Michael Li
💻
Bennett Lynch
💻
Ikko Ashimine
📖
Called by an SaaS partner to create a partner event source. This operation is not used by AWS customers.
Each partner event source can be used by one AWS account to create a matching partner event bus in that AWS account. A SaaS partner must create one partner event source for each AWS account that wants to receive those event types.
A partner event source creates events based on resources within the SaaS partner's service or application.
An AWS account that creates a partner event bus that matches the partner event source can use that event bus to receive events from the partner, and then process them using AWS Events rules and targets.
Partner event source names follow this format:
partner_name/event_namespace/event_name
partner_name is determined during partner registration and identifies the partner to AWS customers. event_namespace is determined by the partner and is a way for the partner to categorize their events. event_name is determined by the partner, and should uniquely identify an event-generating resource within the partner system. The combination of event_namespace and event_name should help AWS customers decide whether to create an event bus to receive these events.
" + "documentation":"Called by an SaaS partner to create a partner event source. This operation is not used by Amazon Web Services customers.
Each partner event source can be used by one Amazon Web Services account to create a matching partner event bus in that Amazon Web Services account. A SaaS partner must create one partner event source for each Amazon Web Services account that wants to receive those event types.
A partner event source creates events based on resources within the SaaS partner's service or application.
An Amazon Web Services account that creates a partner event bus that matches the partner event source can use that event bus to receive events from the partner, and then process them using Amazon Web Services Events rules and targets.
Partner event source names follow this format:
partner_name/event_namespace/event_name
partner_name is determined during partner registration and identifies the partner to Amazon Web Services customers. event_namespace is determined by the partner and is a way for the partner to categorize their events. event_name is determined by the partner, and should uniquely identify an event-generating resource within the partner system. The combination of event_namespace and event_name should help Amazon Web Services customers decide whether to create an event bus to receive these events.
" }, "DeactivateEventSource":{ "name":"DeactivateEventSource", @@ -143,7 +143,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"You can use this operation to temporarily stop receiving events from the specified partner event source. The matching event bus is not deleted.
When you deactivate a partner event source, the source goes into PENDING state. If it remains in PENDING state for more than two weeks, it is deleted.
To activate a deactivated partner event source, use ActivateEventSource.
" + "documentation":"You can use this operation to temporarily stop receiving events from the specified partner event source. The matching event bus is not deleted.
When you deactivate a partner event source, the source goes into PENDING state. If it remains in PENDING state for more than two weeks, it is deleted.
To activate a deactivated partner event source, use ActivateEventSource.
" }, "DeauthorizeConnection":{ "name":"DeauthorizeConnection", @@ -230,7 +230,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"OperationDisabledException"} ], - "documentation":"This operation is used by SaaS partners to delete a partner event source. This operation is not used by AWS customers.
When you delete an event source, the status of the corresponding partner event bus in the AWS customer account becomes DELETED.
" + "documentation":"This operation is used by SaaS partners to delete a partner event source. This operation is not used by Amazon Web Services customers.
When you delete an event source, the status of the corresponding partner event bus in the Amazon Web Services customer account becomes DELETED.
" }, "DeleteRule":{ "name":"DeleteRule", @@ -245,7 +245,7 @@ {"shape":"InternalException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Deletes the specified rule.
Before you can delete the rule, you must remove all targets, using RemoveTargets.
When you delete a rule, incoming events might continue to match to the deleted rule. Allow a short period of time for changes to take effect.
If you call delete rule multiple times for the same rule, all calls will succeed. When you call delete rule for a non-existent custom eventbus, ResourceNotFoundException is returned.
Managed rules are rules created and managed by another AWS service on your behalf. These rules are created by those other AWS services to support functionality in those services. You can delete these rules using the Force option, but you should do so only if you are sure the other service is not still using that rule.
Deletes the specified rule.
Before you can delete the rule, you must remove all targets, using RemoveTargets.
When you delete a rule, incoming events might continue to match to the deleted rule. Allow a short period of time for changes to take effect.
If you call delete rule multiple times for the same rule, all calls will succeed. When you call delete rule for a non-existent custom eventbus, ResourceNotFoundException is returned.
Managed rules are rules created and managed by another Amazon Web Services service on your behalf. These rules are created by those other Amazon Web Services services to support functionality in those services. You can delete these rules using the Force option, but you should do so only if you are sure the other service is not still using that rule.
Displays details about an event bus in your account. This can include the external AWS accounts that are permitted to write events to your default event bus, and the associated policy. For custom event buses and partner event buses, it displays the name, ARN, policy, state, and creation time.
To enable your account to receive events from other accounts on its default event bus, use PutPermission.
For more information about partner event buses, see CreateEventBus.
" + "documentation":"Displays details about an event bus in your account. This can include the external Amazon Web Services accounts that are permitted to write events to your default event bus, and the associated policy. For custom event buses and partner event buses, it displays the name, ARN, policy, state, and creation time.
To enable your account to receive events from other accounts on its default event bus, use PutPermission.
For more information about partner event buses, see CreateEventBus.
" }, "DescribeEventSource":{ "name":"DescribeEventSource", @@ -332,7 +332,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"An SaaS partner can use this operation to list details about a partner event source that they have created. AWS customers do not use this operation. Instead, AWS customers can use DescribeEventSource to see details about a partner event source that is shared with them.
" + "documentation":"An SaaS partner can use this operation to list details about a partner event source that they have created. Amazon Web Services customers do not use this operation. Instead, Amazon Web Services customers can use DescribeEventSource to see details about a partner event source that is shared with them.
" }, "DescribeReplay":{ "name":"DescribeReplay", @@ -360,7 +360,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InternalException"} ], - "documentation":"Describes the specified rule.
DescribeRule does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
" + "documentation":"Describes the specified rule.
DescribeRule does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
" }, "DisableRule":{ "name":"DisableRule", @@ -457,7 +457,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"You can use this to see all the partner event sources that have been shared with your AWS account. For more information about partner event sources, see CreateEventBus.
" + "documentation":"You can use this to see all the partner event sources that have been shared with your Amazon Web Services account. For more information about partner event sources, see CreateEventBus.
" }, "ListPartnerEventSourceAccounts":{ "name":"ListPartnerEventSourceAccounts", @@ -472,7 +472,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"An SaaS partner can use this operation to display the AWS account ID that a particular partner event source name is associated with. This operation is not used by AWS customers.
" + "documentation":"An SaaS partner can use this operation to display the Amazon Web Services account ID that a particular partner event source name is associated with. This operation is not used by Amazon Web Services customers.
" }, "ListPartnerEventSources":{ "name":"ListPartnerEventSources", @@ -486,7 +486,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"An SaaS partner can use this operation to list all the partner event source names that they have created. This operation is not used by AWS customers.
" + "documentation":"An SaaS partner can use this operation to list all the partner event source names that they have created. This operation is not used by Amazon Web Services customers.
" }, "ListReplays":{ "name":"ListReplays", @@ -527,7 +527,7 @@ {"shape":"InternalException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists your Amazon EventBridge rules. You can either list all the rules or you can provide a prefix to match to the rule names.
ListRules does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
" + "documentation":"Lists your Amazon EventBridge rules. You can either list all the rules or you can provide a prefix to match to the rule names.
ListRules does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
" }, "ListTagsForResource":{ "name":"ListTagsForResource", @@ -582,7 +582,7 @@ {"shape":"InternalException"}, {"shape":"OperationDisabledException"} ], - "documentation":"This is used by SaaS partners to write events to a customer's partner event bus. AWS customers do not use this operation.
" + "documentation":"This is used by SaaS partners to write events to a customer's partner event bus. Amazon Web Services customers do not use this operation.
" }, "PutPermission":{ "name":"PutPermission", @@ -598,7 +598,7 @@ {"shape":"ConcurrentModificationException"}, {"shape":"OperationDisabledException"} ], - "documentation":"Running PutPermission permits the specified AWS account or AWS organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple AWS accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run PutPermission once specifying Principal as \"*\" and specifying the AWS organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
The permission policy on the default event bus cannot exceed 10 KB in size.
