The caching keys for a resolver that has caching enabled.
Valid values are entries from the $context.identity
and $context.arguments
maps.
The caching keys for a resolver that has caching enabled.
Valid values are entries from the $context.arguments
, $context.source
, and $context.identity
maps.
The caching configuration for a resolver that has caching enabled.
" @@ -1236,7 +1236,7 @@ }, "requestMappingTemplate":{ "shape":"MappingTemplate", - "documentation":"The mapping template to be used for requests.
A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).
" + "documentation":"The mapping template to be used for requests.
A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).
VTL request mapping templates are optional when using a Lambda data source. For all other data sources, VTL request and response mapping templates are required.
" }, "responseMappingTemplate":{ "shape":"MappingTemplate", @@ -3008,7 +3008,7 @@ }, "requestMappingTemplate":{ "shape":"MappingTemplate", - "documentation":"The new request mapping template.
" + "documentation":"The new request mapping template.
A resolver uses a request mapping template to convert a GraphQL expression into a format that a data source can understand. Mapping templates are written in Apache Velocity Template Language (VTL).
VTL request mapping templates are optional when using a Lambda data source. For all other data sources, VTL request and response mapping templates are required.
" }, "responseMappingTemplate":{ "shape":"MappingTemplate", diff --git a/services/athena/pom.xml b/services/athena/pom.xml index 705af82351c2..282ff82231b6 100644 --- a/services/athena/pom.xml +++ b/services/athena/pom.xml @@ -21,7 +21,7 @@Cancels the specified task.
", + "idempotent":true + }, + "CreateQuantumTask":{ + "name":"CreateQuantumTask", + "http":{ + "method":"POST", + "requestUri":"/quantum-task", + "responseCode":201 + }, + "input":{"shape":"CreateQuantumTaskRequest"}, + "output":{"shape":"CreateQuantumTaskResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"DeviceOfflineException"}, + {"shape":"InternalServiceException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ValidationException"} + ], + "documentation":"Creates a quantum task.
" + }, + "GetDevice":{ + "name":"GetDevice", + "http":{ + "method":"GET", + "requestUri":"/device/{deviceArn}", + "responseCode":200 + }, + "input":{"shape":"GetDeviceRequest"}, + "output":{"shape":"GetDeviceResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Retrieves the devices available in Amazon Braket.
" + }, + "GetQuantumTask":{ + "name":"GetQuantumTask", + "http":{ + "method":"GET", + "requestUri":"/quantum-task/{quantumTaskArn}", + "responseCode":200 + }, + "input":{"shape":"GetQuantumTaskRequest"}, + "output":{"shape":"GetQuantumTaskResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Retrieves the specified quantum task.
" + }, + "SearchDevices":{ + "name":"SearchDevices", + "http":{ + "method":"POST", + "requestUri":"/devices", + "responseCode":200 + }, + "input":{"shape":"SearchDevicesRequest"}, + "output":{"shape":"SearchDevicesResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Searches for devices using the specified filters.
" + }, + "SearchQuantumTasks":{ + "name":"SearchQuantumTasks", + "http":{ + "method":"POST", + "requestUri":"/quantum-tasks", + "responseCode":200 + }, + "input":{"shape":"SearchQuantumTasksRequest"}, + "output":{"shape":"SearchQuantumTasksResponse"}, + "errors":[ + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"}, + {"shape":"ValidationException"} + ], + "documentation":"Searches for tasks that match the specified filter values.
" + } + }, + "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"You do not have sufficient access to perform this action.
", + "error":{ + "httpStatusCode":403, + "senderFault":true + }, + "exception":true + }, + "CancelQuantumTaskRequest":{ + "type":"structure", + "required":[ + "clientToken", + "quantumTaskArn" + ], + "members":{ + "clientToken":{ + "shape":"String64", + "documentation":"The client token associated with the request.
", + "idempotencyToken":true + }, + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"The ARN of the task to cancel.
", + "location":"uri", + "locationName":"quantumTaskArn" + } + } + }, + "CancelQuantumTaskResponse":{ + "type":"structure", + "required":[ + "cancellationStatus", + "quantumTaskArn" + ], + "members":{ + "cancellationStatus":{ + "shape":"CancellationStatus", + "documentation":"The status of the cancellation request.
" + }, + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"The ARN of the task.
" + } + } + }, + "CancellationStatus":{ + "type":"string", + "enum":[ + "CANCELLED", + "CANCELLING" + ] + }, + "ConflictException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"An error occurred due to a conflict.
", + "error":{ + "httpStatusCode":409, + "senderFault":true + }, + "exception":true + }, + "CreateQuantumTaskRequest":{ + "type":"structure", + "required":[ + "action", + "clientToken", + "deviceArn", + "outputS3Bucket", + "outputS3KeyPrefix", + "shots" + ], + "members":{ + "action":{ + "shape":"JsonValue", + "documentation":"The action associated with the task.
", + "jsonvalue":true + }, + "clientToken":{ + "shape":"String64", + "documentation":"The client token associated with the request.
", + "idempotencyToken":true + }, + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device to run the task on.
" + }, + "deviceParameters":{ + "shape":"CreateQuantumTaskRequestdeviceParametersJsonValue", + "documentation":"The parameters for the device to run the task on.
", + "jsonvalue":true + }, + "outputS3Bucket":{ + "shape":"CreateQuantumTaskRequestoutputS3BucketString", + "documentation":"The S3 bucket to store task result files in.
" + }, + "outputS3KeyPrefix":{ + "shape":"CreateQuantumTaskRequestoutputS3KeyPrefixString", + "documentation":"The key prefix for the location in the S3 bucket to store task results in.
" + }, + "shots":{ + "shape":"CreateQuantumTaskRequestshotsLong", + "documentation":"The number of shots to use for the task.
" + } + } + }, + "CreateQuantumTaskRequestdeviceParametersJsonValue":{ + "type":"string", + "max":2048, + "min":1 + }, + "CreateQuantumTaskRequestoutputS3BucketString":{ + "type":"string", + "max":63, + "min":3 + }, + "CreateQuantumTaskRequestoutputS3KeyPrefixString":{ + "type":"string", + "max":1024, + "min":1 + }, + "CreateQuantumTaskRequestshotsLong":{ + "type":"long", + "box":true, + "min":0 + }, + "CreateQuantumTaskResponse":{ + "type":"structure", + "required":["quantumTaskArn"], + "members":{ + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"The ARN of the task created by the request.
" + } + } + }, + "DeviceArn":{ + "type":"string", + "max":256, + "min":1 + }, + "DeviceOfflineException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The specified device is currently offline.
", + "error":{ + "httpStatusCode":424, + "senderFault":true + }, + "exception":true + }, + "DeviceStatus":{ + "type":"string", + "enum":[ + "QPU", + "SIMULATOR" + ] + }, + "DeviceSummary":{ + "type":"structure", + "required":[ + "deviceArn", + "deviceName", + "deviceStatus", + "deviceType", + "providerName" + ], + "members":{ + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device.
" + }, + "deviceName":{ + "shape":"String", + "documentation":"The name of the device.
" + }, + "deviceStatus":{ + "shape":"DeviceStatus", + "documentation":"The status of the device.
" + }, + "deviceType":{ + "shape":"DeviceType", + "documentation":"The type of the device.
" + }, + "providerName":{ + "shape":"String", + "documentation":"The provider of the device.
" + } + }, + "documentation":"Includes information about the device.
" + }, + "DeviceSummaryList":{ + "type":"list", + "member":{"shape":"DeviceSummary"} + }, + "DeviceType":{ + "type":"string", + "enum":[ + "OFFLINE", + "ONLINE" + ] + }, + "GetDeviceRequest":{ + "type":"structure", + "required":["deviceArn"], + "members":{ + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device to retrieve.
", + "location":"uri", + "locationName":"deviceArn" + } + } + }, + "GetDeviceResponse":{ + "type":"structure", + "required":[ + "deviceArn", + "deviceCapabilities", + "deviceName", + "deviceStatus", + "deviceType", + "providerName" + ], + "members":{ + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device.
" + }, + "deviceCapabilities":{ + "shape":"JsonValue", + "documentation":"Details about the capabilities of the device.
", + "jsonvalue":true + }, + "deviceName":{ + "shape":"String", + "documentation":"The name of the device.
" + }, + "deviceStatus":{ + "shape":"DeviceStatus", + "documentation":"The status of the device.
" + }, + "deviceType":{ + "shape":"DeviceType", + "documentation":"The type of the device.
" + }, + "providerName":{ + "shape":"String", + "documentation":"The name of the partner company for the device.
" + } + } + }, + "GetQuantumTaskRequest":{ + "type":"structure", + "required":["quantumTaskArn"], + "members":{ + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"the ARN of the task to retrieve.
", + "location":"uri", + "locationName":"quantumTaskArn" + } + } + }, + "GetQuantumTaskResponse":{ + "type":"structure", + "required":[ + "createdAt", + "deviceArn", + "deviceParameters", + "outputS3Bucket", + "outputS3Directory", + "quantumTaskArn", + "shots", + "status" + ], + "members":{ + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The time at which the task was created.
" + }, + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device the task was run on.
" + }, + "deviceParameters":{ + "shape":"JsonValue", + "documentation":"The parameters for the device on which the task ran.
", + "jsonvalue":true + }, + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The time at which the task ended.
" + }, + "failureReason":{ + "shape":"String", + "documentation":"The reason that a task failed.
" + }, + "outputS3Bucket":{ + "shape":"String", + "documentation":"The S3 bucket where task results are stored.
" + }, + "outputS3Directory":{ + "shape":"String", + "documentation":"The folder in the S3 bucket where task results are stored.
" + }, + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"The ARN of the task.
" + }, + "shots":{ + "shape":"Long", + "documentation":"The number of shots used in the task.
" + }, + "status":{ + "shape":"QuantumTaskStatus", + "documentation":"The status of the task.
" + } + } + }, + "InternalServiceException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The request processing has failed because of an unknown error, exception or failure.
