Specifies how the concurrency level behaves during the operation execution.
STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of MaxConcurrentCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior.
If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.
SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows stack set operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.
Specifies how the concurrency level behaves during the operation execution.
STRICT_FAILURE_TOLERANCE: This option dynamically lowers the concurrency level to ensure the number of failed accounts never exceeds the value of FailureToleranceCount +1. The initial actual concurrency is set to the lower of either the value of the MaxConcurrentCount, or the value of FailureToleranceCount +1. The actual concurrency is then reduced proportionally by the number of failures. This is the default behavior.
If failure tolerance or Maximum concurrent accounts are set to percentages, the behavior is similar.
SOFT_FAILURE_TOLERANCE: This option decouples FailureToleranceCount from the actual concurrency. This allows stack set operations to run at the concurrency level set by the MaxConcurrentCount value, or MaxConcurrentPercentage, regardless of the number of failures.
Specifies the deletion mode for the stack. Possible values are:
STANDARD - Use the standard behavior. Specifying this value is the same as not specifying this parameter.
FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED state due to resource deletion failure.
Specifies the deletion mode for the stack. Possible values are:
STANDARD - Use the standard behavior. Specifying this value is the same as not specifying this parameter.
FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED state due to resource deletion failure.
A list of StackInstanceResourceDriftSummary structures that contain information about the specified stack instances.
A list of StackInstanceResourceDriftsSummary structures that contain information about the specified stack instances.
Returns a random byte string that is cryptographically secure.
You must use the NumberOfBytes parameter to specify the length of the random byte string. There is no default value for string length.
By default, the random byte string is generated in KMS. To generate the byte string in the CloudHSM cluster associated with an CloudHSM key store, use the CustomKeyStoreId parameter.
GenerateRandom also supports Amazon Web Services Nitro Enclaves, which provide an isolated compute environment in Amazon EC2. To call GenerateRandom for a Nitro enclave, use the Amazon Web Services Nitro Enclaves SDK or any Amazon Web Services SDK. Use the Recipient parameter to provide the attestation document for the enclave. Instead of plaintext bytes, the response includes the plaintext bytes encrypted under the public key from the attestation document (CiphertextForRecipient).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see How Amazon Web Services Nitro Enclaves uses KMS in the Key Management Service Developer Guide.
For more information about entropy and random number generation, see Key Management Service Cryptographic Details.
Cross-account use: Not applicable. GenerateRandom does not use any account-specific resources, such as KMS keys.
Required permissions: kms:GenerateRandom (IAM policy)
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", "GetKeyPolicy": "Gets a key policy attached to the specified KMS key.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetKeyPolicy (key policy)
Related operations: PutKeyPolicy
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", "GetKeyRotationStatus": "Provides detailed information about the rotation status for a KMS key, including whether automatic rotation of the key material is enabled for the specified KMS key, the rotation period, and the next scheduled rotation date.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key..
You can enable (EnableKeyRotation) and disable automatic rotation (DisableKeyRotation) of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The key rotation status for Amazon Web Services managed KMS keys is always true.
You can perform on-demand (RotateKeyOnDemand) rotation of the key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled. You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation was initiated. You can use ListKeyRotations to view the details of completed rotations.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Disabled: The key rotation status does not change when you disable a KMS key. However, while the KMS key is disabled, KMS does not rotate the key material. When you re-enable the KMS key, rotation resumes. If the key material in the re-enabled KMS key hasn't been rotated in one year, KMS rotates it immediately, and every year thereafter. If it's been less than a year since the key material in the re-enabled KMS key was rotated, the KMS key resumes its prior rotation schedule.
Pending deletion: While a KMS key is pending deletion, its key rotation status is false and KMS does not rotate the key material. If you cancel the deletion, the original key rotation status returns to true.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.
Required permissions: kms:GetKeyRotationStatus (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", - "GetParametersForImport": "Returns the public key and an import token you need to import or reimport key material for a KMS key.
By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.
Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.
GetParametersForImport returns the items that you need to import your key material.
The public key (or \"wrapping key\") of an RSA key pair that KMS generates.
You will use this public key to encrypt (\"wrap\") your key material while it's in transit to KMS.
A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.
The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.
GetParametersForImport requires the following information:
The key ID of the KMS key for which you are importing the key material.
The key spec of the public key (\"wrapping key\") that you will use to encrypt your key material during import.
The wrapping algorithm that you will use with the public key to encrypt your key material.
You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetParametersForImport (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", + "GetParametersForImport": "Returns the public key and an import token you need to import or reimport key material for a KMS key.
By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.
Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted.
GetParametersForImport returns the items that you need to import your key material.
The public key (or \"wrapping key\") of an asymmetric key pair that KMS generates.
You will use this public key to encrypt (\"wrap\") your key material while it's in transit to KMS.
A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key.
The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request.
GetParametersForImport requires the following information:
The key ID of the KMS key for which you are importing the key material.
The key spec of the public key (\"wrapping key\") that you will use to encrypt your key material during import.
The wrapping algorithm that you will use with the public key to encrypt your key material.
You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:GetParametersForImport (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", "GetPublicKey": "Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key, which never leaves KMS unencrypted, callers with kms:GetPublicKey permission can download the public key of an asymmetric KMS key. You can share the public key to allow others to encrypt messages and verify signatures outside of KMS. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide.
You do not need to download the public key. Instead, you can use the public key within KMS by calling the Encrypt, ReEncrypt, or Verify operations with the identifier of an asymmetric KMS key. When you use the public key within KMS, you benefit from the authentication, authorization, and logging that are part of every KMS operation. You also reduce of risk of encrypting data that cannot be decrypted. These features are not effective outside of KMS.
To help you use the public key safely outside of KMS, GetPublicKey returns important information about the public key in the response, including:
KeySpec: The type of key material in the public key, such as RSA_4096 or ECC_NIST_P521.
KeyUsage: Whether the key is used for encryption or signing.
EncryptionAlgorithms or SigningAlgorithms: A list of the encryption algorithms or the signing algorithms for the key.
Although KMS cannot enforce these restrictions on external operations, it is crucial that you use this information to prevent the public key from being used improperly. For example, you can prevent a public signing key from being used encrypt data, or prevent a public key from being used with an encryption algorithm that is not supported by KMS. You can also avoid errors, such as using the wrong signing algorithm in a verification operation.
To verify a signature outside of KMS with an SM2 public key (China Regions only), you must specify the distinguishing ID. By default, KMS uses 1234567812345678 as the distinguishing ID. For more information, see Offline verification with SM2 key pairs.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:GetPublicKey (key policy)
Related operations: CreateKey
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", "ImportKeyMaterial": "Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material.
By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide.
After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material.
Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console.
Before calling ImportKeyMaterial:
Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material.
To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store.
Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material.
If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material.
Call the GetParametersForImport operation to get a public key and import token set for importing key material.
Use the public key in the GetParametersForImport response to encrypt your key material.
Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values:
The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey.
The encrypted key material.
The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response.
Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide.
If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time.
When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations.
If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ImportKeyMaterial (key policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", "ListAliases": "Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about aliases, see CreateAlias.
By default, the ListAliases operation returns all aliases in the account and region. To get only the aliases associated with a particular KMS key, use the KeyId parameter.
The ListAliases response can include aliases that you created and associated with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format aws/<service-name>, such as aws/dynamodb.
The response might also include aliases that have no TargetKeyId field. These are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against your KMS aliases quota.
Cross-account use: No. ListAliases does not return aliases in other Amazon Web Services accounts.
Required permissions: kms:ListAliases (IAM policy)
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
", @@ -65,7 +65,7 @@ "AlgorithmSpec": { "base": null, "refs": { - "GetParametersForImportRequest$WrappingAlgorithm": "The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.
For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS.
The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm.
RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.
RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.
RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key).
You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.
RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key).
You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.
RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.
The algorithm you will use with the asymmetric public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide.
For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. For SM2PKE wrapping algorithms, you encrypt your key material directly with the SM2 public key from KMS.
The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm, except in China Regions, where you must use the SM2PKE wrapping algorithm to import an RSA private key.
The SM2PKE wrapping algorithm is available only in China Regions. The RSA_AES_KEY_WRAP_SHA_256 and RSA_AES_KEY_WRAP_SHA_1 wrapping algorithms are not supported in China Regions.
RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material.
RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material.
RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key).
You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.
RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key).
You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material.
RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not support the RSAES_PKCS1_V1_5 wrapping algorithm.
SM2PKE (China Regions only) — supported for wrapping RSA, ECC, and SM2 key material.
The type of RSA public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.
Use the longest RSA wrapping key that is practical.
You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
" + "GetParametersForImportRequest$WrappingKeySpec": "The type of public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import.
Use the longest wrapping key that is practical.
You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
The SM2 wrapping key spec is available only in China Regions.