" + "documentation":"Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as \"*\" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
" }, "PutRule":{ "name":"PutRule", @@ -616,7 +616,7 @@ {"shape":"InternalException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by AWS services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in AWS treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
" + "documentation":"Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by Amazon Web Services services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
" }, "PutTargets":{ "name":"PutTargets", @@ -633,7 +633,7 @@ {"shape":"ManagedRuleException"}, {"shape":"InternalException"} ], - "documentation":"Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
AWS Batch job queue
CloudWatch Logs group
CodeBuild project
CodePineline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different AWS account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
AWS Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the AWS Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge (CloudWatch Events) needs the appropriate permissions. For AWS Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis data streams, AWS Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another AWS account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge (CloudWatch Events) Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different AWS account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Revokes the permission of another AWS account to be able to put events to the specified event bus. Specify the account to revoke by the StatementId value that you associated with the account when you granted it permission with PutPermission. You can find the StatementId by using DescribeEventBus.
Revokes the permission of another Amazon Web Services account to be able to put events to the specified event bus. Specify the account to revoke by the StatementId value that you associated with the account when you granted it permission with PutPermission. You can find the StatementId by using DescribeEventBus.
Assigns one or more tags (key-value pairs) to the specified EventBridge resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In EventBridge, rules and event buses can be tagged.
Tags don't have any semantic meaning to AWS and are interpreted strictly as strings of characters.
You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource.
" + "documentation":"Assigns one or more tags (key-value pairs) to the specified EventBridge resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In EventBridge, rules and event buses can be tagged.
Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource.
" }, "TestEventPattern":{ "name":"TestEventPattern", @@ -711,7 +711,7 @@ {"shape":"InvalidEventPatternException"}, {"shape":"InternalException"} ], - "documentation":"Tests whether the specified event pattern matches the provided event.
Most services in AWS treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
" + "documentation":"Tests whether the specified event pattern matches the provided event.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
" }, "UntagResource":{ "name":"UntagResource", @@ -1008,7 +1008,7 @@ "documentation":"The size of the array, if this is an array batch job. Valid values are integers between 2 and 10,000.
" } }, - "documentation":"The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an AWS Batch job.
" + "documentation":"The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an Batch job.
" }, "BatchParameters":{ "type":"structure", @@ -1019,22 +1019,22 @@ "members":{ "JobDefinition":{ "shape":"String", - "documentation":"The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
" + "documentation":"The ARN or name of the job definition to use if the event target is an Batch job. This job definition must already exist.
" }, "JobName":{ "shape":"String", - "documentation":"The name to use for this execution of the job, if the target is an AWS Batch job.
" + "documentation":"The name to use for this execution of the job, if the target is an Batch job.
" }, "ArrayProperties":{ "shape":"BatchArrayProperties", - "documentation":"The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an AWS Batch job.
" + "documentation":"The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an Batch job.
" }, "RetryStrategy":{ "shape":"BatchRetryStrategy", - "documentation":"The retry strategy to use for failed jobs, if the target is an AWS Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1–10. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" + "documentation":"The retry strategy to use for failed jobs, if the target is an Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1–10. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" } }, - "documentation":"The custom parameters to be used when the target is an AWS Batch job.
" + "documentation":"The custom parameters to be used when the target is an Batch job.
" }, "BatchRetryStrategy":{ "type":"structure", @@ -1044,7 +1044,7 @@ "documentation":"The number of times to attempt to retry, if the job fails. Valid values are 1–10.
" } }, - "documentation":"The retry strategy to use for failed jobs, if the target is an AWS Batch job. If you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" + "documentation":"The retry strategy to use for failed jobs, if the target is an Batch job. If you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" }, "Boolean":{"type":"boolean"}, "CancelReplayRequest":{ @@ -1141,7 +1141,7 @@ "documentation":"Specifies the value for the key. Currently, this must be the ID of the organization.
" } }, - "documentation":"A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition. Currently, the only supported condition is membership in a certain AWS organization. The string must contain Type, Key, and Value fields. The Value field specifies the ID of the AWS organization. Following is an example value for Condition:
'{\"Type\" : \"StringEquals\", \"Key\": \"aws:PrincipalOrgID\", \"Value\": \"o-1234567890\"}'
A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition. Currently, the only supported condition is membership in a certain Amazon Web Services organization. The string must contain Type, Key, and Value fields. The Value field specifies the ID of the Amazon Web Services organization. Following is an example value for Condition:
'{\"Type\" : \"StringEquals\", \"Key\": \"aws:PrincipalOrgID\", \"Value\": \"o-1234567890\"}'
The ARN of the event source associated with the archive.
" + "documentation":"The ARN of the event bus that sends events to the archive.
" }, "Description":{ "shape":"ArchiveDescription", @@ -1691,11 +1691,11 @@ "members":{ "Name":{ "shape":"EventSourceName", - "documentation":"The name of the partner event source. This name must be unique and must be in the format partner_name/event_namespace/event_name . The AWS account that wants to use this partner event source must create a partner event bus with a name that matches the name of the partner event source.
The name of the partner event source. This name must be unique and must be in the format partner_name/event_namespace/event_name . The Amazon Web Services account that wants to use this partner event source must create a partner event bus with a name that matches the name of the partner event source.
The AWS account ID that is permitted to create a matching partner event bus for this partner event source.
" + "documentation":"The Amazon Web Services account ID that is permitted to create a matching partner event bus for this partner event source.
" } } }, @@ -1866,7 +1866,7 @@ }, "Account":{ "shape":"AccountId", - "documentation":"The AWS account ID of the AWS customer that the event source was created for.
" + "documentation":"The Amazon Web Services account ID of the Amazon Web Services customer that the event source was created for.
" } } }, @@ -1884,7 +1884,7 @@ }, "Force":{ "shape":"Boolean", - "documentation":"If this is a managed rule, created by an AWS service on your behalf, you must specify Force as True to delete the rule. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
If this is a managed rule, created by an Amazon Web Services service on your behalf, you must specify Force as True to delete the rule. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
If this is a managed rule, created by an AWS service on your behalf, this field displays the principal name of the AWS service that created the rule.
" + "documentation":"If this is a managed rule, created by an Amazon Web Services service on your behalf, this field displays the principal name of the Amazon Web Services service that created the rule.
" }, "EventBusName":{ "shape":"EventBusName", @@ -2299,15 +2299,15 @@ }, "LaunchType":{ "shape":"LaunchType", - "documentation":"Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where AWS Fargate with Amazon ECS is supported. For more information, see AWS Fargate on Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where Fargate witt Amazon ECS is supported. For more information, see Fargate on Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Use this structure if the ECS task uses the awsvpc network mode. This structure specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. This structure is required if LaunchType is FARGATE because the awsvpc mode is required for Fargate tasks.
If you specify NetworkConfiguration when the target ECS task does not use the awsvpc network mode, the task fails.
Use this structure if the Amazon ECS task uses the awsvpc network mode. This structure specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. This structure is required if LaunchType is FARGATE because the awsvpc mode is required for Fargate tasks.
If you specify NetworkConfiguration when the target ECS task does not use the awsvpc network mode, the task fails.
Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0.
This structure is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.
Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0.
This structure is used only if LaunchType is FARGATE. For more information about valid platform versions, see Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.
The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
" + "documentation":"The permissions policy of the event bus, describing which other Amazon Web Services accounts can write events to this event bus.
" } }, - "documentation":"An event bus receives events from a source and routes them to rules associated with that event bus. Your account's default event bus receives events from AWS services. A custom event bus can receive events from your custom applications and services. A partner event bus receives events from an event source created by an SaaS partner. These events come from the partners services or applications.
" + "documentation":"An event bus receives events from a source and routes them to rules associated with that event bus. Your account's default event bus receives events from Amazon Web Services services. A custom event bus can receive events from your custom applications and services. A partner event bus receives events from an event source created by an SaaS partner. These events come from the partners services or applications.
" }, "EventBusList":{ "type":"list", @@ -2422,7 +2422,7 @@ }, "ExpirationTime":{ "shape":"Timestamp", - "documentation":"The date and time that the event source will expire, if the AWS account doesn't create a matching event bus for it.
" + "documentation":"The date and time that the event source will expire, if the Amazon Web Services account doesn't create a matching event bus for it.