", + "error":{"httpStatusCode":500}, + "exception":true, + "fault":true + }, + "JsonValue":{"type":"string"}, + "Long":{ + "type":"long", + "box":true + }, + "QuantumTaskArn":{ + "type":"string", + "max":256, + "min":1 + }, + "QuantumTaskStatus":{ + "type":"string", + "enum":[ + "CANCELLED", + "CANCELLING", + "COMPLETED", + "CREATED", + "FAILED", + "QUEUED", + "RUNNING" + ] + }, + "QuantumTaskSummary":{ + "type":"structure", + "required":[ + "createdAt", + "deviceArn", + "outputS3Bucket", + "outputS3Directory", + "quantumTaskArn", + "shots", + "status" + ], + "members":{ + "createdAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The time at which the task was created.
" + }, + "deviceArn":{ + "shape":"DeviceArn", + "documentation":"The ARN of the device the task ran on.
" + }, + "endedAt":{ + "shape":"SyntheticTimestamp_date_time", + "documentation":"The time at which the task finished.
" + }, + "outputS3Bucket":{ + "shape":"String", + "documentation":"The S3 bucket where the task result file is stored..
" + }, + "outputS3Directory":{ + "shape":"String", + "documentation":"The folder in the S3 bucket where the task result file is stored.
" + }, + "quantumTaskArn":{ + "shape":"QuantumTaskArn", + "documentation":"The ARN of the task.
" + }, + "shots":{ + "shape":"Long", + "documentation":"The shots used for the task.
" + }, + "status":{ + "shape":"QuantumTaskStatus", + "documentation":"The status of the task.
" + } + }, + "documentation":"Includes information about a quantum task.
" + }, + "QuantumTaskSummaryList":{ + "type":"list", + "member":{"shape":"QuantumTaskSummary"} + }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The specified resource was not found.
", + "error":{ + "httpStatusCode":404, + "senderFault":true + }, + "exception":true + }, + "SearchDevicesFilter":{ + "type":"structure", + "required":[ + "name", + "values" + ], + "members":{ + "name":{ + "shape":"SearchDevicesFilternameString", + "documentation":"The name to use to filter results.
" + }, + "values":{ + "shape":"SearchDevicesFiltervaluesString256List", + "documentation":"The values to use to filter results.
" + } + }, + "documentation":"The filter to use for searching devices.
" + }, + "SearchDevicesFilternameString":{ + "type":"string", + "max":64, + "min":1 + }, + "SearchDevicesFiltervaluesString256List":{ + "type":"list", + "member":{"shape":"String256"}, + "max":10, + "min":1 + }, + "SearchDevicesRequest":{ + "type":"structure", + "required":["filters"], + "members":{ + "filters":{ + "shape":"SearchDevicesRequestfiltersSearchDevicesFilterList", + "documentation":"The filter values to use to search for a device.
" + }, + "maxResults":{ + "shape":"SearchDevicesRequestmaxResultsInteger", + "documentation":"The maximum number of results to return in the response.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"A token used for pagination of results returned in the response. Use the token returned from the previous request continue results where the previous request ended.
" + } + } + }, + "SearchDevicesRequestfiltersSearchDevicesFilterList":{ + "type":"list", + "member":{"shape":"SearchDevicesFilter"}, + "max":10, + "min":0 + }, + "SearchDevicesRequestmaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "SearchDevicesResponse":{ + "type":"structure", + "required":["devices"], + "members":{ + "devices":{ + "shape":"DeviceSummaryList", + "documentation":"An array of DeviceSummary
objects for devices that match the specified filter values.
A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.
" + } + } + }, + "SearchQuantumTasksFilter":{ + "type":"structure", + "required":[ + "name", + "operator", + "values" + ], + "members":{ + "name":{ + "shape":"String64", + "documentation":"The name of the device used for the task.
" + }, + "operator":{ + "shape":"SearchQuantumTasksFilterOperator", + "documentation":"An operator to use in the filter.
" + }, + "values":{ + "shape":"SearchQuantumTasksFiltervaluesString256List", + "documentation":"The values to use for the filter.
" + } + }, + "documentation":"A filter to use to search for tasks.
" + }, + "SearchQuantumTasksFilterOperator":{ + "type":"string", + "enum":[ + "BETWEEN", + "EQUAL", + "GT", + "GTE", + "LT", + "LTE" + ] + }, + "SearchQuantumTasksFiltervaluesString256List":{ + "type":"list", + "member":{"shape":"String256"}, + "max":10, + "min":1 + }, + "SearchQuantumTasksRequest":{ + "type":"structure", + "required":["filters"], + "members":{ + "filters":{ + "shape":"SearchQuantumTasksRequestfiltersSearchQuantumTasksFilterList", + "documentation":"Array of SearchQuantumTasksFilter
objects.
Maximum number of results to return in the response.
" + }, + "nextToken":{ + "shape":"String", + "documentation":"A token used for pagination of results returned in the response. Use the token returned from the previous request continue results where the previous request ended.
" + } + } + }, + "SearchQuantumTasksRequestfiltersSearchQuantumTasksFilterList":{ + "type":"list", + "member":{"shape":"SearchQuantumTasksFilter"}, + "max":10, + "min":0 + }, + "SearchQuantumTasksRequestmaxResultsInteger":{ + "type":"integer", + "box":true, + "max":100, + "min":1 + }, + "SearchQuantumTasksResponse":{ + "type":"structure", + "required":["quantumTasks"], + "members":{ + "nextToken":{ + "shape":"String", + "documentation":"A token used for pagination of results, or null if there are no additional results. Use the token value in a subsequent request to continue results where the previous request ended.
" + }, + "quantumTasks":{ + "shape":"QuantumTaskSummaryList", + "documentation":"An array of QuantumTaskSummary
objects for tasks that match the specified filters.
The request failed because a service quota is met.
", + "error":{ + "httpStatusCode":402, + "senderFault":true + }, + "exception":true + }, + "String":{"type":"string"}, + "String256":{ + "type":"string", + "max":256, + "min":1 + }, + "String64":{ + "type":"string", + "max":64, + "min":1 + }, + "SyntheticTimestamp_date_time":{ + "type":"timestamp", + "timestampFormat":"iso8601" + }, + "ThrottlingException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The throttling rate limit is met.
", + "error":{ + "httpStatusCode":429, + "senderFault":true + }, + "exception":true + }, + "ValidationException":{ + "type":"structure", + "members":{ + "message":{"shape":"String"} + }, + "documentation":"The input fails to satisfy the constraints specified by an AWS service.
", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + } + }, + "documentation":"The Amazon Braket API Reference provides information about the operations and structures supported in Amazon Braket.
" +} diff --git a/services/budgets/pom.xml b/services/budgets/pom.xml index 557d64c45a9f..4ce97aa0b36d 100644 --- a/services/budgets/pom.xml +++ b/services/budgets/pom.xml @@ -21,7 +21,7 @@Creates a new user in the specified user pool.
If MessageAction
is not set, the default is to send a welcome message via email or phone (SMS).
This message is based on a template that you configured in your call to or . This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser with “SUPPRESS” for the MessageAction
parameter, and Amazon Cognito will not send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD
state until they sign in and change their password.
AdminCreateUser requires developer credentials.
" + "documentation":"Creates a new user in the specified user pool.
If MessageAction
is not set, the default is to send a welcome message via email or phone (SMS).
This message is based on a template that you configured in your call to create or update a user pool. This template includes your custom sign-up instructions and placeholders for user name and temporary password.
Alternatively, you can call AdminCreateUser
with “SUPPRESS” for the MessageAction
parameter, and Amazon Cognito will not send any email.
In either case, the user will be in the FORCE_CHANGE_PASSWORD
state until they sign in and change their password.
AdminCreateUser
requires developer credentials.
Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser
) signs in, they must create a new user account. See .
This action is enabled only for admin access and requires developer credentials.
The ProviderName
must match the value specified when creating an IdP for the pool.
To disable a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be Cognito_Subject
, with the ProviderAttributeValue
being the name that is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for social identity providers. The ProviderAttributeValue
must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used for the SourceUser
when the identities were originally linked in the call. (If the linking was done with ProviderAttributeName
set to Cognito_Subject
, the same applies here). However, if the user has already signed in, the ProviderAttributeName
must be Cognito_Subject
and ProviderAttributeValue
must be the subject of the SAML assertion.
Disables the user from signing in with the specified external (SAML or social) identity provider. If the user to disable is a Cognito User Pools native username + password user, they are not permitted to use their password to sign-in. If the user to disable is a linked external IdP user, any link between that user and an existing user is removed. The next time the external user (no longer attached to the previously linked DestinationUser
) signs in, they must create a new user account. See AdminLinkProviderForUser.
This action is enabled only for admin access and requires developer credentials.
The ProviderName
must match the value specified when creating an IdP for the pool.
To disable a native username + password user, the ProviderName
value must be Cognito
and the ProviderAttributeName
must be Cognito_Subject
, with the ProviderAttributeValue
being the name that is used in the user pool for the user.
The ProviderAttributeName
must always be Cognito_Subject
for social identity providers. The ProviderAttributeValue
must always be the exact subject that was used when the user was originally linked as a source user.
For de-linking a SAML identity, there are two scenarios. If the linked identity has not yet been used to sign-in, the ProviderAttributeName
and ProviderAttributeValue
must be the same values that were used for the SourceUser
when the identities were originally linked using AdminLinkProviderForUser
call. (If the linking was done with ProviderAttributeName
set to Cognito_Subject
, the same applies here). However, if the user has already signed in, the ProviderAttributeName
must be Cognito_Subject
and ProviderAttributeValue
must be the subject of the SAML assertion.
Links an existing user account in a user pool (DestinationUser
) to an identity from an external identity provider (SourceUser
) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.
See also .
This action is enabled only for admin access and requires developer credentials.
" + "documentation":"Links an existing user account in a user pool (DestinationUser
) to an identity from an external identity provider (SourceUser
) based on a specified attribute name and value from the external identity provider. This allows you to create a link from the existing user account to an external federated user identity that has not yet been used to sign in, so that the federated user identity can be used to sign in as the existing user account.
