diff --git a/CHANGELOG.md b/CHANGELOG.md index 50ec91a4a3f..b8f4108d61a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,22 @@ +Release v1.50.34 (2024-03-07) +=== + +### Service Client Updates +* `service/appconfig`: Updates service API and documentation +* `service/ec2`: Updates service API and documentation + * This release adds an optional parameter to RegisterImage and CopyImage APIs to support tagging AMIs at the time of creation. +* `service/grafana`: Updates service API and documentation +* `service/lambda`: Updates service documentation + * Documentation updates for AWS Lambda +* `service/payment-cryptography-data`: Updates service API and documentation +* `service/rds`: Updates service API, documentation, waiters, paginators, and examples + * Updates Amazon RDS documentation for io2 storage for Multi-AZ DB clusters +* `service/snowball`: Updates service documentation + * Doc-only update for change to EKS-Anywhere ordering. +* `service/wafv2`: Updates service API and documentation +* `service/workspaces`: Updates service documentation + * Added note for user decoupling + Release v1.50.33 (2024-03-06) === diff --git a/aws/version.go b/aws/version.go index 394a580ae1f..f2ab1cd7431 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.50.33" +const SDKVersion = "1.50.34" diff --git a/models/apis/appconfig/2019-10-09/api-2.json b/models/apis/appconfig/2019-10-09/api-2.json index 762c82e5df7..90c8e369f18 100644 --- a/models/apis/appconfig/2019-10-09/api-2.json +++ b/models/apis/appconfig/2019-10-09/api-2.json @@ -1235,6 +1235,17 @@ "max":1024, "min":0 }, + "DynamicParameterKey":{ + "type":"string", + "pattern":"^([^#\\n]{1,96})#([^\\/#\\n]{1,64})$" + }, + "DynamicParameterMap":{ + "type":"map", + "key":{"shape":"DynamicParameterKey"}, + "value":{"shape":"StringWithLengthBetween1And2048"}, + "max":10, + "min":1 + }, "Environment":{ "type":"structure", "members":{ @@ -1886,21 +1897,22 @@ "type":"structure", "members":{ "Description":{"shape":"Description"}, - "Required":{"shape":"Boolean"} + "Required":{"shape":"Boolean"}, + "Dynamic":{"shape":"Boolean"} } }, "ParameterMap":{ "type":"map", "key":{"shape":"ExtensionOrParameterName"}, "value":{"shape":"Parameter"}, - "max":5, + "max":10, "min":1 }, "ParameterValueMap":{ "type":"map", "key":{"shape":"ExtensionOrParameterName"}, "value":{"shape":"StringWithLengthBetween1And2048"}, - "max":5, + "max":10, "min":0 }, "PayloadTooLargeException":{ @@ -1985,7 +1997,8 @@ "ConfigurationVersion":{"shape":"Version"}, "Description":{"shape":"Description"}, "Tags":{"shape":"TagMap"}, - "KmsKeyIdentifier":{"shape":"KmsKeyIdentifier"} + "KmsKeyIdentifier":{"shape":"KmsKeyIdentifier"}, + "DynamicExtensionParameters":{"shape":"DynamicParameterMap"} } }, "StopDeploymentRequest":{ diff --git a/models/apis/appconfig/2019-10-09/docs-2.json b/models/apis/appconfig/2019-10-09/docs-2.json index f05e8603967..0ce90a66cff 100644 --- a/models/apis/appconfig/2019-10-09/docs-2.json +++ b/models/apis/appconfig/2019-10-09/docs-2.json @@ -1,13 +1,13 @@ { "version": "2.0", - "service": "
Use AppConfig, a capability of Amazon Web Services Systems Manager, to create, manage, and quickly deploy application configurations. AppConfig supports controlled deployments to applications of any size and includes built-in validation checks and monitoring. You can use AppConfig with applications hosted on Amazon EC2 instances, Lambda, containers, mobile applications, or IoT devices.
To prevent errors when deploying application configurations, especially for production systems where a simple typo could cause an unexpected outage, AppConfig includes validators. A validator provides a syntactic or semantic check to ensure that the configuration you want to deploy works as intended. To validate your application configuration data, you provide a schema or an Amazon Web Services Lambda function that runs against the configuration. The configuration deployment or update can only proceed when the configuration data is valid.
During a configuration deployment, AppConfig monitors the application to ensure that the deployment is successful. If the system encounters an error, AppConfig rolls back the change to minimize impact for your application users. You can configure a deployment strategy for each application or environment that includes deployment criteria, including velocity, bake time, and alarms to monitor. Similar to error monitoring, if a deployment triggers an alarm, AppConfig automatically rolls back to the previous version.
AppConfig supports multiple use cases. Here are some examples:
Feature flags: Use AppConfig to turn on new features that require a timely deployment, such as a product launch or announcement.
Application tuning: Use AppConfig to carefully introduce changes to your application that can only be tested with production traffic.
Allow list: Use AppConfig to allow premium subscribers to access paid content.
Operational issues: Use AppConfig to reduce stress on your application when a dependency or other external factor impacts the system.
This reference is intended to be used with the AppConfig User Guide.
", + "service": "AppConfig feature flags and dynamic configurations help software builders quickly and securely adjust application behavior in production environments without full code deployments. AppConfig speeds up software release frequency, improves application resiliency, and helps you address emergent issues more quickly. With feature flags, you can gradually release new capabilities to users and measure the impact of those changes before fully deploying the new capabilities to all users. With operational flags and dynamic configurations, you can update block lists, allow lists, throttling limits, logging verbosity, and perform other operational tuning to quickly respond to issues in production environments.
AppConfig is a capability of Amazon Web Services Systems Manager.
Despite the fact that application configuration content can vary greatly from application to application, AppConfig supports the following use cases, which cover a broad spectrum of customer needs:
Feature flags and toggles - Safely release new capabilities to your customers in a controlled environment. Instantly roll back changes if you experience a problem.
Application tuning - Carefully introduce application changes while testing the impact of those changes with users in production environments.
Allow list or block list - Control access to premium features or instantly block specific users without deploying new code.
Centralized configuration storage - Keep your configuration data organized and consistent across all of your workloads. You can use AppConfig to deploy configuration data stored in the AppConfig hosted configuration store, Secrets Manager, Systems Manager, Parameter Store, or Amazon S3.
How AppConfig works
This section provides a high-level description of how AppConfig works and how you get started.
Before you start creating AppConfig artifacts, we recommend you identify configuration data in your code that you want to dynamically manage using AppConfig. Good examples include feature flags or toggles, allow and block lists, logging verbosity, service limits, and throttling rules, to name a few.
If your configuration data already exists in the cloud, you can take advantage of AppConfig validation, deployment, and extension features to further streamline configuration data management.
To create a namespace, you create an AppConfig artifact called an application. An application is simply an organizational construct like a folder.
For each AppConfig application, you define one or more environments. An environment is a logical grouping of targets, such as applications in a Beta
or Production
environment, Lambda functions, or containers. You can also define environments for application subcomponents, such as the Web
, Mobile
, and Back-end
.
You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.
A configuration profile includes, among other things, a URI that enables AppConfig to locate your configuration data in its stored location and a profile type. AppConfig supports two configuration profile types: feature flags and freeform configurations. Feature flag configuration profiles store their data in the AppConfig hosted configuration store and the URI is simply hosted
. For freeform configuration profiles, you can store your data in the AppConfig hosted configuration store or any Amazon Web Services service that integrates with AppConfig, as described in Creating a free form configuration profile in the the AppConfig User Guide.
A configuration profile can also include optional validators to ensure your configuration data is syntactically and semantically correct. AppConfig performs a check using the validators when you start a deployment. If any errors are detected, the deployment rolls back to the previous configuration data.
When you create a new deployment, you specify the following:
An application ID
A configuration profile ID
A configuration version
An environment ID where you want to deploy the configuration data
A deployment strategy ID that defines how fast you want the changes to take effect
When you call the StartDeployment API action, AppConfig performs the following tasks:
Retrieves the configuration data from the underlying data store by using the location URI in the configuration profile.
Verifies the configuration data is syntactically and semantically correct by using the validators you specified when you created your configuration profile.
Caches a copy of the data so it is ready to be retrieved by your application. This cached copy is called the deployed data.
You can configure AppConfig Agent as a local host and have the agent poll AppConfig for configuration updates. The agent calls the StartConfigurationSession and GetLatestConfiguration API actions and caches your configuration data locally. To retrieve the data, your application makes an HTTP call to the localhost server. AppConfig Agent supports several use cases, as described in Simplified retrieval methods in the the AppConfig User Guide.
If AppConfig Agent isn't supported for your use case, you can configure your application to poll AppConfig for configuration updates by directly calling the StartConfigurationSession and GetLatestConfiguration API actions.
This reference is intended to be used with the AppConfig User Guide.
", "operations": { "CreateApplication": "Creates an application. In AppConfig, an application is simply an organizational construct like a folder. This organizational construct has a relationship with some unit of executable code. For example, you could create an application called MyMobileApp to organize and manage configuration data for a mobile application installed by your users.
", "CreateConfigurationProfile": "Creates a configuration profile, which is information that enables AppConfig to access the configuration source. Valid configuration sources include the following:
Configuration data in YAML, JSON, and other formats stored in the AppConfig hosted configuration store
Configuration data stored as objects in an Amazon Simple Storage Service (Amazon S3) bucket
Pipelines stored in CodePipeline
Secrets stored in Secrets Manager
Standard and secure string parameters stored in Amazon Web Services Systems Manager Parameter Store
Configuration data in SSM documents stored in the Systems Manager document store
A configuration profile includes the following information:
The URI location of the configuration data.
The Identity and Access Management (IAM) role that provides access to the configuration data.
A validator for the configuration data. Available validators include either a JSON Schema or an Amazon Web Services Lambda function.
For more information, see Create a Configuration and a Configuration Profile in the AppConfig User Guide.
", "CreateDeploymentStrategy": "Creates a deployment strategy that defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.
", "CreateEnvironment": "Creates an environment. For each application, you define one or more environments. An environment is a deployment group of AppConfig targets, such as applications in a Beta
or Production
environment. You can also define environments for application subcomponents such as the Web
, Mobile
and Back-end
components for your application. You can configure Amazon CloudWatch alarms for each environment. The system monitors alarms during a configuration deployment. If an alarm is triggered, the system rolls back the configuration.
Creates an AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AppConfig workflow of creating or deploying a configuration.
You can create your own extensions or use the Amazon Web Services authored extensions provided by AppConfig. For an AppConfig extension that uses Lambda, you must create a Lambda function to perform any computation and processing defined in the extension. If you plan to create custom versions of the Amazon Web Services authored notification extensions, you only need to specify an Amazon Resource Name (ARN) in the Uri
field for the new extension version.
For a custom EventBridge notification extension, enter the ARN of the EventBridge default events in the Uri
field.
For a custom Amazon SNS notification extension, enter the ARN of an Amazon SNS topic in the Uri
field.
For a custom Amazon SQS notification extension, enter the ARN of an Amazon SQS message queue in the Uri
field.
For more information about extensions, see Working with AppConfig extensions in the AppConfig User Guide.