" } }, "XksKeyAlreadyInUseException": { diff --git a/models/apis/opensearch/2021-01-01/api-2.json b/models/apis/opensearch/2021-01-01/api-2.json index f0a4c8eea3d..d132c8dfe1f 100644 --- a/models/apis/opensearch/2021-01-01/api-2.json +++ b/models/apis/opensearch/2021-01-01/api-2.json @@ -4,6 +4,7 @@ "apiVersion":"2021-01-01", "endpointPrefix":"es", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"Amazon OpenSearch Service", "serviceId":"OpenSearch", "signatureVersion":"v4", @@ -1707,7 +1708,8 @@ "members":{ "DataSourceType":{"shape":"DataSourceType"}, "Name":{"shape":"DataSourceName"}, - "Description":{"shape":"DataSourceDescription"} + "Description":{"shape":"DataSourceDescription"}, + "Status":{"shape":"DataSourceStatus"} } }, "DataSourceList":{ @@ -1720,6 +1722,13 @@ "min":3, "pattern":"[a-z][a-z0-9_]+" }, + "DataSourceStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "DISABLED" + ] + }, "DataSourceType":{ "type":"structure", "members":{ @@ -2649,7 +2658,8 @@ "members":{ "DataSourceType":{"shape":"DataSourceType"}, "Name":{"shape":"DataSourceName"}, - "Description":{"shape":"DataSourceDescription"} + "Description":{"shape":"DataSourceDescription"}, + "Status":{"shape":"DataSourceStatus"} } }, "GetDomainMaintenanceStatusRequest":{ @@ -4232,7 +4242,8 @@ "locationName":"DataSourceName" }, "DataSourceType":{"shape":"DataSourceType"}, - "Description":{"shape":"DataSourceDescription"} + "Description":{"shape":"DataSourceDescription"}, + "Status":{"shape":"DataSourceStatus"} } }, "UpdateDataSourceResponse":{ diff --git a/models/apis/opensearch/2021-01-01/docs-2.json b/models/apis/opensearch/2021-01-01/docs-2.json index f29c6c59745..21afc3e227a 100644 --- a/models/apis/opensearch/2021-01-01/docs-2.json +++ b/models/apis/opensearch/2021-01-01/docs-2.json @@ -683,6 +683,14 @@ "UpdateDataSourceRequest$Name": "The name of the data source to modify.
" } }, + "DataSourceStatus": { + "base": null, + "refs": { + "DataSourceDetails$Status": "The status of the data source.
", + "GetDataSourceResponse$Status": "The status of the data source response.
", + "UpdateDataSourceRequest$Status": "The status of the data source update request.
" + } + }, "DataSourceType": { "base": "The type of data source.
", "refs": { @@ -1420,7 +1428,7 @@ "HostedZoneId": { "base": null, "refs": { - "DomainStatus$DomainEndpointV2HostedZoneId": "The DualStack Hosted Zone Id for the domain.
" + "DomainStatus$DomainEndpointV2HostedZoneId": "The dual stack hosted zone ID for the domain.
" } }, "IPAddressType": { diff --git a/models/apis/wafv2/2019-07-29/api-2.json b/models/apis/wafv2/2019-07-29/api-2.json index 13b5b972c50..1772100f303 100755 --- a/models/apis/wafv2/2019-07-29/api-2.json +++ b/models/apis/wafv2/2019-07-29/api-2.json @@ -5,6 +5,7 @@ "endpointPrefix":"wafv2", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceAbbreviation":"WAFV2", "serviceFullName":"AWS WAFV2", "serviceId":"WAFV2", @@ -1710,7 +1711,9 @@ "type":"structure", "required":["ResourceArn"], "members":{ - "ResourceArn":{"shape":"ResourceArn"} + "ResourceArn":{"shape":"ResourceArn"}, + "LogType":{"shape":"LogType"}, + "LogScope":{"shape":"LogScope"} } }, "DeleteLoggingConfigurationResponse":{ @@ -2107,7 +2110,9 @@ "type":"structure", "required":["ResourceArn"], "members":{ - "ResourceArn":{"shape":"ResourceArn"} + "ResourceArn":{"shape":"ResourceArn"}, + "LogType":{"shape":"LogType"}, + "LogScope":{"shape":"LogScope"} } }, "GetLoggingConfigurationResponse":{ @@ -2617,7 +2622,8 @@ "members":{ "Scope":{"shape":"Scope"}, "NextMarker":{"shape":"NextMarker"}, - "Limit":{"shape":"PaginationLimit"} + "Limit":{"shape":"PaginationLimit"}, + "LogScope":{"shape":"LogScope"} } }, "ListLoggingConfigurationsResponse":{ @@ -2754,6 +2760,17 @@ "max":100, "min":1 }, + "LogScope":{ + "type":"string", + "enum":[ + "CUSTOMER", + "SECURITY_LAKE" + ] + }, + "LogType":{ + "type":"string", + "enum":["WAF_LOGS"] + }, "LoggingConfiguration":{ "type":"structure", "required":[ @@ -2765,7 +2782,9 @@ "LogDestinationConfigs":{"shape":"LogDestinationConfigs"}, "RedactedFields":{"shape":"RedactedFields"}, "ManagedByFirewallManager":{"shape":"Boolean"}, - "LoggingFilter":{"shape":"LoggingFilter"} + "LoggingFilter":{"shape":"LoggingFilter"}, + "LogType":{"shape":"LogType"}, + "LogScope":{"shape":"LogScope"} } }, "LoggingConfigurations":{ diff --git a/models/apis/wafv2/2019-07-29/docs-2.json b/models/apis/wafv2/2019-07-29/docs-2.json index a2b7abfdd91..81b6778801f 100755 --- a/models/apis/wafv2/2019-07-29/docs-2.json +++ b/models/apis/wafv2/2019-07-29/docs-2.json @@ -219,7 +219,7 @@ "ManagedProductDescriptor$IsVersioningSupported": "Indicates whether the rule group is versioned.
", "ManagedProductDescriptor$IsAdvancedManagedRuleSet": "Indicates whether the rule group provides an advanced set of protections, such as the the Amazon Web Services Managed Rules rule groups that are used for WAF intelligent threat mitigation.
", "ManagedRuleGroupSummary$VersioningSupported": "Indicates whether the managed rule group is versioned. If it is, you can retrieve the versions list by calling ListAvailableManagedRuleGroupVersions.
", - "VisibilityConfig$SampledRequestsEnabled": "Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.
", + "VisibilityConfig$SampledRequestsEnabled": "Indicates whether WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the WAF console.
Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
Indicates whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see WAF Metrics in the WAF Developer Guide.
For web ACLs, the metrics are for web requests that have the web ACL default action applied. WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information, see The web ACL default action in the WAF Developer Guide.
", "WebACL$ManagedByFirewallManager": "Indicates whether this web ACL is managed by Firewall Manager. If true, then only Firewall Manager can delete the web ACL or any Firewall Manager rule groups in the web ACL.
" } @@ -814,7 +814,7 @@ } }, "FieldToMatch": { - "base": "Specifies a web request component to be used in a rule match statement or in a logging configuration.
In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:
Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
Specifies a web request component to be used in a rule match statement or in a logging configuration.
In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
In a logging configuration, this is used in the RedactedFields property to specify a field to redact from the logging records. For this use case, note the following:
Even though all FieldToMatch settings are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
The part of the web request that you want WAF to inspect.
", "RedactedFields$member": null, @@ -1178,9 +1178,9 @@ } }, "JA3Fingerprint": { - "base": "Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
", + "base": "Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
", "refs": { - "FieldToMatch$JA3Fingerprint": "Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
" + "FieldToMatch$JA3Fingerprint": "Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
" } }, "JsonBody": { @@ -1449,6 +1449,23 @@ "LoggingConfiguration$LogDestinationConfigs": "The logging destination configuration that you want to associate with the web ACL.
You can associate one logging destination to a web ACL.
The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.
The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.
Default: CUSTOMER
The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.
The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.
Default: CUSTOMER
The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.
The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.
Default: CUSTOMER
The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.
The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see Collecting data from Amazon Web Services services in the Amazon Security Lake user guide.
Default: CUSTOMER
Used to distinguish between various logging options. Currently, there is one option.
Default: WAF_LOGS
Used to distinguish between various logging options. Currently, there is one option.
Default: WAF_LOGS
Used to distinguish between various logging options. Currently, there is one option.
Default: WAF_LOGS
Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that WAF inspects using the following steps:
Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic in the WAF Developer Guide.
Associate your logging destination to your web ACL using a PutLoggingConfiguration request.
When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information in the WAF Developer Guide.
", "refs": { @@ -1894,7 +1911,7 @@ "RedactedFields": { "base": null, "refs": { - "LoggingConfiguration$RedactedFields": "The parts of the request that you want to keep out of the logs.
For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.
Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.
You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method.
The parts of the request that you want to keep out of the logs.