For example, if there is an existing user with a username and password, this API links that user to a federated user identity, so that when the federated user identity is used, the user signs in as the existing user account.
The maximum number of federated identities linked to a user is 5.
Because this API allows a user with an external federated identity to sign in as an existing user in the user pool, it is critical that it only be used with external identity providers and provider attributes that have been trusted by the application owner.
This action is enabled only for admin access and requires developer credentials.
" }, "AdminListDevices":{ "name":"AdminListDevices", @@ -471,7 +471,7 @@ {"shape":"UserNotFoundException"}, {"shape":"InternalErrorException"} ], - "documentation":"This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use the AdminSetUserMFAPreference action instead.
" + "documentation":"This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use AdminSetUserMFAPreference instead.
" }, "AdminUpdateAuthEventFeedback":{ "name":"AdminUpdateAuthEventFeedback", @@ -563,6 +563,7 @@ "input":{"shape":"AssociateSoftwareTokenRequest"}, "output":{"shape":"AssociateSoftwareTokenResponse"}, "errors":[ + {"shape":"ConcurrentModificationException"}, {"shape":"InvalidParameterException"}, {"shape":"NotAuthorizedException"}, {"shape":"ResourceNotFoundException"}, @@ -1110,7 +1111,7 @@ {"shape":"UserNotConfirmedException"}, {"shape":"InternalErrorException"} ], - "documentation":"Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username
parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. If neither a verified phone number nor a verified email exists, an InvalidParameterException
is thrown. To use the confirmation code for resetting the password, call .
Calling this API causes a message to be sent to the end user with a confirmation code that is required to change the user's password. For the Username
parameter, you can use the username or user alias. The method used to send the confirmation code is sent according to the specified AccountRecoverySetting. For more information, see Recovering User Accounts in the Amazon Cognito Developer Guide. If neither a verified phone number nor a verified email exists, an InvalidParameterException
is thrown. To use the confirmation code for resetting the password, call ConfirmForgotPassword.
Configures actions on detected risks. To delete the risk configuration for UserPoolId
or ClientId
, pass null values for all four configuration types.
To enable Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns
keyAdvancedSecurityMode
.
See .
" + "documentation":"Configures actions on detected risks. To delete the risk configuration for UserPoolId
or ClientId
, pass null values for all four configuration types.
To enable Amazon Cognito advanced security features, update the user pool to include the UserPoolAddOns
keyAdvancedSecurityMode
.
This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use the SetUserMFAPreference action instead.
", + "documentation":"This action is no longer supported. You can use it to configure only SMS MFA. You can't use it to configure TOTP software token MFA. To configure either type of MFA, use SetUserMFAPreference instead.
", "authtype":"none" }, "SignUp":{ @@ -1899,7 +1900,7 @@ {"shape":"UserPoolTaggingException"}, {"shape":"InvalidEmailRoleAccessPolicyException"} ], - "documentation":"Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings with .
If you don't provide a value for an attribute, it will be set to the default value.
Updates the specified user pool with the specified attributes. You can get a list of the current user pool settings using DescribeUserPool.
If you don't provide a value for an attribute, it will be set to the default value.
Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings with .
If you don't provide a value for an attribute, it will be set to the default value.
Updates the specified user pool app client with the specified attributes. You can get a list of the current user pool app client settings using DescribeUserPoolClient.
If you don't provide a value for an attribute, it will be set to the default value.
An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username
. However, any attributes that you specify as required (in or in the Attributes tab of the console) must be supplied either by you (in your call to AdminCreateUser
) or by the user (when he or she signs up in response to your welcome message).
For custom attributes, you must prepend the custom:
prefix to the attribute name.
To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to AdminCreateUser
, you can set the email_verified
attribute to True
, and you can set the phone_number_verified
attribute to True
. (You can also do this by calling .)
email: The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified
attribute is set to True
, or if \"EMAIL\"
is specified in the DesiredDeliveryMediums
parameter.
phone_number: The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified
attribute is set to True
, or if \"SMS\"
is specified in the DesiredDeliveryMediums
parameter.
An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than Username
. However, any attributes that you specify as required (when creating a user pool or in the Attributes tab of the console) must be supplied either by you (in your call to AdminCreateUser
) or by the user (when he or she signs up in response to your welcome message).
For custom attributes, you must prepend the custom:
prefix to the attribute name.
To send a message inviting the user to sign up, you must specify the user's email address or phone number. This can be done in your call to AdminCreateUser or in the Users tab of the Amazon Cognito console for managing your user pools.
In your call to AdminCreateUser
, you can set the email_verified
attribute to True
, and you can set the phone_number_verified
attribute to True
. (You can also do this by calling AdminUpdateUserAttributes.)
email: The email address of the user to whom the message that contains the code and username will be sent. Required if the email_verified
attribute is set to True
, or if \"EMAIL\"
is specified in the DesiredDeliveryMediums
parameter.
phone_number: The phone number of the user to whom the message that contains the code and username will be sent. Required if the phone_number_verified
attribute is set to True
, or if \"SMS\"
is specified in the DesiredDeliveryMediums
parameter.
This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use the AdminGetUserResponse$UserMFASettingList response instead.
" + "documentation":"This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
" }, "PreferredMfaSetting":{ "shape":"StringType", @@ -2471,7 +2477,7 @@ }, "AuthParameters":{ "shape":"AuthParametersType", - "documentation":"The authentication parameters. These are inputs corresponding to the AuthFlow
that you are invoking. The required values depend on the value of AuthFlow
:
For USER_SRP_AUTH
: USERNAME
(required), SRP_A
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
For REFRESH_TOKEN_AUTH/REFRESH_TOKEN
: REFRESH_TOKEN
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
For ADMIN_NO_SRP_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), PASSWORD
(required), DEVICE_KEY
For CUSTOM_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), DEVICE_KEY
The authentication parameters. These are inputs corresponding to the AuthFlow
that you are invoking. The required values depend on the value of AuthFlow
:
For USER_SRP_AUTH
: USERNAME
(required), SRP_A
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.
For REFRESH_TOKEN_AUTH/REFRESH_TOKEN
: REFRESH_TOKEN
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.
For ADMIN_NO_SRP_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), PASSWORD
(required), DEVICE_KEY
.
For CUSTOM_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), DEVICE_KEY
. To start the authentication flow with password verification, include ChallengeName: SRP_A
and SRP_A: (The SRP_A Value)
.
The challenge name. For more information, see .
" + "documentation":"The challenge name. For more information, see AdminInitiateAuth.
" }, "ChallengeResponses":{ "shape":"ChallengeResponsesType", @@ -2751,15 +2757,15 @@ "members":{ "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"The name of the challenge. For more information, see .
" + "documentation":"The name of the challenge. For more information, see AdminInitiateAuth.
" }, "Session":{ "shape":"SessionType", - "documentation":"The session which should be passed both ways in challenge-response calls to the service. If the or API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The challenge parameters. For more information, see .
" + "documentation":"The challenge parameters. For more information, see AdminInitiateAuth.
" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", @@ -3036,7 +3042,7 @@ "documentation":"If UserDataShared
is true
, Amazon Cognito will include user data in the events it publishes to Amazon Pinpoint analytics.
The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.
Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.
The Amazon Pinpoint analytics configuration for collecting metrics for a user pool.
In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region.
The confirmation code sent by a user's request to retrieve a forgotten password. For more information, see
" + "documentation":"The confirmation code sent by a user's request to retrieve a forgotten password. For more information, see ForgotPassword.
" }, "Password":{ "shape":"PasswordType", @@ -3685,7 +3691,7 @@ }, "ProviderDetails":{ "shape":"ProviderDetailsType", - "documentation":"The identity provider details. The following list describes the provider detail keys for each identity provider type.
For Google, Facebook and Login with Amazon:
client_id
client_secret
authorize_scopes
For Sign in with Apple:
client_id
team_id
key_id
private_key
authorize_scopes
For OIDC providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
authorize_url if not available from discovery URL specified by oidc_issuer key
token_url if not available from discovery URL specified by oidc_issuer key
attributes_url if not available from discovery URL specified by oidc_issuer key
jwks_uri if not available from discovery URL specified by oidc_issuer key
authorize_scopes
For SAML providers:
MetadataFile OR MetadataURL
IDPSignout optional
The identity provider details. The following list describes the provider detail keys for each identity provider type.
For Google and Login with Amazon:
client_id
client_secret
authorize_scopes
For Facebook:
client_id
client_secret
authorize_scopes
api_version
For Sign in with Apple:
client_id
team_id
key_id
private_key
authorize_scopes
For OIDC providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
authorize_url if not available from discovery URL specified by oidc_issuer key
token_url if not available from discovery URL specified by oidc_issuer key
attributes_url if not available from discovery URL specified by oidc_issuer key
jwks_uri if not available from discovery URL specified by oidc_issuer key
For SAML providers:
MetadataFile OR MetadataURL
IDPSignout optional
The time limit, in days, after which the refresh token is no longer valid and cannot be used.
" }, + "AccessTokenValidity":{ + "shape":"AccessTokenValidityType", + "documentation":"The time limit, between 5 minutes and 1 day, after which the access token is no longer valid and cannot be used. This value will be overridden if you have entered a value in TokenValidityUnits.
" + }, + "IdTokenValidity":{ + "shape":"IdTokenValidityType", + "documentation":"The time limit, between 5 minutes and 1 day, after which the ID token is no longer valid and cannot be used. This value will be overridden if you have entered a value in TokenValidityUnits.
" + }, + "TokenValidityUnits":{ + "shape":"TokenValidityUnitsType", + "documentation":"The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.
" + }, "ReadAttributes":{ "shape":"ClientPermissionListType", "documentation":"The read attributes.
" @@ -3841,11 +3859,11 @@ }, "AnalyticsConfiguration":{ "shape":"AnalyticsConfigurationType", - "documentation":"The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.
The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region.
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
This setting affects the behavior of following APIs:
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Represents the request to create a user pool client.