" }, "Name":{ "shape":"String", @@ -2433,7 +2433,7 @@ "documentation":"The state of the event source. If it is ACTIVE, you have already created a matching event bus for this event source, and that event bus is active. If it is PENDING, either you haven't yet created a matching event bus, or that event bus is deactivated. If it is DELETED, you have created a matching event bus, but the event source has since been deleted.
" } }, - "documentation":"A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that AWS account can receive events from the partner's applications or services.
" + "documentation":"A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that Amazon Web Services account can receive events from the partner's applications or services.
" }, "EventSourceList":{ "type":"list", @@ -2512,7 +2512,7 @@ "members":{ "InputPathsMap":{ "shape":"TransformerPaths", - "documentation":"Map of JSON paths to be extracted from the event. You can then insert these in the template in InputTemplate to produce the output you want to be sent to the target.
InputPathsMap is an array key-value pairs, where each value is a valid JSON path. You can have as many as 100 key-value pairs. You must use JSON dot notation, not bracket notation.
The keys cannot start with \"AWS.\"
" + "documentation":"Map of JSON paths to be extracted from the event. You can then insert these in the template in InputTemplate to produce the output you want to be sent to the target.
InputPathsMap is an array key-value pairs, where each value is a valid JSON path. You can have as many as 100 key-value pairs. You must use JSON dot notation, not bracket notation.
The keys cannot start with \"Amazon Web Services.\"
" }, "InputTemplate":{ "shape":"TransformerInput", @@ -2565,7 +2565,8 @@ "type":"string", "enum":[ "EC2", - "FARGATE" + "FARGATE", + "EXTERNAL" ] }, "LimitExceededException":{ @@ -2825,7 +2826,7 @@ }, "EventSourceArn":{ "shape":"Arn", - "documentation":"The ARN of the event source associated with the replay.
" + "documentation":"The ARN of the archive from which the events are replayed.
" }, "NextToken":{ "shape":"NextToken", @@ -2983,7 +2984,7 @@ "type":"structure", "members":{ }, - "documentation":"This rule was created by an AWS service on behalf of your account. It is managed by that service. If you see this error in response to DeleteRule or RemoveTargets, you can use the Force parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.
This rule was created by an Amazon Web Services service on behalf of your account. It is managed by that service. If you see this error in response to DeleteRule or RemoveTargets, you can use the Force parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.
The name of the partner event source.
" } }, - "documentation":"A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that AWS account can receive events from the partner's applications or services.
" + "documentation":"A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that Amazon Web Services account can receive events from the partner's applications or services.
" }, "PartnerEventSourceAccount":{ "type":"structure", "members":{ "Account":{ "shape":"AccountId", - "documentation":"The AWS account ID that the partner event source was offered to.
" + "documentation":"The Amazon Web Services account ID that the partner event source was offered to.
" }, "CreationTime":{ "shape":"Timestamp", @@ -3058,14 +3059,14 @@ }, "ExpirationTime":{ "shape":"Timestamp", - "documentation":"The date and time that the event source will expire, if the AWS account doesn't create a matching event bus for it.
" + "documentation":"The date and time that the event source will expire, if the Amazon Web Services account doesn't create a matching event bus for it.
" }, "State":{ "shape":"EventSourceState", "documentation":"The state of the event source. If it is ACTIVE, you have already created a matching event bus for this event source, and that event bus is active. If it is PENDING, either you haven't yet created a matching event bus, or that event bus is deactivated. If it is DELETED, you have created a matching event bus, but the event source has since been deleted.
" } }, - "documentation":"The AWS account that a partner event source has been offered to.
" + "documentation":"The Amazon Web Services account that a partner event source has been offered to.
" }, "PartnerEventSourceAccountList":{ "type":"list", @@ -3136,7 +3137,7 @@ "documentation":"The field to apply the placement strategy against. For the spread placement strategy, valid values are instanceId (or host, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as attribute:ecs.availability-zone. For the binpack placement strategy, valid values are cpu and memory. For the random placement strategy, this field is not used.
" } }, - "documentation":"The task placement strategy for a task or service. To learn more, see Task Placement Strategies in the Amazon Elastic Container Service Developer Guide.
" + "documentation":"The task placement strategy for a task or service. To learn more, see Task Placement Strategies in the Amazon Elastic Container Service Service Developer Guide.
" }, "PlacementStrategyField":{ "type":"string", @@ -3182,7 +3183,7 @@ "members":{ "Time":{ "shape":"EventTime", - "documentation":"The time stamp of the event, per RFC3339. If no time stamp is provided, the time stamp of the PutEvents call is used.
" + "documentation":"The time stamp of the event, per RFC3339. If no time stamp is provided, the time stamp of the PutEvents call is used.
" }, "Source":{ "shape":"String", @@ -3190,7 +3191,7 @@ }, "Resources":{ "shape":"EventResourceList", - "documentation":"AWS resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" + "documentation":"Amazon Web Services resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" }, "DetailType":{ "shape":"String", @@ -3206,7 +3207,7 @@ }, "TraceHeader":{ "shape":"TraceHeader", - "documentation":"An AWS X-Ray trade header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.
To learn more about X-Ray trace headers, see Tracing header in the AWS X-Ray Developer Guide.
" + "documentation":"An X-Ray trade header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.
To learn more about X-Ray trace headers, see Tracing header in the X-Ray Developer Guide.
" } }, "documentation":"Represents an event to be submitted.
" @@ -3271,11 +3272,11 @@ }, "Source":{ "shape":"EventSourceName", - "documentation":"The event source that is generating the evntry.
" + "documentation":"The event source that is generating the entry.
" }, "Resources":{ "shape":"EventResourceList", - "documentation":"AWS resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" + "documentation":"Amazon Web Services resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" }, "DetailType":{ "shape":"String", @@ -3338,19 +3339,19 @@ }, "Action":{ "shape":"Action", - "documentation":"The action that you are enabling the other account to perform. Currently, this must be events:PutEvents.
The action that you are enabling the other account to perform.
" }, "Principal":{ "shape":"Principal", - "documentation":"The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.
If you specify \"*\" without specifying Condition, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
The 12-digit Amazon Web Services account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.
If you specify \"*\" without specifying Condition, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission.
An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission.
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide.
If you specify Condition with an AWS organization ID, and specify \"*\" as the value for Principal, you grant permission to all the accounts in the named organization.
The Condition is a JSON string which must contain Type, Key, and Value fields.
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain Amazon Web Services organization. For more information about Amazon Web Services Organizations, see What Is Amazon Web Services Organizations in the Amazon Web Services Organizations User Guide.
If you specify Condition with an Amazon Web Services organization ID, and specify \"*\" as the value for Principal, you grant permission to all the accounts in the named organization.
The Condition is a JSON string which must contain Type, Key, and Value fields.
The Amazon Resource Name (ARN) of the IAM role associated with the rule.
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role associated with the rule.
If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
The name or ARN of the secret that enables access to the database. Required when authenticating using AWS Secrets Manager.
" + "documentation":"The name or ARN of the secret that enables access to the database. Required when authenticating using Amazon Web Services Secrets Manager.
" }, "Database":{ "shape":"Database", @@ -3508,7 +3509,7 @@ "documentation":"Indicates whether to send an event back to EventBridge after the SQL statement runs.
" } }, - "documentation":"These are custom parameters to be used when the target is a Redshift cluster to invoke the Redshift Data API ExecuteStatement based on EventBridge events.
" + "documentation":"These are custom parameters to be used when the target is a Amazon Redshift cluster to invoke the Amazon Redshift Data API ExecuteStatement based on EventBridge events.
" }, "RedshiftSecretManagerArn":{ "type":"string", @@ -3558,7 +3559,7 @@ }, "Force":{ "shape":"Boolean", - "documentation":"If this is a managed rule, created by an AWS service on your behalf, you must specify Force as True to remove targets. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
If this is a managed rule, created by an Amazon Web Services service on your behalf, you must specify Force as True to remove targets. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
The scheduling expression. For example, \"cron(0 20 * * ? *)\", \"rate(5 minutes)\".
