diff --git a/VERSION b/VERSION index b3f9ed0e2eb..acaddf56fee 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.406 \ No newline at end of file +1.11.407 \ No newline at end of file diff --git a/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/ScopeConfiguration.h b/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/ScopeConfiguration.h index a3143c285a1..37e7bf15c5a 100644 --- a/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/ScopeConfiguration.h +++ b/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/ScopeConfiguration.h @@ -41,9 +41,8 @@ namespace Model ///@{ /** - *

The name of either the enterprise or organization that will send webhook - * events to CodeBuild, depending on if the webhook is a global or organization - * webhook respectively.

+ *

The name of either the group, enterprise, or organization that will send + * webhook events to CodeBuild, depending on the type of webhook.

*/ inline const Aws::String& GetName() const{ return m_name; } inline bool NameHasBeenSet() const { return m_nameHasBeenSet; } @@ -57,8 +56,9 @@ namespace Model ///@{ /** - *

The domain of the GitHub Enterprise organization. Note that this parameter is - * only required if your project's source type is GITHUB_ENTERPRISE

+ *

The domain of the GitHub Enterprise organization or the GitLab Self Managed + * group. Note that this parameter is only required if your project's source type + * is GITHUB_ENTERPRISE or GITLAB_SELF_MANAGED.

*/ inline const Aws::String& GetDomain() const{ return m_domain; } inline bool DomainHasBeenSet() const { return m_domainHasBeenSet; } @@ -72,7 +72,7 @@ namespace Model ///@{ /** - *

The type of scope for a GitHub webhook.

+ *

The type of scope for a GitHub or GitLab webhook.

*/ inline const WebhookScopeType& GetScope() const{ return m_scope; } inline bool ScopeHasBeenSet() const { return m_scopeHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/WebhookScopeType.h b/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/WebhookScopeType.h index ab9ac273344..bb2f750254c 100644 --- a/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/WebhookScopeType.h +++ b/generated/src/aws-cpp-sdk-codebuild/include/aws/codebuild/model/WebhookScopeType.h @@ -17,7 +17,8 @@ namespace Model { NOT_SET, GITHUB_ORGANIZATION, - GITHUB_GLOBAL + GITHUB_GLOBAL, + GITLAB_GROUP }; namespace WebhookScopeTypeMapper diff --git a/generated/src/aws-cpp-sdk-codebuild/source/model/WebhookScopeType.cpp b/generated/src/aws-cpp-sdk-codebuild/source/model/WebhookScopeType.cpp index 79d8f8ef7f8..4a1ebc18cec 100644 --- a/generated/src/aws-cpp-sdk-codebuild/source/model/WebhookScopeType.cpp +++ b/generated/src/aws-cpp-sdk-codebuild/source/model/WebhookScopeType.cpp @@ -22,6 +22,7 @@ namespace Aws static const int GITHUB_ORGANIZATION_HASH = HashingUtils::HashString("GITHUB_ORGANIZATION"); static const int GITHUB_GLOBAL_HASH = HashingUtils::HashString("GITHUB_GLOBAL"); + static const int GITLAB_GROUP_HASH = HashingUtils::HashString("GITLAB_GROUP"); WebhookScopeType GetWebhookScopeTypeForName(const Aws::String& name) @@ -35,6 +36,10 @@ namespace Aws { return WebhookScopeType::GITHUB_GLOBAL; } + else if (hashCode == GITLAB_GROUP_HASH) + { + return WebhookScopeType::GITLAB_GROUP; + } EnumParseOverflowContainer* overflowContainer = Aws::GetEnumOverflowContainer(); if(overflowContainer) { @@ -55,6 +60,8 @@ namespace Aws return "GITHUB_ORGANIZATION"; case WebhookScopeType::GITHUB_GLOBAL: return "GITHUB_GLOBAL"; + case WebhookScopeType::GITLAB_GROUP: + return "GITLAB_GROUP"; default: EnumParseOverflowContainer* overflowContainer = Aws::GetEnumOverflowContainer(); if(overflowContainer) diff --git a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EncryptionConfiguration.h b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EncryptionConfiguration.h index b48c52bd8b7..b175902ea37 100644 --- a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EncryptionConfiguration.h +++ b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EncryptionConfiguration.h @@ -59,15 +59,14 @@ namespace Model * created.

If you use the KMS_DSSE encryption type, the * contents of the repository will be encrypted with two layers of encryption using * server-side encryption with the KMS Management Service key stored in KMS. - * Similar to the KMS encryption type, you can either use the default Amazon Web - * Services managed KMS key for Amazon ECR, or specify your own KMS key, which - * you've already created.

If you use the AES256 encryption - * type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption - * keys which encrypts the images in the repository using an AES256 encryption - * algorithm. For more information, see Protecting - * data using server-side encryption with Amazon S3-managed encryption keys - * (SSE-S3) in the Amazon Simple Storage Service Console Developer + * Similar to the KMS encryption type, you can either use the default + * Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, + * which you've already created.

If you use the AES256 + * encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed + * encryption keys which encrypts the images in the repository using an AES256 + * encryption algorithm.

For more information, see Amazon + * ECR encryption at rest in the Amazon Elastic Container Registry User * Guide.

*/ inline const EncryptionType& GetEncryptionType() const{ return m_encryptionType; } diff --git a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EnhancedImageScanFinding.h b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EnhancedImageScanFinding.h index 98eb5645562..b674bbc1a41 100644 --- a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EnhancedImageScanFinding.h +++ b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/EnhancedImageScanFinding.h @@ -237,6 +237,37 @@ namespace Model inline EnhancedImageScanFinding& WithUpdatedAt(const Aws::Utils::DateTime& value) { SetUpdatedAt(value); return *this;} inline EnhancedImageScanFinding& WithUpdatedAt(Aws::Utils::DateTime&& value) { SetUpdatedAt(std::move(value)); return *this;} ///@} + + ///@{ + /** + *

Details on whether a fix is available through a version update. This value + * can be YES, NO, or PARTIAL. A + * PARTIAL fix means that some, but not all, of the packages + * identified in the finding have fixes available through updated versions.

+ */ + inline const Aws::String& GetFixAvailable() const{ return m_fixAvailable; } + inline bool FixAvailableHasBeenSet() const { return m_fixAvailableHasBeenSet; } + inline void SetFixAvailable(const Aws::String& value) { m_fixAvailableHasBeenSet = true; m_fixAvailable = value; } + inline void SetFixAvailable(Aws::String&& value) { m_fixAvailableHasBeenSet = true; m_fixAvailable = std::move(value); } + inline void SetFixAvailable(const char* value) { m_fixAvailableHasBeenSet = true; m_fixAvailable.assign(value); } + inline EnhancedImageScanFinding& WithFixAvailable(const Aws::String& value) { SetFixAvailable(value); return *this;} + inline EnhancedImageScanFinding& WithFixAvailable(Aws::String&& value) { SetFixAvailable(std::move(value)); return *this;} + inline EnhancedImageScanFinding& WithFixAvailable(const char* value) { SetFixAvailable(value); return *this;} + ///@} + + ///@{ + /** + *

If a finding discovered in your environment has an exploit available.

+ */ + inline const Aws::String& GetExploitAvailable() const{ return m_exploitAvailable; } + inline bool ExploitAvailableHasBeenSet() const { return m_exploitAvailableHasBeenSet; } + inline void SetExploitAvailable(const Aws::String& value) { m_exploitAvailableHasBeenSet = true; m_exploitAvailable = value; } + inline void SetExploitAvailable(Aws::String&& value) { m_exploitAvailableHasBeenSet = true; m_exploitAvailable = std::move(value); } + inline void SetExploitAvailable(const char* value) { m_exploitAvailableHasBeenSet = true; m_exploitAvailable.assign(value); } + inline EnhancedImageScanFinding& WithExploitAvailable(const Aws::String& value) { SetExploitAvailable(value); return *this;} + inline EnhancedImageScanFinding& WithExploitAvailable(Aws::String&& value) { SetExploitAvailable(std::move(value)); return *this;} + inline EnhancedImageScanFinding& WithExploitAvailable(const char* value) { SetExploitAvailable(value); return *this;} + ///@} private: Aws::String m_awsAccountId; @@ -283,6 +314,12 @@ namespace Model Aws::Utils::DateTime m_updatedAt; bool m_updatedAtHasBeenSet = false; + + Aws::String m_fixAvailable; + bool m_fixAvailableHasBeenSet = false; + + Aws::String m_exploitAvailable; + bool m_exploitAvailableHasBeenSet = false; }; } // namespace Model diff --git a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/VulnerablePackage.h b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/VulnerablePackage.h index 4401df0b3b6..af9a47c225a 100644 --- a/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/VulnerablePackage.h +++ b/generated/src/aws-cpp-sdk-ecr/include/aws/ecr/model/VulnerablePackage.h @@ -145,6 +145,20 @@ namespace Model inline VulnerablePackage& WithVersion(Aws::String&& value) { SetVersion(std::move(value)); return *this;} inline VulnerablePackage& WithVersion(const char* value) { SetVersion(value); return *this;} ///@} + + ///@{ + /** + *

The version of the package that contains the vulnerability fix.

+ */ + inline const Aws::String& GetFixedInVersion() const{ return m_fixedInVersion; } + inline bool FixedInVersionHasBeenSet() const { return m_fixedInVersionHasBeenSet; } + inline void SetFixedInVersion(const Aws::String& value) { m_fixedInVersionHasBeenSet = true; m_fixedInVersion = value; } + inline void SetFixedInVersion(Aws::String&& value) { m_fixedInVersionHasBeenSet = true; m_fixedInVersion = std::move(value); } + inline void SetFixedInVersion(const char* value) { m_fixedInVersionHasBeenSet = true; m_fixedInVersion.assign(value); } + inline VulnerablePackage& WithFixedInVersion(const Aws::String& value) { SetFixedInVersion(value); return *this;} + inline VulnerablePackage& WithFixedInVersion(Aws::String&& value) { SetFixedInVersion(std::move(value)); return *this;} + inline VulnerablePackage& WithFixedInVersion(const char* value) { SetFixedInVersion(value); return *this;} + ///@} private: Aws::String m_arch; @@ -170,6 +184,9 @@ namespace Model Aws::String m_version; bool m_versionHasBeenSet = false; + + Aws::String m_fixedInVersion; + bool m_fixedInVersionHasBeenSet = false; }; } // namespace Model diff --git a/generated/src/aws-cpp-sdk-ecr/source/model/EnhancedImageScanFinding.cpp b/generated/src/aws-cpp-sdk-ecr/source/model/EnhancedImageScanFinding.cpp index 1a6233f1c02..f1a7f1391c7 100644 --- a/generated/src/aws-cpp-sdk-ecr/source/model/EnhancedImageScanFinding.cpp +++ b/generated/src/aws-cpp-sdk-ecr/source/model/EnhancedImageScanFinding.cpp @@ -34,7 +34,9 @@ EnhancedImageScanFinding::EnhancedImageScanFinding() : m_statusHasBeenSet(false), m_titleHasBeenSet(false), m_typeHasBeenSet(false), - m_updatedAtHasBeenSet(false) + m_updatedAtHasBeenSet(false), + m_fixAvailableHasBeenSet(false), + m_exploitAvailableHasBeenSet(false) { } @@ -154,6 +156,20 @@ EnhancedImageScanFinding& EnhancedImageScanFinding::operator =(JsonView jsonValu m_updatedAtHasBeenSet = true; } + if(jsonValue.ValueExists("fixAvailable")) + { + m_fixAvailable = jsonValue.GetString("fixAvailable"); + + m_fixAvailableHasBeenSet = true; + } + + if(jsonValue.ValueExists("exploitAvailable")) + { + m_exploitAvailable = jsonValue.GetString("exploitAvailable"); + + m_exploitAvailableHasBeenSet = true; + } + return *this; } @@ -253,6 +269,18 @@ JsonValue EnhancedImageScanFinding::Jsonize() const payload.WithDouble("updatedAt", m_updatedAt.SecondsWithMSPrecision()); } + if(m_fixAvailableHasBeenSet) + { + payload.WithString("fixAvailable", m_fixAvailable); + + } + + if(m_exploitAvailableHasBeenSet) + { + payload.WithString("exploitAvailable", m_exploitAvailable); + + } + return payload; } diff --git a/generated/src/aws-cpp-sdk-ecr/source/model/VulnerablePackage.cpp b/generated/src/aws-cpp-sdk-ecr/source/model/VulnerablePackage.cpp index a25e59a786e..6861283b9b3 100644 --- a/generated/src/aws-cpp-sdk-ecr/source/model/VulnerablePackage.cpp +++ b/generated/src/aws-cpp-sdk-ecr/source/model/VulnerablePackage.cpp @@ -27,7 +27,8 @@ VulnerablePackage::VulnerablePackage() : m_packageManagerHasBeenSet(false), m_releaseHasBeenSet(false), m_sourceLayerHashHasBeenSet(false), - m_versionHasBeenSet(false) + m_versionHasBeenSet(false), + m_fixedInVersionHasBeenSet(false) { } @@ -95,6 +96,13 @@ VulnerablePackage& VulnerablePackage::operator =(JsonView jsonValue) m_versionHasBeenSet = true; } + if(jsonValue.ValueExists("fixedInVersion")) + { + m_fixedInVersion = jsonValue.GetString("fixedInVersion"); + + m_fixedInVersionHasBeenSet = true; + } + return *this; } @@ -150,6 +158,12 @@ JsonValue VulnerablePackage::Jsonize() const } + if(m_fixedInVersionHasBeenSet) + { + payload.WithString("fixedInVersion", m_fixedInVersion); + + } + return payload; } diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/ContainerDefinition.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/ContainerDefinition.h index ab00d0125e8..55f19169bca 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/ContainerDefinition.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/ContainerDefinition.h @@ -63,7 +63,7 @@ namespace Model * task definition, the name of one container can be entered in the * links of another container to connect the containers. Up to 255 * letters (uppercase and lowercase), numbers, underscores, and hyphens are - * allowed. This parameter maps to name in tthe docker conainer create + * allowed. This parameter maps to name in the docker container create * command and the --name option to docker run.

*/ inline const Aws::String& GetName() const{ return m_name; } @@ -85,7 +85,7 @@ namespace Model * repository-url/image@digest . Up to 255 letters * (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, * forward slashes, and number signs are allowed. This parameter maps to - * Image in the docker conainer create command and the + * Image in the docker container create command and the * IMAGE parameter of docker run.

For tasks that + * use the Fargate launch type, the max stop timeout value is 120 seconds and if + * the parameter is not specified, the default value of 30 seconds is used.

+ *

For tasks that use the EC2 launch type, if the stopTimeout + * parameter isn't specified, the value set for the Amazon ECS container agent + * configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If + * neither the stopTimeout parameter or the * ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, * then the default values of 30 seconds for Linux containers and 30 seconds on * Windows containers are used. Your container instances require at least version @@ -581,7 +581,7 @@ namespace Model * ecs-init. For more information, see Amazon * ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer - * Guide.

The valid values are 2-120 seconds.

+ * Guide
.

The valid values for Fargate are 2-120 seconds.

*/ inline int GetStopTimeout() const{ return m_stopTimeout; } inline bool StopTimeoutHasBeenSet() const { return m_stopTimeoutHasBeenSet; } @@ -592,7 +592,7 @@ namespace Model ///@{ /** *

The hostname to use for your container. This parameter maps to - * Hostname in thethe docker conainer create command and the + * Hostname in the docker container create command and the * --hostname option to docker run.

The * hostname parameter is not supported if you're using the * awsvpc network mode.

@@ -610,7 +610,7 @@ namespace Model ///@{ /** *

The user to use inside the container. This parameter maps to - * User in the docker conainer create command and the + * User in the docker container create command and the * --user option to docker run.

When running tasks * using the host network mode, don't run containers using the root * user (UID 0). We recommend using a non-root user for better security.

@@ -635,7 +635,7 @@ namespace Model ///@{ /** *

The working directory to run commands inside the container in. This parameter - * maps to WorkingDir in the docker conainer create command and the + * maps to WorkingDir in the docker container create command and the * --workdir option to docker run.

*/ inline const Aws::String& GetWorkingDirectory() const{ return m_workingDirectory; } @@ -651,7 +651,7 @@ namespace Model ///@{ /** *

When this parameter is true, networking is off within the container. This - * parameter maps to NetworkDisabled in the docker conainer create + * parameter maps to NetworkDisabled in the docker container create * command.

This parameter is not supported for Windows * containers.

*/ @@ -665,10 +665,10 @@ namespace Model /** *

When this parameter is true, the container is given elevated privileges on * the host container instance (similar to the root user). This - * parameter maps to Privileged in the the docker conainer create - * command and the --privileged option to docker run

- *

This parameter is not supported for Windows containers or tasks run on - * Fargate.

+ * parameter maps to Privileged in the docker container create command + * and the --privileged option to docker run

This + * parameter is not supported for Windows containers or tasks run on Fargate.

+ * */ inline bool GetPrivileged() const{ return m_privileged; } inline bool PrivilegedHasBeenSet() const { return m_privilegedHasBeenSet; } @@ -680,9 +680,9 @@ namespace Model /** *

When this parameter is true, the container is given read-only access to its * root file system. This parameter maps to ReadonlyRootfs in the - * docker conainer create command and the --read-only option to docker - * run.

This parameter is not supported for Windows containers.

- * + * docker container create command and the --read-only option to + * docker run.

This parameter is not supported for Windows + * containers.

*/ inline bool GetReadonlyRootFilesystem() const{ return m_readonlyRootFilesystem; } inline bool ReadonlyRootFilesystemHasBeenSet() const { return m_readonlyRootFilesystemHasBeenSet; } @@ -693,7 +693,7 @@ namespace Model ///@{ /** *

A list of DNS servers that are presented to the container. This parameter - * maps to Dns in the the docker conainer create command and the + * maps to Dns in the docker container create command and the * --dns option to docker run.

This parameter is not * supported for Windows containers.

*/ @@ -711,7 +711,7 @@ namespace Model ///@{ /** *

A list of DNS search domains that are presented to the container. This - * parameter maps to DnsSearch in the docker conainer create command + * parameter maps to DnsSearch in the docker container create command * and the --dns-search option to docker run.

This * parameter is not supported for Windows containers.

*/ @@ -730,7 +730,7 @@ namespace Model /** *

A list of hostnames and IP address mappings to append to the * /etc/hosts file on the container. This parameter maps to - * ExtraHosts in the docker conainer create command and the + * ExtraHosts in the docker container create command and the * --add-host option to docker run.

This parameter isn't * supported for Windows containers or tasks that use the awsvpc * network mode.

@@ -759,12 +759,12 @@ namespace Model * href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html">Using * gMSAs for Linux Containers in the Amazon Elastic Container Service * Developer Guide.

This parameter maps to SecurityOpt in - * the docker conainer create command and the --security-opt option to - * docker run.

The Amazon ECS container agent running on a container - * instance must register with the ECS_SELINUX_CAPABLE=true or - * ECS_APPARMOR_CAPABLE=true environment variables before containers - * placed on that instance can use these security options. For more information, - * see --security-opt option + * to docker run.

The Amazon ECS container agent running on a + * container instance must register with the ECS_SELINUX_CAPABLE=true + * or ECS_APPARMOR_CAPABLE=true environment variables before + * containers placed on that instance can use these security options. For more + * information, see Amazon * ECS Container Agent Configuration in the Amazon Elastic Container Service * Developer Guide.

Valid values: "no-new-privileges" | @@ -785,7 +785,7 @@ namespace Model /** *

When this parameter is true, you can deploy containerized * applications that require stdin or a tty to be - * allocated. This parameter maps to OpenStdin in the docker conainer + * allocated. This parameter maps to OpenStdin in the docker container * create command and the --interactive option to docker run.

*/ inline bool GetInteractive() const{ return m_interactive; } @@ -797,7 +797,7 @@ namespace Model ///@{ /** *

When this parameter is true, a TTY is allocated. This parameter - * maps to Tty in tthe docker conainer create command and the + * maps to Tty in the docker container create command and the * --tty option to docker run.

*/ inline bool GetPseudoTerminal() const{ return m_pseudoTerminal; } @@ -809,7 +809,7 @@ namespace Model ///@{ /** *

A key/value map of labels to add to the container. This parameter maps to - * Labels in the docker conainer create command and the + * Labels in the docker container create command and the * --label option to docker run. This parameter requires version 1.18 * of the Docker Remote API or greater on your container instance. To check the * Docker Remote API version on your container instance, log in to your container @@ -835,9 +835,9 @@ namespace Model /** *

A list of ulimits to set in the container. If a * ulimit value is specified in a task definition, it overrides the - * default values set by Docker. This parameter maps to Ulimits in - * tthe docker conainer create command and the --ulimit option to - * docker run. Valid naming values are displayed in the Ulimits in the + * docker container create command and the --ulimit option to docker + * run. Valid naming values are displayed in the Ulimit * data type.

Amazon ECS tasks hosted on Fargate use the default resource * limit values set by the operating system with the exception of the @@ -864,7 +864,7 @@ namespace Model ///@{ /** *

The log configuration specification for the container.

This parameter - * maps to LogConfig in the docker conainer create command and the + * maps to LogConfig in the docker container create command and the * --log-driver option to docker run. By default, containers use the * same logging driver that the Docker daemon uses. However the container can use a * different logging driver than the Docker daemon by specifying a log driver with @@ -900,7 +900,7 @@ namespace Model /** *

The container health check command and associated configuration parameters * for the container. This parameter maps to HealthCheck in the docker - * conainer create command and the HEALTHCHECK parameter of docker + * container create command and the HEALTHCHECK parameter of docker * run.

*/ inline const HealthCheck& GetHealthCheck() const{ return m_healthCheck; } @@ -914,7 +914,7 @@ namespace Model ///@{ /** *

A list of namespaced kernel parameters to set in the container. This - * parameter maps to Sysctls in tthe docker conainer create command + * parameter maps to Sysctls in the docker container create command * and the --sysctl option to docker run. For example, you can * configure net.ipv4.tcp_keepalive_time setting to maintain longer * lived connections.

diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DeploymentConfiguration.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DeploymentConfiguration.h index 99576958cc0..07994fe0e1b 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DeploymentConfiguration.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DeploymentConfiguration.h @@ -76,13 +76,16 @@ namespace Model * The default maximumPercent value for a service using the * REPLICA service scheduler is 200%.

If a service is using * either the blue/green (CODE_DEPLOY) or EXTERNAL - * deployment types and tasks that use the EC2 launch type, the maximum - * percent value is set to the default value and is used to define the upper - * limit on the number of the tasks in the service that remain in the - * RUNNING state while the container instances are in the - * DRAINING state. If the tasks in the service use the Fargate launch - * type, the maximum percent value is not used, although it is returned when - * describing your service.

+ * deployment types, and tasks in the service use the EC2 launch type, the + * maximum percent value is set to the default value. The maximum + * percent value is used to define the upper limit on the number of the tasks + * in the service that remain in the RUNNING state while the container + * instances are in the DRAINING state.

You can't + * specify a custom maximumPercent value for a service that uses + * either the blue/green (CODE_DEPLOY) or EXTERNAL + * deployment types and has tasks that use the EC2 launch type.

If + * the tasks in the service use the Fargate launch type, the maximum percent value + * is not used, although it is returned when describing your service.

*/ inline int GetMaximumPercent() const{ return m_maximumPercent; } inline bool MaximumPercentHasBeenSet() const { return m_maximumPercentHasBeenSet; } @@ -132,13 +135,17 @@ namespace Model * value.

If a service is using either the blue/green * (CODE_DEPLOY) or EXTERNAL deployment types and is * running tasks that use the EC2 launch type, the minimum healthy percent - * value is set to the default value and is used to define the lower limit on the - * number of the tasks in the service that remain in the RUNNING state - * while the container instances are in the DRAINING state. If a - * service is using either the blue/green (CODE_DEPLOY) or - * EXTERNAL deployment types and is running tasks that use the Fargate - * launch type, the minimum healthy percent value is not used, although it is - * returned when describing your service.

+ * value is set to the default value. The minimum healthy percent value is + * used to define the lower limit on the number of the tasks in the service that + * remain in the RUNNING state while the container instances are in + * the DRAINING state.

You can't specify a custom + * minimumHealthyPercent value for a service that uses either the + * blue/green (CODE_DEPLOY) or EXTERNAL deployment types + * and has tasks that use the EC2 launch type.

If a service is using + * either the blue/green (CODE_DEPLOY) or EXTERNAL + * deployment types and is running tasks that use the Fargate launch type, the + * minimum healthy percent value is not used, although it is returned when + * describing your service.

*/ inline int GetMinimumHealthyPercent() const{ return m_minimumHealthyPercent; } inline bool MinimumHealthyPercentHasBeenSet() const { return m_minimumHealthyPercentHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DockerVolumeConfiguration.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DockerVolumeConfiguration.h index 921244290a8..5f752beb6e4 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DockerVolumeConfiguration.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/DockerVolumeConfiguration.h @@ -76,7 +76,7 @@ namespace Model * installed using the Docker plugin CLI, use docker plugin ls to * retrieve the driver name from your container instance. If the driver was * installed using another method, use Docker plugin discovery to retrieve the - * driver name. This parameter maps to Driver in the docker conainer + * driver name. This parameter maps to Driver in the docker container * create command and the xxdriver option to docker volume create.

*/ inline const Aws::String& GetDriver() const{ return m_driver; } @@ -113,7 +113,7 @@ namespace Model ///@{ /** *

Custom metadata to add to your Docker volume. This parameter maps to - * Labels in the docker conainer create command and the + * Labels in the docker container create command and the * xxlabel option to docker volume create.

*/ inline const Aws::Map& GetLabels() const{ return m_labels; } diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/HealthCheck.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/HealthCheck.h index 3fdef06fdde..d425132bbc7 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/HealthCheck.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/HealthCheck.h @@ -126,8 +126,8 @@ namespace Model * double quotes and brackets when you use the Amazon Web Services Management * Console.

CMD-SHELL, curl -f http://localhost/ || exit 1 *

An exit code of 0 indicates success, and non-zero exit code indicates - * failure. For more information, see HealthCheck in tthe docker - * conainer create command

+ * failure. For more information, see HealthCheck in the docker + * container create command

*/ inline const Aws::Vector& GetCommand() const{ return m_command; } inline bool CommandHasBeenSet() const { return m_commandHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/KernelCapabilities.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/KernelCapabilities.h index c7dad1fcfcd..2cc2af7f7b3 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/KernelCapabilities.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/KernelCapabilities.h @@ -46,7 +46,7 @@ namespace Model /** *

The Linux capabilities for the container that have been added to the default * configuration provided by Docker. This parameter maps to CapAdd in - * the docker conainer create command and the --cap-add option to + * the docker container create command and the --cap-add option to * docker run.

Tasks launched on Fargate only support adding the * SYS_PTRACE kernel capability.

Valid values: * "ALL" | "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | @@ -73,7 +73,7 @@ namespace Model /** *

The Linux capabilities for the container that have been removed from the * default configuration provided by Docker. This parameter maps to - * CapDrop in the docker conainer create command and the + * CapDrop in the docker container create command and the * --cap-drop option to docker run.

Valid values: "ALL" | * "AUDIT_CONTROL" | "AUDIT_WRITE" | "BLOCK_SUSPEND" | "CHOWN" | "DAC_OVERRIDE" | * "DAC_READ_SEARCH" | "FOWNER" | "FSETID" | "IPC_LOCK" | "IPC_OWNER" | "KILL" | diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LinuxParameters.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LinuxParameters.h index 2250f2d656e..ec235d42b4f 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LinuxParameters.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LinuxParameters.h @@ -62,7 +62,7 @@ namespace Model ///@{ /** *

Any host devices to expose to the container. This parameter maps to - * Devices in tthe docker conainer create command and the + * Devices in the docker container create command and the * --device option to docker run.