", - "CreateExtensionAssociation": "When you create an extension or configure an Amazon Web Services authored extension, you associate the extension with an AppConfig application, environment, or configuration profile. For example, you can choose to run the AppConfig deployment events to Amazon SNS
Amazon Web Services authored extension and receive notifications on an Amazon SNS topic anytime a configuration deployment is started for a specific application. Defining which extension to associate with an AppConfig resource is called an extension association. An extension association is a specified relationship between an extension and an AppConfig resource, such as an application or a configuration profile. For more information about extensions and associations, see Working with AppConfig extensions in the AppConfig User Guide.
Creates an AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AppConfig workflow of creating or deploying a configuration.
You can create your own extensions or use the Amazon Web Services authored extensions provided by AppConfig. For an AppConfig extension that uses Lambda, you must create a Lambda function to perform any computation and processing defined in the extension. If you plan to create custom versions of the Amazon Web Services authored notification extensions, you only need to specify an Amazon Resource Name (ARN) in the Uri
field for the new extension version.
For a custom EventBridge notification extension, enter the ARN of the EventBridge default events in the Uri
field.
For a custom Amazon SNS notification extension, enter the ARN of an Amazon SNS topic in the Uri
field.
For a custom Amazon SQS notification extension, enter the ARN of an Amazon SQS message queue in the Uri
field.
For more information about extensions, see Extending workflows in the AppConfig User Guide.
", + "CreateExtensionAssociation": "When you create an extension or configure an Amazon Web Services authored extension, you associate the extension with an AppConfig application, environment, or configuration profile. For example, you can choose to run the AppConfig deployment events to Amazon SNS
Amazon Web Services authored extension and receive notifications on an Amazon SNS topic anytime a configuration deployment is started for a specific application. Defining which extension to associate with an AppConfig resource is called an extension association. An extension association is a specified relationship between an extension and an AppConfig resource, such as an application or a configuration profile. For more information about extensions and associations, see Extending workflows in the AppConfig User Guide.
Creates a new configuration in the AppConfig hosted configuration store.
", "DeleteApplication": "Deletes an application. Deleting an application does not delete a configuration from a host.
", "DeleteConfigurationProfile": "Deletes a configuration profile. Deleting a configuration profile does not delete a configuration from a host.
", @@ -23,15 +23,15 @@ "GetDeploymentStrategy": "Retrieves information about a deployment strategy. A deployment strategy defines important criteria for rolling out your configuration to the designated targets. A deployment strategy includes the overall duration required, a percentage of targets to receive the deployment during each interval, an algorithm that defines how percentage grows, and bake time.
", "GetEnvironment": "Retrieves information about an environment. An environment is a deployment group of AppConfig applications, such as applications in a Production
environment or in an EU_Region
environment. Each configuration deployment targets an environment. You can enable one or more Amazon CloudWatch alarms for an environment. If an alarm is triggered during a deployment, AppConfig roles back the configuration.
Returns information about an AppConfig extension.
", - "GetExtensionAssociation": "Returns information about an AppConfig extension association. For more information about extensions and associations, see Working with AppConfig extensions in the AppConfig User Guide.
", + "GetExtensionAssociation": "Returns information about an AppConfig extension association. For more information about extensions and associations, see Extending workflows in the AppConfig User Guide.
", "GetHostedConfigurationVersion": "Retrieves information about a specific configuration version.
", "ListApplications": "Lists all applications in your Amazon Web Services account.
", "ListConfigurationProfiles": "Lists the configuration profiles for an application.
", "ListDeploymentStrategies": "Lists deployment strategies.
", "ListDeployments": "Lists the deployments for an environment in descending deployment number order.
", "ListEnvironments": "Lists the environments for an application.
", - "ListExtensionAssociations": "Lists all AppConfig extension associations in the account. For more information about extensions and associations, see Working with AppConfig extensions in the AppConfig User Guide.
", - "ListExtensions": "Lists all custom and Amazon Web Services authored AppConfig extensions in the account. For more information about extensions, see Working with AppConfig extensions in the AppConfig User Guide.
", + "ListExtensionAssociations": "Lists all AppConfig extension associations in the account. For more information about extensions and associations, see Extending workflows in the AppConfig User Guide.
", + "ListExtensions": "Lists all custom and Amazon Web Services authored AppConfig extensions in the account. For more information about extensions, see Extending workflows in the AppConfig User Guide.
", "ListHostedConfigurationVersions": "Lists configurations stored in the AppConfig hosted configuration store by version.
", "ListTagsForResource": "Retrieves the list of key-value tags assigned to the resource.
", "StartDeployment": "Starts a deployment.
", @@ -42,8 +42,8 @@ "UpdateConfigurationProfile": "Updates a configuration profile.
", "UpdateDeploymentStrategy": "Updates a deployment strategy.
", "UpdateEnvironment": "Updates an environment.
", - "UpdateExtension": "Updates an AppConfig extension. For more information about extensions, see Working with AppConfig extensions in the AppConfig User Guide.
", - "UpdateExtensionAssociation": "Updates an association. For more information about extensions and associations, see Working with AppConfig extensions in the AppConfig User Guide.
", + "UpdateExtension": "Updates an AppConfig extension. For more information about extensions, see Extending workflows in the AppConfig User Guide.
", + "UpdateExtensionAssociation": "Updates an association. For more information about extensions and associations, see Extending workflows in the AppConfig User Guide.
", "ValidateConfiguration": "Uses the validators in a configuration profile to validate a configuration.
" }, "shapes": { @@ -164,7 +164,8 @@ "Boolean": { "base": null, "refs": { - "Parameter$Required": "A parameter value must be specified in the extension association.
" + "Parameter$Required": "A parameter value must be specified in the extension association.
", + "Parameter$Dynamic": "Indicates whether this parameter's value can be supplied at the extension's action point instead of during extension association. Dynamic parameters can't be marked Required
.
Information about the extension.
" } }, + "DynamicParameterKey": { + "base": null, + "refs": { + "DynamicParameterMap$key": null + } + }, + "DynamicParameterMap": { + "base": null, + "refs": { + "StartDeploymentRequest$DynamicExtensionParameters": "A map of dynamic extension parameter names to values to pass to associated extensions with PRE_START_DEPLOYMENT
actions.
A value such as an Amazon Resource Name (ARN) or an Amazon Simple Notification Service topic entered in an extension when invoked. Parameter values are specified in an extension association. For more information about extensions, see Working with AppConfig extensions in the AppConfig User Guide.
", + "base": "A value such as an Amazon Resource Name (ARN) or an Amazon Simple Notification Service topic entered in an extension when invoked. Parameter values are specified in an extension association. For more information about extensions, see Extending workflows in the AppConfig User Guide.
", "refs": { "ParameterMap$value": null } @@ -950,6 +963,7 @@ "StringWithLengthBetween1And2048": { "base": null, "refs": { + "DynamicParameterMap$value": null, "Monitor$AlarmArn": "Amazon Resource Name (ARN) of the Amazon CloudWatch alarm.
", "ParameterValueMap$value": null } diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 19097e2afc8..c716931ec9b 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -10037,7 +10037,11 @@ "shape":"Boolean", "locationName":"dryRun" }, - "CopyImageTags":{"shape":"Boolean"} + "CopyImageTags":{"shape":"Boolean"}, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "locationName":"TagSpecification" + } } }, "CopyImageResult":{ @@ -37029,7 +37033,11 @@ "BootMode":{"shape":"BootModeValues"}, "TpmSupport":{"shape":"TpmSupportValues"}, "UefiData":{"shape":"StringType"}, - "ImdsSupport":{"shape":"ImdsSupportValues"} + "ImdsSupport":{"shape":"ImdsSupportValues"}, + "TagSpecifications":{ + "shape":"TagSpecificationList", + "locationName":"TagSpecification" + } } }, "RegisterImageResult":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index c3c4240bbc8..34fb759303d 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -228,7 +228,7 @@ "DescribeAggregateIdFormat": "Describes the longer ID format settings for all resource types in a specific Region. This request is useful for performing a quick audit to determine whether a specific Region is fully opted in for longer IDs (17-character IDs).
This request only returns information about resource types that support longer IDs.
The following resource types support longer IDs: bundle
| conversion-task
| customer-gateway
| dhcp-options
| elastic-ip-allocation
| elastic-ip-association
| export-task
| flow-log
| image
| import-task
| instance
| internet-gateway
| network-acl
| network-acl-association
| network-interface
| network-interface-attachment
| prefix-list
| reservation
| route-table
| route-table-association
| security-group
| snapshot
| subnet
| subnet-cidr-block-association
| volume
| vpc
| vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
Describes the Availability Zones, Local Zones, and Wavelength Zones that are available to you. If there is an event impacting a zone, you can use this request to view the state and any provided messages for that zone.
For more information about Availability Zones, Local Zones, and Wavelength Zones, see Regions and zones in the Amazon Elastic Compute Cloud User Guide.
", "DescribeAwsNetworkPerformanceMetricSubscriptions": "Describes the current Infrastructure Performance metric subscriptions.
", - "DescribeBundleTasks": "Describes the specified bundle tasks or all of your bundle tasks.
Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage
with the Amazon S3 bucket name and image manifest name you provided to the bundle task.
Describes the specified bundle tasks or all of your bundle tasks.
Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the list, you can still register an AMI from it. Just use RegisterImage
with the Amazon S3 bucket name and image manifest name you provided to the bundle task.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.
To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.
", "DescribeCapacityBlockOfferings": "Describes Capacity Block offerings available for purchase in the Amazon Web Services Region that you're currently using. With Capacity Blocks, you purchase a specific instance type for a period of time.
", "DescribeCapacityReservationFleets": "Describes one or more Capacity Reservation Fleets.
", @@ -262,8 +262,8 @@ "DescribeIamInstanceProfileAssociations": "Describes your IAM instance profile associations.
", "DescribeIdFormat": "Describes the ID format settings for your resources on a per-Region basis, for example, to view which resource types are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types.
The following resource types support longer IDs: bundle
| conversion-task
| customer-gateway
| dhcp-options
| elastic-ip-allocation
| elastic-ip-association
| export-task
| flow-log
| image
| import-task
| instance
| internet-gateway
| network-acl
| network-acl-association
| network-interface
| network-interface-attachment
| prefix-list
| reservation
| route-table
| route-table-association
| security-group
| snapshot
| subnet
| subnet-cidr-block-association
| volume
| vpc
| vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
These settings apply to the IAM user who makes the request; they do not apply to the entire Amazon Web Services account. By default, an IAM user defaults to the same settings as the root user, unless they explicitly override the settings by running the ModifyIdFormat command. Resources created with longer IDs are visible to all IAM users, regardless of these settings and provided that they have permission to use the relevant Describe
command for the resource type.
Describes the ID format settings for resources for the specified IAM user, IAM role, or root user. For example, you can view the resource types that are enabled for longer IDs. This request only returns information about resource types whose ID formats can be modified; it does not return information about other resource types. For more information, see Resource IDs in the Amazon Elastic Compute Cloud User Guide.
The following resource types support longer IDs: bundle
| conversion-task
| customer-gateway
| dhcp-options
| elastic-ip-allocation
| elastic-ip-association
| export-task
| flow-log
| image
| import-task
| instance
| internet-gateway
| network-acl
| network-acl-association
| network-interface
| network-interface-attachment
| prefix-list
| reservation
| route-table
| route-table-association
| security-group
| snapshot
| subnet
| subnet-cidr-block-association
| volume
| vpc
| vpc-cidr-block-association
| vpc-endpoint
| vpc-peering-connection
| vpn-connection
| vpn-gateway
.