" + "documentation":"The scheduling expression. For example, \"cron(0 20 * * ? *)\", \"rate(5 minutes)\". For more information, see Creating an Amazon EventBridge rule that runs on a schedule.
" }, "RoleArn":{ "shape":"RoleArn", - "documentation":"The Amazon Resource Name (ARN) of the role that is used for target invocation.
" + "documentation":"The Amazon Resource Name (ARN) of the role that is used for target invocation.
If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
If the rule was created on behalf of your account by an AWS service, this field displays the principal name of the service that created the rule.
" + "documentation":"If the rule was created on behalf of your account by an Amazon Web Services service, this field displays the principal name of the service that created the rule.
" }, "EventBusName":{ "shape":"EventBusName", @@ -4019,7 +4020,7 @@ "documentation":"The value for the specified tag key.
" } }, - "documentation":"A key-value pair associated with an AWS resource. In EventBridge, rules and event buses support tagging.
" + "documentation":"A key-value pair associated with an Amazon Web Services resource. In EventBridge, rules and event buses support tagging.
" }, "TagKey":{ "type":"string", @@ -4070,7 +4071,7 @@ "members":{ "Id":{ "shape":"TargetId", - "documentation":"The ID of the target.
" + "documentation":"The ID of the target. We recommend using a memorable and unique string.
" }, "Arn":{ "shape":"TargetArn", @@ -4106,7 +4107,7 @@ }, "BatchParameters":{ "shape":"BatchParameters", - "documentation":"If the event target is an AWS Batch job, this contains the job definition, job name, and other parameters. For more information, see Jobs in the AWS Batch User Guide.
" + "documentation":"If the event target is an Batch job, this contains the job definition, job name, and other parameters. For more information, see Jobs in the Batch User Guide.
" }, "SqsParameters":{ "shape":"SqsParameters", @@ -4118,7 +4119,7 @@ }, "RedshiftDataParameters":{ "shape":"RedshiftDataParameters", - "documentation":"Contains the Redshift Data API parameters to use when the target is a Redshift cluster.
If you specify a Redshift Cluster as a Target, you can use this to specify parameters to invoke the Redshift Data API ExecuteStatement based on EventBridge events.
" + "documentation":"Contains the Amazon Redshift Data API parameters to use when the target is a Amazon Redshift cluster.
If you specify a Amazon Redshift Cluster as a Target, you can use this to specify parameters to invoke the Amazon Redshift Data API ExecuteStatement based on EventBridge events.
" }, "SageMakerPipelineParameters":{ "shape":"SageMakerPipelineParameters", @@ -4133,7 +4134,7 @@ "documentation":"The RetryPolicy object that contains the retry policy configuration to use for the dead-letter queue.
Targets are the resources to be invoked when a rule is triggered. For a complete list of services and resources that can be set as a target, see PutTargets.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
Targets are the resources to be invoked when a rule is triggered. For a complete list of services and resources that can be set as a target, see PutTargets.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The event, in JSON format, to test against the event pattern. The JSON must follow the format specified in AWS Events, and the following fields are mandatory:
id
account
source
time
region
resources
detail-type
The event, in JSON format, to test against the event pattern. The JSON must follow the format specified in Amazon Web Services Events, and the following fields are mandatory:
id
account
source
time
region
resources
detail-type
Amazon EventBridge helps you to respond to state changes in your AWS resources. When your resources change state, they automatically send events into an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a predetermined schedule. For example, you can configure rules to:
Automatically invoke an AWS Lambda function to update DNS entries when an event notifies you that Amazon EC2 instance enters the running state.
Direct specific API records from AWS CloudTrail to an Amazon Kinesis data stream for detailed analysis of potential security or availability risks.
Periodically invoke a built-in target to create a snapshot of an Amazon EBS volume.
For more information about the features of Amazon EventBridge, see the Amazon EventBridge User Guide.
" + "documentation":"Amazon EventBridge helps you to respond to state changes in your Amazon Web Services resources. When your resources change state, they automatically send events to an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a predetermined schedule. For example, you can configure rules to:
Automatically invoke an Lambda function to update DNS entries when an event notifies you that Amazon EC2 instance enters the running state.
Direct specific API records from CloudTrail to an Amazon Kinesis data stream for detailed analysis of potential security or availability risks.
Periodically invoke a built-in target to create a snapshot of an Amazon EBS volume.
For more information about the features of Amazon EventBridge, see the Amazon EventBridge User Guide.
" } diff --git a/services/cloudwatchlogs/pom.xml b/services/cloudwatchlogs/pom.xml index 4fe4d0cf4e4c..25bf0354dae5 100644 --- a/services/cloudwatchlogs/pom.xml +++ b/services/cloudwatchlogs/pom.xml @@ -21,7 +21,7 @@Cancels execution of a task.
When you cancel a task execution, the transfer of some files is abruptly interrupted. The contents of files that are transferred to the destination might be incomplete or inconsistent with the source files. However, if you start a new task execution on the same task and you allow the task execution to complete, file content on the destination is complete and consistent. This applies to other unexpected failures that interrupt a task execution. In all of these cases, AWS DataSync successfully complete the transfer when you start the next task execution.
" + "documentation":"Cancels execution of a task.
When you cancel a task execution, the transfer of some files is abruptly interrupted. The contents of files that are transferred to the destination might be incomplete or inconsistent with the source files. However, if you start a new task execution on the same task and you allow the task execution to complete, file content on the destination is complete and consistent. This applies to other unexpected failures that interrupt a task execution. In all of these cases, DataSync successfully complete the transfer when you start the next task execution.
" }, "CreateAgent":{ "name":"CreateAgent", @@ -40,7 +40,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Activates an AWS DataSync agent that you have deployed on your host. The activation process associates your agent with your account. In the activation process, you specify information such as the AWS Region that you want to activate the agent in. You activate the agent in the AWS Region where your target locations (in Amazon S3 or Amazon EFS) reside. Your tasks are created in this AWS Region.
You can activate the agent in a VPC (virtual private cloud) or provide the agent access to a VPC endpoint so you can run tasks without going over the public internet.
You can use an agent for more than one location. If a task uses multiple agents, all of them need to have status AVAILABLE for the task to run. If you use multiple agents for a source location, the status of all the agents must be AVAILABLE for the task to run.
Agents are automatically updated by AWS on a regular basis, using a mechanism that ensures minimal interruption to your tasks.
" + "documentation":"Activates an DataSync agent that you have deployed on your host. The activation process associates your agent with your account. In the activation process, you specify information such as the Amazon Web Services Region that you want to activate the agent in. You activate the agent in the Amazon Web Services Region where your target locations (in Amazon S3 or Amazon EFS) reside. Your tasks are created in this Amazon Web Services Region.
You can activate the agent in a VPC (virtual private cloud) or provide the agent access to a VPC endpoint so you can run tasks without going over the public internet.
You can use an agent for more than one location. If a task uses multiple agents, all of them need to have status AVAILABLE for the task to run. If you use multiple agents for a source location, the status of all the agents must be AVAILABLE for the task to run.
Agents are automatically updated by Amazon Web Services on a regular basis, using a mechanism that ensures minimal interruption to your tasks.
" }, "CreateLocationEfs":{ "name":"CreateLocationEfs", @@ -110,7 +110,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Creates an endpoint for an Amazon S3 bucket.
For more information, see https://docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3-cli in the AWS DataSync User Guide.
" + "documentation":"Creates an endpoint for an Amazon S3 bucket.
For more information, see Create an Amazon S3 location in the DataSync User Guide.
" }, "CreateLocationSmb":{ "name":"CreateLocationSmb", @@ -138,7 +138,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Creates a task.
A task includes a source location and a destination location, and a configuration that specifies how data is transferred. A task always transfers data from the source location to the destination location. The configuration specifies options such as task scheduling, bandwidth limits, etc. A task is the complete definition of a data transfer.
When you create a task that transfers data between AWS services in different AWS Regions, one of the two locations that you specify must reside in the Region where DataSync is being used. The other location must be specified in a different Region.
You can transfer data between commercial AWS Regions except for China, or between AWS GovCloud (US-East and US-West) Regions.
When you use DataSync to copy files or objects between AWS Regions, you pay for data transfer between Regions. This is billed as data transfer OUT from your source Region to your destination Region. For more information, see Data Transfer pricing.
