The current state of the container service.
The state can be:
Pending - The container service is being created.
Ready - The container service is created but does not have a container deployment.
Disabled - The container service is disabled.
Updating - The container service capacity or other setting is being updated.
Deploying - The container service is launching a container deployment.
Running - The container service is created and it has a container deployment.
The current state of the container service.
The following container service states are possible:
PENDING - The container service is being created.
READY - The container service is running but it does not have an active container deployment.
DEPLOYING - The container service is launching a container deployment.
RUNNING - The container service is running and it has an active container deployment.
UPDATING - The container service capacity or its custom domains are being updated.
DELETING - The container service is being deleted.
DISABLED - The container service is disabled, and its active deployment and containers, if any, are shut down.
An object that describes the current state of the container service.
The state detail is populated only when a container service is in a PENDING, DEPLOYING, or UPDATING state.
The state code of the container service.
The following state codes are possible:
The following state codes are possible if your container service is in a DEPLOYING or UPDATING state:
CREATING_SYSTEM_RESOURCES - The system resources for your container service are being created.
CREATING_NETWORK_INFRASTRUCTURE - The network infrastructure for your container service are being created.
PROVISIONING_CERTIFICATE - The SSL/TLS certificate for your container service is being created.
PROVISIONING_SERVICE - Your container service is being provisioned.
CREATING_DEPLOYMENT - Your deployment is being created on your container service.
EVALUATING_HEALTH_CHECK - The health of your deployment is being evaluated.
ACTIVATING_DEPLOYMENT - Your deployment is being activated.
The following state codes are possible if your container service is in a PENDING state:
CERTIFICATE_LIMIT_EXCEEDED - The SSL/TLS certificate required for your container service exceeds the maximum number of certificates allowed for your account.
UNKNOWN_ERROR - An error was experienced when your container service was being created.
A message that provides more information for the state code.
The state detail is populated only when a container service is in a PENDING, DEPLOYING, or UPDATING state.
Describes the current state of a container service.
" + }, + "ContainerServiceStateDetailCode":{ + "type":"string", + "enum":[ + "CREATING_SYSTEM_RESOURCES", + "CREATING_NETWORK_INFRASTRUCTURE", + "PROVISIONING_CERTIFICATE", + "PROVISIONING_SERVICE", + "CREATING_DEPLOYMENT", + "EVALUATING_HEALTH_CHECK", + "ACTIVATING_DEPLOYMENT", + "CERTIFICATE_LIMIT_EXCEEDED", + "UNKNOWN_ERROR" ] }, "ContainerServicesListResult":{ From 786139b8ca5127835e7dcc159c70353ed0fd08be Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:27 +0000 Subject: [PATCH 03/12] AWS WAFV2 Update: Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide. --- .../feature-AWSWAFV2-2b3853b.json | 6 + .../codegen-resources/service-2.json | 237 +++++++++++++++++- 2 files changed, 236 insertions(+), 7 deletions(-) create mode 100644 .changes/next-release/feature-AWSWAFV2-2b3853b.json diff --git a/.changes/next-release/feature-AWSWAFV2-2b3853b.json b/.changes/next-release/feature-AWSWAFV2-2b3853b.json new file mode 100644 index 000000000000..3f27f1cfdedb --- /dev/null +++ b/.changes/next-release/feature-AWSWAFV2-2b3853b.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "AWS WAFV2", + "contributor": "", + "description": "Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide." +} diff --git a/services/wafv2/src/main/resources/codegen-resources/service-2.json b/services/wafv2/src/main/resources/codegen-resources/service-2.json index 1d495a8b644f..ae97dd767699 100644 --- a/services/wafv2/src/main/resources/codegen-resources/service-2.json +++ b/services/wafv2/src/main/resources/codegen-resources/service-2.json @@ -654,7 +654,7 @@ {"shape":"WAFLimitsExceededException"}, {"shape":"WAFInvalidOperationException"} ], - "documentation":"Updates the specified IPSet.
" + "documentation":"Updates the specified IPSet.
This operation completely replaces any IP address specifications that you already have in the IP set with the ones that you provide to this call. If you want to add to or modify the addresses that are already in the IP set, retrieve those by calling GetIPSet, update them, and provide the complete updated array of IP addresses to this call.
The action setting that a log record must contain in order to meet the condition.
" + } + }, + "documentation":"A single action condition for a Condition in a logging filter.
" + }, + "ActionValue":{ + "type":"string", + "enum":[ + "ALLOW", + "BLOCK", + "COUNT" + ] + }, "All":{ "type":"structure", "members":{ @@ -870,6 +889,25 @@ "GT" ] }, + "Condition":{ + "type":"structure", + "members":{ + "ActionCondition":{ + "shape":"ActionCondition", + "documentation":"A single action condition.
" + }, + "LabelNameCondition":{ + "shape":"LabelNameCondition", + "documentation":"A single label name condition.
" + } + }, + "documentation":"A single match condition for a Filter.
" + }, + "Conditions":{ + "type":"list", + "member":{"shape":"Condition"}, + "min":1 + }, "ConsumedCapacity":{ "type":"long", "min":0 @@ -1650,6 +1688,18 @@ "Rules":{ "shape":"RuleSummaries", "documentation":"" + }, + "LabelNamespace":{ + "shape":"LabelName", + "documentation":"The label namespace prefix for this rule group. All labels added by rules in this rule group have this prefix.
The syntax for the label namespace prefix for a managed rule group is the following:
awswaf:managed:<vendor>:<rule group name>:
When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon:
<label namespace>:<label from rule>
The labels that one or more rules in this rule group add to matching web ACLs. These labels are defined in the RuleLabels for a Rule.
The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.
How to handle logs that satisfy the filter's conditions and requirement.
" + }, + "Requirement":{ + "shape":"FilterRequirement", + "documentation":"Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition.
" + }, + "Conditions":{ + "shape":"Conditions", + "documentation":"Match conditions for the filter.
" + } + }, + "documentation":"A single logging filter, used in LoggingFilter.
" + }, + "FilterBehavior":{ + "type":"string", + "enum":[ + "KEEP", + "DROP" + ] + }, + "FilterRequirement":{ + "type":"string", + "enum":[ + "MEETS_ALL", + "MEETS_ANY" + ] + }, + "Filters":{ + "type":"list", + "member":{"shape":"Filter"}, + "min":1 + }, "FirewallManagerRuleGroup":{ "type":"structure", "required":[ @@ -2317,7 +2409,7 @@ }, "InvalidFallbackBehavior":{ "shape":"BodyParsingFallbackBehavior", - "documentation":"The inspection behavior to fall back to if the JSON in the request body is invalid. For AWS WAF, invalid JSON is any content that isn't complete syntactical JSON, content whose root node isn't an object or an array, and duplicate keys in the content.
You can specify the following fallback behaviors:
MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
EVALUATE_AS_STRING - Inspect the body as plain text. This option applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.
If you don't provide this setting, when AWS WAF encounters invalid JSON, it parses and inspects what it can, up to the first invalid JSON that it encounters.
" + "documentation":"What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:
EVALUATE_AS_STRING - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.
MATCH - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
AWS WAF does its best to parse the entire JSON body, but might be forced to stop for reasons such as invalid characters, duplicate keys, truncation, and any content whose root node isn't an object or an array.
AWS WAF parses the JSON in the following examples as two valid key, value pairs:
Missing comma: {\"key1\":\"value1\"\"key2\":\"value2\"}
Missing colon: {\"key1\":\"value1\",\"key2\"\"value2\"}
Extra colons: {\"key1\"::\"value1\",\"key2\"\"value2\"}
The body of a web request, inspected as JSON. The body immediately follows the request headers. This is used in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. AWS WAF inspects only the parts of the JSON that result from the matches that you indicate.
" @@ -2355,6 +2447,83 @@ "member":{"shape":"JsonPointerPath"}, "min":1 }, + "Label":{ + "type":"structure", + "required":["Name"], + "members":{ + "Name":{ + "shape":"LabelName", + "documentation":"The label string.
" + } + }, + "documentation":"A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a Rule and in Labels inside a SampledHTTPRequest.
Specify whether you want to match using the label name or just the namespace.
" + }, + "Key":{ + "shape":"LabelMatchKey", + "documentation":"The string to match against. The setting you provide for this depends on the match statement's Scope settings:
If the Scope indicates LABEL, then this specification must include the name and can include any number of preceding namespace specifications and prefix up to providing the fully qualified label name.
If the Scope indicates NAMESPACE, then this specification can include any number of contiguous namespace strings, and can include the entire label namespace prefix from the rule group or web ACL where the label originates.
Labels are case sensitive and components of a label must be separated by colon, for example NS1:NS2:name.
A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.
The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, AWS WAF performs the search for labels that were added in the same context as the label match statement.
" + }, + "LabelName":{ + "type":"string", + "max":1024, + "min":1, + "pattern":"^[0-9A-Za-z_\\-:]+$" + }, + "LabelNameCondition":{ + "type":"structure", + "required":["LabelName"], + "members":{ + "LabelName":{ + "shape":"LabelName", + "documentation":"The label name that a log record must contain in order to meet the condition. This must be a fully qualified label name. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label.
" + } + }, + "documentation":"A single label name condition for a Condition in a logging filter.
" + }, + "LabelSummaries":{ + "type":"list", + "member":{"shape":"LabelSummary"} + }, + "LabelSummary":{ + "type":"structure", + "members":{ + "Name":{ + "shape":"LabelName", + "documentation":"An individual label specification.
" + } + }, + "documentation":"List of labels used by one or more of the rules of a RuleGroup. This summary object is used for the following rule group lists:
AvailableLabels - Labels that rules add to matching requests. These labels are defined in the RuleLabels for a Rule.
ConsumedLabels - Labels that rules match against. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.
Indicates whether the logging configuration was created by AWS Firewall Manager, as part of an AWS WAF policy configuration. If true, only Firewall Manager can modify or delete the configuration.
" + }, + "LoggingFilter":{ + "shape":"LoggingFilter", + "documentation":"Filtering that specifies which web requests are kept in the logs and which are dropped. You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
" } }, - "documentation":"Defines an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from AWS WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs.
" + "documentation":"Defines an association between Amazon Kinesis Data Firehose destinations and a web ACL resource, for logging from AWS WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
" }, "LoggingConfigurations":{ "type":"list", "member":{"shape":"LoggingConfiguration"} }, + "LoggingFilter":{ + "type":"structure", + "required":[ + "Filters", + "DefaultBehavior" + ], + "members":{ + "Filters":{ + "shape":"Filters", + "documentation":"The filters that you want to apply to the logs.
" + }, + "DefaultBehavior":{ + "shape":"FilterBehavior", + "documentation":"Default handling for logs that don't match any of the specified filtering conditions.
" + } + }, + "documentation":"Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's LoggingConfiguration.
You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
" + }, "ManagedRuleGroupStatement":{ "type":"structure", "required":[ @@ -2659,7 +2850,8 @@ "ExcludedRules":{ "shape":"ExcludedRules", "documentation":"The rules whose actions are set to COUNT by the web ACL, regardless of the action that is set on the rule. This effectively excludes the rule from acting on web requests.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You can't nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
The override action to apply to the rules in a rule group. Used only for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.
Set the override action to none to leave the rule actions in effect. Set it to count to only count matches, regardless of the rule action settings.
In a Rule, you must specify either this OverrideAction setting or the rule Action setting, but not both:
If the rule statement references a rule group, use this override action setting and not the action setting.
If the rule statement does not reference a rule group, use the rule action setting and not this rule override action setting.
Labels to apply to web requests that match the rule match statement. AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.
Rules that run after this rule in the web ACL can match against these labels using a LabelMatchStatement.
For each label, provide a case-sensitive string containing optional namespaces and a label name, according to the following guidelines:
Separate each component of the label with a colon.
Each namespace or name can have up to 128 characters.
You can specify up to 5 namespaces in a label.
Don't use the following reserved words in your label specification: aws, waf, managed, rulegroup, webacl, regexpatternset, or ipset.
For example, myLabelName or nameSpace1:nameSpace2:myLabelName.
Defines and enables Amazon CloudWatch metrics and web request sample collection.
" @@ -3155,9 +3354,21 @@ "shape":"VisibilityConfig", "documentation":"Defines and enables Amazon CloudWatch metrics and web request sample collection.
" }, + "LabelNamespace":{ + "shape":"LabelName", + "documentation":"The label namespace prefix for this rule group. All labels added by rules in this rule group have this prefix.
The syntax for the label namespace prefix for your rule groups is the following:
awswaf:<account ID>:rulegroup:<rule group name>:
When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon:
<label namespace>:<label from rule>
A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF Developer Guide.
For information about the limits on count and size for custom request and response settings, see AWS WAF quotas in the AWS WAF Developer Guide.
" + }, + "AvailableLabels":{ + "shape":"LabelSummaries", + "documentation":"The labels that one or more rules in this rule group add to matching web ACLs. These labels are defined in the RuleLabels for a Rule.
The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
" @@ -3268,6 +3479,10 @@ "ResponseCodeSent":{ "shape":"ResponseStatusCode", "documentation":"The response code that was sent for the request.
" + }, + "Labels":{ + "shape":"Labels", + "documentation":"Labels applied to the web request by matching rules. AWS WAF applies fully qualified labels to matching web requests. A fully qualified label is the concatenation of a label namespace and a rule label. The rule's rule group or web ACL defines the label namespace.
For example, awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA or awswaf:managed:aws:managed-rule-set:header:encoding:utf8.
Represents a single sampled web request. The response from GetSampledRequests includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains an array of SampledHTTPRequest objects.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You can't nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
A rule statement that defines a string match search against labels that have been added to the web request by rules that have already run in the web ACL.
The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, AWS WAF performs the search for labels that were added in the same context as the label match statement.
" } }, "documentation":"The processing guidance for a Rule, used by AWS WAF to determine whether a web request matches the rule.
" @@ -3908,7 +4127,7 @@ "members":{ "Message":{"shape":"ErrorMessage"} }, - "documentation":"", + "documentation":"You tried to use a managed rule group that's available by subscription, but you aren't subscribed to it yet.
", "exception":true }, "WAFTagOperationException":{ @@ -3990,6 +4209,10 @@ "shape":"Boolean", "documentation":"Indicates whether this web ACL is managed by AWS Firewall Manager. If true, then only AWS Firewall Manager can delete the web ACL or any Firewall Manager rule groups in the web ACL.
" }, + "LabelNamespace":{ + "shape":"LabelName", + "documentation":"The label namespace prefix for this web ACL. All labels added by rules in this web ACL have this prefix.
The syntax for the label namespace prefix for a web ACL is the following:
awswaf:<account ID>:webacl:<web ACL name>:
When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon:
<label namespace>:<label from rule>
A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL.
For information about customizing web requests and responses, see Customizing web requests and responses in AWS WAF in the AWS WAF Developer Guide.
For information about the limits on count and size for custom request and response settings, see AWS WAF quotas in the AWS WAF Developer Guide.
" From 950d782da232ac49f9573a62c57d2a9aae3e39fe Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:27 +0000 Subject: [PATCH 04/12] Amazon Elastic Compute Cloud Update: VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena --- ...ure-AmazonElasticComputeCloud-b70fcc4.json | 6 + .../codegen-resources/service-2.json | 130 ++++++++++++++++-- 2 files changed, 122 insertions(+), 14 deletions(-) create mode 100644 .changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json diff --git a/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json b/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json new file mode 100644 index 000000000000..cdd953007a7b --- /dev/null +++ b/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Elastic Compute Cloud", + "contributor": "", + "description": "VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena" +} diff --git a/services/ec2/src/main/resources/codegen-resources/service-2.json b/services/ec2/src/main/resources/codegen-resources/service-2.json index 032f1d2d7d5c..fbb1912f618a 100755 --- a/services/ec2/src/main/resources/codegen-resources/service-2.json +++ b/services/ec2/src/main/resources/codegen-resources/service-2.json @@ -3224,6 +3224,16 @@ "output":{"shape":"GetEbsEncryptionByDefaultResult"}, "documentation":"Describes whether EBS encryption by default is enabled for your account in the current Region.
For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
" }, + "GetFlowLogsIntegrationTemplate":{ + "name":"GetFlowLogsIntegrationTemplate", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetFlowLogsIntegrationTemplateRequest"}, + "output":{"shape":"GetFlowLogsIntegrationTemplateResult"}, + "documentation":"Generates a CloudFormation template that streamlines and automates the integration of VPC flow logs with Amazon Athena. This make it easier for you to query and gain insights from VPC flow logs data. Based on the information that you provide, we configure resources in the template to do the following:
Create a table in Athena that maps fields to a custom log format
Create a Lambda function that updates the table with new partitions on a daily, weekly, or monthly basis
Create a table partitioned between two timestamps in the past
Create a set of named queries in Athena that you can use to get started quickly
The ID of your subnet.
", - "locationName":"subnetId" - }, "Ipv6CidrBlock":{ "shape":"String", "documentation":"The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length.
", "locationName":"ipv6CidrBlock" + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"The ID of your subnet.
", + "locationName":"subnetId" } } }, @@ -5930,6 +5940,41 @@ "disassociated" ] }, + "AthenaIntegration":{ + "type":"structure", + "required":[ + "IntegrationResultS3DestinationArn", + "PartitionLoadFrequency" + ], + "members":{ + "IntegrationResultS3DestinationArn":{ + "shape":"String", + "documentation":"The location in Amazon S3 to store the generated CloudFormation template.
" + }, + "PartitionLoadFrequency":{ + "shape":"PartitionLoadFrequency", + "documentation":"The schedule for adding new partitions to the table.
" + }, + "PartitionStartDate":{ + "shape":"MillisecondDateTime", + "documentation":"The start date for the partition.
" + }, + "PartitionEndDate":{ + "shape":"MillisecondDateTime", + "documentation":"The end date for the partition.
" + } + }, + "documentation":"Describes integration options for Amazon Athena.
" + }, + "AthenaIntegrationsSet":{ + "type":"list", + "member":{ + "shape":"AthenaIntegration", + "locationName":"item" + }, + "max":10, + "min":1 + }, "AttachClassicLinkVpcRequest":{ "type":"structure", "required":[ @@ -10331,8 +10376,8 @@ "CreateSubnetRequest":{ "type":"structure", "required":[ - "VpcId", - "CidrBlock" + "CidrBlock", + "VpcId" ], "members":{ "TagSpecifications":{ @@ -10348,6 +10393,10 @@ "shape":"String", "documentation":"The AZ ID or the Local Zone ID of the subnet.
" }, + "CidrBlock":{ + "shape":"String", + "documentation":"The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
The IPv6 network range for the subnet, in CIDR notation. The subnet size must use a /64 prefix length.