If you're using tasks * that use the Fargate launch type, the devices parameter isn't * supported.

diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LogConfiguration.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LogConfiguration.h index b35b5a4f53c..a08b3ba8131 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LogConfiguration.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/LogConfiguration.h @@ -29,7 +29,7 @@ namespace Model /** *

The log configuration for the container. This parameter maps to - * LogConfig in the docker conainer create command and the + * LogConfig in the docker container create command and the * --log-driver option to docker run.

By default, containers * use the same logging driver that the Docker daemon uses. However, the container * might use a different logging driver than the Docker daemon by specifying a log diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PortMapping.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PortMapping.h index 919c91f6005..656952d5ecf 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PortMapping.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PortMapping.h @@ -33,7 +33,7 @@ namespace Model * containerPort. The hostPort can be left blank or it * must be the same value as the containerPort.

Most fields of * this parameter (containerPort, hostPort, - * protocol) maps to PortBindings in the docker conainer + * protocol) maps to PortBindings in the docker container * create command and the --publish option to docker run. * If the network mode of a task definition is set to host, host ports * must either be undefined or match the container port in the port mapping.

diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PutAccountSettingRequest.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PutAccountSettingRequest.h index cd4880ad8c3..2315e4cca82 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PutAccountSettingRequest.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/PutAccountSettingRequest.h @@ -82,15 +82,13 @@ namespace Model * a VPC in dual-stack mode. For more information on using IPv6 with tasks * launched on Fargate, see Using - * a VPC in dual-stack mode.

  • fargateFIPSMode - - * If you specify fargateFIPSMode, Fargate FIPS 140 compliance is - * affected.

  • fargateTaskRetirementWaitPeriod - When - * Amazon Web Services determines that a security or infrastructure update is - * needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped - * and new tasks launched to replace them. Use - * fargateTaskRetirementWaitPeriod to configure the wait time to - * retire a Fargate task. For information about the Fargate tasks maintenance, see - * .

  • + * fargateTaskRetirementWaitPeriod - When Amazon Web Services + * determines that a security or infrastructure update is needed for an Amazon ECS + * task hosted on Fargate, the tasks need to be stopped and new tasks launched to + * replace them. Use fargateTaskRetirementWaitPeriod to configure the + * wait time to retire a Fargate task. For information about the Fargate tasks + * maintenance, see Amazon * Web Services Fargate task maintenance in the Amazon ECS Developer * Guide.

  • tagResourceAuthorization - Amazon ECS diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/SystemControl.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/SystemControl.h index 41391f0d263..034a67b8700 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/SystemControl.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/SystemControl.h @@ -25,7 +25,7 @@ namespace Model /** *

    A list of namespaced kernel parameters to set in the container. This - * parameter maps to Sysctls in tthe docker conainer create command + * parameter maps to Sysctls in the docker container create command * and the --sysctl option to docker run. For example, you can * configure net.ipv4.tcp_keepalive_time setting to maintain longer * lived connections.

    We don't recommend that you specify network-related diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/TaskDefinition.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/TaskDefinition.h index 76188dca617..0f84337bd02 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/TaskDefinition.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/TaskDefinition.h @@ -273,8 +273,8 @@ namespace Model ///@{ /** - *

    The task launch types the task definition validated against during task - * definition registration. For more information, see Amazon ECS validates the task definition parameters with those supported by + * the launch type. For more information, see Amazon * ECS launch types in the Amazon Elastic Container Service Developer * Guide.

    diff --git a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/Ulimit.h b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/Ulimit.h index e754c3a1b9f..d1d70ae3d14 100644 --- a/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/Ulimit.h +++ b/generated/src/aws-cpp-sdk-ecs/include/aws/ecs/model/Ulimit.h @@ -58,7 +58,9 @@ namespace Model ///@{ /** - *

    The soft limit for the ulimit type.

    + *

    The soft limit for the ulimit type. The value can be specified + * in bytes, seconds, or as a count, depending on the type of the + * ulimit.

    */ inline int GetSoftLimit() const{ return m_softLimit; } inline bool SoftLimitHasBeenSet() const { return m_softLimitHasBeenSet; } @@ -68,7 +70,9 @@ namespace Model ///@{ /** - *

    The hard limit for the ulimit type.

    + *

    The hard limit for the ulimit type. The value can be specified + * in bytes, seconds, or as a count, depending on the type of the + * ulimit.

    */ inline int GetHardLimit() const{ return m_hardLimit; } inline bool HardLimitHasBeenSet() const { return m_hardLimitHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/LambdaClient.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/LambdaClient.h index 749010551cd..6f46812fa1e 100644 --- a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/LambdaClient.h +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/LambdaClient.h @@ -714,6 +714,33 @@ namespace Lambda return SubmitAsync(&LambdaClient::DeleteProvisionedConcurrencyConfig, request, handler, context); } + /** + *

    Deletes a resource-based + * policy from a function.

    See Also:

    AWS + * API Reference

    + */ + virtual Model::DeleteResourcePolicyOutcome DeleteResourcePolicy(const Model::DeleteResourcePolicyRequest& request) const; + + /** + * A Callable wrapper for DeleteResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. + */ + template + Model::DeleteResourcePolicyOutcomeCallable DeleteResourcePolicyCallable(const DeleteResourcePolicyRequestT& request) const + { + return SubmitCallable(&LambdaClient::DeleteResourcePolicy, request); + } + + /** + * An Async wrapper for DeleteResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. + */ + template + void DeleteResourcePolicyAsync(const DeleteResourcePolicyRequestT& request, const DeleteResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const + { + return SubmitAsync(&LambdaClient::DeleteResourcePolicy, request, handler, context); + } + /** *

    Retrieves details about your account's limits and @@ -1147,6 +1174,59 @@ namespace Lambda return SubmitAsync(&LambdaClient::GetProvisionedConcurrencyConfig, request, handler, context); } + /** + *

    Retrieve the public-access settings for a function.

    See Also:

    + * AWS + * API Reference

    + */ + virtual Model::GetPublicAccessBlockConfigOutcome GetPublicAccessBlockConfig(const Model::GetPublicAccessBlockConfigRequest& request) const; + + /** + * A Callable wrapper for GetPublicAccessBlockConfig that returns a future to the operation so that it can be executed in parallel to other requests. + */ + template + Model::GetPublicAccessBlockConfigOutcomeCallable GetPublicAccessBlockConfigCallable(const GetPublicAccessBlockConfigRequestT& request) const + { + return SubmitCallable(&LambdaClient::GetPublicAccessBlockConfig, request); + } + + /** + * An Async wrapper for GetPublicAccessBlockConfig that queues the request into a thread executor and triggers associated callback when operation has finished. + */ + template + void GetPublicAccessBlockConfigAsync(const GetPublicAccessBlockConfigRequestT& request, const GetPublicAccessBlockConfigResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const + { + return SubmitAsync(&LambdaClient::GetPublicAccessBlockConfig, request, handler, context); + } + + /** + *

    Retrieves the resource-based + * policy attached to a function.

    See Also:

    AWS + * API Reference

    + */ + virtual Model::GetResourcePolicyOutcome GetResourcePolicy(const Model::GetResourcePolicyRequest& request) const; + + /** + * A Callable wrapper for GetResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. + */ + template + Model::GetResourcePolicyOutcomeCallable GetResourcePolicyCallable(const GetResourcePolicyRequestT& request) const + { + return SubmitCallable(&LambdaClient::GetResourcePolicy, request); + } + + /** + * An Async wrapper for GetResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. + */ + template + void GetResourcePolicyAsync(const GetResourcePolicyRequestT& request, const GetResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const + { + return SubmitAsync(&LambdaClient::GetResourcePolicy, request, handler, context); + } + /** *

    Retrieves the runtime management configuration for a function's version. If * the runtime update mode is Manual, this includes the ARN of the runtime @@ -1853,6 +1933,75 @@ namespace Lambda return SubmitAsync(&LambdaClient::PutProvisionedConcurrencyConfig, request, handler, context); } + /** + *

    Configure your function's public-access settings.

    To control public + * access to a Lambda function, you can choose whether to allow the creation of resource-based + * policies that allow public access to that function. You can also block + * public access to a function, even if it has an existing resource-based policy + * that allows it.

    See Also:

    AWS + * API Reference

    + */ + virtual Model::PutPublicAccessBlockConfigOutcome PutPublicAccessBlockConfig(const Model::PutPublicAccessBlockConfigRequest& request) const; + + /** + * A Callable wrapper for PutPublicAccessBlockConfig that returns a future to the operation so that it can be executed in parallel to other requests. + */ + template + Model::PutPublicAccessBlockConfigOutcomeCallable PutPublicAccessBlockConfigCallable(const PutPublicAccessBlockConfigRequestT& request) const + { + return SubmitCallable(&LambdaClient::PutPublicAccessBlockConfig, request); + } + + /** + * An Async wrapper for PutPublicAccessBlockConfig that queues the request into a thread executor and triggers associated callback when operation has finished. + */ + template + void PutPublicAccessBlockConfigAsync(const PutPublicAccessBlockConfigRequestT& request, const PutPublicAccessBlockConfigResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const + { + return SubmitAsync(&LambdaClient::PutPublicAccessBlockConfig, request, handler, context); + } + + /** + *

    Adds a resource-based + * policy to a function. You can use resource-based policies to grant access to + * other Amazon + * Web Services accounts, organizations, + * or services. + * Resource-based policies apply to a single function, version, or alias.

    + *

    Adding a resource-based policy using this API action replaces any + * existing policy you've previously created. This means that if you've previously + * added resource-based permissions to a function using the AddPermission + * action, those permissions will be overwritten by your new policy.

    + *

    See Also:

    AWS + * API Reference

    + */ + virtual Model::PutResourcePolicyOutcome PutResourcePolicy(const Model::PutResourcePolicyRequest& request) const; + + /** + * A Callable wrapper for PutResourcePolicy that returns a future to the operation so that it can be executed in parallel to other requests. + */ + template + Model::PutResourcePolicyOutcomeCallable PutResourcePolicyCallable(const PutResourcePolicyRequestT& request) const + { + return SubmitCallable(&LambdaClient::PutResourcePolicy, request); + } + + /** + * An Async wrapper for PutResourcePolicy that queues the request into a thread executor and triggers associated callback when operation has finished. + */ + template + void PutResourcePolicyAsync(const PutResourcePolicyRequestT& request, const PutResourcePolicyResponseReceivedHandler& handler, const std::shared_ptr& context = nullptr) const + { + return SubmitAsync(&LambdaClient::PutResourcePolicy, request, handler, context); + } + /** *

    Sets the runtime management configuration for a function's version. For more * information, see #include #include +#include +#include #include #include #include @@ -64,6 +66,8 @@ #include #include #include +#include +#include #include #include #include @@ -135,6 +139,7 @@ namespace Aws class DeleteFunctionUrlConfigRequest; class DeleteLayerVersionRequest; class DeleteProvisionedConcurrencyConfigRequest; + class DeleteResourcePolicyRequest; class GetAccountSettingsRequest; class GetAliasRequest; class GetCodeSigningConfigRequest; @@ -151,6 +156,8 @@ namespace Aws class GetLayerVersionPolicyRequest; class GetPolicyRequest; class GetProvisionedConcurrencyConfigRequest; + class GetPublicAccessBlockConfigRequest; + class GetResourcePolicyRequest; class GetRuntimeManagementConfigRequest; class InvokeRequest; class InvokeWithResponseStreamRequest; @@ -173,6 +180,8 @@ namespace Aws class PutFunctionEventInvokeConfigRequest; class PutFunctionRecursionConfigRequest; class PutProvisionedConcurrencyConfigRequest; + class PutPublicAccessBlockConfigRequest; + class PutResourcePolicyRequest; class PutRuntimeManagementConfigRequest; class RemoveLayerVersionPermissionRequest; class RemovePermissionRequest; @@ -205,6 +214,7 @@ namespace Aws typedef Aws::Utils::Outcome DeleteFunctionUrlConfigOutcome; typedef Aws::Utils::Outcome DeleteLayerVersionOutcome; typedef Aws::Utils::Outcome DeleteProvisionedConcurrencyConfigOutcome; + typedef Aws::Utils::Outcome DeleteResourcePolicyOutcome; typedef Aws::Utils::Outcome GetAccountSettingsOutcome; typedef Aws::Utils::Outcome GetAliasOutcome; typedef Aws::Utils::Outcome GetCodeSigningConfigOutcome; @@ -221,6 +231,8 @@ namespace Aws typedef Aws::Utils::Outcome GetLayerVersionPolicyOutcome; typedef Aws::Utils::Outcome GetPolicyOutcome; typedef Aws::Utils::Outcome GetProvisionedConcurrencyConfigOutcome; + typedef Aws::Utils::Outcome GetPublicAccessBlockConfigOutcome; + typedef Aws::Utils::Outcome GetResourcePolicyOutcome; typedef Aws::Utils::Outcome GetRuntimeManagementConfigOutcome; typedef Aws::Utils::Outcome InvokeOutcome; typedef Aws::Utils::Outcome InvokeWithResponseStreamOutcome; @@ -243,6 +255,8 @@ namespace Aws typedef Aws::Utils::Outcome PutFunctionEventInvokeConfigOutcome; typedef Aws::Utils::Outcome PutFunctionRecursionConfigOutcome; typedef Aws::Utils::Outcome PutProvisionedConcurrencyConfigOutcome; + typedef Aws::Utils::Outcome PutPublicAccessBlockConfigOutcome; + typedef Aws::Utils::Outcome PutResourcePolicyOutcome; typedef Aws::Utils::Outcome PutRuntimeManagementConfigOutcome; typedef Aws::Utils::Outcome RemoveLayerVersionPermissionOutcome; typedef Aws::Utils::Outcome RemovePermissionOutcome; @@ -275,6 +289,7 @@ namespace Aws typedef std::future DeleteFunctionUrlConfigOutcomeCallable; typedef std::future DeleteLayerVersionOutcomeCallable; typedef std::future DeleteProvisionedConcurrencyConfigOutcomeCallable; + typedef std::future DeleteResourcePolicyOutcomeCallable; typedef std::future GetAccountSettingsOutcomeCallable; typedef std::future GetAliasOutcomeCallable; typedef std::future GetCodeSigningConfigOutcomeCallable; @@ -291,6 +306,8 @@ namespace Aws typedef std::future GetLayerVersionPolicyOutcomeCallable; typedef std::future GetPolicyOutcomeCallable; typedef std::future GetProvisionedConcurrencyConfigOutcomeCallable; + typedef std::future GetPublicAccessBlockConfigOutcomeCallable; + typedef std::future GetResourcePolicyOutcomeCallable; typedef std::future GetRuntimeManagementConfigOutcomeCallable; typedef std::future InvokeOutcomeCallable; typedef std::future InvokeWithResponseStreamOutcomeCallable; @@ -313,6 +330,8 @@ namespace Aws typedef std::future PutFunctionEventInvokeConfigOutcomeCallable; typedef std::future PutFunctionRecursionConfigOutcomeCallable; typedef std::future PutProvisionedConcurrencyConfigOutcomeCallable; + typedef std::future PutPublicAccessBlockConfigOutcomeCallable; + typedef std::future PutResourcePolicyOutcomeCallable; typedef std::future PutRuntimeManagementConfigOutcomeCallable; typedef std::future RemoveLayerVersionPermissionOutcomeCallable; typedef std::future RemovePermissionOutcomeCallable; @@ -348,6 +367,7 @@ namespace Aws typedef std::function&) > DeleteFunctionUrlConfigResponseReceivedHandler; typedef std::function&) > DeleteLayerVersionResponseReceivedHandler; typedef std::function&) > DeleteProvisionedConcurrencyConfigResponseReceivedHandler; + typedef std::function&) > DeleteResourcePolicyResponseReceivedHandler; typedef std::function&) > GetAccountSettingsResponseReceivedHandler; typedef std::function&) > GetAliasResponseReceivedHandler; typedef std::function&) > GetCodeSigningConfigResponseReceivedHandler; @@ -364,6 +384,8 @@ namespace Aws typedef std::function&) > GetLayerVersionPolicyResponseReceivedHandler; typedef std::function&) > GetPolicyResponseReceivedHandler; typedef std::function&) > GetProvisionedConcurrencyConfigResponseReceivedHandler; + typedef std::function&) > GetPublicAccessBlockConfigResponseReceivedHandler; + typedef std::function&) > GetResourcePolicyResponseReceivedHandler; typedef std::function&) > GetRuntimeManagementConfigResponseReceivedHandler; typedef std::function&) > InvokeResponseReceivedHandler; typedef std::function&) > InvokeWithResponseStreamResponseReceivedHandler; @@ -386,6 +408,8 @@ namespace Aws typedef std::function&) > PutFunctionEventInvokeConfigResponseReceivedHandler; typedef std::function&) > PutFunctionRecursionConfigResponseReceivedHandler; typedef std::function&) > PutProvisionedConcurrencyConfigResponseReceivedHandler; + typedef std::function&) > PutPublicAccessBlockConfigResponseReceivedHandler; + typedef std::function&) > PutResourcePolicyResponseReceivedHandler; typedef std::function&) > PutRuntimeManagementConfigResponseReceivedHandler; typedef std::function&) > RemoveLayerVersionPermissionResponseReceivedHandler; typedef std::function&) > RemovePermissionResponseReceivedHandler; diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/DeleteResourcePolicyRequest.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/DeleteResourcePolicyRequest.h new file mode 100644 index 00000000000..6d81e8d781b --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/DeleteResourcePolicyRequest.h @@ -0,0 +1,83 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +namespace Http +{ + class URI; +} //namespace Http +namespace Lambda +{ +namespace Model +{ + + /** + */ + class DeleteResourcePolicyRequest : public LambdaRequest + { + public: + AWS_LAMBDA_API DeleteResourcePolicyRequest(); + + // Service request name is the Operation name which will send this request out, + // each operation should has unique request name, so that we can get operation's name from this request. + // Note: this is not true for response, multiple operations may have the same response name, + // so we can not get operation's name from response. + inline virtual const char* GetServiceRequestName() const override { return "DeleteResourcePolicy"; } + + AWS_LAMBDA_API Aws::String SerializePayload() const override; + + AWS_LAMBDA_API void AddQueryStringParameters(Aws::Http::URI& uri) const override; + + + ///@{ + /** + *

    The Amazon Resource Name (ARN) of the function you want to delete the policy + * from. You can use either a qualified or an unqualified ARN, but the value you + * specify must be a complete ARN and wildcard characters are not accepted.

    + */ + inline const Aws::String& GetResourceArn() const{ return m_resourceArn; } + inline bool ResourceArnHasBeenSet() const { return m_resourceArnHasBeenSet; } + inline void SetResourceArn(const Aws::String& value) { m_resourceArnHasBeenSet = true; m_resourceArn = value; } + inline void SetResourceArn(Aws::String&& value) { m_resourceArnHasBeenSet = true; m_resourceArn = std::move(value); } + inline void SetResourceArn(const char* value) { m_resourceArnHasBeenSet = true; m_resourceArn.assign(value); } + inline DeleteResourcePolicyRequest& WithResourceArn(const Aws::String& value) { SetResourceArn(value); return *this;} + inline DeleteResourcePolicyRequest& WithResourceArn(Aws::String&& value) { SetResourceArn(std::move(value)); return *this;} + inline DeleteResourcePolicyRequest& WithResourceArn(const char* value) { SetResourceArn(value); return *this;} + ///@} + + ///@{ + /** + *

    Delete the existing policy only if its revision ID matches the string you + * specify. To find the revision ID of the policy currently attached to your + * function, use the GetResourcePolicy action.

    + */ + inline const Aws::String& GetRevisionId() const{ return m_revisionId; } + inline bool RevisionIdHasBeenSet() const { return m_revisionIdHasBeenSet; } + inline void SetRevisionId(const Aws::String& value) { m_revisionIdHasBeenSet = true; m_revisionId = value; } + inline void SetRevisionId(Aws::String&& value) { m_revisionIdHasBeenSet = true; m_revisionId = std::move(value); } + inline void SetRevisionId(const char* value) { m_revisionIdHasBeenSet = true; m_revisionId.assign(value); } + inline DeleteResourcePolicyRequest& WithRevisionId(const Aws::String& value) { SetRevisionId(value); return *this;} + inline DeleteResourcePolicyRequest& WithRevisionId(Aws::String&& value) { SetRevisionId(std::move(value)); return *this;} + inline DeleteResourcePolicyRequest& WithRevisionId(const char* value) { SetRevisionId(value); return *this;} + ///@} + private: + + Aws::String m_resourceArn; + bool m_resourceArnHasBeenSet = false; + + Aws::String m_revisionId; + bool m_revisionIdHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigRequest.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigRequest.h new file mode 100644 index 00000000000..684229dd43f --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigRequest.h @@ -0,0 +1,57 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + + /** + */ + class GetPublicAccessBlockConfigRequest : public LambdaRequest + { + public: + AWS_LAMBDA_API GetPublicAccessBlockConfigRequest(); + + // Service request name is the Operation name which will send this request out, + // each operation should has unique request name, so that we can get operation's name from this request. + // Note: this is not true for response, multiple operations may have the same response name, + // so we can not get operation's name from response. + inline virtual const char* GetServiceRequestName() const override { return "GetPublicAccessBlockConfig"; } + + AWS_LAMBDA_API Aws::String SerializePayload() const override; + + + ///@{ + /** + *

    The Amazon Resource Name (ARN) of the function you want to retrieve + * public-access settings for.

    + */ + inline const Aws::String& GetResourceArn() const{ return m_resourceArn; } + inline bool ResourceArnHasBeenSet() const { return m_resourceArnHasBeenSet; } + inline void SetResourceArn(const Aws::String& value) { m_resourceArnHasBeenSet = true; m_resourceArn = value; } + inline void SetResourceArn(Aws::String&& value) { m_resourceArnHasBeenSet = true; m_resourceArn = std::move(value); } + inline void SetResourceArn(const char* value) { m_resourceArnHasBeenSet = true; m_resourceArn.assign(value); } + inline GetPublicAccessBlockConfigRequest& WithResourceArn(const Aws::String& value) { SetResourceArn(value); return *this;} + inline GetPublicAccessBlockConfigRequest& WithResourceArn(Aws::String&& value) { SetResourceArn(std::move(value)); return *this;} + inline GetPublicAccessBlockConfigRequest& WithResourceArn(const char* value) { SetResourceArn(value); return *this;} + ///@} + private: + + Aws::String m_resourceArn; + bool m_resourceArnHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigResult.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigResult.h new file mode 100644 index 00000000000..c88f4c91f51 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetPublicAccessBlockConfigResult.h @@ -0,0 +1,66 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +template +class AmazonWebServiceResult; + +namespace Utils +{ +namespace Json +{ + class JsonValue; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + class GetPublicAccessBlockConfigResult + { + public: + AWS_LAMBDA_API GetPublicAccessBlockConfigResult(); + AWS_LAMBDA_API GetPublicAccessBlockConfigResult(const Aws::AmazonWebServiceResult& result); + AWS_LAMBDA_API GetPublicAccessBlockConfigResult& operator=(const Aws::AmazonWebServiceResult& result); + + + ///@{ + /** + *

    The public-access settings configured for the function you specified

    + */ + inline const PublicAccessBlockConfig& GetPublicAccessBlockConfig() const{ return m_publicAccessBlockConfig; } + inline void SetPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { m_publicAccessBlockConfig = value; } + inline void SetPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { m_publicAccessBlockConfig = std::move(value); } + inline GetPublicAccessBlockConfigResult& WithPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { SetPublicAccessBlockConfig(value); return *this;} + inline GetPublicAccessBlockConfigResult& WithPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { SetPublicAccessBlockConfig(std::move(value)); return *this;} + ///@} + + ///@{ + + inline const Aws::String& GetRequestId() const{ return m_requestId; } + inline void SetRequestId(const Aws::String& value) { m_requestId = value; } + inline void SetRequestId(Aws::String&& value) { m_requestId = std::move(value); } + inline void SetRequestId(const char* value) { m_requestId.assign(value); } + inline GetPublicAccessBlockConfigResult& WithRequestId(const Aws::String& value) { SetRequestId(value); return *this;} + inline GetPublicAccessBlockConfigResult& WithRequestId(Aws::String&& value) { SetRequestId(std::move(value)); return *this;} + inline GetPublicAccessBlockConfigResult& WithRequestId(const char* value) { SetRequestId(value); return *this;} + ///@} + private: + + PublicAccessBlockConfig m_publicAccessBlockConfig; + + Aws::String m_requestId; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyRequest.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyRequest.h new file mode 100644 index 00000000000..c597b6e7c72 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyRequest.h @@ -0,0 +1,58 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + + /** + */ + class GetResourcePolicyRequest : public LambdaRequest + { + public: + AWS_LAMBDA_API GetResourcePolicyRequest(); + + // Service request name is the Operation name which will send this request out, + // each operation should has unique request name, so that we can get operation's name from this request. + // Note: this is not true for response, multiple operations may have the same response name, + // so we can not get operation's name from response. + inline virtual const char* GetServiceRequestName() const override { return "GetResourcePolicy"; } + + AWS_LAMBDA_API Aws::String SerializePayload() const override; + + + ///@{ + /** + *

    The Amazon Resource Name (ARN) of the function you want to retrieve the + * policy for. You can use either a qualified or an unqualified ARN, but the value + * you specify must be a complete ARN and wildcard characters are not accepted.

    + */ + inline const Aws::String& GetResourceArn() const{ return m_resourceArn; } + inline bool ResourceArnHasBeenSet() const { return m_resourceArnHasBeenSet; } + inline void SetResourceArn(const Aws::String& value) { m_resourceArnHasBeenSet = true; m_resourceArn = value; } + inline void SetResourceArn(Aws::String&& value) { m_resourceArnHasBeenSet = true; m_resourceArn = std::move(value); } + inline void SetResourceArn(const char* value) { m_resourceArnHasBeenSet = true; m_resourceArn.assign(value); } + inline GetResourcePolicyRequest& WithResourceArn(const Aws::String& value) { SetResourceArn(value); return *this;} + inline GetResourcePolicyRequest& WithResourceArn(Aws::String&& value) { SetResourceArn(std::move(value)); return *this;} + inline GetResourcePolicyRequest& WithResourceArn(const char* value) { SetResourceArn(value); return *this;} + ///@} + private: + + Aws::String m_resourceArn; + bool m_resourceArnHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyResult.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyResult.h new file mode 100644 index 00000000000..fd234363a4e --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/GetResourcePolicyResult.h @@ -0,0 +1,82 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include + +namespace Aws +{ +template +class AmazonWebServiceResult; + +namespace Utils +{ +namespace Json +{ + class JsonValue; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + class GetResourcePolicyResult + { + public: + AWS_LAMBDA_API GetResourcePolicyResult(); + AWS_LAMBDA_API GetResourcePolicyResult(const Aws::AmazonWebServiceResult& result); + AWS_LAMBDA_API GetResourcePolicyResult& operator=(const Aws::AmazonWebServiceResult& result); + + + ///@{ + /** + *

    The resource-based policy attached to the function you specified.

    + */ + inline const Aws::String& GetPolicy() const{ return m_policy; } + inline void SetPolicy(const Aws::String& value) { m_policy = value; } + inline void SetPolicy(Aws::String&& value) { m_policy = std::move(value); } + inline void SetPolicy(const char* value) { m_policy.assign(value); } + inline GetResourcePolicyResult& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} + inline GetResourcePolicyResult& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} + inline GetResourcePolicyResult& WithPolicy(const char* value) { SetPolicy(value); return *this;} + ///@} + + ///@{ + /** + *

    The revision ID of the policy.

