"}, + "messageSelectionStrategy":{"shape":"MessageSelectionStrategy"} } }, "QueryFilterString":{ diff --git a/models/apis/models.lex.v2/2020-08-07/docs-2.json b/models/apis/models.lex.v2/2020-08-07/docs-2.json index 8b81520a4da..18752f72043 100644 --- a/models/apis/models.lex.v2/2020-08-07/docs-2.json +++ b/models/apis/models.lex.v2/2020-08-07/docs-2.json @@ -421,7 +421,7 @@ } }, "BotRecommendationResults": { - "base": "

The object representing the URL of the bot definition, the URL of the associated transcript and a statistical summary of the bot recommendation results.

", + "base": "

The object representing the URL of the bot definition, the URL of the associated transcript, and a statistical summary of the bot recommendation results.

", "refs": { "DescribeBotRecommendationResponse$botRecommendationResults": "

The object representing the URL of the bot definition, the URL of the associated transcript and a statistical summary of the bot recommendation results.

" } @@ -1353,7 +1353,7 @@ "ExportStatus": { "base": null, "refs": { - "CreateExportResponse$exportStatus": "

The status of the export. When the status is Completed, you can use the DescribeExport operation to get the pre-signed S3 URL link to your exported bot or bot locale.

", + "CreateExportResponse$exportStatus": "

The status of the export. When the status is Completed, you can use the DescribeExport operation to get the pre-signed S3 URL link to your exported bot or bot locale.

", "DeleteExportResponse$exportStatus": "

The current status of the deletion. When the deletion is complete, the export will no longer be returned by the ListExports operation and calls to the DescribeExport operation with the export identifier will fail.

", "DescribeExportResponse$exportStatus": "

The status of the export. When the status is Complete the export archive file is available for download.

", "ExportSummary$exportStatus": "

The status of the export. When the status is Completed the export is ready to download.

", @@ -2192,6 +2192,12 @@ "StillWaitingResponseSpecification$messageGroups": "

One or more message groups, each containing one or more messages, that define the prompts that Amazon Lex sends to the user.

" } }, + "MessageSelectionStrategy": { + "base": null, + "refs": { + "PromptSpecification$messageSelectionStrategy": "

Indicates how a message is selected from a message group among retries.

" + } + }, "MessageVariationsList": { "base": null, "refs": { @@ -3124,7 +3130,7 @@ "Transcript": { "base": null, "refs": { - "AssociatedTranscript$transcript": "

The content of the transcript that meets the search filter criteria. For the JSON format of the transcript, see Output transcript format.

" + "AssociatedTranscript$transcript": "

The content of the transcript that meets the search filter criteria. For the JSON format of the transcript, see Output transcript format.

" } }, "TranscriptFilter": { diff --git a/models/apis/quicksight/2018-04-01/api-2.json b/models/apis/quicksight/2018-04-01/api-2.json index 62fb936e1c3..7e5713a4d97 100644 --- a/models/apis/quicksight/2018-04-01/api-2.json +++ b/models/apis/quicksight/2018-04-01/api-2.json @@ -47,6 +47,26 @@ {"shape":"ResourceUnavailableException"} ] }, + "CreateAccountSubscription":{ + "name":"CreateAccountSubscription", + "http":{ + "method":"POST", + "requestUri":"/account/{AwsAccountId}" + }, + "input":{"shape":"CreateAccountSubscriptionRequest"}, + "output":{"shape":"CreateAccountSubscriptionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceExistsException"}, + {"shape":"PreconditionNotMetException"}, + {"shape":"ConflictException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceUnavailableException"} + ] + }, "CreateAnalysis":{ "name":"CreateAnalysis", "http":{ @@ -664,6 +684,23 @@ {"shape":"ResourceUnavailableException"} ] }, + "DescribeAccountSubscription":{ + "name":"DescribeAccountSubscription", + "http":{ + "method":"GET", + "requestUri":"/account/{AwsAccountId}" + }, + "input":{"shape":"DescribeAccountSubscriptionRequest"}, + "output":{"shape":"DescribeAccountSubscriptionResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalFailureException"}, + {"shape":"ResourceUnavailableException"} + ] + }, "DescribeAnalysis":{ "name":"DescribeAnalysis", "http":{ @@ -2116,6 +2153,16 @@ "DefaultEmailCustomizationTemplate":{"shape":"Arn"} } }, + "AccountInfo":{ + "type":"structure", + "members":{ + "AccountName":{"shape":"String"}, + "Edition":{"shape":"Edition"}, + "NotificationEmail":{"shape":"String"}, + "AuthenticationType":{"shape":"String"}, + "AccountSubscriptionStatus":{"shape":"String"} + } + }, "AccountSettings":{ "type":"structure", "members":{ @@ -2331,6 +2378,14 @@ "Database":{"shape":"Database"} } }, + "AuthenticationMethodOption":{ + "type":"string", + "enum":[ + "IAM_AND_QUICKSIGHT", + "IAM_ONLY", + "ACTIVE_DIRECTORY" + ] + }, "AwsAccountId":{ "type":"string", "max":12, @@ -2631,6 +2686,48 @@ } } }, + "CreateAccountSubscriptionRequest":{ + "type":"structure", + "required":[ + "Edition", + "AuthenticationMethod", + "AwsAccountId", + "AccountName", + "NotificationEmail" + ], + "members":{ + "Edition":{"shape":"Edition"}, + "AuthenticationMethod":{"shape":"AuthenticationMethodOption"}, + "AwsAccountId":{ + "shape":"AwsAccountId", + "location":"uri", + "locationName":"AwsAccountId" + }, + "AccountName":{"shape":"String"}, + "NotificationEmail":{"shape":"String"}, + "ActiveDirectoryName":{"shape":"String"}, + "Realm":{"shape":"String"}, + "DirectoryId":{"shape":"String"}, + "AdminGroup":{"shape":"GroupsList"}, + "AuthorGroup":{"shape":"GroupsList"}, + "ReaderGroup":{"shape":"GroupsList"}, + "FirstName":{"shape":"String"}, + "LastName":{"shape":"String"}, + "EmailAddress":{"shape":"String"}, + "ContactNumber":{"shape":"String"} + } + }, + "CreateAccountSubscriptionResponse":{ + "type":"structure", + "members":{ + "SignupResponse":{"shape":"SignupResponse"}, + "Status":{ + "shape":"StatusCode", + "location":"statusCode" + }, + "RequestId":{"shape":"String"} + } + }, "CreateAnalysisRequest":{ "type":"structure", "required":[ @@ -4314,6 +4411,28 @@ } } }, + "DescribeAccountSubscriptionRequest":{ + "type":"structure", + "required":["AwsAccountId"], + "members":{ + "AwsAccountId":{ + "shape":"AwsAccountId", + "location":"uri", + "locationName":"AwsAccountId" + } + } + }, + "DescribeAccountSubscriptionResponse":{ + "type":"structure", + "members":{ + "AccountInfo":{"shape":"AccountInfo"}, + "Status":{ + "shape":"StatusCode", + "location":"statusCode" + }, + "RequestId":{"shape":"String"} + } + }, "DescribeAnalysisPermissionsRequest":{ "type":"structure", "required":[ @@ -5146,7 +5265,8 @@ "type":"string", "enum":[ "STANDARD", - "ENTERPRISE" + "ENTERPRISE", + "ENTERPRISE_AND_Q" ] }, "EmbeddingIdentityType":{ @@ -5346,7 +5466,8 @@ "Namespace":{"shape":"Namespace"}, "SessionTags":{"shape":"SessionTagList"}, "AuthorizedResourceArns":{"shape":"ArnList"}, - "ExperienceConfiguration":{"shape":"AnonymousUserEmbeddingExperienceConfiguration"} + "ExperienceConfiguration":{"shape":"AnonymousUserEmbeddingExperienceConfiguration"}, + "AllowedDomains":{"shape":"StringList"} } }, "GenerateEmbedUrlForAnonymousUserResponse":{ @@ -5380,7 +5501,8 @@ }, "SessionLifetimeInMinutes":{"shape":"SessionLifetimeInMinutes"}, "UserArn":{"shape":"Arn"}, - "ExperienceConfiguration":{"shape":"RegisteredUserEmbeddingExperienceConfiguration"} + "ExperienceConfiguration":{"shape":"RegisteredUserEmbeddingExperienceConfiguration"}, + "AllowedDomains":{"shape":"StringList"} } }, "GenerateEmbedUrlForRegisteredUserResponse":{ @@ -5603,6 +5725,10 @@ "max":1, "min":1 }, + "GroupsList":{ + "type":"list", + "member":{"shape":"String"} + }, "GutterStyle":{ "type":"structure", "members":{ @@ -7713,6 +7839,15 @@ "TileLayout":{"shape":"TileLayoutStyle"} } }, + "SignupResponse":{ + "type":"structure", + "members":{ + "IAMUser":{"shape":"Boolean"}, + "userLoginName":{"shape":"String"}, + "accountName":{"shape":"String"}, + "directoryType":{"shape":"String"} + } + }, "SiteBaseUrl":{ "type":"string", "max":1024, diff --git a/models/apis/quicksight/2018-04-01/docs-2.json b/models/apis/quicksight/2018-04-01/docs-2.json index 8cb0caef0b6..54cb18d0265 100644 --- a/models/apis/quicksight/2018-04-01/docs-2.json +++ b/models/apis/quicksight/2018-04-01/docs-2.json @@ -3,7 +3,8 @@ "service": "Amazon QuickSight API Reference

Amazon QuickSight is a fully managed, serverless business intelligence service for the Amazon Web Services Cloud that makes it easy to extend data and insights to every user in your organization. This API reference contains documentation for a programming interface that you can use to manage Amazon QuickSight.

", "operations": { "CancelIngestion": "

Cancels an ongoing ingestion of data into SPICE.

", - "CreateAccountCustomization": "

Creates Amazon QuickSight customizations the current Amazon Web Services Region. Currently, you can add a custom default theme by using the CreateAccountCustomization or UpdateAccountCustomization API operation. To further customize Amazon QuickSight by removing Amazon QuickSight sample assets and videos for all new users, see Customizing Amazon QuickSight in the Amazon QuickSight User Guide.

You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a QuickSight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

Before you use the CreateAccountCustomization API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the DescribeThemePermissions API operation. To share the theme, grant permissions by using the UpdateThemePermissions API operation.

", + "CreateAccountCustomization": "

Creates Amazon QuickSight customizations for the current Amazon Web Services Region. Currently, you can add a custom default theme by using the CreateAccountCustomization or UpdateAccountCustomization API operation. To further customize Amazon QuickSight by removing Amazon QuickSight sample assets and videos for all new users, see Customizing Amazon QuickSight in the Amazon QuickSight User Guide.

You can create customizations for your Amazon Web Services account or, if you specify a namespace, for a QuickSight namespace instead. Customizations that apply to a namespace always override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

Before you use the CreateAccountCustomization API operation to add a theme as the namespace default, make sure that you first share the theme with the namespace. If you don't share it with the namespace, the theme isn't visible to your users even if you make it the default theme. To check if the theme is shared, view the current permissions by using the DescribeThemePermissions API operation. To share the theme, grant permissions by using the UpdateThemePermissions API operation.

", + "CreateAccountSubscription": "

Creates an Amazon QuickSight account, or subscribes to Amazon QuickSight Q.

The Amazon Web Services Region for the account is derived from what is configured in the CLI or SDK. This operation isn't supported in the US East (Ohio) Region, South America (Sao Paulo) Region, or Asia Pacific (Singapore) Region.

Before you use this operation, make sure that you can connect to an existing Amazon Web Services account. If you don't have an Amazon Web Services account, see Sign up for Amazon Web Services in the Amazon QuickSight User Guide. The person who signs up for Amazon QuickSight needs to have the correct Identity and Access Management (IAM) permissions. For more information, see IAM Policy Examples for Amazon QuickSight in the Amazon QuickSight User Guide.

If your IAM policy includes both the Subscribe and CreateAccountSubscription actions, make sure that both actions are set to Allow. If either action is set to Deny, the Deny action prevails and your API call fails.

You can't pass an existing IAM role to access other Amazon Web Services services using this API operation. To pass your existing IAM role to Amazon QuickSight, see Passing IAM roles to Amazon QuickSight in the Amazon QuickSight User Guide.

You can't set default resource access on the new account from the Amazon QuickSight API. Instead, add default resource access from the Amazon QuickSight console. For more information about setting default resource access to Amazon Web Services services, see Setting default resource access to Amazon Web Services services in the Amazon QuickSight User Guide.

", "CreateAnalysis": "

Creates an analysis in Amazon QuickSight.

", "CreateDashboard": "

Creates a dashboard from a template. To first create a template, see the CreateTemplate API operation.

A dashboard is an entity in Amazon QuickSight that identifies Amazon QuickSight reports, created from analyses. You can share Amazon QuickSight dashboards. With the right permissions, you can create scheduled email reports from them. If you have the correct permissions, you can create a dashboard from a template that exists in a different Amazon Web Services account.

", "CreateDataSet": "

Creates a dataset. This operation doesn't support datasets that include uploaded files as a source.

", @@ -38,6 +39,7 @@ "DeleteUserByPrincipalId": "

Deletes a user identified by its principal ID.

", "DescribeAccountCustomization": "

Describes the customizations associated with the provided Amazon Web Services account and Amazon Amazon QuickSight namespace in an Amazon Web Services Region. The Amazon QuickSight console evaluates which customizations to apply by running this API operation with the Resolved flag included.

To determine what customizations display when you run this command, it can help to visualize the relationship of the entities involved.

", "DescribeAccountSettings": "

Describes the settings that were used when your Amazon QuickSight subscription was first created in this Amazon Web Services account.

", + "DescribeAccountSubscription": "

Use the DescribeAccountSubscription operation to receive a description of a Amazon QuickSight account's subscription. A successful API call returns an AccountInfo object that includes an account's name, subscription status, authentication type, edition, and notification email address.

", "DescribeAnalysis": "

Provides a summary of the metadata for an analysis.

", "DescribeAnalysisPermissions": "

Provides the read and write permissions for an analysis.

", "DescribeDashboard": "

Provides a summary for a dashboard.

", @@ -62,9 +64,9 @@ "DescribeThemeAlias": "

Describes the alias for a theme.

", "DescribeThemePermissions": "

Describes the read and write permissions for a theme.

", "DescribeUser": "

Returns information about a user, given the user name.

", - "GenerateEmbedUrlForAnonymousUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", + "GenerateEmbedUrlForAnonymousUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight dashboard in your website, without having to register any reader users. Before you use this action, make sure that you have configured the dashboards and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", "GenerateEmbedUrlForRegisteredUser": "

Generates an embed URL that you can use to embed an Amazon QuickSight experience in your website. This action can be used for any type of user registered in an Amazon QuickSight account. Before you use this action, make sure that you have configured the relevant Amazon QuickSight resource and permissions.

The following rules apply to the generated URL:

For more information, see Embedded Analytics in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", - "GetDashboardEmbedUrl": "

Generates a session URL and authorization code that you can use to embed an Amazon Amazon QuickSight read-only dashboard in your web server code. Before you use this command, make sure that you have configured the dashboards and permissions.

Currently, you can use GetDashboardEmbedURL only from the server, not from the user's browser. The following rules apply to the combination of URL and authorization code:

For more information, see Embedding Analytics Using GetDashboardEmbedUrl in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", + "GetDashboardEmbedUrl": "

Generates a temporary session URL and authorization code that you can use to embed an Amazon QuickSight read-only dashboard in your website or application. Before you use this command, make sure that you have configured the dashboards and permissions.

Currently, you can use GetDashboardEmbedURL only from the server, not from the user's browser. The following rules apply to the generated URL:

For more information, see Embedding Analytics Using GetDashboardEmbedUrl in the Amazon QuickSight User Guide.

For more information about the high-level steps for embedding and for an interactive demo of the ways you can customize embedding, visit the Amazon QuickSight Developer Portal.

", "GetSessionEmbedUrl": "

Generates a session URL and authorization code that you can use to embed the Amazon Amazon QuickSight console in your web server code. Use GetSessionEmbedUrl where you want to provide an authoring portal that allows users to create data sources, datasets, analyses, and dashboards. The users who access an embedded Amazon QuickSight console need belong to the author or admin security cohort. If you want to restrict permissions to some of these features, add a custom permissions profile to the user with the UpdateUser API operation. Use RegisterUser API operation to add a new user with a custom permission profile attached. For more information, see the following sections in the Amazon QuickSight User Guide:

", "ListAnalyses": "

Lists Amazon QuickSight analyses that exist in the specified Amazon Web Services account.

", "ListDashboardVersions": "

Lists all the versions of the dashboards in the Amazon QuickSight subscription.

", @@ -96,7 +98,7 @@ "SearchGroups": "

Use the SearchGroups operation to search groups in a specified Amazon QuickSight namespace using the supplied filters.

", "TagResource": "

Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the TagResource operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.

You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, and template.

Tagging for Amazon QuickSight works in a similar way to tagging for other Amazon Web Services services, except for the following:

", "UntagResource": "

Removes a tag or tags from a resource.

", - "UpdateAccountCustomization": "

Updates Amazon QuickSight customizations the current Amazon Web Services Region. Currently, the only customization you can use is a theme.

You can use customizations for your Amazon Web Services account or, if you specify a namespace, for a Amazon QuickSight namespace instead. Customizations that apply to a namespace override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

", + "UpdateAccountCustomization": "

Updates Amazon QuickSight customizations for the current Amazon Web Services Region. Currently, the only customization that you can use is a theme.

You can use customizations for your Amazon Web Services account or, if you specify a namespace, for a Amazon QuickSight namespace instead. Customizations that apply to a namespace override customizations that apply to an Amazon Web Services account. To find out which customizations apply, use the DescribeAccountCustomization API operation.

", "UpdateAccountSettings": "

Updates the Amazon QuickSight settings in your Amazon Web Services account.

", "UpdateAnalysis": "

Updates an analysis in Amazon QuickSight

", "UpdateAnalysisPermissions": "

Updates the read and write permissions for an analysis.

", @@ -112,7 +114,7 @@ "UpdateGroup": "

Changes a group description.

", "UpdateIAMPolicyAssignment": "

Updates an existing IAM policy assignment. This operation updates only the optional parameter or parameters that are specified in the request. This overwrites all of the users included in Identities.

", "UpdateIpRestriction": "

Updates the content and status of IP rules. To use this operation, you need to provide the entire map of rules. You can use the DescribeIpRestriction operation to get the current rule map.

", - "UpdatePublicSharingSettings": "

Use the UpdatePublicSharingSettings operation to enable or disable the public sharing settings of an Amazon QuickSight dashboard.

To use this operation, enable session capacity pricing on your Amazon QuickSight account.

Before you can enable public sharing on your account, you need to allow public sharing permissions to an administrative user in the IAM console. For more information on using IAM with Amazon QuickSight, see Using Amazon QuickSight with IAM.

", + "UpdatePublicSharingSettings": "

Use the UpdatePublicSharingSettings operation to turn on or turn off the public sharing settings of an Amazon QuickSight dashboard.

To use this operation, turn on session capacity pricing for your Amazon QuickSight account.

Before you can turn on public sharing on your account, make sure to give public sharing permissions to an administrative user in the Identity and Access Management (IAM) console. For more information on using IAM with Amazon QuickSight, see Using Amazon QuickSight with IAM in the Amazon QuickSight User Guide.

", "UpdateTemplate": "

Updates a template from an existing Amazon QuickSight analysis or another template.

", "UpdateTemplateAlias": "

Updates the template alias of a template.

", "UpdateTemplatePermissions": "

Updates the resource permissions for a template.

", @@ -137,10 +139,16 @@ "UpdateAccountCustomizationResponse$AccountCustomization": "

The Amazon QuickSight customizations you're updating in the current Amazon Web Services Region.

" } }, + "AccountInfo": { + "base": "

A structure that contains the following account information elements:

", + "refs": { + "DescribeAccountSubscriptionResponse$AccountInfo": "

A structure that contains the following elements:

" + } + }, "AccountSettings": { "base": "

The Amazon QuickSight settings associated with your Amazon Web Services account.

", "refs": { - "DescribeAccountSettingsResponse$AccountSettings": "

The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription. In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.

" + "DescribeAccountSettingsResponse$AccountSettings": "

The Amazon QuickSight settings for this Amazon Web Services account. This information includes the edition of Amazon Amazon QuickSight that you subscribed to (Standard or Enterprise) and the notification email for the Amazon QuickSight subscription.

In the QuickSight console, the Amazon QuickSight subscription is sometimes referred to as a QuickSight \"account\" even though it's technically not an account by itself. Instead, it's a subscription to the Amazon QuickSight service for your Amazon Web Services account. The edition that you subscribe to applies to Amazon QuickSight in every Amazon Web Services Region where you use it.

" } }, "ActionList": { @@ -162,7 +170,7 @@ } }, "AdHocFilteringOption": { - "base": "

Ad hoc (one-time) filtering option.

", + "base": "

An ad hoc (one-time) filtering option.

", "refs": { "DashboardPublishOptions$AdHocFilteringOption": "

Ad hoc (one-time) filtering option.

" } @@ -170,7 +178,7 @@ "AdditionalDashboardIdList": { "base": null, "refs": { - "GetDashboardEmbedUrlRequest$AdditionalDashboardIds": "

A list of one or more dashboard IDs that you want to add to a session that includes anonymous users. The IdentityType parameter must be set to ANONYMOUS for this to work, because other identity types authenticate as Amazon QuickSight or IAM users. For example, if you set \"--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS\", the session can access all three dashboards.

" + "GetDashboardEmbedUrlRequest$AdditionalDashboardIds": "

A list of one or more dashboard IDs that you want anonymous users to have tempporary access to. Currently, the IdentityType parameter must be set to ANONYMOUS because other identity types authenticate as Amazon QuickSight or IAM users. For example, if you set \"--dashboard-id dash_id1 --dashboard-id dash_id2 dash_id3 identity-type ANONYMOUS\", the session can access all three dashboards.

" } }, "AliasName": { @@ -291,7 +299,7 @@ "AnonymousUserEmbeddingExperienceConfiguration": { "base": "

The type of experience you want to embed. For anonymous users, you can embed Amazon QuickSight dashboards.

", "refs": { - "GenerateEmbedUrlForAnonymousUserRequest$ExperienceConfiguration": "

The configuration of the experience you are embedding.

" + "GenerateEmbedUrlForAnonymousUserRequest$ExperienceConfiguration": "

The configuration of the experience that you are embedding.

" } }, "Arn": { @@ -421,7 +429,7 @@ "ArnList": { "base": null, "refs": { - "GenerateEmbedUrlForAnonymousUserRequest$AuthorizedResourceArns": "

The Amazon Resource Names for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session. If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view. Currently, you can pass up to 25 dashboard ARNs in each API call.

" + "GenerateEmbedUrlForAnonymousUserRequest$AuthorizedResourceArns": "

The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that the user is authorized to access during the lifetime of the session. If you choose Dashboard embedding experience, pass the list of dashboard ARNs in the account that you want the user to be able to view. Currently, you can pass up to 25 dashboard ARNs in each API call.

" } }, "AssignmentStatus": { @@ -454,12 +462,19 @@ "DataSourceParameters$AuroraPostgreSqlParameters": "

The parameters for Amazon Aurora.

" } }, + "AuthenticationMethodOption": { + "base": null, + "refs": { + "CreateAccountSubscriptionRequest$AuthenticationMethod": "

The method that you want to use to authenticate your Amazon QuickSight account. Currently, the valid values for this parameter are IAM_AND_QUICKSIGHT, IAM_ONLY, and ACTIVE_DIRECTORY.

If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup associated with your Active Directory.

" + } + }, "AwsAccountId": { "base": null, "refs": { "CancelIngestionRequest$AwsAccountId": "

The Amazon Web Services account ID.

", "CreateAccountCustomizationRequest$AwsAccountId": "

The ID for the Amazon Web Services account that you want to customize Amazon QuickSight for.

", "CreateAccountCustomizationResponse$AwsAccountId": "

The ID for the Amazon Web Services account that you want to customize Amazon QuickSight for.

", + "CreateAccountSubscriptionRequest$AwsAccountId": "

The Amazon Web Services account ID of the account that you're using to create your Amazon QuickSight account.

", "CreateAnalysisRequest$AwsAccountId": "

The ID of the Amazon Web Services account where you are creating an analysis.

", "CreateDashboardRequest$AwsAccountId": "

The ID of the Amazon Web Services account where you want to create the dashboard.

", "CreateDataSetRequest$AwsAccountId": "

The Amazon Web Services account ID.

", @@ -495,6 +510,7 @@ "DescribeAccountCustomizationRequest$AwsAccountId": "

The ID for the Amazon Web Services account that you want to describe Amazon QuickSight customizations for.

", "DescribeAccountCustomizationResponse$AwsAccountId": "

The ID for the Amazon Web Services account that you're describing.

", "DescribeAccountSettingsRequest$AwsAccountId": "

The ID for the Amazon Web Services account that contains the settings that you want to list.

", + "DescribeAccountSubscriptionRequest$AwsAccountId": "

The Amazon Web Services account ID associated with your Amazon QuickSight account.

", "DescribeAnalysisPermissionsRequest$AwsAccountId": "

The ID of the Amazon Web Services account that contains the analysis whose permissions you're describing. You must be using the Amazon Web Services account that the analysis is in.

", "DescribeAnalysisRequest$AwsAccountId": "

The ID of the Amazon Web Services account that contains the analysis. You must be using the Amazon Web Services account that the analysis is in.

", "DescribeDashboardPermissionsRequest$AwsAccountId": "

The ID of the Amazon Web Services account that contains the dashboard that you're describing permissions for.

", @@ -594,7 +610,7 @@ "Boolean": { "base": null, "refs": { - "AccountSettings$PublicSharingEnabled": "

A boolean that indicates whether or not public sharing is enabled on an Amazon QuickSight account. For more information about enabling public sharing, see UpdatePublicSharingSettings.

", + "AccountSettings$PublicSharingEnabled": "

A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account. For more information about turning on public sharing, see UpdatePublicSharingSettings.

", "DataSetSummary$RowLevelPermissionTagConfigurationApplied": "

Whether or not the row level permission tags are applied.

", "DataSetSummary$ColumnLevelPermissionRulesApplied": "

A value that indicates if the dataset has column level permission configured.

", "DataSetUsageConfiguration$DisableUseAsDirectQuerySource": "

An option that controls whether a child dataset of a direct query can use this dataset as a source.

", @@ -603,8 +619,9 @@ "GetDashboardEmbedUrlRequest$ResetDisabled": "

Remove the reset button on the embedded dashboard. The default is FALSE, which enables the reset button.

", "GetDashboardEmbedUrlRequest$StatePersistenceEnabled": "

Adds persistence of state for the user session in an embedded dashboard. Persistence applies to the sheet and the parameter settings. These are control settings that the dashboard subscriber (Amazon QuickSight reader) chooses while viewing the dashboard. If this is set to TRUE, the settings are the same when the subscriber reopens the same dashboard URL. The state is stored in Amazon QuickSight, not in a browser cookie. If this is set to FALSE, the state of the user session is not persisted. The default is FALSE.

", "JoinKeyProperties$UniqueKey": "

A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Amazon QuickSight to optimize query performance.

", + "SignupResponse$IAMUser": "

A Boolean that is TRUE if the Amazon QuickSight uses IAM as an authentication method.

", "SslProperties$DisableSsl": "

A Boolean option to control whether SSL should be disabled.

", - "UpdatePublicSharingSettingsRequest$PublicSharingEnabled": "

A boolean that indicates whether or not public sharing is enabled on a Amazon QuickSight account.

", + "UpdatePublicSharingSettingsRequest$PublicSharingEnabled": "

A Boolean value that indicates whether public sharing is turned on for an Amazon QuickSight account.

", "UpdateUserRequest$UnapplyCustomPermissions": "

A flag that you use to indicate that you want to remove all custom permissions from this user. Using this parameter resets the user to the state it was in before a custom permissions profile was applied. This parameter defaults to NULL and it doesn't accept any other value.

", "UploadSettings$ContainsHeader": "

Whether the file has a header row, or the files each have a header row.

", "User$Active": "

The active status of user. When you create an Amazon QuickSight user that’s not an IAM user or an Active Directory user, that user is inactive until they sign in and provide a password.

" @@ -841,6 +858,16 @@ "refs": { } }, + "CreateAccountSubscriptionRequest": { + "base": null, + "refs": { + } + }, + "CreateAccountSubscriptionResponse": { + "base": null, + "refs": { + } + }, "CreateAnalysisRequest": { "base": null, "refs": { @@ -1507,6 +1534,16 @@ "refs": { } }, + "DescribeAccountSubscriptionRequest": { + "base": null, + "refs": { + } + }, + "DescribeAccountSubscriptionResponse": { + "base": null, + "refs": { + } + }, "DescribeAnalysisPermissionsRequest": { "base": null, "refs": { @@ -1774,7 +1811,9 @@ "Edition": { "base": null, "refs": { - "AccountSettings$Edition": "

The edition of Amazon QuickSight that you're currently subscribed to: Enterprise edition or Standard edition.

" + "AccountInfo$Edition": "

The edition of your Amazon QuickSight account.

", + "AccountSettings$Edition": "

The edition of Amazon QuickSight that you're currently subscribed to: Enterprise edition or Standard edition.

", + "CreateAccountSubscriptionRequest$Edition": "

The edition of Amazon QuickSight that you want your account to have. Currently, you can choose from ENTERPRISE or ENTERPRISE_AND_Q.

If you choose ENTERPRISE_AND_Q, the following parameters are required:

" } }, "EmbeddingIdentityType": { @@ -2100,6 +2139,14 @@ "SearchGroupsRequest$Filters": "

The structure for the search filters that you want to apply to your search.

" } }, + "GroupsList": { + "base": null, + "refs": { + "CreateAccountSubscriptionRequest$AdminGroup": "

The admin group associated with your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

", + "CreateAccountSubscriptionRequest$AuthorGroup": "

The author group associated with your Active Directory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

", + "CreateAccountSubscriptionRequest$ReaderGroup": "

The reader group associated with your Active Direcrtory. For more information about using Active Directory in Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise Edition in the Amazon QuickSight User Guide.

" + } + }, "GutterStyle": { "base": "

The display options for gutter spacing between tiles on a sheet.

", "refs": { @@ -2764,7 +2811,7 @@ "SearchGroupsRequest$Namespace": "

The namespace that you want to search.

", "UpdateAccountCustomizationRequest$Namespace": "

The namespace that you want to update Amazon QuickSight customizations for.

", "UpdateAccountCustomizationResponse$Namespace": "

The namespace associated with the customization that you're updating.

", - "UpdateAccountSettingsRequest$DefaultNamespace": "

The default namespace for this Amazon Web Services account. Currently, the default is default. Identity and Access Management (IAM) users that register for the first time with Amazon QuickSight provide an email that becomes associated with the default namespace.

", + "UpdateAccountSettingsRequest$DefaultNamespace": "

The default namespace for this Amazon Web Services account. Currently, the default is default. Identity and Access Management (IAM) users that register for the first time with Amazon QuickSight provide an email address that becomes associated with the default namespace.

", "UpdateGroupRequest$Namespace": "

The namespace of the group that you want to update.

", "UpdateIAMPolicyAssignmentRequest$Namespace": "

The namespace of the assignment.

", "UpdateUserRequest$Namespace": "

The namespace. Currently, you should set this to default.

" @@ -3020,7 +3067,7 @@ "RegisteredUserQSearchBarEmbeddingConfiguration": { "base": "

Information about the Q search bar embedding experience.

", "refs": { - "RegisteredUserEmbeddingExperienceConfiguration$QSearchBar": "

The configuration details for embedding the Q search bar.

For more information about embedding the Q search bar, see Embedding Overview.

" + "RegisteredUserEmbeddingExperienceConfiguration$QSearchBar": "

The configuration details for embedding the Q search bar.

For more information about embedding the Q search bar, see Embedding Overview in the Amazon QuickSight User Guide.

" } }, "RegisteredUserQuickSightConsoleEmbeddingConfiguration": { @@ -3466,7 +3513,7 @@ "SessionTagList": { "base": null, "refs": { - "GenerateEmbedUrlForAnonymousUserRequest$SessionTags": "

The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tags.

" + "GenerateEmbedUrlForAnonymousUserRequest$SessionTags": "

The session tags used for row-level security. Before you use this parameter, make sure that you have configured the relevant datasets using the DataSet$RowLevelPermissionTagConfiguration parameter so that session tags can be used to provide row-level security.

These are not the tags used for the Amazon Web Services resource tagging feature. For more information, see Using Row-Level Security (RLS) with Tagsin the Amazon QuickSight User Guide.

" } }, "SessionTagValue": { @@ -3502,6 +3549,12 @@ "ThemeConfiguration$Sheet": "

Display options related to sheets.

" } }, + "SignupResponse": { + "base": "

A SignupResponse object that contains a summary of a newly created account.

", + "refs": { + "CreateAccountSubscriptionResponse$SignupResponse": "

A SignupResponse object that returns information about a newly created Amazon QuickSight account.

" + } + }, "SiteBaseUrl": { "base": null, "refs": { @@ -3553,6 +3606,7 @@ "refs": { "CancelIngestionResponse$Status": "

The HTTP status of the request.

", "CreateAccountCustomizationResponse$Status": "

The HTTP status of the request.

", + "CreateAccountSubscriptionResponse$Status": "

The HTTP status of the request.

", "CreateAnalysisResponse$Status": "

The HTTP status of the request.

", "CreateDashboardResponse$Status": "

The HTTP status of the request.

", "CreateDataSetResponse$Status": "

The HTTP status of the request.

", @@ -3587,6 +3641,7 @@ "DeleteUserResponse$Status": "

The HTTP status of the request.

", "DescribeAccountCustomizationResponse$Status": "

The HTTP status of the request.

", "DescribeAccountSettingsResponse$Status": "

The HTTP status of the request.

", + "DescribeAccountSubscriptionResponse$Status": "

The HTTP status of the request.

", "DescribeAnalysisPermissionsResponse$Status": "

The HTTP status of the request.

", "DescribeAnalysisResponse$Status": "

The HTTP status of the request.

", "DescribeDashboardPermissionsResponse$Status": "

The HTTP status of the request.

", @@ -3676,6 +3731,10 @@ "refs": { "AccessDeniedException$Message": null, "AccessDeniedException$RequestId": "

The Amazon Web Services request ID for this request.

", + "AccountInfo$AccountName": "

The account name that you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It's unique over all of Amazon Web Services, and it appears only when users sign in.

", + "AccountInfo$NotificationEmail": "

The email address that will be used for Amazon QuickSight to send notifications regarding your Amazon Web Services account or Amazon QuickSight subscription.

", + "AccountInfo$AuthenticationType": "

The way that your Amazon QuickSight account is authenticated.

", + "AccountInfo$AccountSubscriptionStatus": "

The status of your account subscription.

", "AccountSettings$AccountName": "

The \"account name\" you provided for the Amazon QuickSight subscription in your Amazon Web Services account. You create this name when you sign up for Amazon QuickSight. It is unique in all of Amazon Web Services and it appears only when users sign in.

", "AccountSettings$NotificationEmail": "

The main notification email for your Amazon QuickSight subscription.

", "ActionList$member": null, @@ -3693,6 +3752,16 @@ "ConflictException$Message": null, "ConflictException$RequestId": "

The Amazon Web Services request ID for this request.

", "CreateAccountCustomizationResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", + "CreateAccountSubscriptionRequest$AccountName": "

The name of your Amazon QuickSight account. This name is unique over all of Amazon Web Services, and it appears only when users sign in. You can't change AccountName value after the Amazon QuickSight account is created.

", + "CreateAccountSubscriptionRequest$NotificationEmail": "

The email address that you want Amazon QuickSight to send notifications to regarding your Amazon QuickSight account or Amazon QuickSight subscription.

", + "CreateAccountSubscriptionRequest$ActiveDirectoryName": "

The name of your Active Directory. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$Realm": "

The realm of the Active Directory that is associated with your Amazon QuickSight account. This field is required if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$DirectoryId": "

The ID of the Active Directory that is associated with your Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$FirstName": "

The first name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$LastName": "

The last name of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$EmailAddress": "

The email address of the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionRequest$ContactNumber": "

A 10-digit phone number for the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q is the selected edition of the new Amazon QuickSight account.

", + "CreateAccountSubscriptionResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "CreateAnalysisResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "CreateDashboardResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "CreateDataSetResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", @@ -3734,6 +3803,7 @@ "DeleteUserResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "DescribeAccountCustomizationResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "DescribeAccountSettingsResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", + "DescribeAccountSubscriptionResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "DescribeAnalysisPermissionsResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "DescribeAnalysisResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "DescribeDashboardPermissionsResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", @@ -3770,6 +3840,7 @@ "GetSessionEmbedUrlResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "Group$PrincipalId": "

The principal ID of the group.

", "GroupSearchFilter$Value": "

The value of the named item, in this case GROUP_NAME, that you want to use as a filter.

", + "GroupsList$member": null, "IAMPolicyAssignment$AssignmentId": "

Assignment ID.

", "IdentityMap$key": null, "IdentityTypeNotSupportedException$Message": null, @@ -3886,6 +3957,9 @@ "SearchGroupsResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "SessionLifetimeInMinutesInvalidException$Message": null, "SessionLifetimeInMinutesInvalidException$RequestId": "

The Amazon Web Services request ID for this request.

", + "SignupResponse$userLoginName": "

The user login name for your Amazon QuickSight account.

", + "SignupResponse$accountName": "

The name of your Amazon QuickSight account.

", + "SignupResponse$directoryType": "

The type of Active Directory that is being used to authenticate the Amazon QuickSight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD.

", "StringList$member": null, "TagResourceResponse$RequestId": "

The Amazon Web Services request ID for this operation.

", "ThrottlingException$Message": null, @@ -3935,6 +4009,8 @@ "StringList": { "base": null, "refs": { + "GenerateEmbedUrlForAnonymousUserRequest$AllowedDomains": "

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.

", + "GenerateEmbedUrlForRegisteredUserRequest$AllowedDomains": "

The domains that you want to add to the allow list for access to the generated URL that is then embedded. This optional parameter overrides the static domains that are configured in the Manage QuickSight menu in the Amazon QuickSight console and instead allows only the domains that you include in this parameter. You can list up to three domains or subdomains in each API call.

To include a subdomain, use * to include all subdomains under a specific domain to the allow list. For example, https://*.sapp.amazon.com, includes all subdomains under https://sapp.amazon.com.

", "StringParameter$Values": "

The values of a string parameter.

" } }, diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index 8114d842439..b71f11e0f03 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -8,28 +8,28 @@ "AddTagsToResource": "

Adds metadata tags to an Amazon RDS resource. These tags can also be used with cost allocation reporting to track cost associated with Amazon RDS resources, or used in a Condition statement in an IAM policy for Amazon RDS.

For an overview on tagging Amazon RDS resources, see Tagging Amazon RDS Resources.

", "ApplyPendingMaintenanceAction": "

Applies a pending maintenance action to a resource (for example, to a DB instance).

", "AuthorizeDBSecurityGroupIngress": "

Enables ingress to a DBSecurityGroup using one of two forms of authorization. First, EC2 or VPC security groups can be added to the DBSecurityGroup if the application using the database is running on EC2 or VPC instances. Second, IP ranges are available if the application accessing your database is running on the internet. Required parameters for this API are one of CIDR range, EC2SecurityGroupId for VPC, or (EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId for non-VPC).

You can't authorize ingress from an EC2 security group in one Amazon Web Services Region to an Amazon RDS DB instance in another. You can't authorize ingress from a VPC security group in one VPC to an Amazon RDS DB instance in another.

For an overview of CIDR ranges, go to the Wikipedia Tutorial.

", - "BacktrackDBCluster": "

Backtracks a DB cluster to a specific time, without creating a new DB cluster.

For more information on backtracking, see Backtracking an Aurora DB Cluster in the Amazon Aurora User Guide.

This action applies only to Aurora MySQL DB clusters.

", + "BacktrackDBCluster": "

Backtracks a DB cluster to a specific time, without creating a new DB cluster.

For more information on backtracking, see Backtracking an Aurora DB Cluster in the Amazon Aurora User Guide.

This action only applies to Aurora MySQL DB clusters.

", "CancelExportTask": "

Cancels an export task in progress that is exporting a snapshot to Amazon S3. Any data that has already been written to the S3 bucket isn't removed.

", "CopyDBClusterParameterGroup": "

Copies the specified DB cluster parameter group.

", - "CopyDBClusterSnapshot": "

Copies a snapshot of a DB cluster.

To copy a DB cluster snapshot from a shared manual DB cluster snapshot, SourceDBClusterSnapshotIdentifier must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.

You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot operation is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:

To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in \"copying\" status.

For more information on copying encrypted Amazon Aurora DB cluster snapshots from one Amazon Web Services Region to another, see Copying a Snapshot in the Amazon Aurora User Guide.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", + "CopyDBClusterSnapshot": "

Copies a snapshot of a DB cluster.

To copy a DB cluster snapshot from a shared manual DB cluster snapshot, SourceDBClusterSnapshotIdentifier must be the Amazon Resource Name (ARN) of the shared DB cluster snapshot.

You can copy an encrypted DB cluster snapshot from another Amazon Web Services Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot action is the destination Amazon Web Services Region for the encrypted DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot from another Amazon Web Services Region, you must provide the following values:

To cancel the copy operation once it is in progress, delete the target DB cluster snapshot identified by TargetDBClusterSnapshotIdentifier while that DB cluster snapshot is in \"copying\" status.

For more information on copying encrypted Amazon Aurora DB cluster snapshots from one Amazon Web Services Region to another, see Copying a Snapshot in the Amazon Aurora User Guide.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", "CopyDBParameterGroup": "

Copies the specified DB parameter group.

", - "CopyDBSnapshot": "

Copies the specified DB snapshot. The source DB snapshot must be in the available state.

You can copy a snapshot from one Amazon Web Services Region to another. In that case, the Amazon Web Services Region where you call the CopyDBSnapshot operation is the destination Amazon Web Services Region for the DB snapshot copy.

This command doesn't apply to RDS Custom.

For more information about copying snapshots, see Copying a DB Snapshot in the Amazon RDS User Guide.

", + "CopyDBSnapshot": "

Copies the specified DB snapshot. The source DB snapshot must be in the available state.

You can copy a snapshot from one Amazon Web Services Region to another. In that case, the Amazon Web Services Region where you call the CopyDBSnapshot action is the destination Amazon Web Services Region for the DB snapshot copy.

This command doesn't apply to RDS Custom.

For more information about copying snapshots, see Copying a DB Snapshot in the Amazon RDS User Guide.

", "CopyOptionGroup": "

Copies the specified option group.

", "CreateCustomDBEngineVersion": "

Creates a custom DB engine version (CEV). A CEV is a binary volume snapshot of a database engine and specific AMI. The supported engines are the following:

Amazon RDS, which is a fully managed service, supplies the Amazon Machine Image (AMI) and database software. The Amazon RDS database software is preinstalled, so you need only select a DB engine and version, and create your database. With Amazon RDS Custom for Oracle, you upload your database installation files in Amazon S3.

When you create a custom engine version, you specify the files in a JSON document called a CEV manifest. This document describes installation .zip files stored in Amazon S3. RDS Custom creates your CEV from the installation files that you provided. This service model is called Bring Your Own Media (BYOM).

Creation takes approximately two hours. If creation fails, RDS Custom issues RDS-EVENT-0196 with the message Creation failed for custom engine version, and includes details about the failure. For example, the event prints missing files.

After you create the CEV, it is available for use. You can create multiple CEVs, and create multiple RDS Custom instances from any CEV. You can also change the status of a CEV to make it available or inactive.

The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the CreateCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the CreateCustomDbEngineVersion event.

For more information, see Creating a CEV in the Amazon RDS User Guide.

", - "CreateDBCluster": "

Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster.

You can use the ReplicationSourceIdentifier parameter to create an Amazon Aurora DB cluster as a read replica of another DB cluster or Amazon RDS MySQL or PostgreSQL DB instance.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", - "CreateDBClusterEndpoint": "

Creates a new custom endpoint and associates it with an Amazon Aurora DB cluster.

This action applies only to Aurora DB clusters.

", - "CreateDBClusterParameterGroup": "

Creates a new DB cluster parameter group.

Parameters in a DB cluster parameter group apply to all of the instances in a DB cluster.

A DB cluster parameter group is initially created with the default parameters for the database engine used by instances in the DB cluster. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBClusterParameterGroup. Once you've created a DB cluster parameter group, you need to associate it with your DB cluster using ModifyDBCluster.

When you associate a new DB cluster parameter group with a running Aurora DB cluster, reboot the DB instances in the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect.

When you associate a new DB cluster parameter group with a running Multi-AZ DB cluster, reboot the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect.

After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the DB cluster parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters operation to verify that your DB cluster parameter group has been created or modified.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", + "CreateDBCluster": "

Creates a new Amazon Aurora DB cluster or Multi-AZ DB cluster.

You can use the ReplicationSourceIdentifier parameter to create an Amazon Aurora DB cluster as a read replica of another DB cluster or Amazon RDS MySQL or PostgreSQL DB instance. For cross-Region replication where the DB cluster identified by ReplicationSourceIdentifier is encrypted, also specify the PreSignedUrl parameter.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", + "CreateDBClusterEndpoint": "

Creates a new custom endpoint and associates it with an Amazon Aurora DB cluster.

This action only applies to Aurora DB clusters.

", + "CreateDBClusterParameterGroup": "

Creates a new DB cluster parameter group.

Parameters in a DB cluster parameter group apply to all of the instances in a DB cluster.

A DB cluster parameter group is initially created with the default parameters for the database engine used by instances in the DB cluster. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBClusterParameterGroup. Once you've created a DB cluster parameter group, you need to associate it with your DB cluster using ModifyDBCluster.

When you associate a new DB cluster parameter group with a running Aurora DB cluster, reboot the DB instances in the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect.

When you associate a new DB cluster parameter group with a running Multi-AZ DB cluster, reboot the DB cluster without failover for the new DB cluster parameter group and associated settings to take effect.

After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the DB cluster parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters action to verify that your DB cluster parameter group has been created or modified.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", "CreateDBClusterSnapshot": "

Creates a snapshot of a DB cluster.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", - "CreateDBInstance": "

Creates a new DB instance.

The new DB instance can be an RDS DB instance, or it can be a DB instance in an Aurora DB cluster. For an Aurora DB cluster, you can call this operation multiple times to add more than one DB instance to the cluster.

For more information about creating an RDS DB instance, see Creating an Amazon RDS DB instance in the Amazon RDS User Guide.

For more information about creating a DB instance in an Aurora DB cluster, see Creating an Amazon Aurora DB cluster in the Amazon Aurora User Guide.

", - "CreateDBInstanceReadReplica": "

Creates a new DB instance that acts as a read replica for an existing source DB instance. You can create a read replica for a DB instance running MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server. For more information, see Working with Read Replicas in the Amazon RDS User Guide.