" @@ -3972,11 +3990,11 @@ }, "UsernameConfiguration":{ "shape":"UsernameConfigurationType", - "documentation":"You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to False
, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see .
You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to False
, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see UsernameConfigurationType.
Use this setting to define which verified available method a user can use to recover their password when they call ForgotPassword
. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
Starting February 1, 2020, the value of AccountRecoverySetting
will default to verified_email
first and verified_phone_number
as the second option for newly created user pools if no value is provided.
Use this setting to define which verified available method a user can use to recover their password when they call ForgotPassword
. It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email.
Represents the request to create a user pool.
" @@ -5003,7 +5021,7 @@ }, "MFAOptions":{ "shape":"MFAOptionListType", - "documentation":"This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use the use the GetUserResponse$UserMFASettingList response instead.
" + "documentation":"This response parameter is no longer supported. It provides information only about SMS MFA configurations. It doesn't provide information about TOTP software token MFA configurations. To look up information about either type of MFA configuration, use UserMFASettingList instead.
" }, "PreferredMfaSetting":{ "shape":"StringType", @@ -5107,6 +5125,11 @@ "type":"list", "member":{"shape":"HttpHeader"} }, + "IdTokenValidityType":{ + "type":"integer", + "max":86400, + "min":1 + }, "IdentityProviderType":{ "type":"structure", "members":{ @@ -5124,7 +5147,7 @@ }, "ProviderDetails":{ "shape":"ProviderDetailsType", - "documentation":"The identity provider details. The following list describes the provider detail keys for each identity provider type.
For Google, Facebook and Login with Amazon:
client_id
client_secret
authorize_scopes
For Sign in with Apple:
client_id
team_id
key_id
private_key
authorize_scopes
For OIDC providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
authorize_url if not available from discovery URL specified by oidc_issuer key
token_url if not available from discovery URL specified by oidc_issuer key
attributes_url if not available from discovery URL specified by oidc_issuer key
jwks_uri if not available from discovery URL specified by oidc_issuer key
authorize_scopes
For SAML providers:
MetadataFile OR MetadataURL
IDPSignOut optional
The identity provider details. The following list describes the provider detail keys for each identity provider type.
For Google and Login with Amazon:
client_id
client_secret
authorize_scopes
For Facebook:
client_id
client_secret
authorize_scopes
api_version
For Sign in with Apple:
client_id
team_id
key_id
private_key
authorize_scopes
For OIDC providers:
client_id
client_secret
attributes_request_method
oidc_issuer
authorize_scopes
authorize_url if not available from discovery URL specified by oidc_issuer key
token_url if not available from discovery URL specified by oidc_issuer key
attributes_url if not available from discovery URL specified by oidc_issuer key
jwks_uri if not available from discovery URL specified by oidc_issuer key
authorize_scopes
For SAML providers:
MetadataFile OR MetadataURL
IDPSignOut optional
The authentication parameters. These are inputs corresponding to the AuthFlow
that you are invoking. The required values depend on the value of AuthFlow
:
For USER_SRP_AUTH
: USERNAME
(required), SRP_A
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
For REFRESH_TOKEN_AUTH/REFRESH_TOKEN
: REFRESH_TOKEN
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
For CUSTOM_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), DEVICE_KEY
The authentication parameters. These are inputs corresponding to the AuthFlow
that you are invoking. The required values depend on the value of AuthFlow
:
For USER_SRP_AUTH
: USERNAME
(required), SRP_A
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.
For REFRESH_TOKEN_AUTH/REFRESH_TOKEN
: REFRESH_TOKEN
(required), SECRET_HASH
(required if the app client is configured with a client secret), DEVICE_KEY
.
For CUSTOM_AUTH
: USERNAME
(required), SECRET_HASH
(if app client is configured with client secret), DEVICE_KEY
. To start the authentication flow with password verification, include ChallengeName: SRP_A
and SRP_A: (The SRP_A Value)
.
The session which should be passed both ways in challenge-response calls to the service. If the or API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The attribute name of the MFA option type. The only valid value is phone_number
.
This data type is no longer supported. You can use it only for SMS MFA configurations. You can't use it for TOTP software token MFA configurations.
To set either type of MFA configuration, use the AdminSetUserMFAPreference or SetUserMFAPreference actions.
To look up information about either type of MFA configuration, use the AdminGetUserResponse$UserMFASettingList or GetUserResponse$UserMFASettingList responses.
" + "documentation":"This data type is no longer supported. You can use it only for SMS MFA configurations. You can't use it for TOTP software token MFA configurations.
" }, "MessageActionType":{ "type":"string", @@ -6097,7 +6120,7 @@ }, "RefreshTokenValidityType":{ "type":"integer", - "max":3650, + "max":315360000, "min":0 }, "ResendConfirmationCodeRequest":{ @@ -6240,7 +6263,7 @@ }, "ChallengeName":{ "shape":"ChallengeNameType", - "documentation":"The challenge name. For more information, see .
ADMIN_NO_SRP_AUTH
is not a valid value.
The challenge name. For more information, see InitiateAuth.
ADMIN_NO_SRP_AUTH
is not a valid value.
The challenge name. For more information, see .
" + "documentation":"The challenge name. For more information, see InitiateAuth.
" }, "Session":{ "shape":"SessionType", - "documentation":"The session which should be passed both ways in challenge-response calls to the service. If the or API call determines that the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The session which should be passed both ways in challenge-response calls to the service. If the caller needs to go through another challenge, they return a session with other challenge parameters. This session should be passed as it is to the next RespondToAuthChallenge
API call.
The challenge parameters. For more information, see .
" + "documentation":"The challenge parameters. For more information, see InitiateAuth.
" }, "AuthenticationResult":{ "shape":"AuthenticationResultType", @@ -6386,7 +6409,7 @@ }, "DeveloperOnlyAttribute":{ "shape":"BooleanType", - "documentation":"We recommend that you use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using DeveloperOnlyAttribute
.
Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token. For example, DeveloperOnlyAttribute
can be modified using the API but cannot be updated using the API.
We recommend that you use WriteAttributes in the user pool client to control how attributes can be mutated for new use cases instead of using DeveloperOnlyAttribute
.
Specifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token. For example, DeveloperOnlyAttribute
can be modified using AdminUpdateUserAttributes but cannot be updated using UpdateUserAttributes.
A time unit in “seconds”, “minutes”, “hours” or “days” for the value in AccessTokenValidity, defaults to hours.
" + }, + "IdToken":{ + "shape":"TimeUnitsType", + "documentation":"A time unit in “seconds”, “minutes”, “hours” or “days” for the value in IdTokenValidity, defaults to hours.
" + }, + "RefreshToken":{ + "shape":"TimeUnitsType", + "documentation":"A time unit in “seconds”, “minutes”, “hours” or “days” for the value in RefreshTokenValidity, defaults to days.
" + } + }, + "documentation":"The data type for TokenValidityUnits that specifics the time measurements for token validity.
" + }, "TooManyFailedAttemptsException":{ "type":"structure", "members":{ @@ -7085,7 +7135,7 @@ }, "Precedence":{ "shape":"PrecedenceType", - "documentation":"The new precedence value for the group. For more information about this parameter, see .
" + "documentation":"The new precedence value for the group. For more information about this parameter, see CreateGroup.
" } } }, @@ -7228,6 +7278,18 @@ "shape":"RefreshTokenValidityType", "documentation":"The time limit, in days, after which the refresh token is no longer valid and cannot be used.
" }, + "AccessTokenValidity":{ + "shape":"AccessTokenValidityType", + "documentation":"The time limit, after which the access token is no longer valid and cannot be used.
" + }, + "IdTokenValidity":{ + "shape":"IdTokenValidityType", + "documentation":"The time limit, after which the ID token is no longer valid and cannot be used.
" + }, + "TokenValidityUnits":{ + "shape":"TokenValidityUnitsType", + "documentation":"The units in which the validity times are represented in. Default for RefreshToken is days, and default for ID and access tokens are hours.
" + }, "ReadAttributes":{ "shape":"ClientPermissionListType", "documentation":"The read-only attributes of the user pool.
" @@ -7270,11 +7332,11 @@ }, "AnalyticsConfiguration":{ "shape":"AnalyticsConfigurationType", - "documentation":"The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
Cognito User Pools only supports sending events to Amazon Pinpoint projects in the US East (N. Virginia) us-east-1 Region, regardless of the region in which the user pool resides.
The Amazon Pinpoint analytics configuration for collecting metrics for this user pool.
In regions where Pinpoint is not available, Cognito User Pools only supports sending events to Amazon Pinpoint projects in us-east-1. In regions where Pinpoint is available, Cognito User Pools will support sending events to Amazon Pinpoint projects within that same region.
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
This setting affects the behavior of following APIs:
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Represents the request to update the user pool client.
" @@ -7626,6 +7688,18 @@ "shape":"RefreshTokenValidityType", "documentation":"The time limit, in days, after which the refresh token is no longer valid and cannot be used.
" }, + "AccessTokenValidity":{ + "shape":"AccessTokenValidityType", + "documentation":"The time limit, specified by tokenValidityUnits, defaulting to hours, after which the access token is no longer valid and cannot be used.
" + }, + "IdTokenValidity":{ + "shape":"IdTokenValidityType", + "documentation":"The time limit, specified by tokenValidityUnits, defaulting to hours, after which the refresh token is no longer valid and cannot be used.
" + }, + "TokenValidityUnits":{ + "shape":"TokenValidityUnitsType", + "documentation":"The time units used to specify the token validity times of their respective token.
" + }, "ReadAttributes":{ "shape":"ClientPermissionListType", "documentation":"The Read-only attributes.
" @@ -7673,7 +7747,7 @@ }, "PreventUserExistenceErrors":{ "shape":"PreventUserExistenceErrorTypes", - "documentation":"Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
This setting affects the behavior of following APIs:
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to ENABLED
and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to LEGACY
, those APIs will return a UserNotFoundException
exception if the user does not exist in the user pool.
Valid values include:
ENABLED
- This prevents user existence-related errors.