These settings apply to the principal specified in the request. They do not apply to the principal that makes the request.
", - "DescribeImageAttribute": "Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
", - "DescribeImages": "Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.
Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.
", + "DescribeImageAttribute": "Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you.
The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions.
Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found.
The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order.
Displays details about an import virtual machine or import snapshot tasks that are already created.
", "DescribeImportSnapshotTasks": "Describes your import snapshot tasks.
", "DescribeInstanceAttribute": "Describes the specified attribute of the specified instance. You can specify only one attribute at a time. Valid attribute values are: instanceType
| kernel
| ramdisk
| userData
| disableApiTermination
| instanceInitiatedShutdownBehavior
| rootDeviceName
| blockDeviceMapping
| productCodes
| sourceDestCheck
| groupSet
| ebsOptimized
| sriovNetSupport
Purchases a Reserved Instance for use with your account. With Reserved Instances, you pay a lower hourly rate compared to On-Demand instance pricing.
Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your specifications. After you've purchased a Reserved Instance, you can check for your new Reserved Instance with DescribeReservedInstances.
To queue a purchase for a future date and time, specify a purchase time. If you do not specify a purchase time, the default is the current time.
For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon EC2 User Guide.
", "PurchaseScheduledInstances": "You can no longer purchase Scheduled Instances.
Purchases the Scheduled Instances with the specified schedule.
Scheduled Instances enable you to purchase Amazon EC2 compute capacity by the hour for a one-year term. Before you can purchase a Scheduled Instance, you must call DescribeScheduledInstanceAvailability to check for available schedules and obtain a purchase token. After you purchase a Scheduled Instance, you must call RunScheduledInstances during each scheduled time period.
After you purchase a Scheduled Instance, you can't cancel, modify, or resell your purchase.
", "RebootInstances": "Requests a reboot of the specified instances. This operation is asynchronous; it only queues a request to reboot the specified instances. The operation succeeds if the instances are valid and belong to you. Requests to reboot terminated instances are ignored.
If an instance does not cleanly shut down within a few minutes, Amazon EC2 performs a hard reboot.
For more information about troubleshooting, see Troubleshoot an unreachable instance in the Amazon EC2 User Guide.
", - "RegisterImage": "Registers an AMI. When you're creating an AMI, this is the final step you must complete before you can launch an instance from the AMI. For more information about creating AMIs, see Create your own AMI in the Amazon Elastic Compute Cloud User Guide.
For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don't have to register the AMI yourself. We recommend that you always use CreateImage unless you have a specific reason to use RegisterImage.
If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.
Register a snapshot of a root device volume
You can use RegisterImage
to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can't set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.
For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.
Amazon Web Services Marketplace product codes
If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.
Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:
Launch an instance from an existing AMI with that billing product code.
Customize the instance.
Create an AMI from the instance using CreateImage.
If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.
", + "RegisterImage": "Registers an AMI. When you're creating an instance-store backed AMI, registering the AMI is the final step in the creation process. For more information about creating AMIs, see Create your own AMI in the Amazon Elastic Compute Cloud User Guide.
For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request, so you don't have to register the AMI yourself. We recommend that you always use CreateImage unless you have a specific reason to use RegisterImage.
If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an instance store volume invalidates its registration. If you make changes to an image, deregister the previous image and register the new image.
Register a snapshot of a root device volume
You can use RegisterImage
to create an Amazon EBS-backed Linux AMI from a snapshot of a root device volume. You specify the snapshot using a block device mapping. You can't set the encryption state of the volume using the block device mapping. If the snapshot is encrypted, or encryption by default is enabled, the root volume of an instance launched from the AMI is encrypted.
For more information, see Create a Linux AMI from a snapshot and Use encryption with Amazon EBS-backed AMIs in the Amazon Elastic Compute Cloud User Guide.
Amazon Web Services Marketplace product codes
If any snapshots have Amazon Web Services Marketplace product codes, they are copied to the new AMI.
Windows and some Linux distributions, such as Red Hat Enterprise Linux (RHEL) and SUSE Linux Enterprise Server (SLES), use the Amazon EC2 billing product code associated with an AMI to verify the subscription status for package updates. To create a new AMI for operating systems that require a billing product code, instead of registering the AMI, do the following to preserve the billing product code association:
Launch an instance from an existing AMI with that billing product code.
Customize the instance.
Create an AMI from the instance using CreateImage.
If you purchase a Reserved Instance to apply to an On-Demand Instance that was launched from an AMI with a billing product code, make sure that the Reserved Instance has the matching billing product code. If you purchase a Reserved Instance without the matching billing product code, the Reserved Instance will not be applied to the On-Demand Instance. For information about how to obtain the platform details and billing information of an AMI, see Understand AMI billing information in the Amazon EC2 User Guide.
", "RegisterInstanceEventNotificationAttributes": "Registers a set of tag keys to include in scheduled event notifications for your resources.
To remove tags, use DeregisterInstanceEventNotificationAttributes.
", "RegisterTransitGatewayMulticastGroupMembers": "Registers members (network interfaces) with the transit gateway multicast group. A member is a network interface associated with a supported EC2 instance that receives multicast traffic. For information about supported instances, see Multicast Consideration in Amazon VPC Transit Gateways.
After you add the members, use SearchTransitGatewayMulticastGroups to verify that the members were added to the transit gateway multicast group.
", "RegisterTransitGatewayMulticastGroupSources": "Registers sources (network interfaces) with the specified transit gateway multicast group.
A multicast source is a network interface attached to a supported instance that sends multicast traffic. For information about supported instances, see Multicast Considerations in Amazon VPC Transit Gateways.
After you add the source, use SearchTransitGatewayMulticastGroups to verify that the source was added to the multicast group.
", @@ -11443,7 +11443,7 @@ "AttachClassicLinkVpcRequest$InstanceId": "The ID of the EC2-Classic instance.
", "AttachNetworkInterfaceRequest$InstanceId": "The ID of the instance.
", "AttachVolumeRequest$InstanceId": "The ID of the instance.
", - "BundleInstanceRequest$InstanceId": "The ID of the instance to bundle.
Type: String
Default: None
Required: Yes
", + "BundleInstanceRequest$InstanceId": "The ID of the instance to bundle.
Default: None
", "ConfirmProductInstanceRequest$InstanceId": "The ID of the instance.
", "CreateImageRequest$InstanceId": "The ID of the instance.
", "CreateInstanceExportTaskRequest$InstanceId": "The ID of the instance.
", @@ -21546,6 +21546,7 @@ "AssociateIpamResourceDiscoveryRequest$TagSpecifications": "Tag specifications.
", "AuthorizeSecurityGroupEgressRequest$TagSpecifications": "The tags applied to the security group rule.
", "AuthorizeSecurityGroupIngressRequest$TagSpecifications": "[VPC Only] The tags applied to the security group rule.
", + "CopyImageRequest$TagSpecifications": "The tags to apply to the new AMI and new snapshots. You can tag the AMI, the snapshots, or both.
To tag the new AMI, the value for ResourceType
must be image
.
To tag the new snapshots, the value for ResourceType
must be snapshot
. The same tag is applied to all the new snapshots.
If you specify other values for ResourceType
, the request fails.
To tag an AMI or snapshot after it has been created, see CreateTags.
", "CopySnapshotRequest$TagSpecifications": "The tags to apply to the new snapshot.
", "CreateCapacityReservationFleetRequest$TagSpecifications": "The tags to assign to the Capacity Reservation Fleet. The tags are automatically assigned to the Capacity Reservations in the Fleet.
", "CreateCapacityReservationRequest$TagSpecifications": "The tags to apply to the Capacity Reservation during launch.
", @@ -21618,6 +21619,7 @@ "ProvisionByoipCidrRequest$PoolTagSpecifications": "The tags to apply to the address pool.
", "PurchaseCapacityBlockRequest$TagSpecifications": "The tags to apply to the Capacity Block during launch.
", "PurchaseHostReservationRequest$TagSpecifications": "The tags to apply to the Dedicated Host Reservation during purchase.
", + "RegisterImageRequest$TagSpecifications": "The tags to apply to the AMI.
To tag the AMI, the value for ResourceType
must be image
. If you specify another value for ResourceType
, the request fails.
To tag an AMI after it has been registered, see CreateTags.
", "RequestSpotInstancesRequest$TagSpecifications": "The key-value pair for tagging the Spot Instance request on creation. The value for ResourceType
must be spot-instances-request
, otherwise the Spot Instance request fails. To tag the Spot Instance request after it has been created, see CreateTags.
The tags to apply to the resources that are created during instance launch.
You can specify tags for the following resources only:
Instances
Volumes
Spot Instance requests
Network interfaces
To tag a resource after it has been created, see CreateTags.
", "SpotFleetRequestConfigData$TagSpecifications": "The key-value pair for tagging the Spot Fleet request on creation. The value for ResourceType
must be spot-fleet-request
, otherwise the Spot Fleet request fails. To tag instances at launch, specify the tags in the launch template (valid only if you use LaunchTemplateConfigs
) or in the SpotFleetTagSpecification
(valid only if you use LaunchSpecifications
). For information about tagging after launch, see Tag your resources.
Specifies whether this workspace uses IAM Identity Center, SAML, or both methods to authenticate users to use the Grafana console in the Amazon Managed Grafana workspace.
", "AuthenticationSummary$providers": "Specifies whether the workspace uses SAML, IAM Identity Center, or both methods for user authentication.
", - "CreateWorkspaceRequest$authenticationProviders": "Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
", - "UpdateWorkspaceAuthenticationRequest$authenticationProviders": "Specifies whether this workspace uses SAML 2.0, IAM Identity Center (successor to Single Sign-On), or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
" + "CreateWorkspaceRequest$authenticationProviders": "Specifies whether this workspace uses SAML 2.0, IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
", + "UpdateWorkspaceAuthenticationRequest$authenticationProviders": "Specifies whether this workspace uses SAML 2.0, IAM Identity Center, or both to authenticate users for using the Grafana console within a workspace. For more information, see User authentication in Amazon Managed Grafana.
" } }, "AuthenticationSummary": { @@ -130,7 +130,7 @@ "refs": { "UpdateWorkspaceRequest$removeNetworkAccessConfiguration": "Whether to remove the network access configuration from the workspace.
Setting this to true
and providing a networkAccessControl
to set will return an error.
If you remove this configuration by setting this to true
, then all IP addresses and VPC endpoints will be allowed. Standard Grafana authentication and authorization will still be required.
Whether to remove the VPC configuration from the workspace.
Setting this to true
and providing a vpcConfiguration
to set will return an error.
Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.
" + "WorkspaceDescription$freeTrialConsumed": "Specifies whether this workspace has already fully used its free trial for Grafana Enterprise.
Amazon Managed Grafana workspaces no longer support Grafana Enterprise free trials.
The URL endpoint to use to access the Grafana console in the workspace.
" } }, + "GrafanaToken": { + "base": null, + "refs": { + "AssociateLicenseRequest$grafanaToken": "A token from Grafana Labs that ties your Amazon Web Services account with a Grafana Labs account. For more information, see Register with Grafana Labs.
", + "WorkspaceDescription$grafanaToken": "The token that ties this workspace to a Grafana Labs account. For more information, see Register with Grafana Labs.
