Amazon EMR is a web service that makes it easier to process large amounts of data efficiently. Amazon EMR uses Hadoop processing combined with several Amazon Web Services services to do tasks such as web indexing, data mining, log file analysis, machine learning, scientific simulation, and data warehouse management.
", "operations": { - "AddInstanceFleet": "Adds an instance fleet to a running cluster.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x.
Adds an instance fleet to a running cluster.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x.
Adds one or more instance groups to a running cluster.
", "AddJobFlowSteps": "AddJobFlowSteps adds new steps to a running cluster. A maximum of 256 steps are allowed in each job flow.
If your cluster is long-running (such as a Hive data warehouse) or complex, you may require more than 256 steps to process your data. You can bypass the 256-step limitation in various ways, including using SSH to connect to the master node and submitting queries directly to the software running on the master node, such as Hive and Hadoop.
A step specifies the location of a JAR file stored either on the master node of the cluster or in Amazon S3. Each step is performed by the main function of the main class of the JAR file. The main class can be specified either in the manifest of the JAR or by using the MainFunction parameter of the step.
Amazon EMR executes each step in the order listed. For a step to be considered complete, the main function must exit with a zero exit code and all Hadoop jobs started while the step was running must have completed and run successfully.
You can only add steps to a cluster that is in one of the following states: STARTING, BOOTSTRAPPING, RUNNING, or WAITING.
The string values passed into HadoopJarStep object cannot exceed a total of 10240 characters.
Adds tags to an Amazon EMR resource, such as a cluster or an Amazon EMR Studio. Tags make it easier to associate resources in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters.
", - "CancelSteps": "Cancels a pending step or steps in a running cluster. Available only in Amazon EMR versions 4.8.0 and later, excluding version 5.0.0. A maximum of 256 steps are allowed in each CancelSteps request. CancelSteps is idempotent but asynchronous; it does not guarantee that a step will be canceled, even if the request is successfully submitted. When you use Amazon EMR releases 5.28.0 and later, you can cancel steps that are in a PENDING or RUNNING state. In earlier versions of Amazon EMR, you can only cancel steps that are in a PENDING state.
Cancels a pending step or steps in a running cluster. Available only in Amazon EMR versions 4.8.0 and higher, excluding version 5.0.0. A maximum of 256 steps are allowed in each CancelSteps request. CancelSteps is idempotent but asynchronous; it does not guarantee that a step will be canceled, even if the request is successfully submitted. When you use Amazon EMR releases 5.28.0 and higher, you can cancel steps that are in a PENDING or RUNNING state. In earlier versions of Amazon EMR, you can only cancel steps that are in a PENDING state.
Creates a security configuration, which is stored in the service and can be specified when a cluster is created.
", "CreateStudio": "Creates a new Amazon EMR Studio.
", "CreateStudioSessionMapping": "Maps a user or group to the Amazon EMR Studio specified by StudioId, and applies a session policy to refine Studio permissions for that user or group. Use CreateStudioSessionMapping to assign users to a Studio when you use IAM Identity Center authentication. For instructions on how to assign users to a Studio when you use IAM authentication, see Assign a user or group to your EMR Studio.
Fetches mapping details for the specified Amazon EMR Studio and identity (user or group).
", "ListBootstrapActions": "Provides information about the bootstrap actions associated with a cluster.
", "ListClusters": "Provides the status of all clusters visible to this Amazon Web Services account. Allows you to filter the list of clusters based on certain criteria; for example, filtering by cluster creation date and time or by status. This call returns a maximum of 50 clusters in unsorted order per call, but returns a marker to track the paging of the cluster list across multiple ListClusters calls.
", - "ListInstanceFleets": "Lists all available details about the instance fleets in a cluster.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Lists all available details about the instance fleets in a cluster.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Provides all available details about the instance groups in a cluster.
", "ListInstances": "Provides information for all active Amazon EC2 instances and Amazon EC2 instances terminated in the last 30 days, up to a maximum of 2,000. Amazon EC2 instances in any of the following states are considered active: AWAITING_FULFILLMENT, PROVISIONING, BOOTSTRAPPING, RUNNING.
", "ListNotebookExecutions": "Provides summaries of all notebook executions. You can filter the list based on multiple criteria such as status, time range, and editor id. Returns a maximum of 50 notebook executions and a marker to track the paging of a longer notebook execution list across multiple ListNotebookExecutions calls.
Returns a list of all Amazon EMR Studios associated with the Amazon Web Services account. The list includes details such as ID, Studio Access URL, and creation time for each Studio.
", "ListSupportedInstanceTypes": "A list of the instance types that Amazon EMR supports. You can filter the list by Amazon Web Services Region and Amazon EMR release.
", "ModifyCluster": "Modifies the number of steps that can be executed concurrently for the cluster specified using ClusterID.
", - "ModifyInstanceFleet": "Modifies the target On-Demand and target Spot capacities for the instance fleet with the specified InstanceFleetID within the cluster specified using ClusterID. The call either succeeds or fails atomically.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Modifies the target On-Demand and target Spot capacities for the instance fleet with the specified InstanceFleetID within the cluster specified using ClusterID. The call either succeeds or fails atomically.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
ModifyInstanceGroups modifies the number of nodes and configuration settings of an instance group. The input parameters include the new target instance count for the group and the instance group ID. The call will either succeed or fail atomically.
", "PutAutoScalingPolicy": "Creates or updates an automatic scaling policy for a core instance group or task instance group in an Amazon EMR cluster. The automatic scaling policy defines how an instance group dynamically adds and terminates Amazon EC2 instances in response to the value of a CloudWatch metric.
", - "PutAutoTerminationPolicy": "Auto-termination is supported in Amazon EMR releases 5.30.0 and 6.1.0 and later. For more information, see Using an auto-termination policy.
Creates or updates an auto-termination policy for an Amazon EMR cluster. An auto-termination policy defines the amount of idle time in seconds after which a cluster automatically terminates. For alternative cluster termination options, see Control cluster termination.
", + "PutAutoTerminationPolicy": "Auto-termination is supported in Amazon EMR releases 5.30.0 and 6.1.0 and higher. For more information, see Using an auto-termination policy.
Creates or updates an auto-termination policy for an Amazon EMR cluster. An auto-termination policy defines the amount of idle time in seconds after which a cluster automatically terminates. For alternative cluster termination options, see Control cluster termination.
", "PutBlockPublicAccessConfiguration": "Creates or updates an Amazon EMR block public access configuration for your Amazon Web Services account in the current Region. For more information see Configure Block Public Access for Amazon EMR in the Amazon EMR Management Guide.
", "PutManagedScalingPolicy": "Creates or updates a managed scaling policy for an Amazon EMR cluster. The managed scaling policy defines the limits for resources, such as Amazon EC2 instances that can be added or terminated from a cluster. The policy only applies to the core and task nodes. The master node cannot be scaled after initial configuration.
", "RemoveAutoScalingPolicy": "Removes an automatic scaling policy from a specified instance group within an Amazon EMR cluster.
", "RemoveAutoTerminationPolicy": "Removes an auto-termination policy from an Amazon EMR cluster.
", "RemoveManagedScalingPolicy": "Removes a managed scaling policy from a specified Amazon EMR cluster.
", "RemoveTags": "Removes tags from an Amazon EMR resource, such as a cluster or Amazon EMR Studio. Tags make it easier to associate resources in various ways, such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see Tag Clusters.
The following example removes the stack tag with value Prod from a cluster:
", - "RunJobFlow": "RunJobFlow creates and starts running a new cluster (job flow). The cluster runs the steps specified. After the steps complete, the cluster stops and the HDFS partition is lost. To prevent loss of data, configure the last step of the job flow to store results in Amazon S3. If the JobFlowInstancesConfig KeepJobFlowAliveWhenNoSteps parameter is set to TRUE, the cluster transitions to the WAITING state rather than shutting down after the steps have completed.
For additional protection, you can set the JobFlowInstancesConfig TerminationProtected parameter to TRUE to lock the cluster and prevent it from being terminated by API call, user intervention, or in the event of a job flow error.
A maximum of 256 steps are allowed in each job flow.
If your cluster is long-running (such as a Hive data warehouse) or complex, you may require more than 256 steps to process your data. You can bypass the 256-step limitation in various ways, including using the SSH shell to connect to the master node and submitting queries directly to the software running on the master node, such as Hive and Hadoop.
For long-running clusters, we recommend that you periodically store your results.
The instance fleets configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. The RunJobFlow request can contain InstanceFleets parameters or InstanceGroups parameters, but not both.
RunJobFlow creates and starts running a new cluster (job flow). The cluster runs the steps specified. After the steps complete, the cluster stops and the HDFS partition is lost. To prevent loss of data, configure the last step of the job flow to store results in Amazon S3. If the JobFlowInstancesConfig KeepJobFlowAliveWhenNoSteps parameter is set to TRUE, the cluster transitions to the WAITING state rather than shutting down after the steps have completed.
For additional protection, you can set the JobFlowInstancesConfig TerminationProtected parameter to TRUE to lock the cluster and prevent it from being terminated by API call, user intervention, or in the event of a job flow error.
A maximum of 256 steps are allowed in each job flow.
If your cluster is long-running (such as a Hive data warehouse) or complex, you may require more than 256 steps to process your data. You can bypass the 256-step limitation in various ways, including using the SSH shell to connect to the master node and submitting queries directly to the software running on the master node, such as Hive and Hadoop.
For long-running clusters, we recommend that you periodically store your results.
The instance fleets configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions. The RunJobFlow request can contain InstanceFleets parameters or InstanceGroups parameters, but not both.
SetTerminationProtection locks a cluster (job flow) so the Amazon EC2 instances in the cluster cannot be terminated by user intervention, an API call, or in the event of a job-flow error. The cluster still terminates upon successful completion of the job flow. Calling SetTerminationProtection on a cluster is similar to calling the Amazon EC2 DisableAPITermination API on all Amazon EC2 instances in a cluster.
SetTerminationProtection is used to prevent accidental termination of a cluster and to ensure that in the event of an error, the instances persist so that you can recover any data stored in their ephemeral instance storage.
To terminate a cluster that has been locked by setting SetTerminationProtection to true, you must first unlock the job flow by a subsequent call to SetTerminationProtection in which you set the value to false.
For more information, seeManaging Cluster Termination in the Amazon EMR Management Guide.
", "SetVisibleToAllUsers": "The SetVisibleToAllUsers parameter is no longer supported. Your cluster may be visible to all users in your account. To restrict cluster access using an IAM policy, see Identity and Access Management for Amazon EMR.
Sets the Cluster$VisibleToAllUsers value for an Amazon EMR cluster. When true, IAM principals in the Amazon Web Services account can perform Amazon EMR cluster actions that their IAM policies allow. When false, only the IAM principal that created the cluster and the Amazon Web Services account root user can perform Amazon EMR actions on the cluster, regardless of IAM permissions policies attached to other IAM principals.
This action works on running clusters. When you create a cluster, use the RunJobFlowInput$VisibleToAllUsers parameter.
For more information, see Understanding the Amazon EMR Cluster VisibleToAllUsers Setting in the Amazon EMR Management Guide.
", "StartNotebookExecution": "Starts a notebook execution.
", @@ -113,7 +113,7 @@ } }, "Application": { - "base": "With Amazon EMR release version 4.0 and later, the only accepted parameter is the application name. To pass arguments to applications, you use configuration classifications specified using configuration JSON objects. For more information, see Configuring Applications.
With earlier Amazon EMR releases, the application is any Amazon or third-party software that you can add to the cluster. This structure contains a list of strings that indicates the software to use with the cluster and accepts a user argument list. Amazon EMR accepts and forwards the argument list to the corresponding installation script as bootstrap action argument.
", + "base": "With Amazon EMR release version 4.0 and higher, the only accepted parameter is the application name. To pass arguments to applications, you use configuration classifications specified using configuration JSON objects. For more information, see Configuring Applications.
With earlier Amazon EMR releases, the application is any Amazon or third-party software that you can add to the cluster. This structure contains a list of strings that indicates the software to use with the cluster and accepts a user argument list. Amazon EMR accepts and forwards the argument list to the corresponding installation script as bootstrap action argument.
", "refs": { "ApplicationList$member": null } @@ -122,7 +122,7 @@ "base": null, "refs": { "Cluster$Applications": "The applications installed on this cluster.
", - "RunJobFlowInput$Applications": "Applies to Amazon EMR releases 4.0 and later. A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. For a list of applications available for each Amazon EMR release version, see the Amazon EMRRelease Guide.
" + "RunJobFlowInput$Applications": "Applies to Amazon EMR releases 4.0 and higher. A case-insensitive list of applications for Amazon EMR to install and configure when launching the cluster. For a list of applications available for each Amazon EMR release version, see the Amazon EMRRelease Guide.
" } }, "ArnType": { @@ -196,7 +196,7 @@ "BlockPublicAccessConfiguration": { "base": "A configuration for Amazon EMR block public access. When BlockPublicSecurityGroupRules is set to true, Amazon EMR prevents cluster creation if one of the cluster's security groups has a rule that allows inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an exception using PermittedPublicSecurityGroupRuleRanges.