LEGACY
- This represents the old behavior of Cognito where user existence related errors are not prevented.
After February 15th 2020, the value of PreventUserExistenceErrors
will default to ENABLED
for newly created user pool clients if no value is provided.
Contains information about a user pool client.
" @@ -7876,7 +7950,7 @@ }, "UsernameConfiguration":{ "shape":"UsernameConfigurationType", - "documentation":"You can choose to enable case sensitivity on the username input for the selected sign-in option. For example, when this is set to False
, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see .
You can choose to enable case sensitivity on the username input for the selected sign-in option. For example, when this is set to False
, users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set. For more information, see UsernameConfigurationType.
The one time password computed using the secret code returned by
" + "documentation":"The one time password computed using the secret code returned by AssociateSoftwareToken\".
" }, "FriendlyDeviceName":{ "shape":"StringType", diff --git a/services/cognitosync/pom.xml b/services/cognitosync/pom.xml index 46f60d733604..921b60ad10d4 100644 --- a/services/cognitosync/pom.xml +++ b/services/cognitosync/pom.xml @@ -21,7 +21,7 @@The ID of the subnet.
", "locationName":"subnetId" + }, + "MapCustomerOwnedIpOnLaunch":{ + "shape":"AttributeBooleanValue", + "documentation":"Specify true
to indicate that network interfaces attached to instances created in the specified subnet should be assigned a customer-owned IPv4 address.
When this value is true
, you must specify the customer-owned IP pool using CustomerOwnedIpv4Pool
.
The customer-owned IPv4 address pool associated with the subnet.
You must set this value when you specify true
for MapCustomerOwnedIpOnLaunch
.
The address of the Elastic IP address or Carrier IP address bound to the network interface.
", "locationName":"publicIp" }, + "CustomerOwnedIp":{ + "shape":"String", + "documentation":"The customer-owned IP address associated with the network interface.
", + "locationName":"customerOwnedIp" + }, "CarrierIp":{ "shape":"String", "documentation":"The carrier IP address associated with the network interface.
This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.
", diff --git a/services/ec2instanceconnect/pom.xml b/services/ec2instanceconnect/pom.xml index a02843f6f746..651d386b9af1 100644 --- a/services/ec2instanceconnect/pom.xml +++ b/services/ec2instanceconnect/pom.xml @@ -21,7 +21,7 @@Creates a managed worker node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. Each node group uses a version of the Amazon EKS-optimized Amazon Linux 2 AMI. For more information, see Managed Node Groups in the Amazon EKS User Guide.
" + "documentation":"Creates a managed worker node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Launch template support.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. Each node group uses a version of the Amazon EKS-optimized Amazon Linux 2 AMI. For more information, see Managed Node Groups in the Amazon EKS User Guide.
" }, "DeleteCluster":{ "name":"DeleteCluster", @@ -362,7 +362,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"InvalidRequestException"} ], - "documentation":"Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.
You can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide.
You cannot roll back a node group to an earlier Kubernetes version or AMI version.
When a node in a managed node group is terminated due to a scaling action or update, the pods in that node are drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force
the update if Amazon EKS is unable to drain the nodes as a result of a pod disruption budget issue.
Updates the Kubernetes version or AMI version of an Amazon EKS managed node group.
You can update a node group using a launch template only if the node group was originally deployed with a launch template. If you need to update a custom AMI in a node group that was deployed with a launch template, then update your custom AMI, specify the new ID in a new version of the launch template, and then update the node group to the new version of the launch template.
If you update without a launch template, then you can update to the latest available AMI version of a node group's current Kubernetes version by not specifying a Kubernetes version in the request. You can update to the latest AMI version of your cluster's current Kubernetes version by specifying your cluster's Kubernetes version in the request. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide.
You cannot roll back a node group to an earlier Kubernetes version or AMI version.
When a node in a managed node group is terminated due to a scaling action or update, the pods in that node are drained first. Amazon EKS attempts to drain the nodes gracefully and will fail if it is unable to do so. You can force
the update if Amazon EKS is unable to drain the nodes as a result of a pod disruption budget issue.
The Amazon Resource Name (ARN) of the IAM role that provides permissions for Amazon EKS to make calls to other AWS API operations on your behalf. For more information, see Amazon EKS Service IAM Role in the Amazon EKS User Guide .
" + "documentation":"The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. For more information, see Amazon EKS Service IAM Role in the Amazon EKS User Guide .
" }, "resourcesVpcConfig":{ "shape":"VpcConfigRequest", @@ -646,27 +647,27 @@ }, "diskSize":{ "shape":"BoxedInteger", - "documentation":"The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB.
" + "documentation":"The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB. If you specify launchTemplate
, then don't specify diskSize
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The subnets to use for the Auto Scaling group that is created for your node group. These subnets must have the tag key kubernetes.io/cluster/CLUSTER_NAME
with a value of shared
, where CLUSTER_NAME
is replaced with the name of your cluster.
The subnets to use for the Auto Scaling group that is created for your node group. These subnets must have the tag key kubernetes.io/cluster/CLUSTER_NAME
with a value of shared
, where CLUSTER_NAME
is replaced with the name of your cluster. If you specify launchTemplate
, then don't specify SubnetId
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The instance type to use for your node group. Currently, you can specify a single instance type for a node group. The default value for this parameter is t3.medium
. If you choose a GPU instance type, be sure to specify the AL2_x86_64_GPU
with the amiType
parameter.
The instance type to use for your node group. You can specify a single instance type for a node group. The default value for instanceTypes
is t3.medium
. If you choose a GPU instance type, be sure to specify AL2_x86_64_GPU
with the amiType
parameter. If you specify launchTemplate
, then don't specify instanceTypes
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI type for your node group. GPU instance types should use the AL2_x86_64_GPU
AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the AL2_x86_64
AMI type, which uses the Amazon EKS-optimized Linux AMI.
The AMI type for your node group. GPU instance types should use the AL2_x86_64_GPU
AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the AL2_x86_64
AMI type, which uses the Amazon EKS-optimized Linux AMI. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify amiType
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The remote access (SSH) configuration to use with your node group.
" + "documentation":"The remote access (SSH) configuration to use with your node group. If you specify launchTemplate
, then don't specify remoteAccess
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet
daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. For more information, see Amazon EKS Worker Node IAM Role in the Amazon EKS User Guide .
The Amazon Resource Name (ARN) of the IAM role to associate with your node group. The Amazon EKS worker node kubelet
daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. For more information, see Amazon EKS Worker Node IAM Role in the Amazon EKS User Guide . If you specify launchTemplate
, then don't specify IamInstanceProfile
in your launch template, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.
", "idempotencyToken":true }, + "launchTemplate":{ + "shape":"LaunchTemplateSpecification", + "documentation":"An object representing a node group's launch template specification. If specified, then do not specify instanceTypes
, diskSize
, or remoteAccess
. If specified, make sure that the launch template meets the requirements in launchTemplateSpecification
.
The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value.
" + "documentation":"The Kubernetes version to use for your managed nodes. By default, the Kubernetes version of the cluster is used, and this is the only accepted specified value. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI version of the Amazon EKS-optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide.
" + "documentation":"The AMI version of the Amazon EKS-optimized AMI to use with your node group. By default, the latest available AMI version for the node group's current Kubernetes version is used. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group deployment will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
A brief description of the error.
AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures while attempting to launch instances.
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient worker node IAM role permissions or lack of outbound internet access for the nodes.
InstanceLimitExceeded: Your AWS account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
AccessDenied: Amazon EKS or one or more of your managed nodes is unable to communicate with your cluster API server.
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
A brief description of the error.
AutoScalingGroupNotFound: We couldn't find the Auto Scaling group associated with the managed node group. You may be able to recreate an Auto Scaling group with the same settings to recover.
Ec2SecurityGroupNotFound: We couldn't find the cluster security group for the cluster. You must recreate your cluster.
Ec2SecurityGroupDeletionFailure: We could not delete the remote access security group for your managed node group. Remove any dependencies from the security group.
Ec2LaunchTemplateNotFound: We couldn't find the Amazon EC2 launch template for your managed node group. You may be able to recreate a launch template with the same settings to recover.
Ec2LaunchTemplateVersionMismatch: The Amazon EC2 launch template version for your managed node group does not match the version that Amazon EKS created. You may be able to revert to the version that Amazon EKS created to recover.
Ec2SubnetInvalidConfiguration: One or more Amazon EC2 subnets specified for a node group do not automatically assign public IP addresses to instances launched into it. If you want your instances to be assigned a public IP address, then you need to enable the auto-assign public IP address
setting for the subnet. See Modifying the public IPv4 addressing attribute for your subnet in the Amazon VPC User Guide.
IamInstanceProfileNotFound: We couldn't find the IAM instance profile for your managed node group. You may be able to recreate an instance profile with the same settings to recover.
IamNodeRoleNotFound: We couldn't find the IAM role for your managed node group. You may be able to recreate an IAM role with the same settings to recover.
AsgInstanceLaunchFailures: Your Auto Scaling group is experiencing failures while attempting to launch instances.
NodeCreationFailure: Your launched instances are unable to register with your Amazon EKS cluster. Common causes of this failure are insufficient worker node IAM role permissions or lack of outbound internet access for the nodes.
InstanceLimitExceeded: Your AWS account is unable to launch any more instances of the specified instance type. You may be able to request an Amazon EC2 instance limit increase to recover.
InsufficientFreeAddresses: One or more of the subnets associated with your managed node group does not have enough available IP addresses for new nodes.
AccessDenied: Amazon EKS or one or more of your managed nodes is unable to communicate with your cluster API server.
InternalFailure: These errors are usually caused by an Amazon EKS server-side issue.
The name of the launch template.
" + }, + "version":{ + "shape":"String", + "documentation":"The version of the launch template to use. If no version is specified, then the template's default version is used.
" + }, + "id":{ + "shape":"String", + "documentation":"The ID of the launch template.