", + "WorkspaceSummary$grafanaToken": "The token that ties this workspace to a Grafana Labs account. For more information, see Register with Grafana Labs.
" + } + }, "GrafanaVersion": { "base": null, "refs": { - "CreateWorkspaceRequest$grafanaVersion": "Specifies the version of Grafana to support in the new workspace.
To get a list of supported version, use the ListVersions
operation.
Specifies the version of Grafana to support in the new workspace. If not specified, defaults to the latest version (for example, 9.4).
To get a list of supported versions, use the ListVersions
operation.
The supported Grafana version for the workspace.
", "GrafanaVersionList$member": null, - "UpdateWorkspaceConfigurationRequest$grafanaVersion": "Specifies the version of Grafana to support in the new workspace.
Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4).
To know what versions are available to upgrade to for a specific workspace, see the ListVersions
operation.
Specifies the version of Grafana to support in the workspace. If not specified, keeps the current version of the workspace.
Can only be used to upgrade (for example, from 8.4 to 9.4), not downgrade (for example, from 9.4 to 8.4).
To know what versions are available to upgrade to for a specific workspace, see the ListVersions operation.
", "WorkspaceDescription$grafanaVersion": "The version of Grafana supported in this workspace.
", "WorkspaceSummary$grafanaVersion": "The Grafana version that the workspace is running.
" } @@ -312,9 +320,10 @@ "LicenseType": { "base": null, "refs": { - "AssociateLicenseRequest$licenseType": "The type of license to associate with the workspace.
", + "AssociateLicenseRequest$licenseType": "The type of license to associate with the workspace.
Amazon Managed Grafana workspaces no longer support Grafana Enterprise free trials.
The type of license to remove from the workspace.
", - "WorkspaceDescription$licenseType": "Specifies whether this workspace has a full Grafana Enterprise license or a free trial license.
" + "WorkspaceDescription$licenseType": "Specifies whether this workspace has a full Grafana Enterprise license.
Amazon Managed Grafana workspaces no longer support Grafana Enterprise free trials.
Specifies whether this workspace has a full Grafana Enterprise license.
Amazon Managed Grafana workspaces no longer support Grafana Enterprise free trials.
The date that the workspace was created.
", - "WorkspaceDescription$freeTrialExpiration": "If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.
", - "WorkspaceDescription$licenseExpiration": "If this workspace has a full Grafana Enterprise license, this specifies when the license ends and will need to be renewed.
", + "WorkspaceDescription$freeTrialExpiration": "If this workspace is currently in the free trial period for Grafana Enterprise, this value specifies when that free trial ends.
Amazon Managed Grafana workspaces no longer support Grafana Enterprise free trials.
If this workspace has a full Grafana Enterprise license purchased through Amazon Web Services Marketplace, this specifies when the license ends and will need to be renewed. Purchasing the Enterprise plugins option through Amazon Managed Grafana does not have an expiration. It is valid until the license is removed.
", "WorkspaceDescription$modified": "The most recent date that the workspace was modified.
", "WorkspaceSummary$created": "The date that the workspace was created.
", "WorkspaceSummary$modified": "The most recent date that the workspace was modified.
" diff --git a/models/apis/grafana/2020-08-18/endpoint-rule-set-1.json b/models/apis/grafana/2020-08-18/endpoint-rule-set-1.json index 6c513fce87e..065bc638131 100644 --- a/models/apis/grafana/2020-08-18/endpoint-rule-set-1.json +++ b/models/apis/grafana/2020-08-18/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/models/apis/lambda/2015-03-31/docs-2.json b/models/apis/lambda/2015-03-31/docs-2.json index 044d945d823..3db0d9eb57f 100644 --- a/models/apis/lambda/2015-03-31/docs-2.json +++ b/models/apis/lambda/2015-03-31/docs-2.json @@ -785,44 +785,44 @@ "FunctionName": { "base": null, "refs": { - "AddPermissionRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "CreateAliasRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "CreateEventSourceMappingRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", - "CreateFunctionRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "CreateFunctionUrlConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteAliasRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteFunctionCodeSigningConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteFunctionConcurrencyRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteFunctionEventInvokeConfigRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteFunctionRequest$FunctionName": "The name of the Lambda function or version.
Name formats
Function name – my-function
(name-only), my-function:1
(with version).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteFunctionUrlConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "DeleteProvisionedConcurrencyConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetAliasRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionCodeSigningConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionCodeSigningConfigResponse$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionConcurrencyRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionEventInvokeConfigRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionUrlConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetProvisionedConcurrencyConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "ListAliasesRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "ListEventSourceMappingsRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", - "ListFunctionEventInvokeConfigsRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - my-function
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "ListFunctionUrlConfigsRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "ListProvisionedConcurrencyConfigsRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PublishVersionRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutFunctionCodeSigningConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutFunctionCodeSigningConfigResponse$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutFunctionConcurrencyRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutFunctionEventInvokeConfigRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutProvisionedConcurrencyConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "PutRuntimeManagementConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "RemovePermissionRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "UpdateAliasRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "UpdateEventSourceMappingRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", - "UpdateFunctionCodeRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "UpdateFunctionConfigurationRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "UpdateFunctionEventInvokeConfigRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "UpdateFunctionUrlConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
" + "AddPermissionRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "CreateAliasRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "CreateEventSourceMappingRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", + "CreateFunctionRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "CreateFunctionUrlConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteAliasRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteFunctionCodeSigningConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteFunctionConcurrencyRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteFunctionEventInvokeConfigRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteFunctionRequest$FunctionName": "The name or ARN of the Lambda function or version.
Name formats
Function name – my-function
(name-only), my-function:1
(with version).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteFunctionUrlConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "DeleteProvisionedConcurrencyConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetAliasRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionCodeSigningConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionCodeSigningConfigResponse$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionConcurrencyRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionEventInvokeConfigRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionUrlConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetProvisionedConcurrencyConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "ListAliasesRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "ListEventSourceMappingsRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", + "ListFunctionEventInvokeConfigsRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - my-function
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "ListFunctionUrlConfigsRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "ListProvisionedConcurrencyConfigsRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PublishVersionRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutFunctionCodeSigningConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutFunctionCodeSigningConfigResponse$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutFunctionConcurrencyRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutFunctionEventInvokeConfigRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutProvisionedConcurrencyConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "PutRuntimeManagementConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "RemovePermissionRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "UpdateAliasRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "UpdateEventSourceMappingRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – MyFunction
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Version or Alias ARN – arn:aws:lambda:us-west-2:123456789012:function:MyFunction:PROD
.
Partial ARN – 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it's limited to 64 characters in length.
", + "UpdateFunctionCodeRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "UpdateFunctionConfigurationRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "UpdateFunctionEventInvokeConfigRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name - my-function
(name-only), my-function:v1
(with alias).
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN - 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "UpdateFunctionUrlConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
" } }, "FunctionResponseType": { @@ -1631,14 +1631,14 @@ "base": null, "refs": { "FunctionConfiguration$FunctionName": "The name of the function.
", - "GetFunctionConfigurationRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetFunctionRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetPolicyRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "GetRuntimeManagementConfigRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "InvocationRequest$FunctionName": "The name of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "InvokeAsyncRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "InvokeWithResponseStreamRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", - "ListVersionsByFunctionRequest$FunctionName": "The name of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
" + "GetFunctionConfigurationRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetFunctionRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetPolicyRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "GetRuntimeManagementConfigRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "InvocationRequest$FunctionName": "The name or ARN of the Lambda function, version, or alias.
Name formats
Function name – my-function
(name-only), my-function:v1
(with alias).
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
You can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "InvokeAsyncRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "InvokeWithResponseStreamRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name – my-function
.
Function ARN – arn:aws:lambda:us-west-2:123456789012:function:my-function
.
Partial ARN – 123456789012:function:my-function
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
", + "ListVersionsByFunctionRequest$FunctionName": "The name or ARN of the Lambda function.
Name formats
Function name - MyFunction
.
Function ARN - arn:aws:lambda:us-west-2:123456789012:function:MyFunction
.
Partial ARN - 123456789012:function:MyFunction
.
The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.
" } }, "NamespacedStatementId": { diff --git a/models/apis/payment-cryptography-data/2022-02-03/api-2.json b/models/apis/payment-cryptography-data/2022-02-03/api-2.json index f6460898de7..5d3bf2273f5 100644 --- a/models/apis/payment-cryptography-data/2022-02-03/api-2.json +++ b/models/apis/payment-cryptography-data/2022-02-03/api-2.json @@ -450,6 +450,37 @@ "ServiceCode":{"shape":"NumberLengthEquals3"} } }, + "EmvEncryptionAttributes":{ + "type":"structure", + "required":[ + "MajorKeyDerivationMode", + "PanSequenceNumber", + "PrimaryAccountNumber", + "SessionDerivationData" + ], + "members":{ + "InitializationVector":{"shape":"HexLength16Or32"}, + "MajorKeyDerivationMode":{"shape":"EmvMajorKeyDerivationMode"}, + "Mode":{"shape":"EmvEncryptionMode"}, + "PanSequenceNumber":{"shape":"HexLengthEquals2"}, + "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"}, + "SessionDerivationData":{"shape":"HexLengthEquals16"} + } + }, + "EmvEncryptionMode":{ + "type":"string", + "enum":[ + "ECB", + "CBC" + ] + }, + "EmvMajorKeyDerivationMode":{ + "type":"string", + "enum":[ + "EMV_OPTION_A", + "EMV_OPTION_B" + ] + }, "EncryptDataInput":{ "type":"structure", "required":[ @@ -484,6 +515,7 @@ "members":{ "Asymmetric":{"shape":"AsymmetricEncryptionAttributes"}, "Dukpt":{"shape":"DukptEncryptionAttributes"}, + "Emv":{"shape":"EmvEncryptionAttributes"}, "Symmetric":{"shape":"SymmetricEncryptionAttributes"} }, "union":true @@ -569,10 +601,7 @@ "GenerationAttributes":{"shape":"PinGenerationAttributes"}, "GenerationKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, "PinBlockFormat":{"shape":"PinBlockFormatForPinData"}, - "PinDataLength":{ - "shape":"IntegerRangeBetween4And12", - "box":true - }, + "PinDataLength":{"shape":"IntegerRangeBetween4And12"}, "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"} } }, @@ -800,6 +829,7 @@ }, "IntegerRangeBetween4And12":{ "type":"integer", + "box":true, "max":12, "min":4 }, @@ -1349,10 +1379,7 @@ "EncryptedPinBlock":{"shape":"HexLengthBetween16And32"}, "EncryptionKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"}, "PinBlockFormat":{"shape":"PinBlockFormatForPinData"}, - "PinDataLength":{ - "shape":"IntegerRangeBetween4And12", - "box":true - }, + "PinDataLength":{"shape":"IntegerRangeBetween4And12"}, "PrimaryAccountNumber":{"shape":"NumberLengthBetween12And19"}, "VerificationAttributes":{"shape":"PinVerificationAttributes"}, "VerificationKeyIdentifier":{"shape":"KeyArnOrKeyAliasType"} diff --git a/models/apis/payment-cryptography-data/2022-02-03/docs-2.json b/models/apis/payment-cryptography-data/2022-02-03/docs-2.json index a33c4d25e78..028da476191 100644 --- a/models/apis/payment-cryptography-data/2022-02-03/docs-2.json +++ b/models/apis/payment-cryptography-data/2022-02-03/docs-2.json @@ -2,16 +2,16 @@ "version": "2.0", "service": "You use the Amazon Web Services Payment Cryptography Data Plane to manage how encryption keys are used for payment-related transaction processing and associated cryptographic operations. You can encrypt, decrypt, generate, verify, and translate payment-related cryptographic operations in Amazon Web Services Payment Cryptography. For more information, see Data operations in the Amazon Web Services Payment Cryptography User Guide.