    + */ + inline const Aws::String& GetRevisionId() const{ return m_revisionId; } + inline void SetRevisionId(const Aws::String& value) { m_revisionId = value; } + inline void SetRevisionId(Aws::String&& value) { m_revisionId = std::move(value); } + inline void SetRevisionId(const char* value) { m_revisionId.assign(value); } + inline GetResourcePolicyResult& WithRevisionId(const Aws::String& value) { SetRevisionId(value); return *this;} + inline GetResourcePolicyResult& WithRevisionId(Aws::String&& value) { SetRevisionId(std::move(value)); return *this;} + inline GetResourcePolicyResult& WithRevisionId(const char* value) { SetRevisionId(value); return *this;} + ///@} + + ///@{ + + inline const Aws::String& GetRequestId() const{ return m_requestId; } + inline void SetRequestId(const Aws::String& value) { m_requestId = value; } + inline void SetRequestId(Aws::String&& value) { m_requestId = std::move(value); } + inline void SetRequestId(const char* value) { m_requestId.assign(value); } + inline GetResourcePolicyResult& WithRequestId(const Aws::String& value) { SetRequestId(value); return *this;} + inline GetResourcePolicyResult& WithRequestId(Aws::String&& value) { SetRequestId(std::move(value)); return *this;} + inline GetResourcePolicyResult& WithRequestId(const char* value) { SetRequestId(value); return *this;} + ///@} + private: + + Aws::String m_policy; + + Aws::String m_revisionId; + + Aws::String m_requestId; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicAccessBlockConfig.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicAccessBlockConfig.h new file mode 100644 index 00000000000..da0857f3961 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicAccessBlockConfig.h @@ -0,0 +1,76 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include + +namespace Aws +{ +namespace Utils +{ +namespace Json +{ + class JsonValue; + class JsonView; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + + /** + *

    An object that defines the public-access settings for a + * function.

    See Also:

    AWS + * API Reference

    + */ + class PublicAccessBlockConfig + { + public: + AWS_LAMBDA_API PublicAccessBlockConfig(); + AWS_LAMBDA_API PublicAccessBlockConfig(Aws::Utils::Json::JsonView jsonValue); + AWS_LAMBDA_API PublicAccessBlockConfig& operator=(Aws::Utils::Json::JsonView jsonValue); + AWS_LAMBDA_API Aws::Utils::Json::JsonValue Jsonize() const; + + + ///@{ + /** + *

    To block the creation of resource-based policies that would grant public + * access to your function, set BlockPublicPolicy to + * true. To allow the creation of resource-based policies that would + * grant public access to your function, set BlockPublicPolicy to + * false.

    + */ + inline bool GetBlockPublicPolicy() const{ return m_blockPublicPolicy; } + inline bool BlockPublicPolicyHasBeenSet() const { return m_blockPublicPolicyHasBeenSet; } + inline void SetBlockPublicPolicy(bool value) { m_blockPublicPolicyHasBeenSet = true; m_blockPublicPolicy = value; } + inline PublicAccessBlockConfig& WithBlockPublicPolicy(bool value) { SetBlockPublicPolicy(value); return *this;} + ///@} + + ///@{ + /** + *

    To block public access to your function, even if its resource-based policy + * allows it, set RestrictPublicResource to true. To + * allow public access to a function with a resource-based policy that permits it, + * set RestrictPublicResource to false.

    + */ + inline bool GetRestrictPublicResource() const{ return m_restrictPublicResource; } + inline bool RestrictPublicResourceHasBeenSet() const { return m_restrictPublicResourceHasBeenSet; } + inline void SetRestrictPublicResource(bool value) { m_restrictPublicResourceHasBeenSet = true; m_restrictPublicResource = value; } + inline PublicAccessBlockConfig& WithRestrictPublicResource(bool value) { SetRestrictPublicResource(value); return *this;} + ///@} + private: + + bool m_blockPublicPolicy; + bool m_blockPublicPolicyHasBeenSet = false; + + bool m_restrictPublicResource; + bool m_restrictPublicResourceHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicPolicyException.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicPolicyException.h new file mode 100644 index 00000000000..b22e82b4cb9 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PublicPolicyException.h @@ -0,0 +1,79 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include + +namespace Aws +{ +namespace Utils +{ +namespace Json +{ + class JsonValue; + class JsonView; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + + /** + *

    Lambda prevented your policy from being created because it would grant public + * access to your function. If you intended to create a public policy, use the + * PutPublicAccessBlockConfig API action to configure your function's + * public-access settings to allow public policies.

    See Also:

    AWS + * API Reference

    + */ + class PublicPolicyException + { + public: + AWS_LAMBDA_API PublicPolicyException(); + AWS_LAMBDA_API PublicPolicyException(Aws::Utils::Json::JsonView jsonValue); + AWS_LAMBDA_API PublicPolicyException& operator=(Aws::Utils::Json::JsonView jsonValue); + AWS_LAMBDA_API Aws::Utils::Json::JsonValue Jsonize() const; + + + ///@{ + /** + *

    The exception type.

    + */ + inline const Aws::String& GetType() const{ return m_type; } + inline bool TypeHasBeenSet() const { return m_typeHasBeenSet; } + inline void SetType(const Aws::String& value) { m_typeHasBeenSet = true; m_type = value; } + inline void SetType(Aws::String&& value) { m_typeHasBeenSet = true; m_type = std::move(value); } + inline void SetType(const char* value) { m_typeHasBeenSet = true; m_type.assign(value); } + inline PublicPolicyException& WithType(const Aws::String& value) { SetType(value); return *this;} + inline PublicPolicyException& WithType(Aws::String&& value) { SetType(std::move(value)); return *this;} + inline PublicPolicyException& WithType(const char* value) { SetType(value); return *this;} + ///@} + + ///@{ + + inline const Aws::String& GetMessage() const{ return m_message; } + inline bool MessageHasBeenSet() const { return m_messageHasBeenSet; } + inline void SetMessage(const Aws::String& value) { m_messageHasBeenSet = true; m_message = value; } + inline void SetMessage(Aws::String&& value) { m_messageHasBeenSet = true; m_message = std::move(value); } + inline void SetMessage(const char* value) { m_messageHasBeenSet = true; m_message.assign(value); } + inline PublicPolicyException& WithMessage(const Aws::String& value) { SetMessage(value); return *this;} + inline PublicPolicyException& WithMessage(Aws::String&& value) { SetMessage(std::move(value)); return *this;} + inline PublicPolicyException& WithMessage(const char* value) { SetMessage(value); return *this;} + ///@} + private: + + Aws::String m_type; + bool m_typeHasBeenSet = false; + + Aws::String m_message; + bool m_messageHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigRequest.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigRequest.h new file mode 100644 index 00000000000..8662f8ed661 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigRequest.h @@ -0,0 +1,85 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include +#include + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + + /** + */ + class PutPublicAccessBlockConfigRequest : public LambdaRequest + { + public: + AWS_LAMBDA_API PutPublicAccessBlockConfigRequest(); + + // Service request name is the Operation name which will send this request out, + // each operation should has unique request name, so that we can get operation's name from this request. + // Note: this is not true for response, multiple operations may have the same response name, + // so we can not get operation's name from response. + inline virtual const char* GetServiceRequestName() const override { return "PutPublicAccessBlockConfig"; } + + AWS_LAMBDA_API Aws::String SerializePayload() const override; + + + ///@{ + /** + *

    The Amazon Resource Name (ARN) of the function you want to configure + * public-access settings for. Public-access settings are applied at the function + * level, so you can't apply different settings to function versions or + * aliases.

    + */ + inline const Aws::String& GetResourceArn() const{ return m_resourceArn; } + inline bool ResourceArnHasBeenSet() const { return m_resourceArnHasBeenSet; } + inline void SetResourceArn(const Aws::String& value) { m_resourceArnHasBeenSet = true; m_resourceArn = value; } + inline void SetResourceArn(Aws::String&& value) { m_resourceArnHasBeenSet = true; m_resourceArn = std::move(value); } + inline void SetResourceArn(const char* value) { m_resourceArnHasBeenSet = true; m_resourceArn.assign(value); } + inline PutPublicAccessBlockConfigRequest& WithResourceArn(const Aws::String& value) { SetResourceArn(value); return *this;} + inline PutPublicAccessBlockConfigRequest& WithResourceArn(Aws::String&& value) { SetResourceArn(std::move(value)); return *this;} + inline PutPublicAccessBlockConfigRequest& WithResourceArn(const char* value) { SetResourceArn(value); return *this;} + ///@} + + ///@{ + /** + *

    An object defining the public-access settings you want to apply.

    To + * block the creation of resource-based policies that would grant public access to + * your function, set BlockPublicPolicy to true. To allow + * the creation of resource-based policies that would grant public access to your + * function, set BlockPublicPolicy to false.

    To + * block public access to your function, even if its resource-based policy allows + * it, set RestrictPublicResource to true. To allow + * public access to a function with a resource-based policy that permits it, set + * RestrictPublicResource to false.

    The default + * setting for both BlockPublicPolicy and + * RestrictPublicResource is true.

    + */ + inline const PublicAccessBlockConfig& GetPublicAccessBlockConfig() const{ return m_publicAccessBlockConfig; } + inline bool PublicAccessBlockConfigHasBeenSet() const { return m_publicAccessBlockConfigHasBeenSet; } + inline void SetPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { m_publicAccessBlockConfigHasBeenSet = true; m_publicAccessBlockConfig = value; } + inline void SetPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { m_publicAccessBlockConfigHasBeenSet = true; m_publicAccessBlockConfig = std::move(value); } + inline PutPublicAccessBlockConfigRequest& WithPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { SetPublicAccessBlockConfig(value); return *this;} + inline PutPublicAccessBlockConfigRequest& WithPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { SetPublicAccessBlockConfig(std::move(value)); return *this;} + ///@} + private: + + Aws::String m_resourceArn; + bool m_resourceArnHasBeenSet = false; + + PublicAccessBlockConfig m_publicAccessBlockConfig; + bool m_publicAccessBlockConfigHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigResult.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigResult.h new file mode 100644 index 00000000000..ff030b54a2b --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutPublicAccessBlockConfigResult.h @@ -0,0 +1,66 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +template +class AmazonWebServiceResult; + +namespace Utils +{ +namespace Json +{ + class JsonValue; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + class PutPublicAccessBlockConfigResult + { + public: + AWS_LAMBDA_API PutPublicAccessBlockConfigResult(); + AWS_LAMBDA_API PutPublicAccessBlockConfigResult(const Aws::AmazonWebServiceResult& result); + AWS_LAMBDA_API PutPublicAccessBlockConfigResult& operator=(const Aws::AmazonWebServiceResult& result); + + + ///@{ + /** + *

    The public-access settings Lambda applied to your function.

    + */ + inline const PublicAccessBlockConfig& GetPublicAccessBlockConfig() const{ return m_publicAccessBlockConfig; } + inline void SetPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { m_publicAccessBlockConfig = value; } + inline void SetPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { m_publicAccessBlockConfig = std::move(value); } + inline PutPublicAccessBlockConfigResult& WithPublicAccessBlockConfig(const PublicAccessBlockConfig& value) { SetPublicAccessBlockConfig(value); return *this;} + inline PutPublicAccessBlockConfigResult& WithPublicAccessBlockConfig(PublicAccessBlockConfig&& value) { SetPublicAccessBlockConfig(std::move(value)); return *this;} + ///@} + + ///@{ + + inline const Aws::String& GetRequestId() const{ return m_requestId; } + inline void SetRequestId(const Aws::String& value) { m_requestId = value; } + inline void SetRequestId(Aws::String&& value) { m_requestId = std::move(value); } + inline void SetRequestId(const char* value) { m_requestId.assign(value); } + inline PutPublicAccessBlockConfigResult& WithRequestId(const Aws::String& value) { SetRequestId(value); return *this;} + inline PutPublicAccessBlockConfigResult& WithRequestId(Aws::String&& value) { SetRequestId(std::move(value)); return *this;} + inline PutPublicAccessBlockConfigResult& WithRequestId(const char* value) { SetRequestId(value); return *this;} + ///@} + private: + + PublicAccessBlockConfig m_publicAccessBlockConfig; + + Aws::String m_requestId; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyRequest.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyRequest.h new file mode 100644 index 00000000000..13fd8450763 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyRequest.h @@ -0,0 +1,97 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include +#include + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + + /** + */ + class PutResourcePolicyRequest : public LambdaRequest + { + public: + AWS_LAMBDA_API PutResourcePolicyRequest(); + + // Service request name is the Operation name which will send this request out, + // each operation should has unique request name, so that we can get operation's name from this request. + // Note: this is not true for response, multiple operations may have the same response name, + // so we can not get operation's name from response. + inline virtual const char* GetServiceRequestName() const override { return "PutResourcePolicy"; } + + AWS_LAMBDA_API Aws::String SerializePayload() const override; + + + ///@{ + /** + *

    The Amazon Resource Name (ARN) of the function you want to add the policy to. + * You can use either a qualified or an unqualified ARN, but the value you specify + * must be a complete ARN and wildcard characters are not accepted.

    + */ + inline const Aws::String& GetResourceArn() const{ return m_resourceArn; } + inline bool ResourceArnHasBeenSet() const { return m_resourceArnHasBeenSet; } + inline void SetResourceArn(const Aws::String& value) { m_resourceArnHasBeenSet = true; m_resourceArn = value; } + inline void SetResourceArn(Aws::String&& value) { m_resourceArnHasBeenSet = true; m_resourceArn = std::move(value); } + inline void SetResourceArn(const char* value) { m_resourceArnHasBeenSet = true; m_resourceArn.assign(value); } + inline PutResourcePolicyRequest& WithResourceArn(const Aws::String& value) { SetResourceArn(value); return *this;} + inline PutResourcePolicyRequest& WithResourceArn(Aws::String&& value) { SetResourceArn(std::move(value)); return *this;} + inline PutResourcePolicyRequest& WithResourceArn(const char* value) { SetResourceArn(value); return *this;} + ///@} + + ///@{ + /** + *

    The JSON resource-based policy you want to add to your function.

    To + * learn more about creating resource-based policies for controlling access to + * Lambda, see Working with resource-based + * IAM policies in Lambda in the Lambda Developer Guide.

    + */ + inline const Aws::String& GetPolicy() const{ return m_policy; } + inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } + inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } + inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } + inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } + inline PutResourcePolicyRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} + inline PutResourcePolicyRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} + inline PutResourcePolicyRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} + ///@} + + ///@{ + /** + *

    Replace the existing policy only if its revision ID matches the string you + * specify. To find the revision ID of the policy currently attached to your + * function, use the GetResourcePolicy action.

    + */ + inline const Aws::String& GetRevisionId() const{ return m_revisionId; } + inline bool RevisionIdHasBeenSet() const { return m_revisionIdHasBeenSet; } + inline void SetRevisionId(const Aws::String& value) { m_revisionIdHasBeenSet = true; m_revisionId = value; } + inline void SetRevisionId(Aws::String&& value) { m_revisionIdHasBeenSet = true; m_revisionId = std::move(value); } + inline void SetRevisionId(const char* value) { m_revisionIdHasBeenSet = true; m_revisionId.assign(value); } + inline PutResourcePolicyRequest& WithRevisionId(const Aws::String& value) { SetRevisionId(value); return *this;} + inline PutResourcePolicyRequest& WithRevisionId(Aws::String&& value) { SetRevisionId(std::move(value)); return *this;} + inline PutResourcePolicyRequest& WithRevisionId(const char* value) { SetRevisionId(value); return *this;} + ///@} + private: + + Aws::String m_resourceArn; + bool m_resourceArnHasBeenSet = false; + + Aws::String m_policy; + bool m_policyHasBeenSet = false; + + Aws::String m_revisionId; + bool m_revisionIdHasBeenSet = false; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyResult.h b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyResult.h new file mode 100644 index 00000000000..c7a5b7fb5b1 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/include/aws/lambda/model/PutResourcePolicyResult.h @@ -0,0 +1,82 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#include +#include +#include + +namespace Aws +{ +template +class AmazonWebServiceResult; + +namespace Utils +{ +namespace Json +{ + class JsonValue; +} // namespace Json +} // namespace Utils +namespace Lambda +{ +namespace Model +{ + class PutResourcePolicyResult + { + public: + AWS_LAMBDA_API PutResourcePolicyResult(); + AWS_LAMBDA_API PutResourcePolicyResult(const Aws::AmazonWebServiceResult& result); + AWS_LAMBDA_API PutResourcePolicyResult& operator=(const Aws::AmazonWebServiceResult& result); + + + ///@{ + /** + *

    The policy Lambda added to your function.

    + */ + inline const Aws::String& GetPolicy() const{ return m_policy; } + inline void SetPolicy(const Aws::String& value) { m_policy = value; } + inline void SetPolicy(Aws::String&& value) { m_policy = std::move(value); } + inline void SetPolicy(const char* value) { m_policy.assign(value); } + inline PutResourcePolicyResult& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} + inline PutResourcePolicyResult& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} + inline PutResourcePolicyResult& WithPolicy(const char* value) { SetPolicy(value); return *this;} + ///@} + + ///@{ + /** + *

    The revision ID of the policy Lambda added to your function.