A configuration for Amazon EMR block public access. The configuration applies to all clusters created in your account for the current Region. The configuration specifies whether block public access is enabled. If block public access is enabled, security groups associated with the cluster cannot have rules that allow inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an exception using PermittedPublicSecurityGroupRuleRanges in the BlockPublicAccessConfiguration. By default, Port 22 (SSH) is an exception, and public access is allowed on this port. You can change this by updating the block public access configuration to remove the exception.
For accounts that created clusters in a Region before November 25, 2019, block public access is disabled by default in that Region. To use this feature, you must manually enable and configure it. For accounts that did not create an Amazon EMR cluster in a Region before this date, block public access is enabled by default in that Region.
A configuration for Amazon EMR block public access. The configuration applies to all clusters created in your account for the current Region. The configuration specifies whether block public access is enabled. If block public access is enabled, security groups associated with the cluster cannot have rules that allow inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an exception using PermittedPublicSecurityGroupRuleRanges in the BlockPublicAccessConfiguration. By default, Port 22 (SSH) is an exception, and public access is allowed on this port. To change this, update the block public access configuration to remove the exception.
For accounts that created clusters in a Region before November 25, 2019, block public access is disabled by default in that Region. To use this feature, you must manually enable and configure it. For accounts that did not create an Amazon EMR cluster in a Region before this date, block public access is enabled by default in that Region.
A configuration for Amazon EMR block public access. The configuration applies to all clusters created in your account for the current Region. The configuration specifies whether block public access is enabled. If block public access is enabled, security groups associated with the cluster cannot have rules that allow inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port is specified as an exception using PermittedPublicSecurityGroupRuleRanges in the BlockPublicAccessConfiguration. By default, Port 22 (SSH) is an exception, and public access is allowed on this port. You can change this by updating BlockPublicSecurityGroupRules to remove the exception.
For accounts that created clusters in a Region before November 25, 2019, block public access is disabled by default in that Region. To use this feature, you must manually enable and configure it. For accounts that did not create an Amazon EMR cluster in a Region before this date, block public access is enabled by default in that Region.
Specification of the status of a CancelSteps request. Available only in Amazon EMR version 4.8.0 and later, excluding version 5.0.0.
", + "base": "Specification of the status of a CancelSteps request. Available only in Amazon EMR version 4.8.0 and higher, excluding version 5.0.0.
", "refs": { "CancelStepsInfoList$member": null } @@ -406,7 +406,7 @@ } }, "Configuration": { - "base": "Amazon EMR releases 4.x or later.
An optional configuration specification to be used when provisioning cluster instances, which can include configurations for applications and software bundled with Amazon EMR. A configuration consists of a classification, properties, and optional nested configurations. A classification refers to an application-specific configuration file. Properties are the settings you want to change in that file. For more information, see Configuring Applications.
", + "base": "Amazon EMR releases 4.x or higher.
An optional configuration specification to be used when provisioning cluster instances, which can include configurations for applications and software bundled with Amazon EMR. A configuration consists of a classification, properties, and optional nested configurations. A classification refers to an application-specific configuration file. Properties are the settings you want to change in that file. For more information, see Configuring Applications.
", "refs": { "ConfigurationList$member": null } @@ -414,15 +414,15 @@ "ConfigurationList": { "base": null, "refs": { - "Cluster$Configurations": "Applies only to Amazon EMR releases 4.x and later. The list of configurations that are supplied to the Amazon EMR cluster.
", + "Cluster$Configurations": "Applies only to Amazon EMR releases 4.x and higher. The list of configurations that are supplied to the Amazon EMR cluster.
", "Configuration$Configurations": "A list of additional configurations to apply within a configuration object.
", - "InstanceGroup$Configurations": "Amazon EMR releases 4.x or later.
The list of configurations supplied for an Amazon EMR cluster instance group. You can specify a separate configuration for each instance group (master, core, and task).
", + "InstanceGroup$Configurations": "Amazon EMR releases 4.x or higher.
The list of configurations supplied for an Amazon EMR cluster instance group. You can specify a separate configuration for each instance group (master, core, and task).
", "InstanceGroup$LastSuccessfullyAppliedConfigurations": "A list of configurations that were successfully applied for an instance group last time.
", - "InstanceGroupConfig$Configurations": "Amazon EMR releases 4.x or later.
The list of configurations supplied for an Amazon EMR cluster instance group. You can specify a separate configuration for each instance group (master, core, and task).
", + "InstanceGroupConfig$Configurations": "Amazon EMR releases 4.x or higher.
The list of configurations supplied for an Amazon EMR cluster instance group. You can specify a separate configuration for each instance group (master, core, and task).
", "InstanceGroupModifyConfig$Configurations": "A list of new or modified configurations to apply for an instance group.
", "InstanceTypeConfig$Configurations": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software that run on the cluster.
", "InstanceTypeSpecification$Configurations": "A configuration classification that applies when provisioning cluster instances, which can include configurations for applications and software bundled with Amazon EMR.
", - "RunJobFlowInput$Configurations": "For Amazon EMR releases 4.0 and later. The list of configurations supplied for the Amazon EMR cluster that you are creating.
" + "RunJobFlowInput$Configurations": "For Amazon EMR releases 4.0 and higher. The list of configurations supplied for the Amazon EMR cluster that you are creating.
" } }, "CreateSecurityConfigurationInput": { @@ -813,17 +813,17 @@ "InstanceCollectionType": { "base": null, "refs": { - "Cluster$InstanceCollectionType": "The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
The instance group configuration of the cluster. A value of INSTANCE_GROUP indicates a uniform instance group configuration. A value of INSTANCE_FLEET indicates an instance fleets configuration.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The instance group configuration of the cluster. A value of INSTANCE_GROUP indicates a uniform instance group configuration. A value of INSTANCE_FLEET indicates an instance fleets configuration.
Describes an instance fleet, which is a group of Amazon EC2 instances that host a particular node type (master, core, or task) in an Amazon EMR cluster. Instance fleets can consist of a mix of instance types and On-Demand and Spot Instances, which are provisioned to meet a defined target capacity.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Describes an instance fleet, which is a group of Amazon EC2 instances that host a particular node type (master, core, or task) in an Amazon EMR cluster. Instance fleets can consist of a mix of instance types and On-Demand and Spot Instances, which are provisioned to meet a defined target capacity.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The configuration that defines an instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
The configuration that defines an instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Specifies the configuration of the instance fleet.
", "InstanceFleetConfigList$member": null @@ -832,7 +832,7 @@ "InstanceFleetConfigList": { "base": null, "refs": { - "JobFlowInstancesConfig$InstanceFleets": "The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Describes the Amazon EC2 instances and instance configurations for clusters that use the instance fleet configuration.
" + "JobFlowInstancesConfig$InstanceFleets": "The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Describes the Amazon EC2 instances and instance configurations for clusters that use the instance fleet configuration.
" } }, "InstanceFleetId": { @@ -852,13 +852,13 @@ } }, "InstanceFleetModifyConfig": { - "base": "Configuration parameters for an instance fleet modification request.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Configuration parameters for an instance fleet modification request.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The configuration parameters of the instance fleet.
" } }, "InstanceFleetProvisioningSpecifications": { - "base": "The launch specification for Spot Instances in the fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand and Spot instance allocation strategies are available in Amazon EMR releases 5.12.1 and later.
The launch specification for Spot Instances in the fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions. On-Demand and Spot instance allocation strategies are available in Amazon EMR releases 5.12.1 and higher.
Describes the launch specification for an instance fleet.
", "InstanceFleetConfig$LaunchSpecifications": "The launch specification for the instance fleet.
" @@ -879,7 +879,7 @@ } }, "InstanceFleetStateChangeReason": { - "base": "Provides status change reason details for the instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Provides status change reason details for the instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Provides status change reason details for the instance fleet.
" } @@ -891,13 +891,13 @@ } }, "InstanceFleetStatus": { - "base": "The status of the instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
The status of the instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The current status of the instance fleet.
" } }, "InstanceFleetTimeline": { - "base": "Provides historical timestamps for the instance fleet, including the time of creation, the time it became ready to run jobs, and the time of termination.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Provides historical timestamps for the instance fleet, including the time of creation, the time it became ready to run jobs, and the time of termination.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Provides historical timestamps for the instance fleet, including the time of creation, the time it became ready to run jobs, and the time of termination.
" } @@ -1101,7 +1101,7 @@ } }, "InstanceTypeConfig": { - "base": "An instance type configuration for each instance type in an instance fleet, which determines the Amazon EC2 instances Amazon EMR attempts to provision to fulfill On-Demand and Spot target capacities. When you use an allocation strategy, you can include a maximum of 30 instance type configurations for a fleet. For more information about how to use an allocation strategy, see Configure Instance Fleets. Without an allocation strategy, you may specify a maximum of five instance type configurations for a fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
An instance type configuration for each instance type in an instance fleet, which determines the Amazon EC2 instances Amazon EMR attempts to provision to fulfill On-Demand and Spot target capacities. When you use an allocation strategy, you can include a maximum of 30 instance type configurations for a fleet. For more information about how to use an allocation strategy, see Configure Instance Fleets. Without an allocation strategy, you may specify a maximum of five instance type configurations for a fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The configuration specification for each instance type in an instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
The configuration specification for each instance type in an instance fleet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
The number of periods, in five-minute increments, during which the alarm condition must exist before the alarm triggers automatic scaling activity. The default value is 1.
The period, in seconds, over which the statistic is applied. CloudWatch metrics for Amazon EMR are emitted every five minutes (300 seconds), so if you specify a CloudWatch metric, specify 300.
An approximation of the cost of the cluster, represented in m1.small/hours. This value is incremented one time for every hour an m1.small instance runs. Larger instances are weighted more, so an Amazon EC2 instance that is roughly four times more expensive would result in the normalized instance hours being incremented by four. This result is only an approximation and does not reflect the actual billing rate.
", - "Cluster$EbsRootVolumeSize": "The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that is used for each Amazon EC2 instance. Available in Amazon EMR releases 4.x and later.
", + "Cluster$EbsRootVolumeSize": "The size, in GiB, of the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 4.x and higher.
", "Cluster$StepConcurrencyLevel": "Specifies the number of steps that can be executed concurrently.
", + "Cluster$EbsRootVolumeIops": "The IOPS, of the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher.
", + "Cluster$EbsRootVolumeThroughput": "The throughput, in MiB/s, of the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher.
", "ClusterSummary$NormalizedInstanceHours": "An approximation of the cost of the cluster, represented in m1.small/hours. This value is incremented one time for every hour an m1.small instance runs. Larger instances are weighted more, so an Amazon EC2 instance that is roughly four times more expensive would result in the normalized instance hours being incremented by four. This result is only an approximation and does not reflect the actual billing rate.
", "ComputeLimits$MinimumCapacityUnits": "The lower boundary of Amazon EC2 units. It is measured through vCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.
", "ComputeLimits$MaximumCapacityUnits": "The upper boundary of Amazon EC2 units. It is measured through vCPU cores or instances for instance groups and measured through units for instance fleets. Managed scaling activities are not allowed beyond this boundary. The limit only applies to the core and task nodes. The master node cannot be scaled after initial configuration.
", @@ -1150,8 +1152,10 @@ "JobFlowInstancesDetail$NormalizedInstanceHours": "An approximation of the cost of the cluster, represented in m1.small/hours. This value is increased one time for every hour that an m1.small instance runs. Larger instances are weighted more heavily, so an Amazon EC2 instance that is roughly four times more expensive would result in the normalized instance hours being increased incrementally four times. This result is only an approximation and does not reflect the actual billing rate.
", "ModifyClusterInput$StepConcurrencyLevel": "The number of steps that can be executed concurrently. You can specify a minimum of 1 step and a maximum of 256 steps. We recommend that you do not change this parameter while steps are running or the ActionOnFailure setting may not behave as expected. For more information see Step$ActionOnFailure.
The number of steps that can be executed concurrently.
", - "RunJobFlowInput$EbsRootVolumeSize": "The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that is used for each Amazon EC2 instance. Available in Amazon EMR releases 4.x and later.
", + "RunJobFlowInput$EbsRootVolumeSize": "The size, in GiB, of the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 4.x and higher.
", "RunJobFlowInput$StepConcurrencyLevel": "Specifies the number of steps that can be executed concurrently. The default value is 1. The maximum value is 256.
The IOPS for the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher.
", + "RunJobFlowInput$EbsRootVolumeThroughput": "The throughput, in MiB/s, of the Amazon EBS root device volume for the Linux AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher.
", "ScalingConstraints$MinCapacity": "The lower boundary of Amazon EC2 instances in an instance group below which scaling activities are not allowed to shrink. Scale-in activities will not terminate instances below this boundary.
", "ScalingConstraints$MaxCapacity": "The upper boundary of Amazon EC2 instances in an instance group beyond which scaling activities are not allowed to grow. Scale-out activities will not add instances beyond this boundary.