To manage your encryption keys, you use the Amazon Web Services Payment Cryptography Control Plane. You can create, import, export, share, manage, and delete keys. You can also manage Identity and Access Management (IAM) policies for keys.
", "operations": { - "DecryptData": "Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse
set to Decrypt
. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate.
For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES
and AES
algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA
. When you use DUKPT, for TDES
algorithm, the ciphertext data length must be a multiple of 16 bytes. For AES
algorithm, the ciphertext data length must be a multiple of 32 bytes.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "EncryptData": "Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT data encryption key. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse
set to Encrypt
. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey).
for symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES
and AES
algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA
. To encrypt using DUKPT, you must already have a DUKPT key in your account with KeyModesOfUse
set to DeriveKey
, or you can generate a new DUKPT key by calling CreateKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "DecryptData": "Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse
set to Decrypt
. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate.
For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES
and AES
algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES
algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA
.
When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "EncryptData": "Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse
set to Encrypt
. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey.
For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES
and AES
algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES
algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA
.
When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled.
To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse
set to DeriveKey
, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse
set to DeriveKey
.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GenerateCardValidationData": "Generates card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2), or Card Security Codes (CSC). For more information, see Generate card data in the Amazon Web Services Payment Cryptography User Guide.
This operation generates a CVV or CSC value that is printed on a payment credit or debit card during card production. The CVV or CSC, PAN (Primary Account Number) and expiration date of the card are required to check its validity during transaction processing. To begin this operation, a CVK (Card Verification Key) encryption key is required. You can use CreateKey or ImportKey to establish a CVK within Amazon Web Services Payment Cryptography. The KeyModesOfUse
should be set to Generate
and Verify
for a CVK encryption key.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "GenerateMac": "Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.
You can use this operation when keys won't be shared but mutual data is present on both ends for validation. In this case, known data values are used to generate a MAC on both ends for comparision without sending or receiving data in ciphertext or plaintext. You can use this operation to generate a DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage
such as TR31_M7_HMAC_KEY
for HMAC generation, and they key must have KeyModesOfUse
set to Generate
and Verify
.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "GenerateMac": "Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography.
You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision.
You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage
such as TR31_M7_HMAC_KEY
for HMAC generation, and they key must have KeyModesOfUse
set to Generate
and Verify
.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "GeneratePinData": "Generates pin-related data such as PIN, PIN Verification Value (PVV), PIN Block, and PIN Offset during new card issuance or reissuance. For more information, see Generate PIN data in the Amazon Web Services Payment Cryptography User Guide.
PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation generates PIN, PVV, or PIN Offset and then encrypts it using Pin Encryption Key (PEK) to create an EncryptedPinBlock
for transmission from Amazon Web Services Payment Cryptography. This operation uses a separate Pin Verification Key (PVK) for VISA PVV generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "ReEncryptData": "Re-encrypt ciphertext using DUKPT, Symmetric and Asymmetric Data Encryption Keys.
You can either generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey or import your own encryption key by calling ImportKey. The KeyArn
for use with this operation must be in a compatible key state with KeyModesOfUse
set to Encrypt
. In asymmetric encryption, ciphertext is encrypted using public component (imported by calling ImportKey) of the asymmetric key pair created outside of Amazon Web Services Payment Cryptography.
For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES
and AES
algorithms. For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA
. To encrypt using DUKPT, a DUKPT key must already exist within your account with KeyModesOfUse
set to DeriveKey
or a new DUKPT can be generated by calling CreateKey.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "TranslatePinData": "Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide.
PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES
and AES
key derivation type for DUKPT tranlations. You can use this operation for P2PE (Point to Point Encryption) use cases where the encryption keys should change but the processing system either does not need to, or is not permitted to, decrypt the data.
The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
At this time, Amazon Web Services Payment Cryptography does not support translations to PIN format 4.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "TranslatePinData": "Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide.
PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES
and AES
key derivation type for DUKPT translations.
The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "VerifyAuthRequestCryptogram": "Verifies Authorization Request Cryptogram (ARQC) for a EMV chip payment card authorization. For more information, see Verify auth request cryptogram in the Amazon Web Services Payment Cryptography User Guide.
ARQC generation is done outside of Amazon Web Services Payment Cryptography and is typically generated on a point of sale terminal for an EMV chip card to obtain payment authorization during transaction time. For ARQC verification, you must first import the ARQC generated outside of Amazon Web Services Payment Cryptography by calling ImportKey. This operation uses the imported ARQC and an major encryption key (DUKPT) created by calling CreateKey to either provide a boolean ARQC verification result or provide an APRC (Authorization Response Cryptogram) response using Method 1 or Method 2. The ARPC_METHOD_1
uses AuthResponseCode
to generate ARPC and ARPC_METHOD_2
uses CardStatusUpdate
to generate ARPC.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "VerifyCardValidationData": "Verifies card-related validation data using algorithms such as Card Verification Values (CVV/CVV2), Dynamic Card Verification Values (dCVV/dCVV2) and Card Security Codes (CSC). For more information, see Verify card data in the Amazon Web Services Payment Cryptography User Guide.
This operation validates the CVV or CSC codes that is printed on a payment credit or debit card during card payment transaction. The input values are typically provided as part of an inbound transaction to an issuer or supporting platform partner. Amazon Web Services Payment Cryptography uses CVV or CSC, PAN (Primary Account Number) and expiration date of the card to check its validity during transaction processing. In this operation, the CVK (Card Verification Key) encryption key for use with card data verification is same as the one in used for GenerateCardValidationData.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", - "VerifyMac": "Verifies a Message Authentication Code (MAC).
You can use this operation when keys won't be shared but mutual data is present on both ends for validation. In this case, known data values are used to generate a MAC on both ends for verification without sending or receiving data in ciphertext or plaintext. You can use this operation to verify a DUPKT, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. Use the same encryption key for MAC verification as you use for GenerateMac.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", + "VerifyMac": "Verifies a Message Authentication Code (MAC).
You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
", "VerifyPinData": "Verifies pin-related data such as PIN and PIN Offset using algorithms including VISA PVV and IBM3624. For more information, see Verify PIN data in the Amazon Web Services Payment Cryptography User Guide.
This operation verifies PIN data for user payment card. A card holder PIN data is never transmitted in clear to or from Amazon Web Services Payment Cryptography. This operation uses PIN Verification Key (PVK) for PIN or PIN Offset generation and then encrypts it using PIN Encryption Key (PEK) to create an EncryptedPinBlock
for transmission from Amazon Web Services Payment Cryptography.
For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide.
Cross-account use: This operation can't be used across different Amazon Web Services accounts.
Related operations:
" }, "shapes": { @@ -116,7 +116,7 @@ "DukptDerivationAttributes": { "base": "Parameters required for encryption or decryption of data using DUKPT.
", "refs": { - "TranslatePinDataInput$IncomingDukptAttributes": "The attributes and values to use for incoming DUKPT encryption key for PIN block tranlation.
", + "TranslatePinDataInput$IncomingDukptAttributes": "The attributes and values to use for incoming DUKPT encryption key for PIN block translation.
", "TranslatePinDataInput$OutgoingDukptAttributes": "The attributes and values to use for outgoing DUKPT encryption key after PIN block translation.
" } }, @@ -139,7 +139,7 @@ "DukptEncryptionMode": { "base": null, "refs": { - "DukptEncryptionAttributes$Mode": "The block cipher mode of operation. Block ciphers are designed to encrypt a block of data of fixed size, for example, 128 bits. The size of the input block is usually same as the size of the encrypted output block, while the key length can be different. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
The default is CBC.
" + "DukptEncryptionAttributes$Mode": "The block cipher method to use for encryption.
The default is CBC.
" } }, "DukptKeyVariant": { @@ -164,6 +164,24 @@ "CardVerificationAttributes$DynamicCardVerificationValue": "Card data parameters that are required to verify CDynamic Card Verification Value (dCVV) for the payment card.
" } }, + "EmvEncryptionAttributes": { + "base": "Parameters for plaintext encryption using EMV keys.
", + "refs": { + "EncryptionDecryptionAttributes$Emv": "Parameters for plaintext encryption using EMV keys.
" + } + }, + "EmvEncryptionMode": { + "base": null, + "refs": { + "EmvEncryptionAttributes$Mode": "The block cipher method to use for encryption.
" + } + }, + "EmvMajorKeyDerivationMode": { + "base": null, + "refs": { + "EmvEncryptionAttributes$MajorKeyDerivationMode": "The EMV derivation mode to use for ICC master key derivation as per EMV version 4.3 book 2.
" + } + }, "EncryptDataInput": { "base": null, "refs": { @@ -184,7 +202,7 @@ "EncryptionMode": { "base": null, "refs": { - "SymmetricEncryptionAttributes$Mode": "The block cipher mode of operation. Block ciphers are designed to encrypt a block of data of fixed size (for example, 128 bits). The size of the input block is usually same as the size of the encrypted output block, while the key length can be different. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.
" + "SymmetricEncryptionAttributes$Mode": "The block cipher method to use for encryption.
" } }, "GenerateCardValidationDataInput": { @@ -226,14 +244,14 @@ "HexEvenLengthBetween16And4064": { "base": null, "refs": { - "EncryptDataInput$PlainText": "The plaintext to be encrypted.
" + "EncryptDataInput$PlainText": "The plaintext to be encrypted.
For encryption using asymmetric keys, plaintext data length is constrained by encryption key strength that you define in KeyAlgorithm
and padding type that you define in AsymmetricEncryptionAttributes
. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
The ciphertext to decrypt.
", - "DecryptDataOutput$PlainText": "The decrypted plaintext data.
", + "DecryptDataOutput$PlainText": "The decrypted plaintext data in hexBinary format.
", "EncryptDataOutput$CipherText": "The encrypted ciphertext.
", "ReEncryptDataInput$CipherText": "Ciphertext to be encrypted. The minimum allowed length is 16 bytes and maximum allowed length is 4096 bytes.
", "ReEncryptDataOutput$CipherText": "The encrypted ciphertext.
" @@ -242,8 +260,8 @@ "HexEvenLengthBetween2And4096": { "base": null, "refs": { - "GenerateMacInput$MessageData": "The data for which a MAC is under generation.
", - "VerifyMacInput$MessageData": "The data on for which MAC is under verification.
" + "GenerateMacInput$MessageData": "The data for which a MAC is under generation. This value must be hexBinary.
", + "VerifyMacInput$MessageData": "The data on for which MAC is under verification. This value must be hexBinary.
" } }, "HexEvenLengthBetween4And128": { @@ -255,8 +273,9 @@ "HexLength16Or32": { "base": null, "refs": { - "DukptEncryptionAttributes$InitializationVector": "An input to cryptographic primitive used to provide the intial state. Typically the InitializationVector
must have a random or psuedo-random value, but sometimes it only needs to be unpredictable or unique. If you don't provide a value, Amazon Web Services Payment Cryptography generates a random value.