    + */ + inline const Aws::String& GetRevisionId() const{ return m_revisionId; } + inline void SetRevisionId(const Aws::String& value) { m_revisionId = value; } + inline void SetRevisionId(Aws::String&& value) { m_revisionId = std::move(value); } + inline void SetRevisionId(const char* value) { m_revisionId.assign(value); } + inline PutResourcePolicyResult& WithRevisionId(const Aws::String& value) { SetRevisionId(value); return *this;} + inline PutResourcePolicyResult& WithRevisionId(Aws::String&& value) { SetRevisionId(std::move(value)); return *this;} + inline PutResourcePolicyResult& WithRevisionId(const char* value) { SetRevisionId(value); return *this;} + ///@} + + ///@{ + + inline const Aws::String& GetRequestId() const{ return m_requestId; } + inline void SetRequestId(const Aws::String& value) { m_requestId = value; } + inline void SetRequestId(Aws::String&& value) { m_requestId = std::move(value); } + inline void SetRequestId(const char* value) { m_requestId.assign(value); } + inline PutResourcePolicyResult& WithRequestId(const Aws::String& value) { SetRequestId(value); return *this;} + inline PutResourcePolicyResult& WithRequestId(Aws::String&& value) { SetRequestId(std::move(value)); return *this;} + inline PutResourcePolicyResult& WithRequestId(const char* value) { SetRequestId(value); return *this;} + ///@} + private: + + Aws::String m_policy; + + Aws::String m_revisionId; + + Aws::String m_requestId; + }; + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/source/LambdaClient.cpp b/generated/src/aws-cpp-sdk-lambda/source/LambdaClient.cpp index 4a1fb0d4660..9786180967c 100644 --- a/generated/src/aws-cpp-sdk-lambda/source/LambdaClient.cpp +++ b/generated/src/aws-cpp-sdk-lambda/source/LambdaClient.cpp @@ -39,6 +39,7 @@ #include #include #include +#include #include #include #include @@ -55,6 +56,8 @@ #include #include #include +#include +#include #include #include #include @@ -77,6 +80,8 @@ #include #include #include +#include +#include #include #include #include @@ -810,6 +815,39 @@ DeleteProvisionedConcurrencyConfigOutcome LambdaClient::DeleteProvisionedConcurr {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); } +DeleteResourcePolicyOutcome LambdaClient::DeleteResourcePolicy(const DeleteResourcePolicyRequest& request) const +{ + AWS_OPERATION_GUARD(DeleteResourcePolicy); + AWS_OPERATION_CHECK_PTR(m_endpointProvider, DeleteResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE); + if (!request.ResourceArnHasBeenSet()) + { + AWS_LOGSTREAM_ERROR("DeleteResourcePolicy", "Required field: ResourceArn, is not set"); + return DeleteResourcePolicyOutcome(Aws::Client::AWSError(LambdaErrors::MISSING_PARAMETER, "MISSING_PARAMETER", "Missing required field [ResourceArn]", false)); + } + AWS_OPERATION_CHECK_PTR(m_telemetryProvider, DeleteResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto tracer = m_telemetryProvider->getTracer(this->GetServiceClientName(), {}); + auto meter = m_telemetryProvider->getMeter(this->GetServiceClientName(), {}); + AWS_OPERATION_CHECK_PTR(meter, DeleteResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto span = tracer->CreateSpan(Aws::String(this->GetServiceClientName()) + ".DeleteResourcePolicy", + {{ TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName() }, { TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName() }, { TracingUtils::SMITHY_SYSTEM_DIMENSION, TracingUtils::SMITHY_METHOD_AWS_VALUE }}, + smithy::components::tracing::SpanKind::CLIENT); + return TracingUtils::MakeCallWithTiming( + [&]()-> DeleteResourcePolicyOutcome { + auto endpointResolutionOutcome = TracingUtils::MakeCallWithTiming( + [&]() -> ResolveEndpointOutcome { return m_endpointProvider->ResolveEndpoint(request.GetEndpointContextParams()); }, + TracingUtils::SMITHY_CLIENT_ENDPOINT_RESOLUTION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); + AWS_OPERATION_CHECK_SUCCESS(endpointResolutionOutcome, DeleteResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE, endpointResolutionOutcome.GetError().GetMessage()); + endpointResolutionOutcome.GetResult().AddPathSegments("/2024-09-16/resource-policy/"); + endpointResolutionOutcome.GetResult().AddPathSegment(request.GetResourceArn()); + return DeleteResourcePolicyOutcome(MakeRequest(request, endpointResolutionOutcome.GetResult(), Aws::Http::HttpMethod::HTTP_DELETE, Aws::Auth::SIGV4_SIGNER)); + }, + TracingUtils::SMITHY_CLIENT_DURATION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); +} + GetAccountSettingsOutcome LambdaClient::GetAccountSettings(const GetAccountSettingsRequest& request) const { AWS_OPERATION_GUARD(GetAccountSettings); @@ -1369,6 +1407,72 @@ GetProvisionedConcurrencyConfigOutcome LambdaClient::GetProvisionedConcurrencyCo {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); } +GetPublicAccessBlockConfigOutcome LambdaClient::GetPublicAccessBlockConfig(const GetPublicAccessBlockConfigRequest& request) const +{ + AWS_OPERATION_GUARD(GetPublicAccessBlockConfig); + AWS_OPERATION_CHECK_PTR(m_endpointProvider, GetPublicAccessBlockConfig, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE); + if (!request.ResourceArnHasBeenSet()) + { + AWS_LOGSTREAM_ERROR("GetPublicAccessBlockConfig", "Required field: ResourceArn, is not set"); + return GetPublicAccessBlockConfigOutcome(Aws::Client::AWSError(LambdaErrors::MISSING_PARAMETER, "MISSING_PARAMETER", "Missing required field [ResourceArn]", false)); + } + AWS_OPERATION_CHECK_PTR(m_telemetryProvider, GetPublicAccessBlockConfig, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto tracer = m_telemetryProvider->getTracer(this->GetServiceClientName(), {}); + auto meter = m_telemetryProvider->getMeter(this->GetServiceClientName(), {}); + AWS_OPERATION_CHECK_PTR(meter, GetPublicAccessBlockConfig, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto span = tracer->CreateSpan(Aws::String(this->GetServiceClientName()) + ".GetPublicAccessBlockConfig", + {{ TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName() }, { TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName() }, { TracingUtils::SMITHY_SYSTEM_DIMENSION, TracingUtils::SMITHY_METHOD_AWS_VALUE }}, + smithy::components::tracing::SpanKind::CLIENT); + return TracingUtils::MakeCallWithTiming( + [&]()-> GetPublicAccessBlockConfigOutcome { + auto endpointResolutionOutcome = TracingUtils::MakeCallWithTiming( + [&]() -> ResolveEndpointOutcome { return m_endpointProvider->ResolveEndpoint(request.GetEndpointContextParams()); }, + TracingUtils::SMITHY_CLIENT_ENDPOINT_RESOLUTION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); + AWS_OPERATION_CHECK_SUCCESS(endpointResolutionOutcome, GetPublicAccessBlockConfig, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE, endpointResolutionOutcome.GetError().GetMessage()); + endpointResolutionOutcome.GetResult().AddPathSegments("/2024-09-16/public-access-block/"); + endpointResolutionOutcome.GetResult().AddPathSegment(request.GetResourceArn()); + return GetPublicAccessBlockConfigOutcome(MakeRequest(request, endpointResolutionOutcome.GetResult(), Aws::Http::HttpMethod::HTTP_GET, Aws::Auth::SIGV4_SIGNER)); + }, + TracingUtils::SMITHY_CLIENT_DURATION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); +} + +GetResourcePolicyOutcome LambdaClient::GetResourcePolicy(const GetResourcePolicyRequest& request) const +{ + AWS_OPERATION_GUARD(GetResourcePolicy); + AWS_OPERATION_CHECK_PTR(m_endpointProvider, GetResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE); + if (!request.ResourceArnHasBeenSet()) + { + AWS_LOGSTREAM_ERROR("GetResourcePolicy", "Required field: ResourceArn, is not set"); + return GetResourcePolicyOutcome(Aws::Client::AWSError(LambdaErrors::MISSING_PARAMETER, "MISSING_PARAMETER", "Missing required field [ResourceArn]", false)); + } + AWS_OPERATION_CHECK_PTR(m_telemetryProvider, GetResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto tracer = m_telemetryProvider->getTracer(this->GetServiceClientName(), {}); + auto meter = m_telemetryProvider->getMeter(this->GetServiceClientName(), {}); + AWS_OPERATION_CHECK_PTR(meter, GetResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto span = tracer->CreateSpan(Aws::String(this->GetServiceClientName()) + ".GetResourcePolicy", + {{ TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName() }, { TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName() }, { TracingUtils::SMITHY_SYSTEM_DIMENSION, TracingUtils::SMITHY_METHOD_AWS_VALUE }}, + smithy::components::tracing::SpanKind::CLIENT); + return TracingUtils::MakeCallWithTiming( + [&]()-> GetResourcePolicyOutcome { + auto endpointResolutionOutcome = TracingUtils::MakeCallWithTiming( + [&]() -> ResolveEndpointOutcome { return m_endpointProvider->ResolveEndpoint(request.GetEndpointContextParams()); }, + TracingUtils::SMITHY_CLIENT_ENDPOINT_RESOLUTION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); + AWS_OPERATION_CHECK_SUCCESS(endpointResolutionOutcome, GetResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE, endpointResolutionOutcome.GetError().GetMessage()); + endpointResolutionOutcome.GetResult().AddPathSegments("/2024-09-16/resource-policy/"); + endpointResolutionOutcome.GetResult().AddPathSegment(request.GetResourceArn()); + return GetResourcePolicyOutcome(MakeRequest(request, endpointResolutionOutcome.GetResult(), Aws::Http::HttpMethod::HTTP_GET, Aws::Auth::SIGV4_SIGNER)); + }, + TracingUtils::SMITHY_CLIENT_DURATION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); +} + GetRuntimeManagementConfigOutcome LambdaClient::GetRuntimeManagementConfig(const GetRuntimeManagementConfigRequest& request) const { AWS_OPERATION_GUARD(GetRuntimeManagementConfig); @@ -2099,6 +2203,72 @@ PutProvisionedConcurrencyConfigOutcome LambdaClient::PutProvisionedConcurrencyCo {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); } +PutPublicAccessBlockConfigOutcome LambdaClient::PutPublicAccessBlockConfig(const PutPublicAccessBlockConfigRequest& request) const +{ + AWS_OPERATION_GUARD(PutPublicAccessBlockConfig); + AWS_OPERATION_CHECK_PTR(m_endpointProvider, PutPublicAccessBlockConfig, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE); + if (!request.ResourceArnHasBeenSet()) + { + AWS_LOGSTREAM_ERROR("PutPublicAccessBlockConfig", "Required field: ResourceArn, is not set"); + return PutPublicAccessBlockConfigOutcome(Aws::Client::AWSError(LambdaErrors::MISSING_PARAMETER, "MISSING_PARAMETER", "Missing required field [ResourceArn]", false)); + } + AWS_OPERATION_CHECK_PTR(m_telemetryProvider, PutPublicAccessBlockConfig, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto tracer = m_telemetryProvider->getTracer(this->GetServiceClientName(), {}); + auto meter = m_telemetryProvider->getMeter(this->GetServiceClientName(), {}); + AWS_OPERATION_CHECK_PTR(meter, PutPublicAccessBlockConfig, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto span = tracer->CreateSpan(Aws::String(this->GetServiceClientName()) + ".PutPublicAccessBlockConfig", + {{ TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName() }, { TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName() }, { TracingUtils::SMITHY_SYSTEM_DIMENSION, TracingUtils::SMITHY_METHOD_AWS_VALUE }}, + smithy::components::tracing::SpanKind::CLIENT); + return TracingUtils::MakeCallWithTiming( + [&]()-> PutPublicAccessBlockConfigOutcome { + auto endpointResolutionOutcome = TracingUtils::MakeCallWithTiming( + [&]() -> ResolveEndpointOutcome { return m_endpointProvider->ResolveEndpoint(request.GetEndpointContextParams()); }, + TracingUtils::SMITHY_CLIENT_ENDPOINT_RESOLUTION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); + AWS_OPERATION_CHECK_SUCCESS(endpointResolutionOutcome, PutPublicAccessBlockConfig, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE, endpointResolutionOutcome.GetError().GetMessage()); + endpointResolutionOutcome.GetResult().AddPathSegments("/2024-09-16/public-access-block/"); + endpointResolutionOutcome.GetResult().AddPathSegment(request.GetResourceArn()); + return PutPublicAccessBlockConfigOutcome(MakeRequest(request, endpointResolutionOutcome.GetResult(), Aws::Http::HttpMethod::HTTP_PUT, Aws::Auth::SIGV4_SIGNER)); + }, + TracingUtils::SMITHY_CLIENT_DURATION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); +} + +PutResourcePolicyOutcome LambdaClient::PutResourcePolicy(const PutResourcePolicyRequest& request) const +{ + AWS_OPERATION_GUARD(PutResourcePolicy); + AWS_OPERATION_CHECK_PTR(m_endpointProvider, PutResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE); + if (!request.ResourceArnHasBeenSet()) + { + AWS_LOGSTREAM_ERROR("PutResourcePolicy", "Required field: ResourceArn, is not set"); + return PutResourcePolicyOutcome(Aws::Client::AWSError(LambdaErrors::MISSING_PARAMETER, "MISSING_PARAMETER", "Missing required field [ResourceArn]", false)); + } + AWS_OPERATION_CHECK_PTR(m_telemetryProvider, PutResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto tracer = m_telemetryProvider->getTracer(this->GetServiceClientName(), {}); + auto meter = m_telemetryProvider->getMeter(this->GetServiceClientName(), {}); + AWS_OPERATION_CHECK_PTR(meter, PutResourcePolicy, CoreErrors, CoreErrors::NOT_INITIALIZED); + auto span = tracer->CreateSpan(Aws::String(this->GetServiceClientName()) + ".PutResourcePolicy", + {{ TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName() }, { TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName() }, { TracingUtils::SMITHY_SYSTEM_DIMENSION, TracingUtils::SMITHY_METHOD_AWS_VALUE }}, + smithy::components::tracing::SpanKind::CLIENT); + return TracingUtils::MakeCallWithTiming( + [&]()-> PutResourcePolicyOutcome { + auto endpointResolutionOutcome = TracingUtils::MakeCallWithTiming( + [&]() -> ResolveEndpointOutcome { return m_endpointProvider->ResolveEndpoint(request.GetEndpointContextParams()); }, + TracingUtils::SMITHY_CLIENT_ENDPOINT_RESOLUTION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); + AWS_OPERATION_CHECK_SUCCESS(endpointResolutionOutcome, PutResourcePolicy, CoreErrors, CoreErrors::ENDPOINT_RESOLUTION_FAILURE, endpointResolutionOutcome.GetError().GetMessage()); + endpointResolutionOutcome.GetResult().AddPathSegments("/2024-09-16/resource-policy/"); + endpointResolutionOutcome.GetResult().AddPathSegment(request.GetResourceArn()); + return PutResourcePolicyOutcome(MakeRequest(request, endpointResolutionOutcome.GetResult(), Aws::Http::HttpMethod::HTTP_PUT, Aws::Auth::SIGV4_SIGNER)); + }, + TracingUtils::SMITHY_CLIENT_DURATION_METRIC, + *meter, + {{TracingUtils::SMITHY_METHOD_DIMENSION, request.GetServiceRequestName()}, {TracingUtils::SMITHY_SERVICE_DIMENSION, this->GetServiceClientName()}}); +} + PutRuntimeManagementConfigOutcome LambdaClient::PutRuntimeManagementConfig(const PutRuntimeManagementConfigRequest& request) const { AWS_OPERATION_GUARD(PutRuntimeManagementConfig); diff --git a/generated/src/aws-cpp-sdk-lambda/source/LambdaErrors.cpp b/generated/src/aws-cpp-sdk-lambda/source/LambdaErrors.cpp index bfcc290fc7f..6b2ae3ed934 100644 --- a/generated/src/aws-cpp-sdk-lambda/source/LambdaErrors.cpp +++ b/generated/src/aws-cpp-sdk-lambda/source/LambdaErrors.cpp @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -84,6 +85,12 @@ template<> AWS_LAMBDA_API KMSInvalidStateException LambdaError::GetModeledError( return KMSInvalidStateException(this->GetJsonPayload().View()); } +template<> AWS_LAMBDA_API PublicPolicyException LambdaError::GetModeledError() +{ + assert(this->GetErrorType() == LambdaErrors::PUBLIC_POLICY); + return PublicPolicyException(this->GetJsonPayload().View()); +} + template<> AWS_LAMBDA_API RecursiveInvocationException LambdaError::GetModeledError() { assert(this->GetErrorType() == LambdaErrors::RECURSIVE_INVOCATION); @@ -289,6 +296,7 @@ static const int E_F_S_MOUNT_CONNECTIVITY_HASH = HashingUtils::HashString("EFSMo static const int RESOURCE_NOT_READY_HASH = HashingUtils::HashString("ResourceNotReadyException"); static const int PROVISIONED_CONCURRENCY_CONFIG_NOT_FOUND_HASH = HashingUtils::HashString("ProvisionedConcurrencyConfigNotFoundException"); static const int K_M_S_INVALID_STATE_HASH = HashingUtils::HashString("KMSInvalidStateException"); +static const int PUBLIC_POLICY_HASH = HashingUtils::HashString("PublicPolicyException"); static const int RECURSIVE_INVOCATION_HASH = HashingUtils::HashString("RecursiveInvocationException"); static const int POLICY_LENGTH_EXCEEDED_HASH = HashingUtils::HashString("PolicyLengthExceededException"); static const int K_M_S_NOT_FOUND_HASH = HashingUtils::HashString("KMSNotFoundException"); @@ -343,6 +351,10 @@ AWSError GetErrorForName(const char* errorName) { return AWSError(static_cast(LambdaErrors::K_M_S_INVALID_STATE), RetryableType::NOT_RETRYABLE); } + else if (hashCode == PUBLIC_POLICY_HASH) + { + return AWSError(static_cast(LambdaErrors::PUBLIC_POLICY), RetryableType::NOT_RETRYABLE); + } else if (hashCode == RECURSIVE_INVOCATION_HASH) { return AWSError(static_cast(LambdaErrors::RECURSIVE_INVOCATION), RetryableType::NOT_RETRYABLE); diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/DeleteResourcePolicyRequest.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/DeleteResourcePolicyRequest.cpp new file mode 100644 index 00000000000..94eaccc80c3 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/DeleteResourcePolicyRequest.cpp @@ -0,0 +1,42 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; +using namespace Aws::Http; + +DeleteResourcePolicyRequest::DeleteResourcePolicyRequest() : + m_resourceArnHasBeenSet(false), + m_revisionIdHasBeenSet(false) +{ +} + +Aws::String DeleteResourcePolicyRequest::SerializePayload() const +{ + return {}; +} + +void DeleteResourcePolicyRequest::AddQueryStringParameters(URI& uri) const +{ + Aws::StringStream ss; + if(m_revisionIdHasBeenSet) + { + ss << m_revisionId; + uri.AddQueryStringParameter("RevisionId", ss.str()); + ss.str(""); + } + +} + + + diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigRequest.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigRequest.cpp new file mode 100644 index 00000000000..667b16c9a42 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigRequest.cpp @@ -0,0 +1,27 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +GetPublicAccessBlockConfigRequest::GetPublicAccessBlockConfigRequest() : + m_resourceArnHasBeenSet(false) +{ +} + +Aws::String GetPublicAccessBlockConfigRequest::SerializePayload() const +{ + return {}; +} + + + + diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigResult.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigResult.cpp new file mode 100644 index 00000000000..42dc3eed92f --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/GetPublicAccessBlockConfigResult.cpp @@ -0,0 +1,48 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include +#include +#include +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; +using namespace Aws; + +GetPublicAccessBlockConfigResult::GetPublicAccessBlockConfigResult() +{ +} + +GetPublicAccessBlockConfigResult::GetPublicAccessBlockConfigResult(const Aws::AmazonWebServiceResult& result) +{ + *this = result; +} + +GetPublicAccessBlockConfigResult& GetPublicAccessBlockConfigResult::operator =(const Aws::AmazonWebServiceResult& result) +{ + JsonView jsonValue = result.GetPayload().View(); + if(jsonValue.ValueExists("PublicAccessBlockConfig")) + { + m_publicAccessBlockConfig = jsonValue.GetObject("PublicAccessBlockConfig"); + + } + + + const auto& headers = result.GetHeaderValueCollection(); + const auto& requestIdIter = headers.find("x-amzn-requestid"); + if(requestIdIter != headers.end()) + { + m_requestId = requestIdIter->second; + } + + + return *this; +} diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyRequest.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyRequest.cpp new file mode 100644 index 00000000000..36dae19bcf2 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyRequest.cpp @@ -0,0 +1,27 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +GetResourcePolicyRequest::GetResourcePolicyRequest() : + m_resourceArnHasBeenSet(false) +{ +} + +Aws::String GetResourcePolicyRequest::SerializePayload() const +{ + return {}; +} + + + + diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyResult.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyResult.cpp new file mode 100644 index 00000000000..829ded9aceb --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/GetResourcePolicyResult.cpp @@ -0,0 +1,54 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include +#include +#include +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; +using namespace Aws; + +GetResourcePolicyResult::GetResourcePolicyResult() +{ +} + +GetResourcePolicyResult::GetResourcePolicyResult(const Aws::AmazonWebServiceResult& result) +{ + *this = result; +} + +GetResourcePolicyResult& GetResourcePolicyResult::operator =(const Aws::AmazonWebServiceResult& result) +{ + JsonView jsonValue = result.GetPayload().View(); + if(jsonValue.ValueExists("Policy")) + { + m_policy = jsonValue.GetString("Policy"); + + } + + if(jsonValue.ValueExists("RevisionId")) + { + m_revisionId = jsonValue.GetString("RevisionId"); + + } + + + const auto& headers = result.GetHeaderValueCollection(); + const auto& requestIdIter = headers.find("x-amzn-requestid"); + if(requestIdIter != headers.end()) + { + m_requestId = requestIdIter->second; + } + + + return *this; +} diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PublicAccessBlockConfig.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PublicAccessBlockConfig.cpp new file mode 100644 index 00000000000..d6d2813aa77 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PublicAccessBlockConfig.cpp @@ -0,0 +1,75 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + +PublicAccessBlockConfig::PublicAccessBlockConfig() : + m_blockPublicPolicy(false), + m_blockPublicPolicyHasBeenSet(false), + m_restrictPublicResource(false), + m_restrictPublicResourceHasBeenSet(false) +{ +} + +PublicAccessBlockConfig::PublicAccessBlockConfig(JsonView jsonValue) + : PublicAccessBlockConfig() +{ + *this = jsonValue; +} + +PublicAccessBlockConfig& PublicAccessBlockConfig::operator =(JsonView jsonValue) +{ + if(jsonValue.ValueExists("BlockPublicPolicy")) + { + m_blockPublicPolicy = jsonValue.GetBool("BlockPublicPolicy"); + + m_blockPublicPolicyHasBeenSet = true; + } + + if(jsonValue.ValueExists("RestrictPublicResource")) + { + m_restrictPublicResource = jsonValue.GetBool("RestrictPublicResource"); + + m_restrictPublicResourceHasBeenSet = true; + } + + return *this; +} + +JsonValue PublicAccessBlockConfig::Jsonize() const +{ + JsonValue payload; + + if(m_blockPublicPolicyHasBeenSet) + { + payload.WithBool("BlockPublicPolicy", m_blockPublicPolicy); + + } + + if(m_restrictPublicResourceHasBeenSet) + { + payload.WithBool("RestrictPublicResource", m_restrictPublicResource); + + } + + return payload; +} + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PublicPolicyException.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PublicPolicyException.cpp new file mode 100644 index 00000000000..25ad620238c --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PublicPolicyException.cpp @@ -0,0 +1,73 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +namespace Aws +{ +namespace Lambda +{ +namespace Model +{ + +PublicPolicyException::PublicPolicyException() : + m_typeHasBeenSet(false), + m_messageHasBeenSet(false) +{ +} + +PublicPolicyException::PublicPolicyException(JsonView jsonValue) + : PublicPolicyException() +{ + *this = jsonValue; +} + +PublicPolicyException& PublicPolicyException::operator =(JsonView jsonValue) +{ + if(jsonValue.ValueExists("Type")) + { + m_type = jsonValue.GetString("Type"); + + m_typeHasBeenSet = true; + } + + if(jsonValue.ValueExists("Message")) + { + m_message = jsonValue.GetString("Message"); + + m_messageHasBeenSet = true; + } + + return *this; +} + +JsonValue PublicPolicyException::Jsonize() const +{ + JsonValue payload; + + if(m_typeHasBeenSet) + { + payload.WithString("Type", m_type); + + } + + if(m_messageHasBeenSet) + { + payload.WithString("Message", m_message); + + } + + return payload; +} + +} // namespace Model +} // namespace Lambda +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigRequest.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigRequest.cpp new file mode 100644 index 00000000000..27b404c331e --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigRequest.cpp @@ -0,0 +1,36 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +PutPublicAccessBlockConfigRequest::PutPublicAccessBlockConfigRequest() : + m_resourceArnHasBeenSet(false), + m_publicAccessBlockConfigHasBeenSet(false) +{ +} + +Aws::String PutPublicAccessBlockConfigRequest::SerializePayload() const +{ + JsonValue payload; + + if(m_publicAccessBlockConfigHasBeenSet) + { + payload.WithObject("PublicAccessBlockConfig", m_publicAccessBlockConfig.Jsonize()); + + } + + return payload.View().WriteReadable(); +} + + + + diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigResult.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigResult.cpp new file mode 100644 index 00000000000..a50969c9304 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PutPublicAccessBlockConfigResult.cpp @@ -0,0 +1,48 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include +#include +#include +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; +using namespace Aws; + +PutPublicAccessBlockConfigResult::PutPublicAccessBlockConfigResult() +{ +} + +PutPublicAccessBlockConfigResult::PutPublicAccessBlockConfigResult(const Aws::AmazonWebServiceResult& result) +{ + *this = result; +} + +PutPublicAccessBlockConfigResult& PutPublicAccessBlockConfigResult::operator =(const Aws::AmazonWebServiceResult& result) +{ + JsonView jsonValue = result.GetPayload().View(); + if(jsonValue.ValueExists("PublicAccessBlockConfig")) + { + m_publicAccessBlockConfig = jsonValue.GetObject("PublicAccessBlockConfig"); + + } + + + const auto& headers = result.GetHeaderValueCollection(); + const auto& requestIdIter = headers.find("x-amzn-requestid"); + if(requestIdIter != headers.end()) + { + m_requestId = requestIdIter->second; + } + + + return *this; +} diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyRequest.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyRequest.cpp new file mode 100644 index 00000000000..34befbc7684 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyRequest.cpp @@ -0,0 +1,43 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; + +PutResourcePolicyRequest::PutResourcePolicyRequest() : + m_resourceArnHasBeenSet(false), + m_policyHasBeenSet(false), + m_revisionIdHasBeenSet(false) +{ +} + +Aws::String PutResourcePolicyRequest::SerializePayload() const +{ + JsonValue payload; + + if(m_policyHasBeenSet) + { + payload.WithString("Policy", m_policy); + + } + + if(m_revisionIdHasBeenSet) + { + payload.WithString("RevisionId", m_revisionId); + + } + + return payload.View().WriteReadable(); +} + + + + diff --git a/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyResult.cpp b/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyResult.cpp new file mode 100644 index 00000000000..ecba3ff9d79 --- /dev/null +++ b/generated/src/aws-cpp-sdk-lambda/source/model/PutResourcePolicyResult.cpp @@ -0,0 +1,54 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#include +#include +#include +#include +#include +#include + +#include + +using namespace Aws::Lambda::Model; +using namespace Aws::Utils::Json; +using namespace Aws::Utils; +using namespace Aws; + +PutResourcePolicyResult::PutResourcePolicyResult() +{ +} + +PutResourcePolicyResult::PutResourcePolicyResult(const Aws::AmazonWebServiceResult& result) +{ + *this = result; +} + +PutResourcePolicyResult& PutResourcePolicyResult::operator =(const Aws::AmazonWebServiceResult& result) +{ + JsonView jsonValue = result.GetPayload().View(); + if(jsonValue.ValueExists("Policy")) + { + m_policy = jsonValue.GetString("Policy"); + + } + + if(jsonValue.ValueExists("RevisionId")) + { + m_revisionId = jsonValue.GetString("RevisionId"); + + } + + + const auto& headers = result.GetHeaderValueCollection(); + const auto& requestIdIter = headers.find("x-amzn-requestid"); + if(requestIdIter != headers.end()) + { + m_requestId = requestIdIter->second; + } + + + return *this; +} diff --git a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/CreateDBInstanceRequest.h b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/CreateDBInstanceRequest.h index eda7f29375b..5f6499784c8 100644 --- a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/CreateDBInstanceRequest.h +++ b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/CreateDBInstanceRequest.h @@ -552,18 +552,19 @@ namespace Model /** *

    The license model information for this DB instance.

    License * models for RDS for Db2 require additional configuration. The Bring Your Own - * License (BYOL) model requires a custom parameter group. The Db2 license through - * Amazon Web Services Marketplace model requires an Amazon Web Services - * Marketplace subscription. For more information, see RDS - * for Db2 licensing options in the Amazon RDS User Guide.

    The - * default for RDS for Db2 is bring-your-own-license.

    - *

    This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

    - *

    Valid Values:

    • RDS for Db2 - bring-your-own-license | - * marketplace-license

    • RDS for MariaDB - - * general-public-license

    • RDS for Microsoft SQL - * Server - license-included

    • RDS for MySQL - - * general-public-license

    • RDS for Oracle - + * License (BYOL) model requires a custom parameter group and an Amazon Web + * Services License Manager self-managed license. The Db2 license through Amazon + * Web Services Marketplace model requires an Amazon Web Services Marketplace + * subscription. For more information, see Amazon + * RDS for Db2 licensing options in the Amazon RDS User Guide.

      + *

      The default for RDS for Db2 is bring-your-own-license.

      + *

      This setting doesn't apply to Amazon Aurora or RDS Custom DB + * instances.

      Valid Values:

      • RDS for Db2 - + * bring-your-own-license | marketplace-license

      • RDS + * for MariaDB - general-public-license

      • RDS for + * Microsoft SQL Server - license-included

      • RDS for + * MySQL - general-public-license

      • RDS for Oracle - * bring-your-own-license | license-included

      • RDS * for PostgreSQL - postgresql-license

      */ diff --git a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceFromDBSnapshotRequest.h b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceFromDBSnapshotRequest.h index 58edbb0ff19..9673008d04f 100644 --- a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceFromDBSnapshotRequest.h +++ b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceFromDBSnapshotRequest.h @@ -194,17 +194,18 @@ namespace Model /** *

      License model information for the restored DB instance.

      License * models for RDS for Db2 require additional configuration. The Bring Your Own - * License (BYOL) model requires a custom parameter group. The Db2 license through - * Amazon Web Services Marketplace model requires an Amazon Web Services - * Marketplace subscription. For more information, see RDS - * for Db2 licensing options in the Amazon RDS User Guide.

      - *

      This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

      - *

      Valid Values:

      • RDS for Db2 - bring-your-own-license | - * marketplace-license

      • RDS for MariaDB - - * general-public-license

      • RDS for Microsoft SQL - * Server - license-included

      • RDS for MySQL - - * general-public-license

      • RDS for Oracle - + * License (BYOL) model requires a custom parameter group and an Amazon Web + * Services License Manager self-managed license. The Db2 license through Amazon + * Web Services Marketplace model requires an Amazon Web Services Marketplace + * subscription. For more information, see Amazon + * RDS for Db2 licensing options in the Amazon RDS User Guide.

        + *

        This setting doesn't apply to Amazon Aurora or RDS Custom DB + * instances.

        Valid Values:

        • RDS for Db2 - + * bring-your-own-license | marketplace-license

        • RDS + * for MariaDB - general-public-license

        • RDS for + * Microsoft SQL Server - license-included

        • RDS for + * MySQL - general-public-license

        • RDS for Oracle - * bring-your-own-license | license-included

        • RDS * for PostgreSQL - postgresql-license

        Default: * Same as the source.

        diff --git a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceToPointInTimeRequest.h b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceToPointInTimeRequest.h index ecdf6552069..821eedf846e 100644 --- a/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceToPointInTimeRequest.h +++ b/generated/src/aws-cpp-sdk-rds/include/aws/rds/model/RestoreDBInstanceToPointInTimeRequest.h @@ -219,17 +219,18 @@ namespace Model /** *

        The license model information for the restored DB instance.

        *

        License models for RDS for Db2 require additional configuration. The Bring - * Your Own License (BYOL) model requires a custom parameter group. The Db2 license - * through Amazon Web Services Marketplace model requires an Amazon Web Services + * Your Own License (BYOL) model requires a custom parameter group and an Amazon + * Web Services License Manager self-managed license. The Db2 license through + * Amazon Web Services Marketplace model requires an Amazon Web Services * Marketplace subscription. For more information, see RDS - * for Db2 licensing options in the Amazon RDS User Guide.

        - *

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        - *

        Valid Values:

        • RDS for Db2 - bring-your-own-license | - * marketplace-license

        • RDS for MariaDB - - * general-public-license

        • RDS for Microsoft SQL - * Server - license-included

        • RDS for MySQL - - * general-public-license

        • RDS for Oracle - + * href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html">Amazon + * RDS for Db2 licensing options in the Amazon RDS User Guide.

          + *

          This setting doesn't apply to Amazon Aurora or RDS Custom DB + * instances.

          Valid Values:

          • RDS for Db2 - + * bring-your-own-license | marketplace-license

          • RDS + * for MariaDB - general-public-license

          • RDS for + * Microsoft SQL Server - license-included

          • RDS for + * MySQL - general-public-license

          • RDS for Oracle - * bring-your-own-license | license-included

          • RDS * for PostgreSQL - postgresql-license

          Default: * Same as the source.

          diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/SSMClient.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/SSMClient.h index fcd8845aaac..d6135115e9e 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/SSMClient.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/SSMClient.h @@ -238,12 +238,12 @@ namespace SSM * activation code and ID when installing SSM Agent on machines in your hybrid * environment. For more information about requirements for managing on-premises * machines using Systems Manager, see Setting - * up Amazon Web Services Systems Manager for hybrid and multicloud - * environments in the Amazon Web Services Systems Manager User Guide. - *

          Amazon Elastic Compute Cloud (Amazon EC2) instances, edge - * devices, and on-premises servers and VMs that are configured for Systems Manager - * are all called managed nodes.

          See Also:

          Using + * Amazon Web Services Systems Manager in hybrid and multicloud environments in + * the Amazon Web Services Systems Manager User Guide.

          Amazon + * Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises + * servers and VMs that are configured for Systems Manager are all called + * managed nodes.

          See Also:

          AWS * API Reference

          */ @@ -340,7 +340,7 @@ namespace SSM * defines the actions that Systems Manager performs on your managed nodes. For * more information about SSM documents, including information about supported * schemas, features, and syntax, see Amazon + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html">Amazon * Web Services Systems Manager Documents in the Amazon Web Services Systems * Manager User Guide.

          See Also:

          AWS @@ -495,8 +495,8 @@ namespace SSM * SyncToDestination type to synchronize Inventory data from multiple * Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon * S3) bucket. For more information, see Configuring - * resource data sync for Inventory in the Amazon Web Services Systems + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html">Creatinga + * a resource data sync for Inventory in the Amazon Web Services Systems * Manager User Guide.

          You can configure Systems Manager Explorer to use * the SyncFromSource type to synchronize operational work items * (OpsItems) and operational data (OpsData) from multiple Amazon Web Services diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AttachmentsSource.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AttachmentsSource.h index 2ba63c1880f..cd5ca5e6f39 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AttachmentsSource.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AttachmentsSource.h @@ -60,9 +60,9 @@ namespace Model * to a document. The format for Value depends on the type of key you * specify.

          • For the key SourceUrl, the value is an S3 * bucket location. For example:

            "Values": [ - * "s3://doc-example-bucket/my-folder" ]

          • For the key + * "s3://amzn-s3-demo-bucket/my-prefix" ]

          • For the key * S3FileUrl, the value is a file in an S3 bucket. For example:

            - * "Values": [ "s3://doc-example-bucket/my-folder/my-file.py" ]

            + * "Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]

            *
          • For the key AttachmentReference, the value is constructed * from the name of another SSM document in your account, a version number of that * document, and a file attached to that document version that you want to reuse. diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecution.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecution.h index 52e86cc20f4..702b5c1cd4a 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecution.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecution.h @@ -431,6 +431,22 @@ namespace Model inline AutomationExecution& AddTriggeredAlarms(AlarmStateInformation&& value) { m_triggeredAlarmsHasBeenSet = true; m_triggeredAlarms.push_back(std::move(value)); return *this; } ///@} + ///@{ + /** + *

            A publicly accessible URL for a file that contains the + * TargetLocations body. Currently, only files in presigned Amazon S3 + * buckets are supported

            + */ + inline const Aws::String& GetTargetLocationsURL() const{ return m_targetLocationsURL; } + inline bool TargetLocationsURLHasBeenSet() const { return m_targetLocationsURLHasBeenSet; } + inline void SetTargetLocationsURL(const Aws::String& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = value; } + inline void SetTargetLocationsURL(Aws::String&& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = std::move(value); } + inline void SetTargetLocationsURL(const char* value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL.assign(value); } + inline AutomationExecution& WithTargetLocationsURL(const Aws::String& value) { SetTargetLocationsURL(value); return *this;} + inline AutomationExecution& WithTargetLocationsURL(Aws::String&& value) { SetTargetLocationsURL(std::move(value)); return *this;} + inline AutomationExecution& WithTargetLocationsURL(const char* value) { SetTargetLocationsURL(value); return *this;} + ///@} + ///@{ /** *

            The subtype of the Automation operation. Currently, the only supported value @@ -616,6 +632,9 @@ namespace Model Aws::Vector m_triggeredAlarms; bool m_triggeredAlarmsHasBeenSet = false; + Aws::String m_targetLocationsURL; + bool m_targetLocationsURLHasBeenSet = false; + AutomationSubtype m_automationSubtype; bool m_automationSubtypeHasBeenSet = false; diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecutionMetadata.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecutionMetadata.h index b6b13ba21e8..cf27210c92e 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecutionMetadata.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/AutomationExecutionMetadata.h @@ -348,8 +348,8 @@ namespace Model * Amazon Web Services Regions and Amazon Web Services accounts. For more * information, see Running - * Automation workflows in multiple Amazon Web Services Regions and accounts in - * the Amazon Web Services Systems Manager User Guide.