Creates a task.
A task includes a source location and a destination location, and a configuration that specifies how data is transferred. A task always transfers data from the source location to the destination location. The configuration specifies options such as task scheduling, bandwidth limits, etc. A task is the complete definition of a data transfer.
When you create a task that transfers data between Amazon Web Services services in different Amazon Web Services Regions, one of the two locations that you specify must reside in the Region where DataSync is being used. The other location must be specified in a different Region.
You can transfer data between commercial Amazon Web Services Regions except for China, or between Amazon Web Services GovCloud (US) Regions.
When you use DataSync to copy files or objects between Amazon Web Services Regions, you pay for data transfer between Regions. This is billed as data transfer OUT from your source Region to your destination Region. For more information, see Data Transfer pricing.
Deletes an agent. To specify which agent to delete, use the Amazon Resource Name (ARN) of the agent in your request. The operation disassociates the agent from your AWS account. However, it doesn't delete the agent virtual machine (VM) from your on-premises environment.
" + "documentation":"Deletes an agent. To specify which agent to delete, use the Amazon Resource Name (ARN) of the agent in your request. The operation disassociates the agent from your Amazon Web Services account. However, it doesn't delete the agent virtual machine (VM) from your on-premises environment.
" }, "DeleteLocation":{ "name":"DeleteLocation", @@ -166,7 +166,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Deletes the configuration of a location used by AWS DataSync.
" + "documentation":"Deletes the configuration of a location used by DataSync.
" }, "DeleteTask":{ "name":"DeleteTask", @@ -320,7 +320,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Returns a list of agents owned by an AWS account in the AWS Region specified in the request. The returned list is ordered by agent Amazon Resource Name (ARN).
By default, this operation returns a maximum of 100 agents. This operation supports pagination that enables you to optionally reduce the number of agents returned in a response.
If you have more agents than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a marker that you can specify in your next request to fetch the next page of agents.
" + "documentation":"Returns a list of agents owned by an Amazon Web Services account in the Amazon Web Services Region specified in the request. The returned list is ordered by agent Amazon Resource Name (ARN).
By default, this operation returns a maximum of 100 agents. This operation supports pagination that enables you to optionally reduce the number of agents returned in a response.
If you have more agents than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a marker that you can specify in your next request to fetch the next page of agents.
" }, "ListLocations":{ "name":"ListLocations", @@ -390,7 +390,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Starts a specific invocation of a task. A TaskExecution value represents an individual run of a task. Each task can have at most one TaskExecution at a time.
TaskExecution has the following transition phases: INITIALIZING | PREPARING | TRANSFERRING | VERIFYING | SUCCESS/FAILURE.
For detailed information, see the Task Execution section in the Components and Terminology topic in the AWS DataSync User Guide.
" + "documentation":"Starts a specific invocation of a task. A TaskExecution value represents an individual run of a task. Each task can have at most one TaskExecution at a time.
TaskExecution has the following transition phases: INITIALIZING | PREPARING | TRANSFERRING | VERIFYING | SUCCESS/FAILURE.
For detailed information, see the Task Execution section in the Components and Terminology topic in the DataSync User Guide.
" }, "TagResource":{ "name":"TagResource", @@ -404,7 +404,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Applies a key-value pair to an AWS resource.
" + "documentation":"Applies a key-value pair to an Amazon Web Services resource.
" }, "UntagResource":{ "name":"UntagResource", @@ -418,7 +418,7 @@ {"shape":"InvalidRequestException"}, {"shape":"InternalException"} ], - "documentation":"Removes a tag from an AWS resource.
" + "documentation":"Removes a tag from an Amazon Web Services resource.
" }, "UpdateAgent":{ "name":"UpdateAgent", @@ -584,7 +584,7 @@ "members":{ "ActivationKey":{ "shape":"ActivationKey", - "documentation":"Your agent activation key. You can get the activation key either by sending an HTTP GET request with redirects that enable you to get the agent IP address (port 80). Alternatively, you can get it from the AWS DataSync console.
The redirect URL returned in the response provides you the activation key for your agent in the query string parameter activationKey. It might also include other activation-related parameters; however, these are merely defaults. The arguments you pass to this API call determine the actual configuration of your agent.
For more information, see Activating an Agent in the AWS DataSync User Guide.
" + "documentation":"Your agent activation key. You can get the activation key either by sending an HTTP GET request with redirects that enable you to get the agent IP address (port 80). Alternatively, you can get it from the DataSync console.
The redirect URL returned in the response provides you the activation key for your agent in the query string parameter activationKey. It might also include other activation-related parameters; however, these are merely defaults. The arguments you pass to this API call determine the actual configuration of your agent.
For more information, see Activating an Agent in the DataSync User Guide.
" }, "AgentName":{ "shape":"TagValue", @@ -614,7 +614,7 @@ "members":{ "AgentArn":{ "shape":"AgentArn", - "documentation":"The Amazon Resource Name (ARN) of the agent. Use the ListAgents operation to return a list of agents for your account and AWS Region.
The Amazon Resource Name (ARN) of the agent. Use the ListAgents operation to return a list of agents for your account and Amazon Web Services Region.
CreateAgentResponse
" @@ -628,7 +628,7 @@ "members":{ "Subdirectory":{ "shape":"EfsSubdirectory", - "documentation":"A subdirectory in the location’s path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination. By default, AWS DataSync uses the root directory.
Subdirectory must be specified with forward slashes. For example, /path/to/folder.
A subdirectory in the location’s path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination. By default, DataSync uses the root directory.
Subdirectory must be specified with forward slashes. For example, /path/to/folder.
The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" + "documentation":"The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" }, "ServerHostname":{ "shape":"ServerHostname", - "documentation":"The name of the NFS server. This value is the IP address or Domain Name Service (DNS) name of the NFS server. An agent that is installed on-premises uses this host name to mount the NFS server in a network.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.
The name of the NFS server. This value is the IP address or Domain Name Service (DNS) name of the NFS server. An agent that is installed on-premises uses this host name to mount the NFS server in a network.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.
Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect to an NFS server.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
" + "documentation":"Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect to an NFS server.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
" }, "MountOptions":{ "shape":"NfsMountOptions", @@ -814,16 +814,16 @@ }, "S3BucketArn":{ "shape":"S3BucketArn", - "documentation":"The ARN of the Amazon S3 bucket. If the bucket is on an AWS Outpost, this must be an access point ARN.
" + "documentation":"The ARN of the Amazon S3 bucket. If the bucket is on an Amazon Web Services Outpost, this must be an access point ARN.
" }, "S3StorageClass":{ "shape":"S3StorageClass", - "documentation":"The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. For buckets in AWS Regions, the storage class defaults to Standard. For buckets on AWS Outposts, the storage class defaults to AWS S3 Outposts.
For more information about S3 storage classes, see Amazon S3 Storage Classes. Some storage classes have behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with S3 storage classes in DataSync.
" + "documentation":"The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. For buckets in Amazon Web Services Regions, the storage class defaults to Standard. For buckets on Outposts, the storage class defaults to Amazon Web Services S3 Outposts.
For more information about S3 storage classes, see Amazon S3 Storage Classes. Some storage classes have behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with S3 storage classes in DataSync.
" }, "S3Config":{"shape":"S3Config"}, "AgentArns":{ "shape":"AgentArnList", - "documentation":"If you are using DataSync on an AWS Outpost, specify the Amazon Resource Names (ARNs) of the DataSync agents deployed on your Outpost. For more information about launching a DataSync agent on an AWS Outpost, see Deploy your DataSync agent on AWS Outposts.
" + "documentation":"If you are using DataSync on an Amazon Web Services Outpost, specify the Amazon Resource Names (ARNs) of the DataSync agents deployed on your Outpost. For more information about launching a DataSync agent on an Amazon Web Services Outpost, see Deploy your DataSync agent on Outposts.
" }, "Tags":{ "shape":"InputTagList", @@ -910,7 +910,7 @@ }, "DestinationLocationArn":{ "shape":"LocationArn", - "documentation":"The Amazon Resource Name (ARN) of an AWS storage resource's location.