An input to cryptographic primitive used to provide the intial state. The InitializationVector
is typically required have a random or psuedo-random value, but sometimes it only needs to be unpredictable or unique. If a value is not provided, Amazon Web Services Payment Cryptography generates a random value.
An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
", + "EmvEncryptionAttributes$InitializationVector": "An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
", + "SymmetricEncryptionAttributes$InitializationVector": "An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
" } }, "HexLengthBetween10And24": { @@ -273,7 +292,7 @@ "refs": { "GeneratePinDataOutput$EncryptedPinBlock": "The PIN block encrypted under PEK from Amazon Web Services Payment Cryptography. The encrypted PIN block is a composite of PAN (Primary Account Number) and PIN (Personal Identification Number), generated in accordance with ISO 9564 standard.
", "Ibm3624PinOffset$EncryptedPinBlock": "The encrypted PIN block data. According to ISO 9564 standard, a PIN Block is an encoded representation of a payment card Personal Account Number (PAN) and the cardholder Personal Identification Number (PIN).
", - "TranslatePinDataOutput$PinBlock": "The ougoing encrypted PIN block data after tranlation.
", + "TranslatePinDataOutput$PinBlock": "The outgoing encrypted PIN block data after translation.
", "VerifyPinDataInput$EncryptedPinBlock": "The encrypted PIN block data that Amazon Web Services Payment Cryptography verifies.
", "VisaPinVerificationValue$EncryptedPinBlock": "The encrypted PIN block data to verify.
" } @@ -338,6 +357,7 @@ "HexLengthEquals16": { "base": null, "refs": { + "EmvEncryptionAttributes$SessionDerivationData": "The derivation value used to derive the ICC session key. It is typically the application transaction counter value padded with zeros or previous ARQC value padded with zeros as per EMV version 4.3 book 2.
", "SessionKeyDerivationValue$ApplicationCryptogram": "The cryptogram provided by the terminal during transaction processing.
", "VerifyAuthRequestCryptogramInput$AuthRequestCryptogram": "The auth request cryptogram imported into Amazon Web Services Payment Cryptography for ARQC verification using a major encryption key and transaction data.
" } @@ -348,6 +368,7 @@ "CardHolderVerificationValue$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", "DynamicCardVerificationCode$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", "DynamicCardVerificationValue$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", + "EmvEncryptionAttributes$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", "MacAlgorithmEmv$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", "SessionKeyAmex$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", "SessionKeyEmv2000$PanSequenceNumber": "A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
", @@ -472,19 +493,19 @@ "KeyCheckValue": { "base": null, "refs": { - "DecryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "EncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "GenerateCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "GenerateMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "GeneratePinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "GeneratePinDataOutput$GenerationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "ReEncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "TranslatePinDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "VerifyAuthRequestCryptogramOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "VerifyCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "VerifyMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "VerifyPinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
", - "VerifyPinDataOutput$VerificationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography calculates the KCV by using standard algorithms, typically by encrypting 8 or 16 bytes or \"00\" or \"01\" and then truncating the result to the first 3 bytes, or 6 hex digits, of the resulting cryptogram.
" + "DecryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "EncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "GenerateCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "GenerateMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "GeneratePinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "GeneratePinDataOutput$GenerationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "ReEncryptDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "TranslatePinDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "VerifyAuthRequestCryptogramOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "VerifyCardValidationDataOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "VerifyMacOutput$KeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "VerifyPinDataOutput$EncryptionKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
", + "VerifyPinDataOutput$VerificationKeyCheckValue": "The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed.
Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
" } }, "MacAlgorithm": { @@ -498,7 +519,7 @@ "refs": { "MacAttributes$DukptCmac": "Parameters that are required for MAC generation or verification using DUKPT CMAC algorithm.
", "MacAttributes$DukptIso9797Algorithm1": "Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm1.
", - "MacAttributes$DukptIso9797Algorithm3": "Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm2.
" + "MacAttributes$DukptIso9797Algorithm3": "Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm3.
" } }, "MacAlgorithmEmv": { @@ -524,6 +545,7 @@ "NumberLengthBetween12And19": { "base": null, "refs": { + "EmvEncryptionAttributes$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", "GenerateCardValidationDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
", "GeneratePinDataInput$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card that associates the card with a specific account holder.
", "MacAlgorithmEmv$PrimaryAccountNumber": "The Primary Account Number (PAN), a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
", @@ -733,8 +755,8 @@ "TranslationIsoFormats": { "base": "Parameters that are required for translation between ISO9564 PIN block formats 0,1,3,4.
", "refs": { - "TranslatePinDataInput$IncomingTranslationAttributes": "The format of the incoming PIN block data for tranlation within Amazon Web Services Payment Cryptography.
", - "TranslatePinDataInput$OutgoingTranslationAttributes": "The format of the outgoing PIN block data after tranlation by Amazon Web Services Payment Cryptography.
" + "TranslatePinDataInput$IncomingTranslationAttributes": "The format of the incoming PIN block data for translation within Amazon Web Services Payment Cryptography.
", + "TranslatePinDataInput$OutgoingTranslationAttributes": "The format of the outgoing PIN block data after translation by Amazon Web Services Payment Cryptography.
" } }, "TranslationPinDataIsoFormat034": { diff --git a/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json b/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json index 0686f59b325..6b5a79cbf7e 100644 --- a/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json +++ b/models/apis/payment-cryptography-data/2022-02-03/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -59,7 +58,6 @@ }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -87,13 +85,14 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [ @@ -106,7 +105,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -120,7 +118,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -143,7 +140,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -178,11 +174,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -193,16 +187,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -216,14 +213,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -232,15 +227,14 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -251,16 +245,19 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -274,7 +271,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -294,11 +290,9 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -309,20 +303,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], - "type": "tree", "rules": [ { "conditions": [], @@ -333,18 +329,22 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "Invalid Configuration: Missing Region", "type": "error" } - ] + ], + "type": "tree" } ] } \ No newline at end of file diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index 1ad1894bd36..05b36affa9a 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -4671,13 +4671,13 @@ "CreateDBClusterMessage$Domain": "The Active Directory directory ID to create the DB cluster in.
For Amazon Aurora DB clusters, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB cluster.
For more information, see Kerberos authentication in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
", "CreateDBClusterMessage$DomainIAMRoleName": "The name of the IAM role to use when making API calls to the Directory Service.
Valid for Cluster Type: Aurora DB clusters only
", "CreateDBClusterMessage$DBClusterInstanceClass": "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge
. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.
For the full list of DB instance classes and availability for your engine, see DB instance class in the Amazon RDS User Guide.
This setting is required to create a Multi-AZ DB cluster.
Valid for Cluster Type: Multi-AZ DB clusters only
", - "CreateDBClusterMessage$StorageType": "The storage type to associate with the DB cluster.
For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
This setting is required to create a Multi-AZ DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops
parameter is required.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
Aurora DB clusters - aurora | aurora-iopt1
Multi-AZ DB clusters - io1
Default:
Aurora DB clusters - aurora
Multi-AZ DB clusters - io1
When you create an Aurora DB cluster with the storage type set to aurora-iopt1
, the storage type is returned in the response. The storage type isn't returned when you set it to aurora
.
The storage type to associate with the DB cluster.
For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
This setting is required to create a Multi-AZ DB cluster.
When specified for a Multi-AZ DB cluster, a value for the Iops
parameter is required.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
Aurora DB clusters - aurora | aurora-iopt1
Multi-AZ DB clusters - io1 | io2 | gp3
Default:
Aurora DB clusters - aurora
Multi-AZ DB clusters - io1
When you create an Aurora DB cluster with the storage type set to aurora-iopt1
, the storage type is returned in the response. The storage type isn't returned when you set it to aurora
.
The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess
. For information on creating a monitoring role, see Setting up and enabling Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval
is set to a value other than 0
, supply a MonitoringRoleArn
value.
Valid for Cluster Type: Multi-AZ DB clusters only
", "CreateDBClusterMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you don't specify a value for PerformanceInsightsKMSKeyId
, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for Cluster Type: Multi-AZ DB clusters only
", "CreateDBClusterMessage$NetworkType": "The network type of the DB cluster.
The network type is determined by the DBSubnetGroup
specified for the DB cluster. A DBSubnetGroup
can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL
).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
Valid Values: IPV4 | DUAL
Reserved for future use.
", "CreateDBClusterMessage$MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if the master user password is managed by RDS in Amazon Web Services Secrets Manager for the DB cluster.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
If you don't specify MasterUserSecretKmsKeyId
, then the aws/secretsmanager
KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager
KMS key to encrypt the secret, and you must use a customer managed KMS key.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
", - "CreateDBClusterMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB cluster's server certificate.
Valid for Cluster Type: Multi-AZ DB clusters
", + "CreateDBClusterMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB cluster's server certificate.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters
", "CreateDBClusterParameterGroupMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group.
Constraints:
Must not match the name of an existing DB cluster parameter group.
This value is stored as a lowercase string.
The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
Aurora MySQL
Example: aurora-mysql5.7
, aurora-mysql8.0
Aurora PostgreSQL
Example: aurora-postgresql14
RDS for MySQL
Example: mysql8.0
RDS for PostgreSQL
Example: postgres13
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the Aurora PostgreSQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine aurora-postgresql
The output contains duplicates.
The following are the valid DB engine values:
aurora-mysql
aurora-postgresql
mysql
postgres
The description for the DB cluster parameter group.
", @@ -5298,13 +5298,13 @@ "ModifyDBClusterMessage$Domain": "The Active Directory directory ID to move the DB cluster to. Specify none
to remove the cluster from its current domain. The domain must be created prior to this operation.
For more information, see Kerberos Authentication in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
", "ModifyDBClusterMessage$DomainIAMRoleName": "The name of the IAM role to use when making API calls to the Directory Service.
Valid for Cluster Type: Aurora DB clusters only
", "ModifyDBClusterMessage$DBClusterInstanceClass": "The compute and memory capacity of each DB instance in the Multi-AZ DB cluster, for example db.m6gd.xlarge
. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines.
For the full list of DB instance classes and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters only
", - "ModifyDBClusterMessage$StorageType": "The storage type to associate with the DB cluster.
For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
When specified for a Multi-AZ DB cluster, a value for the Iops
parameter is required.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
Aurora DB clusters - aurora | aurora-iopt1
Multi-AZ DB clusters - io1
Default:
Aurora DB clusters - aurora
Multi-AZ DB clusters - io1
The storage type to associate with the DB cluster.
For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters.
When specified for a Multi-AZ DB cluster, a value for the Iops
parameter is required.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
Valid Values:
Aurora DB clusters - aurora | aurora-iopt1
Multi-AZ DB clusters - io1 | io2 | gp3
Default:
Aurora DB clusters - aurora
Multi-AZ DB clusters - io1
The Amazon Resource Name (ARN) for the IAM role that permits RDS to send Enhanced Monitoring metrics to Amazon CloudWatch Logs. An example is arn:aws:iam:123456789012:role/emaccess
. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval
is set to a value other than 0
, supply a MonitoringRoleArn
value.