            + * automations in multiple Amazon Web Services Regions and accounts in the + * Amazon Web Services Systems Manager User Guide.

            */ inline const AutomationType& GetAutomationType() const{ return m_automationType; } inline bool AutomationTypeHasBeenSet() const { return m_automationTypeHasBeenSet; } @@ -385,6 +385,22 @@ namespace Model inline AutomationExecutionMetadata& AddTriggeredAlarms(AlarmStateInformation&& value) { m_triggeredAlarmsHasBeenSet = true; m_triggeredAlarms.push_back(std::move(value)); return *this; } ///@} + ///@{ + /** + *

            A publicly accessible URL for a file that contains the + * TargetLocations body. Currently, only files in presigned Amazon S3 + * buckets are supported

            + */ + inline const Aws::String& GetTargetLocationsURL() const{ return m_targetLocationsURL; } + inline bool TargetLocationsURLHasBeenSet() const { return m_targetLocationsURLHasBeenSet; } + inline void SetTargetLocationsURL(const Aws::String& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = value; } + inline void SetTargetLocationsURL(Aws::String&& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = std::move(value); } + inline void SetTargetLocationsURL(const char* value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL.assign(value); } + inline AutomationExecutionMetadata& WithTargetLocationsURL(const Aws::String& value) { SetTargetLocationsURL(value); return *this;} + inline AutomationExecutionMetadata& WithTargetLocationsURL(Aws::String&& value) { SetTargetLocationsURL(std::move(value)); return *this;} + inline AutomationExecutionMetadata& WithTargetLocationsURL(const char* value) { SetTargetLocationsURL(value); return *this;} + ///@} + ///@{ /** *

            The subtype of the Automation operation. Currently, the only supported value @@ -543,6 +559,9 @@ namespace Model Aws::Vector m_triggeredAlarms; bool m_triggeredAlarmsHasBeenSet = false; + Aws::String m_targetLocationsURL; + bool m_targetLocationsURLHasBeenSet = false; + AutomationSubtype m_automationSubtype; bool m_automationSubtypeHasBeenSet = false; diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/BaselineOverride.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/BaselineOverride.h index c24baae7c6e..ec644196c4b 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/BaselineOverride.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/BaselineOverride.h @@ -82,9 +82,9 @@ namespace Model *

            A list of explicitly approved patches for the baseline.

            For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

            + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

            */ inline const Aws::Vector& GetApprovedPatches() const{ return m_approvedPatches; } inline bool ApprovedPatchesHasBeenSet() const { return m_approvedPatchesHasBeenSet; } @@ -116,9 +116,9 @@ namespace Model *

            A list of explicitly rejected patches for the baseline.

            For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

            + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

            */ inline const Aws::Vector& GetRejectedPatches() const{ return m_rejectedPatches; } inline bool RejectedPatchesHasBeenSet() const { return m_rejectedPatchesHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandFilter.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandFilter.h index 45a9134f4cd..7ab8b1e438a 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandFilter.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandFilter.h @@ -58,10 +58,10 @@ namespace Model /** *

            The filter value. Valid values for each filter key are as follows:

              *
            • InvokedAfter: Specify a timestamp to limit your results. For - * example, specify 2021-07-07T00:00:00Z to see a list of command + * example, specify 2024-07-07T00:00:00Z to see a list of command * executions occurring July 7, 2021, and later.

            • * InvokedBefore: Specify a timestamp to limit your results. For example, - * specify 2021-07-07T00:00:00Z to see a list of command executions + * specify 2024-07-07T00:00:00Z to see a list of command executions * from before July 7, 2021.

            • Status: Specify a valid * command status to see a list of all command executions with that status. The * status choices depend on the API you call.

              The status values you can diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandPlugin.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandPlugin.h index 38903e64113..b108732cffe 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandPlugin.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CommandPlugin.h @@ -215,10 +215,10 @@ namespace Model *

              The S3 bucket where the responses to the command executions should be stored. * This was requested when issuing the command. For example, in the following * response:

              - * doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript - *

              doc-example-bucket is the name of the S3 bucket;

              - * ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 - * prefix;

              i-02573cafcfEXAMPLE is the managed node ID;

              + * amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript + *

              amzn-s3-demo-bucket is the name of the S3 bucket;

              + * my-prefix is the name of the S3 prefix;

              + * i-02573cafcfEXAMPLE is the managed node ID;

              * awsrunShellScript is the name of the plugin.

              */ inline const Aws::String& GetOutputS3BucketName() const{ return m_outputS3BucketName; } @@ -236,10 +236,10 @@ namespace Model *

              The S3 directory path inside the bucket where the responses to the command * executions should be stored. This was requested when issuing the command. For * example, in the following response:

              - * doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript - *

              doc-example-bucket is the name of the S3 bucket;

              - * ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 - * prefix;

              i-02573cafcfEXAMPLE is the managed node ID;

              + * amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript + *

              amzn-s3-demo-bucket is the name of the S3 bucket;

              + * my-prefix is the name of the S3 prefix;

              + * i-02573cafcfEXAMPLE is the managed node ID;

              * awsrunShellScript is the name of the plugin.

              */ inline const Aws::String& GetOutputS3KeyPrefix() const{ return m_outputS3KeyPrefix; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateActivationRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateActivationRequest.h index d83c5a91dce..e43340a3c3d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateActivationRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateActivationRequest.h @@ -77,11 +77,11 @@ namespace Model * assign to the managed node. This IAM role must provide AssumeRole permissions * for the Amazon Web Services Systems Manager service principal * ssm.amazonaws.com. For more information, see Create - * an IAM service role for a hybrid and multicloud environment in the Amazon - * Web Services Systems Manager User Guide.

              You can't specify an - * IAM service-linked role for this parameter. You must create a unique role.

              - * + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html">Create + * the IAM service role required for Systems Manager in a hybrid and multicloud + * environments in the Amazon Web Services Systems Manager User + * Guide.

              You can't specify an IAM service-linked role for this + * parameter. You must create a unique role.

              */ inline const Aws::String& GetIamRole() const{ return m_iamRole; } inline bool IamRoleHasBeenSet() const { return m_iamRoleHasBeenSet; } @@ -107,7 +107,7 @@ namespace Model ///@{ /** *

              The date by which this activation request should expire, in timestamp format, - * such as "2021-07-07T00:00:00". You can specify a date up to 30 days in advance. + * such as "2024-07-07T00:00:00". You can specify a date up to 30 days in advance. * If you don't provide an expiration date, the activation code expires in 24 * hours.

              */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateAssociationRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateAssociationRequest.h index 41f5a8434f8..1c00d14b3f9 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateAssociationRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreateAssociationRequest.h @@ -140,7 +140,7 @@ namespace Model * Amazon Web Services account by specifying the InstanceIds key with * a value of *. For more information about choosing targets for an * association, see About + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-state-manager-targets-and-rate-controls.html">Understanding * targets and rate controls in State Manager associations in the Amazon Web * Services Systems Manager User Guide.

              */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreatePatchBaselineRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreatePatchBaselineRequest.h index 153424e4966..b8ba89a453b 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreatePatchBaselineRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/CreatePatchBaselineRequest.h @@ -99,9 +99,9 @@ namespace Model *

              A list of explicitly approved patches for the baseline.

              For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

              + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

              */ inline const Aws::Vector& GetApprovedPatches() const{ return m_approvedPatches; } inline bool ApprovedPatchesHasBeenSet() const { return m_approvedPatchesHasBeenSet; } @@ -145,9 +145,9 @@ namespace Model *

              A list of explicitly rejected patches for the baseline.

              For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

              + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

              */ inline const Aws::Vector& GetRejectedPatches() const{ return m_rejectedPatches; } inline bool RejectedPatchesHasBeenSet() const { return m_rejectedPatchesHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DeleteInventoryResult.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DeleteInventoryResult.h index dd2984f4667..6db28b1e82d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DeleteInventoryResult.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DeleteInventoryResult.h @@ -66,9 +66,9 @@ namespace Model /** *

              A summary of the delete operation. For more information about this summary, * see Understanding - * the delete inventory summary in the Amazon Web Services Systems Manager - * User Guide.

              + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-custom.html#delete-custom-inventory-summary">Deleting + * custom inventory in the Amazon Web Services Systems Manager User + * Guide.

              */ inline const InventoryDeletionSummary& GetDeletionSummary() const{ return m_deletionSummary; } inline void SetDeletionSummary(const InventoryDeletionSummary& value) { m_deletionSummary = value; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeInstancePatchesRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeInstancePatchesRequest.h index ec87225b043..e8bc7dc1c13 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeInstancePatchesRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeInstancePatchesRequest.h @@ -64,9 +64,9 @@ namespace Model * State

              Sample values: Installed | * InstalledOther | InstalledPendingReboot

              For * lists of all State values, see Understanding - * patch compliance state values in the Amazon Web Services Systems Manager - * User Guide.

            + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-compliance-states.html">Patch + * compliance state values in the Amazon Web Services Systems Manager User + * Guide.

          */ inline const Aws::Vector& GetFilters() const{ return m_filters; } inline bool FiltersHasBeenSet() const { return m_filtersHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeMaintenanceWindowExecutionsRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeMaintenanceWindowExecutionsRequest.h index 29146facad3..80d4fe6c9a9 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeMaintenanceWindowExecutionsRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/DescribeMaintenanceWindowExecutionsRequest.h @@ -57,7 +57,7 @@ namespace Model * ExecutedBefore and ExecutedAfter.

        • *

          Values. An array of strings, each between 1 and 256 characters. Supported * values are date/time strings in a valid ISO 8601 date/time format, such as - * 2021-11-04T05:00:00Z.

        + * 2024-11-04T05:00:00Z.

      */ inline const Aws::Vector& GetFilters() const{ return m_filters; } inline bool FiltersHasBeenSet() const { return m_filtersHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetMaintenanceWindowTaskResult.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetMaintenanceWindowTaskResult.h index b039135eea5..8319105985d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetMaintenanceWindowTaskResult.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetMaintenanceWindowTaskResult.h @@ -110,7 +110,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

      */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetParameterRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetParameterRequest.h index 9c7ff384480..54e5f20c10d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetParameterRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/GetParameterRequest.h @@ -42,7 +42,7 @@ namespace Model * "name:label"
      . To query by parameter version, use "Name": * "name:version".

      For more information about shared parameters, see * Working + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html">Working * with shared parameters in the Amazon Web Services Systems Manager User * Guide.

      */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstanceInformation.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstanceInformation.h index 344034f3a9d..d623fe3e386 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstanceInformation.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstanceInformation.h @@ -223,10 +223,10 @@ namespace Model * CreateActivation command. It is applied to the managed node by specifying * the Activation Code and Activation ID when you install SSM Agent on the node, as * explained in Install - * SSM Agent for a hybrid and multicloud environment (Linux) and Install - * SSM Agent for a hybrid and multicloud environment (Windows). To retrieve the + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-ssm-agent-install-linux.html">How + * to install SSM Agent on hybrid Linux nodes and How + * to install SSM Agent on hybrid Windows Server nodes. To retrieve the * Name tag of an EC2 instance, use the Amazon EC2 * DescribeInstances operation. For information, see DescribeInstances diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstancePatchState.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstancePatchState.h index 72d6ac5bdcb..16c44ca2c36 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstancePatchState.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InstancePatchState.h @@ -109,9 +109,9 @@ namespace Model * AWS-RunPatchBaseline, overrides the patches specified by the * default patch baseline.

      For more information about the * InstallOverrideList parameter, see About - * the AWS-RunPatchBaseline SSM document in the Amazon Web - * Services Systems Manager User Guide.

      + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html">SSM + * Command document for patching: AWS-RunPatchBaseline in the + * Amazon Web Services Systems Manager User Guide.

      */ inline const Aws::String& GetInstallOverrideList() const{ return m_installOverrideList; } inline bool InstallOverrideListHasBeenSet() const { return m_installOverrideListHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryDeletionStatusItem.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryDeletionStatusItem.h index db7d31746c2..ec1569a837b 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryDeletionStatusItem.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryDeletionStatusItem.h @@ -111,7 +111,7 @@ namespace Model /** *

      Information about the delete operation. For more information about this * summary, see Understanding + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-custom.html#delete-custom-inventory">Understanding * the delete inventory summary in the Amazon Web Services Systems Manager * User Guide.

      */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryFilter.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryFilter.h index 61dfe885da0..04769254e83 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryFilter.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/InventoryFilter.h @@ -75,7 +75,7 @@ namespace Model /** *

      The type of filter.

      The Exists filter must be used * with aggregators. For more information, see Aggregating + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-aggregate.html">Aggregating * inventory data in the Amazon Web Services Systems Manager User * Guide.

      */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowRunCommandParameters.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowRunCommandParameters.h index ac2cf825544..b23d0241bd2 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowRunCommandParameters.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowRunCommandParameters.h @@ -205,7 +205,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

      */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowTask.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowTask.h index f64cf4569ce..60289c997ae 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowTask.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/MaintenanceWindowTask.h @@ -188,7 +188,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

      */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItem.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItem.h index a74a7d79ab2..62c06f3b3a8 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItem.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItem.h @@ -193,8 +193,7 @@ namespace Model ///@{ /** - *

      The OpsItem status. Status can be Open, In - * Progress, or Resolved. For more information, see The OpsItem status. For more information, see Editing * OpsItem details in the Amazon Web Services Systems Manager User * Guide.

      diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItemSummary.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItemSummary.h index da40ec7c777..f40d71b680d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItemSummary.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/OpsItemSummary.h @@ -122,8 +122,7 @@ namespace Model ///@{ /** - *

      The OpsItem status. Status can be Open, In - * Progress, or Resolved.

      + *

      The OpsItem status.

      */ inline const OpsItemStatus& GetStatus() const{ return m_status; } inline bool StatusHasBeenSet() const { return m_statusHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchComplianceData.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchComplianceData.h index 8ccb27440bf..a128b041730 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchComplianceData.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchComplianceData.h @@ -103,7 +103,7 @@ namespace Model /** *

      The state of the patch on the managed node, such as INSTALLED or FAILED.

      *

      For descriptions of each patch state, see About + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/compliance-about.html#compliance-monitor-patch">About * patch compliance in the Amazon Web Services Systems Manager User * Guide.

      */ diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchRule.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchRule.h index bc5fae04d98..16c37a01327 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchRule.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/PatchRule.h @@ -68,10 +68,17 @@ namespace Model *

      The number of days after the release date of each patch matched by the rule * that the patch is marked as approved in the patch baseline. For example, a value * of 7 means that patches are approved seven days after they are - * released.

      This parameter is marked as not required, but your + * released.

      This parameter is marked as Required: No, but your * request must include a value for either ApproveAfterDays or - * ApproveUntilDate.

      Not supported for Debian Server - * or Ubuntu Server.

      + * ApproveUntilDate.

      Not supported for Debian Server or Ubuntu + * Server.

      Use caution when setting this value for Windows + * Server patch baselines. Because patch updates that are replaced by later updates + * are removed, setting too broad a value for this parameter can result in crucial + * patches not being installed. For more information, see the Windows Server + * tab in the topic How + * security patches are selected in the Amazon Web Services Systems Manager + * User Guide.

      */ inline int GetApproveAfterDays() const{ return m_approveAfterDays; } inline bool ApproveAfterDaysHasBeenSet() const { return m_approveAfterDaysHasBeenSet; } @@ -83,11 +90,18 @@ namespace Model /** *

      The cutoff date for auto approval of released patches. Any patches released * on or before this date are installed automatically.

      Enter dates in the - * format YYYY-MM-DD. For example, 2021-12-31.

      - *

      This parameter is marked as not required, but your request must include a - * value for either ApproveUntilDate or - * ApproveAfterDays.

      Not supported for Debian Server or - * Ubuntu Server.

      + * format YYYY-MM-DD. For example, 2024-12-31.

      + *

      This parameter is marked as Required: No, but your request must + * include a value for either ApproveUntilDate or + * ApproveAfterDays.

      Not supported for Debian Server or Ubuntu + * Server.

      Use caution when setting this value for Windows + * Server patch baselines. Because patch updates that are replaced by later updates + * are removed, setting too broad a value for this parameter can result in crucial + * patches not being installed. For more information, see the Windows Server + * tab in the topic How + * security patches are selected in the Amazon Web Services Systems Manager + * User Guide.

      */ inline const Aws::String& GetApproveUntilDate() const{ return m_approveUntilDate; } inline bool ApproveUntilDateHasBeenSet() const { return m_approveUntilDateHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/RegisterTaskWithMaintenanceWindowRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/RegisterTaskWithMaintenanceWindowRequest.h index 9610cf53936..6fdd8c7b832 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/RegisterTaskWithMaintenanceWindowRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/RegisterTaskWithMaintenanceWindowRequest.h @@ -111,7 +111,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

      */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/SessionFilter.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/SessionFilter.h index 7e6a0a5e556..7105bbae761 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/SessionFilter.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/SessionFilter.h @@ -55,10 +55,10 @@ namespace Model /** *

      The filter value. Valid values for each filter key are as follows:

        *
      • InvokedAfter: Specify a timestamp to limit your results. For example, - * specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and + * specify 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and * later.

      • InvokedBefore: Specify a timestamp to limit your - * results. For example, specify 2018-08-29T00:00:00Z to see sessions that started - * before August 29, 2018.

      • Target: Specify a managed node to + * results. For example, specify 2024-08-29T00:00:00Z to see sessions that started + * before August 29, 2024.

      • Target: Specify a managed node to * which session connections have been made.

      • Owner: Specify an * Amazon Web Services user to see a list of sessions started by that user.

        *
      • Status: Specify a valid session status to see a list of all diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/StartAutomationExecutionRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/StartAutomationExecutionRequest.h index 9dbafef4114..f5766beafa6 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/StartAutomationExecutionRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/StartAutomationExecutionRequest.h @@ -139,7 +139,9 @@ namespace Model ///@{ /** *

        A key-value mapping to target resources. Required if you specify - * TargetParameterName.

        + * TargetParameterName.

        If both this parameter and the + * TargetLocation:Targets parameter are supplied, + * TargetLocation:Targets takes precedence.

        */ inline const Aws::Vector& GetTargets() const{ return m_targets; } inline bool TargetsHasBeenSet() const { return m_targetsHasBeenSet; } @@ -170,7 +172,9 @@ namespace Model /** *

        The maximum number of targets allowed to run this task in parallel. You can * specify a number, such as 10, or a percentage, such as 10%. The default value is - * 10.

        + * 10.

        If both this parameter and the + * TargetLocation:TargetsMaxConcurrency are supplied, + * TargetLocation:TargetsMaxConcurrency takes precedence.

        */ inline const Aws::String& GetMaxConcurrency() const{ return m_maxConcurrency; } inline bool MaxConcurrencyHasBeenSet() const { return m_maxConcurrencyHasBeenSet; } @@ -196,7 +200,9 @@ namespace Model * max-errors is reached are allowed to complete, but some of these executions may * fail as well. If you need to ensure that there won't be more than max-errors * failed executions, set max-concurrency to 1 so the executions proceed one at a - * time.

        + * time.

        If this parameter and the + * TargetLocation:TargetsMaxErrors parameter are both supplied, + * TargetLocation:TargetsMaxErrors takes precedence.

        */ inline const Aws::String& GetMaxErrors() const{ return m_maxErrors; } inline bool MaxErrorsHasBeenSet() const { return m_maxErrorsHasBeenSet; } @@ -215,9 +221,8 @@ namespace Model * start an automation in multiple Amazon Web Services Regions and multiple Amazon * Web Services accounts. For more information, see Running - * Automation workflows in multiple Amazon Web Services Regions and Amazon Web - * Services accounts in the Amazon Web Services Systems Manager User - * Guide.

        + * automations in multiple Amazon Web Services Regions and accounts in the + * Amazon Web Services Systems Manager User Guide.

        */ inline const Aws::Vector& GetTargetLocations() const{ return m_targetLocations; } inline bool TargetLocationsHasBeenSet() const { return m_targetLocationsHasBeenSet; } @@ -261,6 +266,22 @@ namespace Model inline StartAutomationExecutionRequest& WithAlarmConfiguration(const AlarmConfiguration& value) { SetAlarmConfiguration(value); return *this;} inline StartAutomationExecutionRequest& WithAlarmConfiguration(AlarmConfiguration&& value) { SetAlarmConfiguration(std::move(value)); return *this;} ///@} + + ///@{ + /** + *

        Specify a publicly accessible URL for a file that contains the + * TargetLocations body. Currently, only files in presigned Amazon S3 + * buckets are supported.

        + */ + inline const Aws::String& GetTargetLocationsURL() const{ return m_targetLocationsURL; } + inline bool TargetLocationsURLHasBeenSet() const { return m_targetLocationsURLHasBeenSet; } + inline void SetTargetLocationsURL(const Aws::String& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = value; } + inline void SetTargetLocationsURL(Aws::String&& value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL = std::move(value); } + inline void SetTargetLocationsURL(const char* value) { m_targetLocationsURLHasBeenSet = true; m_targetLocationsURL.assign(value); } + inline StartAutomationExecutionRequest& WithTargetLocationsURL(const Aws::String& value) { SetTargetLocationsURL(value); return *this;} + inline StartAutomationExecutionRequest& WithTargetLocationsURL(Aws::String&& value) { SetTargetLocationsURL(std::move(value)); return *this;} + inline StartAutomationExecutionRequest& WithTargetLocationsURL(const char* value) { SetTargetLocationsURL(value); return *this;} + ///@} private: Aws::String m_documentName; @@ -301,6 +322,9 @@ namespace Model AlarmConfiguration m_alarmConfiguration; bool m_alarmConfigurationHasBeenSet = false; + + Aws::String m_targetLocationsURL; + bool m_targetLocationsURLHasBeenSet = false; }; } // namespace Model diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/TargetLocation.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/TargetLocation.h index c35f79758ec..23428fdfbbf 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/TargetLocation.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/TargetLocation.h @@ -8,6 +8,7 @@ #include #include #include +#include #include namespace Aws @@ -128,6 +129,86 @@ namespace Model inline TargetLocation& WithTargetLocationAlarmConfiguration(const AlarmConfiguration& value) { SetTargetLocationAlarmConfiguration(value); return *this;} inline TargetLocation& WithTargetLocationAlarmConfiguration(AlarmConfiguration&& value) { SetTargetLocationAlarmConfiguration(std::move(value)); return *this;} ///@} + + ///@{ + /** + *

        Indicates whether to include child organizational units (OUs) that are + * children of the targeted OUs. The default is false.

        + */ + inline bool GetIncludeChildOrganizationUnits() const{ return m_includeChildOrganizationUnits; } + inline bool IncludeChildOrganizationUnitsHasBeenSet() const { return m_includeChildOrganizationUnitsHasBeenSet; } + inline void SetIncludeChildOrganizationUnits(bool value) { m_includeChildOrganizationUnitsHasBeenSet = true; m_includeChildOrganizationUnits = value; } + inline TargetLocation& WithIncludeChildOrganizationUnits(bool value) { SetIncludeChildOrganizationUnits(value); return *this;} + ///@} + + ///@{ + /** + *

        Amazon Web Services accounts or organizational units to exclude as expanded + * targets.

        + */ + inline const Aws::Vector& GetExcludeAccounts() const{ return m_excludeAccounts; } + inline bool ExcludeAccountsHasBeenSet() const { return m_excludeAccountsHasBeenSet; } + inline void SetExcludeAccounts(const Aws::Vector& value) { m_excludeAccountsHasBeenSet = true; m_excludeAccounts = value; } + inline void SetExcludeAccounts(Aws::Vector&& value) { m_excludeAccountsHasBeenSet = true; m_excludeAccounts = std::move(value); } + inline TargetLocation& WithExcludeAccounts(const Aws::Vector& value) { SetExcludeAccounts(value); return *this;} + inline TargetLocation& WithExcludeAccounts(Aws::Vector&& value) { SetExcludeAccounts(std::move(value)); return *this;} + inline TargetLocation& AddExcludeAccounts(const Aws::String& value) { m_excludeAccountsHasBeenSet = true; m_excludeAccounts.push_back(value); return *this; } + inline TargetLocation& AddExcludeAccounts(Aws::String&& value) { m_excludeAccountsHasBeenSet = true; m_excludeAccounts.push_back(std::move(value)); return *this; } + inline TargetLocation& AddExcludeAccounts(const char* value) { m_excludeAccountsHasBeenSet = true; m_excludeAccounts.push_back(value); return *this; } + ///@} + + ///@{ + /** + *

        A list of key-value mappings to target resources. If you specify values for + * this data type, you must also specify a value for + * TargetParameterName.

        This Targets parameter + * takes precedence over the StartAutomationExecution:Targets + * parameter if both are supplied.

        + */ + inline const Aws::Vector& GetTargets() const{ return m_targets; } + inline bool TargetsHasBeenSet() const { return m_targetsHasBeenSet; } + inline void SetTargets(const Aws::Vector& value) { m_targetsHasBeenSet = true; m_targets = value; } + inline void SetTargets(Aws::Vector&& value) { m_targetsHasBeenSet = true; m_targets = std::move(value); } + inline TargetLocation& WithTargets(const Aws::Vector& value) { SetTargets(value); return *this;} + inline TargetLocation& WithTargets(Aws::Vector&& value) { SetTargets(std::move(value)); return *this;} + inline TargetLocation& AddTargets(const Target& value) { m_targetsHasBeenSet = true; m_targets.push_back(value); return *this; } + inline TargetLocation& AddTargets(Target&& value) { m_targetsHasBeenSet = true; m_targets.push_back(std::move(value)); return *this; } + ///@} + + ///@{ + /** + *

        The maximum number of targets allowed to run this task in parallel. This + * TargetsMaxConcurrency takes precedence over the + * StartAutomationExecution:MaxConcurrency parameter if both are + * supplied.

        + */ + inline const Aws::String& GetTargetsMaxConcurrency() const{ return m_targetsMaxConcurrency; } + inline bool TargetsMaxConcurrencyHasBeenSet() const { return m_targetsMaxConcurrencyHasBeenSet; } + inline void SetTargetsMaxConcurrency(const Aws::String& value) { m_targetsMaxConcurrencyHasBeenSet = true; m_targetsMaxConcurrency = value; } + inline void SetTargetsMaxConcurrency(Aws::String&& value) { m_targetsMaxConcurrencyHasBeenSet = true; m_targetsMaxConcurrency = std::move(value); } + inline void SetTargetsMaxConcurrency(const char* value) { m_targetsMaxConcurrencyHasBeenSet = true; m_targetsMaxConcurrency.assign(value); } + inline TargetLocation& WithTargetsMaxConcurrency(const Aws::String& value) { SetTargetsMaxConcurrency(value); return *this;} + inline TargetLocation& WithTargetsMaxConcurrency(Aws::String&& value) { SetTargetsMaxConcurrency(std::move(value)); return *this;} + inline TargetLocation& WithTargetsMaxConcurrency(const char* value) { SetTargetsMaxConcurrency(value); return *this;} + ///@} + + ///@{ + /** + *

        The maximum number of errors that are allowed before the system stops running + * the automation on additional targets. This TargetsMaxErrors + * parameter takes precedence over the + * StartAutomationExecution:MaxErrors parameter if both are + * supplied.