For example, if you redact the SingleHeader field, the HEADER field in the logs will be REDACTED for all rules that use the SingleHeader FieldToMatch setting.
Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction doesn't apply to rules that use the Headers FieldToMatch.
You can specify only the following fields for redaction: UriPath, QueryString, SingleHeader, and Method.
This setting has no impact on request sampling. With request sampling, the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.
A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" + "ByteMatchStatement$SearchString": "A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" } }, "SensitivityLevel": { diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 86747da444e..3d0a57089df 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -15800,6 +15800,31 @@ "hostname" : "s3-control-fips.ca-central-1.amazonaws.com", "signatureVersions" : [ "s3v4" ] }, + "ca-west-1" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "hostname" : "s3-control.ca-west-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ], + "variants" : [ { + "hostname" : "s3-control-fips.ca-west-1.amazonaws.com", + "tags" : [ "fips" ] + }, { + "hostname" : "s3-control-fips.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack", "fips" ] + }, { + "hostname" : "s3-control.dualstack.ca-west-1.amazonaws.com", + "tags" : [ "dualstack" ] + } ] + }, + "ca-west-1-fips" : { + "credentialScope" : { + "region" : "ca-west-1" + }, + "deprecated" : true, + "hostname" : "s3-control-fips.ca-west-1.amazonaws.com", + "signatureVersions" : [ "s3v4" ] + }, "eu-central-1" : { "credentialScope" : { "region" : "eu-central-1" diff --git a/service/chatbot/api.go b/service/chatbot/api.go index 569cbb2fa40..b5d0c5cc470 100644 --- a/service/chatbot/api.go +++ b/service/chatbot/api.go @@ -2073,6 +2073,269 @@ func (c *Chatbot) ListMicrosoftTeamsUserIdentitiesPagesWithContext(ctx aws.Conte return p.Err() } +const opListTagsForResource = "ListTagsForResource" + +// ListTagsForResourceRequest generates a "aws/request.Request" representing the +// client's request for the ListTagsForResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See ListTagsForResource for more information on using the ListTagsForResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the ListTagsForResourceRequest method. +// req, resp := client.ListTagsForResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/ListTagsForResource +func (c *Chatbot) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) { + op := &request.Operation{ + Name: opListTagsForResource, + HTTPMethod: "POST", + HTTPPath: "/list-tags-for-resource", + } + + if input == nil { + input = &ListTagsForResourceInput{} + } + + output = &ListTagsForResourceOutput{} + req = c.newRequest(op, input, output) + return +} + +// ListTagsForResource API operation for AWS Chatbot. +// +// Retrieves the list of tags applied to a configuration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Chatbot's +// API operation ListTagsForResource for usage and error information. +// +// Returned Error Types: +// +// - InternalServiceError +// Customer/consumer-facing internal service exception. https://w.amazon.com/index.php/AWS/API_Standards/Exceptions#InternalServiceError +// +// - ServiceUnavailableException +// We can’t process your request right now because of a server issue. Try +// again later. +// +// - ResourceNotFoundException +// We were not able to find the resource for your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/ListTagsForResource +func (c *Chatbot) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + return out, req.Send() +} + +// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of +// the ability to pass a context and additional request options. +// +// See ListTagsForResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chatbot) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) { + req, out := c.ListTagsForResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opTagResource = "TagResource" + +// TagResourceRequest generates a "aws/request.Request" representing the +// client's request for the TagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See TagResource for more information on using the TagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the TagResourceRequest method. +// req, resp := client.TagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/TagResource +func (c *Chatbot) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { + op := &request.Operation{ + Name: opTagResource, + HTTPMethod: "POST", + HTTPPath: "/tag-resource", + } + + if input == nil { + input = &TagResourceInput{} + } + + output = &TagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// TagResource API operation for AWS Chatbot. +// +// Applies the supplied tags to a configuration. +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Chatbot's +// API operation TagResource for usage and error information. +// +// Returned Error Types: +// +// - InternalServiceError +// Customer/consumer-facing internal service exception. https://w.amazon.com/index.php/AWS/API_Standards/Exceptions#InternalServiceError +// +// - ServiceUnavailableException +// We can’t process your request right now because of a server issue. Try +// again later. +// +// - ResourceNotFoundException +// We were not able to find the resource for your request. +// +// - TooManyTagsException +// The supplied list of tags contains too many tags. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/TagResource +func (c *Chatbot) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + return out, req.Send() +} + +// TagResourceWithContext is the same as TagResource with the addition of +// the ability to pass a context and additional request options. +// +// See TagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chatbot) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { + req, out := c.TagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + +const opUntagResource = "UntagResource" + +// UntagResourceRequest generates a "aws/request.Request" representing the +// client's request for the UntagResource operation. The "output" return +// value will be populated with the request's response once the request completes +// successfully. +// +// Use "Send" method on the returned Request to send the API call to the service. +// the "output" return value is not valid until after Send returns without error. +// +// See UntagResource for more information on using the UntagResource +// API call, and error handling. +// +// This method is useful when you want to inject custom logic or configuration +// into the SDK's request lifecycle. Such as custom headers, or retry logic. +// +// // Example sending a request using the UntagResourceRequest method. +// req, resp := client.UntagResourceRequest(params) +// +// err := req.Send() +// if err == nil { // resp is now filled +// fmt.Println(resp) +// } +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/UntagResource +func (c *Chatbot) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { + op := &request.Operation{ + Name: opUntagResource, + HTTPMethod: "POST", + HTTPPath: "/untag-resource", + } + + if input == nil { + input = &UntagResourceInput{} + } + + output = &UntagResourceOutput{} + req = c.newRequest(op, input, output) + req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) + return +} + +// UntagResource API operation for AWS Chatbot. +// +// # Removes the supplied tags from a configuration +// +// Returns awserr.Error for service API and SDK errors. Use runtime type assertions +// with awserr.Error's Code and Message methods to get detailed information about +// the error. +// +// See the AWS API reference guide for AWS Chatbot's +// API operation UntagResource for usage and error information. +// +// Returned Error Types: +// +// - InternalServiceError +// Customer/consumer-facing internal service exception. https://w.amazon.com/index.php/AWS/API_Standards/Exceptions#InternalServiceError +// +// - ServiceUnavailableException +// We can’t process your request right now because of a server issue. Try +// again later. +// +// - ResourceNotFoundException +// We were not able to find the resource for your request. +// +// See also, https://docs.aws.amazon.com/goto/WebAPI/chatbot-2017-10-11/UntagResource +func (c *Chatbot) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + return out, req.Send() +} + +// UntagResourceWithContext is the same as UntagResource with the addition of +// the ability to pass a context and additional request options. +// +// See UntagResource for details on how to use this API operation. +// +// The context must be non-nil and will be used for request cancellation. If +// the context is nil a panic will occur. In the future the SDK may create +// sub-contexts for http.Requests. See https://golang.org/pkg/context/ +// for more information on using Contexts. +func (c *Chatbot) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { + req, out := c.UntagResourceRequest(input) + req.SetContext(ctx) + req.ApplyOptions(opts...) + return out, req.Send() +} + const opUpdateAccountPreferences = "UpdateAccountPreferences" // UpdateAccountPreferencesRequest generates a "aws/request.Request" representing the @@ -2503,6 +2766,9 @@ type ChimeWebhookConfiguration struct { // SnsTopicArns is a required field SnsTopicArns []*string `type:"list" required:"true"` + // A list of tags applied to the configuration. + Tags []*Tag `type:"list"` + // Description of the webhook. Recommend using the convention `RoomName/WebhookName`. // See Chime setup tutorial for more details: https://docs.aws.amazon.com/chatbot/latest/adminguide/chime-setup.html. // @@ -2558,6 +2824,12 @@ func (s *ChimeWebhookConfiguration) SetSnsTopicArns(v []*string) *ChimeWebhookCo return s } +// SetTags sets the Tags field's value. +func (s *ChimeWebhookConfiguration) SetTags(v []*Tag) *ChimeWebhookConfiguration { + s.Tags = v + return s +} + // SetWebhookDescription sets the WebhookDescription field's value. func (s *ChimeWebhookConfiguration) SetWebhookDescription(v string) *ChimeWebhookConfiguration { s.WebhookDescription = &v @@ -2773,6 +3045,9 @@ type CreateChimeWebhookConfigurationInput struct { // SnsTopicArns is a required field SnsTopicArns []*string `type:"list" required:"true"` + // A list of tags to apply to the configuration. + Tags []*Tag `type:"list"` + // Description of the webhook. Recommend using the convention `RoomName/WebhookName`. // See Chime setup tutorial for more details: https://docs.aws.amazon.com/chatbot/latest/adminguide/chime-setup.html. // @@ -2836,6 +3111,16 @@ func (s *CreateChimeWebhookConfigurationInput) Validate() error { if s.WebhookUrl != nil && len(*s.WebhookUrl) < 1 { invalidParams.Add(request.NewErrParamMinLen("WebhookUrl", 1)) } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -2867,6 +3152,12 @@ func (s *CreateChimeWebhookConfigurationInput) SetSnsTopicArns(v []*string) *Cre return s } +// SetTags sets the Tags field's value. +func (s *CreateChimeWebhookConfigurationInput) SetTags(v []*Tag) *CreateChimeWebhookConfigurationInput { + s.Tags = v + return s +} + // SetWebhookDescription sets the WebhookDescription field's value. func (s *CreateChimeWebhookConfigurationInput) SetWebhookDescription(v string) *CreateChimeWebhookConfigurationInput { s.WebhookDescription = &v @@ -2944,6 +3235,9 @@ type CreateMicrosoftTeamsChannelConfigurationInput struct { // The ARNs of the SNS topics that deliver notifications to AWS Chatbot. SnsTopicArns []*string `type:"list"` + // A list of tags to apply to the configuration. + Tags []*Tag `type:"list"` + // The ID of the Microsoft Team authorized with AWS Chatbot. To get the team // ID, you must perform the initial authorization flow with Microsoft Teams // in the AWS Chatbot console. Then you can copy and paste the team ID from @@ -3025,6 +3319,16 @@ func (s *CreateMicrosoftTeamsChannelConfigurationInput) Validate() error { if s.TenantId != nil && len(*s.TenantId) < 36 { invalidParams.Add(request.NewErrParamMinLen("TenantId", 36)) } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -3074,6 +3378,12 @@ func (s *CreateMicrosoftTeamsChannelConfigurationInput) SetSnsTopicArns(v []*str return s } +// SetTags sets the Tags field's value. +func (s *CreateMicrosoftTeamsChannelConfigurationInput) SetTags(v []*Tag) *CreateMicrosoftTeamsChannelConfigurationInput { + s.Tags = v + return s +} + // SetTeamId sets the TeamId field's value. func (s *CreateMicrosoftTeamsChannelConfigurationInput) SetTeamId(v string) *CreateMicrosoftTeamsChannelConfigurationInput { s.TeamId = &v @@ -3235,6 +3545,9 @@ type CreateSlackChannelConfigurationInput struct { // The ARNs of the SNS topics that deliver notifications to AWS Chatbot. SnsTopicArns []*string `type:"list"` + // A list of tags to apply to the configuration. + Tags []*Tag `type:"list"` + // Enables use of a user role requirement in your chat configuration. UserAuthorizationRequired *bool `type:"boolean"` } @@ -3290,6 +3603,16 @@ func (s *CreateSlackChannelConfigurationInput) Validate() error { if s.SlackTeamId != nil && len(*s.SlackTeamId) < 1 { invalidParams.Add(request.NewErrParamMinLen("SlackTeamId", 1)) } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } if invalidParams.Len() > 0 { return invalidParams @@ -3345,6 +3668,12 @@ func (s *CreateSlackChannelConfigurationInput) SetSnsTopicArns(v []*string) *Cre return s } +// SetTags sets the Tags field's value. +func (s *CreateSlackChannelConfigurationInput) SetTags(v []*Tag) *CreateSlackChannelConfigurationInput { + s.Tags = v + return s +} + // SetUserAuthorizationRequired sets the UserAuthorizationRequired field's value. func (s *CreateSlackChannelConfigurationInput) SetUserAuthorizationRequired(v bool) *CreateSlackChannelConfigurationInput { s.UserAuthorizationRequired = &v @@ -5423,8 +5752,8 @@ func (s *GetTeamsChannelConfigurationException) RequestID() string { return s.RespMetadata.RequestID } -// Your request input doesn't meet the constraints that AWS Chatbot requires. -type InvalidParameterException struct { +// Customer/consumer-facing internal service exception. https://w.amazon.com/index.php/AWS/API_Standards/Exceptions#InternalServiceError +type InternalServiceError struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -5436,7 +5765,7 @@ type InvalidParameterException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InvalidParameterException) String() string { +func (s InternalServiceError) String() string { return awsutil.Prettify(s) } @@ -5445,23 +5774,23 @@ func (s InvalidParameterException) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InvalidParameterException) GoString() string { +func (s InternalServiceError) GoString() string { return s.String() } -func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { - return &InvalidParameterException{ +func newErrorInternalServiceError(v protocol.ResponseMetadata) error { + return &InternalServiceError{ RespMetadata: v, } } // Code returns the exception type name. -func (s *InvalidParameterException) Code() string { - return "InvalidParameterException" +func (s *InternalServiceError) Code() string { + return "InternalServiceError" } // Message returns the exception's message. -func (s *InvalidParameterException) Message() string { +func (s *InternalServiceError) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -5469,26 +5798,26 @@ func (s *InvalidParameterException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InvalidParameterException) OrigErr() error { +func (s *InternalServiceError) OrigErr() error { return nil } -func (s *InvalidParameterException) Error() string { +func (s *InternalServiceError) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *InvalidParameterException) StatusCode() int { +func (s *InternalServiceError) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *InvalidParameterException) RequestID() string { +func (s *InternalServiceError) RequestID() string { return s.RespMetadata.RequestID } // Your request input doesn't meet the constraints that AWS Chatbot requires. -type InvalidRequestException struct { +type InvalidParameterException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -5500,7 +5829,7 @@ type InvalidRequestException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InvalidRequestException) String() string { +func (s InvalidParameterException) String() string { return awsutil.Prettify(s) } @@ -5509,23 +5838,23 @@ func (s InvalidRequestException) String() string { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s InvalidRequestException) GoString() string { +func (s InvalidParameterException) GoString() string { return s.String() } -func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { - return &InvalidRequestException{ +func newErrorInvalidParameterException(v protocol.ResponseMetadata) error { + return &InvalidParameterException{ RespMetadata: v, } } // Code returns the exception type name. -func (s *InvalidRequestException) Code() string { - return "InvalidRequestException" +func (s *InvalidParameterException) Code() string { + return "InvalidParameterException" } // Message returns the exception's message. -func (s *InvalidRequestException) Message() string { +func (s *InvalidParameterException) Message() string { if s.Message_ != nil { return *s.Message_ } @@ -5533,26 +5862,26 @@ func (s *InvalidRequestException) Message() string { } // OrigErr always returns nil, satisfies awserr.Error interface. -func (s *InvalidRequestException) OrigErr() error { +func (s *InvalidParameterException) OrigErr() error { return nil } -func (s *InvalidRequestException) Error() string { +func (s *InvalidParameterException) Error() string { return fmt.Sprintf("%s: %s", s.Code(), s.Message()) } // Status code returns the HTTP status code for the request's response error. -func (s *InvalidRequestException) StatusCode() int { +func (s *InvalidParameterException) StatusCode() int { return s.RespMetadata.StatusCode } // RequestID returns the service's response RequestID for request. -func (s *InvalidRequestException) RequestID() string { +func (s *InvalidParameterException) RequestID() string { return s.RespMetadata.RequestID } -// You have exceeded a service limit for AWS Chatbot. -type LimitExceededException struct { +// Your request input doesn't meet the constraints that AWS Chatbot requires. +type InvalidRequestException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -5564,7 +5893,71 @@ type LimitExceededException struct { // API parameter values that are decorated as "sensitive" in the API will not // be included in the string output. The member name will be present, but the // value will be replaced with "sensitive". -func (s LimitExceededException) String() string { +func (s InvalidRequestException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InvalidRequestException) GoString() string { + return s.String() +} + +func newErrorInvalidRequestException(v protocol.ResponseMetadata) error { + return &InvalidRequestException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *InvalidRequestException) Code() string { + return "InvalidRequestException" +} + +// Message returns the exception's message. +func (s *InvalidRequestException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *InvalidRequestException) OrigErr() error { + return nil +} + +func (s *InvalidRequestException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *InvalidRequestException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *InvalidRequestException) RequestID() string { + return s.RespMetadata.RequestID +} + +// You have exceeded a service limit for AWS Chatbot. +type LimitExceededException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s LimitExceededException) String() string { return awsutil.Prettify(s) } @@ -6080,6 +6473,86 @@ func (s *ListMicrosoftTeamsUserIdentitiesOutput) SetTeamsUserIdentities(v []*Tea return s } +type ListTagsForResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the configuration. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ListTagsForResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *ListTagsForResourceInput) SetResourceARN(v string) *ListTagsForResourceInput { + s.ResourceARN = &v + return s +} + +type ListTagsForResourceOutput struct { + _ struct{} `type:"structure"` + + // A list of tags applied to the configuration. + Tags []*Tag `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ListTagsForResourceOutput) GoString() string { + return s.String() +} + +// SetTags sets the Tags field's value. +func (s *ListTagsForResourceOutput) SetTags(v []*Tag) *ListTagsForResourceOutput { + s.Tags = v + return s +} + // We can’t process your request right now because of a server issue. Try // again later. type ListTeamsChannelConfigurationsException struct { @@ -6209,6 +6682,71 @@ func (s *ResourceNotFoundException) RequestID() string { return s.RespMetadata.RequestID } +// We can’t process your request right now because of a server issue. Try +// again later. +type ServiceUnavailableException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ServiceUnavailableException) GoString() string { + return s.String() +} + +func newErrorServiceUnavailableException(v protocol.ResponseMetadata) error { + return &ServiceUnavailableException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ServiceUnavailableException) Code() string { + return "ServiceUnavailableException" +} + +// Message returns the exception's message. +func (s *ServiceUnavailableException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ServiceUnavailableException) OrigErr() error { + return nil +} + +func (s *ServiceUnavailableException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ServiceUnavailableException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ServiceUnavailableException) RequestID() string { + return s.RespMetadata.RequestID +} + // An AWS Chatbot configuration for Slack. type SlackChannelConfiguration struct { _ struct{} `type:"structure"` @@ -6263,6 +6801,9 @@ type SlackChannelConfiguration struct { // SnsTopicArns is a required field SnsTopicArns []*string `type:"list" required:"true"` + // A list of tags applied to the configuration. + Tags []*Tag `type:"list"` + // Enables use of a user role requirement in your chat configuration. UserAuthorizationRequired *bool `type:"boolean"` } @@ -6345,6 +6886,12 @@ func (s *SlackChannelConfiguration) SetSnsTopicArns(v []*string) *SlackChannelCo return s } +// SetTags sets the Tags field's value. +func (s *SlackChannelConfiguration) SetTags(v []*Tag) *SlackChannelConfiguration { + s.Tags = v + return s +} + // SetUserAuthorizationRequired sets the UserAuthorizationRequired field's value. func (s *SlackChannelConfiguration) SetUserAuthorizationRequired(v bool) *SlackChannelConfiguration { s.UserAuthorizationRequired = &v @@ -6475,6 +7022,168 @@ func (s *SlackWorkspace) SetSlackTeamName(v string) *SlackWorkspace { return s } +// A tag applied to the configuration. +type Tag struct { + _ struct{} `type:"structure"` + + // The tag key. + // + // TagKey is a required field + TagKey *string `min:"1" type:"string" required:"true"` + + // The tag value. + // + // TagValue is a required field + TagValue *string `min:"1" type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Tag) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Tag) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Tag"} + if s.TagKey == nil { + invalidParams.Add(request.NewErrParamRequired("TagKey")) + } + if s.TagKey != nil && len(*s.TagKey) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TagKey", 1)) + } + if s.TagValue == nil { + invalidParams.Add(request.NewErrParamRequired("TagValue")) + } + if s.TagValue != nil && len(*s.TagValue) < 1 { + invalidParams.Add(request.NewErrParamMinLen("TagValue", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetTagKey sets the TagKey field's value. +func (s *Tag) SetTagKey(v string) *Tag { + s.TagKey = &v + return s +} + +// SetTagValue sets the TagValue field's value. +func (s *Tag) SetTagValue(v string) *Tag { + s.TagValue = &v + return s +} + +type TagResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the configuration. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` + + // A list of tags to apply to the configuration. + // + // Tags is a required field + Tags []*Tag `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *TagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + if s.Tags == nil { + invalidParams.Add(request.NewErrParamRequired("Tags")) + } + if s.Tags != nil { + for i, v := range s.Tags { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *TagResourceInput) SetResourceARN(v string) *TagResourceInput { + s.ResourceARN = &v + return s +} + +// SetTags sets the Tags field's value. +func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { + s.Tags = v + return s +} + +type TagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TagResourceOutput) GoString() string { + return s.String() +} + // An AWS Chatbot configuration for Microsoft Teams. type TeamsChannelConfiguration struct { _ struct{} `type:"structure"` @@ -6515,6 +7224,9 @@ type TeamsChannelConfiguration struct { // SnsTopicArns is a required field SnsTopicArns []*string `type:"list" required:"true"` + // A list of tags applied to the configuration. + Tags []*Tag `type:"list"` + // The ID of the Microsoft Team authorized with AWS Chatbot. To get the team // ID, you must perform the initial authorization flow with Microsoft Teams // in the AWS Chatbot console. Then you can copy and paste the team ID from @@ -6602,6 +7314,12 @@ func (s *TeamsChannelConfiguration) SetSnsTopicArns(v []*string) *TeamsChannelCo return s } +// SetTags sets the Tags field's value. +func (s *TeamsChannelConfiguration) SetTags(v []*Tag) *TeamsChannelConfiguration { + s.Tags = v + return s +} + // SetTeamId sets the TeamId field's value. func (s *TeamsChannelConfiguration) SetTeamId(v string) *TeamsChannelConfiguration { s.TeamId = &v @@ -6726,6 +7444,155 @@ func (s *TeamsUserIdentity) SetUserId(v string) *TeamsUserIdentity { return s } +// The supplied list of tags contains too many tags. +type TooManyTagsException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s TooManyTagsException) GoString() string { + return s.String() +} + +func newErrorTooManyTagsException(v protocol.ResponseMetadata) error { + return &TooManyTagsException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *TooManyTagsException) Code() string { + return "TooManyTagsException" +} + +// Message returns the exception's message. +func (s *TooManyTagsException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *TooManyTagsException) OrigErr() error { + return nil +} + +func (s *TooManyTagsException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *TooManyTagsException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *TooManyTagsException) RequestID() string { + return s.RespMetadata.RequestID +} + +type UntagResourceInput struct { + _ struct{} `type:"structure"` + + // The ARN of the configuration. + // + // ResourceARN is a required field + ResourceARN *string `min:"1" type:"string" required:"true"` + + // A list of tag keys to remove from the configuration. + // + // TagKeys is a required field + TagKeys []*string `type:"list" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceInput) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *UntagResourceInput) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} + if s.ResourceARN == nil { + invalidParams.Add(request.NewErrParamRequired("ResourceARN")) + } + if s.ResourceARN != nil && len(*s.ResourceARN) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ResourceARN", 1)) + } + if s.TagKeys == nil { + invalidParams.Add(request.NewErrParamRequired("TagKeys")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetResourceARN sets the ResourceARN field's value. +func (s *UntagResourceInput) SetResourceARN(v string) *UntagResourceInput { + s.ResourceARN = &v + return s +} + +// SetTagKeys sets the TagKeys field's value. +func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { + s.TagKeys = v + return s +} + +type UntagResourceOutput struct { + _ struct{} `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s UntagResourceOutput) GoString() string { + return s.String() +} + // We can’t process your request right now because of a server issue. Try // again later. type UpdateAccountPreferencesException struct { diff --git a/service/chatbot/chatbotiface/interface.go b/service/chatbot/chatbotiface/interface.go index 075d9446747..687a7d60d61 100644 --- a/service/chatbot/chatbotiface/interface.go +++ b/service/chatbot/chatbotiface/interface.go @@ -157,6 +157,18 @@ type ChatbotAPI interface { ListMicrosoftTeamsUserIdentitiesPages(*chatbot.ListMicrosoftTeamsUserIdentitiesInput, func(*chatbot.ListMicrosoftTeamsUserIdentitiesOutput, bool) bool) error ListMicrosoftTeamsUserIdentitiesPagesWithContext(aws.Context, *chatbot.ListMicrosoftTeamsUserIdentitiesInput, func(*chatbot.ListMicrosoftTeamsUserIdentitiesOutput, bool) bool, ...request.Option) error + ListTagsForResource(*chatbot.ListTagsForResourceInput) (*chatbot.ListTagsForResourceOutput, error) + ListTagsForResourceWithContext(aws.Context, *chatbot.ListTagsForResourceInput, ...request.Option) (*chatbot.ListTagsForResourceOutput, error) + ListTagsForResourceRequest(*chatbot.ListTagsForResourceInput) (*request.Request, *chatbot.ListTagsForResourceOutput) + + TagResource(*chatbot.TagResourceInput) (*chatbot.TagResourceOutput, error) + TagResourceWithContext(aws.Context, *chatbot.TagResourceInput, ...request.Option) (*chatbot.TagResourceOutput, error) + TagResourceRequest(*chatbot.TagResourceInput) (*request.Request, *chatbot.TagResourceOutput) + + UntagResource(*chatbot.UntagResourceInput) (*chatbot.UntagResourceOutput, error) + UntagResourceWithContext(aws.Context, *chatbot.UntagResourceInput, ...request.Option) (*chatbot.UntagResourceOutput, error) + UntagResourceRequest(*chatbot.UntagResourceInput) (*request.Request, *chatbot.UntagResourceOutput) + UpdateAccountPreferences(*chatbot.UpdateAccountPreferencesInput) (*chatbot.UpdateAccountPreferencesOutput, error) UpdateAccountPreferencesWithContext(aws.Context, *chatbot.UpdateAccountPreferencesInput, ...request.Option) (*chatbot.UpdateAccountPreferencesOutput, error) UpdateAccountPreferencesRequest(*chatbot.UpdateAccountPreferencesInput) (*request.Request, *chatbot.UpdateAccountPreferencesOutput) diff --git a/service/chatbot/errors.go b/service/chatbot/errors.go index 3d133df9c4b..6748a90dbf6 100644 --- a/service/chatbot/errors.go +++ b/service/chatbot/errors.go @@ -125,6 +125,12 @@ const ( // again later. ErrCodeGetTeamsChannelConfigurationException = "GetTeamsChannelConfigurationException" + // ErrCodeInternalServiceError for service response error code + // "InternalServiceError". + // + // Customer/consumer-facing internal service exception. https://w.amazon.com/index.php/AWS/API_Standards/Exceptions#InternalServiceError + ErrCodeInternalServiceError = "InternalServiceError" + // ErrCodeInvalidParameterException for service response error code // "InvalidParameterException". // @@ -170,6 +176,19 @@ const ( // We were not able to find the resource for your request. ErrCodeResourceNotFoundException = "ResourceNotFoundException" + // ErrCodeServiceUnavailableException for service response error code + // "ServiceUnavailableException". + // + // We can’t process your request right now because of a server issue. Try + // again later. + ErrCodeServiceUnavailableException = "ServiceUnavailableException" + + // ErrCodeTooManyTagsException for service response error code + // "TooManyTagsException". + // + // The supplied list of tags contains too many tags. + ErrCodeTooManyTagsException = "TooManyTagsException" + // ErrCodeUpdateAccountPreferencesException for service response error code // "UpdateAccountPreferencesException". // @@ -217,6 +236,7 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "DescribeSlackWorkspacesException": newErrorDescribeSlackWorkspacesException, "GetAccountPreferencesException": newErrorGetAccountPreferencesException, "GetTeamsChannelConfigurationException": newErrorGetTeamsChannelConfigurationException, + "InternalServiceError": newErrorInternalServiceError, "InvalidParameterException": newErrorInvalidParameterException, "InvalidRequestException": newErrorInvalidRequestException, "LimitExceededException": newErrorLimitExceededException, @@ -224,6 +244,8 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "ListMicrosoftTeamsUserIdentitiesException": newErrorListMicrosoftTeamsUserIdentitiesException, "ListTeamsChannelConfigurationsException": newErrorListTeamsChannelConfigurationsException, "ResourceNotFoundException": newErrorResourceNotFoundException, + "ServiceUnavailableException": newErrorServiceUnavailableException, + "TooManyTagsException": newErrorTooManyTagsException, "UpdateAccountPreferencesException": newErrorUpdateAccountPreferencesException, "UpdateChimeWebhookConfigurationException": newErrorUpdateChimeWebhookConfigurationException, "UpdateSlackChannelConfigurationException": newErrorUpdateSlackChannelConfigurationException, diff --git a/service/cloudformation/api.go b/service/cloudformation/api.go index d81af5a1756..e1c52bc8862 100644 --- a/service/cloudformation/api.go +++ b/service/cloudformation/api.go @@ -11327,6 +11327,15 @@ type DeleteStackInput struct { // stack event would be assigned the same token in the following format: Console-CreateStack-7f59c3cf-00d2-40c7-b2ff-e75db0987002. ClientRequestToken *string `min:"1" type:"string"` + // Specifies the deletion mode for the stack. Possible values are: + // + // * STANDARD - Use the standard behavior. Specifying this value is the same + // as not specifying this parameter. + // + // * FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED + // state due to resource deletion failure. + DeletionMode *string `type:"string" enum:"DeletionMode"` + // For stacks in the DELETE_FAILED state, a list of resource logical IDs that // are associated with the resources you want to retain. During deletion, CloudFormation // deletes the stack but doesn't delete the retained resources. @@ -11393,6 +11402,12 @@ func (s *DeleteStackInput) SetClientRequestToken(v string) *DeleteStackInput { return s } +// SetDeletionMode sets the DeletionMode field's value. +func (s *DeleteStackInput) SetDeletionMode(v string) *DeleteStackInput { + s.DeletionMode = &v + return s +} + // SetRetainResources sets the RetainResources field's value. func (s *DeleteStackInput) SetRetainResources(v []*string) *DeleteStackInput { s.RetainResources = v @@ -17147,7 +17162,7 @@ type ListStackInstanceResourceDriftsOutput struct { // the previous response object's NextToken parameter is set to null. NextToken *string `min:"1" type:"string"` - // A list of StackInstanceResourceDriftSummary structures that contain information + // A list of StackInstanceResourceDriftsSummary structures that contain information // about the specified stack instances. Summaries []*StackInstanceResourceDriftsSummary `type:"list"` } @@ -21643,6 +21658,15 @@ type Stack struct { // CreationTime is a required field CreationTime *time.Time `type:"timestamp" required:"true"` + // Specifies the deletion mode for the stack. Possible values are: + // + // * STANDARD - Use the standard behavior. Specifying this value is the same + // as not specifying this parameter. + // + // * FORCE_DELETE_STACK - Delete the stack if it's stuck in a DELETE_FAILED + // state due to resource deletion failure. + DeletionMode *string `type:"string" enum:"DeletionMode"` + // The time the stack was deleted. DeletionTime *time.Time `type:"timestamp"` @@ -21783,6 +21807,12 @@ func (s *Stack) SetCreationTime(v time.Time) *Stack { return s } +// SetDeletionMode sets the DeletionMode field's value. +func (s *Stack) SetDeletionMode(v string) *Stack { + s.DeletionMode = &v + return s +} + // SetDeletionTime sets the DeletionTime field's value. func (s *Stack) SetDeletionTime(v time.Time) *Stack { s.DeletionTime = &v @@ -24125,7 +24155,7 @@ type StackSetOperationPreferences struct { // level to ensure the number of failed accounts never exceeds the value // of FailureToleranceCount +1. The initial actual concurrency is set to // the lower of either the value of the MaxConcurrentCount, or the value - // of MaxConcurrentCount +1. The actual concurrency is then reduced proportionally + // of FailureToleranceCount +1. The actual concurrency is then reduced proportionally // by the number of failures. This is the default behavior. If failure tolerance // or Maximum concurrent accounts are set to percentages, the behavior is // similar. @@ -28028,6 +28058,22 @@ func ConcurrencyMode_Values() []string { } } +const ( + // DeletionModeStandard is a DeletionMode enum value + DeletionModeStandard = "STANDARD" + + // DeletionModeForceDeleteStack is a DeletionMode enum value + DeletionModeForceDeleteStack = "FORCE_DELETE_STACK" +) + +// DeletionMode_Values returns all elements of the DeletionMode enum +func DeletionMode_Values() []string { + return []string{ + DeletionModeStandard, + DeletionModeForceDeleteStack, + } +} + const ( // DeprecatedStatusLive is a DeprecatedStatus enum value DeprecatedStatusLive = "LIVE" diff --git a/service/kms/api.go b/service/kms/api.go index c1526ee63aa..f25af3aaab1 100644 --- a/service/kms/api.go +++ b/service/kms/api.go @@ -4911,9 +4911,9 @@ func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) // GetParametersForImport returns the items that you need to import your key // material. // -// - The public key (or "wrapping key") of an RSA key pair that KMS generates. -// You will use this public key to encrypt ("wrap") your key material while -// it's in transit to KMS. +// - The public key (or "wrapping key") of an asymmetric key pair that KMS +// generates. You will use this public key to encrypt ("wrap") your key material +// while it's in transit to KMS. // // - A import token that ensures that KMS can decrypt your key material and // associate it with the correct KMS key. @@ -15199,19 +15199,25 @@ type GetParametersForImportInput struct { // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` - // The algorithm you will use with the RSA public key (PublicKey) in the response - // to protect your key material during import. For more information, see Select - // a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm) + // The algorithm you will use with the asymmetric public key (PublicKey) in + // the response to protect your key material during import. For more information, + // see Select a wrapping algorithm (kms/latest/developerguide/importing-keys-get-public-key-and-token.html#select-wrapping-algorithm) // in the Key Management Service Developer Guide. // // For RSA_AES wrapping algorithms, you encrypt your key material