Valid for Cluster Type: Multi-AZ DB clusters only
", "ModifyDBClusterMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you don't specify a value for PerformanceInsightsKMSKeyId
, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for Cluster Type: Multi-AZ DB clusters only
", "ModifyDBClusterMessage$NetworkType": "The network type of the DB cluster.
The network type is determined by the DBSubnetGroup
specified for the DB cluster. A DBSubnetGroup
can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL
).
For more information, see Working with a DB instance in a VPC in the Amazon Aurora User Guide.
Valid for Cluster Type: Aurora DB clusters only
Valid Values: IPV4 | DUAL
The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager.
This setting is valid only if both of the following conditions are met:
The DB cluster doesn't manage the master user password in Amazon Web Services Secrets Manager.
If the DB cluster already manages the master user password in Amazon Web Services Secrets Manager, you can't change the KMS key that is used to encrypt the secret.
You are turning on ManageMasterUserPassword
to manage the master user password in Amazon Web Services Secrets Manager.
If you are turning on ManageMasterUserPassword
and don't specify MasterUserSecretKmsKeyId
, then the aws/secretsmanager
KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the aws/secretsmanager
KMS key to encrypt the secret, and you must use a customer managed KMS key.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.
There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters
", "ModifyDBClusterMessage$EngineMode": "The DB engine mode of the DB cluster, either provisioned
or serverless
.
The DB engine mode can be modified only from serverless
to provisioned
.
For more information, see CreateDBCluster.
Valid for Cluster Type: Aurora DB clusters only
", - "ModifyDBClusterMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB cluster's server certificate.
Valid for Cluster Type: Multi-AZ DB clusters
", + "ModifyDBClusterMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB cluster's server certificate.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide.
Valid for Cluster Type: Multi-AZ DB clusters
", "ModifyDBClusterParameterGroupMessage$DBClusterParameterGroupName": "The name of the DB cluster parameter group to modify.
", "ModifyDBClusterSnapshotAttributeMessage$DBClusterSnapshotIdentifier": "The identifier for the DB cluster snapshot to modify the attributes for.
", "ModifyDBClusterSnapshotAttributeMessage$AttributeName": "The name of the DB cluster snapshot attribute to modify.
To manage authorization for other Amazon Web Services accounts to copy or restore a manual DB cluster snapshot, set this value to restore
.
To view the list of attributes available to modify, use the DescribeDBClusterSnapshotAttributes API operation.
The license model for the DB instance.
This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.
Valid Values:
RDS for Db2 - bring-your-own-license
RDS for MariaDB - general-public-license
RDS for Microsoft SQL Server - license-included
RDS for MySQL - general-public-license
RDS for Oracle - bring-your-own-license | license-included
RDS for PostgreSQL - postgresql-license
The option group to associate the DB instance with.
Changing this parameter doesn't result in an outage, with one exception. If the parameter change results in an option group that enables OEM, it can cause a brief period, lasting less than a second, during which new connections are rejected but existing connections aren't interrupted.
The change is applied during the next maintenance window unless the ApplyImmediately
parameter is enabled for this request.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group, and that option group can't be removed from a DB instance after it is associated with a DB instance.
This setting doesn't apply to RDS Custom DB instances.
", "ModifyDBInstanceMessage$NewDBInstanceIdentifier": "The new identifier for the DB instance when renaming a DB instance. When you change the DB instance identifier, an instance reboot occurs immediately if you enable ApplyImmediately
, or will occur during the next maintenance window if you disable ApplyImmediately
. This value is stored as a lowercase string.
This setting doesn't apply to RDS Custom DB instances.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The storage type to associate with the DB instance.
If you specify io1
), io2
, or gp3
you must also include a value for the Iops
parameter.
If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.
Valid Values: gp2 | gp3 | io1 | io2 | standard
Default: io1
, if the Iops
parameter is specified. Otherwise, gp2
.
The storage type to associate with the DB instance.
If you specify io1
, io2
, or gp3
you must also include a value for the Iops
parameter.
If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance.
Valid Values: gp2 | gp3 | io1 | io2 | standard
Default: io1
, if the Iops
parameter is specified. Otherwise, gp2
.
The ARN from the key store with which to associate the instance for TDE encryption.
This setting doesn't apply to RDS Custom DB instances.
", "ModifyDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
This setting doesn't apply to RDS Custom DB instances.
", "ModifyDBInstanceMessage$CACertificateIdentifier": "The CA certificate identifier to use for the DB instance's server certificate.
This setting doesn't apply to RDS Custom DB instances.
For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide and Using SSL/TLS to encrypt a connection to a DB cluster in the Amazon Aurora User Guide.
", diff --git a/models/apis/snowball/2016-06-30/docs-2.json b/models/apis/snowball/2016-06-30/docs-2.json index 52de45c9517..4e9abea6357 100755 --- a/models/apis/snowball/2016-06-30/docs-2.json +++ b/models/apis/snowball/2016-06-30/docs-2.json @@ -951,7 +951,7 @@ "DescribeAddressesResult$NextToken": "HTTP requests are stateless. If you use the automatically generated NextToken
value in your next DescribeAddresses
call, your list of returned addresses will start from this point in the array.
The pre-signed Amazon S3 URI used to download the return shipping label.
", "EKSOnDeviceServiceConfiguration$KubernetesVersion": "The Kubernetes version for EKS Anywhere on the Snow Family device.
", - "EKSOnDeviceServiceConfiguration$EKSAnywhereVersion": "The version of EKS Anywhere on the Snow Family device.
", + "EKSOnDeviceServiceConfiguration$EKSAnywhereVersion": "The optional version of EKS Anywhere on the Snow Family device.
", "Ec2AmiResource$SnowballAmiId": "The ID of the AMI on the Snow device.
", "Ec2RequestFailedException$Message": null, "GetJobManifestResult$ManifestURI": "The Amazon S3 presigned URL for the manifest file associated with the specified JobId
value.
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
", "refs": { - "CreateWebACLRequest$AssociationConfig": "Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
", + "UpdateWebACLRequest$AssociationConfig": "Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
", + "WebACL$AssociationConfig": "Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
" } }, "BlockAction": { @@ -201,7 +201,7 @@ "Body": { "base": "Inspect the body of the web request. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
", "refs": { - "FieldToMatch$Body": "Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
A limited amount of the request body is forwarded to WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, you can increase the limit in the web ACL's AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the Body
object configuration.
Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the Body
object configuration.
Allow the use of regular expressions in the registration page path and the account creation path.
", "AWSManagedRulesATPRuleSet$EnableRegexInPath": "Allow the use of regular expressions in the login page path.
", - "AWSManagedRulesBotControlRuleSet$EnableMachineLearning": "Applies only to the targeted inspection level.
Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Machine learning is required for the Bot Control rules TGT_ML_CoordinatedActivityLow
and TGT_ML_CoordinatedActivityMedium
, which inspect for anomalous behavior that might indicate distributed, coordinated bot activity.
For more information about this choice, see the listing for these rules in the table at Bot Control rules listing in the WAF Developer Guide.
Default: TRUE
Indicates whether the logging configuration was created by Firewall Manager, as part of an WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
", "ManagedProductDescriptor$IsVersioningSupported": "Indicates whether the rule group is versioned.
", "ManagedProductDescriptor$IsAdvancedManagedRuleSet": "Indicates whether the rule group provides an advanced set of protections, such as the the Amazon Web Services Managed Rules rule groups that are used for WAF intelligent threat mitigation.
", @@ -614,6 +613,12 @@ "RequestInspectionACFP$EmailField": "The name of the field in the request payload that contains your customer's email.
How you specify this depends on the request inspection payload type.
For JSON payloads, specify the field name in JSON pointer syntax. For information about the JSON Pointer syntax, see the Internet Engineering Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer.
For example, for the JSON payload { \"form\": { \"email\": \"THE_EMAIL\" } }
, the email field specification is /form/email
.
For form encoded payload types, use the HTML form names.
For example, for an HTML form with the input element named email1
, the email field specification is email1
.
Applies only to the targeted inspection level.
Determines whether to use machine learning (ML) to analyze your web traffic for bot-related activity. Machine learning is required for the Bot Control rules TGT_ML_CoordinatedActivityLow
and TGT_ML_CoordinatedActivityMedium
, which inspect for anomalous behavior that might indicate distributed, coordinated bot activity.
For more information about this choice, see the listing for these rules in the table at Bot Control rules listing in the WAF Developer Guide.
Default: TRUE
The part of the web request that you want WAF to inspect. Include the single FieldToMatch
type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch
for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString
field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method
field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
Specifies a web request component to be used in a rule match statement or in a logging configuration.
In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch
type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch
for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString
field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method
field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
In a logging configuration, this is used in the RedactedFields
property to specify a field to redact from the logging records. For this use case, note the following:
Even though all FieldToMatch
settings are available, the only valid settings for field redaction are UriPath
, QueryString
, SingleHeader
, and Method
.
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
The part of the web request that you want WAF to inspect.
", "RedactedFields$member": null, @@ -1181,7 +1186,7 @@ "JsonBody": { "base": "Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: \"JsonBody\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"ALL\" }
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
A limited amount of the request body is forwarded to WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, you can increase the limit in the web ACL's AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the JsonBody
object configuration.
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig
, for additional processing fees.
For information about how to handle oversized request bodies, see the JsonBody
object configuration.
What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to WAF for inspection.
The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
What WAF should do if the body is larger than WAF can inspect.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
What WAF should do if the cookies of the request are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to WAF.
The options for oversize handling are the following:
CONTINUE
- Inspect the available cookies normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
What WAF should do if the headers of the request are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.
The options for oversize handling are the following:
CONTINUE
- Inspect the available headers normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
What WAF should do if the headers of the request are more numerous or larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.
The options for oversize handling are the following:
CONTINUE
- Inspect the available headers normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to WAF for inspection.
The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
What WAF should do if the body is larger than WAF can inspect.
WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to WAF for inspection.
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL AssociationConfig
, for additional processing fees.
The options for oversize handling are the following:
CONTINUE
- Inspect the available body contents normally, according to the rule inspection criteria.
MATCH
- Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH
- Treat the web request as not matching the rule statement.
You can combine the MATCH
or NO_MATCH
settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
Default: CONTINUE
A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.
You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.
For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
IP address 10.1.1.1, HTTP method POST
IP address 10.1.1.1, HTTP method GET
IP address 127.0.0.0, HTTP method POST
IP address 10.1.1.1, HTTP method GET
The rule would create different aggregation instances according to your aggregation criteria, for example:
If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1: count 3
IP address 127.0.0.0: count 1
If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following:
HTTP method POST: count 2
HTTP method GET: count 2
If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1, HTTP method POST: count 1
IP address 10.1.1.1, HTTP method GET: count 2
IP address 127.0.0.0, HTTP method POST: count 1
For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.
You cannot nest a RateBasedStatement
inside another statement, for example inside a NotStatement
or OrStatement
. You can define a RateBasedStatement
inside a web ACL and inside a rule group.
For additional information about the options, see Rate limiting web requests using rate-based rules in the WAF Developer Guide.
If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys
. This option is not available for other aggregation configurations.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
", + "base": "A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.
If you change any of these settings in a rule that's currently in use, the change resets the rule's rate limiting counts. This can pause the rule's rate limiting activities for up to a minute.
You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.