        + */ + inline const Aws::String& GetTargetsMaxErrors() const{ return m_targetsMaxErrors; } + inline bool TargetsMaxErrorsHasBeenSet() const { return m_targetsMaxErrorsHasBeenSet; } + inline void SetTargetsMaxErrors(const Aws::String& value) { m_targetsMaxErrorsHasBeenSet = true; m_targetsMaxErrors = value; } + inline void SetTargetsMaxErrors(Aws::String&& value) { m_targetsMaxErrorsHasBeenSet = true; m_targetsMaxErrors = std::move(value); } + inline void SetTargetsMaxErrors(const char* value) { m_targetsMaxErrorsHasBeenSet = true; m_targetsMaxErrors.assign(value); } + inline TargetLocation& WithTargetsMaxErrors(const Aws::String& value) { SetTargetsMaxErrors(value); return *this;} + inline TargetLocation& WithTargetsMaxErrors(Aws::String&& value) { SetTargetsMaxErrors(std::move(value)); return *this;} + inline TargetLocation& WithTargetsMaxErrors(const char* value) { SetTargetsMaxErrors(value); return *this;} + ///@} private: Aws::Vector m_accounts; @@ -147,6 +228,21 @@ namespace Model AlarmConfiguration m_targetLocationAlarmConfiguration; bool m_targetLocationAlarmConfigurationHasBeenSet = false; + + bool m_includeChildOrganizationUnits; + bool m_includeChildOrganizationUnitsHasBeenSet = false; + + Aws::Vector m_excludeAccounts; + bool m_excludeAccountsHasBeenSet = false; + + Aws::Vector m_targets; + bool m_targetsHasBeenSet = false; + + Aws::String m_targetsMaxConcurrency; + bool m_targetsMaxConcurrencyHasBeenSet = false; + + Aws::String m_targetsMaxErrors; + bool m_targetsMaxErrorsHasBeenSet = false; }; } // namespace Model diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskRequest.h index 8f20f5a037b..7d152a62a88 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskRequest.h @@ -121,7 +121,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

        */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskResult.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskResult.h index c8ea4f68751..2f4380757f5 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskResult.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateMaintenanceWindowTaskResult.h @@ -105,7 +105,7 @@ namespace Model * crafted to provide only the permissions needed for your particular maintenance * window tasks. For more information, see Setting - * up maintenance windows in the in the Amazon Web Services Systems Manager + * up Maintenance Windows in the in the Amazon Web Services Systems Manager * User Guide.

        */ inline const Aws::String& GetServiceRoleArn() const{ return m_serviceRoleArn; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateManagedInstanceRoleRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateManagedInstanceRoleRequest.h index ddaf859351d..00601540ea6 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateManagedInstanceRoleRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateManagedInstanceRoleRequest.h @@ -54,11 +54,11 @@ namespace Model * assign to the managed node. This IAM role must provide AssumeRole permissions * for the Amazon Web Services Systems Manager service principal * ssm.amazonaws.com. For more information, see Create - * an IAM service role for a hybrid and multicloud environment in the Amazon - * Web Services Systems Manager User Guide.

        You can't specify an - * IAM service-linked role for this parameter. You must create a unique role.

        - * + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/hybrid-multicloud-service-role.html">Create + * the IAM service role required for Systems Manager in hybrid and multicloud + * environments in the Amazon Web Services Systems Manager User + * Guide.

        You can't specify an IAM service-linked role for this + * parameter. You must create a unique role.

        */ inline const Aws::String& GetIamRole() const{ return m_iamRole; } inline bool IamRoleHasBeenSet() const { return m_iamRoleHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateOpsItemRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateOpsItemRequest.h index 42a5b529ea0..2b962d66f5c 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateOpsItemRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdateOpsItemRequest.h @@ -155,8 +155,7 @@ namespace Model ///@{ /** - *

        The OpsItem status. Status can be Open, In - * Progress, or Resolved. For more information, see The OpsItem status. For more information, see Editing * OpsItem details in the Amazon Web Services Systems Manager User * Guide.

        diff --git a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdatePatchBaselineRequest.h b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdatePatchBaselineRequest.h index 34a62f98a00..2942925d51d 100644 --- a/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdatePatchBaselineRequest.h +++ b/generated/src/aws-cpp-sdk-ssm/include/aws/ssm/model/UpdatePatchBaselineRequest.h @@ -97,9 +97,9 @@ namespace Model *

        A list of explicitly approved patches for the baseline.

        For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

        + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

        */ inline const Aws::Vector& GetApprovedPatches() const{ return m_approvedPatches; } inline bool ApprovedPatchesHasBeenSet() const { return m_approvedPatchesHasBeenSet; } @@ -141,9 +141,9 @@ namespace Model *

        A list of explicitly rejected patches for the baseline.

        For * information about accepted formats for lists of approved patches and rejected * patches, see About - * package name formats for approved and rejected patch lists in the Amazon - * Web Services Systems Manager User Guide.

        + * href="https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html">Package + * name formats for approved and rejected patch lists in the Amazon Web + * Services Systems Manager User Guide.

        */ inline const Aws::Vector& GetRejectedPatches() const{ return m_rejectedPatches; } inline bool RejectedPatchesHasBeenSet() const { return m_rejectedPatchesHasBeenSet; } diff --git a/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecution.cpp b/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecution.cpp index 3404bf65293..2870e61abbc 100644 --- a/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecution.cpp +++ b/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecution.cpp @@ -49,6 +49,7 @@ AutomationExecution::AutomationExecution() : m_progressCountersHasBeenSet(false), m_alarmConfigurationHasBeenSet(false), m_triggeredAlarmsHasBeenSet(false), + m_targetLocationsURLHasBeenSet(false), m_automationSubtype(AutomationSubtype::NOT_SET), m_automationSubtypeHasBeenSet(false), m_scheduledTimeHasBeenSet(false), @@ -305,6 +306,13 @@ AutomationExecution& AutomationExecution::operator =(JsonView jsonValue) m_triggeredAlarmsHasBeenSet = true; } + if(jsonValue.ValueExists("TargetLocationsURL")) + { + m_targetLocationsURL = jsonValue.GetString("TargetLocationsURL"); + + m_targetLocationsURLHasBeenSet = true; + } + if(jsonValue.ValueExists("AutomationSubtype")) { m_automationSubtype = AutomationSubtypeMapper::GetAutomationSubtypeForName(jsonValue.GetString("AutomationSubtype")); @@ -587,6 +595,12 @@ JsonValue AutomationExecution::Jsonize() const } + if(m_targetLocationsURLHasBeenSet) + { + payload.WithString("TargetLocationsURL", m_targetLocationsURL); + + } + if(m_automationSubtypeHasBeenSet) { payload.WithString("AutomationSubtype", AutomationSubtypeMapper::GetNameForAutomationSubtype(m_automationSubtype)); diff --git a/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecutionMetadata.cpp b/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecutionMetadata.cpp index 04ffd25d42f..cf464b485fb 100644 --- a/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecutionMetadata.cpp +++ b/generated/src/aws-cpp-sdk-ssm/source/model/AutomationExecutionMetadata.cpp @@ -46,6 +46,7 @@ AutomationExecutionMetadata::AutomationExecutionMetadata() : m_automationTypeHasBeenSet(false), m_alarmConfigurationHasBeenSet(false), m_triggeredAlarmsHasBeenSet(false), + m_targetLocationsURLHasBeenSet(false), m_automationSubtype(AutomationSubtype::NOT_SET), m_automationSubtypeHasBeenSet(false), m_scheduledTimeHasBeenSet(false), @@ -264,6 +265,13 @@ AutomationExecutionMetadata& AutomationExecutionMetadata::operator =(JsonView js m_triggeredAlarmsHasBeenSet = true; } + if(jsonValue.ValueExists("TargetLocationsURL")) + { + m_targetLocationsURL = jsonValue.GetString("TargetLocationsURL"); + + m_targetLocationsURLHasBeenSet = true; + } + if(jsonValue.ValueExists("AutomationSubtype")) { m_automationSubtype = AutomationSubtypeMapper::GetAutomationSubtypeForName(jsonValue.GetString("AutomationSubtype")); @@ -490,6 +498,12 @@ JsonValue AutomationExecutionMetadata::Jsonize() const } + if(m_targetLocationsURLHasBeenSet) + { + payload.WithString("TargetLocationsURL", m_targetLocationsURL); + + } + if(m_automationSubtypeHasBeenSet) { payload.WithString("AutomationSubtype", AutomationSubtypeMapper::GetNameForAutomationSubtype(m_automationSubtype)); diff --git a/generated/src/aws-cpp-sdk-ssm/source/model/StartAutomationExecutionRequest.cpp b/generated/src/aws-cpp-sdk-ssm/source/model/StartAutomationExecutionRequest.cpp index b441303ec2e..ad276b2161f 100644 --- a/generated/src/aws-cpp-sdk-ssm/source/model/StartAutomationExecutionRequest.cpp +++ b/generated/src/aws-cpp-sdk-ssm/source/model/StartAutomationExecutionRequest.cpp @@ -26,7 +26,8 @@ StartAutomationExecutionRequest::StartAutomationExecutionRequest() : m_maxErrorsHasBeenSet(false), m_targetLocationsHasBeenSet(false), m_tagsHasBeenSet(false), - m_alarmConfigurationHasBeenSet(false) + m_alarmConfigurationHasBeenSet(false), + m_targetLocationsURLHasBeenSet(false) { } @@ -151,6 +152,12 @@ Aws::String StartAutomationExecutionRequest::SerializePayload() const } + if(m_targetLocationsURLHasBeenSet) + { + payload.WithString("TargetLocationsURL", m_targetLocationsURL); + + } + return payload.View().WriteReadable(); } diff --git a/generated/src/aws-cpp-sdk-ssm/source/model/TargetLocation.cpp b/generated/src/aws-cpp-sdk-ssm/source/model/TargetLocation.cpp index e046d65677d..cdc04ba90fd 100644 --- a/generated/src/aws-cpp-sdk-ssm/source/model/TargetLocation.cpp +++ b/generated/src/aws-cpp-sdk-ssm/source/model/TargetLocation.cpp @@ -24,7 +24,13 @@ TargetLocation::TargetLocation() : m_targetLocationMaxConcurrencyHasBeenSet(false), m_targetLocationMaxErrorsHasBeenSet(false), m_executionRoleNameHasBeenSet(false), - m_targetLocationAlarmConfigurationHasBeenSet(false) + m_targetLocationAlarmConfigurationHasBeenSet(false), + m_includeChildOrganizationUnits(false), + m_includeChildOrganizationUnitsHasBeenSet(false), + m_excludeAccountsHasBeenSet(false), + m_targetsHasBeenSet(false), + m_targetsMaxConcurrencyHasBeenSet(false), + m_targetsMaxErrorsHasBeenSet(false) { } @@ -84,6 +90,47 @@ TargetLocation& TargetLocation::operator =(JsonView jsonValue) m_targetLocationAlarmConfigurationHasBeenSet = true; } + if(jsonValue.ValueExists("IncludeChildOrganizationUnits")) + { + m_includeChildOrganizationUnits = jsonValue.GetBool("IncludeChildOrganizationUnits"); + + m_includeChildOrganizationUnitsHasBeenSet = true; + } + + if(jsonValue.ValueExists("ExcludeAccounts")) + { + Aws::Utils::Array excludeAccountsJsonList = jsonValue.GetArray("ExcludeAccounts"); + for(unsigned excludeAccountsIndex = 0; excludeAccountsIndex < excludeAccountsJsonList.GetLength(); ++excludeAccountsIndex) + { + m_excludeAccounts.push_back(excludeAccountsJsonList[excludeAccountsIndex].AsString()); + } + m_excludeAccountsHasBeenSet = true; + } + + if(jsonValue.ValueExists("Targets")) + { + Aws::Utils::Array targetsJsonList = jsonValue.GetArray("Targets"); + for(unsigned targetsIndex = 0; targetsIndex < targetsJsonList.GetLength(); ++targetsIndex) + { + m_targets.push_back(targetsJsonList[targetsIndex].AsObject()); + } + m_targetsHasBeenSet = true; + } + + if(jsonValue.ValueExists("TargetsMaxConcurrency")) + { + m_targetsMaxConcurrency = jsonValue.GetString("TargetsMaxConcurrency"); + + m_targetsMaxConcurrencyHasBeenSet = true; + } + + if(jsonValue.ValueExists("TargetsMaxErrors")) + { + m_targetsMaxErrors = jsonValue.GetString("TargetsMaxErrors"); + + m_targetsMaxErrorsHasBeenSet = true; + } + return *this; } @@ -137,6 +184,46 @@ JsonValue TargetLocation::Jsonize() const } + if(m_includeChildOrganizationUnitsHasBeenSet) + { + payload.WithBool("IncludeChildOrganizationUnits", m_includeChildOrganizationUnits); + + } + + if(m_excludeAccountsHasBeenSet) + { + Aws::Utils::Array excludeAccountsJsonList(m_excludeAccounts.size()); + for(unsigned excludeAccountsIndex = 0; excludeAccountsIndex < excludeAccountsJsonList.GetLength(); ++excludeAccountsIndex) + { + excludeAccountsJsonList[excludeAccountsIndex].AsString(m_excludeAccounts[excludeAccountsIndex]); + } + payload.WithArray("ExcludeAccounts", std::move(excludeAccountsJsonList)); + + } + + if(m_targetsHasBeenSet) + { + Aws::Utils::Array targetsJsonList(m_targets.size()); + for(unsigned targetsIndex = 0; targetsIndex < targetsJsonList.GetLength(); ++targetsIndex) + { + targetsJsonList[targetsIndex].AsObject(m_targets[targetsIndex].Jsonize()); + } + payload.WithArray("Targets", std::move(targetsJsonList)); + + } + + if(m_targetsMaxConcurrencyHasBeenSet) + { + payload.WithString("TargetsMaxConcurrency", m_targetsMaxConcurrency); + + } + + if(m_targetsMaxErrorsHasBeenSet) + { + payload.WithString("TargetsMaxErrors", m_targetsMaxErrors); + + } + return payload; } diff --git a/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h b/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h index 3986e525626..8f0e6d2d6bf 100644 --- a/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h +++ b/src/aws-cpp-sdk-core/include/aws/core/VersionConfig.h @@ -4,7 +4,7 @@ */ #pragma once -#define AWS_SDK_VERSION_STRING "1.11.406" +#define AWS_SDK_VERSION_STRING "1.11.407" #define AWS_SDK_VERSION_MAJOR 1 #define AWS_SDK_VERSION_MINOR 11 -#define AWS_SDK_VERSION_PATCH 406 +#define AWS_SDK_VERSION_PATCH 407 diff --git a/tools/code-generation/api-descriptions/codebuild-2016-10-06.normal.json b/tools/code-generation/api-descriptions/codebuild-2016-10-06.normal.json index a7972dea350..c599b860e5a 100644 --- a/tools/code-generation/api-descriptions/codebuild-2016-10-06.normal.json +++ b/tools/code-generation/api-descriptions/codebuild-2016-10-06.normal.json @@ -3941,15 +3941,15 @@ "members":{ "name":{ "shape":"String", - "documentation":"

        The name of either the enterprise or organization that will send webhook events to CodeBuild, depending on if the webhook is a global or organization webhook respectively.

        " + "documentation":"

        The name of either the group, enterprise, or organization that will send webhook events to CodeBuild, depending on the type of webhook.

        " }, "domain":{ "shape":"String", - "documentation":"

        The domain of the GitHub Enterprise organization. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE

        " + "documentation":"

        The domain of the GitHub Enterprise organization or the GitLab Self Managed group. Note that this parameter is only required if your project's source type is GITHUB_ENTERPRISE or GITLAB_SELF_MANAGED.

        " }, "scope":{ "shape":"WebhookScopeType", - "documentation":"

        The type of scope for a GitHub webhook.

        " + "documentation":"

        The type of scope for a GitHub or GitLab webhook.

        " } }, "documentation":"

        Contains configuration information about the scope for a webhook.

        " @@ -4867,7 +4867,8 @@ "type":"string", "enum":[ "GITHUB_ORGANIZATION", - "GITHUB_GLOBAL" + "GITHUB_GLOBAL", + "GITLAB_GROUP" ] }, "WrapperBoolean":{"type":"boolean"}, diff --git a/tools/code-generation/api-descriptions/ecr-2015-09-21.normal.json b/tools/code-generation/api-descriptions/ecr-2015-09-21.normal.json index 9e35f8afd5b..4c353da20bd 100644 --- a/tools/code-generation/api-descriptions/ecr-2015-09-21.normal.json +++ b/tools/code-generation/api-descriptions/ecr-2015-09-21.normal.json @@ -1806,7 +1806,7 @@ "members":{ "encryptionType":{ "shape":"EncryptionType", - "documentation":"

        The encryption type to use.

        If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

        If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

        If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3) in the Amazon Simple Storage Service Console Developer Guide.

        " + "documentation":"

        The encryption type to use.

        If you use the KMS encryption type, the contents of the repository will be encrypted using server-side encryption with Key Management Service key stored in KMS. When you use KMS to encrypt your data, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you already created.

        If you use the KMS_DSSE encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the KMS Management Service key stored in KMS. Similar to the KMS encryption type, you can either use the default Amazon Web Services managed KMS key for Amazon ECR, or specify your own KMS key, which you've already created.

        If you use the AES256 encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.

        For more information, see Amazon ECR encryption at rest in the Amazon Elastic Container Registry User Guide.

        " }, "kmsKey":{ "shape":"KmsKey", @@ -1900,6 +1900,14 @@ "updatedAt":{ "shape":"Date", "documentation":"

        The date and time the finding was last updated at.

        " + }, + "fixAvailable":{ + "shape":"FixAvailable", + "documentation":"

        Details on whether a fix is available through a version update. This value can be YES, NO, or PARTIAL. A PARTIAL fix means that some, but not all, of the packages identified in the finding have fixes available through updated versions.

        " + }, + "exploitAvailable":{ + "shape":"ExploitAvailable", + "documentation":"

        If a finding discovered in your environment has an exploit available.

        " } }, "documentation":"

        The details of an enhanced image scan. This is returned when enhanced scanning is enabled for your private registry.

        " @@ -1912,6 +1920,7 @@ "EvaluationTimestamp":{"type":"timestamp"}, "ExceptionMessage":{"type":"string"}, "ExpirationTimestamp":{"type":"timestamp"}, + "ExploitAvailable":{"type":"string"}, "FilePath":{"type":"string"}, "FindingArn":{"type":"string"}, "FindingDescription":{"type":"string"}, @@ -1932,6 +1941,8 @@ "key":{"shape":"FindingSeverity"}, "value":{"shape":"SeverityCount"} }, + "FixAvailable":{"type":"string"}, + "FixedInVersion":{"type":"string"}, "ForceFlag":{"type":"boolean"}, "GetAccountSettingRequest":{ "type":"structure", @@ -4466,6 +4477,10 @@ "version":{ "shape":"Version", "documentation":"

        The version of the vulnerable package.

        " + }, + "fixedInVersion":{ + "shape":"FixedInVersion", + "documentation":"

        The version of the package that contains the vulnerability fix.

        " } }, "documentation":"

        Information on the vulnerable package identified by a finding.

        " diff --git a/tools/code-generation/api-descriptions/ecs-2014-11-13.normal.json b/tools/code-generation/api-descriptions/ecs-2014-11-13.normal.json index 90069bd5ef9..f1a5b1a74ae 100644 --- a/tools/code-generation/api-descriptions/ecs-2014-11-13.normal.json +++ b/tools/code-generation/api-descriptions/ecs-2014-11-13.normal.json @@ -1561,11 +1561,11 @@ "members":{ "name":{ "shape":"String", - "documentation":"

        The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in tthe docker conainer create command and the --name option to docker run.

        " + "documentation":"

        The name of a container. If you're linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to name in the docker container create command and the --name option to docker run.

        " }, "image":{ "shape":"String", - "documentation":"

        The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker conainer create command and the IMAGE parameter of docker run.

        • When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.

        • Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest. For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE.

        • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo).

        • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent).

        • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu).

        " + "documentation":"

        The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either repository-url/image:tag or repository-url/image@digest . Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to Image in the docker container create command and the IMAGE parameter of docker run.

        • When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.

        • Images in Amazon ECR repositories can be specified by either using the full registry/repository:tag or registry/repository@digest. For example, 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>:latest or 012345678910.dkr.ecr.<region-name>.amazonaws.com/<repository-name>@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE.

        • Images in official repositories on Docker Hub use a single name (for example, ubuntu or mongo).

        • Images in other repositories on Docker Hub are qualified with an organization name (for example, amazon/amazon-ecs-agent).

        • Images in other online repositories are qualified further by a domain name (for example, quay.io/assemblyline/ubuntu).

        " }, "repositoryCredentials":{ "shape":"RepositoryCredentials", @@ -1573,23 +1573,23 @@ }, "cpu":{ "shape":"Integer", - "documentation":"

        The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker conainer create commandand the --cpu-shares option to docker run.

        This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

        You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

        Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

        On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

        • Agent versions less than or equal to 1.1.0: Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.

        • Agent versions greater than or equal to 1.2.0: Null, zero, and CPU values of 1 are passed to Docker as 2.

        • Agent versions greater than or equal to 1.84.0: CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.

        On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

        " + "documentation":"

        The number of cpu units reserved for the container. This parameter maps to CpuShares in the docker container create commandand the --cpu-shares option to docker run.

        This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level cpu value.

        You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the Amazon EC2 Instances detail page by 1,024.

        Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.

        On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:

        • Agent versions less than or equal to 1.1.0: Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.

        • Agent versions greater than or equal to 1.2.0: Null, zero, and CPU values of 1 are passed to Docker as 2.

        • Agent versions greater than or equal to 1.84.0: CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.

        On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as 0, which Windows interprets as 1% of one CPU.

        " }, "memory":{ "shape":"BoxedInteger", - "documentation":"

        The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified. This parameter maps to Memory in thethe docker conainer create command and the --memory option to docker run.

        If using the Fargate launch type, this parameter is optional.

        If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

        The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

        The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

        " + "documentation":"

        The amount (in MiB) of memory to present to the container. If your container attempts to exceed the memory specified here, the container is killed. The total amount of memory reserved for all containers within a task must be lower than the task memory value, if one is specified. This parameter maps to Memory in the docker container create command and the --memory option to docker run.

        If using the Fargate launch type, this parameter is optional.

        If using the EC2 launch type, you must specify either a task-level memory value or a container-level memory value. If you specify both a container-level memory and memoryReservation value, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

        The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

        The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

        " }, "memoryReservation":{ "shape":"BoxedInteger", - "documentation":"

        The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation in the the docker conainer create command and the --memory-reservation option to docker run.

        If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

        For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.

        The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

        The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

        " + "documentation":"

        The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the memory parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to MemoryReservation in the docker container create command and the --memory-reservation option to docker run.

        If a task-level memory value is not specified, you must specify a non-zero integer for one or both of memory or memoryReservation in a container definition. If you specify both, memory must be greater than memoryReservation. If you specify memoryReservation, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of memory is used.

        For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a memoryReservation of 128 MiB, and a memory hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.

        The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers.

        The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers.

        " }, "links":{ "shape":"StringList", - "documentation":"

        The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker conainer create command and the --link option to docker run.

        This parameter is not supported for Windows containers.

        Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.

        " + "documentation":"

        The links parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is bridge. The name:internalName construct is analogous to name:alias in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to Links in the docker container create command and the --link option to docker run.

        This parameter is not supported for Windows containers.

        Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings.

        " }, "portMappings":{ "shape":"PortMappingList", - "documentation":"

        The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

        For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

        Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

        This parameter maps to PortBindings in the the docker conainer create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

        After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

        " + "documentation":"

        The list of port mappings for the container. Port mappings allow containers to access ports on the host container instance to send or receive traffic.

        For task definitions that use the awsvpc network mode, only specify the containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

        Port mappings on Windows use the NetNAT gateway address rather than localhost. There's no loopback for port mappings on Windows, so you can't access a container's mapped port from the host itself.

        This parameter maps to PortBindings in the the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to none, then you can't specify port mappings. If the network mode of a task definition is set to host, then host ports must either be undefined or they must match the container port in the port mapping.

        After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the Network Bindings section of a container description for a selected task in the Amazon ECS console. The assignments are also visible in the networkBindings section DescribeTasks responses.

        " }, "essential":{ "shape":"BoxedBoolean", @@ -1601,15 +1601,15 @@ }, "entryPoint":{ "shape":"StringList", - "documentation":"

        Early versions of the Amazon ECS container agent don't properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.

        The entry point that's passed to the container. This parameter maps to Entrypoint in tthe docker conainer create command and the --entrypoint option to docker run.

        " + "documentation":"

        Early versions of the Amazon ECS container agent don't properly handle entryPoint parameters. If you have problems using entryPoint, update your container agent or enter your commands and arguments as command array items instead.

        The entry point that's passed to the container. This parameter maps to Entrypoint in the docker container create command and the --entrypoint option to docker run.

        " }, "command":{ "shape":"StringList", - "documentation":"

        The command that's passed to the container. This parameter maps to Cmd in the docker conainer create command and the COMMAND parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.

        " + "documentation":"

        The command that's passed to the container. This parameter maps to Cmd in the docker container create command and the COMMAND parameter to docker run. If there are multiple arguments, each argument is a separated string in the array.

        " }, "environment":{ "shape":"EnvironmentVariables", - "documentation":"

        The environment variables to pass to a container. This parameter maps to Env in the docker conainer create command and the --env option to docker run.

        We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.

        " + "documentation":"

        The environment variables to pass to a container. This parameter maps to Env in the docker container create command and the --env option to docker run.

        We don't recommend that you use plaintext environment variables for sensitive information, such as credential data.

        " }, "environmentFiles":{ "shape":"EnvironmentFiles", @@ -1617,11 +1617,11 @@ }, "mountPoints":{ "shape":"MountPointList", - "documentation":"

        The mount points for data volumes in your container.

        This parameter maps to Volumes in the the docker conainer create command and the --volume option to docker run.

        Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives.

        " + "documentation":"

        The mount points for data volumes in your container.

        This parameter maps to Volumes in the docker container create command and the --volume option to docker run.

        Windows containers can mount whole directories on the same drive as $env:ProgramData. Windows containers can't mount directories on a different drive, and mount point can't be across drives.

        " }, "volumesFrom":{ "shape":"VolumeFromList", - "documentation":"

        Data volumes to mount from another container. This parameter maps to VolumesFrom in tthe docker conainer create command and the --volumes-from option to docker run.

        " + "documentation":"

        Data volumes to mount from another container. This parameter maps to VolumesFrom in the docker container create command and the --volumes-from option to docker run.

        " }, "linuxParameters":{ "shape":"LinuxParameters", @@ -1641,75 +1641,75 @@ }, "stopTimeout":{ "shape":"BoxedInteger", - "documentation":"

        Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.

        For tasks using the Fargate launch type, the task or service requires the following platforms:

        • Linux platform version 1.3.0 or later.

        • Windows platform version 1.0.0 or later.

        The max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.

        For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

        The valid values are 2-120 seconds.

        " + "documentation":"

        Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.

        For tasks using the Fargate launch type, the task or service requires the following platforms:

        • Linux platform version 1.3.0 or later.

        • Windows platform version 1.0.0 or later.

        For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.

        For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.

        The valid values for Fargate are 2-120 seconds.

        " }, "hostname":{ "shape":"String", - "documentation":"

        The hostname to use for your container. This parameter maps to Hostname in thethe docker conainer create command and the --hostname option to docker run.