" @@ -10364,10 +10413,6 @@ "shape":"Boolean", "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
One or more filters.
availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.
availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.
available-ip-address-count - The number of IPv4 addresses in the subnet that are available.
cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.
default-for-az - Indicates whether this is the default subnet for the Availability Zone. You can also use defaultForAz as the filter name.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.
owner-id - The ID of the AWS account that owns the subnet.
state - The state of the subnet (pending | available).
subnet-arn - The Amazon Resource Name (ARN) of the subnet.
subnet-id - The ID of the subnet.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the subnet.
One or more filters.
availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.
availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.
available-ip-address-count - The number of IPv4 addresses in the subnet that are available.
cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.
default-for-az - Indicates whether this is the default subnet for the Availability Zone. You can also use defaultForAz as the filter name.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.
outpost-arn - The Amazon Resource Name (ARN) of the Outpost.
owner-id - The ID of the AWS account that owns the subnet.
state - The state of the subnet (pending | available).
subnet-arn - The Amazon Resource Name (ARN) of the subnet.
subnet-id - The ID of the subnet.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the subnet.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the flow log.
" + }, + "ConfigDeliveryS3DestinationArn":{ + "shape":"String", + "documentation":"To store the CloudFormation template in Amazon S3, specify the location in Amazon S3.
" + }, + "IntegrateServices":{ + "shape":"IntegrateServices", + "documentation":"Information about the service integration.
", + "locationName":"IntegrateService" + } + } + }, + "GetFlowLogsIntegrationTemplateResult":{ + "type":"structure", + "members":{ + "Result":{ + "shape":"String", + "documentation":"The generated CloudFormation template.
", + "locationName":"result" + } + } + }, "GetGroupsForCapacityReservationRequest":{ "type":"structure", "required":["CapacityReservationId"], @@ -26197,6 +26279,17 @@ } }, "Integer":{"type":"integer"}, + "IntegrateServices":{ + "type":"structure", + "members":{ + "AthenaIntegrations":{ + "shape":"AthenaIntegrationsSet", + "documentation":"Information about the integration with Amazon Athena.
", + "locationName":"AthenaIntegration" + } + }, + "documentation":"Describes service integrations with VPC Flow logs.
" + }, "InterfacePermissionType":{ "type":"string", "enum":[ @@ -31431,6 +31524,15 @@ "locationName":"Owner" } }, + "PartitionLoadFrequency":{ + "type":"string", + "enum":[ + "none", + "daily", + "weekly", + "monthly" + ] + }, "PathComponent":{ "type":"structure", "members":{ From 39375d50fa7efcf929400b46656bc2b69b472da5 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:31 +0000 Subject: [PATCH 05/12] AWS Elemental MediaConvert Update: MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio. --- ...ture-AWSElementalMediaConvert-d94cd3a.json | 6 + .../codegen-resources/service-2.json | 182 ++++++++++++++++-- 2 files changed, 171 insertions(+), 17 deletions(-) create mode 100644 .changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json diff --git a/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json b/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json new file mode 100644 index 000000000000..a82cf6292c35 --- /dev/null +++ b/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "AWS Elemental MediaConvert", + "contributor": "", + "description": "MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio." +} diff --git a/services/mediaconvert/src/main/resources/codegen-resources/service-2.json b/services/mediaconvert/src/main/resources/codegen-resources/service-2.json index c16542eb0721..beddaef14b7c 100644 --- a/services/mediaconvert/src/main/resources/codegen-resources/service-2.json +++ b/services/mediaconvert/src/main/resources/codegen-resources/service-2.json @@ -1176,11 +1176,35 @@ "CODING_MODE_3_2_LFE" ] }, + "Ac3DynamicRangeCompressionLine": { + "type": "string", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the line operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf.", + "enum": [ + "FILM_STANDARD", + "FILM_LIGHT", + "MUSIC_STANDARD", + "MUSIC_LIGHT", + "SPEECH", + "NONE" + ] + }, "Ac3DynamicRangeCompressionProfile": { "type": "string", - "documentation": "If set to FILM_STANDARD, adds dynamic range compression signaling to the output bitstream as defined in the Dolby Digital specification.", + "documentation": "When you want to add Dolby dynamic range compression (DRC) signaling to your output stream, we recommend that you use the mode-specific settings instead of Dynamic range compression profile (DynamicRangeCompressionProfile). The mode-specific settings are Dynamic range compression profile, line mode (dynamicRangeCompressionLine) and Dynamic range compression profile, RF mode (dynamicRangeCompressionRf). Note that when you specify values for all three settings, MediaConvert ignores the value of this setting in favor of the mode-specific settings. If you do use this setting instead of the mode-specific settings, choose None (NONE) to leave out DRC signaling. Keep the default Film standard (FILM_STANDARD) to set the profile to Dolby's film standard profile for all operating modes.", + "enum": [ + "FILM_STANDARD", + "NONE" + ] + }, + "Ac3DynamicRangeCompressionRf": { + "type": "string", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the RF operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf.", "enum": [ "FILM_STANDARD", + "FILM_LIGHT", + "MUSIC_STANDARD", + "MUSIC_LIGHT", + "SPEECH", "NONE" ] }, @@ -1223,10 +1247,20 @@ "locationName": "dialnorm", "documentation": "Sets the dialnorm for the output. If blank and input audio is Dolby Digital, dialnorm will be passed through." }, + "DynamicRangeCompressionLine": { + "shape": "Ac3DynamicRangeCompressionLine", + "locationName": "dynamicRangeCompressionLine", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the line operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf." + }, "DynamicRangeCompressionProfile": { "shape": "Ac3DynamicRangeCompressionProfile", "locationName": "dynamicRangeCompressionProfile", - "documentation": "If set to FILM_STANDARD, adds dynamic range compression signaling to the output bitstream as defined in the Dolby Digital specification." + "documentation": "When you want to add Dolby dynamic range compression (DRC) signaling to your output stream, we recommend that you use the mode-specific settings instead of Dynamic range compression profile (DynamicRangeCompressionProfile). The mode-specific settings are Dynamic range compression profile, line mode (dynamicRangeCompressionLine) and Dynamic range compression profile, RF mode (dynamicRangeCompressionRf). Note that when you specify values for all three settings, MediaConvert ignores the value of this setting in favor of the mode-specific settings. If you do use this setting instead of the mode-specific settings, choose None (NONE) to leave out DRC signaling. Keep the default Film standard (FILM_STANDARD) to set the profile to Dolby's film standard profile for all operating modes." + }, + "DynamicRangeCompressionRf": { + "shape": "Ac3DynamicRangeCompressionRf", + "locationName": "dynamicRangeCompressionRf", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the RF operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf." }, "LfeFilter": { "shape": "Ac3LfeFilter", @@ -2318,6 +2352,11 @@ "shape": "TtmlDestinationSettings", "locationName": "ttmlDestinationSettings", "documentation": "Settings specific to TTML caption outputs, including Pass style information (TtmlStylePassthrough)." + }, + "WebvttDestinationSettings": { + "shape": "WebvttDestinationSettings", + "locationName": "webvttDestinationSettings", + "documentation": "WEBVTT Destination Settings" } }, "documentation": "Specific settings required by destination type. Note that burnin_destination_settings are not available if the source of the caption data is Embedded or Teletext." @@ -2398,7 +2437,7 @@ "FileSourceSettings": { "shape": "FileSourceSettings", "locationName": "fileSourceSettings", - "documentation": "If your input captions are SCC, SMI, SRT, STL, TTML, or IMSC 1.1 in an xml file, specify the URI of the input caption source file. If your caption source is IMSC in an IMF package, use TrackSourceSettings instead of FileSoureSettings." + "documentation": "If your input captions are SCC, SMI, SRT, STL, TTML, WebVTT, or IMSC 1.1 in an xml file, specify the URI of the input caption source file. If your caption source is IMSC in an IMF package, use TrackSourceSettings instead of FileSoureSettings." }, "SourceType": { "shape": "CaptionSourceType", @@ -2434,7 +2473,8 @@ "SMPTE_TT", "TELETEXT", "NULL_SOURCE", - "IMSC" + "IMSC", + "WEBVTT" ] }, "ChannelMapping": { @@ -2592,6 +2632,11 @@ "locationName": "mpdProfile", "documentation": "Specify whether your DASH profile is on-demand or main. When you choose Main profile (MAIN_PROFILE), the service signals urn:mpeg:dash:profile:isoff-main:2011 in your .mpd DASH manifest. When you choose On-demand (ON_DEMAND_PROFILE), the service signals urn:mpeg:dash:profile:isoff-on-demand:2011 in your .mpd. When you choose On-demand, you must also set the output group setting Segment control (SegmentControl) to Single file (SINGLE_FILE)." }, + "PtsOffsetHandlingForBFrames": { + "shape": "CmafPtsOffsetHandlingForBFrames", + "locationName": "ptsOffsetHandlingForBFrames", + "documentation": "Use this setting only when your output video stream has B-frames, which causes the initial presentation time stamp (PTS) to be offset from the initial decode time stamp (DTS). Specify how MediaConvert handles PTS when writing time stamps in output DASH manifests. Choose Match initial PTS (MATCH_INITIAL_PTS) when you want MediaConvert to use the initial PTS as the first time stamp in the manifest. Choose Zero-based (ZERO_BASED) to have MediaConvert ignore the initial PTS in the video stream and instead write the initial time stamp as zero in the manifest. For outputs that don't have B-frames, the time stamps in your DASH manifests start at zero regardless of your choice here." + }, "SegmentControl": { "shape": "CmafSegmentControl", "locationName": "segmentControl", @@ -2665,6 +2710,14 @@ "ON_DEMAND_PROFILE" ] }, + "CmafPtsOffsetHandlingForBFrames": { + "type": "string", + "documentation": "Use this setting only when your output video stream has B-frames, which causes the initial presentation time stamp (PTS) to be offset from the initial decode time stamp (DTS). Specify how MediaConvert handles PTS when writing time stamps in output DASH manifests. Choose Match initial PTS (MATCH_INITIAL_PTS) when you want MediaConvert to use the initial PTS as the first time stamp in the manifest. Choose Zero-based (ZERO_BASED) to have MediaConvert ignore the initial PTS in the video stream and instead write the initial time stamp as zero in the manifest. For outputs that don't have B-frames, the time stamps in your DASH manifests start at zero regardless of your choice here.", + "enum": [ + "ZERO_BASED", + "MATCH_INITIAL_PTS" + ] + }, "CmafSegmentControl": { "type": "string", "documentation": "When set to SINGLE_FILE, a single output file is generated, which is internally segmented using the Fragment Length and Segment Length. When set to SEGMENTED_FILES, separate segment files will be created.", @@ -2713,6 +2766,23 @@ "MATCH_VIDEO_DURATION" ] }, + "CmfcAudioTrackType": { + "type": "string", + "documentation": "Use this setting to control the values that MediaConvert puts in your HLS parent playlist to control how the client player selects which audio track to play. The other options for this setting determine the values that MediaConvert writes for the DEFAULT and AUTOSELECT attributes of the EXT-X-MEDIA entry for the audio variant. For more information about these attributes, see the Apple documentation article https://developer.apple.com/documentation/http_live_streaming/example_playlists_for_http_live_streaming/adding_alternate_media_to_a_playlist. Choose Alternate audio, auto select, default (ALTERNATE_AUDIO_AUTO_SELECT_DEFAULT) to set DEFAULT=YES and AUTOSELECT=YES. Choose this value for only one variant in your output group. Choose Alternate audio, auto select, not default (ALTERNATE_AUDIO_AUTO_SELECT) to set DEFAULT=NO and AUTOSELECT=YES. Choose Alternate Audio, Not Auto Select to set DEFAULT=NO and AUTOSELECT=NO. When you don't specify a value for this setting, MediaConvert defaults to Alternate audio, auto select, default. When there is more than one variant in your output group, you must explicitly choose a value for this setting.", + "enum": [ + "ALTERNATE_AUDIO_AUTO_SELECT_DEFAULT", + "ALTERNATE_AUDIO_AUTO_SELECT", + "ALTERNATE_AUDIO_NOT_AUTO_SELECT" + ] + }, + "CmfcDescriptiveVideoServiceFlag": { + "type": "string", + "documentation": "Specify whether to flag this audio track as descriptive video service (DVS) in your HLS parent manifest. When you choose Flag (FLAG), MediaConvert includes the parameter CHARACTERISTICS=\"public.accessibility.describes-video\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, Don't flag (DONT_FLAG), MediaConvert leaves this parameter out. The DVS flag can help with accessibility on Apple devices. For more information, see the Apple documentation.", + "enum": [ + "DONT_FLAG", + "FLAG" + ] + }, "CmfcIFrameOnlyManifest": { "type": "string", "documentation": "Choose Include (INCLUDE) to have MediaConvert generate an HLS child manifest that lists only the I-frames for this rendition, in addition to your regular manifest for this rendition. You might use this manifest as part of a workflow that creates preview functions for your video. MediaConvert adds both the I-frame only child manifest and the regular child manifest to the parent manifest. When you don't need the I-frame only child manifest, keep the default value Exclude (EXCLUDE).", @@ -2745,6 +2815,26 @@ "locationName": "audioDuration", "documentation": "Specify this setting only when your output will be consumed by a downstream repackaging workflow that is sensitive to very small duration differences between video and audio. For this situation, choose Match video duration (MATCH_VIDEO_DURATION). In all other cases, keep the default value, Default codec duration (DEFAULT_CODEC_DURATION). When you choose Match video duration, MediaConvert pads the output audio streams with silence or trims them to ensure that the total duration of each audio stream is at least as long as the total duration of the video stream. After padding or trimming, the audio stream duration is no more than one frame longer than the video stream. MediaConvert applies audio padding or trimming only to the end of the last segment of the output. For unsegmented outputs, MediaConvert adds padding only to the end of the file. When you keep the default value, any minor discrepancies between audio and video duration will depend on your output audio codec." }, + "AudioGroupId": { + "shape": "__string", + "locationName": "audioGroupId", + "documentation": "Specify the audio rendition group for this audio rendition. Specify up to one value for each audio output in your output group. This value appears in your HLS parent manifest in the EXT-X-MEDIA tag of TYPE=AUDIO, as the value for the GROUP-ID attribute. For example, if you specify \"audio_aac_1\" for Audio group ID, it appears in your manifest like this: #EXT-X-MEDIA:TYPE=AUDIO,GROUP-ID=\"audio_aac_1\". Related setting: To associate the rendition group that this audio track belongs to with a video rendition, include the same value that you provide here for that video output's setting Audio rendition sets (audioRenditionSets)." + }, + "AudioRenditionSets": { + "shape": "__string", + "locationName": "audioRenditionSets", + "documentation": "List the audio rendition groups that you want included with this video rendition. Use a comma-separated list. For example, say you want to include the audio rendition groups that have the audio group IDs \"audio_aac_1\" and \"audio_dolby\". Then you would specify this value: \"audio_aac_1, audio_dolby\". Related setting: The rendition groups that you include in your comma-separated list should all match values that you specify in the setting Audio group ID (AudioGroupId) for audio renditions in the same output group as this video rendition. Default behavior: If you don't specify anything here and for Audio group ID, MediaConvert puts each audio variant in its own audio rendition group and associates it with every video variant. Each value in your list appears in your HLS parent manifest in the EXT-X-STREAM-INF tag as the value for the AUDIO attribute. To continue the previous example, say that the file name for the child manifest for your video rendition is \"amazing_video_1.m3u8\". Then, in your parent manifest, each value will appear on separate lines, like this: #EXT-X-STREAM-INF:AUDIO=\"audio_aac_1\"... amazing_video_1.m3u8 #EXT-X-STREAM-INF:AUDIO=\"audio_dolby\"... amazing_video_1.m3u8" + }, + "AudioTrackType": { + "shape": "CmfcAudioTrackType", + "locationName": "audioTrackType", + "documentation": "Use this setting to control the values that MediaConvert puts in your HLS parent playlist to control how the client player selects which audio track to play. The other options for this setting determine the values that MediaConvert writes for the DEFAULT and AUTOSELECT attributes of the EXT-X-MEDIA entry for the audio variant. For more information about these attributes, see the Apple documentation article https://developer.apple.com/documentation/http_live_streaming/example_playlists_for_http_live_streaming/adding_alternate_media_to_a_playlist. Choose Alternate audio, auto select, default (ALTERNATE_AUDIO_AUTO_SELECT_DEFAULT) to set DEFAULT=YES and AUTOSELECT=YES. Choose this value for only one variant in your output group. Choose Alternate audio, auto select, not default (ALTERNATE_AUDIO_AUTO_SELECT) to set DEFAULT=NO and AUTOSELECT=YES. Choose Alternate Audio, Not Auto Select to set DEFAULT=NO and AUTOSELECT=NO. When you don't specify a value for this setting, MediaConvert defaults to Alternate audio, auto select, default. When there is more than one variant in your output group, you must explicitly choose a value for this setting." + }, + "DescriptiveVideoServiceFlag": { + "shape": "CmfcDescriptiveVideoServiceFlag", + "locationName": "descriptiveVideoServiceFlag", + "documentation": "Specify whether to flag this audio track as descriptive video service (DVS) in your HLS parent manifest. When you choose Flag (FLAG), MediaConvert includes the parameter CHARACTERISTICS=\"public.accessibility.describes-video\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, Don't flag (DONT_FLAG), MediaConvert leaves this parameter out. The DVS flag can help with accessibility on Apple devices. For more information, see the Apple documentation." + }, "IFrameOnlyManifest": { "shape": "CmfcIFrameOnlyManifest", "locationName": "iFrameOnlyManifest", @@ -3204,6 +3294,14 @@ }, "documentation": "Specifies DRM settings for DASH outputs." }, + "DashIsoGroupAudioChannelConfigSchemeIdUri": { + "type": "string", + "documentation": "Use this setting only when your audio codec is a Dolby one (AC3, EAC3, or Atmos) and your downstream workflow requires that your DASH manifest use the Dolby channel configuration tag, rather than the MPEG one. For example, you might need to use this to make dynamic ad insertion work. Specify which audio channel configuration scheme ID URI MediaConvert writes in your DASH manifest. Keep the default value, MPEG channel configuration (MPEG_CHANNEL_CONFIGURATION), to have MediaConvert write this: urn:mpeg:mpegB:cicp:ChannelConfiguration. Choose Dolby channel configuration (DOLBY_CHANNEL_CONFIGURATION) to have MediaConvert write this instead: tag:dolby.com,2014:dash:audio_channel_configuration:2011.", + "enum": [ + "MPEG_CHANNEL_CONFIGURATION", + "DOLBY_CHANNEL_CONFIGURATION" + ] + }, "DashIsoGroupSettings": { "type": "structure", "members": { @@ -3212,6 +3310,11 @@ "locationName": "additionalManifests", "documentation": "By default, the service creates one .mpd DASH manifest for each DASH ISO output group in your job. This default manifest references every output in the output group. To create additional DASH manifests that reference a subset of the outputs in the output group, specify a list of them