Amazon Aurora doesn't support this operation. Call the CreateDBInstance operation to create a DB instance for an Aurora DB cluster.

All read replica DB instances are created with backups disabled. All other DB instance attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance, except as specified.

Your source DB instance must have backup retention enabled.

", + "CreateDBInstance": "

Creates a new DB instance.

", + "CreateDBInstanceReadReplica": "

Creates a new DB instance that acts as a read replica for an existing source DB instance. You can create a read replica for a DB instance running MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server. For more information, see Working with Read Replicas in the Amazon RDS User Guide.

Amazon Aurora doesn't support this action. Call the CreateDBInstance action to create a DB instance for an Aurora DB cluster.

All read replica DB instances are created with backups disabled. All other DB instance attributes (including DB security groups and DB parameter groups) are inherited from the source DB instance, except as specified.

Your source DB instance must have backup retention enabled.

", "CreateDBParameterGroup": "

Creates a new DB parameter group.

A DB parameter group is initially created with the default parameters for the database engine used by the DB instance. To provide custom values for any of the parameters, you must modify the group after creating it using ModifyDBParameterGroup. Once you've created a DB parameter group, you need to associate it with your DB instance using ModifyDBInstance. When you associate a new DB parameter group with a running DB instance, you need to reboot the DB instance without failover for the new DB parameter group and associated settings to take effect.

This command doesn't apply to RDS Custom.

After you create a DB parameter group, you should wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB instance. This is especially important for parameters that are critical when creating the default database for a DB instance, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBParameters command to verify that your DB parameter group has been created or modified.

", "CreateDBProxy": "

Creates a new DB proxy.

", "CreateDBProxyEndpoint": "

Creates a DBProxyEndpoint. Only applies to proxies that are associated with Aurora DB clusters. You can use DB proxy endpoints to specify read/write or read-only access to the DB cluster. You can also use DB proxy endpoints to access a DB proxy through a different VPC than the proxy's default VPC.

", "CreateDBSecurityGroup": "

Creates a new DB security group. DB security groups control access to a DB instance.

A DB security group controls access to EC2-Classic DB instances that are not in a VPC.

", "CreateDBSnapshot": "

Creates a snapshot of a DB instance. The source DB instance must be in the available or storage-optimization state.

", "CreateDBSubnetGroup": "

Creates a new DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in the Amazon Web Services Region.

", - "CreateEventSubscription": "

Creates an RDS event notification subscription. This operation requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.

You can specify the type of source (SourceType) that you want to be notified of and provide a list of RDS sources (SourceIds) that triggers the events. You can also provide a list of event categories (EventCategories) for events that you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.

If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIds = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify SourceIds, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the SourceIds, you are notified of events generated from all RDS sources belonging to your customer account.

RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.

", - "CreateGlobalCluster": "

Creates an Aurora global database spread across multiple Amazon Web Services Regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.

You can create a global database that is initially empty, and then add a primary cluster and a secondary cluster to it. Or you can specify an existing Aurora cluster during the create operation, and this cluster becomes the primary cluster of the global database.

This action applies only to Aurora DB clusters.

", + "CreateEventSubscription": "

Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.

You can specify the type of source (SourceType) that you want to be notified of and provide a list of RDS sources (SourceIds) that triggers the events. You can also provide a list of event categories (EventCategories) for events that you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.

If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIds = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify SourceIds, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the SourceIds, you are notified of events generated from all RDS sources belonging to your customer account.

RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.

", + "CreateGlobalCluster": "

Creates an Aurora global database spread across multiple Amazon Web Services Regions. The global database contains a single primary cluster with read-write capability, and a read-only secondary cluster that receives data from the primary cluster through high-speed replication performed by the Aurora storage subsystem.

You can create a global database that is initially empty, and then add a primary cluster and a secondary cluster to it. Or you can specify an existing Aurora cluster during the create operation, and this cluster becomes the primary cluster of the global database.

This action only applies to Aurora DB clusters.

", "CreateOptionGroup": "

Creates a new option group. You can create up to 20 option groups.

This command doesn't apply to RDS Custom.

", "DeleteCustomDBEngineVersion": "

Deletes a custom engine version. To run this command, make sure you meet the following prerequisites:

Typically, deletion takes a few minutes.

The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the DeleteCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the DeleteCustomDbEngineVersion event.

For more information, see Deleting a CEV in the Amazon RDS User Guide.

", "DeleteDBCluster": "

The DeleteDBCluster action deletes a previously provisioned DB cluster. When you delete a DB cluster, all automated backups for that DB cluster are deleted and can't be recovered. Manual DB cluster snapshots of the specified DB cluster are not deleted.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", @@ -75,7 +75,7 @@ "DescribeEngineDefaultParameters": "

Returns the default engine and system parameter information for the specified database engine.

", "DescribeEventCategories": "

Displays a list of categories for all event source types, or, if specified, for a specified source type. You can also see this list in the \"Amazon RDS event categories and event messages\" section of the Amazon RDS User Guide or the Amazon Aurora User Guide .

", "DescribeEventSubscriptions": "

Lists all the subscription descriptions for a customer account. The description for a subscription includes SubscriptionName, SNSTopicARN, CustomerID, SourceType, SourceID, CreationTime, and Status.

If you specify a SubscriptionName, lists the description for that subscription.

", - "DescribeEvents": "

Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days. Events specific to a particular DB instance, DB cluster, DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, or RDS Proxy can be obtained by providing the name as a parameter.

For more information on working with events, see Monitoring Amazon RDS events in the Amazon RDS User Guide and Monitoring Amazon Aurora events in the Amazon Aurora User Guide.

By default, RDS returns events that were generated in the past hour.

", + "DescribeEvents": "

Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, DB cluster snapshots, and RDS Proxies for the past 14 days. Events specific to a particular DB instance, DB cluster, DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, or RDS Proxy can be obtained by providing the name as a parameter.

By default, RDS returns events that were generated in the past hour.

", "DescribeExportTasks": "

Returns information about a snapshot export to Amazon S3. This API operation supports pagination.

", "DescribeGlobalClusters": "

Returns information about Aurora global database clusters. This API supports pagination.

For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

This action only applies to Aurora DB clusters.

", "DescribeOptionGroupOptions": "

Describes all available options.

", @@ -87,7 +87,7 @@ "DescribeSourceRegions": "

Returns a list of the source Amazon Web Services Regions where the current Amazon Web Services Region can create a read replica, copy a DB snapshot from, or replicate automated backups from. This API action supports pagination.

", "DescribeValidDBInstanceModifications": "

You can call DescribeValidDBInstanceModifications to learn what modifications you can make to your DB instance. You can use this information when you call ModifyDBInstance.

This command doesn't apply to RDS Custom.

", "DownloadDBLogFilePortion": "

Downloads all or a portion of the specified log file, up to 1 MB in size.

This command doesn't apply to RDS Custom.

", - "FailoverDBCluster": "

Forces a failover for a DB cluster.

For an Aurora DB cluster, failover for a DB cluster promotes one of the Aurora Replicas (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).

For a Multi-AZ DB cluster, failover for a DB cluster promotes one of the readable standby DB instances (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).

An Amazon Aurora DB cluster automatically fails over to an Aurora Replica, if one exists, when the primary DB instance fails. A Multi-AZ DB cluster automatically fails over to a readable standby DB instance when the primary DB instance fails.

To simulate a failure of a primary instance for testing, you can force a failover. Because each instance in a DB cluster has its own endpoint address, make sure to clean up and re-establish any existing connections that use those endpoint addresses when the failover is complete.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", + "FailoverDBCluster": "

Forces a failover for a DB cluster.

For an Aurora DB cluster, failover for a DB cluster promotes one of the Aurora Replicas (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).

For a Multi-AZ DB cluster, failover for a DB cluster promotes one of the readable standby DB instances (read-only instances) in the DB cluster to be the primary DB instance (the cluster writer).

An Amazon Aurora DB cluster automatically fails over to an Aurora Replica, if one exists, when the primary DB instance fails. A Multi-AZ DB cluster automatically fails over to a readbable standby DB instance when the primary DB instance fails.

To simulate a failure of a primary instance for testing, you can force a failover. Because each instance in a DB cluster has its own endpoint address, make sure to clean up and re-establish any existing connections that use those endpoint addresses when the failover is complete.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", "FailoverGlobalCluster": "

Initiates the failover process for an Aurora global database (GlobalCluster).

A failover for an Aurora global database promotes one of secondary read-only DB clusters to be the primary DB cluster and demotes the primary DB cluster to being a secondary (read-only) DB cluster. In other words, the role of the current primary DB cluster and the selected (target) DB cluster are switched. The selected secondary DB cluster assumes full read/write capabilities for the Aurora global database.

For more information about failing over an Amazon Aurora global database, see Managed planned failover for Amazon Aurora global databases in the Amazon Aurora User Guide.

This action applies to GlobalCluster (Aurora global databases) only. Use this action only on healthy Aurora global databases with running Aurora DB clusters and no Region-wide outages, to test disaster recovery scenarios or to reconfigure your Aurora global database topology.

", "ListTagsForResource": "

Lists all tags on an Amazon RDS resource.

For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources in the Amazon RDS User Guide.

", "ModifyCertificates": "

Override the system-default Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificate for Amazon RDS for new DB instances, or remove the override.

By using this operation, you can specify an RDS-approved SSL/TLS certificate for new DB instances that is different from the default certificate provided by RDS. You can also use this operation to remove the override, so that new DB instances use the default certificate provided by RDS.

You might need to override the default certificate in the following situations:

For more information about rotating your SSL/TLS certificate for RDS DB engines, see Rotating Your SSL/TLS Certificate in the Amazon RDS User Guide.

For more information about rotating your SSL/TLS certificate for Aurora DB engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide.

", @@ -95,15 +95,15 @@ "ModifyCustomDBEngineVersion": "

Modifies the status of a custom engine version (CEV). You can find CEVs to modify by calling DescribeDBEngineVersions.

The MediaImport service that imports files from Amazon S3 to create CEVs isn't integrated with Amazon Web Services CloudTrail. If you turn on data logging for Amazon RDS in CloudTrail, calls to the ModifyCustomDbEngineVersion event aren't logged. However, you might see calls from the API gateway that accesses your Amazon S3 bucket. These calls originate from the MediaImport service for the ModifyCustomDbEngineVersion event.

For more information, see Modifying CEV status in the Amazon RDS User Guide.

", "ModifyDBCluster": "

Modify the settings for an Amazon Aurora DB cluster or a Multi-AZ DB cluster. You can change one or more settings by specifying these parameters and the new values in the request.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", "ModifyDBClusterEndpoint": "

Modifies the properties of an endpoint in an Amazon Aurora DB cluster.

This action only applies to Aurora DB clusters.

", - "ModifyDBClusterParameterGroup": "

Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.

After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters operation to verify that your DB cluster parameter group has been created or modified.

If the modified DB cluster parameter group is used by an Aurora Serverless v1 cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", - "ModifyDBClusterSnapshotAttribute": "

Adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.

To share a manual DB cluster snapshot with other Amazon Web Services accounts, specify restore as the AttributeName and use the ValuesToAdd parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB cluster snapshot. Use the value all to make the manual DB cluster snapshot public, which means that it can be copied or restored by all Amazon Web Services accounts.

Don't add the all value for any manual DB cluster snapshots that contain private information that you don't want available to all Amazon Web Services accounts.

If a manual DB cluster snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the ValuesToAdd parameter. You can't use all as a value for that parameter in this case.

To view which Amazon Web Services accounts have access to copy or restore a manual DB cluster snapshot, or whether a manual DB cluster snapshot is public or private, use the DescribeDBClusterSnapshotAttributes API operation. The accounts are returned as values for the restore attribute.

", + "ModifyDBClusterParameterGroup": "

Modifies the parameters of a DB cluster parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.

After you create a DB cluster parameter group, you should wait at least 5 minutes before creating your first DB cluster that uses that DB cluster parameter group as the default parameter group. This allows Amazon RDS to fully complete the create action before the parameter group is used as the default for a new DB cluster. This is especially important for parameters that are critical when creating the default database for a DB cluster, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBClusterParameters action to verify that your DB cluster parameter group has been created or modified.

If the modified DB cluster parameter group is used by an Aurora Serverless v1 cluster, Aurora applies the update immediately. The cluster restart might interrupt your workload. In that case, your application must reopen any connections and retry any transactions that were active when the parameter changes took effect.

For more information on Amazon Aurora DB clusters, see What is Amazon Aurora? in the Amazon Aurora User Guide.

For more information on Multi-AZ DB clusters, see Multi-AZ deployments with two readable standby DB instances in the Amazon RDS User Guide.

", + "ModifyDBClusterSnapshotAttribute": "

Adds an attribute and values to, or removes an attribute and values from, a manual DB cluster snapshot.

To share a manual DB cluster snapshot with other Amazon Web Services accounts, specify restore as the AttributeName and use the ValuesToAdd parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB cluster snapshot. Use the value all to make the manual DB cluster snapshot public, which means that it can be copied or restored by all Amazon Web Services accounts.

Don't add the all value for any manual DB cluster snapshots that contain private information that you don't want available to all Amazon Web Services accounts.

If a manual DB cluster snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the ValuesToAdd parameter. You can't use all as a value for that parameter in this case.

To view which Amazon Web Services accounts have access to copy or restore a manual DB cluster snapshot, or whether a manual DB cluster snapshot is public or private, use the DescribeDBClusterSnapshotAttributes API action. The accounts are returned as values for the restore attribute.

", "ModifyDBInstance": "

Modifies settings for a DB instance. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. To learn what modifications you can make to your DB instance, call DescribeValidDBInstanceModifications before you call ModifyDBInstance.

", "ModifyDBParameterGroup": "

Modifies the parameters of a DB parameter group. To modify more than one parameter, submit a list of the following: ParameterName, ParameterValue, and ApplyMethod. A maximum of 20 parameters can be modified in a single request.

After you modify a DB parameter group, you should wait at least 5 minutes before creating your first DB instance that uses that DB parameter group as the default parameter group. This allows Amazon RDS to fully complete the modify action before the parameter group is used as the default for a new DB instance. This is especially important for parameters that are critical when creating the default database for a DB instance, such as the character set for the default database defined by the character_set_database parameter. You can use the Parameter Groups option of the Amazon RDS console or the DescribeDBParameters command to verify that your DB parameter group has been created or modified.

", "ModifyDBProxy": "

Changes the settings for an existing DB proxy.

", "ModifyDBProxyEndpoint": "

Changes the settings for an existing DB proxy endpoint.

", "ModifyDBProxyTargetGroup": "

Modifies the properties of a DBProxyTargetGroup.

", "ModifyDBSnapshot": "

Updates a manual DB snapshot with a new engine version. The snapshot can be encrypted or unencrypted, but not shared or public.

Amazon RDS supports upgrading DB snapshots for MySQL, PostgreSQL, and Oracle. This command doesn't apply to RDS Custom.

", - "ModifyDBSnapshotAttribute": "

Adds an attribute and values to, or removes an attribute and values from, a manual DB snapshot.

To share a manual DB snapshot with other Amazon Web Services accounts, specify restore as the AttributeName and use the ValuesToAdd parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB snapshot. Uses the value all to make the manual DB snapshot public, which means it can be copied or restored by all Amazon Web Services accounts.

Don't add the all value for any manual DB snapshots that contain private information that you don't want available to all Amazon Web Services accounts.

If the manual DB snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the ValuesToAdd parameter. You can't use all as a value for that parameter in this case.

To view which Amazon Web Services accounts have access to copy or restore a manual DB snapshot, or whether a manual DB snapshot public or private, use the DescribeDBSnapshotAttributes API operation. The accounts are returned as values for the restore attribute.

", + "ModifyDBSnapshotAttribute": "

Adds an attribute and values to, or removes an attribute and values from, a manual DB snapshot.

To share a manual DB snapshot with other Amazon Web Services accounts, specify restore as the AttributeName and use the ValuesToAdd parameter to add a list of IDs of the Amazon Web Services accounts that are authorized to restore the manual DB snapshot. Uses the value all to make the manual DB snapshot public, which means it can be copied or restored by all Amazon Web Services accounts.

Don't add the all value for any manual DB snapshots that contain private information that you don't want available to all Amazon Web Services accounts.

If the manual DB snapshot is encrypted, it can be shared, but only by specifying a list of authorized Amazon Web Services account IDs for the ValuesToAdd parameter. You can't use all as a value for that parameter in this case.

To view which Amazon Web Services accounts have access to copy or restore a manual DB snapshot, or whether a manual DB snapshot public or private, use the DescribeDBSnapshotAttributes API action. The accounts are returned as values for the restore attribute.

", "ModifyDBSubnetGroup": "

Modifies an existing DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in the Amazon Web Services Region.

", "ModifyEventSubscription": "

Modifies an existing RDS event notification subscription. You can't modify the source identifiers using this call. To change source identifiers for a subscription, use the AddSourceIdentifierToSubscription and RemoveSourceIdentifierFromSubscription calls.

You can see a list of the event categories for a given source type (SourceType) in Events in the Amazon RDS User Guide or by using the DescribeEventCategories operation.

", "ModifyGlobalCluster": "

Modify a setting for an Amazon Aurora global cluster. You can change one or more database configuration parameters by specifying these parameters and the new values in the request. For more information on Amazon Aurora, see What is Amazon Aurora? in the Amazon Aurora User Guide.

This action only applies to Aurora DB clusters.

", @@ -136,7 +136,7 @@ "StopActivityStream": "

Stops a database activity stream that was started using the Amazon Web Services console, the start-activity-stream CLI command, or the StartActivityStream action.

For more information, see Database Activity Streams in the Amazon Aurora User Guide.

", "StopDBCluster": "

Stops an Amazon Aurora DB cluster. When you stop a DB cluster, Aurora retains the DB cluster's metadata, including its endpoints and DB parameter groups. Aurora also retains the transaction logs so you can do a point-in-time restore if necessary.

For more information, see Stopping and Starting an Aurora Cluster in the Amazon Aurora User Guide.

This action only applies to Aurora DB clusters.

", "StopDBInstance": "

Stops an Amazon RDS DB instance. When you stop a DB instance, Amazon RDS retains the DB instance's metadata, including its endpoint, DB parameter group, and option group membership. Amazon RDS also retains the transaction logs so you can do a point-in-time restore if necessary.

For more information, see Stopping an Amazon RDS DB Instance Temporarily in the Amazon RDS User Guide.

This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. For Aurora clusters, use StopDBCluster instead.

", - "StopDBInstanceAutomatedBackupsReplication": "

Stops automated backup replication for a DB instance.

This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL.

For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.

" + "StopDBInstanceAutomatedBackupsReplication": "

Stops automated backup replication for a DB instance.

This command doesn't apply to RDS Custom.

For more information, see Replicating Automated Backups to Another Amazon Web Services Region in the Amazon RDS User Guide.

" }, "shapes": { "AccountAttributesMessage": { @@ -419,7 +419,7 @@ "CopyDBClusterSnapshotMessage$CopyTags": "

A value that indicates whether to copy all tags from the source DB cluster snapshot to the target DB cluster snapshot. By default, tags are not copied.

", "CopyDBSnapshotMessage$CopyTags": "

A value that indicates whether to copy all tags from the source DB snapshot to the target DB snapshot. By default, tags are not copied.

", "CreateDBClusterMessage$StorageEncrypted": "

A value that indicates whether the DB cluster is encrypted.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", - "CreateDBClusterMessage$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information, see IAM Database Authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

", + "CreateDBClusterMessage$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information, see IAM Database Authentication in the Amazon Aurora User Guide..

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$DeletionProtection": "

A value that indicates whether the DB cluster has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", "CreateDBClusterMessage$EnableHttpEndpoint": "

A value that indicates whether to enable the HTTP endpoint for an Aurora Serverless v1 DB cluster. By default, the HTTP endpoint is disabled.

When enabled, the HTTP endpoint provides a connectionless web service API for running SQL queries on the Aurora Serverless v1 DB cluster. You can also query your database from inside the RDS console with the query editor.

For more information, see Using the Data API for Aurora Serverless v1 in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$CopyTagsToSnapshot": "

A value that indicates whether to copy all tags from the DB cluster to snapshots of the DB cluster. The default is not to copy them.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", @@ -427,12 +427,12 @@ "CreateDBClusterMessage$PubliclyAccessible": "

A value that indicates whether the DB cluster is publicly accessible.

When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

When the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.

Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

Valid for: Multi-AZ DB clusters only

", "CreateDBClusterMessage$AutoMinorVersionUpgrade": "

A value that indicates whether minor engine upgrades are applied automatically to the DB cluster during the maintenance window. By default, minor engine upgrades are applied automatically.

Valid for: Multi-AZ DB clusters only

", "CreateDBClusterMessage$EnablePerformanceInsights": "

A value that indicates whether to turn on Performance Insights for the DB cluster.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.

Valid for: Multi-AZ DB clusters only

", - "CreateDBInstanceMessage$MultiAZ": "

A value that indicates whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. DB instance Availability Zones (AZs) are managed by the DB cluster.

", + "CreateDBInstanceMessage$MultiAZ": "

A value that indicates whether the DB instance is a Multi-AZ deployment. You can't set the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$AutoMinorVersionUpgrade": "

A value that indicates whether minor engine upgrades are applied automatically to the DB instance during the maintenance window. By default, minor engine upgrades are applied automatically.

If you create an RDS Custom DB instance, you must set AutoMinorVersionUpgrade to false.

", "CreateDBInstanceMessage$PubliclyAccessible": "

A value that indicates whether the DB instance is publicly accessible.

When the DB instance is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB instance's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB instance's VPC. Access to the DB instance is ultimately controlled by the security group it uses. That public access is not permitted if the security group assigned to the DB instance doesn't permit it.

When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.

Default: The default behavior varies depending on whether DBSubnetGroupName is specified.

If DBSubnetGroupName isn't specified, and PubliclyAccessible isn't specified, the following applies:

If DBSubnetGroupName is specified, and PubliclyAccessible isn't specified, the following applies:

", "CreateDBInstanceMessage$StorageEncrypted": "

A value that indicates whether the DB instance is encrypted. By default, it isn't encrypted.

For RDS Custom instances, either set this parameter to true or leave it unset. If you set this parameter to false, RDS reports an error.

Amazon Aurora

Not applicable. The encryption for DB instances is managed by the DB cluster.

", "CreateDBInstanceMessage$CopyTagsToSnapshot": "

A value that indicates whether to copy tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.

Amazon Aurora

Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting.

", - "CreateDBInstanceMessage$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.

", + "CreateDBInstanceMessage$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

This setting doesn't apply to RDS Custom or Amazon Aurora. In Aurora, mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.

For more information, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.

", "CreateDBInstanceMessage$EnablePerformanceInsights": "

A value that indicates whether to enable Performance Insights for the DB instance. For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$DeletionProtection": "

A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see Deleting a DB Instance.

Amazon Aurora

Not applicable. You can enable or disable deletion protection for the DB cluster. For more information, see CreateDBCluster. DB instances in a DB cluster can be deleted even when deletion protection is enabled for the DB cluster.

", "CreateDBInstanceMessage$EnableCustomerOwnedIp": "

A value that indicates whether to enable a customer-owned IP address (CoIP) for an RDS on Outposts DB instance.

A CoIP provides local or external connectivity to resources in your Outpost subnets through your on-premises network. For some use cases, a CoIP can provide lower latency for connections to the DB instance from outside of its virtual private cloud (VPC) on your local network.

For more information about RDS on Outposts, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.

For more information about CoIPs, see Customer-owned IP addresses in the Amazon Web Services Outposts User Guide.

", @@ -481,7 +481,7 @@ "ModifyDBInstanceMessage$CopyTagsToSnapshot": "

A value that indicates whether to copy all tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.

Amazon Aurora

Not applicable. Copying tags to snapshots is managed by the DB cluster. Setting this value for an Aurora DB instance has no effect on the DB cluster setting. For more information, see ModifyDBCluster.

", "ModifyDBInstanceMessage$PubliclyAccessible": "

A value that indicates whether the DB instance is publicly accessible.

When the DB cluster is publicly accessible, its Domain Name System (DNS) endpoint resolves to the private IP address from within the DB cluster's virtual private cloud (VPC). It resolves to the public IP address from outside of the DB cluster's VPC. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.

When the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.

PubliclyAccessible only applies to DB instances in a VPC. The DB instance must be part of a public subnet and PubliclyAccessible must be enabled for it to be publicly accessible.

Changes to the PubliclyAccessible parameter are applied immediately regardless of the value of the ApplyImmediately parameter.

", "ModifyDBInstanceMessage$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

This setting doesn't apply to Amazon Aurora. Mapping Amazon Web Services IAM accounts to database accounts is managed by the DB cluster.

For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", - "ModifyDBInstanceMessage$EnablePerformanceInsights": "

A value that indicates whether to enable Performance Insights for the DB instance.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", + "ModifyDBInstanceMessage$EnablePerformanceInsights": "

A value that indicates whether to enable Performance Insights for the DB instance.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide..

This setting doesn't apply to RDS Custom.

", "ModifyDBInstanceMessage$UseDefaultProcessorFeatures": "

A value that indicates whether the DB instance class of the DB instance uses its default processor features.

This setting doesn't apply to RDS Custom.

", "ModifyDBInstanceMessage$DeletionProtection": "

A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see Deleting a DB Instance.

", "ModifyDBInstanceMessage$CertificateRotationRestart": "

A value that indicates whether the DB instance is restarted when you rotate your SSL/TLS certificate.

By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.

Set this parameter only if you are not using SSL/TLS to connect to the DB instance.

If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:

This setting doesn't apply to RDS Custom.

", @@ -523,7 +523,7 @@ "RestoreDBInstanceFromS3Message$StorageEncrypted": "

A value that indicates whether the new DB instance is encrypted or not.

", "RestoreDBInstanceFromS3Message$CopyTagsToSnapshot": "

A value that indicates whether to copy all tags from the DB instance to snapshots of the DB instance. By default, tags are not copied.

", "RestoreDBInstanceFromS3Message$EnableIAMDatabaseAuthentication": "

A value that indicates whether to enable mapping of Amazon Web Services Identity and Access Management (IAM) accounts to database accounts. By default, mapping isn't enabled.

For more information about IAM database authentication, see IAM Database Authentication for MySQL and PostgreSQL in the Amazon RDS User Guide.

", - "RestoreDBInstanceFromS3Message$EnablePerformanceInsights": "

A value that indicates whether to enable Performance Insights for the DB instance.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide.

", + "RestoreDBInstanceFromS3Message$EnablePerformanceInsights": "

A value that indicates whether to enable Performance Insights for the DB instance.

For more information, see Using Amazon Performance Insights in the Amazon RDS User Guide..

", "RestoreDBInstanceFromS3Message$UseDefaultProcessorFeatures": "

A value that indicates whether the DB instance class of the DB instance uses its default processor features.

", "RestoreDBInstanceFromS3Message$DeletionProtection": "

A value that indicates whether the DB instance has deletion protection enabled. The database can't be deleted when deletion protection is enabled. By default, deletion protection isn't enabled. For more information, see Deleting a DB Instance.

", "RestoreDBInstanceToPointInTimeMessage$MultiAZ": "

A value that indicates whether the DB instance is a Multi-AZ deployment.

This setting doesn't apply to RDS Custom.

Constraint: You can't specify the AvailabilityZone parameter if the DB instance is a Multi-AZ deployment.

", @@ -1458,7 +1458,7 @@ "DBSecurityGroupNameList": { "base": null, "refs": { - "CreateDBInstanceMessage$DBSecurityGroups": "

A list of DB security groups to associate with this DB instance.

This setting applies to the legacy EC2-Classic platform, which is no longer used to create new DB instances. Use the VpcSecurityGroupIds setting instead.

", + "CreateDBInstanceMessage$DBSecurityGroups": "

A list of DB security groups to associate with this DB instance.

Default: The default DB security group for the database engine.

", "ModifyDBInstanceMessage$DBSecurityGroups": "

A list of DB security groups to authorize on this DB instance. Changing this setting doesn't result in an outage and the change is asynchronously applied as soon as possible.

This setting doesn't apply to RDS Custom.

Constraints:

", "OptionConfiguration$DBSecurityGroupMemberships": "

A list of DBSecurityGroupMembership name strings used for this option.

", "RestoreDBInstanceFromS3Message$DBSecurityGroups": "

A list of DB security groups to associate with this DB instance.

Default: The default DB security group for the database engine.

" @@ -2089,7 +2089,7 @@ } }, "Event": { - "base": "

This data type is used as a response element in the DescribeEvents action.

", + "base": "

This data type is used as a response element in the DescribeEvents action.

", "refs": { "EventList$member": null } @@ -2106,7 +2106,7 @@ } }, "EventCategoriesMap": { - "base": "

Contains the results of a successful invocation of the DescribeEventCategories operation.

", + "base": "

Contains the results of a successful invocation of the DescribeEventCategories operation.

", "refs": { "EventCategoriesMapList$member": null } @@ -2427,19 +2427,19 @@ "CreateDBClusterMessage$AllocatedStorage": "

The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.

This setting is required to create a Multi-AZ DB cluster.

Valid for: Multi-AZ DB clusters only

", "CreateDBClusterMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

For information about valid Iops values, see Amazon RDS Provisioned IOPS storage to improve performance in the Amazon RDS User Guide.

This setting is required to create a Multi-AZ DB cluster.

Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB cluster.

Valid for: Multi-AZ DB clusters only

", "CreateDBClusterMessage$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, also set MonitoringInterval to a value other than 0.

Valid Values: 0, 1, 5, 10, 15, 30, 60

Valid for: Multi-AZ DB clusters only

", - "CreateDBClusterMessage$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

Valid for: Multi-AZ DB clusters only

", + "CreateDBClusterMessage$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

Valid for: Multi-AZ DB clusters only

", "CreateDBInstanceMessage$AllocatedStorage": "

The amount of storage in gibibytes (GiB) to allocate for the DB instance.

Type: Integer

Amazon Aurora

Not applicable. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume.

Amazon RDS Custom

Constraints to the amount of storage for each storage type are the following:

MySQL

Constraints to the amount of storage for each storage type are the following:

MariaDB

Constraints to the amount of storage for each storage type are the following:

PostgreSQL

Constraints to the amount of storage for each storage type are the following:

Oracle

Constraints to the amount of storage for each storage type are the following:

SQL Server

Constraints to the amount of storage for each storage type are the following:

", - "CreateDBInstanceMessage$BackupRetentionPeriod": "

The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Amazon Aurora

Not applicable. The retention period for automated backups is managed by the DB cluster.

Default: 1

Constraints:

", + "CreateDBInstanceMessage$BackupRetentionPeriod": "

The number of days for which automated backups are retained. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Amazon Aurora

Not applicable. The retention period for automated backups is managed by the DB cluster.

Default: 1

Constraints:

", "CreateDBInstanceMessage$Port": "

The port number on which the database accepts connections.

MySQL

Default: 3306

Valid values: 1150-65535

Type: Integer

MariaDB

Default: 3306

Valid values: 1150-65535

Type: Integer

PostgreSQL

Default: 5432

Valid values: 1150-65535

Type: Integer

Oracle

Default: 1521

Valid values: 1150-65535

SQL Server

Default: 1433

Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.

Amazon Aurora

Default: 3306

Valid values: 1150-65535

Type: Integer

", - "CreateDBInstanceMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid Iops values, see Amazon RDS Provisioned IOPS storage to improve performance in the Amazon RDS User Guide.

Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance.

Amazon Aurora

Not applicable. Storage is managed by the DB cluster.

", + "CreateDBInstanceMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance. For information about valid Iops values, see Amazon RDS Provisioned IOPS storage to improve performance in the Amazon RDS User Guide.

Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL DB instances, must be a multiple between .5 and 50 of the storage amount for the DB instance. For SQL Server DB instances, must be a multiple between 1 and 50 of the storage amount for the DB instance.

", "CreateDBInstanceMessage$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collection of Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, then you must set MonitoringInterval to a value other than 0.

This setting doesn't apply to RDS Custom.

Valid Values: 0, 1, 5, 10, 15, 30, 60

", "CreateDBInstanceMessage$PromotionTier": "

A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.

This setting doesn't apply to RDS Custom.

Default: 1

Valid Values: 0 - 15

", - "CreateDBInstanceMessage$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

This setting doesn't apply to RDS Custom.

", - "CreateDBInstanceMessage$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. Storage is managed by the DB cluster.

", + "CreateDBInstanceMessage$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

This setting doesn't apply to RDS Custom.

", + "CreateDBInstanceMessage$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$Port": "

The port number that the DB instance uses for connections.

Default: Inherits from the source DB instance

Valid Values: 1150-65535

", "CreateDBInstanceReadReplicaMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance.

", "CreateDBInstanceReadReplicaMessage$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the read replica. To disable collecting Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.

This setting doesn't apply to RDS Custom.

Valid Values: 0, 1, 5, 10, 15, 30, 60

", - "CreateDBInstanceReadReplicaMessage$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

This setting doesn't apply to RDS Custom.

", + "CreateDBInstanceReadReplicaMessage$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

", "CreateDBProxyRequest$IdleClientTimeout": "

The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.

", "DBCluster$AllocatedStorage": "

For all database engines except Amazon Aurora, AllocatedStorage specifies the allocated storage size in gibibytes (GiB). For Aurora, AllocatedStorage always returns 1, because Aurora DB cluster storage size isn't fixed, but instead automatically adjusts as needed.

", @@ -2448,7 +2448,7 @@ "DBCluster$Capacity": "

The current capacity of an Aurora Serverless v1 DB cluster. The capacity is 0 (zero) when the cluster is paused.

For more information about Aurora Serverless v1, see Using Amazon Aurora Serverless v1 in the Amazon Aurora User Guide.

", "DBCluster$Iops": "

The Provisioned IOPS (I/O operations per second) value.

This setting is only for non-Aurora Multi-AZ DB clusters.

", "DBCluster$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster.

This setting is only for non-Aurora Multi-AZ DB clusters.

", - "DBCluster$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

This setting is only for non-Aurora Multi-AZ DB clusters.

", + "DBCluster$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

This setting is only for non-Aurora Multi-AZ DB clusters.

", "DBClusterCapacityInfo$PendingCapacity": "

A value that specifies the capacity that the DB cluster scales to next.

", "DBClusterCapacityInfo$CurrentCapacity": "

The current capacity of the DB cluster.

", "DBClusterCapacityInfo$SecondsBeforeTimeout": "

The number of seconds before a call to ModifyCurrentDBClusterCapacity times out.

", @@ -2456,7 +2456,7 @@ "DBInstance$Iops": "

Specifies the Provisioned IOPS (I/O operations per second) value.

", "DBInstance$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance.

", "DBInstance$PromotionTier": "

A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.

", - "DBInstance$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

", + "DBInstance$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

", "DBInstance$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

", "DBInstanceAutomatedBackup$Iops": "

The IOPS (I/O operations per second) value for the automated backup.

", "DBInstanceAutomatedBackup$BackupRetentionPeriod": "

The retention period for the automated backups.

", @@ -2497,14 +2497,14 @@ "ModifyDBClusterMessage$AllocatedStorage": "

The amount of storage in gibibytes (GiB) to allocate to each DB instance in the Multi-AZ DB cluster.

Type: Integer

Valid for: Multi-AZ DB clusters only

", "ModifyDBClusterMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.

For information about valid Iops values, see Amazon RDS Provisioned IOPS Storage to Improve Performance in the Amazon RDS User Guide.

Constraints: Must be a multiple between .5 and 50 of the storage amount for the DB cluster.

Valid for: Multi-AZ DB clusters only

", "ModifyDBClusterMessage$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB cluster. To turn off collecting Enhanced Monitoring metrics, specify 0. The default is 0.

If MonitoringRoleArn is specified, also set MonitoringInterval to a value other than 0.

Valid Values: 0, 1, 5, 10, 15, 30, 60

Valid for: Multi-AZ DB clusters only

", - "ModifyDBClusterMessage$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

Valid for: Multi-AZ DB clusters only

", + "ModifyDBClusterMessage$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

Valid for: Multi-AZ DB clusters only

", "ModifyDBInstanceMessage$AllocatedStorage": "

The new amount of storage in gibibytes (GiB) to allocate for the DB instance.

For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.

For the valid values for allocated storage for each engine, see CreateDBInstance.

", - "ModifyDBInstanceMessage$BackupRetentionPeriod": "

The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.

These changes are applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.

Amazon Aurora

Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.

Default: Uses existing setting

Constraints:

", + "ModifyDBInstanceMessage$BackupRetentionPeriod": "

The number of days to retain automated backups. Setting this parameter to a positive number enables backups. Setting this parameter to 0 disables automated backups.

Enabling and disabling backups can result in a brief I/O suspension that lasts from a few seconds to a few minutes, depending on the size and class of your DB instance.

These changes are applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you change the parameter from one non-zero value to another non-zero value, the change is asynchronously applied as soon as possible.

Amazon Aurora

Not applicable. The retention period for automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.

Default: Uses existing setting

Constraints:

", "ModifyDBInstanceMessage$Iops": "

The new Provisioned IOPS (I/O operations per second) value for the RDS instance.

Changing this setting doesn't result in an outage and the change is applied during the next maintenance window unless the ApplyImmediately parameter is enabled for this request. If you are migrating from Provisioned IOPS to standard storage, set this value to 0. The DB instance will require a reboot for the change in storage type to take effect.

If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.

Constraints: For MariaDB, MySQL, Oracle, and PostgreSQL, the value supplied must be at least 10% greater than the current value. Values that are not at least 10% greater than the existing value are rounded up so that they are 10% greater than the current value.

Default: Uses existing setting

", "ModifyDBInstanceMessage$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0, which is the default.

If MonitoringRoleArn is specified, set MonitoringInterval to a value other than 0.

This setting doesn't apply to RDS Custom.

Valid Values: 0, 1, 5, 10, 15, 30, 60

", "ModifyDBInstanceMessage$DBPortNumber": "

The port number on which the database accepts connections.

The value of the DBPortNumber parameter must not match any of the port values specified for options in the option group for the DB instance.

If you change the DBPortNumber value, your database restarts regardless of the value of the ApplyImmediately parameter.

This setting doesn't apply to RDS Custom.

MySQL

Default: 3306

Valid values: 1150-65535

MariaDB

Default: 3306

Valid values: 1150-65535

PostgreSQL

Default: 5432

Valid values: 1150-65535

Type: Integer

Oracle

Default: 1521

Valid values: 1150-65535

SQL Server

Default: 1433

Valid values: 1150-65535 except 1234, 1434, 3260, 3343, 3389, 47001, and 49152-49156.

Amazon Aurora

Default: 3306

Valid values: 1150-65535

", "ModifyDBInstanceMessage$PromotionTier": "

A value that specifies the order in which an Aurora Replica is promoted to the primary instance after a failure of the existing primary instance. For more information, see Fault Tolerance for an Aurora DB Cluster in the Amazon Aurora User Guide.

This setting doesn't apply to RDS Custom.

Default: 1

Valid Values: 0 - 15

", - "ModifyDBInstanceMessage$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

This setting doesn't apply to RDS Custom.

", + "ModifyDBInstanceMessage$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

This setting doesn't apply to RDS Custom.

", "ModifyDBInstanceMessage$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "ModifyDBInstanceMessage$ResumeFullAutomationModeMinutes": "

The number of minutes to pause the automation. When the time period ends, RDS Custom resumes full automation. The minimum value is 60 (default). The maximum value is 1,440.

", "ModifyDBProxyRequest$IdleClientTimeout": "

The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.

", @@ -2535,7 +2535,7 @@ "RestoreDBInstanceFromS3Message$Port": "

The port number on which the database accepts connections.

Type: Integer

Valid Values: 1150-65535

Default: 3306

", "RestoreDBInstanceFromS3Message$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to allocate initially for the DB instance. For information about valid Iops values, see Amazon RDS Provisioned IOPS Storage to Improve Performance in the Amazon RDS User Guide.

", "RestoreDBInstanceFromS3Message$MonitoringInterval": "

The interval, in seconds, between points when Enhanced Monitoring metrics are collected for the DB instance. To disable collecting Enhanced Monitoring metrics, specify 0.

If MonitoringRoleArn is specified, then you must also set MonitoringInterval to a value other than 0.

Valid Values: 0, 1, 5, 10, 15, 30, 60

Default: 0

", - "RestoreDBInstanceFromS3Message$PerformanceInsightsRetentionPeriod": "

The number of days to retain Performance Insights data. The default is 7 days. The following values are valid:

For example, the following values are valid:

If you specify a retention period such as 94, which isn't a valid value, RDS issues an error.

", + "RestoreDBInstanceFromS3Message$PerformanceInsightsRetentionPeriod": "

The amount of time, in days, to retain Performance Insights data. Valid values are 7 or 731 (2 years).

", "RestoreDBInstanceFromS3Message$MaxAllocatedStorage": "

The upper limit in gibibytes (GiB) to which Amazon RDS can automatically scale the storage of the DB instance.

For more information about this setting, including limitations that apply to it, see Managing capacity automatically with Amazon RDS storage autoscaling in the Amazon RDS User Guide.

", "RestoreDBInstanceToPointInTimeMessage$Port": "

The port number on which the database accepts connections.

Constraints: Value must be 1150-65535

Default: The same port as the original DB instance.

", "RestoreDBInstanceToPointInTimeMessage$Iops": "

The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for the DB instance.

Constraints: Must be an integer greater than 1000.

SQL Server

Setting the IOPS value for the SQL Server database engine isn't supported.

", @@ -2712,8 +2712,8 @@ "PendingCloudwatchLogsExports$LogTypesToEnable": "

Log types that are in the process of being deactivated. After they are deactivated, these log types aren't exported to CloudWatch Logs.

", "PendingCloudwatchLogsExports$LogTypesToDisable": "

Log types that are in the process of being enabled. After they are enabled, these log types are exported to CloudWatch Logs.

", "RestoreDBClusterFromS3Message$EnableCloudwatchLogsExports": "

The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

", - "RestoreDBClusterFromSnapshotMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used.

RDS for MySQL

Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", - "RestoreDBClusterToPointInTimeMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

RDS for MySQL

Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", + "RestoreDBClusterFromSnapshotMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB cluster is to export to Amazon CloudWatch Logs. The values in the list depend on the DB engine being used.

RDS for MySQL

Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide..

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", + "RestoreDBClusterToPointInTimeMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB cluster is to export to CloudWatch Logs. The values in the list depend on the DB engine being used.

RDS for MySQL

Possible values are error, general, and slowquery.

RDS for PostgreSQL

Possible values are postgresql and upgrade.

Aurora MySQL

Possible values are audit, error, general, and slowquery.

Aurora PostgreSQL

Possible value is postgresql.

For more information about exporting CloudWatch Logs for Amazon RDS, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide..

For more information about exporting CloudWatch Logs for Amazon Aurora, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", "RestoreDBInstanceFromDBSnapshotMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "RestoreDBInstanceFromS3Message$EnableCloudwatchLogsExports": "

The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

", "RestoreDBInstanceToPointInTimeMessage$EnableCloudwatchLogsExports": "

The list of logs that the restored DB instance is to export to CloudWatch Logs. The values in the list depend on the DB engine being used. For more information, see Publishing Database Logs to Amazon CloudWatch Logs in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

" @@ -3164,7 +3164,7 @@ "ProcessorFeatureList": { "base": null, "refs": { - "CreateDBInstanceMessage$ProcessorFeatures": "

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable.

", + "CreateDBInstanceMessage$ProcessorFeatures": "

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$ProcessorFeatures": "

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

This setting doesn't apply to RDS Custom.

", "DBInstance$ProcessorFeatures": "

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance.

", "DBSnapshot$ProcessorFeatures": "

The number of CPU cores and the number of threads per core for the DB instance class of the DB instance when the DB snapshot was created.

", @@ -3721,14 +3721,14 @@ "CopyDBClusterSnapshotMessage$SourceDBClusterSnapshotIdentifier": "

The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive.

You can't copy an encrypted, shared DB cluster snapshot from one Amazon Web Services Region to another.

Constraints:

Example: my-cluster-snapshot1

", "CopyDBClusterSnapshotMessage$TargetDBClusterSnapshotIdentifier": "

The identifier of the new DB cluster snapshot to create from the source DB cluster snapshot. This parameter isn't case-sensitive.

Constraints:

Example: my-cluster-snapshot2

", "CopyDBClusterSnapshotMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for an encrypted DB cluster snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the Amazon Web Services KMS key.

If you copy an encrypted DB cluster snapshot from your Amazon Web Services account, you can specify a value for KmsKeyId to encrypt the copy with a new KMS key. If you don't specify a value for KmsKeyId, then the copy of the DB cluster snapshot is encrypted with the same KMS key as the source DB cluster snapshot.

If you copy an encrypted DB cluster snapshot that is shared from another Amazon Web Services account, then you must specify a value for KmsKeyId.

To copy an encrypted DB cluster snapshot to another Amazon Web Services Region, you must set KmsKeyId to the Amazon Web Services KMS key identifier you want to use to encrypt the copy of the DB cluster snapshot in the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

If you copy an unencrypted DB cluster snapshot and specify a value for the KmsKeyId parameter, an error is returned.

", - "CopyDBClusterSnapshotMessage$PreSignedUrl": "

When you are copying a DB cluster snapshot from one Amazon Web Services GovCloud (US) Region to another, the URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot API operation in the Amazon Web Services Region that contains the source DB cluster snapshot to copy. Use the PreSignedUrl parameter when copying an encrypted DB cluster snapshot from another Amazon Web Services Region. Don't specify PreSignedUrl when copying an encrypted DB cluster snapshot in the same Amazon Web Services Region.

This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

The presigned URL must be a valid request for the CopyDBClusterSnapshot API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to copy. The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

", + "CopyDBClusterSnapshotMessage$PreSignedUrl": "

The URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot API action in the Amazon Web Services Region that contains the source DB cluster snapshot to copy. The PreSignedUrl parameter must be used when copying an encrypted DB cluster snapshot from another Amazon Web Services Region. Don't specify PreSignedUrl when you are copying an encrypted DB cluster snapshot in the same Amazon Web Services Region.

The pre-signed URL must be a valid request for the CopyDBClusterSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to be copied. The pre-signed URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.

", "CopyDBParameterGroupMessage$SourceDBParameterGroupIdentifier": "

The identifier or ARN for the source DB parameter group. For information about creating an ARN, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide.

Constraints:

", "CopyDBParameterGroupMessage$TargetDBParameterGroupIdentifier": "

The identifier for the copied DB parameter group.

Constraints:

Example: my-db-parameter-group

", "CopyDBParameterGroupMessage$TargetDBParameterGroupDescription": "

A description for the copied DB parameter group.

", - "CopyDBSnapshotMessage$SourceDBSnapshotIdentifier": "

The identifier for the source DB snapshot.

If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805.

If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB snapshot ARN. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805.

If you are copying from a shared manual DB snapshot, this parameter must be the Amazon Resource Name (ARN) of the shared DB snapshot.