", "ShrinkPolicy$DecommissionTimeout": "The desired timeout for decommissioning an instance. Overrides the default YARN decommissioning timeout.
", @@ -1454,7 +1458,7 @@ "NewSupportedProductsList": { "base": null, "refs": { - "RunJobFlowInput$NewSupportedProducts": "For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and later, use Applications.
A list of strings that indicates third-party software to use with the job flow that accepts a user argument list. Amazon EMR accepts and forwards the argument list to the corresponding installation script as bootstrap action arguments. For more information, see \"Launch a Job Flow on the MapR Distribution for Hadoop\" in the Amazon EMR Developer Guide. Supported values are:
\"mapr-m3\" - launch the cluster using MapR M3 Edition.
\"mapr-m5\" - launch the cluster using MapR M5 Edition.
\"mapr\" with the user arguments specifying \"--edition,m3\" or \"--edition,m5\" - launch the job flow using MapR M3 or M5 Edition respectively.
\"mapr-m7\" - launch the cluster using MapR M7 Edition.
\"hunk\" - launch the cluster with the Hunk Big Data Analytics Platform.
\"hue\"- launch the cluster with Hue installed.
\"spark\" - launch the cluster with Apache Spark installed.
\"ganglia\" - launch the cluster with the Ganglia Monitoring System installed.
For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and higher, use Applications.
A list of strings that indicates third-party software to use with the job flow that accepts a user argument list. Amazon EMR accepts and forwards the argument list to the corresponding installation script as bootstrap action arguments. For more information, see \"Launch a Job Flow on the MapR Distribution for Hadoop\" in the Amazon EMR Developer Guide. Supported values are:
\"mapr-m3\" - launch the cluster using MapR M3 Edition.
\"mapr-m5\" - launch the cluster using MapR M5 Edition.
\"mapr\" with the user arguments specifying \"--edition,m3\" or \"--edition,m5\" - launch the job flow using MapR M3 or M5 Edition respectively.
\"mapr-m7\" - launch the cluster using MapR M7 Edition.
\"hunk\" - launch the cluster with the Hunk Big Data Analytics Platform.
\"hue\"- launch the cluster with Hue installed.
\"spark\" - launch the cluster with Apache Spark installed.
\"ganglia\" - launch the cluster with the Ganglia Monitoring System installed.
The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and later.
The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and higher.
The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and later.
The launch specification for On-Demand Instances in the instance fleet, which determines the allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions. On-Demand Instances allocation strategy is available in Amazon EMR releases 5.12.1 and higher.
Input to the RunJobFlow operation.
", + "base": "Input to the RunJobFlow operation.
", "refs": { } }, @@ -1743,9 +1747,9 @@ "ScaleDownBehavior": { "base": null, "refs": { - "Cluster$ScaleDownBehavior": "The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and later and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION is available only in Amazon EMR releases 4.1.0 and later, and is the default for versions of Amazon EMR earlier than 5.1.0.
The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and later and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION available only in Amazon EMR releases 4.1.0 and later, and is the default for releases of Amazon EMR earlier than 5.1.0.
Specifies the way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and later and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION available only in Amazon EMR releases 4.1.0 and later, and is the default for releases of Amazon EMR earlier than 5.1.0.
The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and higher and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION is available only in Amazon EMR releases 4.1.0 and higher, and is the default for versions of Amazon EMR earlier than 5.1.0.
The way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and higher and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION available only in Amazon EMR releases 4.1.0 and higher, and is the default for releases of Amazon EMR earlier than 5.1.0.
Specifies the way that individual Amazon EC2 instances terminate when an automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR indicates that Amazon EMR terminates nodes at the instance-hour boundary, regardless of when the request to terminate the instance was submitted. This option is only available with Amazon EMR 5.1.0 and higher and is the default for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates that Amazon EMR adds nodes to a deny list and drains tasks from nodes before terminating the Amazon EC2 instances, regardless of the instance-hour boundary. With either behavior, Amazon EMR removes the least active nodes first and blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION available only in Amazon EMR releases 4.1.0 and higher, and is the default for releases of Amazon EMR earlier than 5.1.0.
Specifies the strategy to use in launching Spot Instance fleets. Currently, the only option is capacity-optimized (the default), which launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching.
" + "SpotProvisioningSpecification$AllocationStrategy": "Specifies one of the following strategies to launch Spot Instance fleets: price-capacity-optimized, capacity-optimized, lowest-price, or diversified. For more information on the provisioning strategies, see Allocation strategies for Spot Instances in the Amazon EC2 User Guide for Linux Instances.
When you launch a Spot Instance fleet with the old console, it automatically launches with the capacity-optimized strategy. You can't change the allocation strategy from the old console.
The launch specification for Spot Instances in the instance fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions. Spot Instance allocation strategy is available in Amazon EMR releases 5.12.1 and later.
Spot Instances with a defined duration (also known as Spot blocks) are no longer available to new customers from July 1, 2021. For customers who have previously used the feature, we will continue to support Spot Instances with a defined duration until December 31, 2022.
The launch specification for Spot Instances in the instance fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions. Spot Instance allocation strategy is available in Amazon EMR releases 5.12.1 and higher.
Spot Instances with a defined duration (also known as Spot blocks) are no longer available to new customers from July 1, 2021. For customers who have previously used the feature, we will continue to support Spot Instances with a defined duration until December 31, 2022.
The launch specification for Spot instances in the fleet, which determines the defined duration, provisioning timeout behavior, and allocation strategy.
" } @@ -2030,10 +2034,10 @@ "CloudWatchAlarmDefinition$Namespace": "The namespace for the CloudWatch metric. The default is AWS/ElasticMapReduce.
The name of the cluster.
", "Cluster$LogUri": "The path to the Amazon S3 location where logs for this cluster are stored.
", - "Cluster$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. This attribute is only available with Amazon EMR 5.30.0 and later, excluding Amazon EMR 6.0.0.
", + "Cluster$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. This attribute is only available with Amazon EMR 5.30.0 and higher, excluding Amazon EMR 6.0.0.
", "Cluster$RequestedAmiVersion": "The AMI version requested for this cluster.
", "Cluster$RunningAmiVersion": "The AMI version running on this cluster.
", - "Cluster$ReleaseLabel": "The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. Release labels are in the form emr-x.x.x, where x.x.x is an Amazon EMR release version such as emr-5.14.0. For more information about Amazon EMR release versions and included application versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/. The release label applies only to Amazon EMR releases version 4.0 and later. Earlier versions use AmiVersion.
The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. Release labels are in the form emr-x.x.x, where x.x.x is an Amazon EMR release version such as emr-5.14.0. For more information about Amazon EMR release versions and included application versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/. The release label applies only to Amazon EMR releases version 4.0 and higher. Earlier versions use AmiVersion.
The IAM role that Amazon EMR assumes in order to access Amazon Web Services resources on your behalf.
", "Cluster$MasterPublicDnsName": "The DNS name of the master node. If the cluster is on a private subnet, this is the private DNS name. On a public subnet, this is the public DNS name.
", "Cluster$OSReleaseLabel": "The Amazon Linux release specified in a cluster launch RunJobFlow request. If no Amazon Linux release was specified, the default Amazon Linux release is shown in the response.
", @@ -2174,7 +2178,7 @@ "base": null, "refs": { "JobFlowDetail$SupportedProducts": "A list of strings set by third-party software when the job flow is launched. If you are not using third-party software to manage the job flow, this value is empty.
", - "RunJobFlowInput$SupportedProducts": "For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and later, use Applications.
A list of strings that indicates third-party software to use. For more information, see the Amazon EMR Developer Guide. Currently supported values are:
\"mapr-m3\" - launch the job flow using MapR M3 Edition.
\"mapr-m5\" - launch the job flow using MapR M5 Edition.
For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and higher, use Applications.
A list of strings that indicates third-party software to use. For more information, see the Amazon EMR Developer Guide. Currently supported values are:
\"mapr-m3\" - launch the job flow using MapR M3 Edition.
\"mapr-m5\" - launch the job flow using MapR M5 Edition.
The name of the main class in the specified Java file. If not specified, the JAR file should specify a Main-Class in its manifest file.
", "InstanceGroupDetail$LastStateChangeReason": "Details regarding the state of the instance group.
", "JobFlowDetail$LogUri": "The location in Amazon S3 where log files for the job are stored.
", - "JobFlowDetail$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. This attribute is only available with Amazon EMR 5.30.0 and later, excluding 6.0.0.
", + "JobFlowDetail$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. This attribute is only available with Amazon EMR 5.30.0 and higher, excluding 6.0.0.
", "JobFlowDetail$JobFlowRole": "The IAM role that was specified when the job flow was launched. The Amazon EC2 instances of the job flow assume this role.
", "JobFlowDetail$ServiceRole": "The IAM role that is assumed by the Amazon EMR service to access Amazon Web Services resources on your behalf.
", "JobFlowDetail$AutoScalingRole": "An IAM role for automatic scaling policies. The default role is EMR_AutoScaling_DefaultRole. The IAM role provides a way for the automatic scaling feature to get the required permissions it needs to launch and terminate Amazon EC2 instances in an instance group.
The unique ID of the execution engine for the notebook execution.
", "PlacementType$AvailabilityZone": "The Amazon EC2 Availability Zone for the cluster. AvailabilityZone is used for uniform instance groups, while AvailabilityZones (plural) is used for instance fleets.
The location in Amazon S3 to write the log files of the job flow. If a value is not provided, logs are not created.
", - "RunJobFlowInput$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. If a value is not provided, the logs remain encrypted by AES-256. This attribute is only available with Amazon EMR releases 5.30.0 and later, excluding Amazon EMR 6.0.0.
", + "RunJobFlowInput$LogEncryptionKmsKeyId": "The KMS key used for encrypting log files. If a value is not provided, the logs remain encrypted by AES-256. This attribute is only available with Amazon EMR releases 5.30.0 and higher, excluding Amazon EMR 6.0.0.
", "RunJobFlowInput$AdditionalInfo": "A JSON string for selecting additional features.
", "RunJobFlowInput$JobFlowRole": "Also called instance profile and Amazon EC2 role. An IAM role for an Amazon EMR cluster. The Amazon EC2 instances of the cluster assume this role. The default role is EMR_EC2_DefaultRole. In order to use the default role, you must have already created it using the CLI or console.
The IAM role that Amazon EMR assumes in order to access Amazon Web Services resources on your behalf. If you've created a custom service role path, you must specify it for the service role when you launch your cluster.
", @@ -2343,7 +2347,7 @@ "AddJobFlowStepsInput$JobFlowId": "A string that uniquely identifies the job flow. This identifier is returned by RunJobFlow and can also be obtained from ListClusters.
", "BootstrapActionConfig$Name": "The name of the bootstrap action.
", "CancelStepsInput$ClusterId": "The ClusterID for the specified steps that will be canceled. Use RunJobFlow and ListClusters to get ClusterIDs.
Available only in Amazon EMR releases 5.7.0 and later. The ID of a custom Amazon EBS-backed Linux AMI if the cluster uses a custom AMI.
", + "Cluster$CustomAmiId": "Available only in Amazon EMR releases 5.7.0 and higher. The ID of a custom Amazon EBS-backed Linux AMI if the cluster uses a custom AMI.
", "CreateStudioInput$Name": "A descriptive name for the Amazon EMR Studio.
", "CreateStudioInput$Description": "A detailed description of the Amazon EMR Studio.
", "CreateStudioInput$VpcId": "The ID of the Amazon Virtual Private Cloud (Amazon VPC) to associate with the Studio.
", @@ -2386,7 +2390,7 @@ "InstanceTypeSpecification$CustomAmiId": "The custom AMI ID to use for the instance type.
", "JobFlowDetail$JobFlowId": "The job flow identifier.
", "JobFlowDetail$Name": "The name of the job flow.
", - "JobFlowDetail$AmiVersion": "Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and later, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID.
Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and higher, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID.
The name of the Amazon EC2 key pair that can be used to connect to the master node using SSH as the user called \"hadoop.\"
", "JobFlowInstancesConfig$HadoopVersion": "Applies only to Amazon EMR release versions earlier than 4.0. The Hadoop version for the cluster. Valid inputs are \"0.18\" (no longer maintained), \"0.20\" (no longer maintained), \"0.20.205\" (no longer maintained), \"1.0.3\", \"2.2.0\", or \"2.4.0\". If you do not set this value, the default of 0.18 is used, unless the AmiVersion parameter is set in the RunJobFlow call, in which case the default version of Hadoop for that AMI version is used.
Applies to clusters that use the uniform instance group configuration. To launch the cluster in Amazon Virtual Private Cloud (Amazon VPC), set this parameter to the identifier of the Amazon VPC subnet where you want the cluster to launch. If you do not specify this value and your account supports EC2-Classic, the cluster launches in EC2-Classic.
", @@ -2417,9 +2421,9 @@ "OutputNotebookS3LocationForOutput$Bucket": "The Amazon S3 bucket that stores the notebook execution output.
", "OutputNotebookS3LocationFromInput$Bucket": "The Amazon S3 bucket that stores the notebook execution output.