here." }, + "AudioChannelConfigSchemeIdUri": { + "shape": "DashIsoGroupAudioChannelConfigSchemeIdUri", + "locationName": "audioChannelConfigSchemeIdUri", + "documentation": "Use this setting only when your audio codec is a Dolby one (AC3, EAC3, or Atmos) and your downstream workflow requires that your DASH manifest use the Dolby channel configuration tag, rather than the MPEG one. For example, you might need to use this to make dynamic ad insertion work. Specify which audio channel configuration scheme ID URI MediaConvert writes in your DASH manifest. Keep the default value, MPEG channel configuration (MPEG_CHANNEL_CONFIGURATION), to have MediaConvert write this: urn:mpeg:mpegB:cicp:ChannelConfiguration. Choose Dolby channel configuration (DOLBY_CHANNEL_CONFIGURATION) to have MediaConvert write this instead: tag:dolby.com,2014:dash:audio_channel_configuration:2011." + }, "BaseUrl": { "shape": "__string", "locationName": "baseUrl", @@ -3257,6 +3360,11 @@ "locationName": "mpdProfile", "documentation": "Specify whether your DASH profile is on-demand or main. When you choose Main profile (MAIN_PROFILE), the service signals urn:mpeg:dash:profile:isoff-main:2011 in your .mpd DASH manifest. When you choose On-demand (ON_DEMAND_PROFILE), the service signals urn:mpeg:dash:profile:isoff-on-demand:2011 in your .mpd. When you choose On-demand, you must also set the output group setting Segment control (SegmentControl) to Single file (SINGLE_FILE)." }, + "PtsOffsetHandlingForBFrames": { + "shape": "DashIsoPtsOffsetHandlingForBFrames", + "locationName": "ptsOffsetHandlingForBFrames", + "documentation": "Use this setting only when your output video stream has B-frames, which causes the initial presentation time stamp (PTS) to be offset from the initial decode time stamp (DTS). Specify how MediaConvert handles PTS when writing time stamps in output DASH manifests. Choose Match initial PTS (MATCH_INITIAL_PTS) when you want MediaConvert to use the initial PTS as the first time stamp in the manifest. Choose Zero-based (ZERO_BASED) to have MediaConvert ignore the initial PTS in the video stream and instead write the initial time stamp as zero in the manifest. For outputs that don't have B-frames, the time stamps in your DASH manifests start at zero regardless of your choice here." + }, "SegmentControl": { "shape": "DashIsoSegmentControl", "locationName": "segmentControl", @@ -3299,6 +3407,14 @@ "UNENCRYPTED_SEI" ] }, + "DashIsoPtsOffsetHandlingForBFrames": { + "type": "string", + "documentation": "Use this setting only when your output video stream has B-frames, which causes the initial presentation time stamp (PTS) to be offset from the initial decode time stamp (DTS). Specify how MediaConvert handles PTS when writing time stamps in output DASH manifests. Choose Match initial PTS (MATCH_INITIAL_PTS) when you want MediaConvert to use the initial PTS as the first time stamp in the manifest. Choose Zero-based (ZERO_BASED) to have MediaConvert ignore the initial PTS in the video stream and instead write the initial time stamp as zero in the manifest. For outputs that don't have B-frames, the time stamps in your DASH manifests start at zero regardless of your choice here.", + "enum": [ + "ZERO_BASED", + "MATCH_INITIAL_PTS" + ] + }, "DashIsoSegmentControl": { "type": "string", "documentation": "When set to SINGLE_FILE, a single output file is generated, which is internally segmented using the Fragment Length and Segment Length. When set to SEGMENTED_FILES, separate segment files will be created.", @@ -3990,7 +4106,7 @@ }, "Eac3DynamicRangeCompressionLine": { "type": "string", - "documentation": "Specify the absolute peak level for a signal with dynamic range compression.", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the line operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf.", "enum": [ "NONE", "FILM_STANDARD", @@ -4002,7 +4118,7 @@ }, "Eac3DynamicRangeCompressionRf": { "type": "string", - "documentation": "Specify how the service limits the audio dynamic range when compressing the audio.", + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the RF operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf.", "enum": [ "NONE", "FILM_STANDARD", @@ -4088,12 +4204,12 @@ "DynamicRangeCompressionLine": { "shape": "Eac3DynamicRangeCompressionLine", "locationName": "dynamicRangeCompressionLine", - "documentation": "Specify the absolute peak level for a signal with dynamic range compression." + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the line operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf." }, "DynamicRangeCompressionRf": { "shape": "Eac3DynamicRangeCompressionRf", "locationName": "dynamicRangeCompressionRf", - "documentation": "Specify how the service limits the audio dynamic range when compressing the audio." + "documentation": "Choose the Dolby Digital dynamic range control (DRC) profile that MediaConvert uses when encoding the metadata in the Dolby Digital stream for the RF operating mode. Related setting: When you use this setting, MediaConvert ignores any value you provide for Dynamic range compression profile (DynamicRangeCompressionProfile). For information about the Dolby Digital DRC operating modes and profiles, see the Dynamic Range Control chapter of the Dolby Metadata Guide at https://developer.dolby.com/globalassets/professional/documents/dolby-metadata-guide.pdf." }, "LfeControl": { "shape": "Eac3LfeControl", @@ -4369,9 +4485,9 @@ "documentation": "Ignore this setting unless your input captions format is SCC. To have the service compensate for differing frame rates between your input captions and input video, specify the frame rate of the captions file. Specify this value as a fraction, using the settings Framerate numerator (framerateNumerator) and Framerate denominator (framerateDenominator). For example, you might specify 24 / 1 for 24 fps, 25 / 1 for 25 fps, 24000 / 1001 for 23.976 fps, or 30000 / 1001 for 29.97 fps." }, "SourceFile": { - "shape": "__stringMin14PatternS3SccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIHttpsSccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMI", + "shape": "__stringMin14PatternS3SccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIVttVTTHttpsSccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIVttVTT", "locationName": "sourceFile", - "documentation": "External caption file used for loading captions. Accepted file extensions are 'scc', 'ttml', 'dfxp', 'stl', 'srt', 'xml', and 'smi'." + "documentation": "External caption file used for loading captions. Accepted file extensions are 'scc', 'ttml', 'dfxp', 'stl', 'srt', 'xml', 'smi', and 'vtt'." }, "TimeDelta": { "shape": "__integerMinNegative2147483648Max2147483647", @@ -4379,7 +4495,7 @@ "documentation": "Specifies a time delta in seconds to offset the captions from the source file." } }, - "documentation": "If your input captions are SCC, SMI, SRT, STL, TTML, or IMSC 1.1 in an xml file, specify the URI of the input caption source file. If your caption source is IMSC in an IMF package, use TrackSourceSettings instead of FileSoureSettings." + "documentation": "If your input captions are SCC, SMI, SRT, STL, TTML, WebVTT, or IMSC 1.1 in an xml file, specify the URI of the input caption source file. If your caption source is IMSC in an IMF package, use TrackSourceSettings instead of FileSoureSettings." }, "FontScript": { "type": "string", @@ -5601,6 +5717,14 @@ "RFC_4281" ] }, + "HlsDescriptiveVideoServiceFlag": { + "type": "string", + "documentation": "Specify whether to flag this audio track as descriptive video service (DVS) in your HLS parent manifest. When you choose Flag (FLAG), MediaConvert includes the parameter CHARACTERISTICS=\"public.accessibility.describes-video\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, Don't flag (DONT_FLAG), MediaConvert leaves this parameter out. The DVS flag can help with accessibility on Apple devices. For more information, see the Apple documentation.", + "enum": [ + "DONT_FLAG", + "FLAG" + ] + }, "HlsDirectoryStructure": { "type": "string", "documentation": "Indicates whether segments should be placed in subdirectories.", @@ -5872,7 +5996,7 @@ "AudioGroupId": { "shape": "__string", "locationName": "audioGroupId", - "documentation": "Specifies the group to which the audio Rendition belongs." + "documentation": "Specifies the group to which the audio rendition belongs." }, "AudioOnlyContainer": { "shape": "HlsAudioOnlyContainer", @@ -5889,6 +6013,11 @@ "locationName": "audioTrackType", "documentation": "Four types of audio-only tracks are supported: Audio-Only Variant Stream The client can play back this audio-only stream instead of video in low-bandwidth scenarios. Represented as an EXT-X-STREAM-INF in the HLS manifest. Alternate Audio, Auto Select, Default Alternate rendition that the client should try to play back by default. Represented as an EXT-X-MEDIA in the HLS manifest with DEFAULT=YES, AUTOSELECT=YES Alternate Audio, Auto Select, Not Default Alternate rendition that the client may try to play back by default. Represented as an EXT-X-MEDIA in the HLS manifest with DEFAULT=NO, AUTOSELECT=YES Alternate Audio, not Auto Select Alternate rendition that the client will not try to play back by default. Represented as an EXT-X-MEDIA in the HLS manifest with DEFAULT=NO, AUTOSELECT=NO" }, + "DescriptiveVideoServiceFlag": { + "shape": "HlsDescriptiveVideoServiceFlag", + "locationName": "descriptiveVideoServiceFlag", + "documentation": "Specify whether to flag this audio track as descriptive video service (DVS) in your HLS parent manifest. When you choose Flag (FLAG), MediaConvert includes the parameter CHARACTERISTICS=\"public.accessibility.describes-video\" in the EXT-X-MEDIA entry for this track. When you keep the default choice, Don't flag (DONT_FLAG), MediaConvert leaves this parameter out. The DVS flag can help with accessibility on Apple devices. For more information, see the Apple documentation." + }, "IFrameOnlyManifest": { "shape": "HlsIFrameOnlyManifest", "locationName": "iFrameOnlyManifest", @@ -8705,7 +8834,7 @@ "InputChannelsFineTune": { "shape": "__listOf__doubleMinNegative60Max6", "locationName": "inputChannelsFineTune", - "documentation": "Use this setting to specify your remix values when they have a decimal component, such as -10.312, 0.08, or 4.9. MediaConvert rounds your remixing values to the nearest thousandth." + "documentation": "Use this setting to specify your remix values when they have a decimal component, such as -10.312, 0.08, or 4.9. MediaConvert rounds your remixing values to the nearest thousandth." } }, "documentation": "OutputChannel mapping settings." @@ -9734,14 +9863,14 @@ "StylePassthrough": { "shape": "TtmlStylePassthrough", "locationName": "stylePassthrough", - "documentation": "Pass through style and position information from a TTML-like input source (TTML, SMPTE-TT) to the TTML output." + "documentation": "Pass through style and position information from a TTML-like input source (TTML, IMSC, SMPTE-TT) to the TTML output." } }, "documentation": "Settings specific to TTML caption outputs, including Pass style information (TtmlStylePassthrough)." }, "TtmlStylePassthrough": { "type": "string", - "documentation": "Pass through style and position information from a TTML-like input source (TTML, SMPTE-TT) to the TTML output.", + "documentation": "Pass through style and position information from a TTML-like input source (TTML, IMSC, SMPTE-TT) to the TTML output.", "enum": [ "ENABLED", "DISABLED" @@ -10581,6 +10710,25 @@ }, "documentation": "Required when you set (Codec) under (AudioDescriptions)>(CodecSettings) to the value WAV." }, + "WebvttDestinationSettings": { + "type": "structure", + "members": { + "StylePassthrough": { + "shape": "WebvttStylePassthrough", + "locationName": "stylePassthrough", + "documentation": "If your input captions format is teletext or teletext inside of STL, enable this setting to pass through style, color, and position information to your WebVTT output captions." + } + }, + "documentation": "WEBVTT Destination Settings" + }, + "WebvttStylePassthrough": { + "type": "string", + "documentation": "If your input captions format is teletext or teletext inside of STL, enable this setting to pass through style, color, and position information to your WebVTT output captions.", + "enum": [ + "ENABLED", + "DISABLED" + ] + }, "__boolean": { "type": "boolean" }, @@ -11323,10 +11471,10 @@ "min": 14, "pattern": "^((s3://(.*)(\\.mov|[0-9]+\\.png))|(https?://(.*)(\\.mov|[0-9]+\\.png)(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$" }, - "__stringMin14PatternS3SccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIHttpsSccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMI": { + "__stringMin14PatternS3SccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIVttVTTHttpsSccSCCTtmlTTMLDfxpDFXPStlSTLSrtSRTXmlXMLSmiSMIVttVTT": { "type": "string", "min": 14, - "pattern": "^((s3://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI))|(https?://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI)(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$" + "pattern": "^((s3://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI|vtt|VTT))|(https?://(.*?)\\.(scc|SCC|ttml|TTML|dfxp|DFXP|stl|STL|srt|SRT|xml|XML|smi|SMI|vtt|VTT)(\\?([^&=]+=[^&]+&)*[^&=]+=[^&]+)?))$" }, "__stringMin16Max24PatternAZaZ0922AZaZ0916": { "type": "string", From 9a18e4004cf97581cbd0b97cdb30865018cadd81 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:36 +0000 Subject: [PATCH 06/12] Amazon Lex Runtime Service Update: Amazon Lex now supports base64-encoded message and input transcript fields. --- ...ature-AmazonLexRuntimeService-0587549.json | 6 +++ .../codegen-resources/service-2.json | 40 +++++++++++++++++-- 2 files changed, 43 insertions(+), 3 deletions(-) create mode 100644 .changes/next-release/feature-AmazonLexRuntimeService-0587549.json diff --git a/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json b/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json new file mode 100644 index 000000000000..cd31ef0ed9c5 --- /dev/null +++ b/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Lex Runtime Service", + "contributor": "", + "description": "Amazon Lex now supports base64-encoded message and input transcript fields." +} diff --git a/services/lexruntime/src/main/resources/codegen-resources/service-2.json b/services/lexruntime/src/main/resources/codegen-resources/service-2.json index f3df91d83d92..9f5918af7ce4 100644 --- a/services/lexruntime/src/main/resources/codegen-resources/service-2.json +++ b/services/lexruntime/src/main/resources/codegen-resources/service-2.json @@ -723,10 +723,18 @@ }, "message":{ "shape":"Text", - "documentation":"The message to convey to the user. The message can come from the bot's configuration or from a Lambda function.
If the intent is not configured with a Lambda function, or if the Lambda function returned Delegate as the dialogAction.type in its response, Amazon Lex decides on the next course of action and selects an appropriate message from the bot's configuration based on the current interaction context. For example, if Amazon Lex isn't able to understand user input, it uses a clarification prompt message.
When you create an intent you can assign messages to groups. When messages are assigned to groups Amazon Lex returns one message from each group in the response. The message field is an escaped JSON string containing the messages. For more information about the structure of the JSON string returned, see msg-prompts-formats.
If the Lambda function returns a message, Amazon Lex passes it to the client in its response.
", + "documentation":"You can only use this field in the de-DE, en-AU, en-GB, en-US, es-419, es-ES, es-US, fr-CA, fr-FR, and it-IT locales. In all other locales, the message field is null. You should use the encodedMessage field instead.
The message to convey to the user. The message can come from the bot's configuration or from a Lambda function.
If the intent is not configured with a Lambda function, or if the Lambda function returned Delegate as the dialogAction.type in its response, Amazon Lex decides on the next course of action and selects an appropriate message from the bot's configuration based on the current interaction context. For example, if Amazon Lex isn't able to understand user input, it uses a clarification prompt message.
When you create an intent you can assign messages to groups. When messages are assigned to groups Amazon Lex returns one message from each group in the response. The message field is an escaped JSON string containing the messages. For more information about the structure of the JSON string returned, see msg-prompts-formats.
If the Lambda function returns a message, Amazon Lex passes it to the client in its response.
", + "deprecated":true, + "deprecatedMessage":"The message field is deprecated, use the encodedMessage field instead. The message field is available only in the de-DE, en-AU, en-GB, en-US, es-419, es-ES, es-US, fr-CA, fr-FR and it-IT locales.", "location":"header", "locationName":"x-amz-lex-message" }, + "encodedMessage":{ + "shape":"SensitiveString", + "documentation":"The message to convey to the user. The message can come from the bot's configuration or from a Lambda function.
If the intent is not configured with a Lambda function, or if the Lambda function returned Delegate as the dialogAction.type in its response, Amazon Lex decides on the next course of action and selects an appropriate message from the bot's configuration based on the current interaction context. For example, if Amazon Lex isn't able to understand user input, it uses a clarification prompt message.
When you create an intent you can assign messages to groups. When messages are assigned to groups Amazon Lex returns one message from each group in the response. The message field is an escaped JSON string containing the messages. For more information about the structure of the JSON string returned, see msg-prompts-formats.
If the Lambda function returns a message, Amazon Lex passes it to the client in its response.
The encodedMessage field is base-64 encoded. You must decode the field before you can use the value.
The format of the response message. One of the following values:
PlainText - The message contains plain UTF-8 text.
CustomPayload - The message is a custom format for the client.
SSML - The message contains text formatted for voice output.
Composite - The message contains an escaped JSON object containing one or more messages from the groups that messages were assigned to when the intent was created.
The text used to process the request.
If the input was an audio stream, the inputTranscript field contains the text extracted from the audio stream. This is the text that is actually processed to recognize intents and slot values. You can use this information to determine if Amazon Lex is correctly processing the audio that you send.
The text used to process the request.
You can use this field only in the de-DE, en-AU, en-GB, en-US, es-419, es-ES, es-US, fr-CA, fr-FR, and it-IT locales. In all other locales, the inputTranscript field is null. You should use the encodedInputTranscript field instead.
If the input was an audio stream, the inputTranscript field contains the text extracted from the audio stream. This is the text that is actually processed to recognize intents and slot values. You can use this information to determine if Amazon Lex is correctly processing the audio that you send.
The text used to process the request.
If the input was an audio stream, the encodedInputTranscript field contains the text extracted from the audio stream. This is the text that is actually processed to recognize intents and slot values. You can use this information to determine if Amazon Lex is correctly processing the audio that you send.
The encodedInputTranscript field is base-64 encoded. You must decode the field before you can use the value.
The prompt (or statement) to convey to the user. This is based on the bot configuration and context. For example, if Amazon Lex did not understand the user intent, it sends the clarificationPrompt configured for the bot. If the intent requires confirmation before taking the fulfillment action, it sends the confirmationPrompt. Another example: Suppose that the Lambda function successfully fulfilled the intent, and sent a message to convey to the user. Then Amazon Lex sends that message in the response.
The next message that should be presented to the user.
", + "documentation":"The next message that should be presented to the user.
You can only use this field in the de-DE, en-AU, en-GB, en-US, es-419, es-ES, es-US, fr-CA, fr-FR, and it-IT locales. In all other locales, the message field is null. You should use the encodedMessage field instead.