If you are copying an encrypted snapshot this parameter must be in the ARN format for the source Amazon Web Services Region.

Constraints:

Example: rds:mydb-2012-04-02-00-01

Example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805

", + "CopyDBSnapshotMessage$SourceDBSnapshotIdentifier": "

The identifier for the source DB snapshot.

If the source snapshot is in the same Amazon Web Services Region as the copy, specify a valid DB snapshot identifier. For example, you might specify rds:mysql-instance1-snapshot-20130805.

If the source snapshot is in a different Amazon Web Services Region than the copy, specify a valid DB snapshot ARN. For example, you might specify arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805.

If you are copying from a shared manual DB snapshot, this parameter must be the Amazon Resource Name (ARN) of the shared DB snapshot.

If you are copying an encrypted snapshot this parameter must be in the ARN format for the source Amazon Web Services Region, and must match the SourceDBSnapshotIdentifier in the PreSignedUrl parameter.

Constraints:

Example: rds:mydb-2012-04-02-00-01

Example: arn:aws:rds:us-west-2:123456789012:snapshot:mysql-instance1-snapshot-20130805

", "CopyDBSnapshotMessage$TargetDBSnapshotIdentifier": "

The identifier for the copy of the snapshot.

Constraints:

Example: my-db-snapshot

", "CopyDBSnapshotMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for an encrypted DB snapshot. The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you copy an encrypted DB snapshot from your Amazon Web Services account, you can specify a value for this parameter to encrypt the copy with a new KMS key. If you don't specify a value for this parameter, then the copy of the DB snapshot is encrypted with the same Amazon Web Services KMS key as the source DB snapshot.

If you copy an encrypted DB snapshot that is shared from another Amazon Web Services account, then you must specify a value for this parameter.

If you specify this parameter when you copy an unencrypted snapshot, the copy is encrypted.

If you copy an encrypted snapshot to a different Amazon Web Services Region, then you must specify an Amazon Web Services KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

", - "CopyDBSnapshotMessage$PreSignedUrl": "

When you are copying a snapshot from one Amazon Web Services GovCloud (US) Region to another, the URL that contains a Signature Version 4 signed request for the CopyDBSnapshot API operation in the source Amazon Web Services Region that contains the source DB snapshot to copy.

This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

You must specify this parameter when you copy an encrypted DB snapshot from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon Web Services Region.

The presigned URL must be a valid request for the CopyDBClusterSnapshot API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster snapshot to copy. The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

", + "CopyDBSnapshotMessage$PreSignedUrl": "

The URL that contains a Signature Version 4 signed request for the CopyDBSnapshot API action in the source Amazon Web Services Region that contains the source DB snapshot to copy.

You must specify this parameter when you copy an encrypted DB snapshot from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon Web Services Region.

The presigned URL must be a valid request for the CopyDBSnapshot API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB snapshot to be copied. The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.

", "CopyDBSnapshotMessage$OptionGroupName": "

The name of an option group to associate with the copy of the snapshot.

Specify this option if you are copying a snapshot from one Amazon Web Services Region to another, and your DB instance uses a nondefault option group. If your source DB instance uses Transparent Data Encryption for Oracle or Microsoft SQL Server, you must specify this option when copying across Amazon Web Services Regions. For more information, see Option group considerations in the Amazon RDS User Guide.

", "CopyDBSnapshotMessage$TargetCustomAvailabilityZone": "

The external custom Availability Zone (CAZ) identifier for the target CAZ.

Example: rds-caz-aiqhTgQv.

", "CopyOptionGroupMessage$SourceOptionGroupIdentifier": "

The identifier for the source option group.

Constraints:

", @@ -3751,8 +3751,8 @@ "CreateDBClusterMessage$PreferredMaintenanceWindow": "

The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).

Format: ddd:hh24:mi-ddd:hh24:mi

The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred DB Cluster Maintenance Window in the Amazon Aurora User Guide.

Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.

Constraints: Minimum 30-minute window.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", "CreateDBClusterMessage$ReplicationSourceIdentifier": "

The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for an encrypted DB cluster.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

When a KMS key isn't specified in KmsKeyId:

There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

If you create a read replica of an encrypted DB cluster in another Amazon Web Services Region, you must set KmsKeyId to a KMS key identifier that is valid in the destination Amazon Web Services Region. This KMS key is used to encrypt the read replica in that Amazon Web Services Region.

Valid for: Aurora DB clusters and Multi-AZ DB clusters

", - "CreateDBClusterMessage$PreSignedUrl": "

When you are replicating a DB cluster from one Amazon Web Services GovCloud (US) Region to another, an URL that contains a Signature Version 4 signed request for the CreateDBCluster operation to be called in the source Amazon Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl only when you are performing cross-Region replication from an encrypted DB cluster.

The presigned URL must be a valid request for the CreateDBCluster API operation that can run in the source Amazon Web Services Region that contains the encrypted DB cluster to copy.

The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

Valid for: Aurora DB clusters only

", - "CreateDBClusterMessage$EngineMode": "

The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.

The parallelquery engine mode isn't required for Aurora MySQL version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x versions.

The global engine mode isn't required for Aurora MySQL version 1.22 and higher 1.x versions, and global engine mode isn't required for any 2.x versions.

The multimaster engine mode only applies for DB clusters created with Aurora MySQL version 5.6.10a.

The serverless engine mode only applies for Aurora Serverless v1 DB clusters.

For Aurora PostgreSQL, the global engine mode isn't required, and both the parallelquery and the multimaster engine modes currently aren't supported.

Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the Amazon Aurora User Guide:

Valid for: Aurora DB clusters only

", + "CreateDBClusterMessage$PreSignedUrl": "

A URL that contains a Signature Version 4 signed request for the CreateDBCluster action to be called in the source Amazon Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl only when you are performing cross-Region replication from an encrypted DB cluster.

The pre-signed URL must be a valid request for the CreateDBCluster API action that can be executed in the source Amazon Web Services Region that contains the encrypted DB cluster to be copied.

The pre-signed URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a pre-signed URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.

Valid for: Aurora DB clusters only

", + "CreateDBClusterMessage$EngineMode": "

The DB engine mode of the DB cluster, either provisioned, serverless, parallelquery, global, or multimaster.

The parallelquery engine mode isn't required for Aurora MySQL version 1.23 and higher 1.x versions, and version 2.09 and higher 2.x versions.

The global engine mode isn't required for Aurora MySQL version 1.22 and higher 1.x versions, and global engine mode isn't required for any 2.x versions.

The multimaster engine mode only applies for DB clusters created with Aurora MySQL version 5.6.10a.

For Aurora PostgreSQL, the global engine mode isn't required, and both the parallelquery and the multimaster engine modes currently aren't supported.

Limitations and requirements apply to some DB engine modes. For more information, see the following sections in the Amazon Aurora User Guide:

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$GlobalClusterIdentifier": "

The global cluster ID of an Aurora cluster that becomes the primary cluster in the new global database cluster.

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$Domain": "

The Active Directory directory ID to create the DB cluster in.

For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster.

For more information, see Kerberos authentication in the Amazon Aurora User Guide.

Valid for: Aurora DB clusters only

", "CreateDBClusterMessage$DomainIAMRoleName": "

Specify the name of the IAM role to be used when making API calls to the Directory Service.

Valid for: Aurora DB clusters only

", @@ -3767,7 +3767,7 @@ "CreateDBClusterSnapshotMessage$DBClusterIdentifier": "

The identifier of the DB cluster to create a snapshot for. This parameter isn't case-sensitive.

Constraints:

Example: my-cluster1

", "CreateDBInstanceMessage$DBName": "

The meaning of this parameter differs according to the database engine you use.

MySQL

The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.

Constraints:

MariaDB

The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.

Constraints:

PostgreSQL

The name of the database to create when the DB instance is created. If this parameter isn't specified, a database named postgres is created in the DB instance.

Constraints:

Oracle

The Oracle System ID (SID) of the created DB instance. If you specify null, the default value ORCL is used. You can't specify the string NULL, or any other reserved word, for DBName.

Default: ORCL

Constraints:

Amazon RDS Custom for Oracle

The Oracle System ID (SID) of the created RDS Custom DB instance. If you don't specify a value, the default value is ORCL.

Default: ORCL

Constraints:

Amazon RDS Custom for SQL Server

Not applicable. Must be null.

SQL Server

Not applicable. Must be null.

Amazon Aurora MySQL

The name of the database to create when the primary DB instance of the Aurora MySQL DB cluster is created. If this parameter isn't specified for an Aurora MySQL DB cluster, no database is created in the DB cluster.

Constraints:

Amazon Aurora PostgreSQL

The name of the database to create when the primary DB instance of the Aurora PostgreSQL DB cluster is created. If this parameter isn't specified for an Aurora PostgreSQL DB cluster, a database named postgres is created in the DB cluster.

Constraints:

", "CreateDBInstanceMessage$DBInstanceIdentifier": "

The DB instance identifier. This parameter is stored as a lowercase string.

Constraints:

Example: mydbinstance

", - "CreateDBInstanceMessage$DBInstanceClass": "

The compute and memory capacity of the DB instance, for example db.m5.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB instance classes in the Amazon RDS User Guide or Aurora DB instance classes in the Amazon Aurora User Guide.

", + "CreateDBInstanceMessage$DBInstanceClass": "

The compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

", "CreateDBInstanceMessage$Engine": "

The name of the database engine to be used for this instance.

Not every database engine is available for every Amazon Web Services Region.

Valid Values:

", "CreateDBInstanceMessage$MasterUsername": "

The name for the master user.

Amazon Aurora

Not applicable. The name for the master user is managed by the DB cluster.

Amazon RDS

Constraints:

", "CreateDBInstanceMessage$MasterUserPassword": "

The password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".

Amazon Aurora

Not applicable. The password for the master user is managed by the DB cluster.

MariaDB

Constraints: Must contain from 8 to 41 characters.

Microsoft SQL Server

Constraints: Must contain from 8 to 128 characters.

MySQL

Constraints: Must contain from 8 to 41 characters.

Oracle

Constraints: Must contain from 8 to 30 characters.

PostgreSQL

Constraints: Must contain from 8 to 128 characters.

", @@ -3776,19 +3776,19 @@ "CreateDBInstanceMessage$PreferredMaintenanceWindow": "

The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC). For more information, see Amazon RDS Maintenance Window.

Format: ddd:hh24:mi-ddd:hh24:mi

The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week.

Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.

Constraints: Minimum 30-minute window.

", "CreateDBInstanceMessage$DBParameterGroupName": "

The name of the DB parameter group to associate with this DB instance. If you do not specify a value, then the default DB parameter group for the specified DB engine and version is used.

This setting doesn't apply to RDS Custom.

Constraints:

", "CreateDBInstanceMessage$PreferredBackupWindow": "

The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.

Amazon Aurora

Not applicable. The daily time range for creating automated backups is managed by the DB cluster.

Constraints:

", - "CreateDBInstanceMessage$EngineVersion": "

The version number of the database engine to use.

For a list of valid engine versions, use the DescribeDBEngineVersions operation.

The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.

Amazon Aurora

Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.

Amazon RDS Custom for Oracle

A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: 19.customized_string . An example identifier is 19.my_cev1. For more information, see Creating an RDS Custom for Oracle DB instance in the Amazon RDS User Guide.

Amazon RDS Custom for SQL Server

See RDS Custom for SQL Server general requirements in the Amazon RDS User Guide.

MariaDB

For information, see MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.

Microsoft SQL Server

For information, see Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.

MySQL

For information, see MySQL on Amazon RDS Versions in the Amazon RDS User Guide.

Oracle

For information, see Oracle Database Engine Release Notes in the Amazon RDS User Guide.

PostgreSQL

For information, see Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.

", - "CreateDBInstanceMessage$LicenseModel": "

License model information for this DB instance.

Valid values: license-included | bring-your-own-license | general-public-license

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable.

", - "CreateDBInstanceMessage$OptionGroupName": "

A value that indicates that the DB instance should be associated with the specified option group.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable.

", + "CreateDBInstanceMessage$EngineVersion": "

The version number of the database engine to use.

For a list of valid engine versions, use the DescribeDBEngineVersions action.

The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.

Amazon Aurora

Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.

Amazon RDS Custom for Oracle

A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: 19.customized_string . An example identifier is 19.my_cev1. For more information, see Creating an RDS Custom for Oracle DB instance in the Amazon RDS User Guide.

Amazon RDS Custom for SQL Server

See RDS Custom for SQL Server general requirements in the Amazon RDS User Guide.

MariaDB

For information, see MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.

Microsoft SQL Server

For information, see Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.

MySQL

For information, see MySQL on Amazon RDS Versions in the Amazon RDS User Guide.

Oracle

For information, see Oracle Database Engine Release Notes in the Amazon RDS User Guide.

PostgreSQL

For information, see Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.

", + "CreateDBInstanceMessage$LicenseModel": "

License model information for this DB instance.

Valid values: license-included | bring-your-own-license | general-public-license

This setting doesn't apply to RDS Custom.

", + "CreateDBInstanceMessage$OptionGroupName": "

A value that indicates that the DB instance should be associated with the specified option group.

Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$CharacterSetName": "

For supported engines, this value indicates that the DB instance should be associated with the specified CharacterSet.

This setting doesn't apply to RDS Custom. However, if you need to change the character set, you can change it on the database itself.

Amazon Aurora

Not applicable. The character set is managed by the DB cluster. For more information, see CreateDBCluster.

", "CreateDBInstanceMessage$NcharCharacterSetName": "

The name of the NCHAR character set for the Oracle DB instance.

This parameter doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$DBClusterIdentifier": "

The identifier of the DB cluster that the instance will belong to.

This setting doesn't apply to RDS Custom.

", - "CreateDBInstanceMessage$StorageType": "

Specifies the storage type to be associated with the DB instance.

Valid values: standard | gp2 | io1

If you specify io1, you must also include a value for the Iops parameter.

Default: io1 if the Iops parameter is specified, otherwise gp2

Amazon Aurora

Not applicable. Storage is managed by the DB cluster.

", - "CreateDBInstanceMessage$TdeCredentialArn": "

The ARN from the key store with which to associate the instance for TDE encryption.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable.

", + "CreateDBInstanceMessage$StorageType": "

Specifies the storage type to be associated with the DB instance.

Valid values: standard | gp2 | io1

If you specify io1, you must also include a value for the Iops parameter.

Default: io1 if the Iops parameter is specified, otherwise gp2

", + "CreateDBInstanceMessage$TdeCredentialArn": "

The ARN from the key store with which to associate the instance for TDE encryption.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$TdeCredentialPassword": "

The password for the given ARN from the key store in order to access the device.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for an encrypted DB instance.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.

Amazon Aurora

Not applicable. The Amazon Web Services KMS key identifier is managed by the DB cluster. For more information, see CreateDBCluster.

If StorageEncrypted is enabled, and you do not specify a value for the KmsKeyId parameter, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

Amazon RDS Custom

A KMS key is required for RDS Custom instances. For most RDS engines, if you leave this parameter empty while enabling StorageEncrypted, the engine uses the default KMS key. However, RDS Custom doesn't use the default key when this parameter is empty. You must explicitly specify a key.

", - "CreateDBInstanceMessage$Domain": "

The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.

For more information, see Kerberos Authentication in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. The domain is managed by the DB cluster.

", + "CreateDBInstanceMessage$Domain": "

The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.

For more information, see Kerberos Authentication in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$MonitoringRoleArn": "

The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see Setting Up and Enabling Enhanced Monitoring in the Amazon RDS User Guide.

If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.

This setting doesn't apply to RDS Custom.

", - "CreateDBInstanceMessage$DomainIAMRoleName": "

Specify the name of the IAM role to be used when making API calls to the Directory Service.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. The domain is managed by the DB cluster.

", + "CreateDBInstanceMessage$DomainIAMRoleName": "

Specify the name of the IAM role to be used when making API calls to the Directory Service.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$Timezone": "

The time zone of the DB instance. The time zone parameter is currently supported only by Microsoft SQL Server.

", "CreateDBInstanceMessage$PerformanceInsightsKMSKeyId": "

The Amazon Web Services KMS key identifier for encryption of Performance Insights data.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceMessage$CustomIamInstanceProfile": "

The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:

For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.

This setting is required for RDS Custom.

", @@ -3799,12 +3799,12 @@ "CreateDBInstanceReadReplicaMessage$DBInstanceClass": "

The compute and memory capacity of the read replica, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

Default: Inherits from the source DB instance.

", "CreateDBInstanceReadReplicaMessage$AvailabilityZone": "

The Availability Zone (AZ) where the read replica will be created.

Default: A random, system-chosen Availability Zone in the endpoint's Amazon Web Services Region.

Example: us-east-1d

", "CreateDBInstanceReadReplicaMessage$OptionGroupName": "

The option group the DB instance is associated with. If omitted, the option group associated with the source instance is used.

For SQL Server, you must use the option group associated with the source instance.

This setting doesn't apply to RDS Custom.

", - "CreateDBInstanceReadReplicaMessage$DBParameterGroupName": "

The name of the DB parameter group to associate with this DB instance.

If you do not specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of source DB instance for a same Region read replica, or the default DBParameterGroup for the specified DB engine for a cross-Region read replica.

Specifying a parameter group for this operation is only supported for MySQL and Oracle DB instances. It isn't supported for RDS Custom.

Constraints:

", + "CreateDBInstanceReadReplicaMessage$DBParameterGroupName": "

The name of the DB parameter group to associate with this DB instance.

If you do not specify a value for DBParameterGroupName, then Amazon RDS uses the DBParameterGroup of source DB instance for a same Region read replica, or the default DBParameterGroup for the specified DB engine for a cross-Region read replica.

Specifying a parameter group for this operation is only supported for Oracle DB instances. It isn't supported for RDS Custom.

Constraints:

", "CreateDBInstanceReadReplicaMessage$DBSubnetGroupName": "

Specifies a DB subnet group for the DB instance. The new DB instance is created in the VPC associated with the DB subnet group. If no DB subnet group is specified, then the new DB instance isn't created in a VPC.

Constraints:

Example: mydbsubnetgroup

", "CreateDBInstanceReadReplicaMessage$StorageType": "

Specifies the storage type to be associated with the read replica.

Valid values: standard | gp2 | io1

If you specify io1, you must also include a value for the Iops parameter.

Default: io1 if the Iops parameter is specified, otherwise gp2

", "CreateDBInstanceReadReplicaMessage$MonitoringRoleArn": "

The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, go to To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.

If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for an encrypted read replica.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you create an encrypted read replica in the same Amazon Web Services Region as the source DB instance, then do not specify a value for this parameter. A read replica in the same Amazon Web Services Region is always encrypted with the same KMS key as the source DB instance.

If you create an encrypted read replica in a different Amazon Web Services Region, then you must specify a KMS key identifier for the destination Amazon Web Services Region. KMS keys are specific to the Amazon Web Services Region that they are created in, and you can't use KMS keys from one Amazon Web Services Region in another Amazon Web Services Region.

You can't create an encrypted read replica from an unencrypted DB instance.

This setting doesn't apply to RDS Custom, which uses the same KMS key as the primary replica.

", - "CreateDBInstanceReadReplicaMessage$PreSignedUrl": "

When you are creating a read replica from one Amazon Web Services GovCloud (US) Region to another or from one China Amazon Web Services Region to another, the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API operation in the source Amazon Web Services Region that contains the source DB instance.

This setting applies only to Amazon Web Services GovCloud (US) Regions and China Amazon Web Services Regions. It's ignored in other Amazon Web Services Regions.

You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.

The presigned URL must be a valid request for the CreateDBInstanceReadReplica API operation that can run in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

SourceRegion isn't supported for SQL Server, because Amazon RDS for SQL Server doesn't support cross-Region read replicas.

This setting doesn't apply to RDS Custom.

", + "CreateDBInstanceReadReplicaMessage$PreSignedUrl": "

The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica API action in the source Amazon Web Services Region that contains the source DB instance.

You must specify this parameter when you create an encrypted read replica from another Amazon Web Services Region by using the Amazon RDS API. Don't specify PreSignedUrl when you are creating an encrypted read replica in the same Amazon Web Services Region.

The presigned URL must be a valid request for the CreateDBInstanceReadReplica API action that can be executed in the source Amazon Web Services Region that contains the encrypted source DB instance. The presigned URL request must contain the following parameter values:

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can be executed in the source Amazon Web Services Region.

SourceRegion isn't supported for SQL Server, because SQL Server on Amazon RDS doesn't support cross-Region read replicas.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$PerformanceInsightsKMSKeyId": "

The Amazon Web Services KMS key identifier for encryption of Performance Insights data.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$Domain": "

The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.

For more information, see Kerberos Authentication in the Amazon RDS User Guide.

This setting doesn't apply to RDS Custom.

", "CreateDBInstanceReadReplicaMessage$DomainIAMRoleName": "

Specify the name of the IAM role to be used when making API calls to the Directory Service.

This setting doesn't apply to RDS Custom.

", @@ -3828,7 +3828,7 @@ "CreateGlobalClusterMessage$SourceDBClusterIdentifier": "

The Amazon Resource Name (ARN) to use as the primary cluster of the global database. This parameter is optional.

", "CreateGlobalClusterMessage$Engine": "

The name of the database engine to be used for this DB cluster.

", "CreateGlobalClusterMessage$EngineVersion": "

The engine version of the Aurora global database.

", - "CreateGlobalClusterMessage$DatabaseName": "

The name for your database of up to 64 alphanumeric characters. If you do not provide a name, Amazon Aurora will not create a database in the global database cluster you are creating.

", + "CreateGlobalClusterMessage$DatabaseName": "

The name for your database of up to 64 alpha-numeric characters. If you do not provide a name, Amazon Aurora will not create a database in the global database cluster you are creating.

", "CreateOptionGroupMessage$OptionGroupName": "

Specifies the name of the option group to be created.

Constraints:

Example: myoptiongroup

", "CreateOptionGroupMessage$EngineName": "

Specifies the name of the engine that this option group should be associated with.

Valid Values:

", "CreateOptionGroupMessage$MajorEngineVersion": "

Specifies the major version of the engine that this option group should be associated with.

", @@ -4258,11 +4258,11 @@ "ModifyDBClusterMessage$PerformanceInsightsKMSKeyId": "

The Amazon Web Services KMS key identifier for encryption of Performance Insights data.

The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.

If you don't specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.

Valid for: Multi-AZ DB clusters only

", "ModifyDBClusterParameterGroupMessage$DBClusterParameterGroupName": "

The name of the DB cluster parameter group to modify.

", "ModifyDBClusterSnapshotAttributeMessage$DBClusterSnapshotIdentifier": "

The identifier for the DB cluster snapshot to modify the attributes for.

", - "ModifyDBClusterSnapshotAttributeMessage$AttributeName": "

The name of the DB cluster snapshot attribute to modify.

To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB cluster snapshot, set this value to restore.

To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes API operation.

", + "ModifyDBClusterSnapshotAttributeMessage$AttributeName": "

The name of the DB cluster snapshot attribute to modify.

To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB cluster snapshot, set this value to restore.

To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes API action.

", "ModifyDBInstanceMessage$DBInstanceIdentifier": "

The DB instance identifier. This value is stored as a lowercase string.

Constraints:

", - "ModifyDBInstanceMessage$DBInstanceClass": "

The new compute and memory capacity of the DB instance, for example db.m5.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB instance classes in the Amazon RDS User Guide or Aurora DB instance classes in the Amazon Aurora User Guide.

If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless ApplyImmediately is enabled for this request.

This setting doesn't apply to RDS Custom for Oracle.

Default: Uses existing setting

", + "ModifyDBInstanceMessage$DBInstanceClass": "

The new compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.

If you modify the DB instance class, an outage occurs during the change. The change is applied during the next maintenance window, unless ApplyImmediately is enabled for this request.

This setting doesn't apply to RDS Custom for Oracle.

Default: Uses existing setting

", "ModifyDBInstanceMessage$DBSubnetGroupName": "

The new DB subnet group for the DB instance. You can use this parameter to move your DB instance to a different VPC. If your DB instance isn't in a VPC, you can also use this parameter to move your DB instance into a VPC. For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.

Changing the subnet group causes an outage during the change. The change is applied during the next maintenance window, unless you enable ApplyImmediately.

This parameter doesn't apply to RDS Custom.

Constraints: If supplied, must match the name of an existing DBSubnetGroup.

Example: mydbsubnetgroup

", - "ModifyDBInstanceMessage$MasterUserPassword": "

The new password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".

Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.

Default: Uses existing setting

MariaDB

Constraints: Must contain from 8 to 41 characters.

Microsoft SQL Server

Constraints: Must contain from 8 to 128 characters.

MySQL

Constraints: Must contain from 8 to 41 characters.

Oracle

Constraints: Must contain from 8 to 30 characters.

PostgreSQL

Constraints: Must contain from 8 to 128 characters.

Amazon RDS API operations never return the password, so this action provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.

", + "ModifyDBInstanceMessage$MasterUserPassword": "

The new password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".

Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. Between the time of the request and the completion of the request, the MasterUserPassword element exists in the PendingModifiedValues element of the operation response.

This setting doesn't apply to RDS Custom.

Amazon Aurora

Not applicable. The password for the master user is managed by the DB cluster. For more information, see ModifyDBCluster.

Default: Uses existing setting

MariaDB

Constraints: Must contain from 8 to 41 characters.

Microsoft SQL Server

Constraints: Must contain from 8 to 128 characters.

MySQL

Constraints: Must contain from 8 to 41 characters.

Oracle

Constraints: Must contain from 8 to 30 characters.

PostgreSQL

Constraints: Must contain from 8 to 128 characters.

Amazon RDS API actions never return the password, so this action provides a way to regain access to a primary instance user if the password is lost. This includes restoring privileges that might have been accidentally revoked.

", "ModifyDBInstanceMessage$DBParameterGroupName": "

The name of the DB parameter group to apply to the DB instance.

Changing this setting doesn't result in an outage. The parameter group name itself is changed immediately, but the actual parameter changes are not applied until you reboot the instance without failover. In this case, the DB instance isn't rebooted automatically, and the parameter changes aren't applied during the next maintenance window. However, if you modify dynamic parameters in the newly associated DB parameter group, these changes are applied immediately without a reboot.

This setting doesn't apply to RDS Custom.

Default: Uses existing setting

Constraints: The DB parameter group must be in the same DB parameter group family as the DB instance.

", "ModifyDBInstanceMessage$PreferredBackupWindow": "

The daily time range during which automated backups are created if automated backups are enabled, as determined by the BackupRetentionPeriod parameter. Changing this parameter doesn't result in an outage and the change is asynchronously applied as soon as possible. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.

Amazon Aurora

Not applicable. The daily time range for creating automated backups is managed by the DB cluster. For more information, see ModifyDBCluster.

Constraints:

", "ModifyDBInstanceMessage$PreferredMaintenanceWindow": "

The weekly time range (in UTC) during which system maintenance can occur, which might result in an outage. Changing this parameter doesn't result in an outage, except in the following situation, and the change is asynchronously applied as soon as possible. If there are pending actions that cause a reboot, and the maintenance window is changed to include the current time, then changing this parameter will cause a reboot of the DB instance. If moving this window to the current time, there must be at least 30 minutes between the current time and end of the window to ensure pending changes are applied.

For more information, see Amazon RDS Maintenance Window in the Amazon RDS User Guide.

Default: Uses existing setting

Format: ddd:hh24:mi-ddd:hh24:mi

Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun

Constraints: Must be at least 30 minutes

", @@ -4283,11 +4283,11 @@ "ModifyDBProxyRequest$DBProxyName": "

The identifier for the DBProxy to modify.

", "ModifyDBProxyRequest$NewDBProxyName": "

The new identifier for the DBProxy. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

", "ModifyDBProxyRequest$RoleArn": "

The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in Amazon Web Services Secrets Manager.

", - "ModifyDBProxyTargetGroupRequest$TargetGroupName": "

The name of the target group to modify.

", - "ModifyDBProxyTargetGroupRequest$DBProxyName": "

The name of the proxy.

", + "ModifyDBProxyTargetGroupRequest$TargetGroupName": "

The name of the new target group to assign to the proxy.

", + "ModifyDBProxyTargetGroupRequest$DBProxyName": "

The name of the new proxy to which to assign the target group.

", "ModifyDBProxyTargetGroupRequest$NewName": "

The new name for the modified DBProxyTarget. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.

", "ModifyDBSnapshotAttributeMessage$DBSnapshotIdentifier": "

The identifier for the DB snapshot to modify the attributes for.

", - "ModifyDBSnapshotAttributeMessage$AttributeName": "

The name of the DB snapshot attribute to modify.

To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB snapshot, set this value to restore.

To view the list of attributes available to modify, use the DescribeDBSnapshotAttributes API operation.

", + "ModifyDBSnapshotAttributeMessage$AttributeName": "

The name of the DB snapshot attribute to modify.

To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB snapshot, set this value to restore.

To view the list of attributes available to modify, use the DescribeDBSnapshotAttributes API action.

", "ModifyDBSnapshotMessage$DBSnapshotIdentifier": "

The identifier of the DB snapshot to modify.

", "ModifyDBSnapshotMessage$EngineVersion": "

The engine version to upgrade the DB snapshot to.

The following are the database engines and engine versions that are available when you upgrade a DB snapshot.

MySQL

Oracle

PostgreSQL

For the list of engine versions that are available for upgrading a DB snapshot, see Upgrading the PostgreSQL DB Engine for Amazon RDS.

", "ModifyDBSnapshotMessage$OptionGroupName": "

The option group to identify with the upgraded DB snapshot.

You can specify this parameter when you upgrade an Oracle DB snapshot. The same option group considerations apply when upgrading a DB snapshot as when upgrading a DB instance. For more information, see Option group considerations in the Amazon RDS User Guide.

", @@ -4415,8 +4415,8 @@ "RestoreDBClusterFromS3Message$DBClusterIdentifier": "

The name of the DB cluster to create from the source data in the Amazon S3 bucket. This parameter isn't case-sensitive.

Constraints:

Example: my-cluster1

", "RestoreDBClusterFromS3Message$DBClusterParameterGroupName": "

The name of the DB cluster parameter group to associate with the restored DB cluster. If this argument is omitted, default.aurora5.6 is used.

Constraints:

", "RestoreDBClusterFromS3Message$DBSubnetGroupName": "

A DB subnet group to associate with the restored DB cluster.

Constraints: If supplied, must match the name of an existing DBSubnetGroup.

Example: mydbsubnetgroup

", - "RestoreDBClusterFromS3Message$Engine": "

The name of the database engine to be used for this DB cluster.

Valid Values: aurora (for MySQL 5.6-compatible Aurora) and aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)

", - "RestoreDBClusterFromS3Message$EngineVersion": "

The version number of the database engine to use.

To list all of the available engine versions for aurora (for MySQL 5.6-compatible Aurora), use the following command:

aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"

To list all of the available engine versions for aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:

aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"

Aurora MySQL

Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0

", + "RestoreDBClusterFromS3Message$Engine": "

The name of the database engine to be used for this DB cluster.

Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), and aurora-postgresql

", + "RestoreDBClusterFromS3Message$EngineVersion": "

The version number of the database engine to use.

To list all of the available engine versions for aurora (for MySQL 5.6-compatible Aurora), use the following command:

aws rds describe-db-engine-versions --engine aurora --query \"DBEngineVersions[].EngineVersion\"

To list all of the available engine versions for aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), use the following command:

aws rds describe-db-engine-versions --engine aurora-mysql --query \"DBEngineVersions[].EngineVersion\"

To list all of the available engine versions for aurora-postgresql, use the following command:

aws rds describe-db-engine-versions --engine aurora-postgresql --query \"DBEngineVersions[].EngineVersion\"

Aurora MySQL

Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.12, 5.7.mysql_aurora.2.04.5, 8.0.mysql_aurora.3.01.0

Aurora PostgreSQL

Example: 9.6.3, 10.7

", "RestoreDBClusterFromS3Message$MasterUsername": "

The name of the master user for the restored DB cluster.

Constraints:

", "RestoreDBClusterFromS3Message$MasterUserPassword": "

The password for the master database user. This password can contain any printable ASCII character except \"/\", \"\"\", or \"@\".

Constraints: Must contain from 8 to 41 characters.

", "RestoreDBClusterFromS3Message$OptionGroupName": "

A value that indicates that the restored DB cluster should be associated with the specified option group.

Permanent options can't be removed from an option group. An option group can't be removed from a DB cluster once it is associated with a DB cluster.

", @@ -4537,7 +4537,7 @@ "StartDBClusterMessage$DBClusterIdentifier": "

The DB cluster identifier of the Amazon Aurora DB cluster to be started. This parameter is stored as a lowercase string.

", "StartDBInstanceAutomatedBackupsReplicationMessage$SourceDBInstanceArn": "

The Amazon Resource Name (ARN) of the source DB instance for the replicated automated backups, for example, arn:aws:rds:us-west-2:123456789012:db:mydatabase.

", "StartDBInstanceAutomatedBackupsReplicationMessage$KmsKeyId": "

The Amazon Web Services KMS key identifier for encryption of the replicated automated backups. The KMS key ID is the Amazon Resource Name (ARN) for the KMS encryption key in the destination Amazon Web Services Region, for example, arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE.

", - "StartDBInstanceAutomatedBackupsReplicationMessage$PreSignedUrl": "

In an Amazon Web Services GovCloud (US) Region, an URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication operation to call in the Amazon Web Services Region of the source DB instance. The presigned URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication API operation that can run in the Amazon Web Services Region that contains the source DB instance.

This setting applies only to Amazon Web Services GovCloud (US) Regions. It's ignored in other Amazon Web Services Regions.

To learn how to generate a Signature Version 4 signed request, see Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) and Signature Version 4 Signing Process.

If you are using an Amazon Web Services SDK tool or the CLI, you can specify SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl manually. Specifying SourceRegion autogenerates a presigned URL that is a valid request for the operation that can run in the source Amazon Web Services Region.

", + "StartDBInstanceAutomatedBackupsReplicationMessage$PreSignedUrl": "

A URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication action to be called in the Amazon Web Services Region of the source DB instance. The presigned URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication API action that can be executed in the Amazon Web Services Region that contains the source DB instance.

", "StartDBInstanceMessage$DBInstanceIdentifier": "

The user-supplied instance identifier.

", "StartExportTaskMessage$ExportTaskIdentifier": "

A unique identifier for the snapshot export task. This ID isn't an identifier for the Amazon S3 bucket where the snapshot is to be exported to.

", "StartExportTaskMessage$SourceArn": "

The Amazon Resource Name (ARN) of the snapshot to export to Amazon S3.

", @@ -4572,7 +4572,7 @@ "ValidStorageOptions$StorageType": "

The valid storage types for your DB instance. For example, gp2, io1.

", "VpcSecurityGroupIdList$member": null, "VpcSecurityGroupMembership$VpcSecurityGroupId": "

The name of the VPC security group.

", - "VpcSecurityGroupMembership$Status": "

The membership status of the VPC security group.

Currently, the only valid status is active.

" + "VpcSecurityGroupMembership$Status": "

The status of the VPC security group.

" } }, "String255": { diff --git a/models/apis/rds/2014-10-31/waiters-2.json b/models/apis/rds/2014-10-31/waiters-2.json index 1510d1fc8a4..127e4467328 100644 --- a/models/apis/rds/2014-10-31/waiters-2.json +++ b/models/apis/rds/2014-10-31/waiters-2.json @@ -255,6 +255,91 @@ "argument": "DBClusterSnapshots[].Status" } ] + }, + "DBClusterAvailable" : { + "delay": 30, + "operation": "DescribeDBClusters", + "maxAttempts": 60, + "acceptors": [ + { + "expected": "available", + "matcher": "pathAll", + "state": "success", + "argument": "DBClusters[].Status" + }, + { + "expected": "deleted", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "deleting", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "failed", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "incompatible-restore", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "incompatible-parameters", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + } + ] + }, + "DBClusterDeleted": { + "delay": 30, + "operation": "DescribeDBClusters", + "maxAttempts": 60, + "acceptors": [ + { + "expected": true, + "matcher": "path", + "state": "success", + "argument": "length(DBClusters) == `0`" + }, + { + "expected": "DBClusterNotFoundFault", + "matcher": "error", + "state": "success" + }, + { + "expected": "creating", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "modifying", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "rebooting", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + }, + { + "expected": "resetting-master-credentials", + "matcher": "pathAny", + "state": "failure", + "argument": "DBClusters[].Status" + } + ] } } } diff --git a/models/apis/rolesanywhere/2018-05-10/api-2.json b/models/apis/rolesanywhere/2018-05-10/api-2.json new file mode 100644 index 00000000000..0e2414e2381 --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/api-2.json @@ -0,0 +1,973 @@ +{ + "version":"2.0", + "metadata":{ + "apiVersion":"2018-05-10", + "endpointPrefix":"rolesanywhere", + "jsonVersion":"1.1", + "protocol":"rest-json", + "serviceFullName":"IAM Roles Anywhere", + "serviceId":"RolesAnywhere", + "signatureVersion":"v4", + "signingName":"rolesanywhere", + "uid":"rolesanywhere-2018-05-10" + }, + "operations":{ + "CreateProfile":{ + "name":"CreateProfile", + "http":{ + "method":"POST", + "requestUri":"/profiles", + "responseCode":201 + }, + "input":{"shape":"CreateProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "CreateTrustAnchor":{ + "name":"CreateTrustAnchor", + "http":{ + "method":"POST", + "requestUri":"/trustanchors", + "responseCode":201 + }, + "input":{"shape":"CreateTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "DeleteCrl":{ + "name":"DeleteCrl", + "http":{ + "method":"DELETE", + "requestUri":"/crl/{crlId}", + "responseCode":200 + }, + "input":{"shape":"ScalarCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "idempotent":true + }, + "DeleteProfile":{ + "name":"DeleteProfile", + "http":{ + "method":"DELETE", + "requestUri":"/profile/{profileId}", + "responseCode":200 + }, + "input":{"shape":"ScalarProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "idempotent":true + }, + "DeleteTrustAnchor":{ + "name":"DeleteTrustAnchor", + "http":{ + "method":"DELETE", + "requestUri":"/trustanchor/{trustAnchorId}", + "responseCode":200 + }, + "input":{"shape":"ScalarTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "idempotent":true + }, + "DisableCrl":{ + "name":"DisableCrl", + "http":{ + "method":"POST", + "requestUri":"/crl/{crlId}/disable", + "responseCode":200 + }, + "input":{"shape":"ScalarCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "DisableProfile":{ + "name":"DisableProfile", + "http":{ + "method":"POST", + "requestUri":"/profile/{profileId}/disable", + "responseCode":200 + }, + "input":{"shape":"ScalarProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "DisableTrustAnchor":{ + "name":"DisableTrustAnchor", + "http":{ + "method":"POST", + "requestUri":"/trustanchor/{trustAnchorId}/disable", + "responseCode":200 + }, + "input":{"shape":"ScalarTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "EnableCrl":{ + "name":"EnableCrl", + "http":{ + "method":"POST", + "requestUri":"/crl/{crlId}/enable", + "responseCode":200 + }, + "input":{"shape":"ScalarCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "EnableProfile":{ + "name":"EnableProfile", + "http":{ + "method":"POST", + "requestUri":"/profile/{profileId}/enable", + "responseCode":200 + }, + "input":{"shape":"ScalarProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "EnableTrustAnchor":{ + "name":"EnableTrustAnchor", + "http":{ + "method":"POST", + "requestUri":"/trustanchor/{trustAnchorId}/enable", + "responseCode":200 + }, + "input":{"shape":"ScalarTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "GetCrl":{ + "name":"GetCrl", + "http":{ + "method":"GET", + "requestUri":"/crl/{crlId}", + "responseCode":200 + }, + "input":{"shape":"ScalarCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"} + ] + }, + "GetProfile":{ + "name":"GetProfile", + "http":{ + "method":"GET", + "requestUri":"/profile/{profileId}", + "responseCode":200 + }, + "input":{"shape":"ScalarProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "GetSubject":{ + "name":"GetSubject", + "http":{ + "method":"GET", + "requestUri":"/subject/{subjectId}", + "responseCode":200 + }, + "input":{"shape":"ScalarSubjectRequest"}, + "output":{"shape":"SubjectDetailResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "GetTrustAnchor":{ + "name":"GetTrustAnchor", + "http":{ + "method":"GET", + "requestUri":"/trustanchor/{trustAnchorId}", + "responseCode":200 + }, + "input":{"shape":"ScalarTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ImportCrl":{ + "name":"ImportCrl", + "http":{ + "method":"POST", + "requestUri":"/crls", + "responseCode":201 + }, + "input":{"shape":"ImportCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ListCrls":{ + "name":"ListCrls", + "http":{ + "method":"GET", + "requestUri":"/crls", + "responseCode":200 + }, + "input":{"shape":"ListRequest"}, + "output":{"shape":"ListCrlsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ListProfiles":{ + "name":"ListProfiles", + "http":{ + "method":"GET", + "requestUri":"/profiles", + "responseCode":200 + }, + "input":{"shape":"ListRequest"}, + "output":{"shape":"ListProfilesResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ListSubjects":{ + "name":"ListSubjects", + "http":{ + "method":"GET", + "requestUri":"/subjects", + "responseCode":200 + }, + "input":{"shape":"ListRequest"}, + "output":{"shape":"ListSubjectsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ListTagsForResource":{ + "name":"ListTagsForResource", + "http":{ + "method":"GET", + "requestUri":"/ListTagsForResource", + "responseCode":200 + }, + "input":{"shape":"ListTagsForResourceRequest"}, + "output":{"shape":"ListTagsForResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "ListTrustAnchors":{ + "name":"ListTrustAnchors", + "http":{ + "method":"GET", + "requestUri":"/trustanchors", + "responseCode":200 + }, + "input":{"shape":"ListRequest"}, + "output":{"shape":"ListTrustAnchorsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"} + ] + }, + "TagResource":{ + "name":"TagResource", + "http":{ + "method":"POST", + "requestUri":"/TagResource", + "responseCode":201 + }, + "input":{"shape":"TagResourceRequest"}, + "output":{"shape":"TagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"TooManyTagsException"} + ] + }, + "UntagResource":{ + "name":"UntagResource", + "http":{ + "method":"POST", + "requestUri":"/UntagResource", + "responseCode":200 + }, + "input":{"shape":"UntagResourceRequest"}, + "output":{"shape":"UntagResourceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "UpdateCrl":{ + "name":"UpdateCrl", + "http":{ + "method":"PATCH", + "requestUri":"/crl/{crlId}", + "responseCode":200 + }, + "input":{"shape":"UpdateCrlRequest"}, + "output":{"shape":"CrlDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ] + }, + "UpdateProfile":{ + "name":"UpdateProfile", + "http":{ + "method":"PATCH", + "requestUri":"/profile/{profileId}", + "responseCode":200 + }, + "input":{"shape":"UpdateProfileRequest"}, + "output":{"shape":"ProfileDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "idempotent":true + }, + "UpdateTrustAnchor":{ + "name":"UpdateTrustAnchor", + "http":{ + "method":"PATCH", + "requestUri":"/trustanchor/{trustAnchorId}", + "responseCode":200 + }, + "input":{"shape":"UpdateTrustAnchorRequest"}, + "output":{"shape":"TrustAnchorDetailResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"} + ], + "idempotent":true + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "AmazonResourceName":{ + "type":"string", + "max":1011, + "min":1 + }, + "Blob":{"type":"blob"}, + "Boolean":{ + "type":"boolean", + "box":true + }, + "CreateProfileRequest":{ + "type":"structure", + "required":[ + "name", + "roleArns" + ], + "members":{ + "durationSeconds":{"shape":"CreateProfileRequestDurationSecondsInteger"}, + "enabled":{"shape":"Boolean"}, + "managedPolicyArns":{"shape":"ManagedPolicyList"}, + "name":{"shape":"ResourceName"}, + "requireInstanceProperties":{"shape":"Boolean"}, + "roleArns":{"shape":"RoleArnList"}, + "sessionPolicy":{"shape":"String"}, + "tags":{"shape":"TagList"} + } + }, + "CreateProfileRequestDurationSecondsInteger":{ + "type":"integer", + "box":true, + "max":43200, + "min":900 + }, + "CreateTrustAnchorRequest":{ + "type":"structure", + "required":[ + "name", + "source" + ], + "members":{ + "enabled":{"shape":"Boolean"}, + "name":{"shape":"ResourceName"}, + "source":{"shape":"Source"}, + "tags":{"shape":"TagList"} + } + }, + "CredentialSummaries":{ + "type":"list", + "member":{"shape":"CredentialSummary"} + }, + "CredentialSummary":{ + "type":"structure", + "members":{ + "enabled":{"shape":"Boolean"}, + "failed":{"shape":"Boolean"}, + "issuer":{"shape":"String"}, + "seenAt":{"shape":"SyntheticTimestamp_date_time"}, + "serialNumber":{"shape":"String"}, + "x509CertificateData":{"shape":"String"} + } + }, + "CrlDetail":{ + "type":"structure", + "members":{ + "createdAt":{"shape":"SyntheticTimestamp_date_time"}, + "crlArn":{"shape":"String"}, + "crlData":{"shape":"Blob"}, + "crlId":{"shape":"Uuid"}, + "enabled":{"shape":"Boolean"}, + "name":{"shape":"String"}, + "trustAnchorArn":{"shape":"String"}, + "updatedAt":{"shape":"SyntheticTimestamp_date_time"} + } + }, + "CrlDetailResponse":{ + "type":"structure", + "required":["crl"], + "members":{ + "crl":{"shape":"CrlDetail"} + } + }, + "CrlDetails":{ + "type":"list", + "member":{"shape":"CrlDetail"} + }, + "ImportCrlRequest":{ + "type":"structure", + "required":[ + "crlData", + "name", + "trustAnchorArn" + ], + "members":{ + "crlData":{"shape":"ImportCrlRequestCrlDataBlob"}, + "enabled":{"shape":"Boolean"}, + "name":{"shape":"ResourceName"}, + "tags":{"shape":"TagList"}, + "trustAnchorArn":{"shape":"TrustAnchorArn"} + } + }, + "ImportCrlRequestCrlDataBlob":{ + "type":"blob", + "max":300000, + "min":1 + }, + "InstanceProperties":{ + "type":"list", + "member":{"shape":"InstanceProperty"} + }, + "InstanceProperty":{ + "type":"structure", + "members":{ + "failed":{"shape":"Boolean"}, + "properties":{"shape":"InstancePropertyMap"}, + "seenAt":{"shape":"SyntheticTimestamp_date_time"} + } + }, + "InstancePropertyMap":{ + "type":"map", + "key":{"shape":"InstancePropertyMapKeyString"}, + "value":{"shape":"InstancePropertyMapValueString"}, + "max":50, + "min":0 + }, + "InstancePropertyMapKeyString":{ + "type":"string", + "max":200, + "min":1 + }, + "InstancePropertyMapValueString":{ + "type":"string", + "max":200, + "min":1 + }, + "Integer":{ + "type":"integer", + "box":true + }, + "ListCrlsResponse":{ + "type":"structure", + "members":{ + "crls":{"shape":"CrlDetails"}, + "nextToken":{"shape":"String"} + } + }, + "ListProfilesResponse":{ + "type":"structure", + "members":{ + "nextToken":{"shape":"String"}, + "profiles":{"shape":"ProfileDetails"} + } + }, + "ListRequest":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"ListRequestNextTokenString", + "location":"querystring", + "locationName":"nextToken" + }, + "pageSize":{ + "shape":"Integer", + "location":"querystring", + "locationName":"pageSize" + } + } + }, + "ListRequestNextTokenString":{ + "type":"string", + "max":10000, + "min":1 + }, + "ListSubjectsResponse":{ + "type":"structure", + "members":{ + "nextToken":{"shape":"String"}, + "subjects":{"shape":"SubjectSummaries"} + } + }, + "ListTagsForResourceRequest":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"AmazonResourceName", + "location":"querystring", + "locationName":"resourceArn" + } + } + }, + "ListTagsForResourceResponse":{ + "type":"structure", + "members":{ + "tags":{"shape":"TagList"} + } + }, + "ListTrustAnchorsResponse":{ + "type":"structure", + "members":{ + "nextToken":{"shape":"String"}, + "trustAnchors":{"shape":"TrustAnchorDetails"} + } + }, + "ManagedPolicyList":{ + "type":"list", + "member":{"shape":"ManagedPolicyListMemberString"}, + "max":50, + "min":0 + }, + "ManagedPolicyListMemberString":{ + "type":"string", + "max":200, + "min":1 + }, + "ProfileArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"^arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:profile.*)$" + }, + "ProfileDetail":{ + "type":"structure", + "members":{ + "createdAt":{"shape":"SyntheticTimestamp_date_time"}, + "createdBy":{"shape":"String"}, + "durationSeconds":{"shape":"Integer"}, + "enabled":{"shape":"Boolean"}, + "managedPolicyArns":{"shape":"ManagedPolicyList"}, + "name":{"shape":"ResourceName"}, + "profileArn":{"shape":"ProfileArn"}, + "profileId":{"shape":"Uuid"}, + "requireInstanceProperties":{"shape":"Boolean"}, + "roleArns":{"shape":"RoleArnList"}, + "sessionPolicy":{"shape":"String"}, + "updatedAt":{"shape":"SyntheticTimestamp_date_time"} + } + }, + "ProfileDetailResponse":{ + "type":"structure", + "members":{ + "profile":{"shape":"ProfileDetail"} + } + }, + "ProfileDetails":{ + "type":"list", + "member":{"shape":"ProfileDetail"} + }, + "ResourceName":{ + "type":"string", + "max":255, + "min":1, + "pattern":"^[ a-zA-Z0-9-_]*$" + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "RoleArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"^arn:aws(-[^:]+)?:iam(:.*){2}(:role.*)$" + }, + "RoleArnList":{ + "type":"list", + "member":{"shape":"RoleArn"}, + "max":50, + "min":0 + }, + "ScalarCrlRequest":{ + "type":"structure", + "required":["crlId"], + "members":{ + "crlId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"crlId" + } + } + }, + "ScalarProfileRequest":{ + "type":"structure", + "required":["profileId"], + "members":{ + "profileId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"profileId" + } + } + }, + "ScalarSubjectRequest":{ + "type":"structure", + "required":["subjectId"], + "members":{ + "subjectId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"subjectId" + } + } + }, + "ScalarTrustAnchorRequest":{ + "type":"structure", + "required":["trustAnchorId"], + "members":{ + "trustAnchorId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"trustAnchorId" + } + } + }, + "Source":{ + "type":"structure", + "members":{ + "sourceData":{"shape":"SourceData"}, + "sourceType":{"shape":"TrustAnchorType"} + } + }, + "SourceData":{ + "type":"structure", + "members":{ + "acmPcaArn":{"shape":"String"}, + "x509CertificateData":{"shape":"String"} + }, + "union":true + }, + "String":{"type":"string"}, + "SubjectDetail":{ + "type":"structure", + "members":{ + "createdAt":{"shape":"SyntheticTimestamp_date_time"}, + "credentials":{"shape":"CredentialSummaries"}, + "enabled":{"shape":"Boolean"}, + "instanceProperties":{"shape":"InstanceProperties"}, + "lastSeenAt":{"shape":"SyntheticTimestamp_date_time"}, + "subjectArn":{"shape":"String"}, + "subjectId":{"shape":"Uuid"}, + "updatedAt":{"shape":"SyntheticTimestamp_date_time"}, + "x509Subject":{"shape":"String"} + } + }, + "SubjectDetailResponse":{ + "type":"structure", + "members":{ + "subject":{"shape":"SubjectDetail"} + } + }, + "SubjectSummaries":{ + "type":"list", + "member":{"shape":"SubjectSummary"} + }, + "SubjectSummary":{ + "type":"structure", + "members":{ + "createdAt":{"shape":"SyntheticTimestamp_date_time"}, + "enabled":{"shape":"Boolean"}, + "lastSeenAt":{"shape":"SyntheticTimestamp_date_time"}, + "subjectArn":{"shape":"String"}, + "subjectId":{"shape":"Uuid"}, + "updatedAt":{"shape":"SyntheticTimestamp_date_time"}, + "x509Subject":{"shape":"String"} + } + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "Tag":{ + "type":"structure", + "required":[ + "key", + "value" + ], + "members":{ + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"} + } + }, + "TagKey":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[ a-zA-Z0-9_.:/=+@-]*$", + "sensitive":true + }, + "TagKeyList":{ + "type":"list", + "member":{"shape":"TagKey"}, + "max":50, + "min":0 + }, + "TagList":{ + "type":"list", + "member":{"shape":"Tag"}, + "max":50, + "min":0 + }, + "TagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tags" + ], + "members":{ + "resourceArn":{"shape":"AmazonResourceName"}, + "tags":{"shape":"TagList"} + } + }, + "TagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "TagValue":{ + "type":"string", + "max":256, + "min":0, + "pattern":"^[ a-zA-Z0-9_.:/=+@-]*$", + "sensitive":true + }, + "TooManyTagsException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "TrustAnchorArn":{ + "type":"string", + "max":1011, + "min":1, + "pattern":"^arn:aws(-[^:]+)?:rolesanywhere(:.*){2}(:trust-anchor.*)$" + }, + "TrustAnchorDetail":{ + "type":"structure", + "members":{ + "createdAt":{"shape":"SyntheticTimestamp_date_time"}, + "enabled":{"shape":"Boolean"}, + "name":{"shape":"ResourceName"}, + "source":{"shape":"Source"}, + "trustAnchorArn":{"shape":"String"}, + "trustAnchorId":{"shape":"Uuid"}, + "updatedAt":{"shape":"SyntheticTimestamp_date_time"} + } + }, + "TrustAnchorDetailResponse":{ + "type":"structure", + "required":["trustAnchor"], + "members":{ + "trustAnchor":{"shape":"TrustAnchorDetail"} + } + }, + "TrustAnchorDetails":{ + "type":"list", + "member":{"shape":"TrustAnchorDetail"} + }, + "TrustAnchorType":{ + "type":"string", + "enum":[ + "AWS_ACM_PCA", + "CERTIFICATE_BUNDLE", + "SELF_SIGNED_REPOSITORY" + ] + }, + "UntagResourceRequest":{ + "type":"structure", + "required":[ + "resourceArn", + "tagKeys" + ], + "members":{ + "resourceArn":{"shape":"AmazonResourceName"}, + "tagKeys":{"shape":"TagKeyList"} + } + }, + "UntagResourceResponse":{ + "type":"structure", + "members":{ + } + }, + "UpdateCrlRequest":{ + "type":"structure", + "required":["crlId"], + "members":{ + "crlData":{"shape":"UpdateCrlRequestCrlDataBlob"}, + "crlId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"crlId" + }, + "name":{"shape":"ResourceName"} + } + }, + "UpdateCrlRequestCrlDataBlob":{ + "type":"blob", + "max":300000, + "min":1 + }, + "UpdateProfileRequest":{ + "type":"structure", + "required":["profileId"], + "members":{ + "durationSeconds":{"shape":"UpdateProfileRequestDurationSecondsInteger"}, + "managedPolicyArns":{"shape":"ManagedPolicyList"}, + "name":{"shape":"ResourceName"}, + "profileId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"profileId" + }, + "roleArns":{"shape":"RoleArnList"}, + "sessionPolicy":{"shape":"UpdateProfileRequestSessionPolicyString"} + } + }, + "UpdateProfileRequestDurationSecondsInteger":{ + "type":"integer", + "box":true, + "max":43200, + "min":900 + }, + "UpdateProfileRequestSessionPolicyString":{ + "type":"string", + "max":100000, + "min":1 + }, + "UpdateTrustAnchorRequest":{ + "type":"structure", + "required":["trustAnchorId"], + "members":{ + "name":{"shape":"ResourceName"}, + "source":{"shape":"Source"}, + "trustAnchorId":{ + "shape":"Uuid", + "location":"uri", + "locationName":"trustAnchorId" + } + } + }, + "Uuid":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[a-f0-9]{8}-([a-z0-9]{4}-){3}[a-z0-9]{12}" + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + } +} diff --git a/models/apis/rolesanywhere/2018-05-10/docs-2.json b/models/apis/rolesanywhere/2018-05-10/docs-2.json new file mode 100644 index 00000000000..dca96bf084f --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/docs-2.json @@ -0,0 +1,526 @@ +{ + "version": "2.0", + "service": "