", "RunJobFlowInput$Name": "The name of the job flow.
", - "RunJobFlowInput$AmiVersion": "Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and later, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID.
The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. Release labels are in the form emr-x.x.x, where x.x.x is an Amazon EMR release version such as emr-5.14.0. For more information about Amazon EMR release versions and included application versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/. The release label applies only to Amazon EMR releases version 4.0 and later. Earlier versions use AmiVersion.
Available only in Amazon EMR releases 5.7.0 and later. The ID of a custom Amazon EBS-backed Linux AMI. If specified, Amazon EMR uses this AMI when it launches cluster Amazon EC2 instances. For more information about custom AMIs in Amazon EMR, see Using a Custom AMI in the Amazon EMR Management Guide. If omitted, the cluster uses the base Linux AMI for the ReleaseLabel specified. For Amazon EMR releases 2.x and 3.x, use AmiVersion instead.
For information about creating a custom AMI, see Creating an Amazon EBS-Backed Linux AMI in the Amazon Elastic Compute Cloud User Guide for Linux Instances. For information about finding an AMI ID, see Finding a Linux AMI.
", + "RunJobFlowInput$AmiVersion": "Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases 4.0 and higher, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID.
The Amazon EMR release label, which determines the version of open-source application packages installed on the cluster. Release labels are in the form emr-x.x.x, where x.x.x is an Amazon EMR release version such as emr-5.14.0. For more information about Amazon EMR release versions and included application versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/. The release label applies only to Amazon EMR releases version 4.0 and higher. Earlier versions use AmiVersion.
Available only in Amazon EMR releases 5.7.0 and higher. The ID of a custom Amazon EBS-backed Linux AMI. If specified, Amazon EMR uses this AMI when it launches cluster Amazon EC2 instances. For more information about custom AMIs in Amazon EMR, see Using a Custom AMI in the Amazon EMR Management Guide. If omitted, the cluster uses the base Linux AMI for the ReleaseLabel specified. For Amazon EMR releases 2.x and 3.x, use AmiVersion instead.
For information about creating a custom AMI, see Creating an Amazon EBS-Backed Linux AMI in the Amazon Elastic Compute Cloud User Guide for Linux Instances. For information about finding an AMI ID, see Finding a Linux AMI.
", "RunJobFlowInput$OSReleaseLabel": "Specifies a particular Amazon Linux release for all nodes in a cluster launch RunJobFlow request. If a release is not specified, Amazon EMR uses the latest validated Amazon Linux release for cluster launch.
", "RunJobFlowOutput$JobFlowId": "A unique identifier for the job flow.
", "SecurityGroupsList$member": null, @@ -2470,8 +2474,8 @@ "refs": { "Ec2InstanceAttributes$RequestedEc2SubnetIds": "Applies to clusters configured with the instance fleets option. Specifies the unique identifier of one or more Amazon EC2 subnets in which to launch Amazon EC2 cluster instances. Subnets must exist within the same VPC. Amazon EMR chooses the Amazon EC2 subnet with the best fit from among the list of RequestedEc2SubnetIds, and then launches all cluster instances within that Subnet. If this value is not specified, and the account and Region support EC2-Classic networks, the cluster launches instances in the EC2-Classic network and uses RequestedEc2AvailabilityZones instead of this setting. If EC2-Classic is not supported, and no Subnet is specified, Amazon EMR chooses the subnet for you. RequestedEc2SubnetIDs and RequestedEc2AvailabilityZones cannot be specified together.
Applies to clusters configured with the instance fleets option. Specifies one or more Availability Zones in which to launch Amazon EC2 cluster instances when the EC2-Classic network configuration is supported. Amazon EMR chooses the Availability Zone with the best fit from among the list of RequestedEc2AvailabilityZones, and then launches all cluster instances within that Availability Zone. If you do not specify this value, Amazon EMR chooses the Availability Zone for you. RequestedEc2SubnetIDs and RequestedEc2AvailabilityZones cannot be specified together.
Applies to clusters that use the instance fleet configuration. When multiple Amazon EC2 subnet IDs are specified, Amazon EMR evaluates them and launches instances in the optimal subnet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
When multiple Availability Zones are specified, Amazon EMR evaluates them and launches instances in the optimal Availability Zone. AvailabilityZones is used for instance fleets, while AvailabilityZone (singular) is used for uniform instance groups.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and later, excluding 5.0.x versions.
Applies to clusters that use the instance fleet configuration. When multiple Amazon EC2 subnet IDs are specified, Amazon EMR evaluates them and launches instances in the optimal subnet.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
When multiple Availability Zones are specified, Amazon EMR evaluates them and launches instances in the optimal Availability Zone. AvailabilityZones is used for instance fleets, while AvailabilityZone (singular) is used for uniform instance groups.
The instance fleet configuration is available only in Amazon EMR releases 4.8.0 and higher, excluding 5.0.x versions.
Contains the details of an Amazon Neptune DB cluster.
This data type is used as a response element in the DescribeDBClusters action.
", + "base": "Contains the details of an Amazon Neptune DB cluster.
This data type is used as a response element in the DescribeDBClusters.
", "refs": { "CreateDBClusterResult$DBCluster": null, "DBClusterList$member": null, @@ -1755,19 +1755,26 @@ "refs": { } }, + "SensitiveString": { + "base": null, + "refs": { + "CreateDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", + "ModifyDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
" + } + }, "ServerlessV2ScalingConfiguration": { "base": "Contains the scaling configuration of a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
", "refs": { - "CreateDBClusterMessage$ServerlessV2ScalingConfiguration": null, - "ModifyDBClusterMessage$ServerlessV2ScalingConfiguration": null, - "RestoreDBClusterFromSnapshotMessage$ServerlessV2ScalingConfiguration": null, - "RestoreDBClusterToPointInTimeMessage$ServerlessV2ScalingConfiguration": null + "CreateDBClusterMessage$ServerlessV2ScalingConfiguration": "Contains the scaling configuration of a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
", + "ModifyDBClusterMessage$ServerlessV2ScalingConfiguration": "Contains the scaling configuration of a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
", + "RestoreDBClusterFromSnapshotMessage$ServerlessV2ScalingConfiguration": "Contains the scaling configuration of a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
", + "RestoreDBClusterToPointInTimeMessage$ServerlessV2ScalingConfiguration": "Contains the scaling configuration of a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
" } }, "ServerlessV2ScalingConfigurationInfo": { "base": "Shows the scaling configuration for a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
", "refs": { - "DBCluster$ServerlessV2ScalingConfiguration": null + "DBCluster$ServerlessV2ScalingConfiguration": "Shows the scaling configuration for a Neptune Serverless DB cluster.
For more information, see Using Amazon Neptune Serverless in the Amazon Neptune User Guide.
" } }, "SharedSnapshotQuotaExceededFault": { @@ -1834,7 +1841,7 @@ "refs": { "AddRoleToDBClusterMessage$DBClusterIdentifier": "The name of the DB cluster to associate the IAM role with.
", "AddRoleToDBClusterMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to associate with the Neptune DB cluster, for example arn:aws:iam::123456789012:role/NeptuneAccessRole.
The name of the feature for the Neptune DB cluster that the IAM role is to be associated with. For the list of supported feature names, see DBEngineVersion.
", + "AddRoleToDBClusterMessage$FeatureName": "The name of the feature for the Neptune DB cluster that the IAM role is to be associated with. For the list of supported feature names, see DBEngineVersion.
", "AddSourceIdentifierToSubscriptionMessage$SubscriptionName": "The name of the event notification subscription you want to add a source identifier to.
", "AddSourceIdentifierToSubscriptionMessage$SourceIdentifier": "The identifier of the event source to be added.
Constraints:
If the source type is a DB instance, then a DBInstanceIdentifier must be supplied.
If the source type is a DB security group, a DBSecurityGroupName must be supplied.
If the source type is a DB parameter group, a DBParameterGroupName must be supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier must be supplied.
The Amazon Neptune resource that the tags are added to. This value is an Amazon Resource Name (ARN). For information about creating an ARN, see Constructing an Amazon Resource Name (ARN).
", @@ -1879,8 +1886,8 @@ "CreateDBClusterMessage$MasterUsername": "Not supported by Neptune.
", "CreateDBClusterMessage$MasterUserPassword": "Not supported by Neptune.
", "CreateDBClusterMessage$OptionGroupName": "(Not supported by Neptune)
", - "CreateDBClusterMessage$PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region. To see the time blocks available, see Adjusting the Preferred Maintenance Window in the Amazon Neptune User Guide.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region, occurring on a random day of the week. To see the time blocks available, see Adjusting the Preferred Maintenance Window in the Amazon Neptune User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", + "CreateDBClusterMessage$PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region. To see the time blocks available, see Neptune Maintenance Window in the Amazon Neptune User Guide.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region, occurring on a random day of the week. To see the time blocks available, see Neptune Maintenance Window in the Amazon Neptune User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", "CreateDBClusterMessage$ReplicationSourceIdentifier": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a Read Replica.
", "CreateDBClusterMessage$KmsKeyId": "The Amazon KMS key identifier for an encrypted DB cluster.
The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are creating a DB cluster with the same Amazon account that owns the KMS encryption key used to encrypt the new DB cluster, then you can use the KMS key alias instead of the ARN for the KMS encryption key.
If an encryption key is not specified in KmsKeyId:
If ReplicationSourceIdentifier identifies an encrypted source, then Amazon Neptune will use the encryption key used to encrypt the source. Otherwise, Amazon Neptune will use your default encryption key.
If the StorageEncrypted parameter is true and ReplicationSourceIdentifier is not specified, then Amazon Neptune will use your default encryption key.
Amazon KMS creates the default encryption key for your Amazon account. Your Amazon account has a different default encryption key for each Amazon Region.
If you create a Read Replica of an encrypted DB cluster in another Amazon Region, you must set KmsKeyId to a KMS key ID that is valid in the destination Amazon Region. This key is used to encrypt the Read Replica in that Amazon Region.
This parameter is not currently supported.
", @@ -1907,7 +1914,6 @@ "CreateDBInstanceMessage$DBClusterIdentifier": "The identifier of the DB cluster that the instance will belong to.
For information on creating a DB cluster, see CreateDBCluster.
Type: String
", "CreateDBInstanceMessage$StorageType": "Specifies the storage type to be associated with the DB instance.
Not applicable. Storage is managed by the DB Cluster.
", "CreateDBInstanceMessage$TdeCredentialArn": "The ARN from the key store with which to associate the instance for TDE encryption.
", - "CreateDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", "CreateDBInstanceMessage$KmsKeyId": "The Amazon KMS key identifier for an encrypted DB instance.
The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are creating a DB instance with the same Amazon account that owns the KMS encryption key used to encrypt the new DB instance, then you can use the KMS key alias instead of the ARN for the KM encryption key.
Not applicable. The KMS key identifier is managed by the DB cluster. For more information, see CreateDBCluster.
If the StorageEncrypted parameter is true, and you do not specify a value for the KmsKeyId parameter, then Amazon Neptune will use your default encryption key. Amazon KMS creates the default encryption key for your Amazon account. Your Amazon account has a different default encryption key for each Amazon Region.
Specify the Active Directory Domain to create the instance in.
", "CreateDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits Neptune to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
An optional pagination token provided by a previous DescribeDBClusterParameterGroups request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The Amazon Resource Name (ARN) of the IAM role that is associated with the DB cluster.
", "DBClusterRole$Status": "Describes the state of association between the IAM role and the DB cluster. The Status property returns one of the following values:
ACTIVE - the IAM role ARN is associated with the DB cluster and can be used to access other Amazon services on your behalf.
PENDING - the IAM role ARN is being associated with the DB cluster.
INVALID - the IAM role ARN is associated with the DB cluster, but the DB cluster is unable to assume the IAM role in order to access other Amazon services on your behalf.
The name of the feature associated with the Amazon Identity and Access Management (IAM) role. For the list of supported feature names, see DescribeDBEngineVersions.
", + "DBClusterRole$FeatureName": "The name of the feature associated with the Amazon Identity and Access Management (IAM) role. For the list of supported feature names, see DescribeDBEngineVersions.
", "DBClusterSnapshot$DBClusterSnapshotIdentifier": "Specifies the identifier for a DB cluster snapshot. Must match the identifier of an existing snapshot.
After you restore a DB cluster using a DBClusterSnapshotIdentifier, you must specify the same DBClusterSnapshotIdentifier for any future updates to the DB cluster. When you specify this property for an update, the DB cluster is not restored from the snapshot again, and the data in the database is not changed.
However, if you don't specify the DBClusterSnapshotIdentifier, an empty DB cluster is created, and the original DB cluster is deleted. If you specify a property that is different from the previous snapshot restore property, the DB cluster is restored from the snapshot specified by the DBClusterSnapshotIdentifier, and the original DB cluster is deleted.
Specifies the DB cluster identifier of the DB cluster that this DB cluster snapshot was created from.
", "DBClusterSnapshot$Engine": "Specifies the name of the database engine.