The next message that should be presented to the user.
The encodedMessage field is base-64 encoded. You must decode the field before you can use the value.
The format of the response message. One of the following values:
PlainText - The message contains plain UTF-8 text.
CustomPayload - The message is a custom format for the client.
SSML - The message contains text formatted for voice output.
Composite - The message contains an escaped JSON object containing one or more messages from the groups that messages were assigned to when the intent was created.
If you configure a response card when creating your bots, Amazon Lex substitutes the session attributes and slot values that are available, and then returns it. The response card can also come from a Lambda function ( dialogCodeHook and fulfillmentActivity on an intent).
Removes one or more documents from an index. The documents must have been added with the BatchPutDocument operation.
The documents are deleted asynchronously. You can see the progress of the deletion by using AWS CloudWatch. Any error messages releated to the processing of the batch are sent to you CloudWatch log.
" + "documentation":"Removes one or more documents from an index. The documents must have been added with the BatchPutDocument operation.
The documents are deleted asynchronously. You can see the progress of the deletion by using AWS CloudWatch. Any error messages related to the processing of the batch are sent to you CloudWatch log.
" }, "BatchPutDocument":{ "name":"BatchPutDocument", @@ -107,7 +107,7 @@ {"shape":"ConflictException"}, {"shape":"InternalServerException"} ], - "documentation":"Creates a new Amazon Kendra index. Index creation is an asynchronous operation. To determine if index creation has completed, check the Status field returned from a call to . The Status field is set to ACTIVE when the index is ready to use.
Once the index is active you can index your documents using the operation or using one of the supported data sources.
" + "documentation":"Creates a new Amazon Kendra index. Index creation is an asynchronous operation. To determine if index creation has completed, check the Status field returned from a call to DescribeIndex. The Status field is set to ACTIVE when the index is ready to use.
Once the index is active you can index your documents using the BatchPutDocument operation or using one of the supported data sources.
Deletes an Amazon Kendra data source. An exception is not thrown if the data source is already being deleted. While the data source is being deleted, the Status field returned by a call to the operation is set to DELETING. For more information, see Deleting Data Sources.
Deletes an Amazon Kendra data source. An exception is not thrown if the data source is already being deleted. While the data source is being deleted, the Status field returned by a call to the DescribeDataSource operation is set to DELETING. For more information, see Deleting Data Sources.
Deletes an existing Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the Status field returned by a call to the DescribeIndex operation is set to DELETING.
Deletes an existing Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the Status field returned by a call to the DescribeIndex operation is set to DELETING.
A list of groups, separated by semi-colons, that filters a query response based on user context. The document is only returned to users that are in one of the groups specified in the UserContext field of the Query operation.
A list of groups, separated by semi-colons, that filters a query response based on user context. The document is only returned to users that are in one of the groups specified in the UserContext field of the Query operation.
Provides information about the column that should be used for filtering the query response by groups.
" @@ -693,7 +693,7 @@ "documentation":"An explanation for why the document couldn't be removed from the index.
" } }, - "documentation":"Provides information about documents that could not be removed from an index by the BatchDeleteDocument operation.
" + "documentation":"Provides information about documents that could not be removed from an index by the BatchDeleteDocument operation.
The identifier of the index to add the documents to. You need to create the index first using the CreateIndex operation.
" + "documentation":"The identifier of the index to add the documents to. You need to create the index first using the CreateIndex operation.
The Unix timestamp of the date and time that the result was clicked.
" } }, - "documentation":"Gathers information about when a particular result was clicked by a user. Your application uses the SubmitFeedback operation to provide click information.
" + "documentation":"Gathers information about when a particular result was clicked by a user. Your application uses the SubmitFeedback operation to provide click information.
An array of objects that map database column names to the corresponding fields in an index. You must first create the fields in the index using the UpdateIndex operation.
" + "documentation":"An array of objects that map database column names to the corresponding fields in an index. You must first create the fields in the index using the UpdateIndex operation.
The name of the field in the data source.
You must first create the index field using the operation.
" + "documentation":"The name of the field in the data source.
You must first create the index field using the UpdateIndex operation.
The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.
" } }, - "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the operation.
" + "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the UpdateIndex operation.
Defines how blog metadata fields should be mapped to index fields. Before you can map a field, you must first create an index field with a matching type using the console or the UpdateIndex operation.
If you specify the BlogFieldMappings parameter, you must specify at least one field mapping.
Specifies the blog settings for the Confluence data source. Blogs are always indexed unless filtered from the index by the ExclusionPatterns or InclusionPatterns fields in the data type.
Specifies the blog settings for the Confluence data source. Blogs are always indexed unless filtered from the index by the ExclusionPatterns or InclusionPatterns fields in the ConfluenceConfiguration type.
The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.
" } }, - "documentation":"Defines the mapping between a blog field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the operation.
" + "documentation":"Defines the mapping between a blog field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the UpdateIndex operation.
The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.
" } }, - "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the operation.
" + "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the UpdateIndex operation.
The name of the index field to map to the Confluence data source field. The index field type must match the Confluence field type.
" } }, - "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the operation.
" + "documentation":"Defines the mapping between a field in the Confluence data source to a Amazon Kendra index field.
You must first create the index field using the UpdateIndex operation.
The status of the data source. When the status is ATIVE the data source is ready to use.
The status of the data source. When the status is ACTIVE the data source is ready to use.
Summary information for a Amazon Kendra data source. Returned in a call to .
" + "documentation":"Summary information for a Amazon Kendra data source. Returned in a call to the DescribeDataSource operation.
The name of the field in the index.
" } }, - "documentation":"Maps a column or attribute in the data source to an index field. You must first create the fields in the index using the UpdateIndex operation.
" + "documentation":"Maps a column or attribute in the data source to an index field. You must first create the fields in the index using the UpdateIndex operation.
For enterprise edtion indexes, you can choose to use additional capacity to meet the needs of your application. This contains the capacity units used for the index. A 0 for the query capacity or the storage capacity indicates that the index is using the default capacity for the index.
" + "documentation":"For Enterprise edition indexes, you can choose to use additional capacity to meet the needs of your application. This contains the capacity units used for the index. A 0 for the query capacity or the storage capacity indicates that the index is using the default capacity for the index.
" }, "UserTokenConfigurations":{ "shape":"UserTokenConfigurationList", @@ -2438,7 +2438,7 @@ }, "FieldMappings":{ "shape":"DataSourceToIndexFieldMappingList", - "documentation":"Defines mapping between a field in the Google Drive and a Amazon Kendra index field.
If you are using the console, you can define index fields when creating the mapping. If you are using the API, you must first create the field using the UpdateIndex operation.
" + "documentation":"Defines mapping between a field in the Google Drive and a Amazon Kendra index field.
If you are using the console, you can define index fields when creating the mapping. If you are using the API, you must first create the field using the UpdateIndex operation.
The unique identifier of the index to search. The identifier is returned in the response from the operation.
" + "documentation":"The unique identifier of the index to search. The identifier is returned in the response from the CreateIndex operation.
Whether to document was relevant or not relevant to the search.
" } }, - "documentation":"Provides feedback on how relevant a document is to a search. Your application uses the SubmitFeedback operation to provide relevance information.
" + "documentation":"Provides feedback on how relevant a document is to a search. Your application uses the SubmitFeedback operation to provide relevance information.
Specifies configuration information for the knowlege article types that Amazon Kendra indexes. Amazon Kendra indexes standard knowledge articles and the standard fields of knowledge articles, or the custom fields of custom knowledge articles, but not both.
" + "documentation":"Specifies configuration information for the knowledge article types that Amazon Kendra indexes. Amazon Kendra indexes standard knowledge articles and the standard fields of knowledge articles, or the custom fields of custom knowledge articles, but not both.
" }, "ChatterFeedConfiguration":{ "shape":"SalesforceChatterFeedConfiguration", @@ -3481,7 +3481,7 @@ "documentation":"Provides configuration information for custom Salesforce knowledge articles.
" } }, - "documentation":"Specifies configuration information for the knowlege article types that Amazon Kendra indexes. Amazon Kendra indexes standard knowledge articles and the standard fields of knowledge articles, or the custom fields of custom knowledge articles, but not both
" + "documentation":"Specifies configuration information for the knowledge article types that Amazon Kendra indexes. Amazon Kendra indexes standard knowledge articles and the standard fields of knowledge articles, or the custom fields of custom knowledge articles, but not both
" }, "SalesforceKnowledgeArticleState":{ "type":"string", @@ -3547,14 +3547,14 @@ }, "DocumentTitleFieldName":{ "shape":"DataSourceFieldName", - "documentation":"The name of the field in the standard object table that contains the document titleB.
" + "documentation":"The name of the field in the standard object table that contains the document title.
" }, "FieldMappings":{ "shape":"DataSourceToIndexFieldMappingList", "documentation":"One or more objects that map fields in the standard object to Amazon Kendra index fields. The index field must exist before you can map a Salesforce field to it.
" } }, - "documentation":"Specifies confguration information for indexing a single standard object.
" + "documentation":"Specifies configuration information for indexing a single standard object.
" }, "SalesforceStandardObjectConfigurationList":{ "type":"list", @@ -3649,6 +3649,13 @@ }, "documentation":"Provides the identifier of the AWS KMS customer master key (CMK) used to encrypt data indexed by Amazon Kendra. Amazon Kendra doesn't support asymmetric CMKs.
" }, + "ServiceNowAuthenticationType":{ + "type":"string", + "enum":[ + "HTTP_BASIC", + "OAUTH2" + ] + }, "ServiceNowBuildVersionType":{ "type":"string", "enum":[ @@ -3683,6 +3690,10 @@ "ServiceCatalogConfiguration":{ "shape":"ServiceNowServiceCatalogConfiguration", "documentation":"Provides configuration information for crawling service catalogs in the ServiceNow site.
" + }, + "AuthenticationType":{ + "shape":"ServiceNowAuthenticationType", + "documentation":"Determines the type of authentication used to connect to the ServiceNow instance. If you choose HTTP_BASIC, Amazon Kendra is authenticated using the user name and password provided in the AWS Secrets Manager secret in the SecretArn field. When you choose OAUTH2, Amazon Kendra is authenticated using the OAuth token and secret provided in the Secrets Manager secret, and the user name and password are used to determine which information Amazon Kendra has access to.
When you use OAUTH2 authentication, you must generate a token and a client secret using the ServiceNow console. For more information, see Using a ServiceNow data source.
Provides configuration information required to connect to a ServiceNow data source.
" @@ -3720,10 +3731,20 @@ "FieldMappings":{ "shape":"DataSourceToIndexFieldMappingList", "documentation":"Mapping between ServiceNow fields and Amazon Kendra index fields. You must create the index field before you map the field.
" + }, + "FilterQuery":{ + "shape":"ServiceNowKnowledgeArticleFilterQuery", + "documentation":"A query that selects the knowledge articles to index. The query can return articles from multiple knowledge bases, and the knowledge bases can be public or private.
The query string must be one generated by the ServiceNow console. For more information, see Specifying documents to index with a query.
" } }, "documentation":"Provides configuration information for crawling knowledge articles in the ServiceNow site.
" }, + "ServiceNowKnowledgeArticleFilterQuery":{ + "type":"string", + "max":2048, + "min":1, + "pattern":"^\\P{C}*$" + }, "ServiceNowServiceCatalogConfiguration":{ "type":"structure", "required":["DocumentDataFieldName"], @@ -3734,11 +3755,11 @@ }, "IncludeAttachmentFilePatterns":{ "shape":"DataSourceInclusionsExclusionsStrings", - "documentation":"Determines the types of file attachments that are included in the index.
" + "documentation":"A list of regular expression patterns. Documents that match the patterns are included in the index. Documents that don't match the patterns are excluded from the index. If a document matches both an exclusion pattern and an inclusion pattern, the document is not included in the index.
The regex is applied to the file name of the attachment.
" }, "ExcludeAttachmentFilePatterns":{ "shape":"DataSourceInclusionsExclusionsStrings", - "documentation":"Determines the types of file attachments that are excluded from the index.
" + "documentation":"A list of regular expression patterns. Documents that match the patterns are excluded from the index. Documents that don't match the patterns are included in the index. If a document matches both an exclusion pattern and an inclusion pattern, the document is not included in the index.
The regex is applied to the file name of the attachment.
" }, "DocumentDataFieldName":{ "shape":"DataSourceFieldName", @@ -3802,7 +3823,7 @@ "VpcConfiguration":{"shape":"DataSourceVpcConfiguration"}, "FieldMappings":{ "shape":"DataSourceToIndexFieldMappingList", - "documentation":"A list of DataSourceToIndexFieldMapping objects that map Microsoft SharePoint attributes to custom fields in the Amazon Kendra index. You must first create the index fields using the operation before you map SharePoint attributes. For more information, see Mapping Data Source Fields.
A list of DataSourceToIndexFieldMapping objects that map Microsoft SharePoint attributes to custom fields in the Amazon Kendra index. You must first create the index fields using the UpdateIndex operation before you map SharePoint attributes. For more information, see Mapping Data Source Fields.
The identifier of the specific query for which you are submitting feedback. The query ID is returned in the response to the operation.
" + "documentation":"The identifier of the specific query for which you are submitting feedback. The query ID is returned in the response to the Query operation.
Sets the number of addtional storage and query capacity units that should be used by the index. You can change the capacity of the index up to 5 times per day.
If you are using extra storage units, you can't reduce the storage capacity below that required to meet the storage needs for your index.
" + "documentation":"Sets the number of additional storage and query capacity units that should be used by the index. You can change the capacity of the index up to 5 times per day.
If you are using extra storage units, you can't reduce the storage capacity below that required to meet the storage needs for your index.
" }, "UserTokenConfigurations":{ "shape":"UserTokenConfigurationList", From 0214c27576908403d775732df1ce8509b03e5284 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:35 +0000 Subject: [PATCH 08/12] Amazon Route 53 Resolver Update: Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs. --- ...feature-AmazonRoute53Resolver-09a9485.json | 6 + .../codegen-resources/paginators-1.json | 36 + .../codegen-resources/service-2.json | 1879 ++++++++++++++++- 3 files changed, 1816 insertions(+), 105 deletions(-) create mode 100644 .changes/next-release/feature-AmazonRoute53Resolver-09a9485.json diff --git a/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json b/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json new file mode 100644 index 000000000000..70aa9bbeb53a --- /dev/null +++ b/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Route 53 Resolver", + "contributor": "", + "description": "Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs." +} diff --git a/services/route53resolver/src/main/resources/codegen-resources/paginators-1.json b/services/route53resolver/src/main/resources/codegen-resources/paginators-1.json index 0ba9052153b9..f0abb1375f30 100644 --- a/services/route53resolver/src/main/resources/codegen-resources/paginators-1.json +++ b/services/route53resolver/src/main/resources/codegen-resources/paginators-1.json @@ -1,5 +1,41 @@ { "pagination": { + "ListFirewallConfigs": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FirewallConfigs" + }, + "ListFirewallDomainLists": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FirewallDomainLists" + }, + "ListFirewallDomains": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Domains" + }, + "ListFirewallRuleGroupAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FirewallRuleGroupAssociations" + }, + "ListFirewallRuleGroups": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FirewallRuleGroups" + }, + "ListFirewallRules": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "FirewallRules" + }, "ListResolverDnssecConfigs": { "input_token": "NextToken", "output_token": "NextToken", diff --git a/services/route53resolver/src/main/resources/codegen-resources/service-2.json b/services/route53resolver/src/main/resources/codegen-resources/service-2.json index 7162aa1bb64b..c3c24d8d1d80 100644 --- a/services/route53resolver/src/main/resources/codegen-resources/service-2.json +++ b/services/route53resolver/src/main/resources/codegen-resources/service-2.json @@ -13,6 +13,25 @@ "uid":"route53resolver-2018-04-01" }, "operations":{ + "AssociateFirewallRuleGroup":{ + "name":"AssociateFirewallRuleGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"AssociateFirewallRuleGroupRequest"}, + "output":{"shape":"AssociateFirewallRuleGroupResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Associates a FirewallRuleGroup with a VPC, to provide DNS filtering for the VPC.
" + }, "AssociateResolverEndpointIpAddress":{ "name":"AssociateResolverEndpointIpAddress", "http":{ @@ -72,6 +91,58 @@ ], "documentation":"Associates a Resolver rule with a VPC. When you associate a rule with a VPC, Resolver forwards all DNS queries for the domain name that is specified in the rule and that originate in the VPC. The queries are forwarded to the IP addresses for the DNS resolvers that are specified in the rule. For more information about rules, see CreateResolverRule.
" }, + "CreateFirewallDomainList":{ + "name":"CreateFirewallDomainList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateFirewallDomainListRequest"}, + "output":{"shape":"CreateFirewallDomainListResponse"}, + "errors":[ + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an empty firewall domain list for use in DNS Firewall rules. You can populate the domains for the new list with a file, using ImportFirewallDomains, or with domain strings, using UpdateFirewallDomains.
" + }, + "CreateFirewallRule":{ + "name":"CreateFirewallRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateFirewallRuleRequest"}, + "output":{"shape":"CreateFirewallRuleResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"LimitExceededException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates a single DNS Firewall rule in the specified rule group, using the specified domain list.
" + }, + "CreateFirewallRuleGroup":{ + "name":"CreateFirewallRuleGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateFirewallRuleGroupRequest"}, + "output":{"shape":"CreateFirewallRuleGroupResponse"}, + "errors":[ + {"shape":"LimitExceededException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Creates an empty DNS Firewall rule group for filtering DNS network traffic in a VPC. You can add rules to the new rule group by calling CreateFirewallRule.
" + }, "CreateResolverEndpoint":{ "name":"CreateResolverEndpoint", "http":{ @@ -131,6 +202,57 @@ ], "documentation":"For DNS queries that originate in your VPCs, specifies which Resolver endpoint the queries pass through, one domain name that you want to forward to your network, and the IP addresses of the DNS resolvers in your network.
" }, + "DeleteFirewallDomainList":{ + "name":"DeleteFirewallDomainList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteFirewallDomainListRequest"}, + "output":{"shape":"DeleteFirewallDomainListResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Deletes the specified domain list.
" + }, + "DeleteFirewallRule":{ + "name":"DeleteFirewallRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteFirewallRuleRequest"}, + "output":{"shape":"DeleteFirewallRuleResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Deletes the specified firewall rule.
" + }, + "DeleteFirewallRuleGroup":{ + "name":"DeleteFirewallRuleGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteFirewallRuleGroupRequest"}, + "output":{"shape":"DeleteFirewallRuleGroupResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Deletes the specified firewall rule group.