" + } + }, + "documentation":"An object representing a node group launch template specification. The launch template cannot include SubnetId
, IamInstanceProfile
, RequestSpotInstances
, HibernationOptions
, or TerminateInstances
, or the node group deployment or update will fail. For more information about launch templates, see CreateLaunchTemplate
in the Amazon EC2 API Reference. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
Specify either name
or id
, but not both.
The AMI version of the managed node group. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide.
" + "documentation":"If the node group was deployed using a launch template with a custom AMI, then this is the AMI ID that was specified in the launch template. For node groups that weren't deployed using a launch template, this is the version of the Amazon EKS-optimized AMI that the node group was deployed with.
" }, "createdAt":{ "shape":"Timestamp", @@ -1375,23 +1398,23 @@ }, "instanceTypes":{ "shape":"StringList", - "documentation":"The instance types associated with your node group.
" + "documentation":"If the node group wasn't deployed with a launch template, then this is the instance type that is associated with the node group. If the node group was deployed with a launch template, then instanceTypes
is null
.
The subnets allowed for the Auto Scaling group that is associated with your node group. These subnets must have the following tag: kubernetes.io/cluster/CLUSTER_NAME
, where CLUSTER_NAME
is replaced with the name of your cluster.
The subnets that were specified for the Auto Scaling group that is associated with your node group.
" }, "remoteAccess":{ "shape":"RemoteAccessConfig", - "documentation":"The remote access (SSH) configuration that is associated with the node group.
" + "documentation":"If the node group wasn't deployed with a launch template, then this is the remote access configuration that is associated with the node group. If the node group was deployed with a launch template, then remoteAccess
is null
.
The AMI type associated with your node group. GPU instance types should use the AL2_x86_64_GPU
AMI type, which uses the Amazon EKS-optimized Linux AMI with GPU support. Non-GPU instances should use the AL2_x86_64
AMI type, which uses the Amazon EKS-optimized Linux AMI.
If the node group was deployed using a launch template with a custom AMI, then this is CUSTOM
. For node groups that weren't deployed using a launch template, this is the AMI type that was specified in the node group configuration.
The IAM role associated with your node group. The Amazon EKS worker node kubelet
daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies. Before you can launch worker nodes and register them into a cluster, you must create an IAM role for those worker nodes to use when they are launched. For more information, see Amazon EKS Worker Node IAM Role in the Amazon EKS User Guide .
The IAM role associated with your node group. The Amazon EKS worker node kubelet
daemon makes calls to AWS APIs on your behalf. Worker nodes receive permissions for these API calls through an IAM instance profile and associated policies.
The root device disk size (in GiB) for your node group instances. The default disk size is 20 GiB.
" + "documentation":"If the node group wasn't deployed with a launch template, then this is the disk size in the node group configuration. If the node group was deployed with a launch template, then diskSize
is null
.
The health status of the node group. If there are issues with your node group's health, they are listed here.
" }, + "launchTemplate":{ + "shape":"LaunchTemplateSpecification", + "documentation":"If a launch template was used to create the node group, then this is the launch template that was used.
" + }, "tags":{ "shape":"TagMap", "documentation":"The metadata applied to the node group to assist with categorization and organization. Each tag consists of a key and an optional value, both of which you define. Node group tags do not propagate to any other resources associated with the node group, such as the Amazon EC2 instances or subnets.
" @@ -1478,7 +1505,7 @@ "documentation":"The current number of worker nodes that the managed node group should maintain.
" } }, - "documentation":"An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group.
" + "documentation":"An object representing the scaling configuration details for the Auto Scaling group that is associated with your node group. If you specify a value for any property, then you must specify values for all of the properties.
" }, "NodegroupStatus":{ "type":"string", @@ -1883,11 +1910,15 @@ }, "version":{ "shape":"String", - "documentation":"The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version.
" + "documentation":"The Kubernetes version to update to. If no version is specified, then the Kubernetes version of the node group does not change. You can specify the Kubernetes version of the cluster to update the node group to the latest AMI version of the cluster's Kubernetes version. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify version
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
The AMI version of the Amazon EKS-optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide.
" + "documentation":"The AMI version of the Amazon EKS-optimized AMI to use for the update. By default, the latest available AMI version for the node group's Kubernetes version is used. For more information, see Amazon EKS-Optimized Linux AMI Versions in the Amazon EKS User Guide. If you specify launchTemplate
, and your launch template uses a custom AMI, then don't specify releaseVersion
, or the node group update will fail. For more information about using launch templates with Amazon EKS, see Launch template support in the Amazon EKS User Guide.
An object representing a node group's launch template specification. You can only update a node group using a launch template if the node group was originally deployed with a launch template.
" }, "force":{ "shape":"Boolean", diff --git a/services/elasticache/pom.xml b/services/elasticache/pom.xml index 8ce6ba3dddc8..d6a9bc406fb5 100644 --- a/services/elasticache/pom.xml +++ b/services/elasticache/pom.xml @@ -21,7 +21,7 @@The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If the value is less than 100, Amazon Macie randomly selects the objects to analyze, up to the specified percentage.
" + "documentation": "The sampling depth, as a percentage, to apply when processing objects. This value determines the percentage of eligible objects that the job analyzes. If this value is less than 100, Amazon Macie selects the objects to analyze at random, up to the specified percentage, and analyzes all the data in those objects.
" }, "scheduleFrequency": { "shape": "JobScheduleFrequency", @@ -2987,7 +2987,7 @@ "tags": { "shape": "TagMap", "locationName": "tags", - "documentation": "A map of key-value pairs that specifies the tags to associate with the job.
A job can have a maximum of 50 tags. Each tag consists of a required tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" + "documentation": "A map of key-value pairs that specifies the tags to associate with the job.
A job can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" } }, "required": [ @@ -3029,12 +3029,12 @@ "ignoreWords": { "shape": "__listOf__string", "locationName": "ignoreWords", - "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters.
" + "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.
" }, "keywords": { "shape": "__listOf__string", "locationName": "keywords", - "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters.
" + "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
" }, "maximumMatchDistance": { "shape": "__integer", @@ -3054,7 +3054,7 @@ "tags": { "shape": "TagMap", "locationName": "tags", - "documentation": "A map of key-value pairs that specifies the tags to associate with the custom data identifier.
A custom data identifier can have a maximum of 50 tags. Each tag consists of a required tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" + "documentation": "A map of key-value pairs that specifies the tags to associate with the custom data identifier.
A custom data identifier can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" } } }, @@ -3105,7 +3105,7 @@ "tags": { "shape": "TagMap", "locationName": "tags", - "documentation": "A map of key-value pairs that specifies the tags to associate with the filter.
A findings filter can have a maximum of 50 tags. Each tag consists of a required tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" + "documentation": "A map of key-value pairs that specifies the tags to associate with the filter.
A findings filter can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" } }, "required": [ @@ -3173,7 +3173,7 @@ "tags": { "shape": "TagMap", "locationName": "tags", - "documentation": "A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.
An account can have a maximum of 50 tags. Each tag consists of a required tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" + "documentation": "A map of key-value pairs that specifies the tags to associate with the account in Amazon Macie.
An account can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" } }, "required": [ @@ -3593,7 +3593,7 @@ "samplingPercentage": { "shape": "__integer", "locationName": "samplingPercentage", - "documentation": "The sampling depth, as a percentage, that the job applies when it processes objects.
" + "documentation": "The sampling depth, as a percentage, that determines the number of objects that the job processes.
" }, "scheduleFrequency": { "shape": "JobScheduleFrequency", @@ -4169,12 +4169,12 @@ "ignoreWords": { "shape": "__listOf__string", "locationName": "ignoreWords", - "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it.
" + "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. Ignore words are case sensitive.
" }, "keywords": { "shape": "__listOf__string", "locationName": "keywords", - "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match.
" + "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. Keywords aren't case sensitive.
" }, "maximumMatchDistance": { "shape": "__integer", @@ -4735,7 +4735,7 @@ "tagScopeTerm": { "shape": "TagScopeTerm", "locationName": "tagScopeTerm", - "documentation": "A tag-based condition that defines the operator and a tag key or tag keys and values for including or excluding an object from the job.
" + "documentation": "A tag-based condition that defines an operator and a tag key and value for including or excluding an object from the job.
" } }, "documentation": "Specifies a property- or tag-based condition that defines criteria for including or excluding objects from a classification job.
" @@ -5861,7 +5861,7 @@ "tags": { "shape": "TagMap", "locationName": "tags", - "documentation": "A map of key-value pairs that specifies the tags to associate with the resource.
A resource can have a maximum of 50 tags. Each tag consists of a required tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" + "documentation": "A map of key-value pairs that specifies the tags to associate with the resource.
A resource can have a maximum of 50 tags. Each tag consists of a tag key and an associated tag value. The maximum length of a tag key is 128 characters. The maximum length of a tag value is 256 characters.
" } }, "required": [ @@ -5928,12 +5928,12 @@ "ignoreWords": { "shape": "__listOf__string", "locationName": "ignoreWords", - "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters.
" + "documentation": "An array that lists specific character sequences (ignore words) to exclude from the results. If the text matched by the regular expression is the same as any string in this array, Amazon Macie ignores it. The array can contain as many as 10 ignore words. Each ignore word can contain 4 - 90 characters. Ignore words are case sensitive.
" }, "keywords": { "shape": "__listOf__string", "locationName": "keywords", - "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters.
" + "documentation": "An array that lists specific character sequences (keywords), one of which must be within proximity (maximumMatchDistance) of the regular expression to match. The array can contain as many as 50 keywords. Each keyword can contain 4 - 90 characters. Keywords aren't case sensitive.
" }, "maximumMatchDistance": { "shape": "__integer", diff --git a/services/managedblockchain/pom.xml b/services/managedblockchain/pom.xml index 8b949260502f..4d369f596819 100644 --- a/services/managedblockchain/pom.xml +++ b/services/managedblockchain/pom.xml @@ -21,7 +21,7 @@Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
You can specify the type of source (SourceType) you want to be notified of, provide a list of RDS sources (SourceIds) that triggers the events, and provide a list of event categories (EventCategories) for events you want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbinstance1, mydbinstance2 and EventCategories = Availability, Backup.