" + "documentation":"The Amazon Resource Name (ARN) of an Amazon Web Services storage resource's location.
" }, "CloudWatchLogGroupArn":{ "shape":"LogGroupArn", @@ -935,6 +935,10 @@ "Tags":{ "shape":"InputTagList", "documentation":"The key-value pair that represents the tag that you want to add to the resource. The value can be an empty string.
" + }, + "Includes":{ + "shape":"FilterList", + "documentation":"A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
CreateTaskRequest
" @@ -955,7 +959,7 @@ "members":{ "AgentArn":{ "shape":"AgentArn", - "documentation":"The Amazon Resource Name (ARN) of the agent to delete. Use the ListAgents operation to return a list of agents for your account and AWS Region.
The Amazon Resource Name (ARN) of the agent to delete. Use the ListAgents operation to return a list of agents for your account and Amazon Web Services Region.
DeleteAgentRequest
" @@ -1219,7 +1223,7 @@ "S3Config":{"shape":"S3Config"}, "AgentArns":{ "shape":"AgentArnList", - "documentation":"If you are using DataSync on an AWS Outpost, the Amazon Resource Name (ARNs) of the EC2 agents deployed on your Outpost. For more information about launching a DataSync agent on an AWS Outpost, see Deploy your DataSync agent on AWS Outposts.
" + "documentation":"If you are using DataSync on an Amazon Web Services Outpost, the Amazon Resource Name (ARNs) of the EC2 agents deployed on your Outpost. For more information about launching a DataSync agent on an Amazon Web Services Outpost, see Deploy your DataSync agent on Outposts.
" }, "CreationTime":{ "shape":"Time", @@ -1293,7 +1297,7 @@ }, "Status":{ "shape":"TaskExecutionStatus", - "documentation":"The status of the task execution.
For detailed information about task execution statuses, see Understanding Task Statuses in the AWS DataSync User Guide.
" + "documentation":"The status of the task execution.
For detailed information about task execution statuses, see Understanding Task Statuses in the DataSync User Guide.
" }, "Options":{"shape":"Options"}, "Excludes":{ @@ -1322,7 +1326,7 @@ }, "BytesWritten":{ "shape":"long", - "documentation":"The number of logical bytes written to the destination AWS storage resource.
" + "documentation":"The number of logical bytes written to the destination Amazon Web Services storage resource.
" }, "BytesTransferred":{ "shape":"long", @@ -1355,7 +1359,7 @@ }, "Status":{ "shape":"TaskStatus", - "documentation":"The status of the task that was described.
For detailed information about task execution statuses, see Understanding Task Statuses in the AWS DataSync User Guide.
" + "documentation":"The status of the task that was described.
For detailed information about task execution statuses, see Understanding Task Statuses in the DataSync User Guide.
" }, "Name":{ "shape":"TagValue", @@ -1371,7 +1375,7 @@ }, "DestinationLocationArn":{ "shape":"LocationArn", - "documentation":"The Amazon Resource Name (ARN) of the AWS storage resource's location.
" + "documentation":"The Amazon Resource Name (ARN) of the Amazon Web Services storage resource's location.
" }, "CloudWatchLogGroupArn":{ "shape":"LogGroupArn", @@ -1399,7 +1403,7 @@ }, "ErrorCode":{ "shape":"string", - "documentation":"Errors that AWS DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
" + "documentation":"Errors that DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
" }, "ErrorDetail":{ "shape":"string", @@ -1408,6 +1412,10 @@ "CreationTime":{ "shape":"Time", "documentation":"The time that the task was created.
" + }, + "Includes":{ + "shape":"FilterList", + "documentation":"A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
DescribeTaskResponse
" @@ -1495,7 +1503,7 @@ "members":{ "FilterType":{ "shape":"FilterType", - "documentation":"The type of filter rule to apply. AWS DataSync only supports the SIMPLE_PATTERN rule type.
" + "documentation":"The type of filter rule to apply. DataSync only supports the SIMPLE_PATTERN rule type.
" }, "Value":{ "shape":"FilterValue", @@ -1555,7 +1563,7 @@ "message":{"shape":"string"}, "errorCode":{"shape":"string"} }, - "documentation":"This exception is thrown when an error occurs in the AWS DataSync service.
", + "documentation":"This exception is thrown when an error occurs in the DataSync service.
", "exception":true, "fault":true }, @@ -1914,11 +1922,11 @@ }, "OverwriteMode":{ "shape":"OverwriteMode", - "documentation":"A value that determines whether files at the destination should be overwritten or preserved when copying files. If set to NEVER a destination file will not be replaced by a source file, even if the destination file differs from the source file. If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.
Some storage classes have specific behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the AWS DataSync User Guide.
" + "documentation":"A value that determines whether files at the destination should be overwritten or preserved when copying files. If set to NEVER a destination file will not be replaced by a source file, even if the destination file differs from the source file. If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.
Some storage classes have specific behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the DataSync User Guide.
" }, "Atime":{ "shape":"Atime", - "documentation":"A file metadata value that shows the last time a file was accessed (that is, when the file was read or written to). If you set Atime to BEST_EFFORT, DataSync attempts to preserve the original Atime attribute on all source files (that is, the version before the PREPARING phase). However, Atime's behavior is not fully standard across platforms, so AWS DataSync can only do this on a best-effort basis.
Default value: BEST_EFFORT.
BEST_EFFORT: Attempt to preserve the per-file Atime value (recommended).
NONE: Ignore Atime.
If Atime is set to BEST_EFFORT, Mtime must be set to PRESERVE.
If Atime is set to NONE, Mtime must also be NONE.
A file metadata value that shows the last time a file was accessed (that is, when the file was read or written to). If you set Atime to BEST_EFFORT, DataSync attempts to preserve the original Atime attribute on all source files (that is, the version before the PREPARING phase). However, Atime's behavior is not fully standard across platforms, so DataSync can only do this on a best-effort basis.
Default value: BEST_EFFORT.
BEST_EFFORT: Attempt to preserve the per-file Atime value (recommended).
NONE: Ignore Atime.
If Atime is set to BEST_EFFORT, Mtime must be set to PRESERVE.
If Atime is set to NONE, Mtime must also be NONE.
A value that specifies whether files in the destination that don't exist in the source file system should be preserved. This option can affect your storage cost. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the AWS DataSync User Guide.
Default value: PRESERVE.
PRESERVE: Ignore such destination files (recommended).
REMOVE: Delete destination files that aren’t present in the source.
" + "documentation":"A value that specifies whether files in the destination that don't exist in the source file system should be preserved. This option can affect your storage cost. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the DataSync User Guide.
Default value: PRESERVE.
PRESERVE: Ignore such destination files (recommended).
REMOVE: Delete destination files that aren’t present in the source.
" }, "PreserveDevices":{ "shape":"PreserveDevices", - "documentation":"A value that determines whether AWS DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.
AWS DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker.
Default value: NONE.
NONE: Ignore special devices (recommended).
PRESERVE: Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.
" + "documentation":"A value that determines whether DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.
DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker.
Default value: NONE.
NONE: Ignore special devices (recommended).
PRESERVE: Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.
" }, "PosixPermissions":{ "shape":"PosixPermissions", - "documentation":"A value that determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. This option should only be set for NFS, EFS, and S3 locations. For more information about what metadata is copied by DataSync, see Metadata Copied by DataSync.
Default value: PRESERVE.
PRESERVE: Preserve POSIX-style permissions (recommended).
NONE: Ignore permissions.
AWS DataSync can preserve extant permissions of a source location.
A value that determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. This option should only be set for NFS, EFS, and S3 locations. For more information about what metadata is copied by DataSync, see Metadata Copied by DataSync.
Default value: PRESERVE.
PRESERVE: Preserve POSIX-style permissions (recommended).
NONE: Ignore permissions.
DataSync can preserve extant permissions of a source location.
A value that limits the bandwidth used by AWS DataSync. For example, if you want AWS DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).
A value that limits the bandwidth used by DataSync. For example, if you want DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).
The Amazon S3 bucket to access. This bucket is used as a parameter in the CreateLocationS3 operation.