", @@ -2155,7 +2161,7 @@ "ModifyDBClusterMessage$OptionGroupName": "Not supported by Neptune.
", "ModifyDBClusterMessage$PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter.
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region, occurring on a random day of the week.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", - "ModifyDBClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless the ApplyImmediately parameter is set to true.
For a list of valid engine versions, see Engine Releases for Amazon Neptune, or call DescribeDBEngineVersions.
", + "ModifyDBClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless the ApplyImmediately parameter is set to true.
For a list of valid engine versions, see Engine Releases for Amazon Neptune, or call DescribeDBEngineVersions.
", "ModifyDBClusterMessage$DBInstanceParameterGroupName": "The name of the DB parameter group to apply to all instances of the DB cluster.
When you apply a parameter group using DBInstanceParameterGroupName, parameter changes aren't applied during the next maintenance window but instead are applied immediately.
Default: The existing name setting
Constraints:
The DB parameter group must be in the same DB parameter group family as the target DB cluster version.
The DBInstanceParameterGroupName parameter is only valid in combination with the AllowMajorVersionUpgrade parameter.
The name of the DB cluster parameter group to modify.
", "ModifyDBClusterSnapshotAttributeMessage$DBClusterSnapshotIdentifier": "The identifier for the DB cluster snapshot to modify the attributes for.
", @@ -2173,7 +2179,6 @@ "ModifyDBInstanceMessage$NewDBInstanceIdentifier": " The new DB instance identifier for the DB instance when renaming a DB instance. When you change the DB instance identifier, an instance reboot will occur immediately if you set Apply Immediately to true, or will occur during the next maintenance window if Apply Immediately to false. This value is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
The first character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
Not supported.
", "ModifyDBInstanceMessage$TdeCredentialArn": "The ARN from the key store with which to associate the instance for TDE encryption.
", - "ModifyDBInstanceMessage$TdeCredentialPassword": "The password for the given ARN from the key store in order to access the device.
", "ModifyDBInstanceMessage$CACertificateIdentifier": "Indicates the certificate that needs to be associated with the instance.
", "ModifyDBInstanceMessage$Domain": "Not supported.
", "ModifyDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits Neptune to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess.
If MonitoringInterval is set to a value other than 0, then you must supply a MonitoringRoleArn value.
The Amazon Resource Name (ARN) identifying the cluster to be detached from the Neptune global database cluster.
", "RemoveRoleFromDBClusterMessage$DBClusterIdentifier": "The name of the DB cluster to disassociate the IAM role from.
", "RemoveRoleFromDBClusterMessage$RoleArn": "The Amazon Resource Name (ARN) of the IAM role to disassociate from the DB cluster, for example arn:aws:iam::123456789012:role/NeptuneAccessRole.
The name of the feature for the DB cluster that the IAM role is to be disassociated from. For the list of supported feature names, see DescribeDBEngineVersions.
", + "RemoveRoleFromDBClusterMessage$FeatureName": "The name of the feature for the DB cluster that the IAM role is to be disassociated from. For the list of supported feature names, see DescribeDBEngineVersions.
", "RemoveSourceIdentifierFromSubscriptionMessage$SubscriptionName": "The name of the event notification subscription you want to remove a source identifier from.
", "RemoveSourceIdentifierFromSubscriptionMessage$SourceIdentifier": "The source identifier to be removed from the subscription, such as the DB instance identifier for a DB instance or the name of a security group.
", "RemoveTagsFromResourceMessage$ResourceName": "The Amazon Neptune resource that the tags are removed from. This value is an Amazon Resource Name (ARN). For information about creating an ARN, see Constructing an Amazon Resource Name (ARN).
", diff --git a/models/apis/neptune/2014-10-31/endpoint-rule-set-1.json b/models/apis/neptune/2014-10-31/endpoint-rule-set-1.json index b9aff9f06c8..1dfb5f08259 100644 --- a/models/apis/neptune/2014-10-31/endpoint-rule-set-1.json +++ b/models/apis/neptune/2014-10-31/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -58,318 +57,283 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { - "conditions": [], - "type": "tree", + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://rds-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://rds-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, true ] } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "booleanEquals", + "fn": "stringEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "supportsFIPS" + "name" ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "stringEquals", - "argv": [ - "aws-us-gov", - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "name" - ] - } - ] - } - ], - "endpoint": { - "url": "https://rds.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" }, - { - "conditions": [], - "endpoint": { - "url": "https://rds-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "aws-us-gov" ] } - ] + ], + "endpoint": { + "url": "https://rds.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" }, { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://rds-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://rds.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], - "type": "tree", + ], "rules": [ { "conditions": [], "endpoint": { - "url": "https://rds.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://rds.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://rds.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" + ], + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/models/apis/neptune/2014-10-31/endpoint-tests-1.json b/models/apis/neptune/2014-10-31/endpoint-tests-1.json index 6e70aeeabc7..8b0bc663a10 100644 --- a/models/apis/neptune/2014-10-31/endpoint-tests-1.json +++ b/models/apis/neptune/2014-10-31/endpoint-tests-1.json @@ -546,6 +546,17 @@ "UseDualStack": false } }, + { + "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, { "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled", "expect": { @@ -559,6 +570,17 @@ "UseDualStack": false } }, + { + "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-iso-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, { "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled", "expect": { @@ -572,6 +594,17 @@ "UseDualStack": false } }, + { + "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled", + "expect": { + "error": "FIPS and DualStack are enabled, but this partition does not support one or both" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": true, + "UseDualStack": true + } + }, { "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled", "expect": { @@ -585,6 +618,17 @@ "UseDualStack": false } }, + { + "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } + }, { "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled", "expect": { @@ -635,6 +679,12 @@ "UseDualStack": true, "Endpoint": "https://example.com" } + }, + { + "documentation": "Missing region", + "expect": { + "error": "Invalid Configuration: Missing Region" + } } ], "version": "1.0" diff --git a/models/apis/pinpoint/2016-12-01/docs-2.json b/models/apis/pinpoint/2016-12-01/docs-2.json index 7624bc831c9..dd14a2c00c4 100644 --- a/models/apis/pinpoint/2016-12-01/docs-2.json +++ b/models/apis/pinpoint/2016-12-01/docs-2.json @@ -2269,7 +2269,7 @@ "EndpointBatchItem$Address": "The destination address for messages or push notifications that you send to the endpoint. The address varies by channel. For a push-notification channel, use the token provided by the push notification service, such as an Apple Push Notification service (APNs) device token or a Firebase Cloud Messaging (FCM) registration token. For the SMS channel, use a phone number in E.164 format, such as +12065550100. For the email channel, use an email address.
", "EndpointBatchItem$EffectiveDate": "The date and time, in ISO 8601 format, when the endpoint was created or updated.
", "EndpointBatchItem$EndpointStatus": "Specifies whether to send messages or push notifications to the endpoint. Valid values are: ACTIVE, messages are sent to the endpoint; and, INACTIVE, messages aren’t sent to the endpoint.
Amazon Pinpoint automatically sets this value to ACTIVE when you create an endpoint or update an existing endpoint. Amazon Pinpoint automatically sets this value to INACTIVE if you update another endpoint that has the same address specified by the Address property.
", - "EndpointBatchItem$Id": "The unique identifier for the endpoint in the context of the batch.
", + "EndpointBatchItem$Id": "The case insensitive unique identifier for the endpoint in the context of the batch. The identifier can't contain $, { or }.
Specifies whether the user who's associated with the endpoint has opted out of receiving messages and push notifications from you. Possible values are: ALL, the user has opted out and doesn't want to receive any messages or push notifications; and, NONE, the user hasn't opted out and wants to receive all messages and push notifications.
", "EndpointBatchItem$RequestId": "The unique identifier for the request to create or update the endpoint.
", "EndpointDemographic$AppVersion": "The version of the app that's associated with the endpoint.
", diff --git a/models/apis/pinpoint/2016-12-01/endpoint-rule-set-1.json b/models/apis/pinpoint/2016-12-01/endpoint-rule-set-1.json index 0f212a69ff7..cdfee85c7f5 100644 --- a/models/apis/pinpoint/2016-12-01/endpoint-rule-set-1.json +++ b/models/apis/pinpoint/2016-12-01/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -408,9 +406,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/models/apis/redshift/2012-12-01/api-2.json b/models/apis/redshift/2012-12-01/api-2.json index 7d2a63fa301..ec4b4fa5281 100644 --- a/models/apis/redshift/2012-12-01/api-2.json +++ b/models/apis/redshift/2012-12-01/api-2.json @@ -257,7 +257,8 @@ {"shape":"DependentServiceRequestThrottlingFault"}, {"shape":"InvalidClusterTrackFault"}, {"shape":"SnapshotScheduleNotFoundFault"}, - {"shape":"InvalidRetentionPeriodFault"} + {"shape":"InvalidRetentionPeriodFault"}, + {"shape":"Ipv6CidrBlockNotFoundFault"} ] }, "CreateClusterParameterGroup":{ @@ -1643,7 +1644,8 @@ {"shape":"InvalidClusterTrackFault"}, {"shape":"InvalidRetentionPeriodFault"}, {"shape":"UnsupportedOperationFault"}, - {"shape":"CustomCnameAssociationFault"} + {"shape":"CustomCnameAssociationFault"}, + {"shape":"Ipv6CidrBlockNotFoundFault"} ] }, "ModifyClusterDbRevision":{ @@ -2064,7 +2066,8 @@ {"shape":"ReservedNodeOfferingNotFoundFault"}, {"shape":"DependentServiceUnavailableFault"}, {"shape":"ReservedNodeAlreadyExistsFault"}, - {"shape":"UnsupportedOperationFault"} + {"shape":"UnsupportedOperationFault"}, + {"shape":"Ipv6CidrBlockNotFoundFault"} ] }, "RestoreTableFromClusterSnapshot":{ @@ -2669,7 +2672,8 @@ "CustomDomainCertificateArn":{"shape":"String"}, "CustomDomainCertificateExpiryDate":{"shape":"TStamp"}, "MasterPasswordSecretArn":{"shape":"String"}, - "MasterPasswordSecretKmsKeyId":{"shape":"String"} + "MasterPasswordSecretKmsKeyId":{"shape":"String"}, + "IpAddressType":{"shape":"String"} }, "wrapper":true }, @@ -3017,7 +3021,8 @@ "VpcId":{"shape":"String"}, "SubnetGroupStatus":{"shape":"String"}, "Subnets":{"shape":"SubnetList"}, - "Tags":{"shape":"TagList"} + "Tags":{"shape":"TagList"}, + "SupportedClusterIpAddressTypes":{"shape":"ValueStringList"} }, "wrapper":true }, @@ -3210,7 +3215,8 @@ "DefaultIamRoleArn":{"shape":"String"}, "LoadSampleData":{"shape":"String"}, "ManageMasterPassword":{"shape":"BooleanOptional"}, - "MasterPasswordSecretKmsKeyId":{"shape":"String"} + "MasterPasswordSecretKmsKeyId":{"shape":"String"}, + "IpAddressType":{"shape":"String"} } }, "CreateClusterParameterGroupMessage":{ @@ -5229,6 +5235,17 @@ }, "exception":true }, + "Ipv6CidrBlockNotFoundFault":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"Ipv6CidrBlockNotFoundFault", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "LimitExceededFault":{ "type":"structure", "members":{ @@ -5394,7 +5411,8 @@ "AvailabilityZone":{"shape":"String"}, "Port":{"shape":"IntegerOptional"}, "ManageMasterPassword":{"shape":"BooleanOptional"}, - "MasterPasswordSecretKmsKeyId":{"shape":"String"} + "MasterPasswordSecretKmsKeyId":{"shape":"String"}, + "IpAddressType":{"shape":"String"} } }, "ModifyClusterParameterGroupMessage":{ @@ -5559,7 +5577,8 @@ "NetworkInterfaceId":{"shape":"String"}, "SubnetId":{"shape":"String"}, "PrivateIpAddress":{"shape":"String"}, - "AvailabilityZone":{"shape":"String"} + "AvailabilityZone":{"shape":"String"}, + "Ipv6Address":{"shape":"String"} } }, "NetworkInterfaceList":{ @@ -6218,7 +6237,8 @@ "TargetReservedNodeOfferingId":{"shape":"String"}, "Encrypted":{"shape":"BooleanOptional"}, "ManageMasterPassword":{"shape":"BooleanOptional"}, - "MasterPasswordSecretKmsKeyId":{"shape":"String"} + "MasterPasswordSecretKmsKeyId":{"shape":"String"}, + "IpAddressType":{"shape":"String"} } }, "RestoreFromClusterSnapshotResult":{ diff --git a/models/apis/redshift/2012-12-01/docs-2.json b/models/apis/redshift/2012-12-01/docs-2.json index 7aa76e5dc86..7ff06f1d76b 100644 --- a/models/apis/redshift/2012-12-01/docs-2.json +++ b/models/apis/redshift/2012-12-01/docs-2.json @@ -2097,6 +2097,11 @@ "refs": { } }, + "Ipv6CidrBlockNotFoundFault": { + "base": "There are no subnets in your VPC with associated IPv6 CIDR blocks. To use dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC.