" + }, "DeleteResolverEndpoint":{ "name":"DeleteResolverEndpoint", "http":{ @@ -183,6 +305,24 @@ ], "documentation":"Deletes a Resolver rule. Before you can delete a Resolver rule, you must disassociate it from all the VPCs that you associated the Resolver rule with. For more information, see DisassociateResolverRule.
" }, + "DisassociateFirewallRuleGroup":{ + "name":"DisassociateFirewallRuleGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DisassociateFirewallRuleGroupRequest"}, + "output":{"shape":"DisassociateFirewallRuleGroupResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Disassociates a FirewallRuleGroup from a VPC, to remove DNS filtering from the VPC.
" + }, "DisassociateResolverEndpointIpAddress":{ "name":"DisassociateResolverEndpointIpAddress", "http":{ @@ -235,6 +375,88 @@ ], "documentation":"Removes the association between a specified Resolver rule and a specified VPC.
If you disassociate a Resolver rule from a VPC, Resolver stops forwarding DNS queries for the domain name that you specified in the Resolver rule.
Retrieves the configuration of the firewall behavior provided by DNS Firewall for a single Amazon virtual private cloud (VPC).
" + }, + "GetFirewallDomainList":{ + "name":"GetFirewallDomainList", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetFirewallDomainListRequest"}, + "output":{"shape":"GetFirewallDomainListResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Retrieves the specified firewall domain list.
" + }, + "GetFirewallRuleGroup":{ + "name":"GetFirewallRuleGroup", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetFirewallRuleGroupRequest"}, + "output":{"shape":"GetFirewallRuleGroupResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Retrieves the specified firewall rule group.
" + }, + "GetFirewallRuleGroupAssociation":{ + "name":"GetFirewallRuleGroupAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetFirewallRuleGroupAssociationRequest"}, + "output":{"shape":"GetFirewallRuleGroupAssociationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Retrieves a firewall rule group association, which enables DNS filtering for a VPC with one rule group. A VPC can have more than one firewall rule group association, and a rule group can be associated with more than one VPC.
" + }, + "GetFirewallRuleGroupPolicy":{ + "name":"GetFirewallRuleGroupPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetFirewallRuleGroupPolicyRequest"}, + "output":{"shape":"GetFirewallRuleGroupPolicyResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Returns the AWS Identity and Access Management (AWS IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using AWS Resource Access Manager (RAM).
" + }, "GetResolverDnssecConfig":{ "name":"GetResolverDnssecConfig", "http":{ @@ -369,6 +591,123 @@ ], "documentation":"Gets information about the Resolver rule policy for a specified rule. A Resolver rule policy includes the rule that you want to share with another account, the account that you want to share the rule with, and the Resolver operations that you want to allow the account to use.
" }, + "ImportFirewallDomains":{ + "name":"ImportFirewallDomains", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ImportFirewallDomainsRequest"}, + "output":{"shape":"ImportFirewallDomainsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Imports domain names from a file into a domain list, for use in a DNS firewall rule group.
Each domain specification in your domain list must satisfy the following requirements:
It can optionally start with * (asterisk).
With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen).
It must be from 1-255 characters in length.
Retrieves the firewall configurations that you have defined. DNS Firewall uses the configurations to manage firewall behavior for your VPCs.
A single call might return only a partial list of the configurations. For information, see MaxResults.
Retrieves the firewall domain lists that you have defined. For each firewall domain list, you can retrieve the domains that are defined for a list by calling ListFirewallDomains.
A single call to this list operation might return only a partial list of the domain lists. For information, see MaxResults.
Retrieves the domains that you have defined for the specified firewall domain list.
A single call might return only a partial list of the domains. For information, see MaxResults.
Retrieves the firewall rule group associations that you have defined. Each association enables DNS filtering for a VPC with one rule group.
A single call might return only a partial list of the associations. For information, see MaxResults.
Retrieves the minimal high-level information for the rule groups that you have defined.
A single call might return only a partial list of the rule groups. For information, see MaxResults.
Retrieves the firewall rules that you have defined for the specified firewall rule group. DNS Firewall uses the rules in a rule group to filter DNS network traffic for a VPC.
A single call might return only a partial list of the rules. For information, see MaxResults.
Lists the tags that you associated with the specified resource.
" }, + "PutFirewallRuleGroupPolicy":{ + "name":"PutFirewallRuleGroupPolicy", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"PutFirewallRuleGroupPolicyRequest"}, + "output":{"shape":"PutFirewallRuleGroupPolicyResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Attaches an AWS Identity and Access Management (AWS IAM) policy for sharing the rule group. You can use the policy to share the rule group using AWS Resource Access Manager (RAM).
" + }, "PutResolverQueryLogConfigPolicy":{ "name":"PutResolverQueryLogConfigPolicy", "http":{ @@ -579,6 +935,78 @@ ], "documentation":"Removes one or more tags from a specified resource.
" }, + "UpdateFirewallConfig":{ + "name":"UpdateFirewallConfig", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateFirewallConfigRequest"}, + "output":{"shape":"UpdateFirewallConfigResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Updates the configuration of the firewall behavior provided by DNS Firewall for a single Amazon virtual private cloud (VPC).
" + }, + "UpdateFirewallDomains":{ + "name":"UpdateFirewallDomains", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateFirewallDomainsRequest"}, + "output":{"shape":"UpdateFirewallDomainsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"LimitExceededException"}, + {"shape":"ConflictException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Updates the firewall domain list from an array of domain specifications.
" + }, + "UpdateFirewallRule":{ + "name":"UpdateFirewallRule", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateFirewallRuleRequest"}, + "output":{"shape":"UpdateFirewallRuleResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Updates the specified firewall rule.
" + }, + "UpdateFirewallRuleGroupAssociation":{ + "name":"UpdateFirewallRuleGroupAssociation", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateFirewallRuleGroupAssociationRequest"}, + "output":{"shape":"UpdateFirewallRuleGroupAssociationResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"InternalServiceErrorException"}, + {"shape":"ThrottlingException"} + ], + "documentation":"Changes the association of a FirewallRuleGroup with a VPC. The association enables DNS filtering for the VPC.
" + }, "UpdateResolverDnssecConfig":{ "name":"UpdateResolverDnssecConfig", "http":{ @@ -648,15 +1076,75 @@ "max":32, "min":12 }, + "Action":{ + "type":"string", + "enum":[ + "ALLOW", + "BLOCK", + "ALERT" + ] + }, "Arn":{ "type":"string", "max":255, "min":1 }, - "AssociateResolverEndpointIpAddressRequest":{ + "AssociateFirewallRuleGroupRequest":{ "type":"structure", "required":[ - "ResolverEndpointId", + "CreatorRequestId", + "FirewallRuleGroupId", + "VpcId", + "Priority", + "Name" + ], + "members":{ + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string that identifies the request and that allows failed requests to be retried without the risk of executing the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.
The unique identifier of the firewall rule group.
" + }, + "VpcId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the VPC that you want to associate with the rule group.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.
You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for a rule group association after you create it.
" + }, + "Name":{ + "shape":"Name", + "documentation":"A name that lets you identify the association, to manage and use it.
" + }, + "MutationProtection":{ + "shape":"MutationProtectionStatus", + "documentation":"If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections. When you create the association, the default setting is DISABLED.
A list of the tag keys and values that you want to associate with the rule group association.
", + "box":true + } + } + }, + "AssociateFirewallRuleGroupResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroupAssociation":{ + "shape":"FirewallRuleGroupAssociation", + "documentation":"The association that you just created. The association has an Id that you can use to identify it in other requests, like update and delete.
" + } + } + }, + "AssociateResolverEndpointIpAddressRequest":{ + "type":"structure", + "required":[ + "ResolverEndpointId", "IpAddress" ], "members":{ @@ -735,8 +1223,169 @@ } } }, + "BlockOverrideDnsType":{ + "type":"string", + "enum":["CNAME"] + }, + "BlockOverrideDomain":{ + "type":"string", + "max":255, + "min":1 + }, + "BlockOverrideTtl":{ + "type":"integer", + "max":604800, + "min":0 + }, + "BlockResponse":{ + "type":"string", + "enum":[ + "NODATA", + "NXDOMAIN", + "OVERRIDE" + ] + }, "Boolean":{"type":"boolean"}, + "ConflictException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"} + }, + "documentation":"", + "exception":true + }, "Count":{"type":"integer"}, + "CreateFirewallDomainListRequest":{ + "type":"structure", + "required":[ + "CreatorRequestId", + "Name" + ], + "members":{ + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string that identifies the request and that allows you to retry failed requests without the risk of executing the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.
A name that lets you identify the domain list to manage and use it.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"A list of the tag keys and values that you want to associate with the domain list.
", + "box":true + } + } + }, + "CreateFirewallDomainListResponse":{ + "type":"structure", + "members":{ + "FirewallDomainList":{ + "shape":"FirewallDomainList", + "documentation":"The domain list that you just created.
" + } + } + }, + "CreateFirewallRuleGroupRequest":{ + "type":"structure", + "required":[ + "CreatorRequestId", + "Name" + ], + "members":{ + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
", + "idempotencyToken":true + }, + "Name":{ + "shape":"Name", + "documentation":"A name that lets you identify the rule group, to manage and use it.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"A list of the tag keys and values that you want to associate with the rule group.
", + "box":true + } + } + }, + "CreateFirewallRuleGroupResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroup":{ + "shape":"FirewallRuleGroup", + "documentation":"A collection of rules used to filter DNS network traffic.
" + } + } + }, + "CreateFirewallRuleRequest":{ + "type":"structure", + "required":[ + "CreatorRequestId", + "FirewallRuleGroupId", + "FirewallDomainListId", + "Priority", + "Action", + "Name" + ], + "members":{ + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string that identifies the request and that allows you to retry failed requests without the risk of executing the operation twice. CreatorRequestId can be any unique string, for example, a date/time stamp.
The unique identifier of the firewall rule group where you want to create the rule.
" + }, + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list that you want to use in the rule.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time.
" + }, + "Action":{ + "shape":"Action", + "documentation":"The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
ALLOW - Permit the request to go through.
ALERT - Permit the request and send metrics and log to Cloud Watch.
BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.
The way that you want DNS Firewall to block the request, used with the rule aciton setting BLOCK.
NODATA - Respond indicating that the query was successful, but no response is available for it.
NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.
OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.
This setting is required if the rule action setting is BLOCK.
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
This setting is required if the BlockResponse setting is OVERRIDE.
A name that lets you identify the rule in the rule group.
" + } + } + }, + "CreateFirewallRuleResponse":{ + "type":"structure", + "members":{ + "FirewallRule":{ + "shape":"FirewallRule", + "documentation":"The firewall rule that you just created.
" + } + } + }, "CreateResolverEndpointRequest":{ "type":"structure", "required":[ @@ -875,6 +1524,70 @@ "max":255, "min":1 }, + "DeleteFirewallDomainListRequest":{ + "type":"structure", + "required":["FirewallDomainListId"], + "members":{ + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list that you want to delete.
" + } + } + }, + "DeleteFirewallDomainListResponse":{ + "type":"structure", + "members":{ + "FirewallDomainList":{ + "shape":"FirewallDomainList", + "documentation":"The domain list that you just deleted.
" + } + } + }, + "DeleteFirewallRuleGroupRequest":{ + "type":"structure", + "required":["FirewallRuleGroupId"], + "members":{ + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group that you want to delete.
" + } + } + }, + "DeleteFirewallRuleGroupResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroup":{ + "shape":"FirewallRuleGroup", + "documentation":"A collection of rules used to filter DNS network traffic.
" + } + } + }, + "DeleteFirewallRuleRequest":{ + "type":"structure", + "required":[ + "FirewallRuleGroupId", + "FirewallDomainListId" + ], + "members":{ + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group that you want to delete the rule from.
" + }, + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list that's used in the rule.
" + } + } + }, + "DeleteFirewallRuleResponse":{ + "type":"structure", + "members":{ + "FirewallRule":{ + "shape":"FirewallRule", + "documentation":"The specification for the firewall rule that you just deleted.
" + } + } + }, "DeleteResolverEndpointRequest":{ "type":"structure", "required":["ResolverEndpointId"], @@ -937,6 +1650,25 @@ "max":600, "min":1 }, + "DisassociateFirewallRuleGroupRequest":{ + "type":"structure", + "required":["FirewallRuleGroupAssociationId"], + "members":{ + "FirewallRuleGroupAssociationId":{ + "shape":"ResourceId", + "documentation":"The identifier of the FirewallRuleGroupAssociation.
" + } + } + }, + "DisassociateFirewallRuleGroupResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroupAssociation":{ + "shape":"FirewallRuleGroupAssociation", + "documentation":"The firewall rule group association that you just removed.
" + } + } + }, "DisassociateResolverEndpointIpAddressRequest":{ "type":"structure", "required":[ @@ -1015,6 +1747,11 @@ } } }, + "DomainListFileUrl":{ + "type":"string", + "max":1024, + "min":1 + }, "DomainName":{ "type":"string", "max":256, @@ -1053,48 +1790,507 @@ "type":"list", "member":{"shape":"Filter"} }, - "GetResolverDnssecConfigRequest":{ + "FirewallConfig":{ "type":"structure", - "required":["ResourceId"], "members":{ + "Id":{ + "shape":"ResourceId", + "documentation":"The Id of the firewall configuration.
" + }, "ResourceId":{ "shape":"ResourceId", - "documentation":"The ID of the virtual private cloud (VPC) for the DNSSEC validation status.
" + "documentation":"The ID of the VPC that this firewall configuration applies to.
" + }, + "OwnerId":{ + "shape":"AccountId", + "documentation":"The AWS account ID of the owner of the VPC that this firewall configuration applies to.
" + }, + "FirewallFailOpen":{ + "shape":"FirewallFailOpenStatus", + "documentation":"Determines how DNS Firewall operates during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.
By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall returns a failure error when it is unable to properly evaluate a query.
If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.
This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.
" } - } + }, + "documentation":"Configuration of the firewall behavior provided by DNS Firewall for a single Amazon virtual private cloud (VPC).
" }, - "GetResolverDnssecConfigResponse":{ - "type":"structure", - "members":{ - "ResolverDNSSECConfig":{ - "shape":"ResolverDnssecConfig", - "documentation":"The information about a configuration for DNSSEC validation.
" - } - } + "FirewallConfigList":{ + "type":"list", + "member":{"shape":"FirewallConfig"} }, - "GetResolverEndpointRequest":{ + "FirewallDomainImportOperation":{ + "type":"string", + "enum":["REPLACE"] + }, + "FirewallDomainList":{ "type":"structure", - "required":["ResolverEndpointId"], "members":{ - "ResolverEndpointId":{ + "Id":{ "shape":"ResourceId", - "documentation":"The ID of the Resolver endpoint that you want to get information about.
" + "documentation":"The ID of the domain list.
" + }, + "Arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the firewall domain list.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the domain list.
" + }, + "DomainCount":{ + "shape":"Unsigned", + "documentation":"The number of domain names that are specified in the domain list.
" + }, + "Status":{ + "shape":"FirewallDomainListStatus", + "documentation":"The status of the domain list.
" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"Additional information about the status of the list, if available.
" + }, + "ManagedOwnerName":{ + "shape":"ServicePrinciple", + "documentation":"The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.
A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "CreationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the domain list was created, in Unix time format and Coordinated Universal Time (UTC).
" + }, + "ModificationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the domain list was last modified, in Unix time format and Coordinated Universal Time (UTC).
" } - } + }, + "documentation":"High level information about a list of firewall domains for use in a FirewallRule. This is returned by GetFirewallDomainList.
To retrieve the domains that are defined for this domain list, call ListFirewallDomains.
" }, - "GetResolverEndpointResponse":{ + "FirewallDomainListMetadata":{ "type":"structure", "members":{ - "ResolverEndpoint":{ - "shape":"ResolverEndpoint", - "documentation":"Information about the Resolver endpoint that you specified in a GetResolverEndpoint request.
The ID of the domain list.
" + }, + "Arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the firewall domain list metadata.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the domain list.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "ManagedOwnerName":{ + "shape":"ServicePrinciple", + "documentation":"The owner of the list, used only for lists that are not managed by you. For example, the managed domain list AWSManagedDomainsMalwareDomainList has the managed owner name Route 53 Resolver DNS Firewall.
Minimal high-level information for a firewall domain list. The action ListFirewallDomainLists returns an array of these objects.
To retrieve full information for a firewall domain list, call GetFirewallDomainList and ListFirewallDomains.
" }, - "GetResolverQueryLogConfigAssociationRequest":{ - "type":"structure", - "required":["ResolverQueryLogConfigAssociationId"], - "members":{ + "FirewallDomainListMetadataList":{ + "type":"list", + "member":{"shape":"FirewallDomainListMetadata"} + }, + "FirewallDomainListStatus":{ + "type":"string", + "enum":[ + "COMPLETE", + "COMPLETE_IMPORT_FAILED", + "IMPORTING", + "DELETING", + "UPDATING" + ] + }, + "FirewallDomainName":{ + "type":"string", + "max":255, + "min":1 + }, + "FirewallDomainUpdateOperation":{ + "type":"string", + "enum":[ + "ADD", + "REMOVE", + "REPLACE" + ] + }, + "FirewallDomains":{ + "type":"list", + "member":{"shape":"FirewallDomainName"} + }, + "FirewallFailOpenStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, + "FirewallRule":{ + "type":"structure", + "members":{ + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group of the rule.
" + }, + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list that's used in the rule.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the rule.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
" + }, + "Action":{ + "shape":"Action", + "documentation":"The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
ALLOW - Permit the request to go through.
ALERT - Permit the request to go through but send an alert to the logs.
BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.
NODATA - Respond indicating that the query was successful, but no response is available for it.
NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.
OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "CreationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).
" + }, + "ModificationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).
" + } + }, + "documentation":"A single firewall rule in a rule group.
" + }, + "FirewallRuleGroup":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ResourceId", + "documentation":"The ID of the rule group.
" + }, + "Arn":{ + "shape":"Arn", + "documentation":"The ARN (Amazon Resource Name) of the rule group.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the rule group.
" + }, + "RuleCount":{ + "shape":"Unsigned", + "documentation":"The number of rules in the rule group.
" + }, + "Status":{ + "shape":"FirewallRuleGroupStatus", + "documentation":"The status of the domain list.
" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"Additional information about the status of the rule group, if available.
" + }, + "OwnerId":{ + "shape":"AccountId", + "documentation":"The AWS account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "ShareStatus":{ + "shape":"ShareStatus", + "documentation":"Whether the rule group is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM).
" + }, + "CreationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the rule group was created, in Unix time format and Coordinated Universal Time (UTC).
" + }, + "ModificationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the rule group was last modified, in Unix time format and Coordinated Universal Time (UTC).