" } }, - "documentation":"The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to access an Amazon S3 bucket.
For detailed information about using such a role, see Creating a Location for Amazon S3 in the AWS DataSync User Guide.
" + "documentation":"The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that is used to access an Amazon S3 bucket.
For detailed information about using such a role, see Creating a Location for Amazon S3 in the DataSync User Guide.
" }, "S3StorageClass":{ "type":"string", @@ -2149,6 +2157,10 @@ "Includes":{ "shape":"FilterList", "documentation":"A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
" + }, + "Excludes":{ + "shape":"FilterList", + "documentation":"
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example, \"/folder1|/folder2\".
StartTaskExecutionRequest
" @@ -2181,11 +2193,11 @@ "members":{ "Key":{ "shape":"TagKey", - "documentation":"The key for an AWS resource tag.
" + "documentation":"The key for an Amazon Web Services resource tag.
" }, "Value":{ "shape":"TagValue", - "documentation":"The value for an AWS resource tag.
" + "documentation":"The value for an Amazon Web Services resource tag.
" } }, "documentation":"Represents a single entry in a list of AWS resource tags. TagListEntry returns an array that contains a list of tasks when the ListTagsForResource operation is called.
The total time in milliseconds that AWS DataSync spent in the PREPARING phase.
" + "documentation":"The total time in milliseconds that DataSync spent in the PREPARING phase.
" }, "PrepareStatus":{ "shape":"PhaseStatus", @@ -2265,11 +2277,11 @@ }, "TotalDuration":{ "shape":"Duration", - "documentation":"The total time in milliseconds that AWS DataSync took to transfer the file from the source to the destination location.
" + "documentation":"The total time in milliseconds that DataSync took to transfer the file from the source to the destination location.
" }, "TransferDuration":{ "shape":"Duration", - "documentation":"The total time in milliseconds that AWS DataSync spent in the TRANSFERRING phase.
" + "documentation":"The total time in milliseconds that DataSync spent in the TRANSFERRING phase.
" }, "TransferStatus":{ "shape":"PhaseStatus", @@ -2277,7 +2289,7 @@ }, "VerifyDuration":{ "shape":"Duration", - "documentation":"The total time in milliseconds that AWS DataSync spent in the VERIFYING phase.
" + "documentation":"The total time in milliseconds that DataSync spent in the VERIFYING phase.
" }, "VerifyStatus":{ "shape":"PhaseStatus", @@ -2285,7 +2297,7 @@ }, "ErrorCode":{ "shape":"string", - "documentation":"Errors that AWS DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
" + "documentation":"Errors that DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
" }, "ErrorDetail":{ "shape":"string", @@ -2375,7 +2387,7 @@ "members":{ "ScheduleExpression":{ "shape":"ScheduleExpressionCron", - "documentation":"A cron expression that specifies when AWS DataSync initiates a scheduled transfer from a source to a destination location.
" + "documentation":"A cron expression that specifies when DataSync initiates a scheduled transfer from a source to a destination location.
" } }, "documentation":"Specifies the schedule you want your task to use for repeated executions. For more information, see Schedule Expressions for Rules.
" @@ -2460,7 +2472,7 @@ }, "Subdirectory":{ "shape":"NfsSubdirectory", - "documentation":"The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder that you specified, DataSync must have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the files you want DataSync to access have permissions that allow read access for all users. Doing either option enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" + "documentation":"The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder that you specified, DataSync must have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the files you want DataSync to access have permissions that allow read access for all users. Doing either option enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" }, "OnPremConfig":{"shape":"OnPremConfig"}, "MountOptions":{"shape":"NfsMountOptions"} @@ -2589,6 +2601,10 @@ "CloudWatchLogGroupArn":{ "shape":"LogGroupArn", "documentation":"The Amazon Resource Name (ARN) of the resource name of the CloudWatch LogGroup.
" + }, + "Includes":{ + "shape":"FilterList", + "documentation":"A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
UpdateTaskResponse
" @@ -2613,5 +2629,5 @@ "long":{"type":"long"}, "string":{"type":"string"} }, - "documentation":"AWS DataSync is a managed data transfer service that makes it simpler for you to automate moving data between on-premises storage and Amazon Simple Storage Service (Amazon S3) or Amazon Elastic File System (Amazon EFS).
This API interface reference for AWS DataSync contains documentation for a programming interface that you can use to manage AWS DataSync.
" + "documentation":"DataSync is a managed data transfer service that makes it simpler for you to automate moving data between on-premises storage and Amazon Simple Storage Service (Amazon S3) or Amazon Elastic File System (Amazon EFS).
This API interface reference for DataSync contains documentation for a programming interface that you can use to manage DataSync.
" } diff --git a/services/dax/pom.xml b/services/dax/pom.xml index 5ac3adf2476a..32a3dac08548 100644 --- a/services/dax/pom.xml +++ b/services/dax/pom.xml @@ -21,7 +21,7 @@Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.
You must specify either the IPv6 addresses or the IPv6 address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.
You must specify either the IPv6 addresses or the IPv6 address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
" }, "AssignPrivateIpAddresses":{ "name":"AssignPrivateIpAddresses", @@ -130,7 +130,7 @@ }, "input":{"shape":"AssignPrivateIpAddressesRequest"}, "output":{"shape":"AssignPrivateIpAddressesResult"}, - "documentation":"Assigns one or more secondary private IP addresses to the specified network interface.
You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.
Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.
You must specify either the IP addresses or the IP address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"Assigns one or more secondary private IP addresses to the specified network interface.
You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.
Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.
You must specify either the IP addresses or the IP address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
" }, "AssociateAddress":{ "name":"AssociateAddress", @@ -239,7 +239,7 @@ }, "input":{"shape":"AssociateTrunkInterfaceRequest"}, "output":{"shape":"AssociateTrunkInterfaceResult"}, - "documentation":"Associates a branch network interface with a trunk network interface.
Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.
For more information, see Network interface trunking in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Associates a branch network interface with a trunk network interface.
Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.
Describes one or more network interface trunk associations.
" + "documentation":"This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Describes one or more network interface trunk associations.
" }, "DescribeVolumeAttribute":{ "name":"DescribeVolumeAttribute", @@ -3156,7 +3156,7 @@ }, "input":{"shape":"DisassociateTrunkInterfaceRequest"}, "output":{"shape":"DisassociateTrunkInterfaceResult"}, - "documentation":"Removes an association between a branch network interface with a trunk network interface.
" + "documentation":"This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Removes an association between a branch network interface with a trunk network interface.
" }, "DisassociateVpcCidrBlock":{ "name":"DisassociateVpcCidrBlock", @@ -5597,11 +5597,11 @@ }, "Ipv6PrefixCount":{ "shape":"Integer", - "documentation":"The number of IPv6 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
One or more IPv6 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
The IPv6 Prefix Delegation prefixes that are assigned to the network interface.
", + "documentation":"The IPv6 prefixes that are assigned to the network interface.
", "locationName":"assignedIpv6PrefixSet" }, "NetworkInterfaceId":{ @@ -5657,12 +5657,12 @@ }, "Ipv4Prefixes":{ "shape":"IpPrefixList", - "documentation":"One or more IPv4 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
The number of IPv4 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
Contains the parameters for AssignPrivateIpAddresses.
" @@ -5682,7 +5682,7 @@ }, "AssignedIpv4Prefixes":{ "shape":"Ipv4PrefixesList", - "documentation":"The IPv4 Prefix Delegation prefixes that are assigned to the network interface.
", + "documentation":"The IPv4 prefixes that are assigned to the network interface.
", "locationName":"assignedIpv4PrefixSet" } } @@ -10364,21 +10364,21 @@ }, "Ipv4Prefixes":{ "shape":"Ipv4PrefixList", - "documentation":"One or moreIPv4 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
The number of IPv4 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
One or moreIPv6 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
The number of IPv6 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
This parameter enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled.
If you specify a value of disabled, you will not be able to access your instance metadata.
Enables or disables the IPv6 endpoint for the instance metadata service.
" } }, "documentation":"The metadata options for the instance.
" @@ -26379,6 +26383,11 @@ "shape":"InstanceMetadataEndpointState", "documentation":"This parameter enables or disables the HTTP metadata endpoint on your instances. If the parameter is not specified, the default state is enabled.