For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
IP address 10.1.1.1, HTTP method POST
IP address 10.1.1.1, HTTP method GET
IP address 127.0.0.0, HTTP method POST
IP address 10.1.1.1, HTTP method GET
The rule would create different aggregation instances according to your aggregation criteria, for example:
If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1: count 3
IP address 127.0.0.0: count 1
If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following:
HTTP method POST: count 2
HTTP method GET: count 2
If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1, HTTP method POST: count 1
IP address 10.1.1.1, HTTP method GET: count 2
IP address 127.0.0.0, HTTP method POST: count 1
For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.
You cannot nest a RateBasedStatement
inside another statement, for example inside a NotStatement
or OrStatement
. You can define a RateBasedStatement
inside a web ACL and inside a rule group.
For additional information about the options, see Rate limiting web requests using rate-based rules in the WAF Developer Guide.
If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys
. This option is not available for other aggregation configurations.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
", "refs": { - "Statement$RateBasedStatement": "A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.
You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.
For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
IP address 10.1.1.1, HTTP method POST
IP address 10.1.1.1, HTTP method GET
IP address 127.0.0.0, HTTP method POST
IP address 10.1.1.1, HTTP method GET
The rule would create different aggregation instances according to your aggregation criteria, for example:
If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1: count 3
IP address 127.0.0.0: count 1
If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following:
HTTP method POST: count 2
HTTP method GET: count 2
If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1, HTTP method POST: count 1
IP address 10.1.1.1, HTTP method GET: count 2
IP address 127.0.0.0, HTTP method POST: count 1
For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.
You cannot nest a RateBasedStatement
inside another statement, for example inside a NotStatement
or OrStatement
. You can define a RateBasedStatement
inside a web ACL and inside a rule group.
For additional information about the options, see Rate limiting web requests using rate-based rules in the WAF Developer Guide.
If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys
. This option is not available for other aggregation configurations.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
" + "Statement$RateBasedStatement": "A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.
If you change any of these settings in a rule that's currently in use, the change resets the rule's rate limiting counts. This can pause the rule's rate limiting activities for up to a minute.
You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.
For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
IP address 10.1.1.1, HTTP method POST
IP address 10.1.1.1, HTTP method GET
IP address 127.0.0.0, HTTP method POST
IP address 10.1.1.1, HTTP method GET
The rule would create different aggregation instances according to your aggregation criteria, for example:
If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1: count 3
IP address 127.0.0.0: count 1
If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following:
HTTP method POST: count 2
HTTP method GET: count 2
If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following:
IP address 10.1.1.1, HTTP method POST: count 1
IP address 10.1.1.1, HTTP method GET: count 2
IP address 127.0.0.0, HTTP method POST: count 1
For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.
You cannot nest a RateBasedStatement
inside another statement, for example inside a NotStatement
or OrStatement
. You can define a RateBasedStatement
inside a web ACL and inside a rule group.
For additional information about the options, see Rate limiting web requests using rate-based rules in the WAF Developer Guide.
If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys
. This option is not available for other aggregation configurations.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
" } }, "RateBasedStatementAggregateKeyType": { @@ -1971,11 +1976,11 @@ "RequestBody": { "base": null, "refs": { - "AssociationConfig$RequestBody": "Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Example JSON: { \"API_GATEWAY\": \"KB_48\", \"APP_RUNNER_SERVICE\": \"KB_32\" }
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
" } }, "RequestBodyAssociatedResourceTypeConfig": { - "base": "Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
This is used in the AssociationConfig
of the web ACL.
Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types.
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
Example JSON: { \"API_GATEWAY\": \"KB_48\", \"APP_RUNNER_SERVICE\": \"KB_32\" }
For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
This is used in the AssociationConfig
of the web ACL.
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig
, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
is nine characters long.
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see Body
and JsonBody
settings for the FieldToMatch
data type.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
is nine characters long.
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig
, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
is nine characters long.
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see Body
and JsonBody
settings for the FieldToMatch
data type.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
is nine characters long.
Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.
Default: 16 KB (16,384 bytes)
Specifies the maximum size of the web request body component that an associated CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resource should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.
Default: 16 KB (16,384 bytes)
The time that the challenge was last solved for the supplied token.
" } }, + "SourceType": { + "base": null, + "refs": { + "WAFLimitsExceededException$SourceType": "Source type for the exception.
" + } + }, "SqliMatchStatement": { "base": "A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
", "refs": { diff --git a/models/apis/workspaces/2015-04-08/docs-2.json b/models/apis/workspaces/2015-04-08/docs-2.json index aa38f44e298..15c5394f4e5 100644 --- a/models/apis/workspaces/2015-04-08/docs-2.json +++ b/models/apis/workspaces/2015-04-08/docs-2.json @@ -15,7 +15,7 @@ "CreateUpdatedWorkspaceImage": "Creates a new updated WorkSpace image based on the specified source image. The new updated WorkSpace image has the latest drivers and other updates required by the Amazon WorkSpaces components.
To determine which WorkSpace images need to be updated with the latest Amazon WorkSpaces requirements, use DescribeWorkspaceImages.
Only Windows 10, Windows Server 2016, and Windows Server 2019 WorkSpace images can be programmatically updated at this time.
Microsoft Windows updates and other application updates are not included in the update process.
The source WorkSpace image is not deleted. You can delete the source image after you've verified your new updated image and created a new bundle.
Creates the specified WorkSpace bundle. For more information about creating WorkSpace bundles, see Create a Custom WorkSpaces Image and Bundle.
", "CreateWorkspaceImage": "Creates a new WorkSpace image from an existing WorkSpace.
", - "CreateWorkspaces": "Creates one or more WorkSpaces.
This operation is asynchronous and returns before the WorkSpaces are created.
The MANUAL
running mode value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see Amazon WorkSpaces Core.
You don't need to specify the PCOIP
protocol for Linux bundles because WSP
is the default protocol for those bundles.
Creates one or more WorkSpaces.
This operation is asynchronous and returns before the WorkSpaces are created.
The MANUAL
running mode value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see Amazon WorkSpaces Core.
You don't need to specify the PCOIP
protocol for Linux bundles because WSP
is the default protocol for those bundles.
User-decoupled WorkSpaces are only supported by Amazon WorkSpaces Core.
Deletes customized client branding. Client branding allows you to customize your WorkSpace's client login portal. You can tailor your login portal company logo, the support email address, support link, link to reset password, and a custom message for users trying to sign in.
After you delete your customized client branding, your login portal reverts to the default client branding.
", "DeleteConnectClientAddIn": "Deletes a client-add-in for Amazon Connect that is configured within a directory.
", "DeleteConnectionAlias": "Deletes the specified connection alias. For more information, see Cross-Region Redirection for Amazon WorkSpaces.
If you will no longer be using a fully qualified domain name (FQDN) as the registration code for your WorkSpaces users, you must take certain precautions to prevent potential security issues. For more information, see Security Considerations if You Stop Using Cross-Region Redirection.
To delete a connection alias that has been shared, the shared account must first disassociate the connection alias from any directories it has been associated with. Then you must unshare the connection alias from the account it has been shared with. You can delete a connection alias only after it is no longer shared with any accounts or associated with any directories.
Modify the default properties used to create WorkSpaces.
", "ModifyWorkspaceProperties": "Modifies the specified WorkSpace properties. For important information about how to modify the size of the root and user volumes, see Modify a WorkSpace.
The MANUAL
running mode value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see Amazon WorkSpaces Core.
Sets the state of the specified WorkSpace.
To maintain a WorkSpace without being interrupted, set the WorkSpace state to ADMIN_MAINTENANCE
. WorkSpaces in this state do not respond to requests to reboot, stop, start, rebuild, or restore. An AutoStop WorkSpace in this state is not stopped. Users cannot log into a WorkSpace in the ADMIN_MAINTENANCE
state.
Reboots the specified WorkSpaces.
You cannot reboot a WorkSpace unless its state is AVAILABLE
or UNHEALTHY
.
This operation is asynchronous and returns before the WorkSpaces have rebooted.
", + "RebootWorkspaces": "Reboots the specified WorkSpaces.
You cannot reboot a WorkSpace unless its state is AVAILABLE
, UNHEALTHY
, or REBOOTING
. Reboot a WorkSpace in the REBOOTING
state only if your WorkSpace has been stuck in the REBOOTING
state for over 20 minutes.
This operation is asynchronous and returns before the WorkSpaces have rebooted.
", "RebuildWorkspaces": "Rebuilds the specified WorkSpace.
You cannot rebuild a WorkSpace unless its state is AVAILABLE
, ERROR
, UNHEALTHY
, STOPPED
, or REBOOTING
.
Rebuilding a WorkSpace is a potentially destructive action that can result in the loss of data. For more information, see Rebuild a WorkSpace.
This operation is asynchronous and returns before the WorkSpaces have been completely rebuilt.
", "RegisterWorkspaceDirectory": "Registers the specified directory. This operation is asynchronous and returns before the WorkSpace directory is registered. If this is the first time you are registering a directory, you will need to create the workspaces_DefaultRole role before you can register a directory. For more information, see Creating the workspaces_DefaultRole Role.
", "RestoreWorkspace": "Restores the specified WorkSpace to its last known healthy state.
You cannot restore a WorkSpace unless its state is AVAILABLE
, ERROR
, UNHEALTHY
, or STOPPED
.
Restoring a WorkSpace is a potentially destructive action that can result in the loss of data. For more information, see Restore a WorkSpace.
This operation is asynchronous and returns before the WorkSpace is completely restored.
", @@ -2648,7 +2648,7 @@ "refs": { "PendingCreateStandbyWorkspacesRequest$State": "The operational state of the standby WorkSpace.
", "RelatedWorkspaceProperties$State": "Indicates the state of the WorkSpace.
", - "Workspace$State": "The operational state of the WorkSpace.
After a WorkSpace is terminated, the TERMINATED
state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.
The operational state of the WorkSpace.
PENDING
– The WorkSpace is in a waiting state (for example, the WorkSpace is being created).
AVAILABLE
– The WorkSpace is running and has passed the health checks.
IMPAIRED
– Refer to UNHEALTHY
state.
UNHEALTHY
– The WorkSpace is not responding to health checks.
REBOOTING
– The WorkSpace is being rebooted (restarted).
STARTING
– The WorkSpace is starting up and health checks are being run.
REBUILDING
– The WorkSpace is being rebuilt.
RESTORING
– The WorkSpace is being restored.
MAINTENANCE
– The WorkSpace is undergoing scheduled maintenance by Amazon Web Services.
ADMIN_MAINTENANCE
– The WorkSpace is undergoing maintenance by the WorkSpaces administrator.
TERMINATING
– The WorkSpace is being deleted.
TERMINATED
– The WorkSpace has been deleted.
SUSPENDED
– The WorkSpace has been suspended for image creation.
UPDATING
– The WorkSpace is undergoing an update.
STOPPING
– The WorkSpace is being stopped.
STOPPED
– The WorkSpace has been stopped.
ERROR
– The WorkSpace is an error state (for example, an error occurred during startup).
After a WorkSpace is terminated, the TERMINATED
state is returned only briefly before the WorkSpace directory metadata is cleaned up, so this state is rarely returned. To confirm that a WorkSpace is terminated, check for the WorkSpace ID by using DescribeWorkSpaces. If the WorkSpace ID isn't returned, then the WorkSpace has been successfully terminated.