", + "refs": { + } + }, "LimitExceededFault": { "base": "The encryption key has exceeded its grant limit in Amazon Web Services KMS.
", "refs": { @@ -3157,6 +3162,7 @@ "Cluster$CustomDomainCertificateArn": "The certificate Amazon Resource Name (ARN) for the custom domain name.
", "Cluster$MasterPasswordSecretArn": "The Amazon Resource Name (ARN) for the cluster's admin user credentials secret.
", "Cluster$MasterPasswordSecretKmsKeyId": "The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret.
", + "Cluster$IpAddressType": "The IP address type for the cluster. Possible values are ipv4 and dualstack.
A database user name that is authorized to log on to the database DbName using the password DbPassword. If the specified DbUser exists in the database, the new user name has the same database permissions as the the user named in DbUser. By default, the user is added to PUBLIC. If the DbGroups parameter is specifed, DbUser is added to the listed groups for any sessions created using these credentials.
The unique identifier of the cluster.
", @@ -3223,6 +3229,7 @@ "CreateClusterMessage$DefaultIamRoleArn": "The Amazon Resource Name (ARN) for the IAM role that was set as default for the cluster when the cluster was created.
", "CreateClusterMessage$LoadSampleData": "A flag that specifies whether to load sample data once the cluster is created.
", "CreateClusterMessage$MasterPasswordSecretKmsKeyId": "The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret. You can only use this parameter if ManageMasterPassword is true.
The IP address types that the cluster supports. Possible values are ipv4 and dualstack.
The name of the cluster parameter group.
Constraints:
Must be 1 to 255 alphanumeric characters or hyphens
First character must be a letter.
Cannot end with a hyphen or contain two consecutive hyphens.
Must be unique withing your Amazon Web Services account.
This value is stored as a lower-case string.
The Amazon Redshift engine version to which the cluster parameter group applies. The cluster engine version determines the set of parameters.
To get a list of valid parameter group family names, you can call DescribeClusterParameterGroups. By default, Amazon Redshift returns a list of all the parameter groups that are owned by your Amazon Web Services account, including the default parameter groups for each Amazon Redshift engine version. The parameter group family names associated with the default parameter groups provide you the valid values. For example, a valid family name is \"redshift-1.0\".
", "CreateClusterParameterGroupMessage$Description": "A description of the parameter group.
", @@ -3495,6 +3502,7 @@ "ModifyClusterMessage$KmsKeyId": "The Key Management Service (KMS) key ID of the encryption key that you want to use to encrypt data in the cluster.
", "ModifyClusterMessage$AvailabilityZone": "The option to initiate relocation for an Amazon Redshift cluster to the target Availability Zone.
", "ModifyClusterMessage$MasterPasswordSecretKmsKeyId": "The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret. You can only use this parameter if ManageMasterPassword is true.
The IP address types that the cluster supports. Possible values are ipv4 and dualstack.
The name of the parameter group to be modified.
", "ModifyClusterSnapshotMessage$SnapshotIdentifier": "The identifier of the snapshot whose setting you want to modify.
", "ModifyClusterSnapshotScheduleMessage$ClusterIdentifier": "A unique identifier for the cluster whose snapshot schedule you want to modify.
", @@ -3520,6 +3528,7 @@ "NetworkInterface$SubnetId": "The subnet identifier.
", "NetworkInterface$PrivateIpAddress": "The IPv4 address of the network interface within the subnet.
", "NetworkInterface$AvailabilityZone": "The Availability Zone.
", + "NetworkInterface$Ipv6Address": "The IPv6 address of the network interface within the subnet.
", "NodeConfigurationOption$NodeType": "The node type, such as, \"ds2.8xlarge\".
", "NodeConfigurationOptionsMessage$Marker": "A value that indicates the starting point for the next set of response records in a subsequent request. If a value is returned in a response, you can retrieve the next set of records by providing this returned marker value in the Marker parameter and retrying the command. If the Marker field is empty, all response records have been retrieved for the request.
The version of the orderable cluster.
", @@ -3601,6 +3610,7 @@ "RestoreFromClusterSnapshotMessage$ReservedNodeId": "The identifier of the target reserved node offering.
", "RestoreFromClusterSnapshotMessage$TargetReservedNodeOfferingId": "The identifier of the target reserved node offering.
", "RestoreFromClusterSnapshotMessage$MasterPasswordSecretKmsKeyId": "The ID of the Key Management Service (KMS) key used to encrypt and store the cluster's admin credentials secret. You can only use this parameter if ManageMasterPassword is true.
The IP address type for the cluster. Possible values are ipv4 and dualstack.
The status of the restore action. Returns starting, restoring, completed, or failed.
", "RestoreTableFromClusterSnapshotMessage$ClusterIdentifier": "The identifier of the Amazon Redshift cluster to restore the table to.
", "RestoreTableFromClusterSnapshotMessage$SnapshotIdentifier": "The identifier of the snapshot to restore the table from. This snapshot must have been created from the Amazon Redshift cluster specified by the ClusterIdentifier parameter.
The IP address types supported by this cluster subnet group. Possible values are ipv4 and dualstack.
List of values. Compare Name using Operator to Values. If filter Name is NumberOfNodes, then values can range from 0 to 200. If filter Name is EstimatedDiskUtilizationPercent, then values can range from 0 to 100. For example, filter NumberOfNodes (name) GT (operator) 3 (values).
", "ScheduledActionFilter$Values": "List of values. Compare if the value (of type defined by Name) equals an item in the list of scheduled actions.
This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.
For information, including how to migrate your WAF resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
We currently provide two versions of the WAF API: this API and the prior versions, the classic WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:
You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.
You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.
The limits WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.
Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", + "AssociateWebACL": "Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for AssociateWebACL in the WAF Developer Guide.
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.
WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
", "CreateAPIKey": "Creates an API key that contains a set of token domains.
API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration in the WAF Developer Guide.
You can use a single key for up to 5 domains. After you generate a key, you can copy it for use in your JavaScript integration.
", "CreateIPSet": "Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure WAF to block them using an IPSet that lists those IP addresses.
", @@ -19,7 +19,7 @@ "DescribeAllManagedProducts": "Provides high-level information for the Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups.
", "DescribeManagedProductsByVendor": "Provides high-level information for the managed rule groups owned by a specific vendor.
", "DescribeManagedRuleGroup": "Provides high-level information for a managed rule group, including descriptions of the rules.
", - "DisassociateWebACL": "Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for DisassociateWebACL in the WAF Developer Guide.
", "GenerateMobileSdkReleaseUrl": "Generates a presigned download URL for the specified release of the mobile SDK.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "GetDecryptedAPIKey": "Returns your API key in decrypted form. Use this to check the token domains that you have defined for the key.
API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration in the WAF Developer Guide.
", "GetIPSet": "Retrieves the specified IPSet.
", @@ -32,7 +32,7 @@ "GetRuleGroup": "Retrieves the specified RuleGroup.
", "GetSampledRequests": "Gets detailed information about a specified number of requests--a sample--that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.
GetSampledRequests returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, GetSampledRequests returns an updated time range. This new time range indicates the actual period during which WAF selected the requests in the sample.
Retrieves the specified WebACL.
", - "GetWebACLForResource": "Retrieves the WebACL for the specified resource.
", + "GetWebACLForResource": "Retrieves the WebACL for the specified resource.
This call uses GetWebACL, to verify that your account has permission to access the retrieved web ACL. If you get an error that indicates that your account isn't authorized to perform wafv2:GetWebACL on the resource, that error won't be included in your CloudTrail event history.
For Amazon CloudFront, don't use this call. Instead, call the CloudFront action GetDistributionConfig. For information, see GetDistributionConfig in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for GetWebACLForResource in the WAF Developer Guide.
", "ListAPIKeys": "Retrieves a list of the API keys that you've defined for the specified scope.
API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration in the WAF Developer Guide.
", "ListAvailableManagedRuleGroupVersions": "Returns a list of the available versions for the specified managed rule group.
", "ListAvailableManagedRuleGroups": "Retrieves an array of managed rule groups that are available for you to use. This list includes all Amazon Web Services Managed Rules rule groups and all of the Amazon Web Services Marketplace managed rule groups that you're subscribed to.
", @@ -41,7 +41,7 @@ "ListManagedRuleSets": "Retrieves the managed rule sets that you own.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
Retrieves a list of the available releases for the mobile SDK and the specified device platform.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "ListRegexPatternSets": "Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.
", - "ListResourcesForWebACL": "Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL. If you want the list of Amazon CloudFront resources, use the CloudFront call ListDistributionsByWebACLId.
Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL.
For Amazon CloudFront, don't use this call. Instead, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference.
Required permissions for customer-managed IAM policies
This call requires permissions that are specific to the protected resource type. For details, see Permissions for ListResourcesForWebACL in the WAF Developer Guide.
", "ListRuleGroups": "Retrieves an array of RuleGroupSummary objects for the rule groups that you manage.
", "ListTagsForResource": "Retrieves the TagInfoForResource for the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.
", "ListWebACLs": "Retrieves an array of WebACLSummary objects for the web ACLs that you manage.
", @@ -50,11 +50,11 @@ "PutPermissionPolicy": "Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.
You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
You can attach only one policy with each PutPermissionPolicy request.
The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
The user making the request must be the owner of the rule group.
Associates tags with the specified Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.
", "UntagResource": "Disassociates tags from an Amazon Web Services resource. Tags are key:value pairs that you can associate with Amazon Web Services resources. For example, the tag key might be \"customer\" and the tag value might be \"companyA.\" You can specify one or more tags to add to each container. You can add up to 50 tags to each Amazon Web Services resource.
", - "UpdateIPSet": "Updates the specified IPSet.
This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call.
To modify an IP set, do the following:
Retrieve it by calling GetIPSet
Update its settings as needed
Provide the complete IP set specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", + "UpdateIPSet": "Updates the specified IPSet.
This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call.
To modify an IP set, do the following:
Retrieve it by calling GetIPSet
Update its settings as needed
Provide the complete IP set specification to this call
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
Updates the expiration information for your managed rule set. Use this to initiate the expiration of a managed rule group version. After you initiate expiration for a version, WAF excludes it from the response to ListAvailableManagedRuleGroupVersions for the managed rule group.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
Updates the specified RegexPatternSet.
This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call.
To modify a regex pattern set, do the following:
Retrieve it by calling GetRegexPatternSet
Update its settings as needed
Provide the complete regex pattern set specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", - "UpdateRuleGroup": "Updates the specified RuleGroup.
This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call.
To modify a rule group, do the following:
Retrieve it by calling GetRuleGroup
Update its settings as needed
Provide the complete rule group specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", - "UpdateWebACL": "Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" + "UpdateRegexPatternSet": "Updates the specified RegexPatternSet.
This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call.
To modify a regex pattern set, do the following:
Retrieve it by calling GetRegexPatternSet
Update its settings as needed
Provide the complete regex pattern set specification to this call
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
Updates the specified RuleGroup.
This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call.
To modify a rule group, do the following:
Retrieve it by calling GetRuleGroup
Update its settings as needed
Provide the complete rule group specification to this call
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
After you change a rule action setting, you might see the old action in some places and the new action in others.
After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
The parts of the JSON to match against using the MatchPattern. If you specify All, WAF matches against keys and values.
The parts of the JSON to match against using the MatchPattern. If you specify ALL, WAF matches against keys and values.
All does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND statement to combine two match rules, one that inspects the keys and another that inspects the values.
The parts of the cookies to inspect with the rule inspection criteria. If you specify All, WAF inspects both keys and values.
The parts of the headers to match with the rule inspection criteria. If you specify All, WAF inspects both keys and values.
The parts of the cookies to inspect with the rule inspection criteria. If you specify ALL, WAF inspects both keys and values.
All does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND statement to combine two match rules, one that inspects the keys and another that inspects the values.
The parts of the headers to match with the rule inspection criteria. If you specify ALL, WAF inspects both keys and values.
All does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical AND statement to combine two match rules, one that inspects the keys and another that inspects the values.
A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
HeaderOrder: The comma-separated list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" + "ByteMatchStatement$SearchString": "A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. If WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see Log fields in the WAF Developer Guide.