If you specify a value of disabled, you will not be able to access your instance metadata.
Whether or not the IPv6 endpoint for the instance metadata service is enabled or disabled.
", + "locationName":"httpProtocolIpv6" } }, "documentation":"The metadata options for the instance.
" @@ -26390,6 +26399,13 @@ "applied" ] }, + "InstanceMetadataProtocolState":{ + "type":"string", + "enum":[ + "disabled", + "enabled" + ] + }, "InstanceMonitoring":{ "type":"structure", "members":{ @@ -26653,7 +26669,7 @@ }, "NetworkCardIndex":{ "shape":"Integer", - "documentation":"The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.
" + "documentation":"The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.
If you are using RequestSpotInstances to create Spot Instances, omit this parameter because you can’t specify the network card index when using this API. To specify the network card index, use RunInstances.
" }, "Ipv4Prefixes":{ "shape":"Ipv4PrefixList", @@ -27790,21 +27806,21 @@ "members":{ "Ipv4Prefix":{ "shape":"String", - "documentation":"The IPv4 Prefix Delegation prefix. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
", + "documentation":"The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
", "locationName":"ipv4Prefix" } }, - "documentation":"Describes an IPv4 Prefix Delegation.
" + "documentation":"Describes an IPv4 prefix.
" }, "Ipv4PrefixSpecificationRequest":{ "type":"structure", "members":{ "Ipv4Prefix":{ "shape":"String", - "documentation":"The IPv4 Prefix Delegation prefix. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
" + "documentation":"The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
" } }, - "documentation":"Describes the IPv4 Prefix Delegation option for a network interface.
" + "documentation":"Describes the IPv4 prefix option for a network interface.
" }, "Ipv4PrefixSpecificationResponse":{ "type":"structure", @@ -27939,21 +27955,21 @@ "members":{ "Ipv6Prefix":{ "shape":"String", - "documentation":"The IPv6 Prefix Delegation prefix.
", + "documentation":"The IPv6 prefix.
", "locationName":"ipv6Prefix" } }, - "documentation":"Describes the IPv6 Prefix Delegation.
" + "documentation":"Describes the IPv6 prefix.
" }, "Ipv6PrefixSpecificationRequest":{ "type":"structure", "members":{ "Ipv6Prefix":{ "shape":"String", - "documentation":"The IPv6 Prefix Delegation prefix.
" + "documentation":"The IPv6 prefix.
" } }, - "documentation":"Describes the IPv4 Prefix Delegation option for a network interface.
" + "documentation":"Describes the IPv4 prefix option for a network interface.
" }, "Ipv6PrefixSpecificationResponse":{ "type":"structure", @@ -30687,6 +30703,10 @@ "DryRun":{ "shape":"Boolean", "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Enables or disables the IPv6 endpoint for the instance metadata service.
" } } }, @@ -32633,12 +32653,12 @@ }, "Ipv4Prefixes":{ "shape":"Ipv4PrefixesList", - "documentation":"The IPv4 Prefix Delegation prefixes that are assigned to the network interface.
", + "documentation":"The IPv4 prefixes that are assigned to the network interface.
", "locationName":"ipv4PrefixSet" }, "Ipv6Prefixes":{ "shape":"Ipv6PrefixesList", - "documentation":"The IPv6 Prefix Delegation prefixes that are assigned to the network interface.
", + "documentation":"The IPv6 prefixes that are assigned to the network interface.
", "locationName":"ipv6PrefixSet" }, "RequesterId":{ @@ -42544,11 +42564,11 @@ }, "Tags":{ "shape":"TagList", - "documentation":"The tags.
", + "documentation":"The tags for the trunk interface associaton.
", "locationName":"tagSet" } }, - "documentation":"Information about an association between a branch network interface with a trunk network interface.
" + "documentation":"Currently available in limited preview only. If you are interested in using this feature, contact your account manager.
Information about an association between a branch network interface with a trunk network interface.
" }, "TrunkInterfaceAssociationId":{"type":"string"}, "TrunkInterfaceAssociationIdList":{ @@ -42691,7 +42711,7 @@ }, "Ipv6Prefixes":{ "shape":"IpPrefixList", - "documentation":"One or moreIPv6 Prefix Delegation prefixes to unassign from the network interface.
", + "documentation":"One or more IPv6 prefixes to unassign from the network interface.
", "locationName":"Ipv6Prefix" }, "NetworkInterfaceId":{ @@ -42716,7 +42736,7 @@ }, "UnassignedIpv6Prefixes":{ "shape":"IpPrefixList", - "documentation":"The IPv4 Prefix Delegation prefixes that have been unassigned from the network interface.
", + "documentation":"The IPv4 prefixes that have been unassigned from the network interface.
", "locationName":"unassignedIpv6PrefixSet" } } @@ -42737,7 +42757,7 @@ }, "Ipv4Prefixes":{ "shape":"IpPrefixList", - "documentation":"The IPv4 Prefix Delegation prefixes to unassign from the network interface.
", + "documentation":"The IPv4 prefixes to unassign from the network interface.
", "locationName":"Ipv4Prefix" } }, diff --git a/services/ec2instanceconnect/pom.xml b/services/ec2instanceconnect/pom.xml index d60a822df758..9cecb19db6bb 100644 --- a/services/ec2instanceconnect/pom.xml +++ b/services/ec2instanceconnect/pom.xml @@ -21,7 +21,7 @@Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
EC2 Image Builder
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Indicates if the policy should be automatically applied to new resources.
" }, + "DeleteUnusedFMManagedResources":{ + "shape":"Boolean", + "documentation":"Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
" + }, "IncludeMap":{ "shape":"CustomerPolicyScopeMap", "documentation":"Specifies the Amazon Web Services account IDs and Organizations organizational units (OUs) to include in the policy. Specifying an OU is the equivalent of specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time.
You can specify inclusions or exclusions, but not both. If you specify an IncludeMap, Firewall Manager applies the policy to all accounts specified by the IncludeMap, and does not evaluate any ExcludeMap specifications. If you do not specify an IncludeMap, then Firewall Manager applies the policy to all accounts except for those specified by the ExcludeMap.
You can specify account IDs, OUs, or a combination:
Specify account IDs by setting the key to ACCOUNT. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”]}.
Specify OUs by setting the key to ORG_UNIT. For example, the following is a valid map: {“ORG_UNIT” : [“ouid111”, “ouid112”]}.
Specify accounts and OUs together in a single map, separated with a comma. For example, the following is a valid map: {“ACCOUNT” : [“accountID1”, “accountID2”], “ORG_UNIT” : [“ouid111”, “ouid112”]}.
Indicates if the policy should be automatically applied to new resources.
" + }, + "DeleteUnusedFMManagedResources":{ + "shape":"Boolean", + "documentation":"Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
" } }, "documentation":"Details of the Firewall Manager policy.
" @@ -2591,7 +2599,7 @@ }, "ManagedServiceData":{ "shape":"ManagedServiceData", - "documentation":"Details about the service that are specific to the service type, in JSON format. For service type SHIELD_ADVANCED, this is an empty string.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Example: NETWORK_FIREWALL
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration, you can specify one logDestinationConfigs, you can optionally provide up to 20 redactedFields, and the RedactedFieldType must be one of URI, QUERY_STRING, HEADER, or METHOD.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW or DENY. For ALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"
Details about the service that are specific to the service type, in JSON format. For service type SHIELD_ADVANCED, this is an empty string.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Valid values for preProcessRuleGroups are between 1 and 99. Valid values for postProcessRuleGroups are between 9901 and 10000.
Example: NETWORK_FIREWALL
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration, you can specify one logDestinationConfigs, you can optionally provide up to 20 redactedFields, and the RedactedFieldType must be one of URI, QUERY_STRING, HEADER, or METHOD.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW or DENY. For ALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"
Details about the security service that is being used to protect the resources.
" diff --git a/services/forecast/pom.xml b/services/forecast/pom.xml index 7be6a2ba1929..47bac0bbe041 100644 --- a/services/forecast/pom.xml +++ b/services/forecast/pom.xml @@ -21,7 +21,7 @@