" + } + }, + "documentation":"High-level information for a firewall rule group. A firewall rule group is a collection of rules that DNS Firewall uses to filter DNS network traffic for a VPC. To retrieve the rules for the rule group, call ListFirewallRules.
" + }, + "FirewallRuleGroupAssociation":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ResourceId", + "documentation":"The identifier for the association.
" + }, + "Arn":{ + "shape":"Arn", + "documentation":"The Amazon Resource Name (ARN) of the firewall rule group association.
" + }, + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group.
" + }, + "VpcId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the VPC that is associated with the rule group.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the association.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.
" + }, + "MutationProtection":{ + "shape":"MutationProtectionStatus", + "documentation":"If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.
" + }, + "ManagedOwnerName":{ + "shape":"ServicePrinciple", + "documentation":"The owner of the association, used only for associations that are not managed by you. If you use AWS Firewall Manager to manage your DNS Firewalls, then this reports Firewall Manager as the managed owner.
" + }, + "Status":{ + "shape":"FirewallRuleGroupAssociationStatus", + "documentation":"The current status of the association.
" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"Additional information about the status of the response, if available.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "CreationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the association was created, in Unix time format and Coordinated Universal Time (UTC).
" + }, + "ModificationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the association was last modified, in Unix time format and Coordinated Universal Time (UTC).
" + } + }, + "documentation":"An association between a firewall rul group and a VPC, which enables DNS filtering for the VPC.
" + }, + "FirewallRuleGroupAssociationStatus":{ + "type":"string", + "enum":[ + "COMPLETE", + "DELETING", + "UPDATING" + ] + }, + "FirewallRuleGroupAssociations":{ + "type":"list", + "member":{"shape":"FirewallRuleGroupAssociation"} + }, + "FirewallRuleGroupMetadata":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ResourceId", + "documentation":"The ID of the rule group.
" + }, + "Arn":{ + "shape":"Arn", + "documentation":"The ARN (Amazon Resource Name) of the rule group.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the rule group.
" + }, + "OwnerId":{ + "shape":"AccountId", + "documentation":"The AWS account ID for the account that created the rule group. When a rule group is shared with your account, this is the account that has shared the rule group with you.
" + }, + "CreatorRequestId":{ + "shape":"CreatorRequestId", + "documentation":"A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.
" + }, + "ShareStatus":{ + "shape":"ShareStatus", + "documentation":"Whether the rule group is shared with other AWS accounts, or was shared with the current account by another AWS account. Sharing is configured through AWS Resource Access Manager (AWS RAM).
" + } + }, + "documentation":"Minimal high-level information for a firewall rule group. The action ListFirewallRuleGroups returns an array of these objects.
To retrieve full information for a firewall rule group, call GetFirewallRuleGroup and ListFirewallRules.
" + }, + "FirewallRuleGroupMetadataList":{ + "type":"list", + "member":{"shape":"FirewallRuleGroupMetadata"} + }, + "FirewallRuleGroupPolicy":{ + "type":"string", + "max":5000 + }, + "FirewallRuleGroupStatus":{ + "type":"string", + "enum":[ + "COMPLETE", + "DELETING", + "UPDATING" + ] + }, + "FirewallRules":{ + "type":"list", + "member":{"shape":"FirewallRule"} + }, + "GetFirewallConfigRequest":{ + "type":"structure", + "required":["ResourceId"], + "members":{ + "ResourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the Amazon virtual private cloud (VPC) that the configuration is for.
" + } + } + }, + "GetFirewallConfigResponse":{ + "type":"structure", + "members":{ + "FirewallConfig":{ + "shape":"FirewallConfig", + "documentation":"Configuration of the firewall behavior provided by DNS Firewall for a single Amazon virtual private cloud (VPC).
" + } + } + }, + "GetFirewallDomainListRequest":{ + "type":"structure", + "required":["FirewallDomainListId"], + "members":{ + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list.
" + } + } + }, + "GetFirewallDomainListResponse":{ + "type":"structure", + "members":{ + "FirewallDomainList":{ + "shape":"FirewallDomainList", + "documentation":"The domain list that you requested.
" + } + } + }, + "GetFirewallRuleGroupAssociationRequest":{ + "type":"structure", + "required":["FirewallRuleGroupAssociationId"], + "members":{ + "FirewallRuleGroupAssociationId":{ + "shape":"ResourceId", + "documentation":"The identifier of the FirewallRuleGroupAssociation.
" + } + } + }, + "GetFirewallRuleGroupAssociationResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroupAssociation":{ + "shape":"FirewallRuleGroupAssociation", + "documentation":"The association that you requested.
" + } + } + }, + "GetFirewallRuleGroupPolicyRequest":{ + "type":"structure", + "required":["Arn"], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"The ARN (Amazon Resource Name) for the rule group.
" + } + } + }, + "GetFirewallRuleGroupPolicyResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroupPolicy":{ + "shape":"FirewallRuleGroupPolicy", + "documentation":"The AWS Identity and Access Management (AWS IAM) policy for sharing the specified rule group. You can use the policy to share the rule group using AWS Resource Access Manager (RAM).
" + } + } + }, + "GetFirewallRuleGroupRequest":{ + "type":"structure", + "required":["FirewallRuleGroupId"], + "members":{ + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group.
" + } + } + }, + "GetFirewallRuleGroupResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroup":{ + "shape":"FirewallRuleGroup", + "documentation":"A collection of rules used to filter DNS network traffic.
" + } + } + }, + "GetResolverDnssecConfigRequest":{ + "type":"structure", + "required":["ResourceId"], + "members":{ + "ResourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the virtual private cloud (VPC) for the DNSSEC validation status.
" + } + } + }, + "GetResolverDnssecConfigResponse":{ + "type":"structure", + "members":{ + "ResolverDNSSECConfig":{ + "shape":"ResolverDnssecConfig", + "documentation":"The information about a configuration for DNSSEC validation.
" + } + } + }, + "GetResolverEndpointRequest":{ + "type":"structure", + "required":["ResolverEndpointId"], + "members":{ + "ResolverEndpointId":{ + "shape":"ResourceId", + "documentation":"The ID of the Resolver endpoint that you want to get information about.
" + } + } + }, + "GetResolverEndpointResponse":{ + "type":"structure", + "members":{ + "ResolverEndpoint":{ + "shape":"ResolverEndpoint", + "documentation":"Information about the Resolver endpoint that you specified in a GetResolverEndpoint request.
The ID of the Resolver query logging configuration association that you want to get information about.
" @@ -1205,6 +2401,49 @@ } } }, + "ImportFirewallDomainsRequest":{ + "type":"structure", + "required":[ + "FirewallDomainListId", + "Operation", + "DomainFileUrl" + ], + "members":{ + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list that you want to modify with the import operation.
" + }, + "Operation":{ + "shape":"FirewallDomainImportOperation", + "documentation":"What you want DNS Firewall to do with the domains that are listed in the file. This must be set to REPLACE, which updates the domain list to exactly match the list in the file.
The fully qualified URL or URI of the file stored in Amazon Simple Storage Service (S3) that contains the list of domains to import.
The file must be in an S3 bucket that's in the same Region as your DNS Firewall. The file must be a text file and must contain a single domain per line.
" + } + } + }, + "ImportFirewallDomainsResponse":{ + "type":"structure", + "members":{ + "Id":{ + "shape":"ResourceId", + "documentation":"The Id of the firewall domain list that DNS Firewall just updated.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the domain list.
" + }, + "Status":{ + "shape":"FirewallDomainListStatus", + "documentation":"" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"
Additional information about the status of the list, if available.
" + } + } + }, "InternalServiceErrorException":{ "type":"structure", "members":{ @@ -1263,114 +2502,332 @@ "max":36, "min":7 }, - "IpAddressCount":{"type":"integer"}, - "IpAddressRequest":{ + "IpAddressCount":{"type":"integer"}, + "IpAddressRequest":{ + "type":"structure", + "required":["SubnetId"], + "members":{ + "SubnetId":{ + "shape":"SubnetId", + "documentation":"The ID of the subnet that contains the IP address.
" + }, + "Ip":{ + "shape":"Ip", + "documentation":"The IP address that you want to use for DNS queries.
", + "box":true + } + }, + "documentation":"In a CreateResolverEndpoint request, the IP address that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). IpAddressRequest also includes the ID of the subnet that contains the IP address.
The ID of one IP address.
" + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"The ID of one subnet.
" + }, + "Ip":{ + "shape":"Ip", + "documentation":"One IP address that the Resolver endpoint uses for DNS queries.
" + }, + "Status":{ + "shape":"IpAddressStatus", + "documentation":"A status code that gives the current status of the request.
" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"A message that provides additional information about the status of the request.
" + }, + "CreationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the IP address was created, in Unix time format and Coordinated Universal Time (UTC).
" + }, + "ModificationTime":{ + "shape":"Rfc3339TimeString", + "documentation":"The date and time that the IP address was last modified, in Unix time format and Coordinated Universal Time (UTC).
" + } + }, + "documentation":"In the response to a GetResolverEndpoint request, information about the IP addresses that the Resolver endpoint uses for DNS queries.
" + }, + "IpAddressStatus":{ + "type":"string", + "enum":[ + "CREATING", + "FAILED_CREATION", + "ATTACHING", + "ATTACHED", + "REMAP_DETACHING", + "REMAP_ATTACHING", + "DETACHING", + "FAILED_RESOURCE_GONE", + "DELETING", + "DELETE_FAILED_FAS_EXPIRED" + ] + }, + "IpAddressUpdate":{ + "type":"structure", + "members":{ + "IpId":{ + "shape":"ResourceId", + "documentation":"Only when removing an IP address from a Resolver endpoint: The ID of the IP address that you want to remove. To get this ID, use GetResolverEndpoint.
", + "box":true + }, + "SubnetId":{ + "shape":"SubnetId", + "documentation":"The ID of the subnet that includes the IP address that you want to update. To get this ID, use GetResolverEndpoint.
", + "box":true + }, + "Ip":{ + "shape":"Ip", + "documentation":"The new IP address.
", + "box":true + } + }, + "documentation":"In an UpdateResolverEndpoint request, information about an IP address to update.
" + }, + "IpAddressesRequest":{ + "type":"list", + "member":{"shape":"IpAddressRequest"}, + "max":10, + "min":1 + }, + "IpAddressesResponse":{ + "type":"list", + "member":{"shape":"IpAddressResponse"} + }, + "LimitExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"}, + "ResourceType":{ + "shape":"String", + "documentation":"For a LimitExceededException error, the type of resource that exceeded the current limit.
The request caused one or more limits to be exceeded.
", + "exception":true + }, + "ListDomainMaxResults":{ + "type":"integer", + "max":5000, + "min":1 + }, + "ListFirewallConfigsMaxResult":{ + "type":"integer", + "max":10, + "min":5 + }, + "ListFirewallConfigsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"ListFirewallConfigsMaxResult", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" + }, + "FirewallConfigs":{ + "shape":"FirewallConfigList", + "documentation":"The configurations for the firewall behavior provided by DNS Firewall for Amazon virtual private clouds (VPC).
" + } + } + }, + "ListFirewallDomainListsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" + }, + "FirewallDomainLists":{ + "shape":"FirewallDomainListMetadataList", + "documentation":"A list of the domain lists that you have defined.
This might be a parital list of the domain lists that you've defined. For information, see MaxResults.
The ID of the domain list whose domains you want to retrieve.
" + }, + "MaxResults":{ + "shape":"ListDomainMaxResults", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
The ID of the subnet that contains the IP address.
" + "NextToken":{ + "shape":"NextToken", + "documentation":"If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" }, - "Ip":{ - "shape":"Ip", - "documentation":"The IP address that you want to use for DNS queries.
", - "box":true + "Domains":{ + "shape":"FirewallDomains", + "documentation":"A list of the domains in the firewall domain list.
This might be a parital list of the domains that you've defined in the domain list. For information, see MaxResults.
In a CreateResolverEndpoint request, the IP address that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). IpAddressRequest also includes the ID of the subnet that contains the IP address.
The ID of one IP address.
" + "documentation":"The unique identifier of the firewall rule group that you want to retrieve the associations for. Leave this blank to retrieve associations for any rule group.
", + "box":true }, - "SubnetId":{ - "shape":"SubnetId", - "documentation":"The ID of one subnet.
" + "VpcId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the VPC that you want to retrieve the associations for. Leave this blank to retrieve associations for any VPC.
", + "box":true }, - "Ip":{ - "shape":"Ip", - "documentation":"One IP address that the Resolver endpoint uses for DNS queries.
" + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule group among the rule groups that are associated with a single VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.
", + "box":true }, "Status":{ - "shape":"IpAddressStatus", - "documentation":"A status code that gives the current status of the request.
" + "shape":"FirewallRuleGroupAssociationStatus", + "documentation":"The association Status setting that you want DNS Firewall to filter on for the list. If you don't specify this, then DNS Firewall returns all associations, regardless of status.
A message that provides additional information about the status of the request.
" + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
The date and time that the IP address was created, in Unix time format and Coordinated Universal Time (UTC).
" + "NextToken":{ + "shape":"NextToken", + "documentation":"For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" }, - "ModificationTime":{ - "shape":"Rfc3339TimeString", - "documentation":"The date and time that the IP address was last modified, in Unix time format and Coordinated Universal Time (UTC).
" + "FirewallRuleGroupAssociations":{ + "shape":"FirewallRuleGroupAssociations", + "documentation":"A list of your firewall rule group associations.
This might be a partial list of the associations that you have defined. For information, see MaxResults.
In the response to a GetResolverEndpoint request, information about the IP addresses that the Resolver endpoint uses for DNS queries.
" + } }, - "IpAddressStatus":{ - "type":"string", - "enum":[ - "CREATING", - "FAILED_CREATION", - "ATTACHING", - "ATTACHED", - "REMAP_DETACHING", - "REMAP_ATTACHING", - "DETACHING", - "FAILED_RESOURCE_GONE", - "DELETING", - "DELETE_FAILED_FAS_EXPIRED" - ] + "ListFirewallRuleGroupsRequest":{ + "type":"structure", + "members":{ + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" + }, + "FirewallRuleGroups":{ + "shape":"FirewallRuleGroupMetadataList", + "documentation":"A list of your firewall rule groups.
This might be a partial list of the rule groups that you have defined. For information, see MaxResults.
Only when removing an IP address from a Resolver endpoint: The ID of the IP address that you want to remove. To get this ID, use GetResolverEndpoint.
", + "documentation":"The unique identifier of the firewall rule group that you want to retrieve the rules for.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"Optional additional filter for the rules to retrieve.
The setting that determines the processing order of the rules in a rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
", "box":true }, - "SubnetId":{ - "shape":"SubnetId", - "documentation":"The ID of the subnet that includes the IP address that you want to update. To get this ID, use GetResolverEndpoint.
", + "Action":{ + "shape":"Action", + "documentation":"Optional additional filter for the rules to retrieve.
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
ALLOW - Permit the request to go through.
ALERT - Permit the request to go through but send an alert to the logs.
BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.
The new IP address.
", + "MaxResults":{ + "shape":"MaxResults", + "documentation":"The maximum number of objects that you want Resolver to return for this request. If more objects are available, in the response, Resolver provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
If you don't specify a value for MaxResults, Resolver returns up to 100 objects.
For the first call to this list request, omit this value.
When you request a list of objects, Resolver returns at most the number of objects specified in MaxResults. If more objects are available for retrieval, Resolver returns a NextToken value in the response. To retrieve the next batch of objects, use the token that was returned for the prior request in your next request.
In an UpdateResolverEndpoint request, information about an IP address to update.
" - }, - "IpAddressesRequest":{ - "type":"list", - "member":{"shape":"IpAddressRequest"}, - "max":10, - "min":1 - }, - "IpAddressesResponse":{ - "type":"list", - "member":{"shape":"IpAddressResponse"} + } }, - "LimitExceededException":{ + "ListFirewallRulesResponse":{ "type":"structure", "members":{ - "Message":{"shape":"String"}, - "ResourceType":{ - "shape":"String", - "documentation":"For a LimitExceededException error, the type of resource that exceeded the current limit.
If objects are still available for retrieval, Resolver returns this token in the response. To retrieve the next batch of objects, provide this token in your next request.
" + }, + "FirewallRules":{ + "shape":"FirewallRules", + "documentation":"A list of the rules that you have defined.
This might be a parital list of the firewall rules that you've defined. For information, see MaxResults.
The request caused one or more limits to be exceeded.
", - "exception":true + } }, "ListResolverDnssecConfigsRequest":{ "type":"structure", @@ -1686,6 +3143,13 @@ "max":100, "min":1 }, + "MutationProtectionStatus":{ + "type":"string", + "enum":[ + "ENABLED", + "DISABLED" + ] + }, "Name":{ "type":"string", "max":64, @@ -1697,6 +3161,33 @@ "max":65535, "min":0 }, + "Priority":{"type":"integer"}, + "PutFirewallRuleGroupPolicyRequest":{ + "type":"structure", + "required":[ + "Arn", + "FirewallRuleGroupPolicy" + ], + "members":{ + "Arn":{ + "shape":"Arn", + "documentation":"The ARN (Amazon Resource Name) for the rule group that you want to share.
" + }, + "FirewallRuleGroupPolicy":{ + "shape":"FirewallRuleGroupPolicy", + "documentation":"The AWS Identity and Access Management (AWS IAM) policy to attach to the rule group.
" + } + } + }, + "PutFirewallRuleGroupPolicyResponse":{ + "type":"structure", + "members":{ + "ReturnValue":{ + "shape":"Boolean", + "documentation":"" + } + } + }, "PutResolverQueryLogConfigPolicyRequest":{ "type":"structure", "required":[ @@ -2200,6 +3691,11 @@ "type":"list", "member":{"shape":"ResourceId"} }, + "ServicePrinciple":{ + "type":"string", + "max":512, + "min":1 + }, "ShareStatus":{ "type":"string", "enum":[ @@ -2327,6 +3823,7 @@ "documentation":"The specified resource doesn't exist.
", "exception":true }, + "Unsigned":{"type":"integer"}, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -2349,6 +3846,170 @@ "members":{ } }, + "UpdateFirewallConfigRequest":{ + "type":"structure", + "required":[ + "ResourceId", + "FirewallFailOpen" + ], + "members":{ + "ResourceId":{ + "shape":"ResourceId", + "documentation":"The ID of the Amazon virtual private cloud (VPC) that the configuration is for.
" + }, + "FirewallFailOpen":{ + "shape":"FirewallFailOpenStatus", + "documentation":"Determines how Route 53 Resolver handles queries during failures, for example when all traffic that is sent to DNS Firewall fails to receive a reply.
By default, fail open is disabled, which means the failure mode is closed. This approach favors security over availability. DNS Firewall blocks queries that it is unable to evaluate properly.