AWS Identity and Access Management Roles Anywhere provides a secure way for your workloads such as servers, containers, and applications running outside of AWS to obtain Temporary AWS credentials. Your workloads can use the same IAM policies and roles that you have configured with native AWS applications to access AWS resources. Using IAM Roles Anywhere will eliminate the need to manage long term credentials for workloads running outside of AWS.

To use IAM Roles Anywhere customer workloads will need to use X.509 certificates issued by their Certificate Authority (CA) . The Certificate Authority (CA) needs to be registered with IAM Roles Anywhere as a trust anchor to establish trust between customer PKI and IAM Roles Anywhere. Customers who do not manage their own PKI system can use AWS Certificate Manager Private Certificate Authority (ACM PCA) to create a Certificate Authority and use that to establish trust with IAM Roles Anywhere

This guide describes the IAM rolesanywhere operations that you can call programmatically. For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/

", + "operations": { + "CreateProfile": "

Creates a profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can intersect permissions with IAM managed policies.

Required permissions: rolesanywhere:CreateProfile.

", + "CreateTrustAnchor": "

Creates a trust anchor. You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.

Required permissions: rolesanywhere:CreateTrustAnchor.

", + "DeleteCrl": "

Deletes a certificate revocation list (CRL).

Required permissions: rolesanywhere:DeleteCrl.

", + "DeleteProfile": "

Deletes a profile.

Required permissions: rolesanywhere:DeleteProfile.

", + "DeleteTrustAnchor": "

Deletes a trust anchor.

Required permissions: rolesanywhere:DeleteTrustAnchor.

", + "DisableCrl": "

Disables a certificate revocation list (CRL).

Required permissions: rolesanywhere:DisableCrl.

", + "DisableProfile": "

Disables a profile. When disabled, CreateSession requests with this profile fail.

Required permissions: rolesanywhere:DisableProfile.

", + "DisableTrustAnchor": "

Disables a trust anchor. When disabled, CreateSession requests specifying this trust anchor are unauthorized.

Required permissions: rolesanywhere:DisableTrustAnchor.

", + "EnableCrl": "

Enables a certificate revocation list (CRL). When enabled, certificates stored in the CRL are unauthorized to receive session credentials.

Required permissions: rolesanywhere:EnableCrl.

", + "EnableProfile": "

Enables the roles in a profile to receive session credentials in CreateSession.

Required permissions: rolesanywhere:EnableProfile.

", + "EnableTrustAnchor": "

Enables a trust anchor. When enabled, certificates in the trust anchor chain are authorized for trust validation.

Required permissions: rolesanywhere:EnableTrustAnchor.

", + "GetCrl": "

Gets a certificate revocation list (CRL).

Required permissions: rolesanywhere:GetCrl.

", + "GetProfile": "

Gets a profile.

Required permissions: rolesanywhere:GetProfile.

", + "GetSubject": "

Gets a Subject. A Subject associates a certificate identity with authentication attempts by CreateSession. The Subject resources stores audit information such as status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

Required permissions: rolesanywhere:GetSubject.

", + "GetTrustAnchor": "

Gets a trust anchor.

Required permissions: rolesanywhere:GetTrustAnchor.

", + "ImportCrl": "

Imports the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.

Required permissions: rolesanywhere:ImportCrl.

", + "ListCrls": "

Lists all Crls in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListCrls.

", + "ListProfiles": "

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles.

", + "ListSubjects": "

Lists the subjects in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListSubjects.

", + "ListTagsForResource": "

Lists the tags attached to the resource.

Required permissions: rolesanywhere:ListTagsForResource.

", + "ListTrustAnchors": "

Lists the trust anchors in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListTrustAnchors.

", + "TagResource": "

Attaches tags to a resource.

Required permissions: rolesanywhere:TagResource.

", + "UntagResource": "

Removes tags from the resource.

Required permissions: rolesanywhere:UntagResource.

", + "UpdateCrl": "

Updates the certificate revocation list (CRL). CRl is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the crl list before issuing credentials.

Required permissions: rolesanywhere:UpdateCrl.

", + "UpdateProfile": "

Updates the profile. A profile is configuration resource to list the roles that RolesAnywhere service is trusted to assume. In addition, by applying a profile you can scope-down permissions with IAM managed policies.

Required permissions: rolesanywhere:UpdateProfile.

", + "UpdateTrustAnchor": "

Updates the trust anchor.You establish trust between IAM Roles Anywhere and your certificate authority (CA) by configuring a trust anchor. A Trust Anchor is defined either as a reference to a AWS Certificate Manager Private Certificate Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. Your AWS workloads can authenticate with the trust anchor using certificates issued by the trusted Certificate Authority (CA) in exchange for temporary AWS credentials.

Required permissions: rolesanywhere:UpdateTrustAnchor.

" + }, + "shapes": { + "AccessDeniedException": { + "base": "

You do not have sufficient access to perform this action.

", + "refs": { + } + }, + "AmazonResourceName": { + "base": null, + "refs": { + "ListTagsForResourceRequest$resourceArn": "

The ARN of the resource.

", + "TagResourceRequest$resourceArn": "

The ARN of the resource.

", + "UntagResourceRequest$resourceArn": "

The ARN of the resource.

" + } + }, + "Blob": { + "base": null, + "refs": { + "CrlDetail$crlData": "

The state of the certificate revocation list (CRL) after a read or write operation.

" + } + }, + "Boolean": { + "base": null, + "refs": { + "CreateProfileRequest$enabled": "

Specifies whether the profile is enabled.

", + "CreateProfileRequest$requireInstanceProperties": "

Specifies whether instance properties are required in CreateSession requests with this profile.

", + "CreateTrustAnchorRequest$enabled": "

Specifies whether the trust anchor is enabled.

", + "CredentialSummary$enabled": "

Indicates whether the credential is enabled.

", + "CredentialSummary$failed": "

Indicates whether the CreateSession operation was successful.

", + "CrlDetail$enabled": "

Indicates whether the certificate revocation list (CRL) is enabled.

", + "ImportCrlRequest$enabled": "

Specifies whether the certificate revocation list (CRL) is enabled.

", + "InstanceProperty$failed": "

Indicates whether the CreateSession operation was successful.

", + "ProfileDetail$enabled": "

Indicates whether the profile is enabled.

", + "ProfileDetail$requireInstanceProperties": "

Specifies whether instance properties are required in CreateSession requests with this profile.

", + "SubjectDetail$enabled": "

The enabled status of the subject.

", + "SubjectSummary$enabled": "

The enabled status of the Subject.

", + "TrustAnchorDetail$enabled": "

Indicates whether the trust anchor is enabled.

" + } + }, + "CreateProfileRequest": { + "base": null, + "refs": { + } + }, + "CreateProfileRequestDurationSecondsInteger": { + "base": null, + "refs": { + "CreateProfileRequest$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + } + }, + "CreateTrustAnchorRequest": { + "base": null, + "refs": { + } + }, + "CredentialSummaries": { + "base": null, + "refs": { + "SubjectDetail$credentials": "

The temporary session credentials vended at the last authenticating call with this Subject.

" + } + }, + "CredentialSummary": { + "base": "

A record of a presented X509 credential to CreateSession.

", + "refs": { + "CredentialSummaries$member": null + } + }, + "CrlDetail": { + "base": "

The state of the certificate revocation list (CRL) after a read or write operation.

", + "refs": { + "CrlDetailResponse$crl": "

The state of the certificate revocation list (CRL) after a read or write operation.

", + "CrlDetails$member": null + } + }, + "CrlDetailResponse": { + "base": null, + "refs": { + } + }, + "CrlDetails": { + "base": null, + "refs": { + "ListCrlsResponse$crls": "

A list of certificate revocation lists (CRL).

" + } + }, + "ImportCrlRequest": { + "base": null, + "refs": { + } + }, + "ImportCrlRequestCrlDataBlob": { + "base": null, + "refs": { + "ImportCrlRequest$crlData": "

The x509 v3 specified certificate revocation list

" + } + }, + "InstanceProperties": { + "base": null, + "refs": { + "SubjectDetail$instanceProperties": "

The specified instance properties associated with the request.

" + } + }, + "InstanceProperty": { + "base": "

A key-value pair you set that identifies a property of the authenticating instance.

", + "refs": { + "InstanceProperties$member": null + } + }, + "InstancePropertyMap": { + "base": null, + "refs": { + "InstanceProperty$properties": "

A list of instanceProperty objects.

" + } + }, + "InstancePropertyMapKeyString": { + "base": null, + "refs": { + "InstancePropertyMap$key": null + } + }, + "InstancePropertyMapValueString": { + "base": null, + "refs": { + "InstancePropertyMap$value": null + } + }, + "Integer": { + "base": null, + "refs": { + "ListRequest$pageSize": "

The number of resources in the paginated list.

", + "ProfileDetail$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + } + }, + "ListCrlsResponse": { + "base": null, + "refs": { + } + }, + "ListProfilesResponse": { + "base": null, + "refs": { + } + }, + "ListRequest": { + "base": null, + "refs": { + } + }, + "ListRequestNextTokenString": { + "base": null, + "refs": { + "ListRequest$nextToken": "

A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

" + } + }, + "ListSubjectsResponse": { + "base": null, + "refs": { + } + }, + "ListTagsForResourceRequest": { + "base": null, + "refs": { + } + }, + "ListTagsForResourceResponse": { + "base": null, + "refs": { + } + }, + "ListTrustAnchorsResponse": { + "base": null, + "refs": { + } + }, + "ManagedPolicyList": { + "base": null, + "refs": { + "CreateProfileRequest$managedPolicyArns": "

A list of managed policy ARNs that apply to the vended session credentials.

", + "ProfileDetail$managedPolicyArns": "

A list of managed policy ARNs that apply to the vended session credentials.

", + "UpdateProfileRequest$managedPolicyArns": "

A list of managed policy ARNs that apply to the vended session credentials.

" + } + }, + "ManagedPolicyListMemberString": { + "base": null, + "refs": { + "ManagedPolicyList$member": null + } + }, + "ProfileArn": { + "base": null, + "refs": { + "ProfileDetail$profileArn": "

The ARN of the profile.

" + } + }, + "ProfileDetail": { + "base": "

The state of the profile after a read or write operation.

", + "refs": { + "ProfileDetailResponse$profile": "

The state of the profile after a read or write operation.

", + "ProfileDetails$member": null + } + }, + "ProfileDetailResponse": { + "base": null, + "refs": { + } + }, + "ProfileDetails": { + "base": null, + "refs": { + "ListProfilesResponse$profiles": "

A list of profiles.

" + } + }, + "ResourceName": { + "base": null, + "refs": { + "CreateProfileRequest$name": "

The name of the profile.

", + "CreateTrustAnchorRequest$name": "

The name of the trust anchor.

", + "ImportCrlRequest$name": "

The name of the certificate revocation list (CRL).

", + "ProfileDetail$name": "

The name of the profile.

", + "TrustAnchorDetail$name": "

The name of the trust anchor.

", + "UpdateCrlRequest$name": "

The name of the Crl.

", + "UpdateProfileRequest$name": "

The name of the profile.

", + "UpdateTrustAnchorRequest$name": "

The name of the trust anchor.

" + } + }, + "ResourceNotFoundException": { + "base": "

The resource could not be found.

", + "refs": { + } + }, + "RoleArn": { + "base": null, + "refs": { + "RoleArnList$member": null + } + }, + "RoleArnList": { + "base": null, + "refs": { + "CreateProfileRequest$roleArns": "

A list of IAM roles that this profile can assume in a CreateSession operation.

", + "ProfileDetail$roleArns": "

A list of IAM roles that this profile can assume in a CreateSession operation.

", + "UpdateProfileRequest$roleArns": "

A list of IAM roles that this profile can assume in a CreateSession operation.

" + } + }, + "ScalarCrlRequest": { + "base": null, + "refs": { + } + }, + "ScalarProfileRequest": { + "base": null, + "refs": { + } + }, + "ScalarSubjectRequest": { + "base": null, + "refs": { + } + }, + "ScalarTrustAnchorRequest": { + "base": null, + "refs": { + } + }, + "Source": { + "base": "

The trust anchor type and its related certificate data.

", + "refs": { + "CreateTrustAnchorRequest$source": "

The trust anchor type and its related certificate data.

", + "TrustAnchorDetail$source": "

The trust anchor type and its related certificate data.

", + "UpdateTrustAnchorRequest$source": "

The trust anchor type and its related certificate data.

" + } + }, + "SourceData": { + "base": "

The data field of the trust anchor depending on its type.

", + "refs": { + "Source$sourceData": "

The data field of the trust anchor depending on its type.

" + } + }, + "String": { + "base": null, + "refs": { + "AccessDeniedException$message": null, + "CreateProfileRequest$sessionPolicy": "

A session policy that applies to the trust boundary of the vended session credentials.

", + "CredentialSummary$issuer": "

The fully qualified domain name of the issuing certificate for the presented end-entity certificate.

", + "CredentialSummary$serialNumber": "

The serial number of the certificate.

", + "CredentialSummary$x509CertificateData": "

The PEM-encoded data of the certificate.

", + "CrlDetail$crlArn": "

The ARN of the certificate revocation list (CRL).

", + "CrlDetail$name": "

The name of the certificate revocation list (CRL).

", + "CrlDetail$trustAnchorArn": "

The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.

", + "ListCrlsResponse$nextToken": "

A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

", + "ListProfilesResponse$nextToken": "

A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

", + "ListSubjectsResponse$nextToken": "

A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

", + "ListTrustAnchorsResponse$nextToken": "

A token that indicates where the output should continue from, if a previous operation did not show all results. To get the next results, call the operation again with this value.

", + "ProfileDetail$createdBy": "

The Amazon Web Services account that created the profile.

", + "ProfileDetail$sessionPolicy": "

A session policy that applies to the trust boundary of the vended session credentials.

", + "ResourceNotFoundException$message": null, + "SourceData$acmPcaArn": "

The root certificate of the Certificate Manager Private Certificate Authority specified by this ARN is used in trust validation for CreateSession operations. Included for trust anchors of type AWS_ACM_PCA.

", + "SourceData$x509CertificateData": "

The PEM-encoded data for the certificate anchor. Included for trust anchors of type CERTIFICATE_BUNDLE.

", + "SubjectDetail$subjectArn": "

The ARN of the resource.

", + "SubjectDetail$x509Subject": "

The x509 principal identifier of the authenticating certificate.

", + "SubjectSummary$subjectArn": "

The ARN of the resource.

", + "SubjectSummary$x509Subject": "

The x509 principal identifier of the authenticating certificate.

", + "TooManyTagsException$message": null, + "TrustAnchorDetail$trustAnchorArn": "

The ARN of the trust anchor.

", + "ValidationException$message": null + } + }, + "SubjectDetail": { + "base": "

The state of the subject after a read or write operation.

", + "refs": { + "SubjectDetailResponse$subject": "

The state of the subject after a read or write operation.

" + } + }, + "SubjectDetailResponse": { + "base": null, + "refs": { + } + }, + "SubjectSummaries": { + "base": null, + "refs": { + "ListSubjectsResponse$subjects": "

A list of subjects.

" + } + }, + "SubjectSummary": { + "base": "

A summary representation of Subject resources returned in read operations; primarily ListSubjects.

", + "refs": { + "SubjectSummaries$member": null + } + }, + "SyntheticTimestamp_date_time": { + "base": null, + "refs": { + "CredentialSummary$seenAt": "

The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.

", + "CrlDetail$createdAt": "

The ISO-8601 timestamp when the certificate revocation list (CRL) was created.

", + "CrlDetail$updatedAt": "

The ISO-8601 timestamp when the certificate revocation list (CRL) was last updated.

", + "InstanceProperty$seenAt": "

The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.

", + "ProfileDetail$createdAt": "

The ISO-8601 timestamp when the profile was created.

", + "ProfileDetail$updatedAt": "

The ISO-8601 timestamp when the profile was last updated.

", + "SubjectDetail$createdAt": "

The ISO-8601 timestamp when the subject was created.

", + "SubjectDetail$lastSeenAt": "

The ISO-8601 timestamp of the last time this Subject requested temporary session credentials.

", + "SubjectDetail$updatedAt": "

The ISO-8601 timestamp when the subject was last updated.

", + "SubjectSummary$createdAt": "

The ISO-8601 time stamp of when the certificate was first used in a CreateSession operation.

", + "SubjectSummary$lastSeenAt": "

The ISO-8601 time stamp of when the certificate was last used in a CreateSession operation.

", + "SubjectSummary$updatedAt": "

The ISO-8601 timestamp when the subject was last updated.

", + "TrustAnchorDetail$createdAt": "

The ISO-8601 timestamp when the trust anchor was created.

", + "TrustAnchorDetail$updatedAt": "

The ISO-8601 timestamp when the trust anchor was last updated.

" + } + }, + "Tag": { + "base": "

A label that consists of a key and value you define.

", + "refs": { + "TagList$member": null + } + }, + "TagKey": { + "base": null, + "refs": { + "Tag$key": "

The tag key.

", + "TagKeyList$member": null + } + }, + "TagKeyList": { + "base": null, + "refs": { + "UntagResourceRequest$tagKeys": "

A list of keys. Tag keys are the unique identifiers of tags.

" + } + }, + "TagList": { + "base": null, + "refs": { + "CreateProfileRequest$tags": "

The tags to attach to the profile.

", + "CreateTrustAnchorRequest$tags": "

The tags to attach to the trust anchor.

", + "ImportCrlRequest$tags": "

A list of tags to attach to the certificate revocation list (CRL).

", + "ListTagsForResourceResponse$tags": "

A list of tags attached to the resource.

", + "TagResourceRequest$tags": "

The tags to attach to the resource.

" + } + }, + "TagResourceRequest": { + "base": null, + "refs": { + } + }, + "TagResourceResponse": { + "base": null, + "refs": { + } + }, + "TagValue": { + "base": null, + "refs": { + "Tag$value": "

The tag value.

" + } + }, + "TooManyTagsException": { + "base": "

Too many tags.

", + "refs": { + } + }, + "TrustAnchorArn": { + "base": null, + "refs": { + "ImportCrlRequest$trustAnchorArn": "

The ARN of the TrustAnchor the certificate revocation list (CRL) will provide revocation for.

" + } + }, + "TrustAnchorDetail": { + "base": "

The state of the trust anchor after a read or write operation.

", + "refs": { + "TrustAnchorDetailResponse$trustAnchor": "

The state of the trust anchor after a read or write operation.

", + "TrustAnchorDetails$member": null + } + }, + "TrustAnchorDetailResponse": { + "base": null, + "refs": { + } + }, + "TrustAnchorDetails": { + "base": null, + "refs": { + "ListTrustAnchorsResponse$trustAnchors": "

A list of trust anchors.

" + } + }, + "TrustAnchorType": { + "base": null, + "refs": { + "Source$sourceType": "

The type of the trust anchor.

" + } + }, + "UntagResourceRequest": { + "base": null, + "refs": { + } + }, + "UntagResourceResponse": { + "base": null, + "refs": { + } + }, + "UpdateCrlRequest": { + "base": null, + "refs": { + } + }, + "UpdateCrlRequestCrlDataBlob": { + "base": null, + "refs": { + "UpdateCrlRequest$crlData": "

The x509 v3 specified certificate revocation list

" + } + }, + "UpdateProfileRequest": { + "base": null, + "refs": { + } + }, + "UpdateProfileRequestDurationSecondsInteger": { + "base": null, + "refs": { + "UpdateProfileRequest$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + } + }, + "UpdateProfileRequestSessionPolicyString": { + "base": null, + "refs": { + "UpdateProfileRequest$sessionPolicy": "

A session policy that applies to the trust boundary of the vended session credentials.

" + } + }, + "UpdateTrustAnchorRequest": { + "base": null, + "refs": { + } + }, + "Uuid": { + "base": null, + "refs": { + "CrlDetail$crlId": "

The unique identifier of the certificate revocation list (CRL).

", + "ProfileDetail$profileId": "

The unique identifier of the profile.

", + "ScalarCrlRequest$crlId": "

The unique identifier of the certificate revocation list (CRL).

", + "ScalarProfileRequest$profileId": "

The unique identifier of the profile.

", + "ScalarSubjectRequest$subjectId": "

The unique identifier of the subject.

", + "ScalarTrustAnchorRequest$trustAnchorId": "

The unique identifier of the trust anchor.

", + "SubjectDetail$subjectId": "

The id of the resource

", + "SubjectSummary$subjectId": "

The id of the resource.

", + "TrustAnchorDetail$trustAnchorId": "

The unique identifier of the trust anchor.

", + "UpdateCrlRequest$crlId": "

The unique identifier of the certificate revocation list (CRL).

", + "UpdateProfileRequest$profileId": "

The unique identifier of the profile.

", + "UpdateTrustAnchorRequest$trustAnchorId": "

The unique identifier of the trust anchor.

" + } + }, + "ValidationException": { + "base": "

Validation exception error.

", + "refs": { + } + } + } +} diff --git a/models/apis/rolesanywhere/2018-05-10/examples-1.json b/models/apis/rolesanywhere/2018-05-10/examples-1.json new file mode 100644 index 00000000000..0ea7e3b0bbe --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/examples-1.json @@ -0,0 +1,5 @@ +{ + "version": "1.0", + "examples": { + } +} diff --git a/models/apis/rolesanywhere/2018-05-10/paginators-1.json b/models/apis/rolesanywhere/2018-05-10/paginators-1.json new file mode 100644 index 00000000000..97298614bfa --- /dev/null +++ b/models/apis/rolesanywhere/2018-05-10/paginators-1.json @@ -0,0 +1,24 @@ +{ + "pagination": { + "ListCrls": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "crls" + }, + "ListProfiles": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "profiles" + }, + "ListSubjects": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "subjects" + }, + "ListTrustAnchors": { + "input_token": "nextToken", + "output_token": "nextToken", + "result_key": "trustAnchors" + } + } +} diff --git a/models/apis/ssm-incidents/2018-05-10/api-2.json b/models/apis/ssm-incidents/2018-05-10/api-2.json index 398278a3e49..56fe2ad99df 100644 --- a/models/apis/ssm-incidents/2018-05-10/api-2.json +++ b/models/apis/ssm-incidents/2018-05-10/api-2.json @@ -1082,6 +1082,7 @@ "members":{ "dedupeString":{"shape":"DedupeString"}, "impact":{"shape":"Impact"}, + "incidentTags":{"shape":"TagMap"}, "notificationTargets":{"shape":"NotificationTargetSet"}, "summary":{"shape":"IncidentSummary"}, "title":{"shape":"IncidentTitle"} @@ -1653,6 +1654,13 @@ "max":50, "min":1 }, + "TagMapUpdate":{ + "type":"map", + "key":{"shape":"TagKey"}, + "value":{"shape":"TagValue"}, + "max":50, + "min":0 + }, "TagResourceRequest":{ "type":"structure", "required":[ @@ -1881,6 +1889,7 @@ "incidentTemplateImpact":{"shape":"Impact"}, "incidentTemplateNotificationTargets":{"shape":"NotificationTargetSet"}, "incidentTemplateSummary":{"shape":"IncidentSummary"}, + "incidentTemplateTags":{"shape":"TagMapUpdate"}, "incidentTemplateTitle":{"shape":"IncidentTitle"} } }, diff --git a/models/apis/ssm-incidents/2018-05-10/docs-2.json b/models/apis/ssm-incidents/2018-05-10/docs-2.json index f61594688d7..bc4076ac085 100644 --- a/models/apis/ssm-incidents/2018-05-10/docs-2.json +++ b/models/apis/ssm-incidents/2018-05-10/docs-2.json @@ -929,7 +929,8 @@ "base": null, "refs": { "TagKeyList$member": null, - "TagMap$key": null + "TagMap$key": null, + "TagMapUpdate$key": null } }, "TagKeyList": { @@ -942,10 +943,17 @@ "base": null, "refs": { "CreateResponsePlanInput$tags": "

A list of tags that you are adding to the response plan.

", + "IncidentTemplate$incidentTags": "

Tags to apply to an incident when calling the StartIncident API action.

", "ListTagsForResourceResponse$tags": "

A list of tags for the response plan.

", "TagResourceRequest$tags": "

A list of tags that you are adding to the response plan.

" } }, + "TagMapUpdate": { + "base": null, + "refs": { + "UpdateResponsePlanInput$incidentTemplateTags": "

Tags to apply to an incident when calling the StartIncident API action. To call this action, you must also have permission to call the TagResource API action for the incident record resource.