with an AES // key that you generate, then encrypt your AES key with the RSA public key // from KMS. For RSAES wrapping algorithms, you encrypt your key material directly - // with the RSA public key from KMS. + // with the RSA public key from KMS. For SM2PKE wrapping algorithms, you encrypt + // your key material directly with the SM2 public key from KMS. // // The wrapping algorithms that you can use depend on the type of key material // that you are importing. To import an RSA private key, you must use an RSA_AES - // wrapping algorithm. + // wrapping algorithm, except in China Regions, where you must use the SM2PKE + // wrapping algorithm to import an RSA private key. + // + // The SM2PKE wrapping algorithm is available only in China Regions. The RSA_AES_KEY_WRAP_SHA_256 + // and RSA_AES_KEY_WRAP_SHA_1 wrapping algorithms are not supported in China + // Regions. // // * RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key // material. @@ -15231,19 +15237,24 @@ type GetParametersForImportInput struct { // * RSAES_PKCS1_V1_5 (Deprecated) — As of October 10, 2023, KMS does not // support the RSAES_PKCS1_V1_5 wrapping algorithm. // + // * SM2PKE (China Regions only) — supported for wrapping RSA, ECC, and + // SM2 key material. + // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` - // The type of RSA public key to return in the response. You will use this wrapping + // The type of public key to return in the response. You will use this wrapping // key with the specified wrapping algorithm to protect your key material during // import. // - // Use the longest RSA wrapping key that is practical. + // Use the longest wrapping key that is practical. // // You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private // key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public // key. // + // The SM2 wrapping key spec is available only in China Regions. + // // WrappingKeySpec is a required field WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` } @@ -22678,6 +22689,9 @@ const ( // AlgorithmSpecRsaAesKeyWrapSha256 is a AlgorithmSpec enum value AlgorithmSpecRsaAesKeyWrapSha256 = "RSA_AES_KEY_WRAP_SHA_256" + + // AlgorithmSpecSm2pke is a AlgorithmSpec enum value + AlgorithmSpecSm2pke = "SM2PKE" ) // AlgorithmSpec_Values returns all elements of the AlgorithmSpec enum @@ -22688,6 +22702,7 @@ func AlgorithmSpec_Values() []string { AlgorithmSpecRsaesOaepSha256, AlgorithmSpecRsaAesKeyWrapSha1, AlgorithmSpecRsaAesKeyWrapSha256, + AlgorithmSpecSm2pke, } } @@ -23344,6 +23359,9 @@ const ( // WrappingKeySpecRsa4096 is a WrappingKeySpec enum value WrappingKeySpecRsa4096 = "RSA_4096" + + // WrappingKeySpecSm2 is a WrappingKeySpec enum value + WrappingKeySpecSm2 = "SM2" ) // WrappingKeySpec_Values returns all elements of the WrappingKeySpec enum @@ -23352,6 +23370,7 @@ func WrappingKeySpec_Values() []string { WrappingKeySpecRsa2048, WrappingKeySpecRsa3072, WrappingKeySpecRsa4096, + WrappingKeySpecSm2, } } diff --git a/service/opensearchservice/api.go b/service/opensearchservice/api.go index eb7c635819e..6daa59320fb 100644 --- a/service/opensearchservice/api.go +++ b/service/opensearchservice/api.go @@ -10194,6 +10194,9 @@ type DataSourceDetails struct { // The name of the data source. Name *string `min:"3" type:"string"` + + // The status of the data source. + Status *string `type:"string" enum:"DataSourceStatus"` } // String returns the string representation. @@ -10232,6 +10235,12 @@ func (s *DataSourceDetails) SetName(v string) *DataSourceDetails { return s } +// SetStatus sets the Status field's value. +func (s *DataSourceDetails) SetStatus(v string) *DataSourceDetails { + s.Status = &v + return s +} + // The type of data source. type DataSourceType struct { _ struct{} `type:"structure"` @@ -13514,7 +13523,7 @@ type DomainStatus struct { // for all traffic. DomainEndpointOptions *DomainEndpointOptions `type:"structure"` - // The DualStack Hosted Zone Id for the domain. + // The dual stack hosted zone ID for the domain. DomainEndpointV2HostedZoneId *string `type:"string"` // Unique identifier for the domain. @@ -14502,6 +14511,9 @@ type GetDataSourceOutput struct { // The name of the data source. Name *string `min:"3" type:"string"` + + // The status of the data source response. + Status *string `type:"string" enum:"DataSourceStatus"` } // String returns the string representation. @@ -14540,6 +14552,12 @@ func (s *GetDataSourceOutput) SetName(v string) *GetDataSourceOutput { return s } +// SetStatus sets the Status field's value. +func (s *GetDataSourceOutput) SetStatus(v string) *GetDataSourceOutput { + s.Status = &v + return s +} + // Container for the parameters to the GetDomainMaintenanceStatus operation. type GetDomainMaintenanceStatusInput struct { _ struct{} `type:"structure" nopayload:"true"` @@ -19948,6 +19966,9 @@ type UpdateDataSourceInput struct { // // Name is a required field Name *string `location:"uri" locationName:"DataSourceName" min:"3" type:"string" required:"true"` + + // The status of the data source update request. + Status *string `type:"string" enum:"DataSourceStatus"` } // String returns the string representation. @@ -20022,6 +20043,12 @@ func (s *UpdateDataSourceInput) SetName(v string) *UpdateDataSourceInput { return s } +// SetStatus sets the Status field's value. +func (s *UpdateDataSourceInput) SetStatus(v string) *UpdateDataSourceInput { + s.Status = &v + return s +} + // The result of an UpdateDataSource operation. type UpdateDataSourceOutput struct { _ struct{} `type:"structure"` @@ -21875,6 +21902,22 @@ func ConnectionMode_Values() []string { } } +const ( + // DataSourceStatusActive is a DataSourceStatus enum value + DataSourceStatusActive = "ACTIVE" + + // DataSourceStatusDisabled is a DataSourceStatus enum value + DataSourceStatusDisabled = "DISABLED" +) + +// DataSourceStatus_Values returns all elements of the DataSourceStatus enum +func DataSourceStatus_Values() []string { + return []string{ + DataSourceStatusActive, + DataSourceStatusDisabled, + } +} + const ( // DeploymentStatusPendingUpdate is a DeploymentStatus enum value DeploymentStatusPendingUpdate = "PENDING_UPDATE" diff --git a/service/wafv2/api.go b/service/wafv2/api.go index 0d89fa526bf..5f0cfb4499f 100644 --- a/service/wafv2/api.go +++ b/service/wafv2/api.go @@ -7557,14 +7557,16 @@ type ByteMatchStatement struct { // * UriPath: The value that you want WAF to search for in the URI path, // for example, /images/daily-ad.jpg. // - // * JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 - // fingerprint is a 32-character hash derived from the TLS Client Hello of - // an incoming request. This fingerprint serves as a unique identifier for - // the client's TLS configuration. You can use this choice only with a string - // match ByteMatchStatement with the PositionalConstraint set to EXACTLY. - // You can obtain the JA3 fingerprint for client requests from the web ACL - // logs. If WAF is able to calculate the fingerprint, it includes it in the - // logs. For information about the logging fields, see Log fields (https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) + // * JA3Fingerprint: Available for use with Amazon CloudFront distributions + // and Application Load Balancers. Match against the request's JA3 fingerprint. + // The JA3 fingerprint is a 32-character hash derived from the TLS Client + // Hello of an incoming request. This fingerprint serves as a unique identifier + // for the client's TLS configuration. You can use this choice only with + // a string match ByteMatchStatement with the PositionalConstraint set to + // EXACTLY. You can obtain the JA3 fingerprint for client requests from the + // web ACL logs. If WAF is able to calculate the fingerprint, it includes + // it in the logs. For information about the logging fields, see Log fields + // (https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) // in the WAF Developer Guide. // // * HeaderOrder: The list of header names to match for. WAF creates a string @@ -10241,6 +10243,24 @@ func (s DeleteIPSetOutput) GoString() string { type DeleteLoggingConfigurationInput struct { _ struct{} `type:"structure"` + // The owner of the logging configuration, which must be set to CUSTOMER for + // the configurations that you manage. + // + // The log scope SECURITY_LAKE indicates a configuration that is managed through + // Amazon Security Lake. You can use Security Lake to collect log and event + // data from various sources for normalization, analysis, and management. For + // information, see Collecting data from Amazon Web Services services (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) + // in the Amazon Security Lake user guide. + // + // Default: CUSTOMER + LogScope *string `type:"string" enum:"LogScope"` + + // Used to distinguish between various logging options. Currently, there is + // one option. + // + // Default: WAF_LOGS + LogType *string `type:"string" enum:"LogType"` + // The Amazon Resource Name (ARN) of the web ACL from which you want to delete // the LoggingConfiguration. // @@ -10282,6 +10302,18 @@ func (s *DeleteLoggingConfigurationInput) Validate() error { return nil } +// SetLogScope sets the LogScope field's value. +func (s *DeleteLoggingConfigurationInput) SetLogScope(v string) *DeleteLoggingConfigurationInput { + s.LogScope = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *DeleteLoggingConfigurationInput) SetLogType(v string) *DeleteLoggingConfigurationInput { + s.LogType = &v + return s +} + // SetResourceArn sets the ResourceArn field's value. func (s *DeleteLoggingConfigurationInput) SetResourceArn(v string) *DeleteLoggingConfigurationInput { s.ResourceArn = &v @@ -11448,7 +11480,10 @@ func (s *ExcludedRule) SetName(v