If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIdentifier = myDBInstance1, you are notified of all the db-instance events for the specified source. If you specify a SourceType but do not specify a SourceIdentifier, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the SourceIdentifier, you are notified of events generated from all RDS sources belonging to your customer account.
RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.
Creates an RDS event notification subscription. This action requires a topic Amazon Resource Name (ARN) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS, you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
You can specify the type of source (SourceType
) that you want to be notified of and provide a list of RDS sources (SourceIds
) that triggers the events. You can also provide a list of event categories (EventCategories
) for events that you want to be notified of. For example, you can specify SourceType
= db-instance
, SourceIds
= mydbinstance1
, mydbinstance2
and EventCategories
= Availability
, Backup
.
If you specify both the SourceType
and SourceIds
, such as SourceType
= db-instance
and SourceIdentifier
= myDBInstance1
, you are notified of all the db-instance
events for the specified source. If you specify a SourceType
but do not specify a SourceIdentifier
, you receive notice of the events for that source type for all your RDS sources. If you don't specify either the SourceType or the SourceIdentifier
, you are notified of events generated from all RDS sources belonging to your customer account.
RDS event notification is only available for unencrypted SNS topics. If you specify an encrypted SNS topic, event notifications aren't sent for the topic.
Displays a list of categories for all event source types, or, if specified, for a specified source type. You can see a list of the event categories and source types in the Events topic in the Amazon RDS User Guide.
" + "documentation":"Displays a list of categories for all event source types, or, if specified, for a specified source type. You can see a list of the event categories and source types in Events in the Amazon RDS User Guide.
" }, "DescribeEventSubscriptions":{ "name":"DescribeEventSubscriptions", @@ -1268,7 +1268,7 @@ "errors":[ {"shape":"SubscriptionNotFoundFault"} ], - "documentation":"Lists all the subscription descriptions for a customer account. The description for a subscription includes SubscriptionName, SNSTopicARN, CustomerID, SourceType, SourceID, CreationTime, and Status.
If you specify a SubscriptionName, lists the description for that subscription.
" + "documentation":"Lists all the subscription descriptions for a customer account. The description for a subscription includes SubscriptionName
, SNSTopicARN
, CustomerID
, SourceType
, SourceID
, CreationTime
, and Status
.
If you specify a SubscriptionName
, lists the description for that subscription.
Returns events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for the past 14 days. Events specific to a particular DB instance, DB security group, database snapshot, or DB parameter group can be obtained by providing the name as a parameter. By default, the past hour of events are returned.
" + "documentation":"Returns events related to DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots for the past 14 days. Events specific to a particular DB instances, DB clusters, DB parameter groups, DB security groups, DB snapshots, and DB cluster snapshots group can be obtained by providing the name as a parameter. By default, the past hour of events are returned.
" }, "DescribeExportTasks":{ "name":"DescribeExportTasks", @@ -1799,7 +1799,7 @@ {"shape":"SNSTopicArnNotFoundFault"}, {"shape":"SubscriptionCategoryNotFoundFault"} ], - "documentation":"Modifies an existing RDS event notification subscription. You can't modify the source identifiers using this call. To change source identifiers for a subscription, use the AddSourceIdentifierToSubscription
and RemoveSourceIdentifierFromSubscription
calls.
You can see a list of the event categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action.
" + "documentation":"Modifies an existing RDS event notification subscription. You can't modify the source identifiers using this call. To change source identifiers for a subscription, use the AddSourceIdentifierToSubscription
and RemoveSourceIdentifierFromSubscription
calls.
You can see a list of the event categories for a given source type (SourceType
) in Events in the Amazon RDS User Guide or by using the DescribeEventCategories
operation.
Creates an Amazon Aurora DB cluster from data stored in an Amazon S3 bucket. Amazon RDS must be authorized to access the Amazon S3 bucket and the data must be created using the Percona XtraBackup utility as described in Migrating Data to an Amazon Aurora MySQL DB Cluster in the Amazon Aurora User Guide.
This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance
action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier
. You can create DB instances only after the RestoreDBClusterFromS3
action has completed and the DB cluster is available.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters.
Creates an Amazon Aurora DB cluster from MySQL data stored in an Amazon S3 bucket. Amazon RDS must be authorized to access the Amazon S3 bucket and the data must be created using the Percona XtraBackup utility as described in Migrating Data from MySQL by Using an Amazon S3 Bucket in the Amazon Aurora User Guide.
This action only restores the DB cluster, not the DB instances for that DB cluster. You must invoke the CreateDBInstance
action to create DB instances for the restored DB cluster, specifying the identifier of the restored DB cluster in DBClusterIdentifier
. You can create DB instances only after the RestoreDBClusterFromS3
action has completed and the DB cluster is available.
For more information on Amazon Aurora, see What Is Amazon Aurora? in the Amazon Aurora User Guide.
This action only applies to Aurora DB clusters. The source DB engine must be MySQL.
The identifier of the event source to be added.
Constraints:
If the source type is a DB instance, then a DBInstanceIdentifier
must be supplied.
If the source type is a DB security group, a DBSecurityGroupName
must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName
must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier
must be supplied.
The identifier of the event source to be added.
Constraints:
If the source type is a DB instance, a DBInstanceIdentifier
value must be supplied.
If the source type is a DB cluster, a DBClusterIdentifier
value must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName
value must be supplied.
If the source type is a DB security group, a DBSecurityGroupName
value must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier
value must be supplied.
If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier
value must be supplied.
The meaning of this parameter differs according to the database engine you use.
MySQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Can't be a word reserved by the specified database engine
MariaDB
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Can't be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, the default \"postgres\" database is created in the DB instance.
Constraints:
Must contain 1 to 63 letters, numbers, or underscores.
Must begin with a letter or an underscore. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null
, the default value ORCL
is used. You can't specify the string NULL, or any other reserved word, for DBName
.
Default: ORCL
Constraints:
Can't be longer than 8 characters
SQL Server
Not applicable. Must be null.
Amazon Aurora
The name of the database to create when the primary instance of the DB cluster is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Can't be a word reserved by the specified database engine
The meaning of this parameter differs according to the database engine you use.
MySQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
MariaDB
The name of the database to create when the DB instance is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter isn't specified, the default \"postgres\" database is created in the DB instance.
Constraints:
Must contain 1 to 63 letters, numbers, or underscores.
Must begin with a letter. Subsequent characters can be letters, underscores, or digits (0-9).
Can't be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance. If you specify null
, the default value ORCL
is used. You can't specify the string NULL, or any other reserved word, for DBName
.
Default: ORCL
Constraints:
Can't be longer than 8 characters
SQL Server
Not applicable. Must be null.
Amazon Aurora
The name of the database to create when the primary instance of the DB cluster is created. If this parameter isn't specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 letters or numbers.
Can't be a word reserved by the specified database engine
The Active Directory directory ID to create the DB instance in. Currently, only Microsoft SQL Server and Oracle DB instances can be created in an Active Directory Domain.
For Microsoft SQL Server DB instances, Amazon RDS can use Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon RDS User Guide.
For Oracle DB instances, Amazon RDS can use Kerberos Authentication to authenticate users that connect to the DB instance. For more information, see Using Kerberos Authentication with Amazon RDS for Oracle in the Amazon RDS User Guide.
" + "documentation":"The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", @@ -3665,11 +3665,15 @@ }, "Domain":{ "shape":"String", - "documentation":"The Active Directory directory ID to create the DB instance in.
For Oracle DB instances, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB instance. For more information, see Using Kerberos Authentication with Amazon RDS for Oracle in the Amazon RDS User Guide.
For Microsoft SQL Server DB instances, Amazon RDS can use Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon RDS User Guide.
" + "documentation":"The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "DomainIAMRoleName":{ "shape":"String", "documentation":"Specify the name of the IAM role to be used when making API calls to the Directory Service.
" + }, + "ReplicaMode":{ + "shape":"ReplicaMode", + "documentation":"The open mode of the replica database: mounted or read-only.
This parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload.
You can create a combination of mounted and read-only DB replicas for the same primary DB instance. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
" } } }, @@ -3882,15 +3886,15 @@ }, "SourceType":{ "shape":"String", - "documentation":"The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. if this value isn't specified, all events are returned.
Valid values: db-instance
| db-cluster
| db-parameter-group
| db-security-group
| db-snapshot
| db-cluster-snapshot
The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you set this parameter to db-instance
. If this value isn't specified, all events are returned.
Valid values: db-instance
| db-cluster
| db-parameter-group
| db-security-group
| db-snapshot
| db-cluster-snapshot
A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action.
" + "documentation":" A list of event categories for a particular source type (SourceType
) that you want to subscribe to. You can see a list of the categories for a given source type in Events in the Amazon RDS User Guide or by using the DescribeEventCategories
operation.
The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.
Constraints:
If SourceIds are supplied, SourceType must also be provided.
If the source type is a DB instance, then a DBInstanceIdentifier
must be supplied.
If the source type is a DB security group, a DBSecurityGroupName
must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName
must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier
must be supplied.
The list of identifiers of the event sources for which events are returned. If not specified, then all sources are included in the response. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens. It can't end with a hyphen or contain two consecutive hyphens.
Constraints:
If a SourceIds
value is supplied, SourceType
must also be provided.
If the source type is a DB instance, a DBInstanceIdentifier
value must be supplied.
If the source type is a DB cluster, a DBClusterIdentifier
value must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName
value must be supplied.
If the source type is a DB security group, a DBSecurityGroupName
value must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier
value must be supplied.
If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier
value must be supplied.
The current status of the endpoint. One of: creating
, available
, deleting
, modifying
.
The current status of the endpoint. One of: creating
, available
, deleting
, inactive
, modifying
. The inactive
state applies to an endpoint that can't be used for a certain kind of cluster, such as a writer
endpoint for a read-only secondary cluster in a global database.