" + } + }, "TagResourceRequest": { "base": null, "refs": { @@ -959,7 +967,8 @@ "TagValue": { "base": null, "refs": { - "TagMap$value": null + "TagMap$value": null, + "TagMapUpdate$value": null } }, "ThrottlingException": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 7c72f601c6c..a656cc4a4e5 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -10136,6 +10136,29 @@ "us-west-2" : { } } }, + "rolesanywhere" : { + "endpoints" : { + "ap-east-1" : { }, + "ap-northeast-1" : { }, + "ap-northeast-2" : { }, + "ap-northeast-3" : { }, + "ap-south-1" : { }, + "ap-southeast-1" : { }, + "ap-southeast-2" : { }, + "ca-central-1" : { }, + "eu-central-1" : { }, + "eu-north-1" : { }, + "eu-west-1" : { }, + "eu-west-2" : { }, + "eu-west-3" : { }, + "me-south-1" : { }, + "sa-east-1" : { }, + "us-east-1" : { }, + "us-east-2" : { }, + "us-west-1" : { }, + "us-west-2" : { } + } + }, "route53" : { "endpoints" : { "aws-global" : { diff --git a/service/configservice/api.go b/service/configservice/api.go index 9becb68e337..3963ac9cee7 100644 --- a/service/configservice/api.go +++ b/service/configservice/api.go @@ -4215,10 +4215,24 @@ func (c *ConfigService) DescribeOrganizationConfigRulesRequest(input *DescribeOr // Returns a list of organization Config rules. // // When you specify the limit and the next token, you receive a paginated response. +// // Limit and next token are not applicable if you specify organization Config // rule names. It is only applicable, when you request all the organization // Config rules. // +// For accounts within an organzation +// +// If you deploy an organizational rule or conformance pack in an organization +// administrator account, and then establish a delegated administrator and deploy +// an organizational rule or conformance pack in the delegated administrator +// account, you won't be able to see the organizational rule or conformance +// pack in the organization administrator account from the delegated administrator +// account or see the organizational rule or conformance pack in the delegated +// administrator account from organization administrator account. The DescribeOrganizationConfigRules +// and DescribeOrganizationConformancePacks APIs can only see and interact with +// the organization-related resource that were deployed from within the account +// calling those APIs. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4578,6 +4592,19 @@ func (c *ConfigService) DescribeOrganizationConformancePacksRequest(input *Descr // packs names. They are only applicable, when you request all the organization // conformance packs. // +// For accounts within an organzation +// +// If you deploy an organizational rule or conformance pack in an organization +// administrator account, and then establish a delegated administrator and deploy +// an organizational rule or conformance pack in the delegated administrator +// account, you won't be able to see the organizational rule or conformance +// pack in the organization administrator account from the delegated administrator +// account or see the organizational rule or conformance pack in the delegated +// administrator account from organization administrator account. The DescribeOrganizationConfigRules +// and DescribeOrganizationConformancePacks APIs can only see and interact with +// the organization-related resource that were deployed from within the account +// calling those APIs. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9652,11 +9679,14 @@ func (c *ConfigService) PutOrganizationConformancePackRequest(input *PutOrganiza // PutOrganizationConformancePack API operation for AWS Config. // // Deploys conformance packs across member accounts in an Amazon Web Services -// Organization. +// Organization. For information on how many organization conformance packs +// and how many Config rules you can have per account, see Service Limits (https://docs.aws.amazon.com/config/latest/developerguide/configlimits.html) +// in the Config Developer Guide. // // Only a master account and a delegated administrator can call this API. When // calling this API with a delegated administrator, you must ensure Organizations -// ListDelegatedAdministrator permissions are added. +// ListDelegatedAdministrator permissions are added. An organization can have +// up to 3 delegated administrators. // // This API enables organization service access for config-multiaccountsetup.amazonaws.com // through the EnableAWSServiceAccess action and creates a service linked role @@ -9677,9 +9707,6 @@ func (c *ConfigService) PutOrganizationConformancePackRequest(input *PutOrganiza // until the conformance pack is created or updated. You cannot update a conformance // pack while it is in this state. // -// You can create 50 conformance packs with 25 Config rules in each pack and -// 3 delegated administrator per organization. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -9861,6 +9888,14 @@ func (c *ConfigService) PutRemediationConfigurationsRequest(input *PutRemediatio // Config Rules such as Organization Config rules, the rules deployed by conformance // packs, and rules deployed by Amazon Web Services Security Hub. // +// For manual remediation configuration, you need to provide a value for automationAssumeRole +// or use a value in the assumeRolefield to remediate your resources. The SSM +// automation document can use either as long as it maps to a valid parameter. +// +// However, for automatic remediation configuration, the only valid assumeRole +// field value is AutomationAssumeRole and you need to provide a value for AutomationAssumeRole +// to remediate your resources. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -12955,8 +12990,7 @@ type ConfigRule struct { // The maximum frequency with which Config runs evaluations for a rule. You // can specify a value for MaximumExecutionFrequency when: // - // * You are using an Config managed rule that is triggered at a periodic - // frequency. + // * This is for an Config managed rule that is triggered at a periodic frequency. // // * Your custom rule is triggered when Config delivers the configuration // snapshot. For more information, see ConfigSnapshotDeliveryProperties. @@ -13859,6 +13893,9 @@ type ConfigurationRecorder struct { // Amazon Resource Name (ARN) of the IAM role used to describe the Amazon Web // Services resources associated with the account. + // + // While the API model does not require this field, the server will reject a + // request without a defined roleARN for the configuration recorder. RoleARN *string `locationName:"roleARN" type:"string"` } @@ -25926,8 +25963,8 @@ type OrganizationManagedRuleMetadata struct { // Lambda function. InputParameters *string `min:"1" type:"string"` - // The maximum frequency with which Config runs evaluations for a rule. You - // are using an Config managed rule that is triggered at a periodic frequency. + // The maximum frequency with which Config runs evaluations for a rule. This + // is for an Config managed rule that is triggered at a periodic frequency. // // By default, rules with a periodic trigger are evaluated every 24 hours. To // change the frequency, specify a valid value for the MaximumExecutionFrequency @@ -27628,6 +27665,10 @@ type PutResourceConfigInput struct { SchemaVersionId *string `min:"1" type:"string" required:"true"` // Tags associated with the resource. + // + // This field is not to be confused with the Amazon Web Services-wide tag feature + // for Amazon Web Services resources. Tags for PutResourceConfig are tags that + // you supply for the configuration items of your custom resources. Tags map[string]*string `type:"map"` } diff --git a/service/lexmodelsv2/api.go b/service/lexmodelsv2/api.go index e9b60090513..f8be86c6f7d 100644 --- a/service/lexmodelsv2/api.go +++ b/service/lexmodelsv2/api.go @@ -7465,7 +7465,7 @@ type AssociatedTranscript struct { _ struct{} `type:"structure"` // The content of the transcript that meets the search filter criteria. For - // the JSON format of the transcript, see Output transcript format (https://docs.aws.amazon.com/lex/latest/dg/designing-output-format.html). + // the JSON format of the transcript, see Output transcript format (https://docs.aws.amazon.com/lexv2/latest/dg/designing-output-format.html). Transcript *string `locationName:"transcript" min:"1" type:"string"` } @@ -8680,7 +8680,7 @@ func (s *BotRecommendationResultStatistics) SetSlotTypes(v *SlotTypeStatistics) } // The object representing the URL of the bot definition, the URL of the associated -// transcript and a statistical summary of the bot recommendation results. +// transcript, and a statistical summary of the bot recommendation results. type BotRecommendationResults struct { _ struct{} `type:"structure"` @@ -10879,7 +10879,7 @@ type CreateExportOutput struct { ExportId *string `locationName:"exportId" min:"10" type:"string"` // The status of the export. When the status is Completed, you can use the DescribeExport - // (https://docs.aws.amazon.com/latest/dg/API_DescribeExport.html) operation + // (https://docs.aws.amazon.com/lexv2/latest/dg/API_DescribeExport.html) operation // to get the pre-signed S3 URL link to your exported bot or bot locale. ExportStatus *string `locationName:"exportStatus" type:"string" enum:"ExportStatus"` @@ -22256,6 +22256,9 @@ type PromptSpecification struct { // // MessageGroups is a required field MessageGroups []*MessageGroup `locationName:"messageGroups" min:"1" type:"list" required:"true"` + + // Indicates how a message is selected from a message group among retries. + MessageSelectionStrategy *string `locationName:"messageSelectionStrategy" type:"string" enum:"MessageSelectionStrategy"` } // String returns the string representation. @@ -22323,6 +22326,12 @@ func (s *PromptSpecification) SetMessageGroups(v []*MessageGroup) *PromptSpecifi return s } +// SetMessageSelectionStrategy sets the MessageSelectionStrategy field's value. +func (s *PromptSpecification) SetMessageSelectionStrategy(v string) *PromptSpecification { + s.MessageSelectionStrategy = &v + return s +} + // An object that contains a summary of a recommended intent. type RecommendedIntentSummary struct { _ struct{} `type:"structure"` @@ -28591,6 +28600,22 @@ func MergeStrategy_Values() []string { } } +const ( + // MessageSelectionStrategyRandom is a MessageSelectionStrategy enum value + MessageSelectionStrategyRandom = "Random" + + // MessageSelectionStrategyOrdered is a MessageSelectionStrategy enum value + MessageSelectionStrategyOrdered = "Ordered" +) + +// MessageSelectionStrategy_Values returns all elements of the MessageSelectionStrategy enum +func MessageSelectionStrategy_Values() []string { + return []string{ + MessageSelectionStrategyRandom, + MessageSelectionStrategyOrdered, + } +} + const ( // ObfuscationSettingTypeNone is a ObfuscationSettingType enum value ObfuscationSettingTypeNone = "None" diff --git a/service/quicksight/api.go b/service/quicksight/api.go index 1fa51fa7c68..73cc0262ee8 100644 --- a/service/quicksight/api.go +++ b/service/quicksight/api.go @@ -154,7 +154,7 @@ func (c *QuickSight) CreateAccountCustomizationRequest(input *CreateAccountCusto // CreateAccountCustomization API operation for Amazon QuickSight. // -// Creates Amazon QuickSight customizations the current Amazon Web Services +// Creates Amazon QuickSight customizations for the current Amazon Web Services // Region. Currently, you can add a custom default theme by using the CreateAccountCustomization // or UpdateAccountCustomization API operation. To further customize Amazon // QuickSight by removing Amazon QuickSight sample assets and videos for all @@ -235,6 +235,142 @@ func (c *QuickSight) CreateAccountCustomizationWithContext(ctx aws.Context, inpu return out, req.Send() } +const opCreateAccountSubscription = "CreateAccountSubscription" + +// CreateAccountSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the CreateAccountSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateAccountSubscription for more information on using the CreateAccountSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateAccountSubscriptionRequest method. +// req, resp := client.CreateAccountSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/CreateAccountSubscription +func (c *QuickSight) CreateAccountSubscriptionRequest(input *CreateAccountSubscriptionInput) (req *request.Request, output *CreateAccountSubscriptionOutput) { + op := &request.Operation{ + Name: opCreateAccountSubscription, + HTTPMethod: "POST", + HTTPPath: "/account/{AwsAccountId}", + } + + if input == nil { + input = &CreateAccountSubscriptionInput{} + } + + output = &CreateAccountSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateAccountSubscription API operation for Amazon QuickSight. +// +// Creates an Amazon QuickSight account, or subscribes to Amazon QuickSight +// Q. +// +// The Amazon Web Services Region for the account is derived from what is configured +// in the CLI or SDK. This operation isn't supported in the US East (Ohio) Region, +// South America (Sao Paulo) Region, or Asia Pacific (Singapore) Region. +// +// Before you use this operation, make sure that you can connect to an existing +// Amazon Web Services account. If you don't have an Amazon Web Services account, +// see Sign up for Amazon Web Services (https://docs.aws.amazon.com/quicksight/latest/user/setting-up-aws-sign-up.html) +// in the Amazon QuickSight User Guide. The person who signs up for Amazon QuickSight +// needs to have the correct Identity and Access Management (IAM) permissions. +// For more information, see IAM Policy Examples for Amazon QuickSight (https://docs.aws.amazon.com/quicksight/latest/user/iam-policy-examples.html) +// in the Amazon QuickSight User Guide. +// +// If your IAM policy includes both the Subscribe and CreateAccountSubscription +// actions, make sure that both actions are set to Allow. If either action is +// set to Deny, the Deny action prevails and your API call fails. +// +// You can't pass an existing IAM role to access other Amazon Web Services services +// using this API operation. To pass your existing IAM role to Amazon QuickSight, +// see Passing IAM roles to Amazon QuickSight (https://docs.aws.amazon.com/quicksight/latest/user/security_iam_service-with-iam.html#security-create-iam-role) +// in the Amazon QuickSight User Guide. +// +// You can't set default resource access on the new account from the Amazon +// QuickSight API. Instead, add default resource access from the Amazon QuickSight +// console. For more information about setting default resource access to Amazon +// Web Services services, see Setting default resource access to Amazon Web +// Services services (https://docs.aws.amazon.com/quicksight/latest/user/scoping-policies-defaults.html) +// in the Amazon QuickSight User Guide. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon QuickSight's +// API operation CreateAccountSubscription for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// You don't have access to this item. The provided credentials couldn't be +// validated. You might not be authorized to carry out the request. Make sure +// that your account is authorized to use the Amazon QuickSight service, that +// your policies have the correct permissions, and that you are using the correct +// access keys. +// +// * InvalidParameterValueException +// One or more parameters has a value that isn't valid. +// +// * ResourceNotFoundException +// One or more resources can't be found. +// +// * ThrottlingException +// Access is throttled. +// +// * ResourceExistsException +// The resource specified already exists. +// +// * PreconditionNotMetException +// One or more preconditions aren't met. +// +// * ConflictException +// Updating or deleting a resource can cause an inconsistent state. +// +// * InternalFailureException +// An internal failure occurred. +// +// * ResourceUnavailableException +// This resource is currently unavailable. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/CreateAccountSubscription +func (c *QuickSight) CreateAccountSubscription(input *CreateAccountSubscriptionInput) (*CreateAccountSubscriptionOutput, error) { + req, out := c.CreateAccountSubscriptionRequest(input) + return out, req.Send() +} + +// CreateAccountSubscriptionWithContext is the same as CreateAccountSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See CreateAccountSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *QuickSight) CreateAccountSubscriptionWithContext(ctx aws.Context, input *CreateAccountSubscriptionInput, opts ...request.Option) (*CreateAccountSubscriptionOutput, error) { + req, out := c.CreateAccountSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opCreateAnalysis = "CreateAnalysis" // CreateAnalysisRequest generates a "aws/request.Request" representing the @@ -3822,6 +3958,107 @@ func (c *QuickSight) DescribeAccountSettingsWithContext(ctx aws.Context, input * return out, req.Send() } +const opDescribeAccountSubscription = "DescribeAccountSubscription" + +// DescribeAccountSubscriptionRequest generates a "aws/request.Request" representing the +// client's request for the DescribeAccountSubscription operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DescribeAccountSubscription for more information on using the DescribeAccountSubscription +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DescribeAccountSubscriptionRequest method. +// req, resp := client.DescribeAccountSubscriptionRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/DescribeAccountSubscription +func (c *QuickSight) DescribeAccountSubscriptionRequest(input *DescribeAccountSubscriptionInput) (req *request.Request, output *DescribeAccountSubscriptionOutput) { + op := &request.Operation{ + Name: opDescribeAccountSubscription, + HTTPMethod: "GET", + HTTPPath: "/account/{AwsAccountId}", + } + + if input == nil { + input = &DescribeAccountSubscriptionInput{} + } + + output = &DescribeAccountSubscriptionOutput{} + req = c.newRequest(op, input, output) + return +} + +// DescribeAccountSubscription API operation for Amazon QuickSight. +// +// Use the DescribeAccountSubscription operation to receive a description of +// a Amazon QuickSight account's subscription. A successful API call returns +// an AccountInfo object that includes an account's name, subscription status, +// authentication type, edition, and notification email address. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for Amazon QuickSight's +// API operation DescribeAccountSubscription for usage and error information. +// +// Returned Error Types: +// * AccessDeniedException +// You don't have access to this item. The provided credentials couldn't be +// validated. You might not be authorized to carry out the request. Make sure +// that your account is authorized to use the Amazon QuickSight service, that +// your policies have the correct permissions, and that you are using the correct +// access keys. +// +// * InvalidParameterValueException +// One or more parameters has a value that isn't valid. +// +// * ResourceNotFoundException +// One or more resources can't be found. +// +// * ThrottlingException +// Access is throttled. +// +// * InternalFailureException +// An internal failure occurred. +// +// * ResourceUnavailableException +// This resource is currently unavailable. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/quicksight-2018-04-01/DescribeAccountSubscription +func (c *QuickSight) DescribeAccountSubscription(input *DescribeAccountSubscriptionInput) (*DescribeAccountSubscriptionOutput, error) { + req, out := c.DescribeAccountSubscriptionRequest(input) + return out, req.Send() +} + +// DescribeAccountSubscriptionWithContext is the same as DescribeAccountSubscription with the addition of +// the ability to pass a context and additional request options. +// +// See DescribeAccountSubscription for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *QuickSight) DescribeAccountSubscriptionWithContext(ctx aws.Context, input *DescribeAccountSubscriptionInput, opts ...request.Option) (*DescribeAccountSubscriptionOutput, error) { + req, out := c.DescribeAccountSubscriptionRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opDescribeAnalysis = "DescribeAnalysis" // DescribeAnalysisRequest generates a "aws/request.Request" representing the @@ -6518,14 +6755,13 @@ func (c *QuickSight) GetDashboardEmbedUrlRequest(input *GetDashboardEmbedUrlInpu // GetDashboardEmbedUrl API operation for Amazon QuickSight. // -// Generates a session URL and authorization code that you can use to embed -// an Amazon Amazon QuickSight read-only dashboard in your web server code. +// Generates a temporary session URL and authorization code that you can use +// to embed an Amazon QuickSight read-only dashboard in your website or application. // Before you use this command, make sure that you have configured the dashboards // and permissions. // // Currently, you can use GetDashboardEmbedURL only from the server, not from -// the user's browser. The following rules apply to the combination of URL and -// authorization code: +// the user's browser. The following rules apply to the generated URL: // // * They must be used together. // @@ -6533,7 +6769,9 @@ func (c *QuickSight) GetDashboardEmbedUrlRequest(input *GetDashboardEmbedUrlInpu // // * They are valid for 5 minutes after you run this command. // -// * The resulting user session is valid for 10 hours. +// * The resulting user session is valid for 15 minutes (default) up to 10 +// hours (maximum). You can use the optional SessionLifetimeInMinutes parameter +// to customi session duration. // // For more information, see Embedding Analytics Using GetDashboardEmbedUrl // (https://docs.aws.amazon.com/quicksight/latest/user/embedded-analytics-deprecated.html) @@ -10637,8 +10875,8 @@ func (c *QuickSight) UpdateAccountCustomizationRequest(input *UpdateAccountCusto // UpdateAccountCustomization API operation for Amazon QuickSight. // -// Updates Amazon QuickSight customizations the current Amazon Web Services -// Region. Currently, the only customization you can use is a theme. +// Updates Amazon QuickSight customizations for the current Amazon Web Services +// Region. Currently, the only customization that you can use is a theme. // // You can use customizations for your Amazon Web Services account or, if you // specify a namespace, for a Amazon QuickSight namespace instead. Customizations @@ -12259,16 +12497,17 @@ func (c *QuickSight) UpdatePublicSharingSettingsRequest(input *UpdatePublicShari // UpdatePublicSharingSettings API operation for Amazon QuickSight. // -// Use the UpdatePublicSharingSettings operation to enable or disable the public -// sharing settings of an Amazon QuickSight dashboard. +// Use the UpdatePublicSharingSettings operation to turn on or turn off the +// public sharing settings of an Amazon QuickSight dashboard. // -// To use this operation, enable session capacity pricing on your Amazon QuickSight +// To use this operation, turn on session capacity pricing for your Amazon QuickSight // account. // -// Before you can enable public sharing on your account, you need to allow public -// sharing permissions to an administrative user in the IAM console. For more -// information on using IAM with Amazon QuickSight, see Using Amazon QuickSight -// with IAM (https://docs.aws.amazon.com/quicksight/latest/user/security_iam_service-with-iam.html). +// Before you can turn on public sharing on your account, make sure to give +// public sharing permissions to an administrative user in the Identity and +// Access Management (IAM) console. For more information on using IAM with Amazon +// QuickSight, see Using Amazon QuickSight with IAM (https://docs.aws.amazon.com/quicksight/latest/user/security_iam_service-with-iam.html) +// in the Amazon QuickSight User Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -13163,6 +13402,89 @@ func (s *AccountCustomization) SetDefaultTheme(v string) *AccountCustomization { return s } +// A structure that contains the following account information elements: +// +// * Your Amazon QuickSight account name. +// +// * The edition of Amazon QuickSight that your account is using. +// +// * The notification email address that is associated with the Amazon QuickSight +// account. +// +// * The authentication type of the Amazon QuickSight account. +// +// * The status of the Amazon QuickSight account's subscription. +type AccountInfo struct { + _ struct{} `type:"structure"` + + // The account name that you provided for the Amazon QuickSight subscription + // in your Amazon Web Services account. You create this name when you sign up + // for Amazon QuickSight. It's unique over all of Amazon Web Services, and it + // appears only when users sign in. + AccountName *string `type:"string"` + + // The status of your account subscription. + AccountSubscriptionStatus *string `type:"string"` + + // The way that your Amazon QuickSight account is authenticated. + AuthenticationType *string `type:"string"` + + // The edition of your Amazon QuickSight account. + Edition *string `type:"string" enum:"Edition"` + + // The email address that will be used for Amazon QuickSight to send notifications + // regarding your Amazon Web Services account or Amazon QuickSight subscription. + NotificationEmail *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountInfo) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccountInfo) GoString() string { + return s.String() +} + +// SetAccountName sets the AccountName field's value. +func (s *AccountInfo) SetAccountName(v string) *AccountInfo { + s.AccountName = &v + return s +} + +// SetAccountSubscriptionStatus sets the AccountSubscriptionStatus field's value. +func (s *AccountInfo) SetAccountSubscriptionStatus(v string) *AccountInfo { + s.AccountSubscriptionStatus = &v + return s +} + +// SetAuthenticationType sets the AuthenticationType field's value. +func (s *AccountInfo) SetAuthenticationType(v string) *AccountInfo { + s.AuthenticationType = &v + return s +} + +// SetEdition sets the Edition field's value. +func (s *AccountInfo) SetEdition(v string) *AccountInfo { + s.Edition = &v + return s +} + +// SetNotificationEmail sets the NotificationEmail field's value. +func (s *AccountInfo) SetNotificationEmail(v string) *AccountInfo { + s.NotificationEmail = &v + return s +} + // The Amazon QuickSight settings associated with your Amazon Web Services account. type AccountSettings struct { _ struct{} `type:"structure"` @@ -13183,9 +13505,9 @@ type AccountSettings struct { // The main notification email for your Amazon QuickSight subscription. NotificationEmail *string `type:"string"` - // A boolean that indicates whether or not public sharing is enabled on an Amazon - // QuickSight account. For more information about enabling public sharing, see - // UpdatePublicSharingSettings (https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdatePublicSharingSettings.html). + // A Boolean value that indicates whether public sharing is turned on for an + // Amazon QuickSight account. For more information about turning on public sharing, + // see UpdatePublicSharingSettings (https://docs.aws.amazon.com/quicksight/latest/APIReference/API_UpdatePublicSharingSettings.html). PublicSharingEnabled *bool `type:"boolean"` } @@ -13278,7 +13600,7 @@ func (s *ActiveIAMPolicyAssignment) SetPolicyArn(v string) *ActiveIAMPolicyAssig return s } -// Ad hoc (one-time) filtering option. +// An ad hoc (one-time) filtering option. type AdHocFilteringOption struct { _ struct{} `type:"structure"` @@ -15140,6 +15462,294 @@ func (s *CreateAccountCustomizationOutput) SetStatus(v int64) *CreateAccountCust return s } +type CreateAccountSubscriptionInput struct { + _ struct{} `type:"structure"` + + // The name of your Amazon QuickSight account. This name is unique over all + // of Amazon Web Services, and it appears only when users sign in. You can't + // change AccountName value after the Amazon QuickSight account is created. + // + // AccountName is a required field + AccountName *string `type:"string" required:"true"` + + // The name of your Active Directory. This field is required if ACTIVE_DIRECTORY + // is the selected authentication method of the new Amazon QuickSight account. + ActiveDirectoryName *string `type:"string"` + + // The admin group associated with your Active Directory. This field is required + // if ACTIVE_DIRECTORY is the selected authentication method of the new Amazon + // QuickSight account. For more information about using Active Directory in + // Amazon QuickSight, see Using Active Directory with Amazon QuickSight Enterprise + // Edition (https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html) + // in the Amazon QuickSight User Guide. + AdminGroup []*string `type:"list"` + + // The method that you want to use to authenticate your Amazon QuickSight account. + // Currently, the valid values for this parameter are IAM_AND_QUICKSIGHT, IAM_ONLY, + // and ACTIVE_DIRECTORY. + // + // If you choose ACTIVE_DIRECTORY, provide an ActiveDirectoryName and an AdminGroup + // associated with your Active Directory. + // + // AuthenticationMethod is a required field + AuthenticationMethod *string `type:"string" required:"true" enum:"AuthenticationMethodOption"` + + // The author group associated with your Active Directory. For more information + // about using Active Directory in Amazon QuickSight, see Using Active Directory + // with Amazon QuickSight Enterprise Edition (https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html) + // in the Amazon QuickSight User Guide. + AuthorGroup []*string `type:"list"` + + // The Amazon Web Services account ID of the account that you're using to create + // your Amazon QuickSight account. + // + // AwsAccountId is a required field + AwsAccountId *string `location:"uri" locationName:"AwsAccountId" min:"12" type:"string" required:"true"` + + // A 10-digit phone number for the author of the Amazon QuickSight account to + // use for future communications. This field is required if ENTERPPRISE_AND_Q + // is the selected edition of the new Amazon QuickSight account. + ContactNumber *string `type:"string"` + + // The ID of the Active Directory that is associated with your Amazon QuickSight + // account. + DirectoryId *string `type:"string"` + + // The edition of Amazon QuickSight that you want your account to have. Currently, + // you can choose from ENTERPRISE or ENTERPRISE_AND_Q. + // + // If you choose ENTERPRISE_AND_Q, the following parameters are required: + // + // * FirstName + // + // * LastName + // + // * EmailAddress + // + // * ContactNumber + // + // Edition is a required field + Edition *string `type:"string" required:"true" enum:"Edition"` + + // The email address of the author of the Amazon QuickSight account to use for + // future communications. This field is required if ENTERPPRISE_AND_Q is the + // selected edition of the new Amazon QuickSight account. + EmailAddress *string `type:"string"` + + // The first name of the author of the Amazon QuickSight account to use for + // future communications. This field is required if ENTERPPRISE_AND_Q is the + // selected edition of the new Amazon QuickSight account. + FirstName *string `type:"string"` + + // The last name of the author of the Amazon QuickSight account to use for future + // communications. This field is required if ENTERPPRISE_AND_Q is the selected + // edition of the new Amazon QuickSight account. + LastName *string `type:"string"` + + // The email address that you want Amazon QuickSight to send notifications to + // regarding your Amazon QuickSight account or Amazon QuickSight subscription. + // + // NotificationEmail is a required field + NotificationEmail *string `type:"string" required:"true"` + + // The reader group associated with your Active Direcrtory. For more information + // about using Active Directory in Amazon QuickSight, see Using Active Directory + // with Amazon QuickSight Enterprise Edition (https://docs.aws.amazon.com/quicksight/latest/user/aws-directory-service.html) + // in the Amazon QuickSight User Guide. + ReaderGroup []*string `type:"list"` + + // The realm of the Active Directory that is associated with your Amazon QuickSight + // account. This field is required if ACTIVE_DIRECTORY is the selected authentication + // method of the new Amazon QuickSight account. + Realm *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAccountSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAccountSubscriptionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateAccountSubscriptionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateAccountSubscriptionInput"} + if s.AccountName == nil { + invalidParams.Add(request.NewErrParamRequired("AccountName")) + } + if s.AuthenticationMethod == nil { + invalidParams.Add(request.NewErrParamRequired("AuthenticationMethod")) + } + if s.AwsAccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AwsAccountId")) + } + if s.AwsAccountId != nil && len(*s.AwsAccountId) < 12 { + invalidParams.Add(request.NewErrParamMinLen("AwsAccountId", 12)) + } + if s.Edition == nil { + invalidParams.Add(request.NewErrParamRequired("Edition")) + } + if s.NotificationEmail == nil { + invalidParams.Add(request.NewErrParamRequired("NotificationEmail")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAccountName sets the AccountName field's value. +func (s *CreateAccountSubscriptionInput) SetAccountName(v string) *CreateAccountSubscriptionInput { + s.AccountName = &v + return s +} + +// SetActiveDirectoryName sets the ActiveDirectoryName field's value. +func (s *CreateAccountSubscriptionInput) SetActiveDirectoryName(v string) *CreateAccountSubscriptionInput { + s.ActiveDirectoryName = &v + return s +} + +// SetAdminGroup sets the AdminGroup field's value. +func (s *CreateAccountSubscriptionInput) SetAdminGroup(v []*string) *CreateAccountSubscriptionInput { + s.AdminGroup = v + return s +} + +// SetAuthenticationMethod sets the AuthenticationMethod field's value. +func (s *CreateAccountSubscriptionInput) SetAuthenticationMethod(v string) *CreateAccountSubscriptionInput { + s.AuthenticationMethod = &v + return s +} + +// SetAuthorGroup sets the AuthorGroup field's value. +func (s *CreateAccountSubscriptionInput) SetAuthorGroup(v []*string) *CreateAccountSubscriptionInput { + s.AuthorGroup = v + return s +} + +// SetAwsAccountId sets the AwsAccountId field's value. +func (s *CreateAccountSubscriptionInput) SetAwsAccountId(v string) *CreateAccountSubscriptionInput { + s.AwsAccountId = &v + return s +} + +// SetContactNumber sets the ContactNumber field's value. +func (s *CreateAccountSubscriptionInput) SetContactNumber(v string) *CreateAccountSubscriptionInput { + s.ContactNumber = &v + return s +} + +// SetDirectoryId sets the DirectoryId field's value. +func (s *CreateAccountSubscriptionInput) SetDirectoryId(v string) *CreateAccountSubscriptionInput { + s.DirectoryId = &v + return s +} + +// SetEdition sets the Edition field's value. +func (s *CreateAccountSubscriptionInput) SetEdition(v string) *CreateAccountSubscriptionInput { + s.Edition = &v + return s +} + +// SetEmailAddress sets the EmailAddress field's value. +func (s *CreateAccountSubscriptionInput) SetEmailAddress(v string) *CreateAccountSubscriptionInput { + s.EmailAddress = &v + return s +} + +// SetFirstName sets the FirstName field's value. +func (s *CreateAccountSubscriptionInput) SetFirstName(v string) *CreateAccountSubscriptionInput { + s.FirstName = &v + return s +} + +// SetLastName sets the LastName field's value. +func (s *CreateAccountSubscriptionInput) SetLastName(v string) *CreateAccountSubscriptionInput { + s.LastName = &v + return s +} + +// SetNotificationEmail sets the NotificationEmail field's value. +func (s *CreateAccountSubscriptionInput) SetNotificationEmail(v string) *CreateAccountSubscriptionInput { + s.NotificationEmail = &v + return s +} + +// SetReaderGroup sets the ReaderGroup field's value. +func (s *CreateAccountSubscriptionInput) SetReaderGroup(v []*string) *CreateAccountSubscriptionInput { + s.ReaderGroup = v + return s +} + +// SetRealm sets the Realm field's value. +func (s *CreateAccountSubscriptionInput) SetRealm(v string) *CreateAccountSubscriptionInput { + s.Realm = &v + return s +} + +type CreateAccountSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // The Amazon Web Services request ID for this operation. + RequestId *string `type:"string"` + + // A SignupResponse object that returns information about a newly created Amazon + // QuickSight account. + SignupResponse *SignupResponse `type:"structure"` + + // The HTTP status of the request. + Status *int64 `location:"statusCode" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAccountSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateAccountSubscriptionOutput) GoString() string { + return s.String() +} + +// SetRequestId sets the RequestId field's value. +func (s *CreateAccountSubscriptionOutput) SetRequestId(v string) *CreateAccountSubscriptionOutput { + s.RequestId = &v + return s +} + +// SetSignupResponse sets the SignupResponse field's value. +func (s *CreateAccountSubscriptionOutput) SetSignupResponse(v *SignupResponse) *CreateAccountSubscriptionOutput { + s.SignupResponse = v + return s +} + +// SetStatus sets the Status field's value. +func (s *CreateAccountSubscriptionOutput) SetStatus(v int64) *CreateAccountSubscriptionOutput { + s.Status = &v + return s +} + type CreateAnalysisInput struct { _ struct{} `type:"structure"` @@ -22939,9 +23549,11 @@ type DescribeAccountSettingsOutput struct { // The Amazon QuickSight settings for this Amazon Web Services account. This // information includes the edition of Amazon Amazon QuickSight that you subscribed // to (Standard or Enterprise) and the notification email for the Amazon QuickSight - // subscription. In the QuickSight console, the Amazon QuickSight subscription - // is sometimes referred to as a QuickSight "account" even though it's technically - // not an account by itself. Instead, it's a subscription to the Amazon QuickSight + // subscription. + // + // In the QuickSight console, the Amazon QuickSight subscription is sometimes + // referred to as a QuickSight "account" even though it's technically not an + // account by itself. Instead, it's a subscription to the Amazon QuickSight // service for your Amazon Web Services account. The edition that you subscribe // to applies to Amazon QuickSight in every Amazon Web Services Region where // you use it. @@ -22990,6 +23602,116 @@ func (s *DescribeAccountSettingsOutput) SetStatus(v int64) *DescribeAccountSetti return s } +type DescribeAccountSubscriptionInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The Amazon Web Services account ID associated with your Amazon QuickSight + // account. + // + // AwsAccountId is a required field + AwsAccountId *string `location:"uri" locationName:"AwsAccountId" min:"12" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountSubscriptionInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountSubscriptionInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DescribeAccountSubscriptionInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DescribeAccountSubscriptionInput"} + if s.AwsAccountId == nil { + invalidParams.Add(request.NewErrParamRequired("AwsAccountId")) + } + if s.AwsAccountId != nil && len(*s.AwsAccountId) < 12 { + invalidParams.Add(request.NewErrParamMinLen("AwsAccountId", 12)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAwsAccountId sets the AwsAccountId field's value. +func (s *DescribeAccountSubscriptionInput) SetAwsAccountId(v string) *DescribeAccountSubscriptionInput { + s.AwsAccountId = &v + return s +} + +type DescribeAccountSubscriptionOutput struct { + _ struct{} `type:"structure"` + + // A structure that contains the following elements: + // + // * Your Amazon QuickSight account name. + // + // * The edition of Amazon QuickSight that your account is using. + // + // * The notification email address that is associated with the Amazon QuickSight + // account. + // + // * The authentication type of the Amazon QuickSight account. + // + // * The status of the Amazon QuickSight account's subscription. + AccountInfo *AccountInfo `type:"structure"` + + // The Amazon Web Services request ID for this operation. + RequestId *string `type:"string"` + + // The HTTP status of the request. + Status *int64 `location:"statusCode" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountSubscriptionOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DescribeAccountSubscriptionOutput) GoString() string { + return s.String() +} + +// SetAccountInfo sets the AccountInfo field's value. +func (s *DescribeAccountSubscriptionOutput) SetAccountInfo(v *AccountInfo) *DescribeAccountSubscriptionOutput { + s.AccountInfo = v + return s +} + +// SetRequestId sets the RequestId field's value. +func (s *DescribeAccountSubscriptionOutput) SetRequestId(v string) *DescribeAccountSubscriptionOutput { + s.RequestId = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *DescribeAccountSubscriptionOutput) SetStatus(v int64) *DescribeAccountSubscriptionOutput { + s.Status = &v + return s +} + type DescribeAnalysisInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -26723,11 +27445,22 @@ func (s *FolderSummary) SetName(v string) *FolderSummary { type GenerateEmbedUrlForAnonymousUserInput struct { _ struct{} `type:"structure"` - // The Amazon Resource Names for the Amazon QuickSight resources that the user - // is authorized to access during the lifetime of the session. If you choose - // Dashboard embedding experience, pass the list of dashboard ARNs in the account - // that you want the user to be able to view. Currently, you can pass up to - // 25 dashboard ARNs in each API call. + // The domains that you want to add to the allow list for access to the generated + // URL that is then embedded. This optional parameter overrides the static domains + // that are configured in the Manage QuickSight menu in the Amazon QuickSight + // console and instead allows only the domains that you include in this parameter. + // You can list up to three domains or subdomains in each API call. + // + // To include a subdomain, use * to include all subdomains under a specific + // domain to the allow list. For example, https://*.sapp.amazon.com, includes + // all subdomains under https://sapp.amazon.com. + AllowedDomains []*string `type:"list"` + + // The Amazon Resource Names (ARNs) for the Amazon QuickSight resources that + // the user is authorized to access during the lifetime of the session. If you + // choose Dashboard embedding experience, pass the list of dashboard ARNs in + // the account that you want the user to be able to view. Currently, you can + // pass up to 25 dashboard ARNs in each API call. // // AuthorizedResourceArns is a required field AuthorizedResourceArns []*string `type:"list" required:"true"` @@ -26738,7 +27471,7 @@ type GenerateEmbedUrlForAnonymousUserInput struct { // AwsAccountId is a required field AwsAccountId *string `location:"uri" locationName:"AwsAccountId" min:"12" type:"string" required:"true"` - // The configuration of the experience you are embedding. + // The configuration of the experience that you are embedding. // // ExperienceConfiguration is a required field ExperienceConfiguration *AnonymousUserEmbeddingExperienceConfiguration `type:"structure" required:"true"` @@ -26760,7 +27493,8 @@ type GenerateEmbedUrlForAnonymousUserInput struct { // // These are not the tags used for the Amazon Web Services resource tagging // feature. For more information, see Using Row-Level Security (RLS) with Tags - // (https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html). + // (https://docs.aws.amazon.com/quicksight/latest/user/quicksight-dev-rls-tags.html)in + // the Amazon QuickSight User Guide. SessionTags []*SessionTag `min:"1" type:"list"` } @@ -26828,6 +27562,12 @@ func (s *GenerateEmbedUrlForAnonymousUserInput) Validate() error { return nil } +// SetAllowedDomains sets the AllowedDomains field's value. +func (s *GenerateEmbedUrlForAnonymousUserInput) SetAllowedDomains(v []*string) *GenerateEmbedUrlForAnonymousUserInput { + s.AllowedDomains = v + return s +} + // SetAuthorizedResourceArns sets the AuthorizedResourceArns field's value. func (s *GenerateEmbedUrlForAnonymousUserInput) SetAuthorizedResourceArns(v []*string) *GenerateEmbedUrlForAnonymousUserInput { s.AuthorizedResourceArns = v @@ -26926,6 +27666,17 @@ func (s *GenerateEmbedUrlForAnonymousUserOutput) SetStatus(v int64) *GenerateEmb type GenerateEmbedUrlForRegisteredUserInput struct { _ struct{} `type:"structure"` + // The domains that you want to add to the allow list for access to the generated + // URL that is then embedded. This optional parameter overrides the static domains + // that are configured in the Manage QuickSight menu in the Amazon QuickSight + // console and instead allows only the domains that you include in this parameter. + // You can list up to three domains or subdomains in each API call. + // + // To include a subdomain, use * to include all subdomains under a specific + // domain to the allow list. For example, https://*.sapp.amazon.com, includes + // all subdomains under https://sapp.amazon.com. + AllowedDomains []*string `type:"list"` + // The ID for the Amazon Web Services account that contains the dashboard that // you're embedding. // @@ -26996,6 +27747,12 @@ func (s *GenerateEmbedUrlForRegisteredUserInput) Validate() error { return nil } +// SetAllowedDomains sets the AllowedDomains field's value. +func (s *GenerateEmbedUrlForRegisteredUserInput) SetAllowedDomains(v []*string) *GenerateEmbedUrlForRegisteredUserInput { + s.AllowedDomains = v + return s +} + // SetAwsAccountId sets the AwsAccountId field's value. func (s *GenerateEmbedUrlForRegisteredUserInput) SetAwsAccountId(v string) *GenerateEmbedUrlForRegisteredUserInput { s.AwsAccountId = &v @@ -27163,9 +27920,9 @@ func (s *GeoSpatialColumnGroup) SetName(v string) *GeoSpatialColumnGroup { type GetDashboardEmbedUrlInput struct { _ struct{} `type:"structure" nopayload:"true"` - // A list of one or more dashboard IDs that you want to add to a session that - // includes anonymous users. The IdentityType parameter must be set to ANONYMOUS - // for this to work, because other identity types authenticate as Amazon QuickSight + // A list of one or more dashboard IDs that you want anonymous users to have + // tempporary access to. Currently, the IdentityType parameter must be set to + // ANONYMOUS because other identity types authenticate as Amazon QuickSight // or IAM users. For example, if you set "--dashboard-id dash_id1 --dashboard-id // dash_id2 dash_id3 identity-type ANONYMOUS", the session can access all three // dashboards. @@ -33592,7 +34349,8 @@ type RegisteredUserEmbeddingExperienceConfiguration struct { // The configuration details for embedding the Q search bar. // // For more information about embedding the Q search bar, see Embedding Overview - // (https://docs.aws.amazon.com/quicksight/latest/user/embedding-overview.html). + // (https://docs.aws.amazon.com/quicksight/latest/user/embedding-overview.html) + // in the Amazon QuickSight User Guide. QSearchBar *RegisteredUserQSearchBarEmbeddingConfiguration `type:"structure"` // The configuration details for providing each Amazon QuickSight console embedding @@ -35778,6 +36536,67 @@ func (s *SheetStyle) SetTileLayout(v *TileLayoutStyle) *SheetStyle { return s } +// A SignupResponse object that contains a summary of a newly created account. +type SignupResponse struct { + _ struct{} `type:"structure"` + + // The name of your Amazon QuickSight account. + AccountName *string `locationName:"accountName" type:"string"` + + // The type of Active Directory that is being used to authenticate the Amazon + // QuickSight account. Valid values are SIMPLE_AD, AD_CONNECTOR, and MICROSOFT_AD. + DirectoryType *string `locationName:"directoryType" type:"string"` + + // A Boolean that is TRUE if the Amazon QuickSight uses IAM as an authentication + // method. + IAMUser *bool `type:"boolean"` + + // The user login name for your Amazon QuickSight account. + UserLoginName *string `locationName:"userLoginName" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignupResponse) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SignupResponse) GoString() string { + return s.String() +} + +// SetAccountName sets the AccountName field's value. +func (s *SignupResponse) SetAccountName(v string) *SignupResponse { + s.AccountName = &v + return s +} + +// SetDirectoryType sets the DirectoryType field's value. +func (s *SignupResponse) SetDirectoryType(v string) *SignupResponse { + s.DirectoryType = &v + return s +} + +// SetIAMUser sets the IAMUser field's value. +func (s *SignupResponse) SetIAMUser(v bool) *SignupResponse { + s.IAMUser = &v + return s +} + +// SetUserLoginName sets the UserLoginName field's value. +func (s *SignupResponse) SetUserLoginName(v string) *SignupResponse { + s.UserLoginName = &v + return s +} + // The parameters for Snowflake. type SnowflakeParameters struct { _ struct{} `type:"structure"` @@ -38530,8 +39349,8 @@ type UpdateAccountSettingsInput struct { // The default namespace for this Amazon Web Services account. Currently, the // default is default. Identity and Access Management (IAM) users that register - // for the first time with Amazon QuickSight provide an email that becomes associated - // with the default namespace. + // for the first time with Amazon QuickSight provide an email address that becomes + // associated with the default namespace. // // DefaultNamespace is a required field DefaultNamespace *string `type:"string" required:"true"` @@ -41299,8 +42118,8 @@ type UpdatePublicSharingSettingsInput struct { // AwsAccountId is a required field AwsAccountId *string `location:"uri" locationName:"AwsAccountId" min:"12" type:"string" required:"true"` - // A boolean that indicates whether or not public sharing is enabled on a Amazon - // QuickSight account. + // A Boolean value that indicates whether public sharing is turned on for an + // Amazon QuickSight account. PublicSharingEnabled *bool `type:"boolean"` } @@ -43120,6 +43939,26 @@ func AssignmentStatus_Values() []string { } } +const ( + // AuthenticationMethodOptionIamAndQuicksight is a AuthenticationMethodOption enum value + AuthenticationMethodOptionIamAndQuicksight = "IAM_AND_QUICKSIGHT" + + // AuthenticationMethodOptionIamOnly is a AuthenticationMethodOption enum value + AuthenticationMethodOptionIamOnly = "IAM_ONLY" + + // AuthenticationMethodOptionActiveDirectory is a AuthenticationMethodOption enum value + AuthenticationMethodOptionActiveDirectory = "ACTIVE_DIRECTORY" +) + +// AuthenticationMethodOption_Values returns all elements of the AuthenticationMethodOption enum +func AuthenticationMethodOption_Values() []string { + return []string{ + AuthenticationMethodOptionIamAndQuicksight, + AuthenticationMethodOptionIamOnly, + AuthenticationMethodOptionActiveDirectory, + } +} + const ( // ColumnDataTypeString is a ColumnDataType enum value ColumnDataTypeString = "STRING" @@ -43422,6 +44261,9 @@ const ( // EditionEnterprise is a Edition enum value EditionEnterprise = "ENTERPRISE" + + // EditionEnterpriseAndQ is a Edition enum value + EditionEnterpriseAndQ = "ENTERPRISE_AND_Q" ) // Edition_Values returns all elements of the Edition enum @@ -43429,6 +44271,7 @@ func Edition_Values() []string { return []string{ EditionStandard, EditionEnterprise, + EditionEnterpriseAndQ, } } diff --git a/service/quicksight/quicksightiface/interface.go b/service/quicksight/quicksightiface/interface.go index a08b2d4a401..cedfcb7f68d 100644 --- a/service/quicksight/quicksightiface/interface.go +++ b/service/quicksight/quicksightiface/interface.go @@ -68,6 +68,10 @@ type QuickSightAPI interface { CreateAccountCustomizationWithContext(aws.Context, *quicksight.CreateAccountCustomizationInput, ...request.Option) (*quicksight.CreateAccountCustomizationOutput, error) CreateAccountCustomizationRequest(*quicksight.CreateAccountCustomizationInput) (*request.Request, *quicksight.CreateAccountCustomizationOutput) + CreateAccountSubscription(*quicksight.CreateAccountSubscriptionInput) (*quicksight.CreateAccountSubscriptionOutput, error) + CreateAccountSubscriptionWithContext(aws.Context, *quicksight.CreateAccountSubscriptionInput, ...request.Option) (*quicksight.CreateAccountSubscriptionOutput, error) + CreateAccountSubscriptionRequest(*quicksight.CreateAccountSubscriptionInput) (*request.Request, *quicksight.CreateAccountSubscriptionOutput) + CreateAnalysis(*quicksight.CreateAnalysisInput) (*quicksight.CreateAnalysisOutput, error) CreateAnalysisWithContext(aws.Context, *quicksight.CreateAnalysisInput, ...request.Option) (*quicksight.CreateAnalysisOutput, error) CreateAnalysisRequest(*quicksight.CreateAnalysisInput) (*request.Request, *quicksight.CreateAnalysisOutput) @@ -204,6 +208,10 @@ type QuickSightAPI interface { DescribeAccountSettingsWithContext(aws.Context, *quicksight.DescribeAccountSettingsInput, ...request.Option) (*quicksight.DescribeAccountSettingsOutput, error) DescribeAccountSettingsRequest(*quicksight.DescribeAccountSettingsInput) (*request.Request, *quicksight.DescribeAccountSettingsOutput) + DescribeAccountSubscription(*quicksight.DescribeAccountSubscriptionInput) (*quicksight.DescribeAccountSubscriptionOutput, error) + DescribeAccountSubscriptionWithContext(aws.Context, *quicksight.DescribeAccountSubscriptionInput, ...request.Option) (*quicksight.DescribeAccountSubscriptionOutput, error) + DescribeAccountSubscriptionRequest(*quicksight.DescribeAccountSubscriptionInput) (*request.Request, *quicksight.DescribeAccountSubscriptionOutput) + DescribeAnalysis(*quicksight.DescribeAnalysisInput) (*quicksight.DescribeAnalysisOutput, error) DescribeAnalysisWithContext(aws.Context, *quicksight.DescribeAnalysisInput, ...request.Option) (*quicksight.DescribeAnalysisOutput, error) DescribeAnalysisRequest(*quicksight.DescribeAnalysisInput) (*request.Request, *quicksight.DescribeAnalysisOutput) diff --git a/service/rds/api.go b/service/rds/api.go index 28b35a1a506..fe32dcc7cea 100644 --- a/service/rds/api.go +++ b/service/rds/api.go @@ -619,7 +619,7 @@ func (c *RDS) BacktrackDBClusterRequest(input *BacktrackDBClusterInput) (req *re // (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Managing.Backtrack.html) // in the Amazon Aurora User Guide. // -// This action applies only to Aurora MySQL DB clusters. +// This action only applies to Aurora MySQL DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -877,21 +877,50 @@ func (c *RDS) CopyDBClusterSnapshotRequest(input *CopyDBClusterSnapshotInput) (r // // You can copy an encrypted DB cluster snapshot from another Amazon Web Services // Region. In that case, the Amazon Web Services Region where you call the CopyDBClusterSnapshot -// operation is the destination Amazon Web Services Region for the encrypted -// DB cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot +// action is the destination Amazon Web Services Region for the encrypted DB +// cluster snapshot to be copied to. To copy an encrypted DB cluster snapshot // from another Amazon Web Services Region, you must provide the following values: // // * KmsKeyId - The Amazon Web Services Key Management System (Amazon Web // Services KMS) key identifier for the key to use to encrypt the copy of // the DB cluster snapshot in the destination Amazon Web Services Region. // +// * PreSignedUrl - A URL that contains a Signature Version 4 signed request +// for the CopyDBClusterSnapshot action to be called in the source Amazon +// Web Services Region where the DB cluster snapshot is copied from. The +// pre-signed URL must be a valid request for the CopyDBClusterSnapshot API +// action that can be executed in the source Amazon Web Services Region that +// contains the encrypted DB cluster snapshot to be copied. The pre-signed +// URL request must contain the following parameter values: KmsKeyId - The +// Amazon Web Services KMS key identifier for the KMS key to use to encrypt +// the copy of the DB cluster snapshot in the destination Amazon Web Services +// Region. This is the same identifier for both the CopyDBClusterSnapshot +// action that is called in the destination Amazon Web Services Region, and +// the action contained in the pre-signed URL. DestinationRegion - The name +// of the Amazon Web Services Region that the DB cluster snapshot is to be +// created in. SourceDBClusterSnapshotIdentifier - The DB cluster snapshot +// identifier for the encrypted DB cluster snapshot to be copied. This identifier +// must be in the Amazon Resource Name (ARN) format for the source Amazon +// Web Services Region. For example, if you are copying an encrypted DB cluster +// snapshot from the us-west-2 Amazon Web Services Region, then your SourceDBClusterSnapshotIdentifier +// looks like the following example: arn:aws:rds:us-west-2:123456789012:cluster-snapshot:aurora-cluster1-snapshot-20161115. +// To learn how to generate a Signature Version 4 signed request, see Authenticating +// Requests: Using Query Parameters (Amazon Web Services Signature Version +// 4) (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) +// and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). +// If you are using an Amazon Web Services SDK tool or the CLI, you can specify +// SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl +// manually. Specifying SourceRegion autogenerates a pre-signed URL that +// is a valid request for the operation that can be executed in the source +// Amazon Web Services Region. +// // * TargetDBClusterSnapshotIdentifier - The identifier for the new copy // of the DB cluster snapshot in the destination Amazon Web Services Region. // // * SourceDBClusterSnapshotIdentifier - The DB cluster snapshot identifier // for the encrypted DB cluster snapshot to be copied. This identifier must // be in the ARN format for the source Amazon Web Services Region and is -// the same value as the SourceDBClusterSnapshotIdentifier in the presigned +// the same value as the SourceDBClusterSnapshotIdentifier in the pre-signed // URL. // // To cancel the copy operation once it is in progress, delete the target DB @@ -1093,7 +1122,7 @@ func (c *RDS) CopyDBSnapshotRequest(input *CopyDBSnapshotInput) (req *request.Re // // You can copy a snapshot from one Amazon Web Services Region to another. In // that case, the Amazon Web Services Region where you call the CopyDBSnapshot -// operation is the destination Amazon Web Services Region for the DB snapshot +// action is the destination Amazon Web Services Region for the DB snapshot // copy. // // This command doesn't apply to RDS Custom. @@ -1406,7 +1435,9 @@ func (c *RDS) CreateDBClusterRequest(input *CreateDBClusterInput) (req *request. // // You can use the ReplicationSourceIdentifier parameter to create an Amazon // Aurora DB cluster as a read replica of another DB cluster or Amazon RDS MySQL -// or PostgreSQL DB instance. +// or PostgreSQL DB instance. For cross-Region replication where the DB cluster +// identified by ReplicationSourceIdentifier is encrypted, also specify the +// PreSignedUrl parameter. // // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. @@ -1556,7 +1587,7 @@ func (c *RDS) CreateDBClusterEndpointRequest(input *CreateDBClusterEndpointInput // Creates a new custom endpoint and associates it with an Amazon Aurora DB // cluster. // -// This action applies only to Aurora DB clusters. +// This action only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -1678,8 +1709,8 @@ func (c *RDS) CreateDBClusterParameterGroupRequest(input *CreateDBClusterParamet // character set for the default database defined by the character_set_database // parameter. You can use the Parameter Groups option of the Amazon RDS console // (https://console.aws.amazon.com/rds/) or the DescribeDBClusterParameters -// operation to verify that your DB cluster parameter group has been created -// or modified. +// action to verify that your DB cluster parameter group has been created or +// modified. // // For more information on Amazon Aurora, see What is Amazon Aurora? (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/CHAP_AuroraOverview.html) // in the Amazon Aurora User Guide. @@ -1869,18 +1900,6 @@ func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *reques // // Creates a new DB instance. // -// The new DB instance can be an RDS DB instance, or it can be a DB instance -// in an Aurora DB cluster. For an Aurora DB cluster, you can call this operation -// multiple times to add more than one DB instance to the cluster. -// -// For more information about creating an RDS DB instance, see Creating an Amazon -// RDS DB instance (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CreateDBInstance.html) -// in the Amazon RDS User Guide. -// -// For more information about creating a DB instance in an Aurora DB cluster, -// see Creating an Amazon Aurora DB cluster (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.CreateInstance.html) -// in the Amazon Aurora User Guide. -// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -2030,7 +2049,7 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // with Read Replicas (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html) // in the Amazon RDS User Guide. // -// Amazon Aurora doesn't support this operation. Call the CreateDBInstance operation +// Amazon Aurora doesn't support this action. Call the CreateDBInstance action // to create a DB instance for an Aurora DB cluster. // // All read replica DB instances are created with backups disabled. All other @@ -2748,11 +2767,10 @@ func (c *RDS) CreateEventSubscriptionRequest(input *CreateEventSubscriptionInput // CreateEventSubscription API operation for Amazon Relational Database Service. // -// Creates an RDS event notification subscription. This operation requires a -// topic Amazon Resource Name (ARN) created by either the RDS console, the SNS -// console, or the SNS API. To obtain an ARN with SNS, you must create a topic -// in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS -// console. +// Creates an RDS event notification subscription. This action requires a topic +// Amazon Resource Name (ARN) created by either the RDS console, the SNS console, +// or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon +// SNS and subscribe to the topic. The ARN is displayed in the SNS console. // // You can specify the type of source (SourceType) that you want to be notified // of and provide a list of RDS sources (SourceIds) that triggers the events. @@ -2878,7 +2896,7 @@ func (c *RDS) CreateGlobalClusterRequest(input *CreateGlobalClusterInput) (req * // Aurora cluster during the create operation, and this cluster becomes the // primary cluster of the global database. // -// This action applies only to Aurora DB clusters. +// This action only applies to Aurora DB clusters. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -8123,11 +8141,6 @@ func (c *RDS) DescribeEventsRequest(input *DescribeEventsInput) (req *request.Re // DB parameter group, DB security group, DB snapshot, DB cluster snapshot group, // or RDS Proxy can be obtained by providing the name as a parameter. // -// For more information on working with events, see Monitoring Amazon RDS events -// (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/working-with-events.html) -// in the Amazon RDS User Guide and Monitoring Amazon Aurora events (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/working-with-events.html) -// in the Amazon Aurora User Guide. -// // By default, RDS returns events that were generated in the past hour. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -9725,7 +9738,7 @@ func (c *RDS) FailoverDBClusterRequest(input *FailoverDBClusterInput) (req *requ // // An Amazon Aurora DB cluster automatically fails over to an Aurora Replica, // if one exists, when the primary DB instance fails. A Multi-AZ DB cluster -// automatically fails over to a readable standby DB instance when the primary +// automatically fails over to a readbable standby DB instance when the primary // DB instance fails. // // To simulate a failure of a primary instance for testing, you can force a @@ -10564,7 +10577,7 @@ func (c *RDS) ModifyDBClusterParameterGroupRequest(input *ModifyDBClusterParamet // when creating the default database for a DB cluster, such as the character // set for the default database defined by the character_set_database parameter. // You can use the Parameter Groups option of the Amazon RDS console (https://console.aws.amazon.com/rds/) -// or the DescribeDBClusterParameters operation to verify that your DB cluster +// or the DescribeDBClusterParameters action to verify that your DB cluster // parameter group has been created or modified. // // If the modified DB cluster parameter group is used by an Aurora Serverless @@ -10684,7 +10697,7 @@ func (c *RDS) ModifyDBClusterSnapshotAttributeRequest(input *ModifyDBClusterSnap // // To view which Amazon Web Services accounts have access to copy or restore // a manual DB cluster snapshot, or whether a manual DB cluster snapshot is -// public or private, use the DescribeDBClusterSnapshotAttributes API operation. +// public or private, use the DescribeDBClusterSnapshotAttributes API action. // The accounts are returned as values for the restore attribute. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -11381,7 +11394,7 @@ func (c *RDS) ModifyDBSnapshotAttributeRequest(input *ModifyDBSnapshotAttributeI // // To view which Amazon Web Services accounts have access to copy or restore // a manual DB snapshot, or whether a manual DB snapshot public or private, -// use the DescribeDBSnapshotAttributes API operation. The accounts are returned +// use the DescribeDBSnapshotAttributes API action. The accounts are returned // as values for the restore attribute. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -14900,7 +14913,7 @@ func (c *RDS) StopDBInstanceAutomatedBackupsReplicationRequest(input *StopDBInst // // Stops automated backup replication for a DB instance. // -// This command doesn't apply to RDS Custom, Aurora MySQL, and Aurora PostgreSQL. +// This command doesn't apply to RDS Custom. // // For more information, see Replicating Automated Backups to Another Amazon // Web Services Region (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReplicateBackups.html) @@ -16840,27 +16853,23 @@ type CopyDBClusterSnapshotInput struct { // KmsKeyId parameter, an error is returned. KmsKeyId *string `type:"string"` - // When you are copying a DB cluster snapshot from one Amazon Web Services GovCloud - // (US) Region to another, the URL that contains a Signature Version 4 signed - // request for the CopyDBClusterSnapshot API operation in the Amazon Web Services - // Region that contains the source DB cluster snapshot to copy. Use the PreSignedUrl - // parameter when copying an encrypted DB cluster snapshot from another Amazon - // Web Services Region. Don't specify PreSignedUrl when copying an encrypted - // DB cluster snapshot in the same Amazon Web Services Region. - // - // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's - // ignored in other Amazon Web Services Regions. + // The URL that contains a Signature Version 4 signed request for the CopyDBClusterSnapshot + // API action in the Amazon Web Services Region that contains the source DB + // cluster snapshot to copy. The PreSignedUrl parameter must be used when copying + // an encrypted DB cluster snapshot from another Amazon Web Services Region. + // Don't specify PreSignedUrl when you are copying an encrypted DB cluster snapshot + // in the same Amazon Web Services Region. // - // The presigned URL must be a valid request for the CopyDBClusterSnapshot API - // operation that can run in the source Amazon Web Services Region that contains - // the encrypted DB cluster snapshot to copy. The presigned URL request must - // contain the following parameter values: + // The pre-signed URL must be a valid request for the CopyDBClusterSnapshot + // API action that can be executed in the source Amazon Web Services Region + // that contains the encrypted DB cluster snapshot to be copied. The pre-signed + // URL request must contain the following parameter values: // - // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt - // the copy of the DB cluster snapshot in the destination Amazon Web Services - // Region. This is the same identifier for both the CopyDBClusterSnapshot - // operation that is called in the destination Amazon Web Services Region, - // and the operation contained in the presigned URL. + // * KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key + // to use to encrypt the copy of the DB cluster snapshot in the destination + // Amazon Web Services Region. This is the same identifier for both the CopyDBClusterSnapshot + // action that is called in the destination Amazon Web Services Region, and + // the action contained in the pre-signed URL. // // * DestinationRegion - The name of the Amazon Web Services Region that // the DB cluster snapshot is to be created in. @@ -16879,9 +16888,9 @@ type CopyDBClusterSnapshotInput struct { // // If you are using an Amazon Web Services SDK tool or the CLI, you can specify // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl - // manually. Specifying SourceRegion autogenerates a presigned URL that is a - // valid request for the operation that can run in the source Amazon Web Services - // Region. + // manually. Specifying SourceRegion autogenerates a pre-signed URL that is + // a valid request for the operation that can be executed in the source Amazon + // Web Services Region. PreSignedUrl *string `type:"string"` // The identifier of the DB cluster snapshot to copy. This parameter isn't case-sensitive. @@ -17227,40 +17236,36 @@ type CopyDBSnapshotInput struct { // in the Amazon RDS User Guide. OptionGroupName *string `type:"string"` - // When you are copying a snapshot from one Amazon Web Services GovCloud (US) - // Region to another, the URL that contains a Signature Version 4 signed request - // for the CopyDBSnapshot API operation in the source Amazon Web Services Region - // that contains the source DB snapshot to copy. - // - // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's - // ignored in other Amazon Web Services Regions. + // The URL that contains a Signature Version 4 signed request for the CopyDBSnapshot + // API action in the source Amazon Web Services Region that contains the source + // DB snapshot to copy. // // You must specify this parameter when you copy an encrypted DB snapshot from // another Amazon Web Services Region by using the Amazon RDS API. Don't specify // PreSignedUrl when you are copying an encrypted DB snapshot in the same Amazon // Web Services Region. // - // The presigned URL must be a valid request for the CopyDBClusterSnapshot API - // operation that can run in the source Amazon Web Services Region that contains - // the encrypted DB cluster snapshot to copy. The presigned URL request must - // contain the following parameter values: + // The presigned URL must be a valid request for the CopyDBSnapshot API action + // that can be executed in the source Amazon Web Services Region that contains + // the encrypted DB snapshot to be copied. The presigned URL request must contain + // the following parameter values: // // * DestinationRegion - The Amazon Web Services Region that the encrypted // DB snapshot is copied to. This Amazon Web Services Region is the same - // one where the CopyDBSnapshot operation is called that contains this presigned + // one where the CopyDBSnapshot action is called that contains this presigned // URL. For example, if you copy an encrypted DB snapshot from the us-west-2 // Amazon Web Services Region to the us-east-1 Amazon Web Services Region, - // then you call the CopyDBSnapshot operation in the us-east-1 Amazon Web - // Services Region and provide a presigned URL that contains a call to the - // CopyDBSnapshot operation in the us-west-2 Amazon Web Services Region. - // For this example, the DestinationRegion in the presigned URL must be set - // to the us-east-1 Amazon Web Services Region. - // - // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt - // the copy of the DB snapshot in the destination Amazon Web Services Region. - // This is the same identifier for both the CopyDBSnapshot operation that - // is called in the destination Amazon Web Services Region, and the operation - // contained in the presigned URL. + // then you call the CopyDBSnapshot action in the us-east-1 Amazon Web Services + // Region and provide a presigned URL that contains a call to the CopyDBSnapshot + // action in the us-west-2 Amazon Web Services Region. For this example, + // the DestinationRegion in the presigned URL must be set to the us-east-1 + // Amazon Web Services Region. + // + // * KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key + // to use to encrypt the copy of the DB snapshot in the destination Amazon + // Web Services Region. This is the same identifier for both the CopyDBSnapshot + // action that is called in the destination Amazon Web Services Region, and + // the action contained in the presigned URL. // // * SourceDBSnapshotIdentifier - The DB snapshot identifier for the encrypted // snapshot to be copied. This identifier must be in the Amazon Resource @@ -17276,9 +17281,9 @@ type CopyDBSnapshotInput struct { // // If you are using an Amazon Web Services SDK tool or the CLI, you can specify // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl - // manually. Specifying SourceRegion autogenerates a presigned URL that is a - // valid request for the operation that can run in the source Amazon Web Services - // Region. + // manually. Specifying SourceRegion autogenerates a pre-signed URL that is + // a valid request for the operation that can be executed in the source Amazon + // Web Services Region. PreSignedUrl *string `type:"string"` // The identifier for the source DB snapshot. @@ -17294,7 +17299,8 @@ type CopyDBSnapshotInput struct { // be the Amazon Resource Name (ARN) of the shared DB snapshot. // // If you are copying an encrypted snapshot this parameter must be in the ARN - // format for the source Amazon Web Services Region. + // format for the source Amazon Web Services Region, and must match the SourceDBSnapshotIdentifier + // in the PreSignedUrl parameter. // // Constraints: // @@ -18533,7 +18539,7 @@ type CreateDBClusterInput struct { // isn't enabled. // // For more information, see IAM Database Authentication (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/UsingWithRDS.IAMDBAuth.html) - // in the Amazon Aurora User Guide. + // in the Amazon Aurora User Guide.. // // Valid for: Aurora DB clusters only EnableIAMDatabaseAuthentication *bool `type:"boolean"` @@ -18578,8 +18584,6 @@ type CreateDBClusterInput struct { // The multimaster engine mode only applies for DB clusters created with Aurora // MySQL version 5.6.10a. // - // The serverless engine mode only applies for Aurora Serverless v1 DB clusters. - // // For Aurora PostgreSQL, the global engine mode isn't required, and both the // parallelquery and the multimaster engine modes currently aren't supported. // @@ -18588,8 +18592,6 @@ type CreateDBClusterInput struct { // // * Limitations of Aurora Serverless v1 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless.html#aurora-serverless.limitations) // - // * Requirements for Aurora Serverless v2 (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-serverless-v2.requirements.html) - // // * Limitations of Parallel Query (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-mysql-parallel-query.html#aurora-mysql-parallel-query-limitations) // // * Limitations of Aurora Global Databases (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/aurora-global-database.html#aurora-global-database.limitations) @@ -18763,27 +18765,8 @@ type CreateDBClusterInput struct { // Valid for: Multi-AZ DB clusters only PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // Valid for: Multi-AZ DB clusters only PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -18805,24 +18788,22 @@ type CreateDBClusterInput struct { // Valid for: Aurora DB clusters and Multi-AZ DB clusters Port *int64 `type:"integer"` - // When you are replicating a DB cluster from one Amazon Web Services GovCloud - // (US) Region to another, an URL that contains a Signature Version 4 signed - // request for the CreateDBCluster operation to be called in the source Amazon - // Web Services Region where the DB cluster is replicated from. Specify PreSignedUrl - // only when you are performing cross-Region replication from an encrypted DB - // cluster. + // A URL that contains a Signature Version 4 signed request for the CreateDBCluster + // action to be called in the source Amazon Web Services Region where the DB + // cluster is replicated from. Specify PreSignedUrl only when you are performing + // cross-Region replication from an encrypted DB cluster. // - // The presigned URL must be a valid request for the CreateDBCluster API operation - // that can run in the source Amazon Web Services Region that contains the encrypted - // DB cluster to copy. + // The pre-signed URL must be a valid request for the CreateDBCluster API action + // that can be executed in the source Amazon Web Services Region that contains + // the encrypted DB cluster to be copied. // - // The presigned URL request must contain the following parameter values: + // The pre-signed URL request must contain the following parameter values: // - // * KmsKeyId - The KMS key identifier for the KMS key to use to encrypt - // the copy of the DB cluster in the destination Amazon Web Services Region. - // This should refer to the same KMS key for both the CreateDBCluster operation - // that is called in the destination Amazon Web Services Region, and the - // operation contained in the presigned URL. + // * KmsKeyId - The Amazon Web Services KMS key identifier for the KMS key + // to use to encrypt the copy of the DB cluster in the destination Amazon + // Web Services Region. This should refer to the same KMS key for both the + // CreateDBCluster action that is called in the destination Amazon Web Services + // Region, and the action contained in the pre-signed URL. // // * DestinationRegion - The name of the Amazon Web Services Region that // Aurora read replica will be created in. @@ -18841,9 +18822,9 @@ type CreateDBClusterInput struct { // // If you are using an Amazon Web Services SDK tool or the CLI, you can specify // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl - // manually. Specifying SourceRegion autogenerates a presigned URL that is a - // valid request for the operation that can run in the source Amazon Web Services - // Region. + // manually. Specifying SourceRegion autogenerates a pre-signed URL that is + // a valid request for the operation that can be executed in the source Amazon + // Web Services Region. // // Valid for: Aurora DB clusters only PreSignedUrl *string `type:"string"` @@ -19753,7 +19734,7 @@ type CreateDBInstanceInput struct { // // * Can't be set to 0 if the DB instance is a source to read replicas // - // * Can't be set to 0 for an RDS Custom for Oracle DB instance + // * Can't be set to 0 or 35 for an RDS Custom for Oracle DB instance BackupRetentionPeriod *int64 `type:"integer"` // Specifies where automated backups and manual snapshots are stored. @@ -19810,12 +19791,11 @@ type CreateDBInstanceInput struct { // This setting doesn't apply to RDS Custom. DBClusterIdentifier *string `type:"string"` - // The compute and memory capacity of the DB instance, for example db.m5.large. + // The compute and memory capacity of the DB instance, for example db.m4.large. // Not all DB instance classes are available in all Amazon Web Services Regions, // or for all database engines. For the full list of DB instance classes, and - // availability for your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) - // in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) - // in the Amazon Aurora User Guide. + // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. // // DBInstanceClass is a required field DBInstanceClass *string `type:"string" required:"true"` @@ -19962,8 +19942,7 @@ type CreateDBInstanceInput struct { // A list of DB security groups to associate with this DB instance. // - // This setting applies to the legacy EC2-Classic platform, which is no longer - // used to create new DB instances. Use the VpcSecurityGroupIds setting instead. + // Default: The default DB security group for the database engine. DBSecurityGroups []*string `locationNameList:"DBSecurityGroupName" type:"list"` // A DB subnet group to associate with this DB instance. @@ -19995,20 +19974,12 @@ type CreateDBInstanceInput struct { // in the Amazon RDS User Guide. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. The domain is managed by the DB cluster. Domain *string `type:"string"` // Specify the name of the IAM role to be used when making API calls to the // Directory Service. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. The domain is managed by the DB cluster. DomainIAMRoleName *string `type:"string"` // The list of log types that need to be enabled for exporting to CloudWatch @@ -20065,16 +20036,13 @@ type CreateDBInstanceInput struct { // and Access Management (IAM) accounts to database accounts. By default, mapping // isn't enabled. // + // This setting doesn't apply to RDS Custom or Amazon Aurora. In Aurora, mapping + // Amazon Web Services IAM accounts to database accounts is managed by the DB + // cluster. + // // For more information, see IAM Database Authentication for MySQL and PostgreSQL // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) // in the Amazon RDS User Guide. - // - // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. Mapping Amazon Web Services IAM accounts to database accounts - // is managed by the DB cluster. EnableIAMDatabaseAuthentication *bool `type:"boolean"` // A value that indicates whether to enable Performance Insights for the DB @@ -20131,7 +20099,7 @@ type CreateDBInstanceInput struct { // The version number of the database engine to use. // - // For a list of valid engine versions, use the DescribeDBEngineVersions operation. + // For a list of valid engine versions, use the DescribeDBEngineVersions action. // // The following are the database engines and links to information about the // major and minor versions that are available with Amazon RDS. Not every database @@ -20190,10 +20158,6 @@ type CreateDBInstanceInput struct { // be a multiple between .5 and 50 of the storage amount for the DB instance. // For SQL Server DB instances, must be a multiple between 1 and 50 of the storage // amount for the DB instance. - // - // Amazon Aurora - // - // Not applicable. Storage is managed by the DB cluster. Iops *int64 `type:"integer"` // The Amazon Web Services KMS key identifier for an encrypted DB instance. @@ -20225,10 +20189,6 @@ type CreateDBInstanceInput struct { // Valid values: license-included | bring-your-own-license | general-public-license // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. LicenseModel *string `type:"string"` // The password for the master user. The password can include any printable @@ -20287,10 +20247,6 @@ type CreateDBInstanceInput struct { // in the Amazon RDS User Guide. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. Storage is managed by the DB cluster. MaxAllocatedStorage *int64 `type:"integer"` // The interval, in seconds, between points when Enhanced Monitoring metrics @@ -20322,11 +20278,6 @@ type CreateDBInstanceInput struct { // deployment. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. DB instance Availability Zones (AZs) are managed by the DB - // cluster. MultiAZ *bool `type:"boolean"` // The name of the NCHAR character set for the Oracle DB instance. @@ -20358,10 +20309,6 @@ type CreateDBInstanceInput struct { // from a DB instance after it is associated with a DB instance. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. OptionGroupName *string `type:"string"` // The Amazon Web Services KMS key identifier for encryption of Performance @@ -20378,27 +20325,8 @@ type CreateDBInstanceInput struct { // This setting doesn't apply to RDS Custom. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // This setting doesn't apply to RDS Custom. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -20493,10 +20421,6 @@ type CreateDBInstanceInput struct { // class of the DB instance. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. ProcessorFeatures []*ProcessorFeature `locationNameList:"ProcessorFeature" type:"list"` // A value that specifies the order in which an Aurora Replica is promoted to @@ -20563,10 +20487,6 @@ type CreateDBInstanceInput struct { // If you specify io1, you must also include a value for the Iops parameter. // // Default: io1 if the Iops parameter is specified, otherwise gp2 - // - // Amazon Aurora - // - // Not applicable. Storage is managed by the DB cluster. StorageType *string `type:"string"` // Tags to assign to the DB instance. @@ -20575,10 +20495,6 @@ type CreateDBInstanceInput struct { // The ARN from the key store with which to associate the instance for TDE encryption. // // This setting doesn't apply to RDS Custom. - // - // Amazon Aurora - // - // Not applicable. TdeCredentialArn *string `type:"string"` // The password for the given ARN from the key store in order to access the @@ -21045,8 +20961,8 @@ type CreateDBInstanceReadReplicaInput struct { // or the default DBParameterGroup for the specified DB engine for a cross-Region // read replica. // - // Specifying a parameter group for this operation is only supported for MySQL - // and Oracle DB instances. It isn't supported for RDS Custom. + // Specifying a parameter group for this operation is only supported for Oracle + // DB instances. It isn't supported for RDS Custom. // // Constraints: // @@ -21241,27 +21157,8 @@ type CreateDBInstanceReadReplicaInput struct { // This setting doesn't apply to RDS Custom. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // This setting doesn't apply to RDS Custom. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -21273,15 +21170,9 @@ type CreateDBInstanceReadReplicaInput struct { // Valid Values: 1150-65535 Port *int64 `type:"integer"` - // When you are creating a read replica from one Amazon Web Services GovCloud - // (US) Region to another or from one China Amazon Web Services Region to another, - // the URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica - // API operation in the source Amazon Web Services Region that contains the - // source DB instance. - // - // This setting applies only to Amazon Web Services GovCloud (US) Regions and - // China Amazon Web Services Regions. It's ignored in other Amazon Web Services - // Regions. + // The URL that contains a Signature Version 4 signed request for the CreateDBInstanceReadReplica + // API action in the source Amazon Web Services Region that contains the source + // DB instance. // // You must specify this parameter when you create an encrypted read replica // from another Amazon Web Services Region by using the Amazon RDS API. Don't @@ -21289,27 +21180,27 @@ type CreateDBInstanceReadReplicaInput struct { // same Amazon Web Services Region. // // The presigned URL must be a valid request for the CreateDBInstanceReadReplica - // API operation that can run in the source Amazon Web Services Region that - // contains the encrypted source DB instance. The presigned URL request must - // contain the following parameter values: + // API action that can be executed in the source Amazon Web Services Region + // that contains the encrypted source DB instance. The presigned URL request + // must contain the following parameter values: // // * DestinationRegion - The Amazon Web Services Region that the encrypted // read replica is created in. This Amazon Web Services Region is the same - // one where the CreateDBInstanceReadReplica operation is called that contains + // one where the CreateDBInstanceReadReplica action is called that contains // this presigned URL. For example, if you create an encrypted DB instance // in the us-west-1 Amazon Web Services Region, from a source DB instance // in the us-east-2 Amazon Web Services Region, then you call the CreateDBInstanceReadReplica - // operation in the us-east-1 Amazon Web Services Region and provide a presigned - // URL that contains a call to the CreateDBInstanceReadReplica operation - // in the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion + // action in the us-east-1 Amazon Web Services Region and provide a presigned + // URL that contains a call to the CreateDBInstanceReadReplica action in + // the us-west-2 Amazon Web Services Region. For this example, the DestinationRegion // in the presigned URL must be set to the us-east-1 Amazon Web Services // Region. // - // * KmsKeyId - The KMS key identifier for the key to use to encrypt the - // read replica in the destination Amazon Web Services Region. This is the - // same identifier for both the CreateDBInstanceReadReplica operation that - // is called in the destination Amazon Web Services Region, and the operation - // contained in the presigned URL. + // * KmsKeyId - The Amazon Web Services KMS key identifier for the key to + // use to encrypt the read replica in the destination Amazon Web Services + // Region. This is the same identifier for both the CreateDBInstanceReadReplica + // action that is called in the destination Amazon Web Services Region, and + // the action contained in the presigned URL. // // * SourceDBInstanceIdentifier - The DB instance identifier for the encrypted // DB instance to be replicated. This identifier must be in the Amazon Resource @@ -21326,11 +21217,11 @@ type CreateDBInstanceReadReplicaInput struct { // If you are using an Amazon Web Services SDK tool or the CLI, you can specify // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl // manually. Specifying SourceRegion autogenerates a presigned URL that is a - // valid request for the operation that can run in the source Amazon Web Services - // Region. + // valid request for the operation that can be executed in the source Amazon + // Web Services Region. // - // SourceRegion isn't supported for SQL Server, because Amazon RDS for SQL Server - // doesn't support cross-Region read replicas. + // SourceRegion isn't supported for SQL Server, because SQL Server on Amazon + // RDS doesn't support cross-Region read replicas. // // This setting doesn't apply to RDS Custom. PreSignedUrl *string `type:"string"` @@ -22794,7 +22685,7 @@ func (s *CreateEventSubscriptionOutput) SetEventSubscription(v *EventSubscriptio type CreateGlobalClusterInput struct { _ struct{} `type:"structure"` - // The name for your database of up to 64 alphanumeric characters. If you do + // The name for your database of up to 64 alpha-numeric characters. If you do // not provide a name, Amazon Aurora will not create a database in the global // database cluster you are creating. DatabaseName *string `type:"string"` @@ -23336,24 +23227,8 @@ type DBCluster struct { // This setting is only for non-Aurora Multi-AZ DB clusters. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // This setting is only for non-Aurora Multi-AZ DB clusters. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -25205,24 +25080,8 @@ type DBInstance struct { // ARN, or alias name for the KMS key. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // Specifies the daily time range during which automated backups are created @@ -35758,8 +35617,7 @@ func (s *EngineDefaults) SetParameters(v []*Parameter) *EngineDefaults { return s } -// This data type is used as a response element in the DescribeEvents (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEvents.html) -// action. +// This data type is used as a response element in the DescribeEvents action. type Event struct { _ struct{} `type:"structure"` @@ -35837,7 +35695,6 @@ func (s *Event) SetSourceType(v string) *Event { } // Contains the results of a successful invocation of the DescribeEventCategories -// (https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DescribeEventCategories.html) // operation. type EventCategoriesMap struct { _ struct{} `type:"structure"` @@ -38107,27 +37964,8 @@ type ModifyDBClusterInput struct { // Valid for: Multi-AZ DB clusters only PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // Valid for: Multi-AZ DB clusters only PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -38578,7 +38416,7 @@ type ModifyDBClusterSnapshotAttributeInput struct { // restore a manual DB cluster snapshot, set this value to restore. // // To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes - // API operation. + // API action. // // AttributeName is a required field AttributeName *string `type:"string" required:"true"` @@ -38794,8 +38632,8 @@ type ModifyDBInstanceInput struct { // Constraints: // // * It must be a value from 0 to 35. It can't be set to 0 if the DB instance - // is a source to read replicas. It can't be set to 0 for an RDS Custom for - // Oracle DB instance. + // is a source to read replicas. It can't be set to 0 or 35 for an RDS Custom + // for Oracle DB instance. // // * It can be specified for a MySQL read replica only if the source is running // MySQL 5.6 or later. @@ -38852,12 +38690,11 @@ type ModifyDBInstanceInput struct { // For more information, see ModifyDBCluster. CopyTagsToSnapshot *bool `type:"boolean"` - // The new compute and memory capacity of the DB instance, for example db.m5.large. + // The new compute and memory capacity of the DB instance, for example db.m4.large. // Not all DB instance classes are available in all Amazon Web Services Regions, // or for all database engines. For the full list of DB instance classes, and - // availability for your engine, see DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) - // in the Amazon RDS User Guide or Aurora DB instance classes (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Concepts.DBInstanceClass.html) - // in the Amazon Aurora User Guide. + // availability for your engine, see DB Instance Class (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.DBInstanceClass.html) + // in the Amazon RDS User Guide. // // If you modify the DB instance class, an outage occurs during the change. // The change is applied during the next maintenance window, unless ApplyImmediately @@ -39028,7 +38865,7 @@ type ModifyDBInstanceInput struct { // instance. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) - // in the Amazon RDS User Guide. + // in the Amazon RDS User Guide.. // // This setting doesn't apply to RDS Custom. EnablePerformanceInsights *bool `type:"boolean"` @@ -39123,7 +38960,7 @@ type ModifyDBInstanceInput struct { // // Constraints: Must contain from 8 to 128 characters. // - // Amazon RDS API operations never return the password, so this action provides + // Amazon RDS API actions never return the password, so this action provides // a way to regain access to a primary instance user if the password is lost. // This includes restoring privileges that might have been accidentally revoked. MasterUserPassword *string `type:"string"` @@ -39238,27 +39075,8 @@ type ModifyDBInstanceInput struct { // This setting doesn't apply to RDS Custom. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). // // This setting doesn't apply to RDS Custom. PerformanceInsightsRetentionPeriod *int64 `type:"integer"` @@ -40134,7 +39952,7 @@ type ModifyDBProxyTargetGroupInput struct { // for the target group. ConnectionPoolConfig *ConnectionPoolConfiguration `type:"structure"` - // The name of the proxy. + // The name of the new proxy to which to assign the target group. // // DBProxyName is a required field DBProxyName *string `type:"string" required:"true"` @@ -40144,7 +39962,7 @@ type ModifyDBProxyTargetGroupInput struct { // end with a hyphen or contain two consecutive hyphens. NewName *string `type:"string"` - // The name of the target group to modify. + // The name of the new target group to assign to the proxy. // // TargetGroupName is a required field TargetGroupName *string `type:"string" required:"true"` @@ -40248,7 +40066,7 @@ type ModifyDBSnapshotAttributeInput struct { // restore a manual DB snapshot, set this value to restore. // // To view the list of attributes available to modify, use the DescribeDBSnapshotAttributes - // API operation. + // API action. // // AttributeName is a required field AttributeName *string `type:"string" required:"true"` @@ -44445,8 +44263,8 @@ type RestoreDBClusterFromS3Input struct { // The name of the database engine to be used for this DB cluster. // - // Valid Values: aurora (for MySQL 5.6-compatible Aurora) and aurora-mysql (for - // MySQL 5.7-compatible and MySQL 8.0-compatible Aurora) + // Valid Values: aurora (for MySQL 5.6-compatible Aurora), aurora-mysql (for + // MySQL 5.7-compatible and MySQL 8.0-compatible Aurora), and aurora-postgresql // // Engine is a required field Engine *string `type:"string" required:"true"` @@ -44463,9 +44281,19 @@ type RestoreDBClusterFromS3Input struct { // // aws rds describe-db-engine-versions --engine aurora-mysql --query "DBEngineVersions[].EngineVersion" // + // To list all of the available engine versions for aurora-postgresql, use the + // following command: + // + // aws rds describe-db-engine-versions --engine aurora-postgresql --query "DBEngineVersions[].EngineVersion" + // // Aurora MySQL // - // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.mysql_aurora.2.07.1, 8.0.mysql_aurora.3.02.0 + // Example: 5.6.10a, 5.6.mysql_aurora.1.19.2, 5.7.12, 5.7.mysql_aurora.2.04.5, + // 8.0.mysql_aurora.3.01.0 + // + // Aurora PostgreSQL + // + // Example: 9.6.3, 10.7 EngineVersion *string `type:"string"` // The Amazon Web Services KMS key identifier for an encrypted DB cluster. @@ -45031,7 +44859,7 @@ type RestoreDBClusterFromSnapshotInput struct { // // For more information about exporting CloudWatch Logs for Amazon RDS, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) - // in the Amazon RDS User Guide. + // in the Amazon RDS User Guide.. // // For more information about exporting CloudWatch Logs for Amazon Aurora, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) @@ -45619,7 +45447,7 @@ type RestoreDBClusterToPointInTimeInput struct { // // For more information about exporting CloudWatch Logs for Amazon RDS, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) - // in the Amazon RDS User Guide. + // in the Amazon RDS User Guide.. // // For more information about exporting CloudWatch Logs for Amazon Aurora, see // Publishing Database Logs to Amazon CloudWatch Logs (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_LogAccess.html#USER_LogAccess.Procedural.UploadtoCloudWatch) @@ -46786,7 +46614,7 @@ type RestoreDBInstanceFromS3Input struct { // instance. // // For more information, see Using Amazon Performance Insights (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PerfInsights.html) - // in the Amazon RDS User Guide. + // in the Amazon RDS User Guide.. EnablePerformanceInsights *bool `type:"boolean"` // The name of the database engine to be used for this instance. @@ -46909,27 +46737,8 @@ type RestoreDBInstanceFromS3Input struct { // KMS key for each Amazon Web Services Region. PerformanceInsightsKMSKeyId *string `type:"string"` - // The number of days to retain Performance Insights data. The default is 7 - // days. The following values are valid: - // - // * 7 - // - // * month * 31, where month is a number of months from 1-23 - // - // * 731 - // - // For example, the following values are valid: - // - // * 93 (3 months * 31) - // - // * 341 (11 months * 31) - // - // * 589 (19 months * 31) - // - // * 731 - // - // If you specify a retention period such as 94, which isn't a valid value, - // RDS issues an error. + // The amount of time, in days, to retain Performance Insights data. Valid values + // are 7 or 731 (2 years). PerformanceInsightsRetentionPeriod *int64 `type:"integer"` // The port number on which the database accepts connections. @@ -48883,26 +48692,11 @@ type StartDBInstanceAutomatedBackupsReplicationInput struct { // arn:aws:kms:us-east-1:123456789012:key/AKIAIOSFODNN7EXAMPLE. KmsKeyId *string `type:"string"` - // In an Amazon Web Services GovCloud (US) Region, an URL that contains a Signature - // Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication - // operation to call in the Amazon Web Services Region of the source DB instance. + // A URL that contains a Signature Version 4 signed request for the StartDBInstanceAutomatedBackupsReplication + // action to be called in the Amazon Web Services Region of the source DB instance. // The presigned URL must be a valid request for the StartDBInstanceAutomatedBackupsReplication - // API operation that can run in the Amazon Web Services Region that contains + // API action that can be executed in the Amazon Web Services Region that contains // the source DB instance. - // - // This setting applies only to Amazon Web Services GovCloud (US) Regions. It's - // ignored in other Amazon Web Services Regions. - // - // To learn how to generate a Signature Version 4 signed request, see Authenticating - // Requests: Using Query Parameters (Amazon Web Services Signature Version 4) - // (https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-query-string-auth.html) - // and Signature Version 4 Signing Process (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html). - // - // If you are using an Amazon Web Services SDK tool or the CLI, you can specify - // SourceRegion (or --source-region for the CLI) instead of specifying PreSignedUrl - // manually. Specifying SourceRegion autogenerates a presigned URL that is a - // valid request for the operation that can run in the source Amazon Web Services - // Region. PreSignedUrl *string `type:"string"` // The Amazon Resource Name (ARN) of the source DB instance for the replicated @@ -50392,9 +50186,7 @@ func (s *ValidStorageOptions) SetSupportsStorageAutoscaling(v bool) *ValidStorag type VpcSecurityGroupMembership struct { _ struct{} `type:"structure"` - // The membership status of the VPC security group. - // - // Currently, the only valid status is active. + // The status of the VPC security group. Status *string `type:"string"` // The name of the VPC security group. diff --git a/service/rds/rdsiface/interface.go b/service/rds/rdsiface/interface.go index b190fe30e03..63aea82f8e7 100644 --- a/service/rds/rdsiface/interface.go +++ b/service/rds/rdsiface/interface.go @@ -699,6 +699,12 @@ type RDSAPI interface { StopDBInstanceAutomatedBackupsReplicationWithContext(aws.Context, *rds.StopDBInstanceAutomatedBackupsReplicationInput, ...request.Option) (*rds.StopDBInstanceAutomatedBackupsReplicationOutput, error) StopDBInstanceAutomatedBackupsReplicationRequest(*rds.StopDBInstanceAutomatedBackupsReplicationInput) (*request.Request, *rds.StopDBInstanceAutomatedBackupsReplicationOutput) + WaitUntilDBClusterAvailable(*rds.DescribeDBClustersInput) error + WaitUntilDBClusterAvailableWithContext(aws.Context, *rds.DescribeDBClustersInput, ...request.WaiterOption) error + + WaitUntilDBClusterDeleted(*rds.DescribeDBClustersInput) error + WaitUntilDBClusterDeletedWithContext(aws.Context, *rds.DescribeDBClustersInput, ...request.WaiterOption) error + WaitUntilDBClusterSnapshotAvailable(*rds.DescribeDBClusterSnapshotsInput) error WaitUntilDBClusterSnapshotAvailableWithContext(aws.Context, *rds.DescribeDBClusterSnapshotsInput, ...request.WaiterOption) error diff --git a/service/rds/waiters.go b/service/rds/waiters.go index c5e905cec45..15e6c5a3fe3 100644 --- a/service/rds/waiters.go +++ b/service/rds/waiters.go @@ -9,6 +9,148 @@ import ( "github.com/aws/aws-sdk-go/aws/request" ) +// WaitUntilDBClusterAvailable uses the Amazon RDS API operation +// DescribeDBClusters to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilDBClusterAvailable(input *DescribeDBClustersInput) error { + return c.WaitUntilDBClusterAvailableWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilDBClusterAvailableWithContext is an extended version of WaitUntilDBClusterAvailable. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilDBClusterAvailableWithContext(ctx aws.Context, input *DescribeDBClustersInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilDBClusterAvailable", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathAllWaiterMatch, Argument: "DBClusters[].Status", + Expected: "available", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "deleted", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "deleting", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "failed", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "incompatible-restore", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "incompatible-parameters", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeDBClustersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBClustersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + +// WaitUntilDBClusterDeleted uses the Amazon RDS API operation +// DescribeDBClusters to wait for a condition to be met before returning. +// If the condition is not met within the max attempt window, an error will +// be returned. +func (c *RDS) WaitUntilDBClusterDeleted(input *DescribeDBClustersInput) error { + return c.WaitUntilDBClusterDeletedWithContext(aws.BackgroundContext(), input) +} + +// WaitUntilDBClusterDeletedWithContext is an extended version of WaitUntilDBClusterDeleted. +// With the support for passing in a context and options to configure the +// Waiter and the underlying request options. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RDS) WaitUntilDBClusterDeletedWithContext(ctx aws.Context, input *DescribeDBClustersInput, opts ...request.WaiterOption) error { + w := request.Waiter{ + Name: "WaitUntilDBClusterDeleted", + MaxAttempts: 60, + Delay: request.ConstantWaiterDelay(30 * time.Second), + Acceptors: []request.WaiterAcceptor{ + { + State: request.SuccessWaiterState, + Matcher: request.PathWaiterMatch, Argument: "length(DBClusters) == `0`", + Expected: true, + }, + { + State: request.SuccessWaiterState, + Matcher: request.ErrorWaiterMatch, + Expected: "DBClusterNotFoundFault", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "creating", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "modifying", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "rebooting", + }, + { + State: request.FailureWaiterState, + Matcher: request.PathAnyWaiterMatch, Argument: "DBClusters[].Status", + Expected: "resetting-master-credentials", + }, + }, + Logger: c.Config.Logger, + NewRequest: func(opts []request.Option) (*request.Request, error) { + var inCpy *DescribeDBClustersInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.DescribeDBClustersRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + w.ApplyOptions(opts...) + + return w.WaitWithContext(ctx) +} + // WaitUntilDBClusterSnapshotAvailable uses the Amazon RDS API operation // DescribeDBClusterSnapshots to wait for a condition to be met before returning. // If the condition is not met within the max attempt window, an error will diff --git a/service/rolesanywhere/api.go b/service/rolesanywhere/api.go new file mode 100644 index 00000000000..5ee06daaeb0 --- /dev/null +++ b/service/rolesanywhere/api.go @@ -0,0 +1,6057 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package rolesanywhere + +import ( + "fmt" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awsutil" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +const opCreateProfile = "CreateProfile" + +// CreateProfileRequest generates a "aws/request.Request" representing the +// client's request for the CreateProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateProfile for more information on using the CreateProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateProfileRequest method. +// req, resp := client.CreateProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/CreateProfile +func (c *RolesAnywhere) CreateProfileRequest(input *CreateProfileInput) (req *request.Request, output *CreateProfileOutput) { + op := &request.Operation{ + Name: opCreateProfile, + HTTPMethod: "POST", + HTTPPath: "/profiles", + } + + if input == nil { + input = &CreateProfileInput{} + } + + output = &CreateProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateProfile API operation for IAM Roles Anywhere. +// +// Creates a profile. A profile is configuration resource to list the roles +// that RolesAnywhere service is trusted to assume. In addition, by applying +// a profile you can intersect permissions with IAM managed policies. +// +// Required permissions: rolesanywhere:CreateProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation CreateProfile for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/CreateProfile +func (c *RolesAnywhere) CreateProfile(input *CreateProfileInput) (*CreateProfileOutput, error) { + req, out := c.CreateProfileRequest(input) + return out, req.Send() +} + +// CreateProfileWithContext is the same as CreateProfile with the addition of +// the ability to pass a context and additional request options. +// +// See CreateProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) CreateProfileWithContext(ctx aws.Context, input *CreateProfileInput, opts ...request.Option) (*CreateProfileOutput, error) { + req, out := c.CreateProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opCreateTrustAnchor = "CreateTrustAnchor" + +// CreateTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the CreateTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See CreateTrustAnchor for more information on using the CreateTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the CreateTrustAnchorRequest method. +// req, resp := client.CreateTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/CreateTrustAnchor +func (c *RolesAnywhere) CreateTrustAnchorRequest(input *CreateTrustAnchorInput) (req *request.Request, output *CreateTrustAnchorOutput) { + op := &request.Operation{ + Name: opCreateTrustAnchor, + HTTPMethod: "POST", + HTTPPath: "/trustanchors", + } + + if input == nil { + input = &CreateTrustAnchorInput{} + } + + output = &CreateTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// CreateTrustAnchor API operation for IAM Roles Anywhere. +// +// Creates a trust anchor. You establish trust between IAM Roles Anywhere and +// your certificate authority (CA) by configuring a trust anchor. A Trust Anchor +// is defined either as a reference to a AWS Certificate Manager Private Certificate +// Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. +// Your AWS workloads can authenticate with the trust anchor using certificates +// issued by the trusted Certificate Authority (CA) in exchange for temporary +// AWS credentials. +// +// Required permissions: rolesanywhere:CreateTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation CreateTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/CreateTrustAnchor +func (c *RolesAnywhere) CreateTrustAnchor(input *CreateTrustAnchorInput) (*CreateTrustAnchorOutput, error) { + req, out := c.CreateTrustAnchorRequest(input) + return out, req.Send() +} + +// CreateTrustAnchorWithContext is the same as CreateTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See CreateTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) CreateTrustAnchorWithContext(ctx aws.Context, input *CreateTrustAnchorInput, opts ...request.Option) (*CreateTrustAnchorOutput, error) { + req, out := c.CreateTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteCrl = "DeleteCrl" + +// DeleteCrlRequest generates a "aws/request.Request" representing the +// client's request for the DeleteCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteCrl for more information on using the DeleteCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteCrlRequest method. +// req, resp := client.DeleteCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteCrl +func (c *RolesAnywhere) DeleteCrlRequest(input *DeleteCrlInput) (req *request.Request, output *DeleteCrlOutput) { + op := &request.Operation{ + Name: opDeleteCrl, + HTTPMethod: "DELETE", + HTTPPath: "/crl/{crlId}", + } + + if input == nil { + input = &DeleteCrlInput{} + } + + output = &DeleteCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteCrl API operation for IAM Roles Anywhere. +// +// Deletes a certificate revocation list (CRL). +// +// Required permissions: rolesanywhere:DeleteCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DeleteCrl for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteCrl +func (c *RolesAnywhere) DeleteCrl(input *DeleteCrlInput) (*DeleteCrlOutput, error) { + req, out := c.DeleteCrlRequest(input) + return out, req.Send() +} + +// DeleteCrlWithContext is the same as DeleteCrl with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DeleteCrlWithContext(ctx aws.Context, input *DeleteCrlInput, opts ...request.Option) (*DeleteCrlOutput, error) { + req, out := c.DeleteCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteProfile = "DeleteProfile" + +// DeleteProfileRequest generates a "aws/request.Request" representing the +// client's request for the DeleteProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteProfile for more information on using the DeleteProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteProfileRequest method. +// req, resp := client.DeleteProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteProfile +func (c *RolesAnywhere) DeleteProfileRequest(input *DeleteProfileInput) (req *request.Request, output *DeleteProfileOutput) { + op := &request.Operation{ + Name: opDeleteProfile, + HTTPMethod: "DELETE", + HTTPPath: "/profile/{profileId}", + } + + if input == nil { + input = &DeleteProfileInput{} + } + + output = &DeleteProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteProfile API operation for IAM Roles Anywhere. +// +// Deletes a profile. +// +// Required permissions: rolesanywhere:DeleteProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DeleteProfile for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteProfile +func (c *RolesAnywhere) DeleteProfile(input *DeleteProfileInput) (*DeleteProfileOutput, error) { + req, out := c.DeleteProfileRequest(input) + return out, req.Send() +} + +// DeleteProfileWithContext is the same as DeleteProfile with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DeleteProfileWithContext(ctx aws.Context, input *DeleteProfileInput, opts ...request.Option) (*DeleteProfileOutput, error) { + req, out := c.DeleteProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDeleteTrustAnchor = "DeleteTrustAnchor" + +// DeleteTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the DeleteTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DeleteTrustAnchor for more information on using the DeleteTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DeleteTrustAnchorRequest method. +// req, resp := client.DeleteTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteTrustAnchor +func (c *RolesAnywhere) DeleteTrustAnchorRequest(input *DeleteTrustAnchorInput) (req *request.Request, output *DeleteTrustAnchorOutput) { + op := &request.Operation{ + Name: opDeleteTrustAnchor, + HTTPMethod: "DELETE", + HTTPPath: "/trustanchor/{trustAnchorId}", + } + + if input == nil { + input = &DeleteTrustAnchorInput{} + } + + output = &DeleteTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// DeleteTrustAnchor API operation for IAM Roles Anywhere. +// +// Deletes a trust anchor. +// +// Required permissions: rolesanywhere:DeleteTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DeleteTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DeleteTrustAnchor +func (c *RolesAnywhere) DeleteTrustAnchor(input *DeleteTrustAnchorInput) (*DeleteTrustAnchorOutput, error) { + req, out := c.DeleteTrustAnchorRequest(input) + return out, req.Send() +} + +// DeleteTrustAnchorWithContext is the same as DeleteTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See DeleteTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DeleteTrustAnchorWithContext(ctx aws.Context, input *DeleteTrustAnchorInput, opts ...request.Option) (*DeleteTrustAnchorOutput, error) { + req, out := c.DeleteTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableCrl = "DisableCrl" + +// DisableCrlRequest generates a "aws/request.Request" representing the +// client's request for the DisableCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableCrl for more information on using the DisableCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableCrlRequest method. +// req, resp := client.DisableCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableCrl +func (c *RolesAnywhere) DisableCrlRequest(input *DisableCrlInput) (req *request.Request, output *DisableCrlOutput) { + op := &request.Operation{ + Name: opDisableCrl, + HTTPMethod: "POST", + HTTPPath: "/crl/{crlId}/disable", + } + + if input == nil { + input = &DisableCrlInput{} + } + + output = &DisableCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableCrl API operation for IAM Roles Anywhere. +// +// Disables a certificate revocation list (CRL). +// +// Required permissions: rolesanywhere:DisableCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DisableCrl for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableCrl +func (c *RolesAnywhere) DisableCrl(input *DisableCrlInput) (*DisableCrlOutput, error) { + req, out := c.DisableCrlRequest(input) + return out, req.Send() +} + +// DisableCrlWithContext is the same as DisableCrl with the addition of +// the ability to pass a context and additional request options. +// +// See DisableCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DisableCrlWithContext(ctx aws.Context, input *DisableCrlInput, opts ...request.Option) (*DisableCrlOutput, error) { + req, out := c.DisableCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableProfile = "DisableProfile" + +// DisableProfileRequest generates a "aws/request.Request" representing the +// client's request for the DisableProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableProfile for more information on using the DisableProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableProfileRequest method. +// req, resp := client.DisableProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableProfile +func (c *RolesAnywhere) DisableProfileRequest(input *DisableProfileInput) (req *request.Request, output *DisableProfileOutput) { + op := &request.Operation{ + Name: opDisableProfile, + HTTPMethod: "POST", + HTTPPath: "/profile/{profileId}/disable", + } + + if input == nil { + input = &DisableProfileInput{} + } + + output = &DisableProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableProfile API operation for IAM Roles Anywhere. +// +// Disables a profile. When disabled, CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) +// requests with this profile fail. +// +// Required permissions: rolesanywhere:DisableProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DisableProfile for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableProfile +func (c *RolesAnywhere) DisableProfile(input *DisableProfileInput) (*DisableProfileOutput, error) { + req, out := c.DisableProfileRequest(input) + return out, req.Send() +} + +// DisableProfileWithContext is the same as DisableProfile with the addition of +// the ability to pass a context and additional request options. +// +// See DisableProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DisableProfileWithContext(ctx aws.Context, input *DisableProfileInput, opts ...request.Option) (*DisableProfileOutput, error) { + req, out := c.DisableProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opDisableTrustAnchor = "DisableTrustAnchor" + +// DisableTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the DisableTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See DisableTrustAnchor for more information on using the DisableTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the DisableTrustAnchorRequest method. +// req, resp := client.DisableTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableTrustAnchor +func (c *RolesAnywhere) DisableTrustAnchorRequest(input *DisableTrustAnchorInput) (req *request.Request, output *DisableTrustAnchorOutput) { + op := &request.Operation{ + Name: opDisableTrustAnchor, + HTTPMethod: "POST", + HTTPPath: "/trustanchor/{trustAnchorId}/disable", + } + + if input == nil { + input = &DisableTrustAnchorInput{} + } + + output = &DisableTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// DisableTrustAnchor API operation for IAM Roles Anywhere. +// +// Disables a trust anchor. When disabled, CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) +// requests specifying this trust anchor are unauthorized. +// +// Required permissions: rolesanywhere:DisableTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation DisableTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/DisableTrustAnchor +func (c *RolesAnywhere) DisableTrustAnchor(input *DisableTrustAnchorInput) (*DisableTrustAnchorOutput, error) { + req, out := c.DisableTrustAnchorRequest(input) + return out, req.Send() +} + +// DisableTrustAnchorWithContext is the same as DisableTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See DisableTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) DisableTrustAnchorWithContext(ctx aws.Context, input *DisableTrustAnchorInput, opts ...request.Option) (*DisableTrustAnchorOutput, error) { + req, out := c.DisableTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableCrl = "EnableCrl" + +// EnableCrlRequest generates a "aws/request.Request" representing the +// client's request for the EnableCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableCrl for more information on using the EnableCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableCrlRequest method. +// req, resp := client.EnableCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableCrl +func (c *RolesAnywhere) EnableCrlRequest(input *EnableCrlInput) (req *request.Request, output *EnableCrlOutput) { + op := &request.Operation{ + Name: opEnableCrl, + HTTPMethod: "POST", + HTTPPath: "/crl/{crlId}/enable", + } + + if input == nil { + input = &EnableCrlInput{} + } + + output = &EnableCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableCrl API operation for IAM Roles Anywhere. +// +// Enables a certificate revocation list (CRL). When enabled, certificates stored +// in the CRL are unauthorized to receive session credentials. +// +// Required permissions: rolesanywhere:EnableCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation EnableCrl for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableCrl +func (c *RolesAnywhere) EnableCrl(input *EnableCrlInput) (*EnableCrlOutput, error) { + req, out := c.EnableCrlRequest(input) + return out, req.Send() +} + +// EnableCrlWithContext is the same as EnableCrl with the addition of +// the ability to pass a context and additional request options. +// +// See EnableCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) EnableCrlWithContext(ctx aws.Context, input *EnableCrlInput, opts ...request.Option) (*EnableCrlOutput, error) { + req, out := c.EnableCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableProfile = "EnableProfile" + +// EnableProfileRequest generates a "aws/request.Request" representing the +// client's request for the EnableProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableProfile for more information on using the EnableProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableProfileRequest method. +// req, resp := client.EnableProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableProfile +func (c *RolesAnywhere) EnableProfileRequest(input *EnableProfileInput) (req *request.Request, output *EnableProfileOutput) { + op := &request.Operation{ + Name: opEnableProfile, + HTTPMethod: "POST", + HTTPPath: "/profile/{profileId}/enable", + } + + if input == nil { + input = &EnableProfileInput{} + } + + output = &EnableProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableProfile API operation for IAM Roles Anywhere. +// +// Enables the roles in a profile to receive session credentials in CreateSession +// (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html). +// +// Required permissions: rolesanywhere:EnableProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation EnableProfile for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableProfile +func (c *RolesAnywhere) EnableProfile(input *EnableProfileInput) (*EnableProfileOutput, error) { + req, out := c.EnableProfileRequest(input) + return out, req.Send() +} + +// EnableProfileWithContext is the same as EnableProfile with the addition of +// the ability to pass a context and additional request options. +// +// See EnableProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) EnableProfileWithContext(ctx aws.Context, input *EnableProfileInput, opts ...request.Option) (*EnableProfileOutput, error) { + req, out := c.EnableProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opEnableTrustAnchor = "EnableTrustAnchor" + +// EnableTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the EnableTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See EnableTrustAnchor for more information on using the EnableTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the EnableTrustAnchorRequest method. +// req, resp := client.EnableTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableTrustAnchor +func (c *RolesAnywhere) EnableTrustAnchorRequest(input *EnableTrustAnchorInput) (req *request.Request, output *EnableTrustAnchorOutput) { + op := &request.Operation{ + Name: opEnableTrustAnchor, + HTTPMethod: "POST", + HTTPPath: "/trustanchor/{trustAnchorId}/enable", + } + + if input == nil { + input = &EnableTrustAnchorInput{} + } + + output = &EnableTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// EnableTrustAnchor API operation for IAM Roles Anywhere. +// +// Enables a trust anchor. When enabled, certificates in the trust anchor chain +// are authorized for trust validation. +// +// Required permissions: rolesanywhere:EnableTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation EnableTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/EnableTrustAnchor +func (c *RolesAnywhere) EnableTrustAnchor(input *EnableTrustAnchorInput) (*EnableTrustAnchorOutput, error) { + req, out := c.EnableTrustAnchorRequest(input) + return out, req.Send() +} + +// EnableTrustAnchorWithContext is the same as EnableTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See EnableTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) EnableTrustAnchorWithContext(ctx aws.Context, input *EnableTrustAnchorInput, opts ...request.Option) (*EnableTrustAnchorOutput, error) { + req, out := c.EnableTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetCrl = "GetCrl" + +// GetCrlRequest generates a "aws/request.Request" representing the +// client's request for the GetCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetCrl for more information on using the GetCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetCrlRequest method. +// req, resp := client.GetCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetCrl +func (c *RolesAnywhere) GetCrlRequest(input *GetCrlInput) (req *request.Request, output *GetCrlOutput) { + op := &request.Operation{ + Name: opGetCrl, + HTTPMethod: "GET", + HTTPPath: "/crl/{crlId}", + } + + if input == nil { + input = &GetCrlInput{} + } + + output = &GetCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetCrl API operation for IAM Roles Anywhere. +// +// Gets a certificate revocation list (CRL). +// +// Required permissions: rolesanywhere:GetCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation GetCrl for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetCrl +func (c *RolesAnywhere) GetCrl(input *GetCrlInput) (*GetCrlOutput, error) { + req, out := c.GetCrlRequest(input) + return out, req.Send() +} + +// GetCrlWithContext is the same as GetCrl with the addition of +// the ability to pass a context and additional request options. +// +// See GetCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) GetCrlWithContext(ctx aws.Context, input *GetCrlInput, opts ...request.Option) (*GetCrlOutput, error) { + req, out := c.GetCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetProfile = "GetProfile" + +// GetProfileRequest generates a "aws/request.Request" representing the +// client's request for the GetProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetProfile for more information on using the GetProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetProfileRequest method. +// req, resp := client.GetProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetProfile +func (c *RolesAnywhere) GetProfileRequest(input *GetProfileInput) (req *request.Request, output *GetProfileOutput) { + op := &request.Operation{ + Name: opGetProfile, + HTTPMethod: "GET", + HTTPPath: "/profile/{profileId}", + } + + if input == nil { + input = &GetProfileInput{} + } + + output = &GetProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetProfile API operation for IAM Roles Anywhere. +// +// Gets a profile. +// +// Required permissions: rolesanywhere:GetProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation GetProfile for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetProfile +func (c *RolesAnywhere) GetProfile(input *GetProfileInput) (*GetProfileOutput, error) { + req, out := c.GetProfileRequest(input) + return out, req.Send() +} + +// GetProfileWithContext is the same as GetProfile with the addition of +// the ability to pass a context and additional request options. +// +// See GetProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) GetProfileWithContext(ctx aws.Context, input *GetProfileInput, opts ...request.Option) (*GetProfileOutput, error) { + req, out := c.GetProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetSubject = "GetSubject" + +// GetSubjectRequest generates a "aws/request.Request" representing the +// client's request for the GetSubject operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetSubject for more information on using the GetSubject +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetSubjectRequest method. +// req, resp := client.GetSubjectRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetSubject +func (c *RolesAnywhere) GetSubjectRequest(input *GetSubjectInput) (req *request.Request, output *GetSubjectOutput) { + op := &request.Operation{ + Name: opGetSubject, + HTTPMethod: "GET", + HTTPPath: "/subject/{subjectId}", + } + + if input == nil { + input = &GetSubjectInput{} + } + + output = &GetSubjectOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetSubject API operation for IAM Roles Anywhere. +// +// Gets a Subject. A Subject associates a certificate identity with authentication +// attempts by CreateSession. The Subject resources stores audit information +// such as status of the last authentication attempt, the certificate data used +// in the attempt, and the last time the associated identity attempted authentication. +// +// Required permissions: rolesanywhere:GetSubject. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation GetSubject for usage and error information. +// +// Returned Error Types: +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetSubject +func (c *RolesAnywhere) GetSubject(input *GetSubjectInput) (*GetSubjectOutput, error) { + req, out := c.GetSubjectRequest(input) + return out, req.Send() +} + +// GetSubjectWithContext is the same as GetSubject with the addition of +// the ability to pass a context and additional request options. +// +// See GetSubject for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) GetSubjectWithContext(ctx aws.Context, input *GetSubjectInput, opts ...request.Option) (*GetSubjectOutput, error) { + req, out := c.GetSubjectRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opGetTrustAnchor = "GetTrustAnchor" + +// GetTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the GetTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See GetTrustAnchor for more information on using the GetTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the GetTrustAnchorRequest method. +// req, resp := client.GetTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetTrustAnchor +func (c *RolesAnywhere) GetTrustAnchorRequest(input *GetTrustAnchorInput) (req *request.Request, output *GetTrustAnchorOutput) { + op := &request.Operation{ + Name: opGetTrustAnchor, + HTTPMethod: "GET", + HTTPPath: "/trustanchor/{trustAnchorId}", + } + + if input == nil { + input = &GetTrustAnchorInput{} + } + + output = &GetTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// GetTrustAnchor API operation for IAM Roles Anywhere. +// +// Gets a trust anchor. +// +// Required permissions: rolesanywhere:GetTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation GetTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/GetTrustAnchor +func (c *RolesAnywhere) GetTrustAnchor(input *GetTrustAnchorInput) (*GetTrustAnchorOutput, error) { + req, out := c.GetTrustAnchorRequest(input) + return out, req.Send() +} + +// GetTrustAnchorWithContext is the same as GetTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See GetTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) GetTrustAnchorWithContext(ctx aws.Context, input *GetTrustAnchorInput, opts ...request.Option) (*GetTrustAnchorOutput, error) { + req, out := c.GetTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opImportCrl = "ImportCrl" + +// ImportCrlRequest generates a "aws/request.Request" representing the +// client's request for the ImportCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ImportCrl for more information on using the ImportCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ImportCrlRequest method. +// req, resp := client.ImportCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ImportCrl +func (c *RolesAnywhere) ImportCrlRequest(input *ImportCrlInput) (req *request.Request, output *ImportCrlOutput) { + op := &request.Operation{ + Name: opImportCrl, + HTTPMethod: "POST", + HTTPPath: "/crls", + } + + if input == nil { + input = &ImportCrlInput{} + } + + output = &ImportCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// ImportCrl API operation for IAM Roles Anywhere. +// +// Imports the certificate revocation list (CRL). CRl is a list of certificates +// that have been revoked by the issuing certificate Authority (CA). IAM Roles +// Anywhere validates against the crl list before issuing credentials. +// +// Required permissions: rolesanywhere:ImportCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ImportCrl for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ImportCrl +func (c *RolesAnywhere) ImportCrl(input *ImportCrlInput) (*ImportCrlOutput, error) { + req, out := c.ImportCrlRequest(input) + return out, req.Send() +} + +// ImportCrlWithContext is the same as ImportCrl with the addition of +// the ability to pass a context and additional request options. +// +// See ImportCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ImportCrlWithContext(ctx aws.Context, input *ImportCrlInput, opts ...request.Option) (*ImportCrlOutput, error) { + req, out := c.ImportCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListCrls = "ListCrls" + +// ListCrlsRequest generates a "aws/request.Request" representing the +// client's request for the ListCrls operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListCrls for more information on using the ListCrls +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListCrlsRequest method. +// req, resp := client.ListCrlsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListCrls +func (c *RolesAnywhere) ListCrlsRequest(input *ListCrlsInput) (req *request.Request, output *ListCrlsOutput) { + op := &request.Operation{ + Name: opListCrls, + HTTPMethod: "GET", + HTTPPath: "/crls", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListCrlsInput{} + } + + output = &ListCrlsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListCrls API operation for IAM Roles Anywhere. +// +// Lists all Crls in the authenticated account and Amazon Web Services Region. +// +// Required permissions: rolesanywhere:ListCrls. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ListCrls for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListCrls +func (c *RolesAnywhere) ListCrls(input *ListCrlsInput) (*ListCrlsOutput, error) { + req, out := c.ListCrlsRequest(input) + return out, req.Send() +} + +// ListCrlsWithContext is the same as ListCrls with the addition of +// the ability to pass a context and additional request options. +// +// See ListCrls for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListCrlsWithContext(ctx aws.Context, input *ListCrlsInput, opts ...request.Option) (*ListCrlsOutput, error) { + req, out := c.ListCrlsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListCrlsPages iterates over the pages of a ListCrls operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListCrls method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListCrls operation. +// pageNum := 0 +// err := client.ListCrlsPages(params, +// func(page *rolesanywhere.ListCrlsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *RolesAnywhere) ListCrlsPages(input *ListCrlsInput, fn func(*ListCrlsOutput, bool) bool) error { + return c.ListCrlsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListCrlsPagesWithContext same as ListCrlsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListCrlsPagesWithContext(ctx aws.Context, input *ListCrlsInput, fn func(*ListCrlsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListCrlsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListCrlsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListCrlsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListProfiles = "ListProfiles" + +// ListProfilesRequest generates a "aws/request.Request" representing the +// client's request for the ListProfiles operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListProfiles for more information on using the ListProfiles +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListProfilesRequest method. +// req, resp := client.ListProfilesRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListProfiles +func (c *RolesAnywhere) ListProfilesRequest(input *ListProfilesInput) (req *request.Request, output *ListProfilesOutput) { + op := &request.Operation{ + Name: opListProfiles, + HTTPMethod: "GET", + HTTPPath: "/profiles", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListProfilesInput{} + } + + output = &ListProfilesOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListProfiles API operation for IAM Roles Anywhere. +// +// Lists all profiles in the authenticated account and Amazon Web Services Region. +// +// Required permissions: rolesanywhere:ListProfiles. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ListProfiles for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListProfiles +func (c *RolesAnywhere) ListProfiles(input *ListProfilesInput) (*ListProfilesOutput, error) { + req, out := c.ListProfilesRequest(input) + return out, req.Send() +} + +// ListProfilesWithContext is the same as ListProfiles with the addition of +// the ability to pass a context and additional request options. +// +// See ListProfiles for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListProfilesWithContext(ctx aws.Context, input *ListProfilesInput, opts ...request.Option) (*ListProfilesOutput, error) { + req, out := c.ListProfilesRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListProfilesPages iterates over the pages of a ListProfiles operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListProfiles method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListProfiles operation. +// pageNum := 0 +// err := client.ListProfilesPages(params, +// func(page *rolesanywhere.ListProfilesOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *RolesAnywhere) ListProfilesPages(input *ListProfilesInput, fn func(*ListProfilesOutput, bool) bool) error { + return c.ListProfilesPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListProfilesPagesWithContext same as ListProfilesPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListProfilesPagesWithContext(ctx aws.Context, input *ListProfilesInput, fn func(*ListProfilesOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListProfilesInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListProfilesRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListProfilesOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListSubjects = "ListSubjects" + +// ListSubjectsRequest generates a "aws/request.Request" representing the +// client's request for the ListSubjects operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListSubjects for more information on using the ListSubjects +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListSubjectsRequest method. +// req, resp := client.ListSubjectsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListSubjects +func (c *RolesAnywhere) ListSubjectsRequest(input *ListSubjectsInput) (req *request.Request, output *ListSubjectsOutput) { + op := &request.Operation{ + Name: opListSubjects, + HTTPMethod: "GET", + HTTPPath: "/subjects", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListSubjectsInput{} + } + + output = &ListSubjectsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListSubjects API operation for IAM Roles Anywhere. +// +// Lists the subjects in the authenticated account and Amazon Web Services Region. +// +// Required permissions: rolesanywhere:ListSubjects. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ListSubjects for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListSubjects +func (c *RolesAnywhere) ListSubjects(input *ListSubjectsInput) (*ListSubjectsOutput, error) { + req, out := c.ListSubjectsRequest(input) + return out, req.Send() +} + +// ListSubjectsWithContext is the same as ListSubjects with the addition of +// the ability to pass a context and additional request options. +// +// See ListSubjects for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListSubjectsWithContext(ctx aws.Context, input *ListSubjectsInput, opts ...request.Option) (*ListSubjectsOutput, error) { + req, out := c.ListSubjectsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListSubjectsPages iterates over the pages of a ListSubjects operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListSubjects method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListSubjects operation. +// pageNum := 0 +// err := client.ListSubjectsPages(params, +// func(page *rolesanywhere.ListSubjectsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *RolesAnywhere) ListSubjectsPages(input *ListSubjectsInput, fn func(*ListSubjectsOutput, bool) bool) error { + return c.ListSubjectsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListSubjectsPagesWithContext same as ListSubjectsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListSubjectsPagesWithContext(ctx aws.Context, input *ListSubjectsInput, fn func(*ListSubjectsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListSubjectsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListSubjectsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListSubjectsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListTagsForResource +func (c *RolesAnywhere) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "GET", + HTTPPath: "/ListTagsForResource", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for IAM Roles Anywhere. +// +// Lists the tags attached to the resource. +// +// Required permissions: rolesanywhere:ListTagsForResource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListTagsForResource +func (c *RolesAnywhere) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opListTrustAnchors = "ListTrustAnchors" + +// ListTrustAnchorsRequest generates a "aws/request.Request" representing the +// client's request for the ListTrustAnchors operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTrustAnchors for more information on using the ListTrustAnchors +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the ListTrustAnchorsRequest method. +// req, resp := client.ListTrustAnchorsRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListTrustAnchors +func (c *RolesAnywhere) ListTrustAnchorsRequest(input *ListTrustAnchorsInput) (req *request.Request, output *ListTrustAnchorsOutput) { + op := &request.Operation{ + Name: opListTrustAnchors, + HTTPMethod: "GET", + HTTPPath: "/trustanchors", + Paginator: &request.Paginator{ + InputTokens: []string{"nextToken"}, + OutputTokens: []string{"nextToken"}, + LimitToken: "", + TruncationToken: "", + }, + } + + if input == nil { + input = &ListTrustAnchorsInput{} + } + + output = &ListTrustAnchorsOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTrustAnchors API operation for IAM Roles Anywhere. +// +// Lists the trust anchors in the authenticated account and Amazon Web Services +// Region. +// +// Required permissions: rolesanywhere:ListTrustAnchors. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation ListTrustAnchors for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/ListTrustAnchors +func (c *RolesAnywhere) ListTrustAnchors(input *ListTrustAnchorsInput) (*ListTrustAnchorsOutput, error) { + req, out := c.ListTrustAnchorsRequest(input) + return out, req.Send() +} + +// ListTrustAnchorsWithContext is the same as ListTrustAnchors with the addition of +// the ability to pass a context and additional request options. +// +// See ListTrustAnchors for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListTrustAnchorsWithContext(ctx aws.Context, input *ListTrustAnchorsInput, opts ...request.Option) (*ListTrustAnchorsOutput, error) { + req, out := c.ListTrustAnchorsRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// ListTrustAnchorsPages iterates over the pages of a ListTrustAnchors operation, +// calling the "fn" function with the response data for each page. To stop +// iterating, return false from the fn function. +// +// See ListTrustAnchors method for more information on how to use this operation. +// +// Note: This operation can generate multiple requests to a service. +// +// // Example iterating over at most 3 pages of a ListTrustAnchors operation. +// pageNum := 0 +// err := client.ListTrustAnchorsPages(params, +// func(page *rolesanywhere.ListTrustAnchorsOutput, lastPage bool) bool { +// pageNum++ +// fmt.Println(page) +// return pageNum <= 3 +// }) +// +func (c *RolesAnywhere) ListTrustAnchorsPages(input *ListTrustAnchorsInput, fn func(*ListTrustAnchorsOutput, bool) bool) error { + return c.ListTrustAnchorsPagesWithContext(aws.BackgroundContext(), input, fn) +} + +// ListTrustAnchorsPagesWithContext same as ListTrustAnchorsPages except +// it takes a Context and allows setting request options on the pages. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) ListTrustAnchorsPagesWithContext(ctx aws.Context, input *ListTrustAnchorsInput, fn func(*ListTrustAnchorsOutput, bool) bool, opts ...request.Option) error { + p := request.Pagination{ + NewRequest: func() (*request.Request, error) { + var inCpy *ListTrustAnchorsInput + if input != nil { + tmp := *input + inCpy = &tmp + } + req, _ := c.ListTrustAnchorsRequest(inCpy) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return req, nil + }, + } + + for p.Next() { + if !fn(p.Page().(*ListTrustAnchorsOutput), !p.HasNextPage()) { + break + } + } + + return p.Err() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/TagResource +func (c *RolesAnywhere) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/TagResource", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for IAM Roles Anywhere. +// +// Attaches tags to a resource. +// +// Required permissions: rolesanywhere:TagResource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// * TooManyTagsException +// Too many tags. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/TagResource +func (c *RolesAnywhere) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UntagResource +func (c *RolesAnywhere) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/UntagResource", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for IAM Roles Anywhere. +// +// Removes tags from the resource. +// +// Required permissions: rolesanywhere:UntagResource. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UntagResource +func (c *RolesAnywhere) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateCrl = "UpdateCrl" + +// UpdateCrlRequest generates a "aws/request.Request" representing the +// client's request for the UpdateCrl operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateCrl for more information on using the UpdateCrl +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateCrlRequest method. +// req, resp := client.UpdateCrlRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateCrl +func (c *RolesAnywhere) UpdateCrlRequest(input *UpdateCrlInput) (req *request.Request, output *UpdateCrlOutput) { + op := &request.Operation{ + Name: opUpdateCrl, + HTTPMethod: "PATCH", + HTTPPath: "/crl/{crlId}", + } + + if input == nil { + input = &UpdateCrlInput{} + } + + output = &UpdateCrlOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateCrl API operation for IAM Roles Anywhere. +// +// Updates the certificate revocation list (CRL). CRl is a list of certificates +// that have been revoked by the issuing certificate Authority (CA). IAM Roles +// Anywhere validates against the crl list before issuing credentials. +// +// Required permissions: rolesanywhere:UpdateCrl. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation UpdateCrl for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateCrl +func (c *RolesAnywhere) UpdateCrl(input *UpdateCrlInput) (*UpdateCrlOutput, error) { + req, out := c.UpdateCrlRequest(input) + return out, req.Send() +} + +// UpdateCrlWithContext is the same as UpdateCrl with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateCrl for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) UpdateCrlWithContext(ctx aws.Context, input *UpdateCrlInput, opts ...request.Option) (*UpdateCrlOutput, error) { + req, out := c.UpdateCrlRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateProfile = "UpdateProfile" + +// UpdateProfileRequest generates a "aws/request.Request" representing the +// client's request for the UpdateProfile operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateProfile for more information on using the UpdateProfile +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateProfileRequest method. +// req, resp := client.UpdateProfileRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateProfile +func (c *RolesAnywhere) UpdateProfileRequest(input *UpdateProfileInput) (req *request.Request, output *UpdateProfileOutput) { + op := &request.Operation{ + Name: opUpdateProfile, + HTTPMethod: "PATCH", + HTTPPath: "/profile/{profileId}", + } + + if input == nil { + input = &UpdateProfileInput{} + } + + output = &UpdateProfileOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateProfile API operation for IAM Roles Anywhere. +// +// Updates the profile. A profile is configuration resource to list the roles +// that RolesAnywhere service is trusted to assume. In addition, by applying +// a profile you can scope-down permissions with IAM managed policies. +// +// Required permissions: rolesanywhere:UpdateProfile. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation UpdateProfile for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateProfile +func (c *RolesAnywhere) UpdateProfile(input *UpdateProfileInput) (*UpdateProfileOutput, error) { + req, out := c.UpdateProfileRequest(input) + return out, req.Send() +} + +// UpdateProfileWithContext is the same as UpdateProfile with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateProfile for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) UpdateProfileWithContext(ctx aws.Context, input *UpdateProfileInput, opts ...request.Option) (*UpdateProfileOutput, error) { + req, out := c.UpdateProfileRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUpdateTrustAnchor = "UpdateTrustAnchor" + +// UpdateTrustAnchorRequest generates a "aws/request.Request" representing the +// client's request for the UpdateTrustAnchor operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UpdateTrustAnchor for more information on using the UpdateTrustAnchor +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// +// // Example sending a request using the UpdateTrustAnchorRequest method. +// req, resp := client.UpdateTrustAnchorRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateTrustAnchor +func (c *RolesAnywhere) UpdateTrustAnchorRequest(input *UpdateTrustAnchorInput) (req *request.Request, output *UpdateTrustAnchorOutput) { + op := &request.Operation{ + Name: opUpdateTrustAnchor, + HTTPMethod: "PATCH", + HTTPPath: "/trustanchor/{trustAnchorId}", + } + + if input == nil { + input = &UpdateTrustAnchorInput{} + } + + output = &UpdateTrustAnchorOutput{} + req = c.newRequest(op, input, output) + return +} + +// UpdateTrustAnchor API operation for IAM Roles Anywhere. +// +// Updates the trust anchor.You establish trust between IAM Roles Anywhere and +// your certificate authority (CA) by configuring a trust anchor. A Trust Anchor +// is defined either as a reference to a AWS Certificate Manager Private Certificate +// Authority (ACM PCA), or by uploading a Certificate Authority (CA) certificate. +// Your AWS workloads can authenticate with the trust anchor using certificates +// issued by the trusted Certificate Authority (CA) in exchange for temporary +// AWS credentials. +// +// Required permissions: rolesanywhere:UpdateTrustAnchor. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for IAM Roles Anywhere's +// API operation UpdateTrustAnchor for usage and error information. +// +// Returned Error Types: +// * ValidationException +// Validation exception error. +// +// * ResourceNotFoundException +// The resource could not be found. +// +// * AccessDeniedException +// You do not have sufficient access to perform this action. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10/UpdateTrustAnchor +func (c *RolesAnywhere) UpdateTrustAnchor(input *UpdateTrustAnchorInput) (*UpdateTrustAnchorOutput, error) { + req, out := c.UpdateTrustAnchorRequest(input) + return out, req.Send() +} + +// UpdateTrustAnchorWithContext is the same as UpdateTrustAnchor with the addition of +// the ability to pass a context and additional request options. +// +// See UpdateTrustAnchor for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *RolesAnywhere) UpdateTrustAnchorWithContext(ctx aws.Context, input *UpdateTrustAnchorInput, opts ...request.Option) (*UpdateTrustAnchorOutput, error) { + req, out := c.UpdateTrustAnchorRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +// You do not have sufficient access to perform this action. +type AccessDeniedException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AccessDeniedException) GoString() string { + return s.String() +} + +func newErrorAccessDeniedException(v protocol.ResponseMetadata) error { + return &AccessDeniedException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *AccessDeniedException) Code() string { + return "AccessDeniedException" +} + +// Message returns the exception's message. +func (s *AccessDeniedException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *AccessDeniedException) OrigErr() error { + return nil +} + +func (s *AccessDeniedException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *AccessDeniedException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *AccessDeniedException) RequestID() string { + return s.RespMetadata.RequestID +} + +type CreateProfileInput struct { + _ struct{} `type:"structure"` + + // The number of seconds the vended session credentials are valid for. + DurationSeconds *int64 `locationName:"durationSeconds" min:"900" type:"integer"` + + // Specifies whether the profile is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // A list of managed policy ARNs that apply to the vended session credentials. + ManagedPolicyArns []*string `locationName:"managedPolicyArns" type:"list"` + + // The name of the profile. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` + + // Specifies whether instance properties are required in CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // requests with this profile. + RequireInstanceProperties *bool `locationName:"requireInstanceProperties" type:"boolean"` + + // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + // + // RoleArns is a required field + RoleArns []*string `locationName:"roleArns" type:"list" required:"true"` + + // A session policy that applies to the trust boundary of the vended session + // credentials. + SessionPolicy *string `locationName:"sessionPolicy" type:"string"` + + // The tags to attach to the profile. + Tags []*Tag `locationName:"tags" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateProfileInput"} + if s.DurationSeconds != nil && *s.DurationSeconds < 900 { + invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.RoleArns == nil { + invalidParams.Add(request.NewErrParamRequired("RoleArns")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDurationSeconds sets the DurationSeconds field's value. +func (s *CreateProfileInput) SetDurationSeconds(v int64) *CreateProfileInput { + s.DurationSeconds = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *CreateProfileInput) SetEnabled(v bool) *CreateProfileInput { + s.Enabled = &v + return s +} + +// SetManagedPolicyArns sets the ManagedPolicyArns field's value. +func (s *CreateProfileInput) SetManagedPolicyArns(v []*string) *CreateProfileInput { + s.ManagedPolicyArns = v + return s +} + +// SetName sets the Name field's value. +func (s *CreateProfileInput) SetName(v string) *CreateProfileInput { + s.Name = &v + return s +} + +// SetRequireInstanceProperties sets the RequireInstanceProperties field's value. +func (s *CreateProfileInput) SetRequireInstanceProperties(v bool) *CreateProfileInput { + s.RequireInstanceProperties = &v + return s +} + +// SetRoleArns sets the RoleArns field's value. +func (s *CreateProfileInput) SetRoleArns(v []*string) *CreateProfileInput { + s.RoleArns = v + return s +} + +// SetSessionPolicy sets the SessionPolicy field's value. +func (s *CreateProfileInput) SetSessionPolicy(v string) *CreateProfileInput { + s.SessionPolicy = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateProfileInput) SetTags(v []*Tag) *CreateProfileInput { + s.Tags = v + return s +} + +type CreateProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *CreateProfileOutput) SetProfile(v *ProfileDetail) *CreateProfileOutput { + s.Profile = v + return s +} + +type CreateTrustAnchorInput struct { + _ struct{} `type:"structure"` + + // Specifies whether the trust anchor is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The name of the trust anchor. + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` + + // The trust anchor type and its related certificate data. + // + // Source is a required field + Source *Source `locationName:"source" type:"structure" required:"true"` + + // The tags to attach to the trust anchor. + Tags []*Tag `locationName:"tags" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CreateTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CreateTrustAnchorInput"} + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.Source == nil { + invalidParams.Add(request.NewErrParamRequired("Source")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetEnabled sets the Enabled field's value. +func (s *CreateTrustAnchorInput) SetEnabled(v bool) *CreateTrustAnchorInput { + s.Enabled = &v + return s +} + +// SetName sets the Name field's value. +func (s *CreateTrustAnchorInput) SetName(v string) *CreateTrustAnchorInput { + s.Name = &v + return s +} + +// SetSource sets the Source field's value. +func (s *CreateTrustAnchorInput) SetSource(v *Source) *CreateTrustAnchorInput { + s.Source = v + return s +} + +// SetTags sets the Tags field's value. +func (s *CreateTrustAnchorInput) SetTags(v []*Tag) *CreateTrustAnchorInput { + s.Tags = v + return s +} + +type CreateTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CreateTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *CreateTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *CreateTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +// A record of a presented X509 credential to CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html). +type CredentialSummary struct { + _ struct{} `type:"structure"` + + // Indicates whether the credential is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // Indicates whether the CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation was successful. + Failed *bool `locationName:"failed" type:"boolean"` + + // The fully qualified domain name of the issuing certificate for the presented + // end-entity certificate. + Issuer *string `locationName:"issuer" type:"string"` + + // The ISO-8601 time stamp of when the certificate was last used in a CreateSession + // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + SeenAt *time.Time `locationName:"seenAt" type:"timestamp" timestampFormat:"iso8601"` + + // The serial number of the certificate. + SerialNumber *string `locationName:"serialNumber" type:"string"` + + // The PEM-encoded data of the certificate. + X509CertificateData *string `locationName:"x509CertificateData" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CredentialSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CredentialSummary) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *CredentialSummary) SetEnabled(v bool) *CredentialSummary { + s.Enabled = &v + return s +} + +// SetFailed sets the Failed field's value. +func (s *CredentialSummary) SetFailed(v bool) *CredentialSummary { + s.Failed = &v + return s +} + +// SetIssuer sets the Issuer field's value. +func (s *CredentialSummary) SetIssuer(v string) *CredentialSummary { + s.Issuer = &v + return s +} + +// SetSeenAt sets the SeenAt field's value. +func (s *CredentialSummary) SetSeenAt(v time.Time) *CredentialSummary { + s.SeenAt = &v + return s +} + +// SetSerialNumber sets the SerialNumber field's value. +func (s *CredentialSummary) SetSerialNumber(v string) *CredentialSummary { + s.SerialNumber = &v + return s +} + +// SetX509CertificateData sets the X509CertificateData field's value. +func (s *CredentialSummary) SetX509CertificateData(v string) *CredentialSummary { + s.X509CertificateData = &v + return s +} + +// The state of the certificate revocation list (CRL) after a read or write +// operation. +type CrlDetail struct { + _ struct{} `type:"structure"` + + // The ISO-8601 timestamp when the certificate revocation list (CRL) was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` + + // The ARN of the certificate revocation list (CRL). + CrlArn *string `locationName:"crlArn" type:"string"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // CrlData is automatically base64 encoded/decoded by the SDK. + CrlData []byte `locationName:"crlData" type:"blob"` + + // The unique identifier of the certificate revocation list (CRL). + CrlId *string `locationName:"crlId" min:"36" type:"string"` + + // Indicates whether the certificate revocation list (CRL) is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The name of the certificate revocation list (CRL). + Name *string `locationName:"name" type:"string"` + + // The ARN of the TrustAnchor the certificate revocation list (CRL) will provide + // revocation for. + TrustAnchorArn *string `locationName:"trustAnchorArn" type:"string"` + + // The ISO-8601 timestamp when the certificate revocation list (CRL) was last + // updated. + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CrlDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CrlDetail) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *CrlDetail) SetCreatedAt(v time.Time) *CrlDetail { + s.CreatedAt = &v + return s +} + +// SetCrlArn sets the CrlArn field's value. +func (s *CrlDetail) SetCrlArn(v string) *CrlDetail { + s.CrlArn = &v + return s +} + +// SetCrlData sets the CrlData field's value. +func (s *CrlDetail) SetCrlData(v []byte) *CrlDetail { + s.CrlData = v + return s +} + +// SetCrlId sets the CrlId field's value. +func (s *CrlDetail) SetCrlId(v string) *CrlDetail { + s.CrlId = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *CrlDetail) SetEnabled(v bool) *CrlDetail { + s.Enabled = &v + return s +} + +// SetName sets the Name field's value. +func (s *CrlDetail) SetName(v string) *CrlDetail { + s.Name = &v + return s +} + +// SetTrustAnchorArn sets the TrustAnchorArn field's value. +func (s *CrlDetail) SetTrustAnchorArn(v string) *CrlDetail { + s.TrustAnchorArn = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *CrlDetail) SetUpdatedAt(v time.Time) *CrlDetail { + s.UpdatedAt = &v + return s +} + +type DeleteCrlInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the certificate revocation list (CRL). + // + // CrlId is a required field + CrlId *string `location:"uri" locationName:"crlId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteCrlInput"} + if s.CrlId == nil { + invalidParams.Add(request.NewErrParamRequired("CrlId")) + } + if s.CrlId != nil && len(*s.CrlId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("CrlId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlId sets the CrlId field's value. +func (s *DeleteCrlInput) SetCrlId(v string) *DeleteCrlInput { + s.CrlId = &v + return s +} + +type DeleteCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *DeleteCrlOutput) SetCrl(v *CrlDetail) *DeleteCrlOutput { + s.Crl = v + return s +} + +type DeleteProfileInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the profile. + // + // ProfileId is a required field + ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteProfileInput"} + if s.ProfileId == nil { + invalidParams.Add(request.NewErrParamRequired("ProfileId")) + } + if s.ProfileId != nil && len(*s.ProfileId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ProfileId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetProfileId sets the ProfileId field's value. +func (s *DeleteProfileInput) SetProfileId(v string) *DeleteProfileInput { + s.ProfileId = &v + return s +} + +type DeleteProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *DeleteProfileOutput) SetProfile(v *ProfileDetail) *DeleteProfileOutput { + s.Profile = v + return s +} + +type DeleteTrustAnchorInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `location:"uri" locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DeleteTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DeleteTrustAnchorInput"} + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *DeleteTrustAnchorInput) SetTrustAnchorId(v string) *DeleteTrustAnchorInput { + s.TrustAnchorId = &v + return s +} + +type DeleteTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DeleteTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *DeleteTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *DeleteTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +type DisableCrlInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the certificate revocation list (CRL). + // + // CrlId is a required field + CrlId *string `location:"uri" locationName:"crlId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableCrlInput"} + if s.CrlId == nil { + invalidParams.Add(request.NewErrParamRequired("CrlId")) + } + if s.CrlId != nil && len(*s.CrlId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("CrlId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlId sets the CrlId field's value. +func (s *DisableCrlInput) SetCrlId(v string) *DisableCrlInput { + s.CrlId = &v + return s +} + +type DisableCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *DisableCrlOutput) SetCrl(v *CrlDetail) *DisableCrlOutput { + s.Crl = v + return s +} + +type DisableProfileInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the profile. + // + // ProfileId is a required field + ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableProfileInput"} + if s.ProfileId == nil { + invalidParams.Add(request.NewErrParamRequired("ProfileId")) + } + if s.ProfileId != nil && len(*s.ProfileId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ProfileId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetProfileId sets the ProfileId field's value. +func (s *DisableProfileInput) SetProfileId(v string) *DisableProfileInput { + s.ProfileId = &v + return s +} + +type DisableProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *DisableProfileOutput) SetProfile(v *ProfileDetail) *DisableProfileOutput { + s.Profile = v + return s +} + +type DisableTrustAnchorInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `location:"uri" locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *DisableTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "DisableTrustAnchorInput"} + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *DisableTrustAnchorInput) SetTrustAnchorId(v string) *DisableTrustAnchorInput { + s.TrustAnchorId = &v + return s +} + +type DisableTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s DisableTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *DisableTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *DisableTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +type EnableCrlInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the certificate revocation list (CRL). + // + // CrlId is a required field + CrlId *string `location:"uri" locationName:"crlId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableCrlInput"} + if s.CrlId == nil { + invalidParams.Add(request.NewErrParamRequired("CrlId")) + } + if s.CrlId != nil && len(*s.CrlId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("CrlId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlId sets the CrlId field's value. +func (s *EnableCrlInput) SetCrlId(v string) *EnableCrlInput { + s.CrlId = &v + return s +} + +type EnableCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *EnableCrlOutput) SetCrl(v *CrlDetail) *EnableCrlOutput { + s.Crl = v + return s +} + +type EnableProfileInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the profile. + // + // ProfileId is a required field + ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableProfileInput"} + if s.ProfileId == nil { + invalidParams.Add(request.NewErrParamRequired("ProfileId")) + } + if s.ProfileId != nil && len(*s.ProfileId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ProfileId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetProfileId sets the ProfileId field's value. +func (s *EnableProfileInput) SetProfileId(v string) *EnableProfileInput { + s.ProfileId = &v + return s +} + +type EnableProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *EnableProfileOutput) SetProfile(v *ProfileDetail) *EnableProfileOutput { + s.Profile = v + return s +} + +type EnableTrustAnchorInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `location:"uri" locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *EnableTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "EnableTrustAnchorInput"} + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *EnableTrustAnchorInput) SetTrustAnchorId(v string) *EnableTrustAnchorInput { + s.TrustAnchorId = &v + return s +} + +type EnableTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s EnableTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *EnableTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *EnableTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +type GetCrlInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the certificate revocation list (CRL). + // + // CrlId is a required field + CrlId *string `location:"uri" locationName:"crlId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetCrlInput"} + if s.CrlId == nil { + invalidParams.Add(request.NewErrParamRequired("CrlId")) + } + if s.CrlId != nil && len(*s.CrlId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("CrlId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlId sets the CrlId field's value. +func (s *GetCrlInput) SetCrlId(v string) *GetCrlInput { + s.CrlId = &v + return s +} + +type GetCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *GetCrlOutput) SetCrl(v *CrlDetail) *GetCrlOutput { + s.Crl = v + return s +} + +type GetProfileInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the profile. + // + // ProfileId is a required field + ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetProfileInput"} + if s.ProfileId == nil { + invalidParams.Add(request.NewErrParamRequired("ProfileId")) + } + if s.ProfileId != nil && len(*s.ProfileId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ProfileId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetProfileId sets the ProfileId field's value. +func (s *GetProfileInput) SetProfileId(v string) *GetProfileInput { + s.ProfileId = &v + return s +} + +type GetProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *GetProfileOutput) SetProfile(v *ProfileDetail) *GetProfileOutput { + s.Profile = v + return s +} + +type GetSubjectInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the subject. + // + // SubjectId is a required field + SubjectId *string `location:"uri" locationName:"subjectId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSubjectInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSubjectInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetSubjectInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetSubjectInput"} + if s.SubjectId == nil { + invalidParams.Add(request.NewErrParamRequired("SubjectId")) + } + if s.SubjectId != nil && len(*s.SubjectId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("SubjectId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetSubjectId sets the SubjectId field's value. +func (s *GetSubjectInput) SetSubjectId(v string) *GetSubjectInput { + s.SubjectId = &v + return s +} + +type GetSubjectOutput struct { + _ struct{} `type:"structure"` + + // The state of the subject after a read or write operation. + Subject *SubjectDetail `locationName:"subject" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSubjectOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetSubjectOutput) GoString() string { + return s.String() +} + +// SetSubject sets the Subject field's value. +func (s *GetSubjectOutput) SetSubject(v *SubjectDetail) *GetSubjectOutput { + s.Subject = v + return s +} + +type GetTrustAnchorInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `location:"uri" locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *GetTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "GetTrustAnchorInput"} + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *GetTrustAnchorInput) SetTrustAnchorId(v string) *GetTrustAnchorInput { + s.TrustAnchorId = &v + return s +} + +type GetTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s GetTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *GetTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *GetTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +type ImportCrlInput