string) *ExcludedRule { // SingleHeader, and Method. In this documentation, the descriptions of the // individual fields talk about specifying the web request component to inspect, // but for field redaction, you are specifying the component type to redact -// from the logs. +// from the logs. If you have request sampling enabled, the redacted fields +// configuration for logging has no impact on sampling. The only way to exclude +// fields from request sampling is by disabling sampling in the web ACL visibility +// configuration. type FieldToMatch struct { _ struct{} `type:"structure"` @@ -11506,11 +11541,13 @@ type FieldToMatch struct { // from the underlying host service. Headers *Headers `type:"structure"` - // Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character - // hash derived from the TLS Client Hello of an incoming request. This fingerprint - // serves as a unique identifier for the client's TLS configuration. WAF calculates - // and logs this fingerprint for each request that has enough TLS Client Hello - // information for the calculation. Almost all web requests include this information. + // Available for use with Amazon CloudFront distributions and Application Load + // Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint + // is a 32-character hash derived from the TLS Client Hello of an incoming request. + // This fingerprint serves as a unique identifier for the client's TLS configuration. + // WAF calculates and logs this fingerprint for each request that has enough + // TLS Client Hello information for the calculation. Almost all web requests + // include this information. // // You can use this choice only with a string match ByteMatchStatement with // the PositionalConstraint set to EXACTLY. @@ -12489,6 +12526,24 @@ func (s *GetIPSetOutput) SetLockToken(v string) *GetIPSetOutput { type GetLoggingConfigurationInput struct { _ struct{} `type:"structure"` + // The owner of the logging configuration, which must be set to CUSTOMER for + // the configurations that you manage. + // + // The log scope SECURITY_LAKE indicates a configuration that is managed through + // Amazon Security Lake. You can use Security Lake to collect log and event + // data from various sources for normalization, analysis, and management. For + // information, see Collecting data from Amazon Web Services services (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) + // in the Amazon Security Lake user guide. + // + // Default: CUSTOMER + LogScope *string `type:"string" enum:"LogScope"` + + // Used to distinguish between various logging options. Currently, there is + // one option. + // + // Default: WAF_LOGS + LogType *string `type:"string" enum:"LogType"` + // The Amazon Resource Name (ARN) of the web ACL for which you want to get the // LoggingConfiguration. // @@ -12530,6 +12585,18 @@ func (s *GetLoggingConfigurationInput) Validate() error { return nil } +// SetLogScope sets the LogScope field's value. +func (s *GetLoggingConfigurationInput) SetLogScope(v string) *GetLoggingConfigurationInput { + s.LogScope = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *GetLoggingConfigurationInput) SetLogType(v string) *GetLoggingConfigurationInput { + s.LogType = &v + return s +} + // SetResourceArn sets the ResourceArn field's value. func (s *GetLoggingConfigurationInput) SetResourceArn(v string) *GetLoggingConfigurationInput { s.ResourceArn = &v @@ -14634,11 +14701,13 @@ func (s *ImmunityTimeProperty) SetImmunityTime(v int64) *ImmunityTimeProperty { return s } -// Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character -// hash derived from the TLS Client Hello of an incoming request. This fingerprint -// serves as a unique identifier for the client's TLS configuration. WAF calculates -// and logs this fingerprint for each request that has enough TLS Client Hello -// information for the calculation. Almost all web requests include this information. +// Available for use with Amazon CloudFront distributions and Application Load +// Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint +// is a 32-character hash derived from the TLS Client Hello of an incoming request. +// This fingerprint serves as a unique identifier for the client's TLS configuration. +// WAF calculates and logs this fingerprint for each request that has enough +// TLS Client Hello information for the calculation. Almost all web requests +// include this information. // // You can use this choice only with a string match ByteMatchStatement with // the PositionalConstraint set to EXACTLY. @@ -15748,6 +15817,18 @@ type ListLoggingConfigurationsInput struct { // value that you can use in a subsequent call to get the next batch of objects. Limit *int64 `min:"1" type:"integer"` + // The owner of the logging configuration, which must be set to CUSTOMER for + // the configurations that you manage. + // + // The log scope SECURITY_LAKE indicates a configuration that is managed through + // Amazon Security Lake. You can use Security Lake to collect log and event + // data from various sources for normalization, analysis, and management. For + // information, see Collecting data from Amazon Web Services services (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) + // in the Amazon Security Lake user guide. + // + // Default: CUSTOMER + LogScope *string `type:"string" enum:"LogScope"` + // When you request a list of objects with a Limit setting, if the number of // objects that are still available for retrieval exceeds the limit, WAF returns // a NextMarker value in the response. To retrieve the next batch of objects, @@ -15815,6 +15896,12 @@ func (s *ListLoggingConfigurationsInput) SetLimit(v int64) *ListLoggingConfigura return s } +// SetLogScope sets the LogScope field's value. +func (s *ListLoggingConfigurationsInput) SetLogScope(v string) *ListLoggingConfigurationsInput { + s.LogScope = &v + return s +} + // SetNextMarker sets the NextMarker field's value. func (s *ListLoggingConfigurationsInput) SetNextMarker(v string) *ListLoggingConfigurationsInput { s.NextMarker = &v @@ -16778,6 +16865,24 @@ type LoggingConfiguration struct { // LogDestinationConfigs is a required field LogDestinationConfigs []*string `min:"1" type:"list" required:"true"` + // The owner of the logging configuration, which must be set to CUSTOMER for + // the configurations that you manage. + // + // The log scope SECURITY_LAKE indicates a configuration that is managed through + // Amazon Security Lake. You can use Security Lake to collect log and event + // data from various sources for normalization, analysis, and management. For + // information, see Collecting data from Amazon Web Services services (https://docs.aws.amazon.com/security-lake/latest/userguide/internal-sources.html) + // in the Amazon Security Lake user guide. + // + // Default: CUSTOMER + LogScope *string `type:"string" enum:"LogScope"` + + // Used to distinguish between various logging options. Currently, there is + // one option. + // + // Default: WAF_LOGS + LogType *string `type:"string" enum:"LogType"` + // Filtering that specifies which web requests are kept in the logs and which // are dropped. You can filter on the rule action and on the web request labels // that were applied by matching rules during web ACL evaluation. @@ -16800,6 +16905,10 @@ type LoggingConfiguration struct { // // You can specify only the following fields for redaction: UriPath, QueryString, // SingleHeader, and Method. + // + // This setting has no impact on request sampling. With request sampling, the + // only way to exclude fields is by disabling sampling in the web ACL visibility + // configuration. RedactedFields []*FieldToMatch `type:"list"` // The Amazon Resource Name (ARN) of the web ACL that you want to associate @@ -16870,6 +16979,18 @@ func (s *LoggingConfiguration) SetLogDestinationConfigs(v []*string) *LoggingCon return s } +// SetLogScope sets the LogScope field's value. +func (s *LoggingConfiguration) SetLogScope(v string) *LoggingConfiguration { + s.LogScope = &v + return s +} + +// SetLogType sets the LogType field's value. +func (s *LoggingConfiguration) SetLogType(v string) *LoggingConfiguration { + s.LogType = &v + return s +} + // SetLoggingFilter sets the LoggingFilter field's value. func (s *LoggingConfiguration) SetLoggingFilter(v *LoggingFilter) *LoggingConfiguration { s.LoggingFilter = v @@ -24834,6 +24955,11 @@ type VisibilityConfig struct { // Indicates whether WAF should store a sampling of the web requests that match // the rules. You can view the sampled requests through the WAF console. // + // Request sampling doesn't provide a field redaction option, and any field + // redaction that you specify in your logging configuration doesn't affect sampling. + // The only way to exclude fields from request sampling is by disabling sampling + // in the web ACL visibility configuration. + // // SampledRequestsEnabled is a required field SampledRequestsEnabled *bool `type:"boolean" required:"true"` } @@ -27916,6 +28042,34 @@ func LabelMatchScope_Values() []string { } } +const ( + // LogScopeCustomer is a LogScope enum value + LogScopeCustomer = "CUSTOMER" + + // LogScopeSecurityLake is a LogScope enum value + LogScopeSecurityLake = "SECURITY_LAKE" +) + +// LogScope_Values returns all elements of the LogScope enum +func LogScope_Values() []string { + return []string{ + LogScopeCustomer, + LogScopeSecurityLake, + } +} + +const ( + // LogTypeWafLogs is a LogType enum value + LogTypeWafLogs = "WAF_LOGS" +) + +// LogType_Values returns all elements of the LogType enum +func LogType_Values() []string { + return []string{ + LogTypeWafLogs, + } +} + const ( // MapMatchScopeAll is a MapMatchScope enum value MapMatchScopeAll = "ALL"