        The hostname parameter is not supported if you're using the awsvpc network mode.

        " + "documentation":"

        The hostname to use for your container. This parameter maps to Hostname in the docker container create command and the --hostname option to docker run.

        The hostname parameter is not supported if you're using the awsvpc network mode.

        " }, "user":{ "shape":"String", - "documentation":"

        The user to use inside the container. This parameter maps to User in the docker conainer create command and the --user option to docker run.

        When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.

        You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.

        • user

        • user:group

        • uid

        • uid:gid

        • user:gid

        • uid:group

        This parameter is not supported for Windows containers.

        " + "documentation":"

        The user to use inside the container. This parameter maps to User in the docker container create command and the --user option to docker run.

        When running tasks using the host network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.

        You can specify the user using the following formats. If specifying a UID or GID, you must specify it as a positive integer.

        • user

        • user:group

        • uid

        • uid:gid

        • user:gid

        • uid:group

        This parameter is not supported for Windows containers.

        " }, "workingDirectory":{ "shape":"String", - "documentation":"

        The working directory to run commands inside the container in. This parameter maps to WorkingDir in the docker conainer create command and the --workdir option to docker run.

        " + "documentation":"

        The working directory to run commands inside the container in. This parameter maps to WorkingDir in the docker container create command and the --workdir option to docker run.

        " }, "disableNetworking":{ "shape":"BoxedBoolean", - "documentation":"

        When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the docker conainer create command.

        This parameter is not supported for Windows containers.

        " + "documentation":"

        When this parameter is true, networking is off within the container. This parameter maps to NetworkDisabled in the docker container create command.

        This parameter is not supported for Windows containers.

        " }, "privileged":{ "shape":"BoxedBoolean", - "documentation":"

        When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the the docker conainer create command and the --privileged option to docker run

        This parameter is not supported for Windows containers or tasks run on Fargate.

        " + "documentation":"

        When this parameter is true, the container is given elevated privileges on the host container instance (similar to the root user). This parameter maps to Privileged in the docker container create command and the --privileged option to docker run

        This parameter is not supported for Windows containers or tasks run on Fargate.

        " }, "readonlyRootFilesystem":{ "shape":"BoxedBoolean", - "documentation":"

        When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the docker conainer create command and the --read-only option to docker run.

        This parameter is not supported for Windows containers.

        " + "documentation":"

        When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ReadonlyRootfs in the docker container create command and the --read-only option to docker run.

        This parameter is not supported for Windows containers.

        " }, "dnsServers":{ "shape":"StringList", - "documentation":"

        A list of DNS servers that are presented to the container. This parameter maps to Dns in the the docker conainer create command and the --dns option to docker run.

        This parameter is not supported for Windows containers.

        " + "documentation":"

        A list of DNS servers that are presented to the container. This parameter maps to Dns in the docker container create command and the --dns option to docker run.

        This parameter is not supported for Windows containers.

        " }, "dnsSearchDomains":{ "shape":"StringList", - "documentation":"

        A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the docker conainer create command and the --dns-search option to docker run.

        This parameter is not supported for Windows containers.

        " + "documentation":"

        A list of DNS search domains that are presented to the container. This parameter maps to DnsSearch in the docker container create command and the --dns-search option to docker run.

        This parameter is not supported for Windows containers.

        " }, "extraHosts":{ "shape":"HostEntryList", - "documentation":"

        A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This parameter maps to ExtraHosts in the docker conainer create command and the --add-host option to docker run.

        This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode.

        " + "documentation":"

        A list of hostnames and IP address mappings to append to the /etc/hosts file on the container. This parameter maps to ExtraHosts in the docker container create command and the --add-host option to docker run.

        This parameter isn't supported for Windows containers or tasks that use the awsvpc network mode.

        " }, "dockerSecurityOptions":{ "shape":"StringList", - "documentation":"

        A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.

        For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.

        For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers in the Amazon Elastic Container Service Developer Guide.

        This parameter maps to SecurityOpt in the docker conainer create command and the --security-opt option to docker run.

        The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

        Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"

        " + "documentation":"

        A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.

        For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.

        For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see Using gMSAs for Windows Containers and Using gMSAs for Linux Containers in the Amazon Elastic Container Service Developer Guide.

        This parameter maps to SecurityOpt in the docker container create command and the --security-opt option to docker run.

        The Amazon ECS container agent running on a container instance must register with the ECS_SELINUX_CAPABLE=true or ECS_APPARMOR_CAPABLE=true environment variables before containers placed on that instance can use these security options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

        Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"

        " }, "interactive":{ "shape":"BoxedBoolean", - "documentation":"

        When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the docker conainer create command and the --interactive option to docker run.

        " + "documentation":"

        When this parameter is true, you can deploy containerized applications that require stdin or a tty to be allocated. This parameter maps to OpenStdin in the docker container create command and the --interactive option to docker run.

        " }, "pseudoTerminal":{ "shape":"BoxedBoolean", - "documentation":"

        When this parameter is true, a TTY is allocated. This parameter maps to Tty in tthe docker conainer create command and the --tty option to docker run.

        " + "documentation":"

        When this parameter is true, a TTY is allocated. This parameter maps to Tty in the docker container create command and the --tty option to docker run.

        " }, "dockerLabels":{ "shape":"DockerLabelsMap", - "documentation":"

        A key/value map of labels to add to the container. This parameter maps to Labels in the docker conainer create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        " + "documentation":"

        A key/value map of labels to add to the container. This parameter maps to Labels in the docker container create command and the --label option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        " }, "ulimits":{ "shape":"UlimitList", - "documentation":"

        A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in tthe docker conainer create command and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.

        Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535.

        This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        This parameter is not supported for Windows containers.

        " + "documentation":"

        A list of ulimits to set in the container. If a ulimit value is specified in a task definition, it overrides the default values set by Docker. This parameter maps to Ulimits in the docker container create command and the --ulimit option to docker run. Valid naming values are displayed in the Ulimit data type.

        Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535.

        This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        This parameter is not supported for Windows containers.

        " }, "logConfiguration":{ "shape":"LogConfiguration", - "documentation":"

        The log configuration specification for the container.

        This parameter maps to LogConfig in the docker conainer create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options).

        Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.

        This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

        " + "documentation":"

        The log configuration specification for the container.

        This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run. By default, containers use the same logging driver that the Docker daemon uses. However the container can use a different logging driver than the Docker daemon by specifying a log driver with this parameter in the container definition. To use a different logging driver for a container, the log system must be configured properly on the container instance (or on a different log server for remote logging options).

        Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon (shown in the LogConfiguration data type). Additional log drivers may be available in future releases of the Amazon ECS container agent.

        This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: sudo docker version --format '{{.Server.APIVersion}}'

        The Amazon ECS container agent running on a container instance must register the logging drivers available on that instance with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS Container Agent Configuration in the Amazon Elastic Container Service Developer Guide.

        " }, "healthCheck":{ "shape":"HealthCheck", - "documentation":"

        The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the docker conainer create command and the HEALTHCHECK parameter of docker run.

        " + "documentation":"

        The container health check command and associated configuration parameters for the container. This parameter maps to HealthCheck in the docker container create command and the HEALTHCHECK parameter of docker run.

        " }, "systemControls":{ "shape":"SystemControls", - "documentation":"

        A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

        " + "documentation":"

        A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

        " }, "resourceRequirements":{ "shape":"ResourceRequirements", @@ -2531,11 +2531,11 @@ }, "maximumPercent":{ "shape":"BoxedInteger", - "documentation":"

        If a service is using the rolling update (ECS) deployment type, the maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA service scheduler and has a desiredCount of four tasks and a maximumPercent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent value for a service using the REPLICA service scheduler is 200%.

        If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and tasks that use the EC2 launch type, the maximum percent value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.

        " + "documentation":"

        If a service is using the rolling update (ECS) deployment type, the maximumPercent parameter represents an upper limit on the number of your service's tasks that are allowed in the RUNNING or PENDING state during a deployment, as a percentage of the desiredCount (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the REPLICA service scheduler and has a desiredCount of four tasks and a maximumPercent value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default maximumPercent value for a service using the REPLICA service scheduler is 200%.

        If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types, and tasks in the service use the EC2 launch type, the maximum percent value is set to the default value. The maximum percent value is used to define the upper limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

        You can't specify a custom maximumPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

        If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service.

        " }, "minimumHealthyPercent":{ "shape":"BoxedInteger", - "documentation":"

        If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

        For services that do not use a load balancer, the following should be noted:

        • A service is considered healthy if all essential containers within the tasks in the service pass their health checks.

        • If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a RUNNING state before the task is counted towards the minimum healthy percent total.

        • If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.

        For services that do use a load balancer, the following should be noted:

        • If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

        • If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

        The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

        The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

        If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state. If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

        " + "documentation":"

        If a service is using the rolling update (ECS) deployment type, the minimumHealthyPercent represents a lower limit on the number of your service's tasks that must remain in the RUNNING state during a deployment, as a percentage of the desiredCount (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a desiredCount of four tasks and a minimumHealthyPercent of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.

        For services that do not use a load balancer, the following should be noted:

        • A service is considered healthy if all essential containers within the tasks in the service pass their health checks.

        • If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a RUNNING state before the task is counted towards the minimum healthy percent total.

        • If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.

        For services that do use a load balancer, the following should be noted:

        • If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

        • If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.

        The default value for a replica service for minimumHealthyPercent is 100%. The default minimumHealthyPercent value for a service using the DAEMON service schedule is 0% for the CLI, the Amazon Web Services SDKs, and the APIs and 50% for the Amazon Web Services Management Console.

        The minimum number of healthy tasks during a deployment is the desiredCount multiplied by the minimumHealthyPercent/100, rounded up to the nearest integer value.

        If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the EC2 launch type, the minimum healthy percent value is set to the default value. The minimum healthy percent value is used to define the lower limit on the number of the tasks in the service that remain in the RUNNING state while the container instances are in the DRAINING state.

        You can't specify a custom minimumHealthyPercent value for a service that uses either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and has tasks that use the EC2 launch type.

        If a service is using either the blue/green (CODE_DEPLOY) or EXTERNAL deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.

        " }, "alarms":{ "shape":"DeploymentAlarms", @@ -2944,7 +2944,7 @@ }, "driver":{ "shape":"String", - "documentation":"

        The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to Driver in the docker conainer create command and the xxdriver option to docker volume create.

        " + "documentation":"

        The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use docker plugin ls to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to Driver in the docker container create command and the xxdriver option to docker volume create.

        " }, "driverOpts":{ "shape":"StringMap", @@ -2952,7 +2952,7 @@ }, "labels":{ "shape":"StringMap", - "documentation":"

        Custom metadata to add to your Docker volume. This parameter maps to Labels in the docker conainer create command and the xxlabel option to docker volume create.

        " + "documentation":"

        Custom metadata to add to your Docker volume. This parameter maps to Labels in the docker container create command and the xxlabel option to docker volume create.

        " } }, "documentation":"

        This parameter is specified when you're using Docker volumes. Docker volumes are only supported when you're using the EC2 launch type. Windows containers only support the use of the local driver. To use bind mounts, specify a host instead.

        " @@ -3328,7 +3328,7 @@ "members":{ "command":{ "shape":"StringList", - "documentation":"

        A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.

        When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets.

        [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]

        You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.

        CMD-SHELL, curl -f http://localhost/ || exit 1

        An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in tthe docker conainer create command

        " + "documentation":"

        A string array representing the command that the container runs to determine if it is healthy. The string array must start with CMD to run the command arguments directly, or CMD-SHELL to run the command with the container's default shell.

        When you use the Amazon Web Services Management Console JSON panel, the Command Line Interface, or the APIs, enclose the list of commands in double quotes and brackets.

        [ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]

        You don't include the double quotes and brackets when you use the Amazon Web Services Management Console.

        CMD-SHELL, curl -f http://localhost/ || exit 1

        An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see HealthCheck in the docker container create command

        " }, "interval":{ "shape":"BoxedInteger", @@ -3494,11 +3494,11 @@ "members":{ "add":{ "shape":"StringList", - "documentation":"

        The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker conainer create command and the --cap-add option to docker run.

        Tasks launched on Fargate only support adding the SYS_PTRACE kernel capability.

        Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

        " + "documentation":"

        The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to CapAdd in the docker container create command and the --cap-add option to docker run.

        Tasks launched on Fargate only support adding the SYS_PTRACE kernel capability.

        Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

        " }, "drop":{ "shape":"StringList", - "documentation":"

        The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker conainer create command and the --cap-drop option to docker run.

        Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

        " + "documentation":"

        The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to CapDrop in the docker container create command and the --cap-drop option to docker run.

        Valid values: \"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"

        " } }, "documentation":"

        The Linux capabilities to add or remove from the default Docker configuration for a container defined in the task definition. For more detailed information about these Linux capabilities, see the capabilities(7) Linux manual page.

        " @@ -3541,7 +3541,7 @@ }, "devices":{ "shape":"DevicesList", - "documentation":"

        Any host devices to expose to the container. This parameter maps to Devices in tthe docker conainer create command and the --device option to docker run.

        If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.

        " + "documentation":"

        Any host devices to expose to the container. This parameter maps to Devices in the docker container create command and the --device option to docker run.

        If you're using tasks that use the Fargate launch type, the devices parameter isn't supported.

        " }, "initProcessEnabled":{ "shape":"BoxedBoolean", @@ -3972,7 +3972,7 @@ "documentation":"

        The secrets to pass to the log configuration. For more information, see Specifying sensitive data in the Amazon Elastic Container Service Developer Guide.

        " } }, - "documentation":"

        The log configuration for the container. This parameter maps to LogConfig in the docker conainer create command and the --log-driver option to docker run.

        By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.

        Understand the following when specifying a log configuration for your containers.

        • Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.

          For tasks on Fargate, the supported log drivers are awslogs, splunk, and awsfirelens.

          For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,syslog, splunk, and awsfirelens.

        • This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.

        • For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.

        • For tasks that are on Fargate, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.

        " + "documentation":"

        The log configuration for the container. This parameter maps to LogConfig in the docker container create command and the --log-driver option to docker run.

        By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.

        Understand the following when specifying a log configuration for your containers.

        • Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.

          For tasks on Fargate, the supported log drivers are awslogs, splunk, and awsfirelens.

          For tasks hosted on Amazon EC2 instances, the supported log drivers are awslogs, fluentd, gelf, json-file, journald,syslog, splunk, and awsfirelens.

        • This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.

        • For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ECS_AVAILABLE_LOGGING_DRIVERS environment variable before containers placed on that instance can use these log configuration options. For more information, see Amazon ECS container agent configuration in the Amazon Elastic Container Service Developer Guide.

        • For tasks that are on Fargate, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to.

        " }, "LogConfigurationOptionsMap":{ "type":"map", @@ -4387,7 +4387,7 @@ "documentation":"

        The port number range on the container that's bound to the dynamically mapped host port range.

        The following rules apply when you specify a containerPortRange:

        • You must use either the bridge network mode or the awsvpc network mode.

        • This parameter is available for both the EC2 and Fargate launch types.

        • This parameter is available for both the Linux and Windows operating systems.

        • The container instance must have at least version 1.67.0 of the container agent and at least version 1.67.0-1 of the ecs-init package

        • You can specify a maximum of 100 port ranges per container.

        • You do not specify a hostPortRange. The value of the hostPortRange is set as follows:

          • For containers in a task with the awsvpc network mode, the hostPortRange is set to the same value as the containerPortRange. This is a static mapping strategy.

          • For containers in a task with the bridge network mode, the Amazon ECS agent finds open host ports from the default ephemeral range and passes it to docker to bind them to the container ports.

        • The containerPortRange valid values are between 1 and 65535.

        • A port can only be included in one port mapping per container.

        • You cannot specify overlapping port ranges.

        • The first port in the range must be less than last port in the range.

        • Docker recommends that you turn off the docker-proxy in the Docker daemon config file when you have a large number of ports.

          For more information, see Issue #11185 on the Github website.

          For information about how to turn off the docker-proxy in the Docker daemon config file, see Docker daemon in the Amazon ECS Developer Guide.

        You can call DescribeTasks to view the hostPortRange which are the host ports that are bound to the container ports.

        " } }, - "documentation":"

        Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.

        If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

        Most fields of this parameter (containerPort, hostPort, protocol) maps to PortBindings in the docker conainer create command and the --publish option to docker run. If the network mode of a task definition is set to host, host ports must either be undefined or match the container port in the port mapping.

        You can't expose the same container port for multiple protocols. If you attempt this, an error is returned.

        After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the networkBindings section of DescribeTasks API responses.

        " + "documentation":"

        Port mappings allow containers to access ports on the host container instance to send or receive traffic. Port mappings are specified as part of the container definition.

        If you use containers in a task with the awsvpc or host network mode, specify the exposed ports using containerPort. The hostPort can be left blank or it must be the same value as the containerPort.

        Most fields of this parameter (containerPort, hostPort, protocol) maps to PortBindings in the docker container create command and the --publish option to docker run. If the network mode of a task definition is set to host, host ports must either be undefined or match the container port in the port mapping.

        You can't expose the same container port for multiple protocols. If you attempt this, an error is returned.

        After a task reaches the RUNNING status, manual and automatic host and container port assignments are visible in the networkBindings section of DescribeTasks API responses.

        " }, "PortMappingList":{ "type":"list", @@ -4491,7 +4491,7 @@ "members":{ "name":{ "shape":"SettingName", - "documentation":"

        The Amazon ECS account setting name to modify.

        The following are the valid values for the account setting name.

        • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

        • containerInsights - When modified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.

        • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

        • fargateFIPSMode - If you specify fargateFIPSMode, Fargate FIPS 140 compliance is affected.

        • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

        • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

        • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

        " + "documentation":"

        The Amazon ECS account setting name to modify.

        The following are the valid values for the account setting name.

        • serviceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • taskLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • containerInstanceLongArnFormat - When modified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified user, role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource is defined by the opt-in status of the user or role that created the resource. You must turn on this setting to use Amazon ECS features such as resource tagging.

        • awsvpcTrunking - When modified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is turned on, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

        • containerInsights - When modified, the default setting indicating whether Amazon Web Services CloudWatch Container Insights is turned on for your clusters is changed. If containerInsights is turned on, any new clusters that are created will have Container Insights turned on unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.

        • dualStackIPv6 - When turned on, when using a VPC in dual stack mode, your tasks using the awsvpc network mode can have an IPv6 address assigned. For more information on using IPv6 with tasks launched on Amazon EC2 instances, see Using a VPC in dual-stack mode. For more information on using IPv6 with tasks launched on Fargate, see Using a VPC in dual-stack mode.

        • fargateTaskRetirementWaitPeriod - When Amazon Web Services determines that a security or infrastructure update is needed for an Amazon ECS task hosted on Fargate, the tasks need to be stopped and new tasks launched to replace them. Use fargateTaskRetirementWaitPeriod to configure the wait time to retire a Fargate task. For information about the Fargate tasks maintenance, see Amazon Web Services Fargate task maintenance in the Amazon ECS Developer Guide.

        • tagResourceAuthorization - Amazon ECS is introducing tagging authorization for resource creation. Users must have permissions for actions that create the resource, such as ecsCreateCluster. If tags are specified when you create a resource, Amazon Web Services performs additional authorization to verify if users or roles have permissions to create tags. Therefore, you must grant explicit permissions to use the ecs:TagResource action. For more information, see Grant permission to tag resources on creation in the Amazon ECS Developer Guide.

        • guardDutyActivate - The guardDutyActivate parameter is read-only in Amazon ECS and indicates whether Amazon ECS Runtime Monitoring is enabled or disabled by your security administrator in your Amazon ECS account. Amazon GuardDuty controls this account setting on your behalf. For more information, see Protecting Amazon ECS workloads with Amazon ECS Runtime Monitoring.

        " }, "value":{ "shape":"String", @@ -5702,7 +5702,7 @@ "documentation":"

        The namespaced kernel parameter to set a value for.

        Valid IPC namespace values: \"kernel.msgmax\" | \"kernel.msgmnb\" | \"kernel.msgmni\" | \"kernel.sem\" | \"kernel.shmall\" | \"kernel.shmmax\" | \"kernel.shmmni\" | \"kernel.shm_rmid_forced\", and Sysctls that start with \"fs.mqueue.*\"

        Valid network namespace values: Sysctls that start with \"net.*\"

        All of these values are supported by Fargate.

        " } }, - "documentation":"

        A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in tthe docker conainer create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

        We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

        • For tasks that use the awsvpc network mode including Fargate, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that's started last determines which systemControls take effect.

        • For tasks that use the host network mode, the network namespace systemControls aren't supported.

        If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

        • For tasks that use the host IPC mode, IPC namespace systemControls aren't supported.

        • For tasks that use the task IPC mode, IPC namespace systemControls values apply to all containers within a task.

        This parameter is not supported for Windows containers.

        This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

        " + "documentation":"

        A list of namespaced kernel parameters to set in the container. This parameter maps to Sysctls in the docker container create command and the --sysctl option to docker run. For example, you can configure net.ipv4.tcp_keepalive_time setting to maintain longer lived connections.

        We don't recommend that you specify network-related systemControls parameters for multiple containers in a single task that also uses either the awsvpc or host network mode. Doing this has the following disadvantages:

        • For tasks that use the awsvpc network mode including Fargate, if you set systemControls for any container, it applies to all containers in the task. If you set different systemControls for multiple containers in a single task, the container that's started last determines which systemControls take effect.

        • For tasks that use the host network mode, the network namespace systemControls aren't supported.

        If you're setting an IPC resource namespace to use for the containers in the task, the following conditions apply to your system controls. For more information, see IPC mode.

        • For tasks that use the host IPC mode, IPC namespace systemControls aren't supported.

        • For tasks that use the task IPC mode, IPC namespace systemControls values apply to all containers within a task.

        This parameter is not supported for Windows containers.

        This parameter is only supported for tasks that are hosted on Fargate if the tasks are using platform version 1.4.0 or later (Linux). This isn't supported for Windows containers on Fargate.

        " }, "SystemControls":{ "type":"list", @@ -5987,7 +5987,7 @@ }, "compatibilities":{ "shape":"CompatibilityList", - "documentation":"

        The task launch types the task definition validated against during task definition registration. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

        " + "documentation":"

        Amazon ECS validates the task definition parameters with those supported by the launch type. For more information, see Amazon ECS launch types in the Amazon Elastic Container Service Developer Guide.

        " }, "runtimePlatform":{ "shape":"RuntimePlatform", @@ -6437,11 +6437,11 @@ }, "softLimit":{ "shape":"Integer", - "documentation":"

        The soft limit for the ulimit type.

        " + "documentation":"

        The soft limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

        " }, "hardLimit":{ "shape":"Integer", - "documentation":"

        The hard limit for the ulimit type.

        " + "documentation":"

        The hard limit for the ulimit type. The value can be specified in bytes, seconds, or as a count, depending on the type of the ulimit.

        " } }, "documentation":"

        The ulimit settings to pass to the container.

        Amazon ECS tasks hosted on Fargate use the default resource limit values set by the operating system with the exception of the nofile resource limit parameter which Fargate overrides. The nofile resource limit sets a restriction on the number of open files that a container can use. The default nofile soft limit is 65535 and the default hard limit is 65535.

        You can specify the ulimit settings for a container in a task definition.

        " diff --git a/tools/code-generation/api-descriptions/lambda-2015-03-31.normal.json b/tools/code-generation/api-descriptions/lambda-2015-03-31.normal.json index 220b75af1fc..78280f14ad5 100644 --- a/tools/code-generation/api-descriptions/lambda-2015-03-31.normal.json +++ b/tools/code-generation/api-descriptions/lambda-2015-03-31.normal.json @@ -311,6 +311,24 @@ ], "documentation":"

        Deletes the provisioned concurrency configuration for a function.

        " }, + "DeleteResourcePolicy":{ + "name":"DeleteResourcePolicy", + "http":{ + "method":"DELETE", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":204 + }, + "input":{"shape":"DeleteResourcePolicyRequest"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"PreconditionFailedException"} + ], + "documentation":"

        Deletes a resource-based policy from a function.

        " + }, "GetAccountSettings":{ "name":"GetAccountSettings", "http":{ @@ -581,6 +599,40 @@ ], "documentation":"

        Retrieves the provisioned concurrency configuration for a function's alias or version.

        " }, + "GetPublicAccessBlockConfig":{ + "name":"GetPublicAccessBlockConfig", + "http":{ + "method":"GET", + "requestUri":"/2024-09-16/public-access-block/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"GetPublicAccessBlockConfigRequest"}, + "output":{"shape":"GetPublicAccessBlockConfigResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InvalidParameterValueException"} + ], + "documentation":"

        Retrieve the public-access settings for a function.

        " + }, + "GetResourcePolicy":{ + "name":"GetResourcePolicy", + "http":{ + "method":"GET", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"GetResourcePolicyRequest"}, + "output":{"shape":"GetResourcePolicyResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"InvalidParameterValueException"} + ], + "documentation":"

        Retrieves the resource-based policy attached to a function.

        " + }, "GetRuntimeManagementConfig":{ "name":"GetRuntimeManagementConfig", "http":{ @@ -1028,6 +1080,45 @@ ], "documentation":"

        Adds a provisioned concurrency configuration to a function's alias or version.

        " }, + "PutPublicAccessBlockConfig":{ + "name":"PutPublicAccessBlockConfig", + "http":{ + "method":"PUT", + "requestUri":"/2024-09-16/public-access-block/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"PutPublicAccessBlockConfigRequest"}, + "output":{"shape":"PutPublicAccessBlockConfigResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

        Configure your function's public-access settings.

        To control public access to a Lambda function, you can choose whether to allow the creation of resource-based policies that allow public access to that function. You can also block public access to a function, even if it has an existing resource-based policy that allows it.

        " + }, + "PutResourcePolicy":{ + "name":"PutResourcePolicy", + "http":{ + "method":"PUT", + "requestUri":"/2024-09-16/resource-policy/{ResourceArn}", + "responseCode":200 + }, + "input":{"shape":"PutResourcePolicyRequest"}, + "output":{"shape":"PutResourcePolicyResponse"}, + "errors":[ + {"shape":"ServiceException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InvalidParameterValueException"}, + {"shape":"PolicyLengthExceededException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"PreconditionFailedException"}, + {"shape":"PublicPolicyException"} + ], + "documentation":"

        Adds a resource-based policy to a function. You can use resource-based policies to grant access to other Amazon Web Services accounts, organizations, or services. Resource-based policies apply to a single function, version, or alias.

        Adding a resource-based policy using this API action replaces any existing policy you've previously created. This means that if you've previously added resource-based permissions to a function using the AddPermission action, those permissions will be overwritten by your new policy.

        " + }, "PutRuntimeManagementConfig":{ "name":"PutRuntimeManagementConfig", "http":{ @@ -2236,6 +2327,24 @@ } } }, + "DeleteResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "documentation":"

        The Amazon Resource Name (ARN) of the function you want to delete the policy from. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

        ", + "location":"uri", + "locationName":"ResourceArn" + }, + "RevisionId":{ + "shape":"RevisionId", + "documentation":"

        Delete the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

        ", + "location":"querystring", + "locationName":"RevisionId" + } + } + }, "Description":{ "type":"string", "max":256, @@ -3466,6 +3575,52 @@ } } }, + "GetPublicAccessBlockConfigRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PublicAccessBlockResourceArn", + "documentation":"

        The Amazon Resource Name (ARN) of the function you want to retrieve public-access settings for.

        ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "GetPublicAccessBlockConfigResponse":{ + "type":"structure", + "members":{ + "PublicAccessBlockConfig":{ + "shape":"PublicAccessBlockConfig", + "documentation":"

        The public-access settings configured for the function you specified

        " + } + } + }, + "GetResourcePolicyRequest":{ + "type":"structure", + "required":["ResourceArn"], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "documentation":"

        The Amazon Resource Name (ARN) of the function you want to retrieve the policy for. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

        ", + "location":"uri", + "locationName":"ResourceArn" + } + } + }, + "GetResourcePolicyResponse":{ + "type":"structure", + "members":{ + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

        The resource-based policy attached to the function you specified.

        " + }, + "RevisionId":{ + "shape":"RevisionId", + "documentation":"

        The revision ID of the policy.

        " + } + } + }, "GetRuntimeManagementConfigRequest":{ "type":"structure", "required":["FunctionName"], @@ -4789,6 +4944,11 @@ "error":{"httpStatusCode":400}, "exception":true }, + "PolicyResourceArn":{ + "type":"string", + "max":256, + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+(:(\\$LATEST|[a-zA-Z0-9-_])+)?" + }, "PositiveInteger":{ "type":"integer", "min":1 @@ -4875,6 +5035,38 @@ "FAILED" ] }, + "PublicAccessBlockConfig":{ + "type":"structure", + "members":{ + "BlockPublicPolicy":{ + "shape":"NullableBoolean", + "documentation":"

        To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

        " + }, + "RestrictPublicResource":{ + "shape":"NullableBoolean", + "documentation":"

        To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

        " + } + }, + "documentation":"

        An object that defines the public-access settings for a function.

        " + }, + "PublicAccessBlockResourceArn":{ + "type":"string", + "max":170, + "pattern":"arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:function:[a-zA-Z0-9-_]+" + }, + "PublicPolicyException":{ + "type":"structure", + "members":{ + "Type":{ + "shape":"String", + "documentation":"

        The exception type.

        " + }, + "Message":{"shape":"String"} + }, + "documentation":"

        Lambda prevented your policy from being created because it would grant public access to your function. If you intended to create a public policy, use the PutPublicAccessBlockConfig API action to configure your function's public-access settings to allow public policies.

        ", + "error":{"httpStatusCode":400}, + "exception":true + }, "PublishLayerVersionRequest":{ "type":"structure", "required":[ @@ -5143,6 +5335,70 @@ } } }, + "PutPublicAccessBlockConfigRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "PublicAccessBlockConfig" + ], + "members":{ + "ResourceArn":{ + "shape":"PublicAccessBlockResourceArn", + "documentation":"

        The Amazon Resource Name (ARN) of the function you want to configure public-access settings for. Public-access settings are applied at the function level, so you can't apply different settings to function versions or aliases.

        ", + "location":"uri", + "locationName":"ResourceArn" + }, + "PublicAccessBlockConfig":{ + "shape":"PublicAccessBlockConfig", + "documentation":"

        An object defining the public-access settings you want to apply.

        To block the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to true. To allow the creation of resource-based policies that would grant public access to your function, set BlockPublicPolicy to false.

        To block public access to your function, even if its resource-based policy allows it, set RestrictPublicResource to true. To allow public access to a function with a resource-based policy that permits it, set RestrictPublicResource to false.

        The default setting for both BlockPublicPolicy and RestrictPublicResource is true.

        " + } + } + }, + "PutPublicAccessBlockConfigResponse":{ + "type":"structure", + "members":{ + "PublicAccessBlockConfig":{ + "shape":"PublicAccessBlockConfig", + "documentation":"

        The public-access settings Lambda applied to your function.

        " + } + } + }, + "PutResourcePolicyRequest":{ + "type":"structure", + "required":[ + "ResourceArn", + "Policy" + ], + "members":{ + "ResourceArn":{ + "shape":"PolicyResourceArn", + "documentation":"

        The Amazon Resource Name (ARN) of the function you want to add the policy to. You can use either a qualified or an unqualified ARN, but the value you specify must be a complete ARN and wildcard characters are not accepted.

        ", + "location":"uri", + "locationName":"ResourceArn" + }, + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

        The JSON resource-based policy you want to add to your function.

        To learn more about creating resource-based policies for controlling access to Lambda, see Working with resource-based IAM policies in Lambda in the Lambda Developer Guide.

        " + }, + "RevisionId":{ + "shape":"RevisionId", + "documentation":"

        Replace the existing policy only if its revision ID matches the string you specify. To find the revision ID of the policy currently attached to your function, use the GetResourcePolicy action.

        " + } + } + }, + "PutResourcePolicyResponse":{ + "type":"structure", + "members":{ + "Policy":{ + "shape":"ResourcePolicy", + "documentation":"

        The policy Lambda added to your function.

        " + }, + "RevisionId":{ + "shape":"RevisionId", + "documentation":"

        The revision ID of the policy Lambda added to your function.

        " + } + } + }, "PutRuntimeManagementConfigRequest":{ "type":"structure", "required":[ @@ -5371,6 +5627,12 @@ "error":{"httpStatusCode":502}, "exception":true }, + "ResourcePolicy":{ + "type":"string", + "max":20480, + "min":1, + "pattern":"[\\s\\S]+" + }, "ResponseStreamingInvocationType":{ "type":"string", "enum":[ @@ -5378,6 +5640,12 @@ "DryRun" ] }, + "RevisionId":{ + "type":"string", + "max":36, + "min":36, + "pattern":"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" + }, "RoleArn":{ "type":"string", "pattern":"arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" diff --git a/tools/code-generation/api-descriptions/rds-2014-10-31.normal.json b/tools/code-generation/api-descriptions/rds-2014-10-31.normal.json index a3ae53f1762..8a726e1b3ff 100644 --- a/tools/code-generation/api-descriptions/rds-2014-10-31.normal.json +++ b/tools/code-generation/api-descriptions/rds-2014-10-31.normal.json @@ -4483,7 +4483,7 @@ }, "LicenseModel":{ "shape":"String", - "documentation":"

        The license model information for this DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

        The default for RDS for Db2 is bring-your-own-license.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        " + "documentation":"

        The license model information for this DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

        The default for RDS for Db2 is bring-your-own-license.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        " }, "Iops":{ "shape":"IntegerOptional", @@ -15234,7 +15234,7 @@ }, "LicenseModel":{ "shape":"String", - "documentation":"

        License model information for the restored DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        Default: Same as the source.

        " + "documentation":"

        License model information for the restored DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        Default: Same as the source.

        " }, "DBName":{ "shape":"String", @@ -15644,7 +15644,7 @@ }, "LicenseModel":{ "shape":"String", - "documentation":"

        The license model information for the restored DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see RDS for Db2 licensing options in the Amazon RDS User Guide.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        Default: Same as the source.

        " + "documentation":"

        The license model information for the restored DB instance.

        License models for RDS for Db2 require additional configuration. The Bring Your Own License (BYOL) model requires a custom parameter group and an Amazon Web Services License Manager self-managed license. The Db2 license through Amazon Web Services Marketplace model requires an Amazon Web Services Marketplace subscription. For more information, see Amazon RDS for Db2 licensing options in the Amazon RDS User Guide.

        This setting doesn't apply to Amazon Aurora or RDS Custom DB instances.

        Valid Values:

        • RDS for Db2 - bring-your-own-license | marketplace-license

        • RDS for MariaDB - general-public-license

        • RDS for Microsoft SQL Server - license-included

        • RDS for MySQL - general-public-license

        • RDS for Oracle - bring-your-own-license | license-included

        • RDS for PostgreSQL - postgresql-license

        Default: Same as the source.

        " }, "DBName":{ "shape":"String", diff --git a/tools/code-generation/api-descriptions/ssm-2014-11-06.normal.json b/tools/code-generation/api-descriptions/ssm-2014-11-06.normal.json index c0e9d5c26b1..2eac00f7a6e 100644 --- a/tools/code-generation/api-descriptions/ssm-2014-11-06.normal.json +++ b/tools/code-generation/api-descriptions/ssm-2014-11-06.normal.json @@ -92,7 +92,7 @@ {"shape":"InvalidParameters"}, {"shape":"InternalServerError"} ], - "documentation":"

        Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

        Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.

        " + "documentation":"

        Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

        Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.

        " }, "CreateAssociation":{ "name":"CreateAssociation", @@ -159,7 +159,7 @@ {"shape":"DocumentLimitExceeded"}, {"shape":"InvalidDocumentSchemaVersion"} ], - "documentation":"

        Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

        " }, "CreateMaintenanceWindow":{ "name":"CreateMaintenanceWindow", @@ -239,7 +239,7 @@ {"shape":"ResourceDataSyncAlreadyExistsException"}, {"shape":"ResourceDataSyncInvalidConfigurationException"} ], - "documentation":"

        A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

        You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.

        You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

        A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

        By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

        " + "documentation":"

        A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

        You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.

        You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

        A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

        By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

        " }, "DeleteActivation":{ "name":"DeleteActivation", @@ -3204,7 +3204,7 @@ }, "Values":{ "shape":"AttachmentsSourceValues", - "documentation":"

        The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

        • For the key SourceUrl, the value is an S3 bucket location. For example:

          \"Values\": [ \"s3://doc-example-bucket/my-folder\" ]

        • For the key S3FileUrl, the value is a file in an S3 bucket. For example:

          \"Values\": [ \"s3://doc-example-bucket/my-folder/my-file.py\" ]

        • For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:

          \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]

          However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:

          \"Values\": [ \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\" ]

        " + "documentation":"

        The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

        • For the key SourceUrl, the value is an S3 bucket location. For example:

          \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix\" ]

        • For the key S3FileUrl, the value is a file in an S3 bucket. For example:

          \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix/my-file.py\" ]

        • For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:

          \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]

          However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:

          \"Values\": [ \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\" ]

        " }, "Name":{ "shape":"AttachmentIdentifier", @@ -3388,6 +3388,10 @@ "shape":"AlarmStateInformationList", "documentation":"

        The CloudWatch alarm that was invoked by the automation.

        " }, + "TargetLocationsURL":{ + "shape":"TargetLocationsURL", + "documentation":"

        A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

        " + }, "AutomationSubtype":{ "shape":"AutomationSubtype", "documentation":"

        The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

        " @@ -3573,7 +3577,7 @@ }, "AutomationType":{ "shape":"AutomationType", - "documentation":"

        Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

        " }, "AlarmConfiguration":{ "shape":"AlarmConfiguration", @@ -3583,6 +3587,10 @@ "shape":"AlarmStateInformationList", "documentation":"

        The CloudWatch alarm that was invoked by the automation.

        " }, + "TargetLocationsURL":{ + "shape":"TargetLocationsURL", + "documentation":"

        A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

        " + }, "AutomationSubtype":{ "shape":"AutomationSubtype", "documentation":"

        The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

        " @@ -3721,7 +3729,7 @@ "ApprovalRules":{"shape":"PatchRuleGroup"}, "ApprovedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "ApprovedPatchesComplianceLevel":{ "shape":"PatchComplianceLevel", @@ -3729,7 +3737,7 @@ }, "RejectedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "RejectedPatchesAction":{ "shape":"PatchAction", @@ -3974,7 +3982,7 @@ }, "value":{ "shape":"CommandFilterValue", - "documentation":"

        The filter value. Valid values for each filter key are as follows:

        • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2021-07-07T00:00:00Z to see a list of command executions occurring July 7, 2021, and later.

        • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2021-07-07T00:00:00Z to see a list of command executions from before July 7, 2021.

        • Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.

          The status values you can specify for ListCommands are:

          • Pending

          • InProgress

          • Success

          • Cancelled

          • Failed

          • TimedOut (this includes both Delivery and Execution time outs)

          • AccessDenied

          • DeliveryTimedOut

          • ExecutionTimedOut

          • Incomplete

          • NoInstancesInTag

          • LimitExceeded

          The status values you can specify for ListCommandInvocations are:

          • Pending

          • InProgress

          • Delayed

          • Success

          • Cancelled

          • Failed

          • TimedOut (this includes both Delivery and Execution time outs)

          • AccessDenied

          • DeliveryTimedOut

          • ExecutionTimedOut

          • Undeliverable

          • InvalidPlatform

          • Terminated

        • DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify AWS-RunPatchBaseline to see command executions that used this SSM document to perform security patching operations on managed nodes.

        • ExecutionStage: Specify one of the following values (ListCommands operations only):

          • Executing: Returns a list of command executions that are currently still running.

          • Complete: Returns a list of command executions that have already completed.

        " + "documentation":"

        The filter value. Valid values for each filter key are as follows:

        • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2024-07-07T00:00:00Z to see a list of command executions occurring July 7, 2021, and later.

        • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2024-07-07T00:00:00Z to see a list of command executions from before July 7, 2021.

        • Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.

          The status values you can specify for ListCommands are:

          • Pending

          • InProgress

          • Success

          • Cancelled

          • Failed

          • TimedOut (this includes both Delivery and Execution time outs)

          • AccessDenied

          • DeliveryTimedOut

          • ExecutionTimedOut

          • Incomplete

          • NoInstancesInTag

          • LimitExceeded

          The status values you can specify for ListCommandInvocations are:

          • Pending

          • InProgress

          • Delayed

          • Success

          • Cancelled

          • Failed

          • TimedOut (this includes both Delivery and Execution time outs)

          • AccessDenied

          • DeliveryTimedOut

          • ExecutionTimedOut

          • Undeliverable

          • InvalidPlatform

          • Terminated

        • DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify AWS-RunPatchBaseline to see command executions that used this SSM document to perform security patching operations on managed nodes.

        • ExecutionStage: Specify one of the following values (ListCommands operations only):

          • Executing: Returns a list of command executions that are currently still running.

          • Complete: Returns a list of command executions that have already completed.

        " } }, "documentation":"

        Describes a command filter.

        A managed node ID can't be specified when a command status is Pending because the command hasn't run on the node yet.

        " @@ -4146,11 +4154,11 @@ }, "OutputS3BucketName":{ "shape":"S3BucketName", - "documentation":"

        The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

        doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript

        doc-example-bucket is the name of the S3 bucket;

        ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;

        i-02573cafcfEXAMPLE is the managed node ID;

        awsrunShellScript is the name of the plugin.

        " + "documentation":"

        The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

        amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

        amzn-s3-demo-bucket is the name of the S3 bucket;

        my-prefix is the name of the S3 prefix;

        i-02573cafcfEXAMPLE is the managed node ID;

        awsrunShellScript is the name of the plugin.

        " }, "OutputS3KeyPrefix":{ "shape":"S3KeyPrefix", - "documentation":"

        The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

        doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript

        doc-example-bucket is the name of the S3 bucket;

        ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;

        i-02573cafcfEXAMPLE is the managed node ID;

        awsrunShellScript is the name of the plugin.

        " + "documentation":"

        The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

        amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

        amzn-s3-demo-bucket is the name of the S3 bucket;

        my-prefix is the name of the S3 prefix;

        i-02573cafcfEXAMPLE is the managed node ID;

        awsrunShellScript is the name of the plugin.

        " } }, "documentation":"

        Describes plugin details.

        " @@ -4485,7 +4493,7 @@ }, "IamRole":{ "shape":"IamRole", - "documentation":"

        The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.

        You can't specify an IAM service-linked role for this parameter. You must create a unique role.

        " + "documentation":"

        The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

        You can't specify an IAM service-linked role for this parameter. You must create a unique role.

        " }, "RegistrationLimit":{ "shape":"RegistrationLimit", @@ -4494,7 +4502,7 @@ }, "ExpirationDate":{ "shape":"ExpirationDate", - "documentation":"

        The date by which this activation request should expire, in timestamp format, such as \"2021-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.

        " + "documentation":"

        The date by which this activation request should expire, in timestamp format, such as \"2024-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.

        " }, "Tags":{ "shape":"TagList", @@ -4656,7 +4664,7 @@ }, "Targets":{ "shape":"Targets", - "documentation":"

        The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.

        " }, "ScheduleExpression":{ "shape":"ScheduleExpression", @@ -4999,7 +5007,7 @@ }, "ApprovedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "ApprovedPatchesComplianceLevel":{ "shape":"PatchComplianceLevel", @@ -5012,7 +5020,7 @@ }, "RejectedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "RejectedPatchesAction":{ "shape":"PatchAction", @@ -5190,7 +5198,7 @@ }, "DeletionSummary":{ "shape":"InventoryDeletionSummary", - "documentation":"

        A summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.

        " } } }, @@ -6005,7 +6013,7 @@ }, "Filters":{ "shape":"PatchOrchestratorFilterList", - "documentation":"

        Each element in the array is a structure containing a key-value pair.

        Supported keys for DescribeInstancePatchesinclude the following:

        • Classification

          Sample values: Security | SecurityUpdates

        • KBId

          Sample values: KB4480056 | java-1.7.0-openjdk.x86_64

        • Severity

          Sample values: Important | Medium | Low

        • State

          Sample values: Installed | InstalledOther | InstalledPendingReboot

          For lists of all State values, see Understanding patch compliance state values in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        Each element in the array is a structure containing a key-value pair.

        Supported keys for DescribeInstancePatchesinclude the following:

        • Classification

          Sample values: Security | SecurityUpdates

        • KBId

          Sample values: KB4480056 | java-1.7.0-openjdk.x86_64

        • Severity

          Sample values: Important | Medium | Low

        • State

          Sample values: Installed | InstalledOther | InstalledPendingReboot

          For lists of all State values, see Patch compliance state values in the Amazon Web Services Systems Manager User Guide.

        " }, "NextToken":{ "shape":"NextToken", @@ -6192,7 +6200,7 @@ }, "Filters":{ "shape":"MaintenanceWindowFilterList", - "documentation":"

        Each entry in the array is a structure containing:

        • Key. A string between 1 and 128 characters. Supported keys include ExecutedBefore and ExecutedAfter.

        • Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as 2021-11-04T05:00:00Z.

        " + "documentation":"

        Each entry in the array is a structure containing:

        • Key. A string between 1 and 128 characters. Supported keys include ExecutedBefore and ExecutedAfter.

        • Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as 2024-11-04T05:00:00Z.

        " }, "MaxResults":{ "shape":"MaintenanceWindowMaxResults", @@ -7393,6 +7401,18 @@ "member":{"shape":"EffectivePatch"} }, "ErrorCount":{"type":"integer"}, + "ExcludeAccount":{ + "type":"string", + "max":68, + "min":6, + "pattern":"^(ou-[a-z0-9]{4,32}-[a-z0-9]{8,32})|(\\d{12})$" + }, + "ExcludeAccounts":{ + "type":"list", + "member":{"shape":"ExcludeAccount"}, + "max":5000, + "min":1 + }, "ExecutionMode":{ "type":"string", "enum":[ @@ -8174,7 +8194,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "TaskType":{ "shape":"MaintenanceWindowTaskType", @@ -8373,7 +8393,7 @@ "members":{ "Name":{ "shape":"PSParameterName", - "documentation":"

        The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.

        To query by parameter label, use \"Name\": \"name:label\". To query by parameter version, use \"Name\": \"name:version\".

        For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.

        To query by parameter label, use \"Name\": \"name:label\". To query by parameter version, use \"Name\": \"name:version\".

        For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

        " }, "WithDecryption":{ "shape":"Boolean", @@ -8907,7 +8927,7 @@ }, "Name":{ "shape":"String", - "documentation":"

        The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in Install SSM Agent for a hybrid and multicloud environment (Linux) and Install SSM Agent for a hybrid and multicloud environment (Windows). To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

        " + "documentation":"

        The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in How to install SSM Agent on hybrid Linux nodes and How to install SSM Agent on hybrid Windows Server nodes. To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

        " }, "IPAddress":{ "shape":"IPAddress", @@ -9054,7 +9074,7 @@ }, "InstallOverrideList":{ "shape":"InstallOverrideList", - "documentation":"

        An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.

        For more information about the InstallOverrideList parameter, see About the AWS-RunPatchBaseline SSM document in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.

        For more information about the InstallOverrideList parameter, see SSM Command document for patching: AWS-RunPatchBaseline in the Amazon Web Services Systems Manager User Guide.

        " }, "OwnerInformation":{ "shape":"OwnerInformation", @@ -9902,7 +9922,7 @@ }, "DeletionSummary":{ "shape":"InventoryDeletionSummary", - "documentation":"

        Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

        " }, "LastStatusUpdateTime":{ "shape":"InventoryDeletionLastStatusUpdateTime", @@ -9972,7 +9992,7 @@ }, "Type":{ "shape":"InventoryQueryOperatorType", - "documentation":"

        The type of filter.

        The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The type of filter.

        The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

        " } }, "documentation":"

        One or more filters. Use a filter to return a more specific list of results.

        " @@ -11355,7 +11375,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "TimeoutSeconds":{ "shape":"TimeoutSeconds", @@ -11480,7 +11500,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "MaxConcurrency":{ "shape":"MaxConcurrency", @@ -12035,7 +12055,7 @@ }, "Status":{ "shape":"OpsItemStatus", - "documentation":"

        The OpsItem status. Status can be Open, In Progress, or Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

        " }, "OpsItemId":{ "shape":"OpsItemId", @@ -12587,7 +12607,7 @@ }, "Status":{ "shape":"OpsItemStatus", - "documentation":"

        The OpsItem status. Status can be Open, In Progress, or Resolved.

        " + "documentation":"

        The OpsItem status.

        " }, "OpsItemId":{ "shape":"OpsItemId", @@ -13442,7 +13462,7 @@ }, "State":{ "shape":"PatchComplianceDataState", - "documentation":"

        The state of the patch on the managed node, such as INSTALLED or FAILED.

        For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The state of the patch on the managed node, such as INSTALLED or FAILED.

        For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.

        " }, "InstalledTime":{ "shape":"DateTime", @@ -13705,12 +13725,12 @@ }, "ApproveAfterDays":{ "shape":"ApproveAfterDays", - "documentation":"

        The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

        This parameter is marked as not required, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

        Not supported for Debian Server or Ubuntu Server.

        ", + "documentation":"

        The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

        This parameter is marked as Required: No, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

        Not supported for Debian Server or Ubuntu Server.

        Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

        ", "box":true }, "ApproveUntilDate":{ "shape":"PatchStringDateTime", - "documentation":"

        The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

        Enter dates in the format YYYY-MM-DD. For example, 2021-12-31.

        This parameter is marked as not required, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

        Not supported for Debian Server or Ubuntu Server.

        ", + "documentation":"

        The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

        Enter dates in the format YYYY-MM-DD. For example, 2024-12-31.

        This parameter is marked as Required: No, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

        Not supported for Debian Server or Ubuntu Server.

        Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

        ", "box":true }, "EnableNonSecurity":{ @@ -14205,7 +14225,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "TaskType":{ "shape":"MaintenanceWindowTaskType", @@ -15277,7 +15297,7 @@ }, "value":{ "shape":"SessionFilterValue", - "documentation":"

        The filter value. Valid values for each filter key are as follows:

        • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.

        • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.

        • Target: Specify a managed node to which session connections have been made.

        • Owner: Specify an Amazon Web Services user to see a list of sessions started by that user.

        • Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:

          • Connected

          • Connecting

          • Disconnected

          • Terminated

          • Terminating

          • Failed

        • SessionId: Specify a session ID to return details about the session.

        " + "documentation":"

        The filter value. Valid values for each filter key are as follows:

        • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later.

        • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024.

        • Target: Specify a managed node to which session connections have been made.

        • Owner: Specify an Amazon Web Services user to see a list of sessions started by that user.

        • Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:

          • Connected

          • Connecting

          • Disconnected

          • Terminated

          • Terminating

          • Failed

        • SessionId: Specify a session ID to return details about the session.

        " } }, "documentation":"

        Describes a filter for Session Manager information.

        " @@ -15516,7 +15536,7 @@ }, "Targets":{ "shape":"Targets", - "documentation":"

        A key-value mapping to target resources. Required if you specify TargetParameterName.

        " + "documentation":"

        A key-value mapping to target resources. Required if you specify TargetParameterName.

        If both this parameter and the TargetLocation:Targets parameter are supplied, TargetLocation:Targets takes precedence.

        " }, "TargetMaps":{ "shape":"TargetMaps", @@ -15524,15 +15544,15 @@ }, "MaxConcurrency":{ "shape":"MaxConcurrency", - "documentation":"

        The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.

        " + "documentation":"

        The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.

        If both this parameter and the TargetLocation:TargetsMaxConcurrency are supplied, TargetLocation:TargetsMaxConcurrency takes precedence.

        " }, "MaxErrors":{ "shape":"MaxErrors", - "documentation":"

        The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.

        Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.

        " + "documentation":"

        The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.

        Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.

        If this parameter and the TargetLocation:TargetsMaxErrors parameter are both supplied, TargetLocation:TargetsMaxErrors takes precedence.

        " }, "TargetLocations":{ "shape":"TargetLocations", - "documentation":"

        A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the Amazon Web Services Systems Manager User Guide.

        ", + "documentation":"

        A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

        ", "box":true }, "Tags":{ @@ -15542,6 +15562,10 @@ "AlarmConfiguration":{ "shape":"AlarmConfiguration", "documentation":"

        The CloudWatch alarm you want to apply to your automation.

        " + }, + "TargetLocationsURL":{ + "shape":"TargetLocationsURL", + "documentation":"

        Specify a publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported.

        " } } }, @@ -15977,6 +16001,26 @@ "TargetLocationAlarmConfiguration":{ "shape":"AlarmConfiguration", "box":true + }, + "IncludeChildOrganizationUnits":{ + "shape":"Boolean", + "documentation":"

        Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

        " + }, + "ExcludeAccounts":{ + "shape":"ExcludeAccounts", + "documentation":"

        Amazon Web Services accounts or organizational units to exclude as expanded targets.

        " + }, + "Targets":{ + "shape":"Targets", + "documentation":"

        A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

        This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

        " + }, + "TargetsMaxConcurrency":{ + "shape":"MaxConcurrency", + "documentation":"

        The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

        " + }, + "TargetsMaxErrors":{ + "shape":"MaxErrors", + "documentation":"

        The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

        " } }, "documentation":"

        The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

        " @@ -15987,6 +16031,10 @@ "max":100, "min":1 }, + "TargetLocationsURL":{ + "type":"string", + "pattern":"^https:\\/\\/[-a-zA-Z0-9@:%._\\+~#=]{1,253}\\.s3(\\.[a-z\\d-]{9,16})?\\.amazonaws\\.com\\/.{1,2000}" + }, "TargetMap":{ "type":"map", "key":{"shape":"TargetMapKey"}, @@ -16021,7 +16069,7 @@ "members":{ "Message":{"shape":"String"} }, - "documentation":"

        The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Getting started with Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

        ", + "documentation":"

        The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

        ", "exception":true }, "TargetParameterList":{ @@ -16638,7 +16686,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "TaskParameters":{ "shape":"MaintenanceWindowTaskParameters", @@ -16710,7 +16758,7 @@ }, "ServiceRoleArn":{ "shape":"ServiceRole", - "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

        However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

        " }, "TaskParameters":{ "shape":"MaintenanceWindowTaskParameters", @@ -16768,7 +16816,7 @@ }, "IamRole":{ "shape":"IamRole", - "documentation":"

        The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.

        You can't specify an IAM service-linked role for this parameter. You must create a unique role.

        " + "documentation":"

        The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

        You can't specify an IAM service-linked role for this parameter. You must create a unique role.

        " } } }, @@ -16807,7 +16855,7 @@ }, "Status":{ "shape":"OpsItemStatus", - "documentation":"

        The OpsItem status. Status can be Open, In Progress, or Resolved. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

        " }, "OpsItemId":{ "shape":"OpsItemId", @@ -16901,7 +16949,7 @@ }, "ApprovedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly approved patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "ApprovedPatchesComplianceLevel":{ "shape":"PatchComplianceLevel", @@ -16914,7 +16962,7 @@ }, "RejectedPatches":{ "shape":"PatchIdList", - "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " + "documentation":"

        A list of explicitly rejected patches for the baseline.

        For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

        " }, "RejectedPatchesAction":{ "shape":"PatchAction",