struct { + _ struct{} `type:"structure"` + + // The x509 v3 specified certificate revocation list + // CrlData is automatically base64 encoded/decoded by the SDK. + // + // CrlData is a required field + CrlData []byte `locationName:"crlData" min:"1" type:"blob" required:"true"` + + // Specifies whether the certificate revocation list (CRL) is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The name of the certificate revocation list (CRL). + // + // Name is a required field + Name *string `locationName:"name" min:"1" type:"string" required:"true"` + + // A list of tags to attach to the certificate revocation list (CRL). + Tags []*Tag `locationName:"tags" type:"list"` + + // The ARN of the TrustAnchor the certificate revocation list (CRL) will provide + // revocation for. + // + // TrustAnchorArn is a required field + TrustAnchorArn *string `locationName:"trustAnchorArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ImportCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ImportCrlInput"} + if s.CrlData == nil { + invalidParams.Add(request.NewErrParamRequired("CrlData")) + } + if s.CrlData != nil && len(s.CrlData) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CrlData", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.TrustAnchorArn == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorArn")) + } + if s.TrustAnchorArn != nil && len(*s.TrustAnchorArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorArn", 1)) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlData sets the CrlData field's value. +func (s *ImportCrlInput) SetCrlData(v []byte) *ImportCrlInput { + s.CrlData = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *ImportCrlInput) SetEnabled(v bool) *ImportCrlInput { + s.Enabled = &v + return s +} + +// SetName sets the Name field's value. +func (s *ImportCrlInput) SetName(v string) *ImportCrlInput { + s.Name = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *ImportCrlInput) SetTags(v []*Tag) *ImportCrlInput { + s.Tags = v + return s +} + +// SetTrustAnchorArn sets the TrustAnchorArn field's value. +func (s *ImportCrlInput) SetTrustAnchorArn(v string) *ImportCrlInput { + s.TrustAnchorArn = &v + return s +} + +type ImportCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ImportCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *ImportCrlOutput) SetCrl(v *CrlDetail) *ImportCrlOutput { + s.Crl = v + return s +} + +// A key-value pair you set that identifies a property of the authenticating +// instance. +type InstanceProperty struct { + _ struct{} `type:"structure"` + + // Indicates whether the CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation was successful. + Failed *bool `locationName:"failed" type:"boolean"` + + // A list of instanceProperty objects. + Properties map[string]*string `locationName:"properties" type:"map"` + + // The ISO-8601 time stamp of when the certificate was last used in a CreateSession + // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + SeenAt *time.Time `locationName:"seenAt" type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceProperty) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InstanceProperty) GoString() string { + return s.String() +} + +// SetFailed sets the Failed field's value. +func (s *InstanceProperty) SetFailed(v bool) *InstanceProperty { + s.Failed = &v + return s +} + +// SetProperties sets the Properties field's value. +func (s *InstanceProperty) SetProperties(v map[string]*string) *InstanceProperty { + s.Properties = v + return s +} + +// SetSeenAt sets the SeenAt field's value. +func (s *InstanceProperty) SetSeenAt(v time.Time) *InstanceProperty { + s.SeenAt = &v + return s +} + +type ListCrlsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` + + // The number of resources in the paginated list. + PageSize *int64 `location:"querystring" locationName:"pageSize" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListCrlsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListCrlsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListCrlsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListCrlsInput"} + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNextToken sets the NextToken field's value. +func (s *ListCrlsInput) SetNextToken(v string) *ListCrlsInput { + s.NextToken = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *ListCrlsInput) SetPageSize(v int64) *ListCrlsInput { + s.PageSize = &v + return s +} + +type ListCrlsOutput struct { + _ struct{} `type:"structure"` + + // A list of certificate revocation lists (CRL). + Crls []*CrlDetail `locationName:"crls" type:"list"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `locationName:"nextToken" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListCrlsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListCrlsOutput) GoString() string { + return s.String() +} + +// SetCrls sets the Crls field's value. +func (s *ListCrlsOutput) SetCrls(v []*CrlDetail) *ListCrlsOutput { + s.Crls = v + return s +} + +// SetNextToken sets the NextToken field's value. +func (s *ListCrlsOutput) SetNextToken(v string) *ListCrlsOutput { + s.NextToken = &v + return s +} + +type ListProfilesInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` + + // The number of resources in the paginated list. + PageSize *int64 `location:"querystring" locationName:"pageSize" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListProfilesInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListProfilesInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListProfilesInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListProfilesInput"} + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNextToken sets the NextToken field's value. +func (s *ListProfilesInput) SetNextToken(v string) *ListProfilesInput { + s.NextToken = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *ListProfilesInput) SetPageSize(v int64) *ListProfilesInput { + s.PageSize = &v + return s +} + +type ListProfilesOutput struct { + _ struct{} `type:"structure"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `locationName:"nextToken" type:"string"` + + // A list of profiles. + Profiles []*ProfileDetail `locationName:"profiles" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListProfilesOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListProfilesOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListProfilesOutput) SetNextToken(v string) *ListProfilesOutput { + s.NextToken = &v + return s +} + +// SetProfiles sets the Profiles field's value. +func (s *ListProfilesOutput) SetProfiles(v []*ProfileDetail) *ListProfilesOutput { + s.Profiles = v + return s +} + +type ListSubjectsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` + + // The number of resources in the paginated list. + PageSize *int64 `location:"querystring" locationName:"pageSize" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSubjectsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSubjectsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListSubjectsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListSubjectsInput"} + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSubjectsInput) SetNextToken(v string) *ListSubjectsInput { + s.NextToken = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *ListSubjectsInput) SetPageSize(v int64) *ListSubjectsInput { + s.PageSize = &v + return s +} + +type ListSubjectsOutput struct { + _ struct{} `type:"structure"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `locationName:"nextToken" type:"string"` + + // A list of subjects. + Subjects []*SubjectSummary `locationName:"subjects" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSubjectsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListSubjectsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListSubjectsOutput) SetNextToken(v string) *ListSubjectsOutput { + s.NextToken = &v + return s +} + +// SetSubjects sets the Subjects field's value. +func (s *ListSubjectsOutput) SetSubjects(v []*SubjectSummary) *ListSubjectsOutput { + s.Subjects = v + return s +} + +type ListTagsForResourceInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // The ARN of the resource. + // + // ResourceArn is a required field + ResourceArn *string `location:"querystring" locationName:"resourceArn" min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput { + s.ResourceArn = &v + return s +} + +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // A list of tags attached to the resource. + Tags []*Tag `locationName:"tags" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) GoString() string { + return s.String() +} + +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { + s.Tags = v + return s +} + +type ListTrustAnchorsInput struct { + _ struct{} `type:"structure" nopayload:"true"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `location:"querystring" locationName:"nextToken" min:"1" type:"string"` + + // The number of resources in the paginated list. + PageSize *int64 `location:"querystring" locationName:"pageSize" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTrustAnchorsInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTrustAnchorsInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTrustAnchorsInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTrustAnchorsInput"} + if s.NextToken != nil && len(*s.NextToken) < 1 { + invalidParams.Add(request.NewErrParamMinLen("NextToken", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTrustAnchorsInput) SetNextToken(v string) *ListTrustAnchorsInput { + s.NextToken = &v + return s +} + +// SetPageSize sets the PageSize field's value. +func (s *ListTrustAnchorsInput) SetPageSize(v int64) *ListTrustAnchorsInput { + s.PageSize = &v + return s +} + +type ListTrustAnchorsOutput struct { + _ struct{} `type:"structure"` + + // A token that indicates where the output should continue from, if a previous + // operation did not show all results. To get the next results, call the operation + // again with this value. + NextToken *string `locationName:"nextToken" type:"string"` + + // A list of trust anchors. + TrustAnchors []*TrustAnchorDetail `locationName:"trustAnchors" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTrustAnchorsOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTrustAnchorsOutput) GoString() string { + return s.String() +} + +// SetNextToken sets the NextToken field's value. +func (s *ListTrustAnchorsOutput) SetNextToken(v string) *ListTrustAnchorsOutput { + s.NextToken = &v + return s +} + +// SetTrustAnchors sets the TrustAnchors field's value. +func (s *ListTrustAnchorsOutput) SetTrustAnchors(v []*TrustAnchorDetail) *ListTrustAnchorsOutput { + s.TrustAnchors = v + return s +} + +// The state of the profile after a read or write operation. +type ProfileDetail struct { + _ struct{} `type:"structure"` + + // The ISO-8601 timestamp when the profile was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` + + // The Amazon Web Services account that created the profile. + CreatedBy *string `locationName:"createdBy" type:"string"` + + // The number of seconds the vended session credentials are valid for. + DurationSeconds *int64 `locationName:"durationSeconds" type:"integer"` + + // Indicates whether the profile is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // A list of managed policy ARNs that apply to the vended session credentials. + ManagedPolicyArns []*string `locationName:"managedPolicyArns" type:"list"` + + // The name of the profile. + Name *string `locationName:"name" min:"1" type:"string"` + + // The ARN of the profile. + ProfileArn *string `locationName:"profileArn" min:"1" type:"string"` + + // The unique identifier of the profile. + ProfileId *string `locationName:"profileId" min:"36" type:"string"` + + // Specifies whether instance properties are required in CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // requests with this profile. + RequireInstanceProperties *bool `locationName:"requireInstanceProperties" type:"boolean"` + + // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + RoleArns []*string `locationName:"roleArns" type:"list"` + + // A session policy that applies to the trust boundary of the vended session + // credentials. + SessionPolicy *string `locationName:"sessionPolicy" type:"string"` + + // The ISO-8601 timestamp when the profile was last updated. + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProfileDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ProfileDetail) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *ProfileDetail) SetCreatedAt(v time.Time) *ProfileDetail { + s.CreatedAt = &v + return s +} + +// SetCreatedBy sets the CreatedBy field's value. +func (s *ProfileDetail) SetCreatedBy(v string) *ProfileDetail { + s.CreatedBy = &v + return s +} + +// SetDurationSeconds sets the DurationSeconds field's value. +func (s *ProfileDetail) SetDurationSeconds(v int64) *ProfileDetail { + s.DurationSeconds = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *ProfileDetail) SetEnabled(v bool) *ProfileDetail { + s.Enabled = &v + return s +} + +// SetManagedPolicyArns sets the ManagedPolicyArns field's value. +func (s *ProfileDetail) SetManagedPolicyArns(v []*string) *ProfileDetail { + s.ManagedPolicyArns = v + return s +} + +// SetName sets the Name field's value. +func (s *ProfileDetail) SetName(v string) *ProfileDetail { + s.Name = &v + return s +} + +// SetProfileArn sets the ProfileArn field's value. +func (s *ProfileDetail) SetProfileArn(v string) *ProfileDetail { + s.ProfileArn = &v + return s +} + +// SetProfileId sets the ProfileId field's value. +func (s *ProfileDetail) SetProfileId(v string) *ProfileDetail { + s.ProfileId = &v + return s +} + +// SetRequireInstanceProperties sets the RequireInstanceProperties field's value. +func (s *ProfileDetail) SetRequireInstanceProperties(v bool) *ProfileDetail { + s.RequireInstanceProperties = &v + return s +} + +// SetRoleArns sets the RoleArns field's value. +func (s *ProfileDetail) SetRoleArns(v []*string) *ProfileDetail { + s.RoleArns = v + return s +} + +// SetSessionPolicy sets the SessionPolicy field's value. +func (s *ProfileDetail) SetSessionPolicy(v string) *ProfileDetail { + s.SessionPolicy = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *ProfileDetail) SetUpdatedAt(v time.Time) *ProfileDetail { + s.UpdatedAt = &v + return s +} + +// The resource could not be found. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The trust anchor type and its related certificate data. +type Source struct { + _ struct{} `type:"structure"` + + // The data field of the trust anchor depending on its type. + SourceData *SourceData `locationName:"sourceData" type:"structure"` + + // The type of the trust anchor. + SourceType *string `locationName:"sourceType" type:"string" enum:"TrustAnchorType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Source) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Source) GoString() string { + return s.String() +} + +// SetSourceData sets the SourceData field's value. +func (s *Source) SetSourceData(v *SourceData) *Source { + s.SourceData = v + return s +} + +// SetSourceType sets the SourceType field's value. +func (s *Source) SetSourceType(v string) *Source { + s.SourceType = &v + return s +} + +// The data field of the trust anchor depending on its type. +type SourceData struct { + _ struct{} `type:"structure"` + + // The root certificate of the Certificate Manager Private Certificate Authority + // specified by this ARN is used in trust validation for CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operations. Included for trust anchors of type AWS_ACM_PCA. + AcmPcaArn *string `locationName:"acmPcaArn" type:"string"` + + // The PEM-encoded data for the certificate anchor. Included for trust anchors + // of type CERTIFICATE_BUNDLE. + X509CertificateData *string `locationName:"x509CertificateData" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SourceData) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SourceData) GoString() string { + return s.String() +} + +// SetAcmPcaArn sets the AcmPcaArn field's value. +func (s *SourceData) SetAcmPcaArn(v string) *SourceData { + s.AcmPcaArn = &v + return s +} + +// SetX509CertificateData sets the X509CertificateData field's value. +func (s *SourceData) SetX509CertificateData(v string) *SourceData { + s.X509CertificateData = &v + return s +} + +// The state of the subject after a read or write operation. +type SubjectDetail struct { + _ struct{} `type:"structure"` + + // The ISO-8601 timestamp when the subject was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` + + // The temporary session credentials vended at the last authenticating call + // with this Subject. + Credentials []*CredentialSummary `locationName:"credentials" type:"list"` + + // The enabled status of the subject. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The specified instance properties associated with the request. + InstanceProperties []*InstanceProperty `locationName:"instanceProperties" type:"list"` + + // The ISO-8601 timestamp of the last time this Subject requested temporary + // session credentials. + LastSeenAt *time.Time `locationName:"lastSeenAt" type:"timestamp" timestampFormat:"iso8601"` + + // The ARN of the resource. + SubjectArn *string `locationName:"subjectArn" type:"string"` + + // The id of the resource + SubjectId *string `locationName:"subjectId" min:"36" type:"string"` + + // The ISO-8601 timestamp when the subject was last updated. + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"` + + // The x509 principal identifier of the authenticating certificate. + X509Subject *string `locationName:"x509Subject" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubjectDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubjectDetail) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *SubjectDetail) SetCreatedAt(v time.Time) *SubjectDetail { + s.CreatedAt = &v + return s +} + +// SetCredentials sets the Credentials field's value. +func (s *SubjectDetail) SetCredentials(v []*CredentialSummary) *SubjectDetail { + s.Credentials = v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *SubjectDetail) SetEnabled(v bool) *SubjectDetail { + s.Enabled = &v + return s +} + +// SetInstanceProperties sets the InstanceProperties field's value. +func (s *SubjectDetail) SetInstanceProperties(v []*InstanceProperty) *SubjectDetail { + s.InstanceProperties = v + return s +} + +// SetLastSeenAt sets the LastSeenAt field's value. +func (s *SubjectDetail) SetLastSeenAt(v time.Time) *SubjectDetail { + s.LastSeenAt = &v + return s +} + +// SetSubjectArn sets the SubjectArn field's value. +func (s *SubjectDetail) SetSubjectArn(v string) *SubjectDetail { + s.SubjectArn = &v + return s +} + +// SetSubjectId sets the SubjectId field's value. +func (s *SubjectDetail) SetSubjectId(v string) *SubjectDetail { + s.SubjectId = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *SubjectDetail) SetUpdatedAt(v time.Time) *SubjectDetail { + s.UpdatedAt = &v + return s +} + +// SetX509Subject sets the X509Subject field's value. +func (s *SubjectDetail) SetX509Subject(v string) *SubjectDetail { + s.X509Subject = &v + return s +} + +// A summary representation of Subject resources returned in read operations; +// primarily ListSubjects. +type SubjectSummary struct { + _ struct{} `type:"structure"` + + // The ISO-8601 time stamp of when the certificate was first used in a CreateSession + // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` + + // The enabled status of the Subject. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The ISO-8601 time stamp of when the certificate was last used in a CreateSession + // (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + LastSeenAt *time.Time `locationName:"lastSeenAt" type:"timestamp" timestampFormat:"iso8601"` + + // The ARN of the resource. + SubjectArn *string `locationName:"subjectArn" type:"string"` + + // The id of the resource. + SubjectId *string `locationName:"subjectId" min:"36" type:"string"` + + // The ISO-8601 timestamp when the subject was last updated. + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"` + + // The x509 principal identifier of the authenticating certificate. + X509Subject *string `locationName:"x509Subject" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubjectSummary) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s SubjectSummary) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *SubjectSummary) SetCreatedAt(v time.Time) *SubjectSummary { + s.CreatedAt = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *SubjectSummary) SetEnabled(v bool) *SubjectSummary { + s.Enabled = &v + return s +} + +// SetLastSeenAt sets the LastSeenAt field's value. +func (s *SubjectSummary) SetLastSeenAt(v time.Time) *SubjectSummary { + s.LastSeenAt = &v + return s +} + +// SetSubjectArn sets the SubjectArn field's value. +func (s *SubjectSummary) SetSubjectArn(v string) *SubjectSummary { + s.SubjectArn = &v + return s +} + +// SetSubjectId sets the SubjectId field's value. +func (s *SubjectSummary) SetSubjectId(v string) *SubjectSummary { + s.SubjectId = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *SubjectSummary) SetUpdatedAt(v time.Time) *SubjectSummary { + s.UpdatedAt = &v + return s +} + +// SetX509Subject sets the X509Subject field's value. +func (s *SubjectSummary) SetX509Subject(v string) *SubjectSummary { + s.X509Subject = &v + return s +} + +// A label that consists of a key and value you define. +type Tag struct { + _ struct{} `type:"structure"` + + // The tag key. + // + // Key is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Tag's + // String and GoString methods. + // + // Key is a required field + Key *string `locationName:"key" min:"1" type:"string" required:"true" sensitive:"true"` + + // The tag value. + // + // Value is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Tag's + // String and GoString methods. + // + // Value is a required field + Value *string `locationName:"value" type:"string" required:"true" sensitive:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.Key == nil { + invalidParams.Add(request.NewErrParamRequired("Key")) + } + if s.Key != nil && len(*s.Key) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Key", 1)) + } + if s.Value == nil { + invalidParams.Add(request.NewErrParamRequired("Value")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetKey sets the Key field's value. +func (s *Tag) SetKey(v string) *Tag { + s.Key = &v + return s +} + +// SetValue sets the Value field's value. +func (s *Tag) SetValue(v string) *Tag { + s.Value = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the resource. + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"` + + // The tags to attach to the resource. + // + // Tags is a required field + Tags []*Tag `locationName:"tags" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { + return s.String() +} + +// Too many tags. +type TooManyTagsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) GoString() string { + return s.String() +} + +func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { + return &TooManyTagsException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *TooManyTagsException) Code() string { + return "TooManyTagsException" +} + +// Message returns the exception's message. +func (s *TooManyTagsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TooManyTagsException) OrigErr() error { + return nil +} + +func (s *TooManyTagsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *TooManyTagsException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TooManyTagsException) RequestID() string { + return s.RespMetadata.RequestID +} + +// The state of the trust anchor after a read or write operation. +type TrustAnchorDetail struct { + _ struct{} `type:"structure"` + + // The ISO-8601 timestamp when the trust anchor was created. + CreatedAt *time.Time `locationName:"createdAt" type:"timestamp" timestampFormat:"iso8601"` + + // Indicates whether the trust anchor is enabled. + Enabled *bool `locationName:"enabled" type:"boolean"` + + // The name of the trust anchor. + Name *string `locationName:"name" min:"1" type:"string"` + + // The trust anchor type and its related certificate data. + Source *Source `locationName:"source" type:"structure"` + + // The ARN of the trust anchor. + TrustAnchorArn *string `locationName:"trustAnchorArn" type:"string"` + + // The unique identifier of the trust anchor. + TrustAnchorId *string `locationName:"trustAnchorId" min:"36" type:"string"` + + // The ISO-8601 timestamp when the trust anchor was last updated. + UpdatedAt *time.Time `locationName:"updatedAt" type:"timestamp" timestampFormat:"iso8601"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustAnchorDetail) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TrustAnchorDetail) GoString() string { + return s.String() +} + +// SetCreatedAt sets the CreatedAt field's value. +func (s *TrustAnchorDetail) SetCreatedAt(v time.Time) *TrustAnchorDetail { + s.CreatedAt = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *TrustAnchorDetail) SetEnabled(v bool) *TrustAnchorDetail { + s.Enabled = &v + return s +} + +// SetName sets the Name field's value. +func (s *TrustAnchorDetail) SetName(v string) *TrustAnchorDetail { + s.Name = &v + return s +} + +// SetSource sets the Source field's value. +func (s *TrustAnchorDetail) SetSource(v *Source) *TrustAnchorDetail { + s.Source = v + return s +} + +// SetTrustAnchorArn sets the TrustAnchorArn field's value. +func (s *TrustAnchorDetail) SetTrustAnchorArn(v string) *TrustAnchorDetail { + s.TrustAnchorArn = &v + return s +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *TrustAnchorDetail) SetTrustAnchorId(v string) *TrustAnchorDetail { + s.TrustAnchorId = &v + return s +} + +// SetUpdatedAt sets the UpdatedAt field's value. +func (s *TrustAnchorDetail) SetUpdatedAt(v time.Time) *TrustAnchorDetail { + s.UpdatedAt = &v + return s +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the resource. + // + // ResourceArn is a required field + ResourceArn *string `locationName:"resourceArn" min:"1" type:"string" required:"true"` + + // A list of keys. Tag keys are the unique identifiers of tags. + // + // TagKeys is a required field + TagKeys []*string `locationName:"tagKeys" type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.ResourceArn == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceArn")) + } + if s.ResourceArn != nil && len(*s.ResourceArn) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceArn sets the ResourceArn field's value. +func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput { + s.ResourceArn = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { + return s.String() +} + +type UpdateCrlInput struct { + _ struct{} `type:"structure"` + + // The x509 v3 specified certificate revocation list + // CrlData is automatically base64 encoded/decoded by the SDK. + CrlData []byte `locationName:"crlData" min:"1" type:"blob"` + + // The unique identifier of the certificate revocation list (CRL). + // + // CrlId is a required field + CrlId *string `location:"uri" locationName:"crlId" min:"36" type:"string" required:"true"` + + // The name of the Crl. + Name *string `locationName:"name" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCrlInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCrlInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateCrlInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateCrlInput"} + if s.CrlData != nil && len(s.CrlData) < 1 { + invalidParams.Add(request.NewErrParamMinLen("CrlData", 1)) + } + if s.CrlId == nil { + invalidParams.Add(request.NewErrParamRequired("CrlId")) + } + if s.CrlId != nil && len(*s.CrlId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("CrlId", 36)) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetCrlData sets the CrlData field's value. +func (s *UpdateCrlInput) SetCrlData(v []byte) *UpdateCrlInput { + s.CrlData = v + return s +} + +// SetCrlId sets the CrlId field's value. +func (s *UpdateCrlInput) SetCrlId(v string) *UpdateCrlInput { + s.CrlId = &v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateCrlInput) SetName(v string) *UpdateCrlInput { + s.Name = &v + return s +} + +type UpdateCrlOutput struct { + _ struct{} `type:"structure"` + + // The state of the certificate revocation list (CRL) after a read or write + // operation. + // + // Crl is a required field + Crl *CrlDetail `locationName:"crl" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCrlOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateCrlOutput) GoString() string { + return s.String() +} + +// SetCrl sets the Crl field's value. +func (s *UpdateCrlOutput) SetCrl(v *CrlDetail) *UpdateCrlOutput { + s.Crl = v + return s +} + +type UpdateProfileInput struct { + _ struct{} `type:"structure"` + + // The number of seconds the vended session credentials are valid for. + DurationSeconds *int64 `locationName:"durationSeconds" min:"900" type:"integer"` + + // A list of managed policy ARNs that apply to the vended session credentials. + ManagedPolicyArns []*string `locationName:"managedPolicyArns" type:"list"` + + // The name of the profile. + Name *string `locationName:"name" min:"1" type:"string"` + + // The unique identifier of the profile. + // + // ProfileId is a required field + ProfileId *string `location:"uri" locationName:"profileId" min:"36" type:"string" required:"true"` + + // A list of IAM roles that this profile can assume in a CreateSession (https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_CreateSession.html) + // operation. + RoleArns []*string `locationName:"roleArns" type:"list"` + + // A session policy that applies to the trust boundary of the vended session + // credentials. + SessionPolicy *string `locationName:"sessionPolicy" min:"1" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateProfileInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateProfileInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateProfileInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateProfileInput"} + if s.DurationSeconds != nil && *s.DurationSeconds < 900 { + invalidParams.Add(request.NewErrParamMinValue("DurationSeconds", 900)) + } + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.ProfileId == nil { + invalidParams.Add(request.NewErrParamRequired("ProfileId")) + } + if s.ProfileId != nil && len(*s.ProfileId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("ProfileId", 36)) + } + if s.SessionPolicy != nil && len(*s.SessionPolicy) < 1 { + invalidParams.Add(request.NewErrParamMinLen("SessionPolicy", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDurationSeconds sets the DurationSeconds field's value. +func (s *UpdateProfileInput) SetDurationSeconds(v int64) *UpdateProfileInput { + s.DurationSeconds = &v + return s +} + +// SetManagedPolicyArns sets the ManagedPolicyArns field's value. +func (s *UpdateProfileInput) SetManagedPolicyArns(v []*string) *UpdateProfileInput { + s.ManagedPolicyArns = v + return s +} + +// SetName sets the Name field's value. +func (s *UpdateProfileInput) SetName(v string) *UpdateProfileInput { + s.Name = &v + return s +} + +// SetProfileId sets the ProfileId field's value. +func (s *UpdateProfileInput) SetProfileId(v string) *UpdateProfileInput { + s.ProfileId = &v + return s +} + +// SetRoleArns sets the RoleArns field's value. +func (s *UpdateProfileInput) SetRoleArns(v []*string) *UpdateProfileInput { + s.RoleArns = v + return s +} + +// SetSessionPolicy sets the SessionPolicy field's value. +func (s *UpdateProfileInput) SetSessionPolicy(v string) *UpdateProfileInput { + s.SessionPolicy = &v + return s +} + +type UpdateProfileOutput struct { + _ struct{} `type:"structure"` + + // The state of the profile after a read or write operation. + Profile *ProfileDetail `locationName:"profile" type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateProfileOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateProfileOutput) GoString() string { + return s.String() +} + +// SetProfile sets the Profile field's value. +func (s *UpdateProfileOutput) SetProfile(v *ProfileDetail) *UpdateProfileOutput { + s.Profile = v + return s +} + +type UpdateTrustAnchorInput struct { + _ struct{} `type:"structure"` + + // The name of the trust anchor. + Name *string `locationName:"name" min:"1" type:"string"` + + // The trust anchor type and its related certificate data. + Source *Source `locationName:"source" type:"structure"` + + // The unique identifier of the trust anchor. + // + // TrustAnchorId is a required field + TrustAnchorId *string `location:"uri" locationName:"trustAnchorId" min:"36" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateTrustAnchorInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateTrustAnchorInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UpdateTrustAnchorInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UpdateTrustAnchorInput"} + if s.Name != nil && len(*s.Name) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Name", 1)) + } + if s.TrustAnchorId == nil { + invalidParams.Add(request.NewErrParamRequired("TrustAnchorId")) + } + if s.TrustAnchorId != nil && len(*s.TrustAnchorId) < 36 { + invalidParams.Add(request.NewErrParamMinLen("TrustAnchorId", 36)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetName sets the Name field's value. +func (s *UpdateTrustAnchorInput) SetName(v string) *UpdateTrustAnchorInput { + s.Name = &v + return s +} + +// SetSource sets the Source field's value. +func (s *UpdateTrustAnchorInput) SetSource(v *Source) *UpdateTrustAnchorInput { + s.Source = v + return s +} + +// SetTrustAnchorId sets the TrustAnchorId field's value. +func (s *UpdateTrustAnchorInput) SetTrustAnchorId(v string) *UpdateTrustAnchorInput { + s.TrustAnchorId = &v + return s +} + +type UpdateTrustAnchorOutput struct { + _ struct{} `type:"structure"` + + // The state of the trust anchor after a read or write operation. + // + // TrustAnchor is a required field + TrustAnchor *TrustAnchorDetail `locationName:"trustAnchor" type:"structure" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateTrustAnchorOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UpdateTrustAnchorOutput) GoString() string { + return s.String() +} + +// SetTrustAnchor sets the TrustAnchor field's value. +func (s *UpdateTrustAnchorOutput) SetTrustAnchor(v *TrustAnchorDetail) *UpdateTrustAnchorOutput { + s.TrustAnchor = v + return s +} + +// Validation exception error. +type ValidationException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ValidationException) GoString() string { + return s.String() +} + +func newErrorValidationException(v protocol.ResponseMetadata) error { + return &ValidationException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ValidationException) Code() string { + return "ValidationException" +} + +// Message returns the exception's message. +func (s *ValidationException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ValidationException) OrigErr() error { + return nil +} + +func (s *ValidationException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ValidationException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ValidationException) RequestID() string { + return s.RespMetadata.RequestID +} + +const ( + // TrustAnchorTypeAwsAcmPca is a TrustAnchorType enum value + TrustAnchorTypeAwsAcmPca = "AWS_ACM_PCA" + + // TrustAnchorTypeCertificateBundle is a TrustAnchorType enum value + TrustAnchorTypeCertificateBundle = "CERTIFICATE_BUNDLE" + + // TrustAnchorTypeSelfSignedRepository is a TrustAnchorType enum value + TrustAnchorTypeSelfSignedRepository = "SELF_SIGNED_REPOSITORY" +) + +// TrustAnchorType_Values returns all elements of the TrustAnchorType enum +func TrustAnchorType_Values() []string { + return []string{ + TrustAnchorTypeAwsAcmPca, + TrustAnchorTypeCertificateBundle, + TrustAnchorTypeSelfSignedRepository, + } +} diff --git a/service/rolesanywhere/doc.go b/service/rolesanywhere/doc.go new file mode 100644 index 00000000000..f5702727905 --- /dev/null +++ b/service/rolesanywhere/doc.go @@ -0,0 +1,45 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package rolesanywhere provides the client and types for making API +// requests to IAM Roles Anywhere. +// +// AWS Identity and Access Management Roles Anywhere provides a secure way for +// your workloads such as servers, containers, and applications running outside +// of AWS to obtain Temporary AWS credentials. Your workloads can use the same +// IAM policies and roles that you have configured with native AWS applications +// to access AWS resources. Using IAM Roles Anywhere will eliminate the need +// to manage long term credentials for workloads running outside of AWS. +// +// To use IAM Roles Anywhere customer workloads will need to use X.509 certificates +// issued by their Certificate Authority (CA) . The Certificate Authority (CA) +// needs to be registered with IAM Roles Anywhere as a trust anchor to establish +// trust between customer PKI and IAM Roles Anywhere. Customers who do not manage +// their own PKI system can use AWS Certificate Manager Private Certificate +// Authority (ACM PCA) to create a Certificate Authority and use that to establish +// trust with IAM Roles Anywhere +// +// This guide describes the IAM rolesanywhere operations that you can call programmatically. +// For general information about IAM Roles Anywhere see https://docs.aws.amazon.com/ +// (https://docs.aws.amazon.com/) +// +// See https://docs.aws.amazon.com/goto/WebAPI/rolesanywhere-2018-05-10 for more information on this service. +// +// See rolesanywhere package documentation for more information. +// https://docs.aws.amazon.com/sdk-for-go/api/service/rolesanywhere/ +// +// Using the Client +// +// To contact IAM Roles Anywhere with the SDK use the New function to create +// a new service client. With that client you can make API requests to the service. +// These clients are safe to use concurrently. +// +// See the SDK's documentation for more information on how to use the SDK. +// https://docs.aws.amazon.com/sdk-for-go/api/ +// +// See aws.Config documentation for more information on configuring SDK clients. +// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config +// +// See the IAM Roles Anywhere client RolesAnywhere for more +// information on creating client for this service. +// https://docs.aws.amazon.com/sdk-for-go/api/service/rolesanywhere/#New +package rolesanywhere diff --git a/service/rolesanywhere/errors.go b/service/rolesanywhere/errors.go new file mode 100644 index 00000000000..1f15d642e52 --- /dev/null +++ b/service/rolesanywhere/errors.go @@ -0,0 +1,41 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package rolesanywhere + +import ( + "github.com/aws/aws-sdk-go/private/protocol" +) + +const ( + + // ErrCodeAccessDeniedException for service response error code + // "AccessDeniedException". + // + // You do not have sufficient access to perform this action. + ErrCodeAccessDeniedException = "AccessDeniedException" + + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The resource could not be found. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + + // ErrCodeTooManyTagsException for service response error code + // "TooManyTagsException". + // + // Too many tags. + ErrCodeTooManyTagsException = "TooManyTagsException" + + // ErrCodeValidationException for service response error code + // "ValidationException". + // + // Validation exception error. + ErrCodeValidationException = "ValidationException" +) + +var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ + "AccessDeniedException": newErrorAccessDeniedException, + "ResourceNotFoundException": newErrorResourceNotFoundException, + "TooManyTagsException": newErrorTooManyTagsException, + "ValidationException": newErrorValidationException, +} diff --git a/service/rolesanywhere/rolesanywhereiface/interface.go b/service/rolesanywhere/rolesanywhereiface/interface.go new file mode 100644 index 00000000000..b18a26f9280 --- /dev/null +++ b/service/rolesanywhere/rolesanywhereiface/interface.go @@ -0,0 +1,180 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +// Package rolesanywhereiface provides an interface to enable mocking the IAM Roles Anywhere service client +// for testing your code. +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. +package rolesanywhereiface + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/rolesanywhere" +) + +// RolesAnywhereAPI provides an interface to enable mocking the +// rolesanywhere.RolesAnywhere service client's API operation, +// paginators, and waiters. This make unit testing your code that calls out +// to the SDK's service client's calls easier. +// +// The best way to use this interface is so the SDK's service client's calls +// can be stubbed out for unit testing your code with the SDK without needing +// to inject custom request handlers into the SDK's request pipeline. +// +// // myFunc uses an SDK service client to make a request to +// // IAM Roles Anywhere. +// func myFunc(svc rolesanywhereiface.RolesAnywhereAPI) bool { +// // Make svc.CreateProfile request +// } +// +// func main() { +// sess := session.New() +// svc := rolesanywhere.New(sess) +// +// myFunc(svc) +// } +// +// In your _test.go file: +// +// // Define a mock struct to be used in your unit tests of myFunc. +// type mockRolesAnywhereClient struct { +// rolesanywhereiface.RolesAnywhereAPI +// } +// func (m *mockRolesAnywhereClient) CreateProfile(input *rolesanywhere.CreateProfileInput) (*rolesanywhere.CreateProfileOutput, error) { +// // mock response/functionality +// } +// +// func TestMyFunc(t *testing.T) { +// // Setup Test +// mockSvc := &mockRolesAnywhereClient{} +// +// myfunc(mockSvc) +// +// // Verify myFunc's functionality +// } +// +// It is important to note that this interface will have breaking changes +// when the service model is updated and adds new API operations, paginators, +// and waiters. Its suggested to use the pattern above for testing, or using +// tooling to generate mocks to satisfy the interfaces. +type RolesAnywhereAPI interface { + CreateProfile(*rolesanywhere.CreateProfileInput) (*rolesanywhere.CreateProfileOutput, error) + CreateProfileWithContext(aws.Context, *rolesanywhere.CreateProfileInput, ...request.Option) (*rolesanywhere.CreateProfileOutput, error) + CreateProfileRequest(*rolesanywhere.CreateProfileInput) (*request.Request, *rolesanywhere.CreateProfileOutput) + + CreateTrustAnchor(*rolesanywhere.CreateTrustAnchorInput) (*rolesanywhere.CreateTrustAnchorOutput, error) + CreateTrustAnchorWithContext(aws.Context, *rolesanywhere.CreateTrustAnchorInput, ...request.Option) (*rolesanywhere.CreateTrustAnchorOutput, error) + CreateTrustAnchorRequest(*rolesanywhere.CreateTrustAnchorInput) (*request.Request, *rolesanywhere.CreateTrustAnchorOutput) + + DeleteCrl(*rolesanywhere.DeleteCrlInput) (*rolesanywhere.DeleteCrlOutput, error) + DeleteCrlWithContext(aws.Context, *rolesanywhere.DeleteCrlInput, ...request.Option) (*rolesanywhere.DeleteCrlOutput, error) + DeleteCrlRequest(*rolesanywhere.DeleteCrlInput) (*request.Request, *rolesanywhere.DeleteCrlOutput) + + DeleteProfile(*rolesanywhere.DeleteProfileInput) (*rolesanywhere.DeleteProfileOutput, error) + DeleteProfileWithContext(aws.Context, *rolesanywhere.DeleteProfileInput, ...request.Option) (*rolesanywhere.DeleteProfileOutput, error) + DeleteProfileRequest(*rolesanywhere.DeleteProfileInput) (*request.Request, *rolesanywhere.DeleteProfileOutput) + + DeleteTrustAnchor(*rolesanywhere.DeleteTrustAnchorInput) (*rolesanywhere.DeleteTrustAnchorOutput, error) + DeleteTrustAnchorWithContext(aws.Context, *rolesanywhere.DeleteTrustAnchorInput, ...request.Option) (*rolesanywhere.DeleteTrustAnchorOutput, error) + DeleteTrustAnchorRequest(*rolesanywhere.DeleteTrustAnchorInput) (*request.Request, *rolesanywhere.DeleteTrustAnchorOutput) + + DisableCrl(*rolesanywhere.DisableCrlInput) (*rolesanywhere.DisableCrlOutput, error) + DisableCrlWithContext(aws.Context, *rolesanywhere.DisableCrlInput, ...request.Option) (*rolesanywhere.DisableCrlOutput, error) + DisableCrlRequest(*rolesanywhere.DisableCrlInput) (*request.Request, *rolesanywhere.DisableCrlOutput) + + DisableProfile(*rolesanywhere.DisableProfileInput) (*rolesanywhere.DisableProfileOutput, error) + DisableProfileWithContext(aws.Context, *rolesanywhere.DisableProfileInput, ...request.Option) (*rolesanywhere.DisableProfileOutput, error) + DisableProfileRequest(*rolesanywhere.DisableProfileInput) (*request.Request, *rolesanywhere.DisableProfileOutput) + + DisableTrustAnchor(*rolesanywhere.DisableTrustAnchorInput) (*rolesanywhere.DisableTrustAnchorOutput, error) + DisableTrustAnchorWithContext(aws.Context, *rolesanywhere.DisableTrustAnchorInput, ...request.Option) (*rolesanywhere.DisableTrustAnchorOutput, error) + DisableTrustAnchorRequest(*rolesanywhere.DisableTrustAnchorInput) (*request.Request, *rolesanywhere.DisableTrustAnchorOutput) + + EnableCrl(*rolesanywhere.EnableCrlInput) (*rolesanywhere.EnableCrlOutput, error) + EnableCrlWithContext(aws.Context, *rolesanywhere.EnableCrlInput, ...request.Option) (*rolesanywhere.EnableCrlOutput, error) + EnableCrlRequest(*rolesanywhere.EnableCrlInput) (*request.Request, *rolesanywhere.EnableCrlOutput) + + EnableProfile(*rolesanywhere.EnableProfileInput) (*rolesanywhere.EnableProfileOutput, error) + EnableProfileWithContext(aws.Context, *rolesanywhere.EnableProfileInput, ...request.Option) (*rolesanywhere.EnableProfileOutput, error) + EnableProfileRequest(*rolesanywhere.EnableProfileInput) (*request.Request, *rolesanywhere.EnableProfileOutput) + + EnableTrustAnchor(*rolesanywhere.EnableTrustAnchorInput) (*rolesanywhere.EnableTrustAnchorOutput, error) + EnableTrustAnchorWithContext(aws.Context, *rolesanywhere.EnableTrustAnchorInput, ...request.Option) (*rolesanywhere.EnableTrustAnchorOutput, error) + EnableTrustAnchorRequest(*rolesanywhere.EnableTrustAnchorInput) (*request.Request, *rolesanywhere.EnableTrustAnchorOutput) + + GetCrl(*rolesanywhere.GetCrlInput) (*rolesanywhere.GetCrlOutput, error) + GetCrlWithContext(aws.Context, *rolesanywhere.GetCrlInput, ...request.Option) (*rolesanywhere.GetCrlOutput, error) + GetCrlRequest(*rolesanywhere.GetCrlInput) (*request.Request, *rolesanywhere.GetCrlOutput) + + GetProfile(*rolesanywhere.GetProfileInput) (*rolesanywhere.GetProfileOutput, error) + GetProfileWithContext(aws.Context, *rolesanywhere.GetProfileInput, ...request.Option) (*rolesanywhere.GetProfileOutput, error) + GetProfileRequest(*rolesanywhere.GetProfileInput) (*request.Request, *rolesanywhere.GetProfileOutput) + + GetSubject(*rolesanywhere.GetSubjectInput) (*rolesanywhere.GetSubjectOutput, error) + GetSubjectWithContext(aws.Context, *rolesanywhere.GetSubjectInput, ...request.Option) (*rolesanywhere.GetSubjectOutput, error) + GetSubjectRequest(*rolesanywhere.GetSubjectInput) (*request.Request, *rolesanywhere.GetSubjectOutput) + + GetTrustAnchor(*rolesanywhere.GetTrustAnchorInput) (*rolesanywhere.GetTrustAnchorOutput, error) + GetTrustAnchorWithContext(aws.Context, *rolesanywhere.GetTrustAnchorInput, ...request.Option) (*rolesanywhere.GetTrustAnchorOutput, error) + GetTrustAnchorRequest(*rolesanywhere.GetTrustAnchorInput) (*request.Request, *rolesanywhere.GetTrustAnchorOutput) + + ImportCrl(*rolesanywhere.ImportCrlInput) (*rolesanywhere.ImportCrlOutput, error) + ImportCrlWithContext(aws.Context, *rolesanywhere.ImportCrlInput, ...request.Option) (*rolesanywhere.ImportCrlOutput, error) + ImportCrlRequest(*rolesanywhere.ImportCrlInput) (*request.Request, *rolesanywhere.ImportCrlOutput) + + ListCrls(*rolesanywhere.ListCrlsInput) (*rolesanywhere.ListCrlsOutput, error) + ListCrlsWithContext(aws.Context, *rolesanywhere.ListCrlsInput, ...request.Option) (*rolesanywhere.ListCrlsOutput, error) + ListCrlsRequest(*rolesanywhere.ListCrlsInput) (*request.Request, *rolesanywhere.ListCrlsOutput) + + ListCrlsPages(*rolesanywhere.ListCrlsInput, func(*rolesanywhere.ListCrlsOutput, bool) bool) error + ListCrlsPagesWithContext(aws.Context, *rolesanywhere.ListCrlsInput, func(*rolesanywhere.ListCrlsOutput, bool) bool, ...request.Option) error + + ListProfiles(*rolesanywhere.ListProfilesInput) (*rolesanywhere.ListProfilesOutput, error) + ListProfilesWithContext(aws.Context, *rolesanywhere.ListProfilesInput, ...request.Option) (*rolesanywhere.ListProfilesOutput, error) + ListProfilesRequest(*rolesanywhere.ListProfilesInput) (*request.Request, *rolesanywhere.ListProfilesOutput) + + ListProfilesPages(*rolesanywhere.ListProfilesInput, func(*rolesanywhere.ListProfilesOutput, bool) bool) error + ListProfilesPagesWithContext(aws.Context, *rolesanywhere.ListProfilesInput, func(*rolesanywhere.ListProfilesOutput, bool) bool, ...request.Option) error + + ListSubjects(*rolesanywhere.ListSubjectsInput) (*rolesanywhere.ListSubjectsOutput, error) + ListSubjectsWithContext(aws.Context, *rolesanywhere.ListSubjectsInput, ...request.Option) (*rolesanywhere.ListSubjectsOutput, error) + ListSubjectsRequest(*rolesanywhere.ListSubjectsInput) (*request.Request, *rolesanywhere.ListSubjectsOutput) + + ListSubjectsPages(*rolesanywhere.ListSubjectsInput, func(*rolesanywhere.ListSubjectsOutput, bool) bool) error + ListSubjectsPagesWithContext(aws.Context, *rolesanywhere.ListSubjectsInput, func(*rolesanywhere.ListSubjectsOutput, bool) bool, ...request.Option) error + + ListTagsForResource(*rolesanywhere.ListTagsForResourceInput) (*rolesanywhere.ListTagsForResourceOutput, error) + ListTagsForResourceWithContext(aws.Context, *rolesanywhere.ListTagsForResourceInput, ...request.Option) (*rolesanywhere.ListTagsForResourceOutput, error) + ListTagsForResourceRequest(*rolesanywhere.ListTagsForResourceInput) (*request.Request, *rolesanywhere.ListTagsForResourceOutput) + + ListTrustAnchors(*rolesanywhere.ListTrustAnchorsInput) (*rolesanywhere.ListTrustAnchorsOutput, error) + ListTrustAnchorsWithContext(aws.Context, *rolesanywhere.ListTrustAnchorsInput, ...request.Option) (*rolesanywhere.ListTrustAnchorsOutput, error) + ListTrustAnchorsRequest(*rolesanywhere.ListTrustAnchorsInput) (*request.Request, *rolesanywhere.ListTrustAnchorsOutput) + + ListTrustAnchorsPages(*rolesanywhere.ListTrustAnchorsInput, func(*rolesanywhere.ListTrustAnchorsOutput, bool) bool) error + ListTrustAnchorsPagesWithContext(aws.Context, *rolesanywhere.ListTrustAnchorsInput, func(*rolesanywhere.ListTrustAnchorsOutput, bool) bool, ...request.Option) error + + TagResource(*rolesanywhere.TagResourceInput) (*rolesanywhere.TagResourceOutput, error) + TagResourceWithContext(aws.Context, *rolesanywhere.TagResourceInput, ...request.Option) (*rolesanywhere.TagResourceOutput, error) + TagResourceRequest(*rolesanywhere.TagResourceInput) (*request.Request, *rolesanywhere.TagResourceOutput) + + UntagResource(*rolesanywhere.UntagResourceInput) (*rolesanywhere.UntagResourceOutput, error) + UntagResourceWithContext(aws.Context, *rolesanywhere.UntagResourceInput, ...request.Option) (*rolesanywhere.UntagResourceOutput, error) + UntagResourceRequest(*rolesanywhere.UntagResourceInput) (*request.Request, *rolesanywhere.UntagResourceOutput) + + UpdateCrl(*rolesanywhere.UpdateCrlInput) (*rolesanywhere.UpdateCrlOutput, error) + UpdateCrlWithContext(aws.Context, *rolesanywhere.UpdateCrlInput, ...request.Option) (*rolesanywhere.UpdateCrlOutput, error) + UpdateCrlRequest(*rolesanywhere.UpdateCrlInput) (*request.Request, *rolesanywhere.UpdateCrlOutput) + + UpdateProfile(*rolesanywhere.UpdateProfileInput) (*rolesanywhere.UpdateProfileOutput, error) + UpdateProfileWithContext(aws.Context, *rolesanywhere.UpdateProfileInput, ...request.Option) (*rolesanywhere.UpdateProfileOutput, error) + UpdateProfileRequest(*rolesanywhere.UpdateProfileInput) (*request.Request, *rolesanywhere.UpdateProfileOutput) + + UpdateTrustAnchor(*rolesanywhere.UpdateTrustAnchorInput) (*rolesanywhere.UpdateTrustAnchorOutput, error) + UpdateTrustAnchorWithContext(aws.Context, *rolesanywhere.UpdateTrustAnchorInput, ...request.Option) (*rolesanywhere.UpdateTrustAnchorOutput, error) + UpdateTrustAnchorRequest(*rolesanywhere.UpdateTrustAnchorInput) (*request.Request, *rolesanywhere.UpdateTrustAnchorOutput) +} + +var _ RolesAnywhereAPI = (*rolesanywhere.RolesAnywhere)(nil) diff --git a/service/rolesanywhere/service.go b/service/rolesanywhere/service.go new file mode 100644 index 00000000000..0b5b3e0f552 --- /dev/null +++ b/service/rolesanywhere/service.go @@ -0,0 +1,105 @@ +// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. + +package rolesanywhere + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/client" + "github.com/aws/aws-sdk-go/aws/client/metadata" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/aws/signer/v4" + "github.com/aws/aws-sdk-go/private/protocol" + "github.com/aws/aws-sdk-go/private/protocol/restjson" +) + +// RolesAnywhere provides the API operation methods for making requests to +// IAM Roles Anywhere. See this package's package overview docs +// for details on the service. +// +// RolesAnywhere methods are safe to use concurrently. It is not safe to +// modify mutate any of the struct's properties though. +type RolesAnywhere struct { + *client.Client +} + +// Used for custom client initialization logic +var initClient func(*client.Client) + +// Used for custom request initialization logic +var initRequest func(*request.Request) + +// Service information constants +const ( + ServiceName = "RolesAnywhere" // Name of service. + EndpointsID = "rolesanywhere" // ID to lookup a service endpoint with. + ServiceID = "RolesAnywhere" // ServiceID is a unique identifier of a specific service. +) + +// New creates a new instance of the RolesAnywhere client with a session. +// If additional configuration is needed for the client instance use the optional +// aws.Config parameter to add your extra config. +// +// Example: +// mySession := session.Must(session.NewSession()) +// +// // Create a RolesAnywhere client from just a session. +// svc := rolesanywhere.New(mySession) +// +// // Create a RolesAnywhere client with additional configuration +// svc := rolesanywhere.New(mySession, aws.NewConfig().WithRegion("us-west-2")) +func New(p client.ConfigProvider, cfgs ...*aws.Config) *RolesAnywhere { + c := p.ClientConfig(EndpointsID, cfgs...) + if c.SigningNameDerived || len(c.SigningName) == 0 { + c.SigningName = "rolesanywhere" + } + return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion) +} + +// newClient creates, initializes and returns a new service client instance. +func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *RolesAnywhere { + svc := &RolesAnywhere{ + Client: client.New( + cfg, + metadata.ClientInfo{ + ServiceName: ServiceName, + ServiceID: ServiceID, + SigningName: signingName, + SigningRegion: signingRegion, + PartitionID: partitionID, + Endpoint: endpoint, + APIVersion: "2018-05-10", + ResolvedRegion: resolvedRegion, + }, + handlers, + ), + } + + // Handlers + svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler) + svc.Handlers.Build.PushBackNamed(restjson.BuildHandler) + svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler) + svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler) + svc.Handlers.UnmarshalError.PushBackNamed( + protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(), + ) + + // Run custom client initialization if present + if initClient != nil { + initClient(svc.Client) + } + + return svc +} + +// newRequest creates a new request for a RolesAnywhere operation and runs any +// custom request initialization. +func (c *RolesAnywhere) newRequest(op *request.Operation, params, data interface{}) *request.Request { + req := c.NewRequest(op, params, data) + + // Run custom request initialization if present + if initRequest != nil { + initRequest(req) + } + + return req +} diff --git a/service/ssmincidents/api.go b/service/ssmincidents/api.go index 42a23c2a182..7133f2b8c53 100644 --- a/service/ssmincidents/api.go +++ b/service/ssmincidents/api.go @@ -5401,6 +5401,9 @@ type IncidentTemplate struct { // Impact is a required field Impact *int64 `locationName:"impact" min:"1" type:"integer" required:"true"` + // Tags to apply to an incident when calling the StartIncident API action. + IncidentTags map[string]*string `locationName:"incidentTags" min:"1" type:"map"` + // The Amazon SNS targets that are notified when updates are made to an incident. NotificationTargets []*NotificationTargetItem `locationName:"notificationTargets" type:"list"` @@ -5441,6 +5444,9 @@ func (s *IncidentTemplate) Validate() error { if s.Impact != nil && *s.Impact < 1 { invalidParams.Add(request.NewErrParamMinValue("Impact", 1)) } + if s.IncidentTags != nil && len(s.IncidentTags) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IncidentTags", 1)) + } if s.Title == nil { invalidParams.Add(request.NewErrParamRequired("Title")) } @@ -5463,6 +5469,12 @@ func (s *IncidentTemplate) SetImpact(v int64) *IncidentTemplate { return s } +// SetIncidentTags sets the IncidentTags field's value. +func (s *IncidentTemplate) SetIncidentTags(v map[string]*string) *IncidentTemplate { + s.IncidentTags = v + return s +} + // SetNotificationTargets sets the NotificationTargets field's value. func (s *IncidentTemplate) SetNotificationTargets(v []*NotificationTargetItem) *IncidentTemplate { s.NotificationTargets = v @@ -8320,6 +8332,11 @@ type UpdateResponsePlanInput struct { // what's currently happening, and next steps. IncidentTemplateSummary *string `locationName:"incidentTemplateSummary" type:"string"` + // Tags to apply to an incident when calling the StartIncident API action. To + // call this action, you must also have permission to call the TagResource API + // action for the incident record resource. + IncidentTemplateTags map[string]*string `locationName:"incidentTemplateTags" type:"map"` + // The short format name of the incident. The title can't contain spaces. IncidentTemplateTitle *string `locationName:"incidentTemplateTitle" type:"string"` } @@ -8433,6 +8450,12 @@ func (s *UpdateResponsePlanInput) SetIncidentTemplateSummary(v string) *UpdateRe return s } +// SetIncidentTemplateTags sets the IncidentTemplateTags field's value. +func (s *UpdateResponsePlanInput) SetIncidentTemplateTags(v map[string]*string) *UpdateResponsePlanInput { + s.IncidentTemplateTags = v + return s +} + // SetIncidentTemplateTitle sets the IncidentTemplateTitle field's value. func (s *UpdateResponsePlanInput) SetIncidentTemplateTitle(v string) *UpdateResponsePlanInput { s.IncidentTemplateTitle = &v