Contains one or more identifiers of Aurora DB clusters to which the RDS DB instance is replicated as a read replica. For example, when you create an Aurora read replica of an RDS MySQL DB instance, the Aurora MySQL DB cluster for the Aurora read replica is shown. This output does not contain information about cross region Aurora read replicas.
Currently, each RDS DB instance can have only one Aurora read replica.
The open mode of an Oracle read replica. The default is open-read-only
. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
This attribute is only supported in RDS for Oracle.
License model information for this DB instance.
" @@ -6696,7 +6704,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"A set of name-value pairs that define which endpoints to include in the output. The filters are specified as name-value pairs, in the format Name=endpoint_type,Values=endpoint_type1,endpoint_type2,...
. Name
can be one of: db-cluster-endpoint-type
, db-cluster-endpoint-custom-type
, db-cluster-endpoint-id
, db-cluster-endpoint-status
. Values
for the db-cluster-endpoint-type
filter can be one or more of: reader
, writer
, custom
. Values
for the db-cluster-endpoint-custom-type
filter can be one or more of: reader
, any
. Values
for the db-cluster-endpoint-status
filter can be one or more of: available
, creating
, deleting
, modifying
.
A set of name-value pairs that define which endpoints to include in the output. The filters are specified as name-value pairs, in the format Name=endpoint_type,Values=endpoint_type1,endpoint_type2,...
. Name
can be one of: db-cluster-endpoint-type
, db-cluster-endpoint-custom-type
, db-cluster-endpoint-id
, db-cluster-endpoint-status
. Values
for the db-cluster-endpoint-type
filter can be one or more of: reader
, writer
, custom
. Values
for the db-cluster-endpoint-custom-type
filter can be one or more of: reader
, any
. Values
for the db-cluster-endpoint-status
filter can be one or more of: available
, creating
, deleting
, inactive
, modifying
.
The type of source that is generating the events.
Valid values: db-instance | db-parameter-group | db-security-group | db-snapshot
" + "documentation":"The type of source that is generating the events.
Valid values: db-instance
| db-cluster
| db-parameter-group
| db-security-group
| db-snapshot
| db-cluster-snapshot
The identifier of the event source for which events are returned. If not specified, then all sources are included in the response.
Constraints:
If SourceIdentifier is supplied, SourceType must also be provided.
If the source type is DBInstance
, then a DBInstanceIdentifier
must be supplied.
If the source type is DBSecurityGroup
, a DBSecurityGroupName
must be supplied.
If the source type is DBParameterGroup
, a DBParameterGroupName
must be supplied.
If the source type is DBSnapshot
, a DBSnapshotIdentifier
must be supplied.
Can't end with a hyphen or contain two consecutive hyphens.
The identifier of the event source for which events are returned. If not specified, then all sources are included in the response.
Constraints:
If SourceIdentifier
is supplied, SourceType
must also be provided.
If the source type is a DB instance, a DBInstanceIdentifier
value must be supplied.
If the source type is a DB cluster, a DBClusterIdentifier
value must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName
value must be supplied.
If the source type is a DB security group, a DBSecurityGroupName
value must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier
value must be supplied.
If the source type is a DB cluster snapshot, a DBClusterSnapshotIdentifier
value must be supplied.
Can't end with a hyphen or contain two consecutive hyphens.
The event categories for the specified source type
" } }, - "documentation":"Contains the results of a successful invocation of the DescribeEventCategories
action.
Contains the results of a successful invocation of the DescribeEventCategories
operation.
A list of EventCategoriesMap data types.
" } }, - "documentation":"Data returned from the DescribeEventCategories action.
" + "documentation":"Data returned from the DescribeEventCategories
operation.
The Active Directory directory ID to move the DB cluster to. Specify none
to remove the cluster from its current domain. The domain must be created prior to this operation.
The Active Directory directory ID to move the DB cluster to. Specify none
to remove the cluster from its current domain. The domain must be created prior to this operation.
For more information, see Kerberos Authentication in the Amazon Aurora User Guide.
" }, "DomainIAMRoleName":{ "shape":"String", @@ -9269,7 +9277,7 @@ }, "Domain":{ "shape":"String", - "documentation":"The Active Directory directory ID to move the DB instance to. Specify none
to remove the instance from its current domain. The domain must be created prior to this operation. Currently, only Microsoft SQL Server and Oracle DB instances can be created in an Active Directory Domain.
For Microsoft SQL Server DB instances, Amazon RDS can use Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon RDS User Guide.
For Oracle DB instances, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB instance. For more information, see Using Kerberos Authentication with Amazon RDS for Oracle in the Amazon RDS User Guide.
" + "documentation":"The Active Directory directory ID to move the DB instance to. Specify none
to remove the instance from its current domain. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", @@ -9338,6 +9346,10 @@ "CertificateRotationRestart":{ "shape":"BooleanOptional", "documentation":"A value that indicates whether the DB instance is restarted when you rotate your SSL/TLS certificate.
By default, the DB instance is restarted when you rotate your SSL/TLS certificate. The certificate is not updated until the DB instance is restarted.
Set this parameter only if you are not using SSL/TLS to connect to the DB instance.
If you are using SSL/TLS to connect to the DB instance, follow the appropriate instructions for your DB engine to rotate your SSL/TLS certificate:
For more information about rotating your SSL/TLS certificate for RDS DB engines, see Rotating Your SSL/TLS Certificate. in the Amazon RDS User Guide.
For more information about rotating your SSL/TLS certificate for Aurora DB engines, see Rotating Your SSL/TLS Certificate in the Amazon Aurora User Guide.
A value that sets the open mode of a replica database to either mounted or read-only.
Currently, this parameter is only supported for Oracle DB instances.
Mounted DB replicas are included in Oracle Enterprise Edition. The main use case for mounted replicas is cross-Region disaster recovery. The primary database doesn't use Active Data Guard to transmit information to the mounted replica. Because it doesn't accept user connections, a mounted replica can't serve a read-only workload. For more information, see Working with Oracle Read Replicas for Amazon RDS in the Amazon RDS User Guide.
" } }, "documentation":"" @@ -9545,11 +9557,11 @@ }, "SourceType":{ "shape":"String", - "documentation":"The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. If this value isn't specified, all events are returned.
Valid values: db-instance | db-parameter-group | db-security-group | db-snapshot
" + "documentation":"The type of source that is generating the events. For example, if you want to be notified of events generated by a DB instance, you would set this parameter to db-instance. If this value isn't specified, all events are returned.
Valid values: db-instance
| db-cluster
| db-parameter-group
| db-security-group
| db-snapshot
| db-cluster-snapshot
A list of event categories for a SourceType that you want to subscribe to. You can see a list of the categories for a given SourceType in the Events topic in the Amazon RDS User Guide or by using the DescribeEventCategories action.
" + "documentation":" A list of event categories for a source type (SourceType
) that you want to subscribe to. You can see a list of the categories for a given source type in Events in the Amazon RDS User Guide or by using the DescribeEventCategories
operation.
The name of the database engine to be used for the restored DB cluster.
Valid Values: aurora
, aurora-postgresql
The name of the database engine to be used for this DB cluster.
Valid Values: aurora
(for MySQL 5.6-compatible Aurora), aurora-mysql
(for MySQL 5.7-compatible Aurora), and aurora-postgresql
The version of the database that the backup files were created from.
MySQL versions 5.5, 5.6, and 5.7 are supported.
Example: 5.6.40
The version of the database that the backup files were created from.
MySQL versions 5.5, 5.6, and 5.7 are supported.
Example: 5.6.40
, 5.7.28
Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation.
" + "documentation":"Specify the Active Directory directory ID to restore the DB cluster in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "DomainIAMRoleName":{ "shape":"String", @@ -11419,7 +11438,7 @@ }, "Domain":{ "shape":"String", - "documentation":"Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only Microsoft SQL Server and Oracle DB instances can be created in an Active Directory Domain.
For Microsoft SQL Server DB instances, Amazon RDS can use Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon RDS User Guide.
For Oracle DB instances, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB instance. For more information, see Using Kerberos Authentication with Amazon RDS for Oracle in the Amazon RDS User Guide.
" + "documentation":"Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "CopyTagsToSnapshot":{ "shape":"BooleanOptional", @@ -11745,7 +11764,7 @@ }, "Domain":{ "shape":"String", - "documentation":"Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only Microsoft SQL Server and Oracle DB instances can be created in an Active Directory Domain.
For Microsoft SQL Server DB instances, Amazon RDS can use Windows Authentication to authenticate users that connect to the DB instance. For more information, see Using Windows Authentication with an Amazon RDS DB Instance Running Microsoft SQL Server in the Amazon RDS User Guide.
For Oracle DB instances, Amazon RDS can use Kerberos authentication to authenticate users that connect to the DB instance. For more information, see Using Kerberos Authentication with Amazon RDS for Oracle in the Amazon RDS User Guide.
" + "documentation":"Specify the Active Directory directory ID to restore the DB instance in. The domain must be created prior to this operation. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
" }, "DomainIAMRoleName":{ "shape":"String", @@ -12127,7 +12146,7 @@ }, "KmsKeyId":{ "shape":"String", - "documentation":"The ID of the AWS KMS key to use to encrypt the snapshot exported to Amazon S3. The KMS key ID is the Amazon Resource Name (ARN), the KMS key identifier, or the KMS key alias for the KMS encryption key. The IAM role used for the snapshot export must have encryption and decryption permissions to use this KMS key.
" + "documentation":"The ID of the AWS KMS key to use to encrypt the snapshot exported to Amazon S3. The KMS key ID is the Amazon Resource Name (ARN), the KMS key identifier, or the KMS key alias for the KMS encryption key. The caller of this operation must be authorized to execute the following operations. These can be set in the KMS key policy:
GrantOperation.Encrypt
GrantOperation.Decrypt
GrantOperation.GenerateDataKey
GrantOperation.GenerateDataKeyWithoutPlaintext
GrantOperation.ReEncryptFrom
GrantOperation.ReEncryptTo
GrantOperation.CreateGrant
GrantOperation.DescribeKey
GrantOperation.RetireGrant