If you enable this option, the failure mode is open. This approach favors availability over security. DNS Firewall allows queries to proceed if it is unable to properly evaluate them.
This behavior is only enforced for VPCs that have at least one DNS Firewall rule group association.
" + } + } + }, + "UpdateFirewallConfigResponse":{ + "type":"structure", + "members":{ + "FirewallConfig":{ + "shape":"FirewallConfig", + "documentation":"Configuration of the firewall behavior provided by DNS Firewall for a single Amazon virtual private cloud (VPC).
" + } + } + }, + "UpdateFirewallDomainsRequest":{ + "type":"structure", + "required":[ + "FirewallDomainListId", + "Operation", + "Domains" + ], + "members":{ + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list whose domains you want to update.
" + }, + "Operation":{ + "shape":"FirewallDomainUpdateOperation", + "documentation":"What you want DNS Firewall to do with the domains that you are providing:
ADD - Add the domains to the ones that are already in the domain list.
REMOVE - Search the domain list for the domains and remove them from the list.
REPLACE - Update the domain list to exactly match the list that you are providing.
A list of domains to use in the update operation.
Each domain specification in your domain list must satisfy the following requirements:
It can optionally start with * (asterisk).
With the exception of the optional starting asterisk, it must only contain the following characters: A-Z, a-z, 0-9, - (hyphen).
It must be from 1-255 characters in length.
The Id of the firewall domain list that DNS Firewall just updated.
" + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the domain list.
" + }, + "Status":{ + "shape":"FirewallDomainListStatus", + "documentation":"" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"
Additional information about the status of the list, if available.
" + } + } + }, + "UpdateFirewallRuleGroupAssociationRequest":{ + "type":"structure", + "required":["FirewallRuleGroupAssociationId"], + "members":{ + "FirewallRuleGroupAssociationId":{ + "shape":"ResourceId", + "documentation":"The identifier of the FirewallRuleGroupAssociation.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule group among the rule groups that you associate with the specified VPC. DNS Firewall filters VPC traffic starting from rule group with the lowest numeric priority setting.
You must specify a unique priority for each rule group that you associate with a single VPC. To make it easier to insert rule groups later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for a rule group association after you create it.
", + "box":true + }, + "MutationProtection":{ + "shape":"MutationProtectionStatus", + "documentation":"If enabled, this setting disallows modification or removal of the association, to help prevent against accidentally altering DNS firewall protections.
", + "box":true + }, + "Name":{ + "shape":"Name", + "documentation":"The name of the rule group association.
", + "box":true + } + } + }, + "UpdateFirewallRuleGroupAssociationResponse":{ + "type":"structure", + "members":{ + "FirewallRuleGroupAssociation":{ + "shape":"FirewallRuleGroupAssociation", + "documentation":"The association that you just updated.
" + } + } + }, + "UpdateFirewallRuleRequest":{ + "type":"structure", + "required":[ + "FirewallRuleGroupId", + "FirewallDomainListId" + ], + "members":{ + "FirewallRuleGroupId":{ + "shape":"ResourceId", + "documentation":"The unique identifier of the firewall rule group for the rule.
" + }, + "FirewallDomainListId":{ + "shape":"ResourceId", + "documentation":"The ID of the domain list to use in the rule.
" + }, + "Priority":{ + "shape":"Priority", + "documentation":"The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
You must specify a unique priority for each rule in a rule group. To make it easier to insert rules later, leave space between the numbers, for example, use 100, 200, and so on. You can change the priority setting for the rules in a rule group at any time.
", + "box":true + }, + "Action":{ + "shape":"Action", + "documentation":"The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list:
ALLOW - Permit the request to go through.
ALERT - Permit the request to go through but send an alert to the logs.
BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.
NODATA - Respond indicating that the query was successful, but no response is available for it.
NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.
OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.
The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.
The name of the rule.
", + "box":true + } + } + }, + "UpdateFirewallRuleResponse":{ + "type":"structure", + "members":{ + "FirewallRule":{ + "shape":"FirewallRule", + "documentation":"The firewall rule that you just updated.
" + } + } + }, "UpdateResolverDnssecConfigRequest":{ "type":"structure", "required":[ @@ -2431,6 +4092,14 @@ "ENABLE", "DISABLE" ] + }, + "ValidationException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ExceptionMessage"} + }, + "documentation":"", + "exception":true } }, "documentation":"When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or ELB load balancers. Resolver performs recursive lookups against public name servers for all other domain names.
You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:
Forward DNS queries from resolvers on your network to Route 53 Resolver
DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for AWS resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.
Conditionally forward queries from a VPC to resolvers on your network
You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.
Like Amazon VPC, Resolver is regional. In each region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.
" From f029d2dceaa44186dd5f5431d80851868dd38656 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:30 +0000 Subject: [PATCH 09/12] Firewall Management Service Update: Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall. --- ...ure-FirewallManagementService-5336ae7.json | 6 ++ .../codegen-resources/service-2.json | 91 ++++++++++++++++++- 2 files changed, 95 insertions(+), 2 deletions(-) create mode 100644 .changes/next-release/feature-FirewallManagementService-5336ae7.json diff --git a/.changes/next-release/feature-FirewallManagementService-5336ae7.json b/.changes/next-release/feature-FirewallManagementService-5336ae7.json new file mode 100644 index 000000000000..9bc84c02a19b --- /dev/null +++ b/.changes/next-release/feature-FirewallManagementService-5336ae7.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Firewall Management Service", + "contributor": "", + "description": "Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall." +} diff --git a/services/fms/src/main/resources/codegen-resources/service-2.json b/services/fms/src/main/resources/codegen-resources/service-2.json index d24c217a1445..ea830361a552 100644 --- a/services/fms/src/main/resources/codegen-resources/service-2.json +++ b/services/fms/src/main/resources/codegen-resources/service-2.json @@ -585,6 +585,11 @@ }, "documentation":"Details of the rule violation in a security group when compared to the master security group of the AWS Firewall Manager policy.
" }, + "BasicInteger":{ + "type":"integer", + "max":2147483647, + "min":-2147483648 + }, "Boolean":{"type":"boolean"}, "CIDR":{ "type":"string", @@ -695,6 +700,73 @@ "members":{ } }, + "DnsDuplicateRuleGroupViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{ + "shape":"ViolationTarget", + "documentation":"The ID of the VPC.
" + }, + "ViolationTargetDescription":{ + "shape":"LengthBoundedString", + "documentation":"A description of the violation that specifies the rule group and VPC.
" + } + }, + "documentation":"A DNS Firewall rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
" + }, + "DnsRuleGroupLimitExceededViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{ + "shape":"ViolationTarget", + "documentation":"The ID of the VPC.
" + }, + "ViolationTargetDescription":{ + "shape":"LengthBoundedString", + "documentation":"A description of the violation that specifies the rule group and VPC.
" + }, + "NumberOfRuleGroupsAlreadyAssociated":{ + "shape":"BasicInteger", + "documentation":"The number of rule groups currently associated with the VPC.
" + } + }, + "documentation":"The VPC that Firewall Manager was applying a DNS Fireall policy to reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed due to the limit.
" + }, + "DnsRuleGroupPriorities":{ + "type":"list", + "member":{"shape":"DnsRuleGroupPriority"} + }, + "DnsRuleGroupPriority":{ + "type":"integer", + "max":10000, + "min":0 + }, + "DnsRuleGroupPriorityConflictViolation":{ + "type":"structure", + "members":{ + "ViolationTarget":{ + "shape":"ViolationTarget", + "documentation":"The ID of the VPC.
" + }, + "ViolationTargetDescription":{ + "shape":"LengthBoundedString", + "documentation":"A description of the violation that specifies the VPC and the rule group that's already associated with it.
" + }, + "ConflictingPriority":{ + "shape":"DnsRuleGroupPriority", + "documentation":"The priority setting of the two conflicting rule groups.
" + }, + "ConflictingPolicyId":{ + "shape":"PolicyId", + "documentation":"The ID of the Firewall Manager DNS Firewall policy that was already applied to the VPC. This policy contains the rule group that's already associated with the VPC.
" + }, + "UnavailablePriorities":{ + "shape":"DnsRuleGroupPriorities", + "documentation":"The priorities of rule groups that are already associated with the VPC. To retry your operation, choose priority settings that aren't in this list for the rule groups in your new DNS Firewall policy.
" + } + }, + "documentation":"A rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
" + }, "ErrorMessage":{"type":"string"}, "EvaluationResult":{ "type":"structure", @@ -1829,6 +1901,18 @@ "NetworkFirewallPolicyModifiedViolation":{ "shape":"NetworkFirewallPolicyModifiedViolation", "documentation":"Violation detail for an Network Firewall policy that indicates that a firewall policy in an individual account has been modified in a way that makes it noncompliant. For example, the individual account owner might have deleted a rule group, changed the priority of a stateless rule group, or changed a policy default action.
" + }, + "DnsRuleGroupPriorityConflictViolation":{ + "shape":"DnsRuleGroupPriorityConflictViolation", + "documentation":"Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC has the same priority as a rule group that's already associated.
" + }, + "DnsDuplicateRuleGroupViolation":{ + "shape":"DnsDuplicateRuleGroupViolation", + "documentation":"Violation detail for a DNS Firewall policy that indicates that a rule group that Firewall Manager tried to associate with a VPC is already associated with the VPC and can't be associated again.
" + }, + "DnsRuleGroupLimitExceededViolation":{ + "shape":"DnsRuleGroupLimitExceededViolation", + "documentation":"Violation details for a DNS Firewall policy that indicates that the VPC reached the limit for associated DNS Firewall rule groups. Firewall Manager tried to associate another rule group with the VPC and failed.
" } }, "documentation":"Violation detail based on resource type.
" @@ -1917,7 +2001,8 @@ "SECURITY_GROUPS_COMMON", "SECURITY_GROUPS_CONTENT_AUDIT", "SECURITY_GROUPS_USAGE_AUDIT", - "NETWORK_FIREWALL" + "NETWORK_FIREWALL", + "DNS_FIREWALL" ] }, "StatefulRuleGroup":{ @@ -2121,10 +2206,12 @@ "RESOURCE_VIOLATES_AUDIT_SECURITY_GROUP", "SECURITY_GROUP_UNUSED", "SECURITY_GROUP_REDUNDANT", + "FMS_CREATED_SECURITY_GROUP_EDITED", "MISSING_FIREWALL", "MISSING_FIREWALL_SUBNET_IN_AZ", "MISSING_EXPECTED_ROUTE_TABLE", - "NETWORK_FIREWALL_POLICY_MODIFIED" + "NETWORK_FIREWALL_POLICY_MODIFIED", + "RESOURCE_MISSING_DNS_FIREWALL" ] }, "ViolationTarget":{ From 2723ce607a6fafdd513399d33fba4a8c5a28ac25 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:05:43 +0000 Subject: [PATCH 10/12] Amazon Lex Model Building Service Update: Lex now supports the ja-JP locale --- .../feature-AmazonLexModelBuildingService-b80ef9d.json | 6 ++++++ .../src/main/resources/codegen-resources/service-2.json | 3 ++- 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 .changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json diff --git a/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json b/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json new file mode 100644 index 000000000000..d438f5e6ca39 --- /dev/null +++ b/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "Amazon Lex Model Building Service", + "contributor": "", + "description": "Lex now supports the ja-JP locale" +} diff --git a/services/lexmodelbuilding/src/main/resources/codegen-resources/service-2.json b/services/lexmodelbuilding/src/main/resources/codegen-resources/service-2.json index 042f844cf1b1..260f5d8e32a1 100644 --- a/services/lexmodelbuilding/src/main/resources/codegen-resources/service-2.json +++ b/services/lexmodelbuilding/src/main/resources/codegen-resources/service-2.json @@ -2710,7 +2710,8 @@ "es-US", "fr-FR", "fr-CA", - "it-IT" + "it-IT", + "ja-JP" ] }, "LocaleList":{ From 48b816165aefe7d5cc7246df95b9a22a4cd8f01f Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:07:04 +0000 Subject: [PATCH 11/12] Updated endpoints.json. --- .../next-release/feature-AWSSDKforJavav2-bedacd4.json | 6 ++++++ .../awssdk/regions/internal/region/endpoints.json | 10 ++++++++++ 2 files changed, 16 insertions(+) create mode 100644 .changes/next-release/feature-AWSSDKforJavav2-bedacd4.json diff --git a/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json b/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json new file mode 100644 index 000000000000..ae3f84993e9e --- /dev/null +++ b/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json @@ -0,0 +1,6 @@ +{ + "type": "feature", + "category": "AWS SDK for Java v2", + "contributor": "", + "description": "Updated service endpoint metadata." +} diff --git a/core/regions/src/main/resources/software/amazon/awssdk/regions/internal/region/endpoints.json b/core/regions/src/main/resources/software/amazon/awssdk/regions/internal/region/endpoints.json index afc2cd0363ff..8e6a233b98a5 100644 --- a/core/regions/src/main/resources/software/amazon/awssdk/regions/internal/region/endpoints.json +++ b/core/regions/src/main/resources/software/amazon/awssdk/regions/internal/region/endpoints.json @@ -632,6 +632,7 @@ "ap-northeast-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-2" : { }, "us-east-1" : { }, @@ -1637,6 +1638,7 @@ "ap-northeast-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-2" : { }, "us-east-1" : { }, @@ -3206,8 +3208,15 @@ "endpoints" : { "af-south-1" : { }, "ap-southeast-2" : { }, + "eu-central-1" : { }, "eu-north-1" : { }, "eu-west-1" : { }, + "fips-us-east-1" : { + "credentialScope" : { + "region" : "us-east-1" + }, + "hostname" : "groundstation-fips.us-east-1.amazonaws.com" + }, "fips-us-east-2" : { "credentialScope" : { "region" : "us-east-2" @@ -3221,6 +3230,7 @@ "hostname" : "groundstation-fips.us-west-2.amazonaws.com" }, "me-south-1" : { }, + "us-east-1" : { }, "us-east-2" : { }, "us-west-2" : { } } From f83aabe6b93d89353952ccbf1e015aa8ee5ef874 Mon Sep 17 00:00:00 2001 From: AWS <> Date: Thu, 1 Apr 2021 18:07:54 +0000 Subject: [PATCH 12/12] Release 2.16.33. Updated CHANGELOG.md, README.md and all pom.xml. --- .changes/2.16.33.json | 66 +++++++++++++++++++ ...ture-AWSElementalMediaConvert-d94cd3a.json | 6 -- ...ture-AWSKendraFrontendService-a680037.json | 6 -- .../feature-AWSSDKforJavav2-bedacd4.json | 6 -- .../feature-AWSWAFV2-2b3853b.json | 6 -- ...ure-AmazonElasticComputeCloud-b70fcc4.json | 6 -- ...AmazonLexModelBuildingService-b80ef9d.json | 6 -- ...ature-AmazonLexRuntimeService-0587549.json | 6 -- .../feature-AmazonLightsail-1f92607.json | 6 -- ...feature-AmazonRoute53Resolver-09a9485.json | 6 -- ...ure-FirewallManagementService-5336ae7.json | 6 -- CHANGELOG.md | 41 ++++++++++++ README.md | 8 +-- archetypes/archetype-app-quickstart/pom.xml | 2 +- archetypes/archetype-lambda/pom.xml | 2 +- archetypes/archetype-tools/pom.xml | 2 +- archetypes/pom.xml | 2 +- aws-sdk-java/pom.xml | 2 +- bom-internal/pom.xml | 2 +- bom/pom.xml | 2 +- bundle/pom.xml | 2 +- codegen-lite-maven-plugin/pom.xml | 2 +- codegen-lite/pom.xml | 2 +- codegen-maven-plugin/pom.xml | 2 +- codegen/pom.xml | 2 +- core/annotations/pom.xml | 2 +- core/arns/pom.xml | 2 +- core/auth/pom.xml | 2 +- core/aws-core/pom.xml | 2 +- core/metrics-spi/pom.xml | 2 +- core/pom.xml | 2 +- core/profiles/pom.xml | 2 +- core/protocols/aws-cbor-protocol/pom.xml | 2 +- core/protocols/aws-ion-protocol/pom.xml | 2 +- core/protocols/aws-json-protocol/pom.xml | 2 +- core/protocols/aws-query-protocol/pom.xml | 2 +- core/protocols/aws-xml-protocol/pom.xml | 2 +- core/protocols/pom.xml | 2 +- core/protocols/protocol-core/pom.xml | 2 +- core/regions/pom.xml | 2 +- core/sdk-core/pom.xml | 2 +- http-client-spi/pom.xml | 2 +- http-clients/apache-client/pom.xml | 2 +- http-clients/aws-crt-client/pom.xml | 2 +- http-clients/netty-nio-client/pom.xml | 2 +- http-clients/pom.xml | 2 +- http-clients/url-connection-client/pom.xml | 2 +- .../cloudwatch-metric-publisher/pom.xml | 2 +- metric-publishers/pom.xml | 2 +- pom.xml | 2 +- release-scripts/pom.xml | 2 +- services-custom/dynamodb-enhanced/pom.xml | 2 +- services-custom/pom.xml | 2 +- services/accessanalyzer/pom.xml | 2 +- services/acm/pom.xml | 2 +- services/acmpca/pom.xml | 2 +- services/alexaforbusiness/pom.xml | 2 +- services/amp/pom.xml | 2 +- services/amplify/pom.xml | 2 +- services/amplifybackend/pom.xml | 2 +- services/apigateway/pom.xml | 2 +- services/apigatewaymanagementapi/pom.xml | 2 +- services/apigatewayv2/pom.xml | 2 +- services/appconfig/pom.xml | 2 +- services/appflow/pom.xml | 2 +- services/appintegrations/pom.xml | 2 +- services/applicationautoscaling/pom.xml | 2 +- services/applicationdiscovery/pom.xml | 2 +- services/applicationinsights/pom.xml | 2 +- services/appmesh/pom.xml | 2 +- services/appstream/pom.xml | 2 +- services/appsync/pom.xml | 2 +- services/athena/pom.xml | 2 +- services/auditmanager/pom.xml | 2 +- services/autoscaling/pom.xml | 2 +- services/autoscalingplans/pom.xml | 2 +- services/backup/pom.xml | 2 +- services/batch/pom.xml | 2 +- services/braket/pom.xml | 2 +- services/budgets/pom.xml | 2 +- services/chime/pom.xml | 2 +- services/cloud9/pom.xml | 2 +- services/clouddirectory/pom.xml | 2 +- services/cloudformation/pom.xml | 2 +- services/cloudfront/pom.xml | 2 +- services/cloudhsm/pom.xml | 2 +- services/cloudhsmv2/pom.xml | 2 +- services/cloudsearch/pom.xml | 2 +- services/cloudsearchdomain/pom.xml | 2 +- services/cloudtrail/pom.xml | 2 +- services/cloudwatch/pom.xml | 2 +- services/cloudwatchevents/pom.xml | 2 +- services/cloudwatchlogs/pom.xml | 2 +- services/codeartifact/pom.xml | 2 +- services/codebuild/pom.xml | 2 +- services/codecommit/pom.xml | 2 +- services/codedeploy/pom.xml | 2 +- services/codeguruprofiler/pom.xml | 2 +- services/codegurureviewer/pom.xml | 2 +- services/codepipeline/pom.xml | 2 +- services/codestar/pom.xml | 2 +- services/codestarconnections/pom.xml | 2 +- services/codestarnotifications/pom.xml | 2 +- services/cognitoidentity/pom.xml | 2 +- services/cognitoidentityprovider/pom.xml | 2 +- services/cognitosync/pom.xml | 2 +- services/comprehend/pom.xml | 2 +- services/comprehendmedical/pom.xml | 2 +- services/computeoptimizer/pom.xml | 2 +- services/config/pom.xml | 2 +- services/connect/pom.xml | 2 +- services/connectcontactlens/pom.xml | 2 +- services/connectparticipant/pom.xml | 2 +- services/costandusagereport/pom.xml | 2 +- services/costexplorer/pom.xml | 2 +- services/customerprofiles/pom.xml | 2 +- services/databasemigration/pom.xml | 2 +- services/databrew/pom.xml | 2 +- services/dataexchange/pom.xml | 2 +- services/datapipeline/pom.xml | 2 +- services/datasync/pom.xml | 2 +- services/dax/pom.xml | 2 +- services/detective/pom.xml | 2 +- services/devicefarm/pom.xml | 2 +- services/devopsguru/pom.xml | 2 +- services/directconnect/pom.xml | 2 +- services/directory/pom.xml | 2 +- services/dlm/pom.xml | 2 +- services/docdb/pom.xml | 2 +- services/dynamodb/pom.xml | 2 +- services/ebs/pom.xml | 2 +- services/ec2/pom.xml | 2 +- services/ec2instanceconnect/pom.xml | 2 +- services/ecr/pom.xml | 2 +- services/ecrpublic/pom.xml | 2 +- services/ecs/pom.xml | 2 +- services/efs/pom.xml | 2 +- services/eks/pom.xml | 2 +- services/elasticache/pom.xml | 2 +- services/elasticbeanstalk/pom.xml | 2 +- services/elasticinference/pom.xml | 2 +- services/elasticloadbalancing/pom.xml | 2 +- services/elasticloadbalancingv2/pom.xml | 2 +- services/elasticsearch/pom.xml | 2 +- services/elastictranscoder/pom.xml | 2 +- services/emr/pom.xml | 2 +- services/emrcontainers/pom.xml | 2 +- services/eventbridge/pom.xml | 2 +- services/firehose/pom.xml | 2 +- services/fis/pom.xml | 2 +- services/fms/pom.xml | 2 +- services/forecast/pom.xml | 2 +- services/forecastquery/pom.xml | 2 +- services/frauddetector/pom.xml | 2 +- services/fsx/pom.xml | 2 +- services/gamelift/pom.xml | 2 +- services/glacier/pom.xml | 2 +- services/globalaccelerator/pom.xml | 2 +- services/glue/pom.xml | 2 +- services/greengrass/pom.xml | 2 +- services/greengrassv2/pom.xml | 2 +- services/groundstation/pom.xml | 2 +- services/guardduty/pom.xml | 2 +- services/health/pom.xml | 2 +- services/healthlake/pom.xml | 2 +- services/honeycode/pom.xml | 2 +- services/iam/pom.xml | 2 +- services/identitystore/pom.xml | 2 +- services/imagebuilder/pom.xml | 2 +- services/inspector/pom.xml | 2 +- services/iot/pom.xml | 2 +- services/iot1clickdevices/pom.xml | 2 +- services/iot1clickprojects/pom.xml | 2 +- services/iotanalytics/pom.xml | 2 +- services/iotdataplane/pom.xml | 2 +- services/iotdeviceadvisor/pom.xml | 2 +- services/iotevents/pom.xml | 2 +- services/ioteventsdata/pom.xml | 2 +- services/iotfleethub/pom.xml | 2 +- services/iotjobsdataplane/pom.xml | 2 +- services/iotsecuretunneling/pom.xml | 2 +- services/iotsitewise/pom.xml | 2 +- services/iotthingsgraph/pom.xml | 2 +- services/iotwireless/pom.xml | 2 +- services/ivs/pom.xml | 2 +- services/kafka/pom.xml | 2 +- services/kendra/pom.xml | 2 +- services/kinesis/pom.xml | 2 +- services/kinesisanalytics/pom.xml | 2 +- services/kinesisanalyticsv2/pom.xml | 2 +- services/kinesisvideo/pom.xml | 2 +- services/kinesisvideoarchivedmedia/pom.xml | 2 +- services/kinesisvideomedia/pom.xml | 2 +- services/kinesisvideosignaling/pom.xml | 2 +- services/kms/pom.xml | 2 +- services/lakeformation/pom.xml | 2 +- services/lambda/pom.xml | 2 +- services/lexmodelbuilding/pom.xml | 2 +- services/lexmodelsv2/pom.xml | 2 +- services/lexruntime/pom.xml | 2 +- services/lexruntimev2/pom.xml | 2 +- services/licensemanager/pom.xml | 2 +- services/lightsail/pom.xml | 2 +- services/location/pom.xml | 2 +- services/lookoutmetrics/pom.xml | 2 +- services/lookoutvision/pom.xml | 2 +- services/machinelearning/pom.xml | 2 +- services/macie/pom.xml | 2 +- services/macie2/pom.xml | 2 +- services/managedblockchain/pom.xml | 2 +- services/marketplacecatalog/pom.xml | 2 +- services/marketplacecommerceanalytics/pom.xml | 2 +- services/marketplaceentitlement/pom.xml | 2 +- services/marketplacemetering/pom.xml | 2 +- services/mediaconnect/pom.xml | 2 +- services/mediaconvert/pom.xml | 2 +- services/medialive/pom.xml | 2 +- services/mediapackage/pom.xml | 2 +- services/mediapackagevod/pom.xml | 2 +- services/mediastore/pom.xml | 2 +- services/mediastoredata/pom.xml | 2 +- services/mediatailor/pom.xml | 2 +- services/migrationhub/pom.xml | 2 +- services/migrationhubconfig/pom.xml | 2 +- services/mobile/pom.xml | 2 +- services/mq/pom.xml | 2 +- services/mturk/pom.xml | 2 +- services/mwaa/pom.xml | 2 +- services/neptune/pom.xml | 2 +- services/networkfirewall/pom.xml | 2 +- services/networkmanager/pom.xml | 2 +- services/opsworks/pom.xml | 2 +- services/opsworkscm/pom.xml | 2 +- services/organizations/pom.xml | 2 +- services/outposts/pom.xml | 2 +- services/personalize/pom.xml | 2 +- services/personalizeevents/pom.xml | 2 +- services/personalizeruntime/pom.xml | 2 +- services/pi/pom.xml | 2 +- services/pinpoint/pom.xml | 2 +- services/pinpointemail/pom.xml | 2 +- services/pinpointsmsvoice/pom.xml | 2 +- services/polly/pom.xml | 2 +- services/pom.xml | 2 +- services/pricing/pom.xml | 2 +- services/qldb/pom.xml | 2 +- services/qldbsession/pom.xml | 2 +- services/quicksight/pom.xml | 2 +- services/ram/pom.xml | 2 +- services/rds/pom.xml | 2 +- services/rdsdata/pom.xml | 2 +- services/redshift/pom.xml | 2 +- services/redshiftdata/pom.xml | 2 +- services/rekognition/pom.xml | 2 +- services/resourcegroups/pom.xml | 2 +- services/resourcegroupstaggingapi/pom.xml | 2 +- services/robomaker/pom.xml | 2 +- services/route53/pom.xml | 2 +- services/route53domains/pom.xml | 2 +- services/route53resolver/pom.xml | 2 +- services/s3/pom.xml | 2 +- services/s3control/pom.xml | 2 +- services/s3outposts/pom.xml | 2 +- services/sagemaker/pom.xml | 2 +- services/sagemakera2iruntime/pom.xml | 2 +- services/sagemakeredge/pom.xml | 2 +- services/sagemakerfeaturestoreruntime/pom.xml | 2 +- services/sagemakerruntime/pom.xml | 2 +- services/savingsplans/pom.xml | 2 +- services/schemas/pom.xml | 2 +- services/secretsmanager/pom.xml | 2 +- services/securityhub/pom.xml | 2 +- .../serverlessapplicationrepository/pom.xml | 2 +- services/servicecatalog/pom.xml | 2 +- services/servicecatalogappregistry/pom.xml | 2 +- services/servicediscovery/pom.xml | 2 +- services/servicequotas/pom.xml | 2 +- services/ses/pom.xml | 2 +- services/sesv2/pom.xml | 2 +- services/sfn/pom.xml | 2 +- services/shield/pom.xml | 2 +- services/signer/pom.xml | 2 +- services/sms/pom.xml | 2 +- services/snowball/pom.xml | 2 +- services/sns/pom.xml | 2 +- services/sqs/pom.xml | 2 +- services/ssm/pom.xml | 2 +- services/sso/pom.xml | 2 +- services/ssoadmin/pom.xml | 2 +- services/ssooidc/pom.xml | 2 +- services/storagegateway/pom.xml | 2 +- services/sts/pom.xml | 2 +- services/support/pom.xml | 2 +- services/swf/pom.xml | 2 +- services/synthetics/pom.xml | 2 +- services/textract/pom.xml | 2 +- services/timestreamquery/pom.xml | 2 +- services/timestreamwrite/pom.xml | 2 +- services/transcribe/pom.xml | 2 +- services/transcribestreaming/pom.xml | 2 +- services/transfer/pom.xml | 2 +- services/translate/pom.xml | 2 +- services/waf/pom.xml | 2 +- services/wafv2/pom.xml | 2 +- services/wellarchitected/pom.xml | 2 +- services/workdocs/pom.xml | 2 +- services/worklink/pom.xml | 2 +- services/workmail/pom.xml | 2 +- services/workmailmessageflow/pom.xml | 2 +- services/workspaces/pom.xml | 2 +- services/xray/pom.xml | 2 +- test/codegen-generated-classes-test/pom.xml | 2 +- test/http-client-tests/pom.xml | 2 +- test/module-path-tests/pom.xml | 2 +- test/protocol-tests-core/pom.xml | 2 +- test/protocol-tests/pom.xml | 2 +- test/sdk-benchmarks/pom.xml | 2 +- test/sdk-native-image-test/pom.xml | 2 +- test/service-test-utils/pom.xml | 2 +- test/stability-tests/pom.xml | 2 +- test/test-utils/pom.xml | 2 +- test/tests-coverage-reporting/pom.xml | 2 +- utils/pom.xml | 2 +- 323 files changed, 421 insertions(+), 374 deletions(-) create mode 100644 .changes/2.16.33.json delete mode 100644 .changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json delete mode 100644 .changes/next-release/feature-AWSKendraFrontendService-a680037.json delete mode 100644 .changes/next-release/feature-AWSSDKforJavav2-bedacd4.json delete mode 100644 .changes/next-release/feature-AWSWAFV2-2b3853b.json delete mode 100644 .changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json delete mode 100644 .changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json delete mode 100644 .changes/next-release/feature-AmazonLexRuntimeService-0587549.json delete mode 100644 .changes/next-release/feature-AmazonLightsail-1f92607.json delete mode 100644 .changes/next-release/feature-AmazonRoute53Resolver-09a9485.json delete mode 100644 .changes/next-release/feature-FirewallManagementService-5336ae7.json diff --git a/.changes/2.16.33.json b/.changes/2.16.33.json new file mode 100644 index 000000000000..e5615f6baefe --- /dev/null +++ b/.changes/2.16.33.json @@ -0,0 +1,66 @@ +{ + "version": "2.16.33", + "date": "2021-04-01", + "entries": [ + { + "type": "feature", + "category": "AWSKendraFrontendService", + "contributor": "", + "description": "AWS Kendra's ServiceNow data source now supports OAuth 2.0 authentication and knowledge article filtering via a ServiceNow query." + }, + { + "type": "feature", + "category": "Amazon Elastic Compute Cloud", + "contributor": "", + "description": "VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena" + }, + { + "type": "feature", + "category": "Firewall Management Service", + "contributor": "", + "description": "Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall." + }, + { + "type": "feature", + "category": "AWS SDK for Java v2", + "contributor": "", + "description": "Updated service endpoint metadata." + }, + { + "type": "feature", + "category": "AWS WAFV2", + "contributor": "", + "description": "Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide." + }, + { + "type": "feature", + "category": "Amazon Lex Runtime Service", + "contributor": "", + "description": "Amazon Lex now supports base64-encoded message and input transcript fields." + }, + { + "type": "feature", + "category": "AWS Elemental MediaConvert", + "contributor": "", + "description": "MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio." + }, + { + "type": "feature", + "category": "Amazon Route 53 Resolver", + "contributor": "", + "description": "Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs." + }, + { + "type": "feature", + "category": "Amazon Lex Model Building Service", + "contributor": "", + "description": "Lex now supports the ja-JP locale" + }, + { + "type": "feature", + "category": "Amazon Lightsail", + "contributor": "", + "description": "- This release adds support for state detail for Amazon Lightsail container services." + } + ] +} \ No newline at end of file diff --git a/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json b/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json deleted file mode 100644 index a82cf6292c35..000000000000 --- a/.changes/next-release/feature-AWSElementalMediaConvert-d94cd3a.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS Elemental MediaConvert", - "contributor": "", - "description": "MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio." -} diff --git a/.changes/next-release/feature-AWSKendraFrontendService-a680037.json b/.changes/next-release/feature-AWSKendraFrontendService-a680037.json deleted file mode 100644 index 06647a10b079..000000000000 --- a/.changes/next-release/feature-AWSKendraFrontendService-a680037.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWSKendraFrontendService", - "contributor": "", - "description": "AWS Kendra's ServiceNow data source now supports OAuth 2.0 authentication and knowledge article filtering via a ServiceNow query." -} diff --git a/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json b/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json deleted file mode 100644 index ae3f84993e9e..000000000000 --- a/.changes/next-release/feature-AWSSDKforJavav2-bedacd4.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS SDK for Java v2", - "contributor": "", - "description": "Updated service endpoint metadata." -} diff --git a/.changes/next-release/feature-AWSWAFV2-2b3853b.json b/.changes/next-release/feature-AWSWAFV2-2b3853b.json deleted file mode 100644 index 3f27f1cfdedb..000000000000 --- a/.changes/next-release/feature-AWSWAFV2-2b3853b.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "AWS WAFV2", - "contributor": "", - "description": "Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide." -} diff --git a/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json b/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json deleted file mode 100644 index cdd953007a7b..000000000000 --- a/.changes/next-release/feature-AmazonElasticComputeCloud-b70fcc4.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Elastic Compute Cloud", - "contributor": "", - "description": "VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena" -} diff --git a/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json b/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json deleted file mode 100644 index d438f5e6ca39..000000000000 --- a/.changes/next-release/feature-AmazonLexModelBuildingService-b80ef9d.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Lex Model Building Service", - "contributor": "", - "description": "Lex now supports the ja-JP locale" -} diff --git a/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json b/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json deleted file mode 100644 index cd31ef0ed9c5..000000000000 --- a/.changes/next-release/feature-AmazonLexRuntimeService-0587549.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Lex Runtime Service", - "contributor": "", - "description": "Amazon Lex now supports base64-encoded message and input transcript fields." -} diff --git a/.changes/next-release/feature-AmazonLightsail-1f92607.json b/.changes/next-release/feature-AmazonLightsail-1f92607.json deleted file mode 100644 index cd7397027600..000000000000 --- a/.changes/next-release/feature-AmazonLightsail-1f92607.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Lightsail", - "contributor": "", - "description": "- This release adds support for state detail for Amazon Lightsail container services." -} diff --git a/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json b/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json deleted file mode 100644 index 70aa9bbeb53a..000000000000 --- a/.changes/next-release/feature-AmazonRoute53Resolver-09a9485.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Amazon Route 53 Resolver", - "contributor": "", - "description": "Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs." -} diff --git a/.changes/next-release/feature-FirewallManagementService-5336ae7.json b/.changes/next-release/feature-FirewallManagementService-5336ae7.json deleted file mode 100644 index 9bc84c02a19b..000000000000 --- a/.changes/next-release/feature-FirewallManagementService-5336ae7.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "type": "feature", - "category": "Firewall Management Service", - "contributor": "", - "description": "Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall." -} diff --git a/CHANGELOG.md b/CHANGELOG.md index 277dc3de3e4b..045143d8390c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,44 @@ +# __2.16.33__ __2021-04-01__ +## __AWS Elemental MediaConvert__ + - ### Features + - MediaConvert now supports HLS ingest, sidecar WebVTT ingest, Teletext color & style passthrough to TTML subtitles, TTML to WebVTT subtitle conversion with style, & DRC profiles in AC3 audio. + +## __AWS SDK for Java v2__ + - ### Features + - Updated service endpoint metadata. + +## __AWS WAFV2__ + - ### Features + - Added support for ScopeDownStatement for ManagedRuleGroups, Labels, LabelMatchStatement, and LoggingFilter. For more information on these features, see the AWS WAF Developer Guide. + +## __AWSKendraFrontendService__ + - ### Features + - AWS Kendra's ServiceNow data source now supports OAuth 2.0 authentication and knowledge article filtering via a ServiceNow query. + +## __Amazon Elastic Compute Cloud__ + - ### Features + - VPC Flow Logs Service adds a new API, GetFlowLogsIntegrationTemplate, which generates CloudFormation templates for Athena. For more info, see https://docs.aws.amazon.com/console/vpc/flow-logs/athena + +## __Amazon Lex Model Building Service__ + - ### Features + - Lex now supports the ja-JP locale + +## __Amazon Lex Runtime Service__ + - ### Features + - Amazon Lex now supports base64-encoded message and input transcript fields. + +## __Amazon Lightsail__ + - ### Features + - - This release adds support for state detail for Amazon Lightsail container services. + +## __Amazon Route 53 Resolver__ + - ### Features + - Route 53 Resolver DNS Firewall is a firewall service that allows you to filter and regulate outbound DNS traffic for your VPCs. + +## __Firewall Management Service__ + - ### Features + - Added Firewall Manager policy support for AWS Route 53 Resolver DNS Firewall. + # __2.16.32__ __2021-03-31__ ## __AWS Batch__ - ### Features diff --git a/README.md b/README.md index d3b99826306c..e58e30c3d5d1 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ To automatically manage module versions (currently all modules have the same ver