HeaderOrder: The list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" } }, "SensitivityLevel": { diff --git a/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json b/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json index ab79a70ec30..d078b65948f 100644 --- a/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json +++ b/models/apis/wafv2/2019-07-29/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 9effb50f5a0..55e2779e94a 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -14993,12 +14993,16 @@ "endpoints" : { "ap-northeast-1" : { }, "ap-northeast-2" : { }, + "ap-northeast-3" : { }, "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, + "eu-north-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, + "eu-west-3" : { }, "sa-east-1" : { }, "us-east-1" : { }, "us-east-2" : { }, diff --git a/service/emr/api.go b/service/emr/api.go index f477171e2e3..ef693a7ccd6 100644 --- a/service/emr/api.go +++ b/service/emr/api.go @@ -59,7 +59,7 @@ func (c *EMR) AddInstanceFleetRequest(input *AddInstanceFleetInput) (req *reques // Adds an instance fleet to a running cluster. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x. +// 4.8.0 and higher, excluding 5.0.x. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -411,12 +411,13 @@ func (c *EMR) CancelStepsRequest(input *CancelStepsInput) (req *request.Request, // CancelSteps API operation for Amazon EMR. // // Cancels a pending step or steps in a running cluster. Available only in Amazon -// EMR versions 4.8.0 and later, excluding version 5.0.0. A maximum of 256 steps -// are allowed in each CancelSteps request. CancelSteps is idempotent but asynchronous; -// it does not guarantee that a step will be canceled, even if the request is -// successfully submitted. When you use Amazon EMR releases 5.28.0 and later, -// you can cancel steps that are in a PENDING or RUNNING state. In earlier versions -// of Amazon EMR, you can only cancel steps that are in a PENDING state. +// EMR versions 4.8.0 and higher, excluding version 5.0.0. A maximum of 256 +// steps are allowed in each CancelSteps request. CancelSteps is idempotent +// but asynchronous; it does not guarantee that a step will be canceled, even +// if the request is successfully submitted. When you use Amazon EMR releases +// 5.28.0 and higher, you can cancel steps that are in a PENDING or RUNNING +// state. In earlier versions of Amazon EMR, you can only cancel steps that +// are in a PENDING state. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2314,7 +2315,7 @@ func (c *EMR) ListInstanceFleetsRequest(input *ListInstanceFleetsInput) (req *re // Lists all available details about the instance fleets in a cluster. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3816,7 +3817,7 @@ func (c *EMR) ModifyInstanceFleetRequest(input *ModifyInstanceFleetInput) (req * // ClusterID. The call either succeeds or fails atomically. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -4060,7 +4061,7 @@ func (c *EMR) PutAutoTerminationPolicyRequest(input *PutAutoTerminationPolicyInp // PutAutoTerminationPolicy API operation for Amazon EMR. // // Auto-termination is supported in Amazon EMR releases 5.30.0 and 6.1.0 and -// later. For more information, see Using an auto-termination policy (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-auto-termination-policy.html). +// higher. For more information, see Using an auto-termination policy (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-auto-termination-policy.html). // // Creates or updates an auto-termination policy for an Amazon EMR cluster. // An auto-termination policy defines the amount of idle time in seconds after @@ -4638,7 +4639,7 @@ func (c *EMR) RunJobFlowRequest(input *RunJobFlowInput) (req *request.Request, o // results. // // The instance fleets configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. The RunJobFlow request can contain +// 4.8.0 and higher, excluding 5.0.x versions. The RunJobFlow request can contain // InstanceFleets parameters or InstanceGroups parameters, but not both. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions @@ -5737,7 +5738,7 @@ func (s AddTagsOutput) GoString() string { return s.String() } -// With Amazon EMR release version 4.0 and later, the only accepted parameter +// With Amazon EMR release version 4.0 and higher, the only accepted parameter // is the application name. To pass arguments to applications, you use configuration // classifications specified using configuration JSON objects. For more information, // see Configuring Applications (https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-configure-apps.html). @@ -6293,7 +6294,7 @@ func (s *BootstrapActionDetail) SetBootstrapActionConfig(v *BootstrapActionConfi } // Specification of the status of a CancelSteps request. Available only in Amazon -// EMR version 4.8.0 and later, excluding version 5.0.0. +// EMR version 4.8.0 and higher, excluding version 5.0.0. type CancelStepsInfo struct { _ struct{} `type:"structure"` @@ -6610,19 +6611,28 @@ type Cluster struct { // The Amazon Resource Name of the cluster. ClusterArn *string `min:"20" type:"string"` - // Applies only to Amazon EMR releases 4.x and later. The list of configurations + // Applies only to Amazon EMR releases 4.x and higher. The list of configurations // that are supplied to the Amazon EMR cluster. Configurations []*Configuration `type:"list"` - // Available only in Amazon EMR releases 5.7.0 and later. The ID of a custom + // Available only in Amazon EMR releases 5.7.0 and higher. The ID of a custom // Amazon EBS-backed Linux AMI if the cluster uses a custom AMI. CustomAmiId *string `type:"string"` - // The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that - // is used for each Amazon EC2 instance. Available in Amazon EMR releases 4.x - // and later. + // The IOPS, of the Amazon EBS root device volume for the Linux AMI that each + // Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher. + EbsRootVolumeIops *int64 `type:"integer"` + + // The size, in GiB, of the Amazon EBS root device volume for the Linux AMI + // that each Amazon EC2 instance uses. Available in Amazon EMR releases 4.x + // and higher. EbsRootVolumeSize *int64 `type:"integer"` + // The throughput, in MiB/s, of the Amazon EBS root device volume for the Linux + // AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases + // 6.15.0 and higher. + EbsRootVolumeThroughput *int64 `type:"integer"` + // Provides information about the Amazon EC2 instances in a cluster grouped // by category. For example, key name, subnet ID, IAM instance profile, and // so on. @@ -6633,7 +6643,7 @@ type Cluster struct { // // The instance fleet configuration is available only in Amazon EMR releases - // 4.8.0 and later, excluding 5.0.x versions. + // 4.8.0 and higher, excluding 5.0.x versions. // // The instance group configuration of the cluster. A value of INSTANCE_GROUP // indicates a uniform instance group configuration. A value of INSTANCE_FLEET @@ -6647,7 +6657,7 @@ type Cluster struct { KerberosAttributes *KerberosAttributes `type:"structure"` // The KMS key used for encrypting log files. This attribute is only available - // with Amazon EMR 5.30.0 and later, excluding Amazon EMR 6.0.0. + // with Amazon EMR 5.30.0 and higher, excluding Amazon EMR 6.0.0. LogEncryptionKmsKeyId *string `type:"string"` // The path to the Amazon S3 location where logs for this cluster are stored. @@ -6685,7 +6695,7 @@ type Cluster struct { // For more information about Amazon EMR release versions and included application // versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/ // (https://docs.aws.amazon.com/emr/latest/ReleaseGuide/). The release label - // applies only to Amazon EMR releases version 4.0 and later. Earlier versions + // applies only to Amazon EMR releases version 4.0 and higher. Earlier versions // use AmiVersion. ReleaseLabel *string `type:"string"` @@ -6704,13 +6714,13 @@ type Cluster struct { // scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR // indicates that Amazon EMR terminates nodes at the instance-hour boundary, // regardless of when the request to terminate the instance was submitted. This - // option is only available with Amazon EMR 5.1.0 and later and is the default + // option is only available with Amazon EMR 5.1.0 and higher and is the default // for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates // that Amazon EMR adds nodes to a deny list and drains tasks from nodes before // terminating the Amazon EC2 instances, regardless of the instance-hour boundary. // With either behavior, Amazon EMR removes the least active nodes first and // blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION - // is available only in Amazon EMR releases 4.1.0 and later, and is the default + // is available only in Amazon EMR releases 4.1.0 and higher, and is the default // for versions of Amazon EMR earlier than 5.1.0. ScaleDownBehavior *string `type:"string" enum:"ScaleDownBehavior"` @@ -6803,12 +6813,24 @@ func (s *Cluster) SetCustomAmiId(v string) *Cluster { return s } +// SetEbsRootVolumeIops sets the EbsRootVolumeIops field's value. +func (s *Cluster) SetEbsRootVolumeIops(v int64) *Cluster { + s.EbsRootVolumeIops = &v + return s +} + // SetEbsRootVolumeSize sets the EbsRootVolumeSize field's value. func (s *Cluster) SetEbsRootVolumeSize(v int64) *Cluster { s.EbsRootVolumeSize = &v return s } +// SetEbsRootVolumeThroughput sets the EbsRootVolumeThroughput field's value. +func (s *Cluster) SetEbsRootVolumeThroughput(v int64) *Cluster { + s.EbsRootVolumeThroughput = &v + return s +} + // SetEc2InstanceAttributes sets the Ec2InstanceAttributes field's value. func (s *Cluster) SetEc2InstanceAttributes(v *Ec2InstanceAttributes) *Cluster { s.Ec2InstanceAttributes = v @@ -7350,7 +7372,7 @@ func (s *ComputeLimits) SetUnitType(v string) *ComputeLimits { return s } -// Amazon EMR releases 4.x or later. +// Amazon EMR releases 4.x or higher. // // An optional configuration specification to be used when provisioning cluster // instances, which can include configurations for applications and software @@ -9466,8 +9488,8 @@ type GetBlockPublicAccessConfigurationOutput struct { // that allow inbound traffic from 0.0.0.0/0 or ::/0 on a port, unless the port // is specified as an exception using PermittedPublicSecurityGroupRuleRanges // in the BlockPublicAccessConfiguration. By default, Port 22 (SSH) is an exception, - // and public access is allowed on this port. You can change this by updating - // the block public access configuration to remove the exception. + // and public access is allowed on this port. To change this, update the block + // public access configuration to remove the exception. // // For accounts that created clusters in a Region before November 25, 2019, // block public access is disabled by default in that Region. To use this feature, @@ -10103,7 +10125,7 @@ func (s *Instance) SetStatus(v *InstanceStatus) *Instance { // Spot Instances, which are provisioned to meet a defined target capacity. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleet struct { _ struct{} `type:"structure"` @@ -10267,7 +10289,7 @@ func (s *InstanceFleet) SetTargetSpotCapacity(v int64) *InstanceFleet { // The configuration that defines an instance fleet. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleetConfig struct { _ struct{} `type:"structure"` @@ -10422,7 +10444,7 @@ func (s *InstanceFleetConfig) SetTargetSpotCapacity(v int64) *InstanceFleetConfi // Configuration parameters for an instance fleet modification request. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleetModifyConfig struct { _ struct{} `type:"structure"` @@ -10507,8 +10529,8 @@ func (s *InstanceFleetModifyConfig) SetTargetSpotCapacity(v int64) *InstanceFlee // the defined duration, provisioning timeout behavior, and allocation strategy. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. On-Demand and Spot instance allocation -// strategies are available in Amazon EMR releases 5.12.1 and later. +// 4.8.0 and higher, excluding 5.0.x versions. On-Demand and Spot instance allocation +// strategies are available in Amazon EMR releases 5.12.1 and higher. type InstanceFleetProvisioningSpecifications struct { _ struct{} `type:"structure"` @@ -10516,8 +10538,8 @@ type InstanceFleetProvisioningSpecifications struct { // determines the allocation strategy. // // The instance fleet configuration is available only in Amazon EMR releases - // 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation - // strategy is available in Amazon EMR releases 5.12.1 and later. + // 4.8.0 and higher, excluding 5.0.x versions. On-Demand Instances allocation + // strategy is available in Amazon EMR releases 5.12.1 and higher. OnDemandSpecification *OnDemandProvisioningSpecification `type:"structure"` // The launch specification for Spot instances in the fleet, which determines @@ -10641,7 +10663,7 @@ func (s *InstanceFleetResizingSpecifications) SetSpotResizeSpecification(v *Spot // Provides status change reason details for the instance fleet. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleetStateChangeReason struct { _ struct{} `type:"structure"` @@ -10685,7 +10707,7 @@ func (s *InstanceFleetStateChangeReason) SetMessage(v string) *InstanceFleetStat // The status of the instance fleet. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleetStatus struct { _ struct{} `type:"structure"` @@ -10760,7 +10782,7 @@ func (s *InstanceFleetStatus) SetTimeline(v *InstanceFleetTimeline) *InstanceFle // of creation, the time it became ready to run jobs, and the time of termination. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceFleetTimeline struct { _ struct{} `type:"structure"` @@ -10827,7 +10849,7 @@ type InstanceGroup struct { BidPrice *string `type:"string"` // - // Amazon EMR releases 4.x or later. + // Amazon EMR releases 4.x or higher. // // The list of configurations supplied for an Amazon EMR cluster instance group. // You can specify a separate configuration for each instance group (master, @@ -11028,7 +11050,7 @@ type InstanceGroupConfig struct { BidPrice *string `type:"string"` // - // Amazon EMR releases 4.x or later. + // Amazon EMR releases 4.x or higher. // // The list of configurations supplied for an Amazon EMR cluster instance group. // You can specify a separate configuration for each instance group (master, @@ -11786,7 +11808,7 @@ func (s *InstanceTimeline) SetReadyDateTime(v time.Time) *InstanceTimeline { // type configurations for a fleet. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceTypeConfig struct { _ struct{} `type:"structure"` @@ -11909,7 +11931,7 @@ func (s *InstanceTypeConfig) SetWeightedCapacity(v int64) *InstanceTypeConfig { // The configuration specification for each instance type in an instance fleet. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. +// 4.8.0 and higher, excluding 5.0.x versions. type InstanceTypeSpecification struct { _ struct{} `type:"structure"` @@ -12217,7 +12239,7 @@ type JobFlowDetail struct { _ struct{} `type:"structure"` // Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases - // 4.0 and later, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID. + // 4.0 and higher, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID. AmiVersion *string `type:"string"` // An IAM role for automatic scaling policies. The default role is EMR_AutoScaling_DefaultRole. @@ -12249,7 +12271,7 @@ type JobFlowDetail struct { JobFlowRole *string `type:"string"` // The KMS key used for encrypting log files. This attribute is only available - // with Amazon EMR 5.30.0 and later, excluding 6.0.0. + // with Amazon EMR 5.30.0 and higher, excluding 6.0.0. LogEncryptionKmsKeyId *string `type:"string"` // The location in Amazon S3 where log files for the job are stored. @@ -12264,13 +12286,13 @@ type JobFlowDetail struct { // scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR // indicates that Amazon EMR terminates nodes at the instance-hour boundary, // regardless of when the request to terminate the instance was submitted. This - // option is only available with Amazon EMR 5.1.0 and later and is the default + // option is only available with Amazon EMR 5.1.0 and higher and is the default // for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates // that Amazon EMR adds nodes to a deny list and drains tasks from nodes before // terminating the Amazon EC2 instances, regardless of the instance-hour boundary. // With either behavior, Amazon EMR removes the least active nodes first and // blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION - // available only in Amazon EMR releases 4.1.0 and later, and is the default + // available only in Amazon EMR releases 4.1.0 and higher, and is the default // for releases of Amazon EMR earlier than 5.1.0. ScaleDownBehavior *string `type:"string" enum:"ScaleDownBehavior"` @@ -12521,7 +12543,7 @@ type JobFlowInstancesConfig struct { // instances in the optimal subnet. // // The instance fleet configuration is available only in Amazon EMR releases - // 4.8.0 and later, excluding 5.0.x versions. + // 4.8.0 and higher, excluding 5.0.x versions. Ec2SubnetIds []*string `type:"list"` // The identifier of the Amazon EC2 security group for the master node. If you @@ -12545,7 +12567,7 @@ type JobFlowInstancesConfig struct { // // The instance fleet configuration is available only in Amazon EMR releases - // 4.8.0 and later, excluding 5.0.x versions. + // 4.8.0 and higher, excluding 5.0.x versions. // // Describes the Amazon EC2 instances and instance configurations for clusters // that use the instance fleet configuration. @@ -15179,8 +15201,8 @@ func (s *OnDemandCapacityReservationOptions) SetUsageStrategy(v string) *OnDeman // determines the allocation strategy. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. On-Demand Instances allocation -// strategy is available in Amazon EMR releases 5.12.1 and later. +// 4.8.0 and higher, excluding 5.0.x versions. On-Demand Instances allocation +// strategy is available in Amazon EMR releases 5.12.1 and higher. type OnDemandProvisioningSpecification struct { _ struct{} `type:"structure"` @@ -15470,7 +15492,7 @@ type PlacementType struct { // uniform instance groups. // // The instance fleet configuration is available only in Amazon EMR releases - // 4.8.0 and later, excluding 5.0.x versions. + // 4.8.0 and higher, excluding 5.0.x versions. AvailabilityZones []*string `type:"list"` } @@ -16316,10 +16338,10 @@ type RunJobFlowInput struct { AdditionalInfo *string `type:"string"` // Applies only to Amazon EMR AMI versions 3.x and 2.x. For Amazon EMR releases - // 4.0 and later, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID. + // 4.0 and higher, ReleaseLabel is used. To specify a custom AMI, use CustomAmiID. AmiVersion *string `type:"string"` - // Applies to Amazon EMR releases 4.0 and later. A case-insensitive list of + // Applies to Amazon EMR releases 4.0 and higher. A case-insensitive list of // applications for Amazon EMR to install and configure when launching the cluster. // For a list of applications available for each Amazon EMR release version, // see the Amazon EMRRelease Guide (https://docs.aws.amazon.com/emr/latest/ReleaseGuide/). @@ -16339,11 +16361,11 @@ type RunJobFlowInput struct { // A list of bootstrap actions to run before Hadoop starts on the cluster nodes. BootstrapActions []*BootstrapActionConfig `type:"list"` - // For Amazon EMR releases 4.0 and later. The list of configurations supplied + // For Amazon EMR releases 4.0 and higher. The list of configurations supplied // for the Amazon EMR cluster that you are creating. Configurations []*Configuration `type:"list"` - // Available only in Amazon EMR releases 5.7.0 and later. The ID of a custom + // Available only in Amazon EMR releases 5.7.0 and higher. The ID of a custom // Amazon EBS-backed Linux AMI. If specified, Amazon EMR uses this AMI when // it launches cluster Amazon EC2 instances. For more information about custom // AMIs in Amazon EMR, see Using a Custom AMI (https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-custom-ami.html) @@ -16357,11 +16379,20 @@ type RunJobFlowInput struct { // about finding an AMI ID, see Finding a Linux AMI (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html). CustomAmiId *string `type:"string"` - // The size, in GiB, of the Amazon EBS root device volume of the Linux AMI that - // is used for each Amazon EC2 instance. Available in Amazon EMR releases 4.x - // and later. + // The IOPS for the Amazon EBS root device volume for the Linux AMI that each + // Amazon EC2 instance uses. Available in Amazon EMR releases 6.15.0 and higher. + EbsRootVolumeIops *int64 `type:"integer"` + + // The size, in GiB, of the Amazon EBS root device volume for the Linux AMI + // that each Amazon EC2 instance uses. Available in Amazon EMR releases 4.x + // and higher. EbsRootVolumeSize *int64 `type:"integer"` + // The throughput, in MiB/s, of the Amazon EBS root device volume for the Linux + // AMI that each Amazon EC2 instance uses. Available in Amazon EMR releases + // 6.15.0 and higher. + EbsRootVolumeThroughput *int64 `type:"integer"` + // A specification of the number and type of Amazon EC2 instances. // // Instances is a required field @@ -16381,7 +16412,7 @@ type RunJobFlowInput struct { // The KMS key used for encrypting log files. If a value is not provided, the // logs remain encrypted by AES-256. This attribute is only available with Amazon - // EMR releases 5.30.0 and later, excluding Amazon EMR 6.0.0. + // EMR releases 5.30.0 and higher, excluding Amazon EMR 6.0.0. LogEncryptionKmsKeyId *string `type:"string"` // The location in Amazon S3 to write the log files of the job flow. If a value @@ -16397,7 +16428,7 @@ type RunJobFlowInput struct { Name *string `type:"string" required:"true"` // - // For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and later, + // For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and higher, // use Applications. // // A list of strings that indicates third-party software to use with the job @@ -16439,7 +16470,7 @@ type RunJobFlowInput struct { // For more information about Amazon EMR release versions and included application // versions and features, see https://docs.aws.amazon.com/emr/latest/ReleaseGuide/ // (https://docs.aws.amazon.com/emr/latest/ReleaseGuide/). The release label - // applies only to Amazon EMR releases version 4.0 and later. Earlier versions + // applies only to Amazon EMR releases version 4.0 and higher. Earlier versions // use AmiVersion. ReleaseLabel *string `type:"string"` @@ -16454,13 +16485,13 @@ type RunJobFlowInput struct { // automatic scale-in activity occurs or an instance group is resized. TERMINATE_AT_INSTANCE_HOUR // indicates that Amazon EMR terminates nodes at the instance-hour boundary, // regardless of when the request to terminate the instance was submitted. This - // option is only available with Amazon EMR 5.1.0 and later and is the default + // option is only available with Amazon EMR 5.1.0 and higher and is the default // for clusters created using that version. TERMINATE_AT_TASK_COMPLETION indicates // that Amazon EMR adds nodes to a deny list and drains tasks from nodes before // terminating the Amazon EC2 instances, regardless of the instance-hour boundary. // With either behavior, Amazon EMR removes the least active nodes first and // blocks instance termination if it could lead to HDFS corruption. TERMINATE_AT_TASK_COMPLETION - // available only in Amazon EMR releases 4.1.0 and later, and is the default + // available only in Amazon EMR releases 4.1.0 and higher, and is the default // for releases of Amazon EMR earlier than 5.1.0. ScaleDownBehavior *string `type:"string" enum:"ScaleDownBehavior"` @@ -16480,7 +16511,7 @@ type RunJobFlowInput struct { Steps []*StepConfig `type:"list"` // - // For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and later, + // For Amazon EMR releases 3.x and 2.x. For Amazon EMR releases 4.x and higher, // use Applications. // // A list of strings that indicates third-party software to use. For more information, @@ -16641,12 +16672,24 @@ func (s *RunJobFlowInput) SetCustomAmiId(v string) *RunJobFlowInput { return s } +// SetEbsRootVolumeIops sets the EbsRootVolumeIops field's value. +func (s *RunJobFlowInput) SetEbsRootVolumeIops(v int64) *RunJobFlowInput { + s.EbsRootVolumeIops = &v + return s +} + // SetEbsRootVolumeSize sets the EbsRootVolumeSize field's value. func (s *RunJobFlowInput) SetEbsRootVolumeSize(v int64) *RunJobFlowInput { s.EbsRootVolumeSize = &v return s } +// SetEbsRootVolumeThroughput sets the EbsRootVolumeThroughput field's value. +func (s *RunJobFlowInput) SetEbsRootVolumeThroughput(v int64) *RunJobFlowInput { + s.EbsRootVolumeThroughput = &v + return s +} + // SetInstances sets the Instances field's value. func (s *RunJobFlowInput) SetInstances(v *JobFlowInstancesConfig) *RunJobFlowInput { s.Instances = v @@ -17710,8 +17753,8 @@ func (s *SimplifiedApplication) SetVersion(v string) *SimplifiedApplication { // strategy. // // The instance fleet configuration is available only in Amazon EMR releases -// 4.8.0 and later, excluding 5.0.x versions. Spot Instance allocation strategy -// is available in Amazon EMR releases 5.12.1 and later. +// 4.8.0 and higher, excluding 5.0.x versions. Spot Instance allocation strategy +// is available in Amazon EMR releases 5.12.1 and higher. // // Spot Instances with a defined duration (also known as Spot blocks) are no // longer available to new customers from July 1, 2021. For customers who have @@ -17720,10 +17763,15 @@ func (s *SimplifiedApplication) SetVersion(v string) *SimplifiedApplication { type SpotProvisioningSpecification struct { _ struct{} `type:"structure"` - // Specifies the strategy to use in launching Spot Instance fleets. Currently, - // the only option is capacity-optimized (the default), which launches instances - // from Spot Instance pools with optimal capacity for the number of instances - // that are launching. + // Specifies one of the following strategies to launch Spot Instance fleets: + // price-capacity-optimized, capacity-optimized, lowest-price, or diversified. + // For more information on the provisioning strategies, see Allocation strategies + // for Spot Instances (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-fleet-allocation-strategy.html) + // in the Amazon EC2 User Guide for Linux Instances. + // + // When you launch a Spot Instance fleet with the old console, it automatically + // launches with the capacity-optimized strategy. You can't change the allocation + // strategy from the old console. AllocationStrategy *string `type:"string" enum:"SpotProvisioningAllocationStrategy"` // The defined duration for Spot Instances (also known as Spot blocks) in minutes. diff --git a/service/neptune/api.go b/service/neptune/api.go index ae689b3cb35..0e7ba7b0184 100644 --- a/service/neptune/api.go +++ b/service/neptune/api.go @@ -7286,8 +7286,7 @@ type AddRoleToDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the feature for the Neptune DB cluster that the IAM role is to - // be associated with. For the list of supported feature names, see DBEngineVersion - // (neptune/latest/userguide/api-other-apis.html#DBEngineVersion). + // be associated with. For the list of supported feature names, see DBEngineVersion. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role to associate with the Neptune @@ -8740,8 +8739,8 @@ type CreateDBClusterInput struct { // backups are enabled using the BackupRetentionPeriod parameter. // // The default is a 30-minute window selected at random from an 8-hour block - // of time for each Amazon Region. To see the time blocks available, see Adjusting - // the Preferred Maintenance Window (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AdjustingTheMaintenanceWindow.html) + // of time for each Amazon Region. To see the time blocks available, see Neptune + // Maintenance Window (https://docs.aws.amazon.com/neptune/latest/userguide/manage-console-maintaining.html#manage-console-maintaining-window) // in the Amazon Neptune User Guide. // // Constraints: @@ -8762,8 +8761,7 @@ type CreateDBClusterInput struct { // // The default is a 30-minute window selected at random from an 8-hour block // of time for each Amazon Region, occurring on a random day of the week. To - // see the time blocks available, see Adjusting the Preferred Maintenance Window - // (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/AdjustingTheMaintenanceWindow.html) + // see the time blocks available, see Neptune Maintenance Window (https://docs.aws.amazon.com/neptune/latest/userguide/manage-console-maintaining.html#manage-console-maintaining-window) // in the Amazon Neptune User Guide. // // Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun. @@ -9012,7 +9010,7 @@ type CreateDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -9546,7 +9544,11 @@ type CreateDBInstanceInput struct { // The password for the given ARN from the key store in order to access the // device. - TdeCredentialPassword *string `type:"string"` + // + // TdeCredentialPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreateDBInstanceInput's + // String and GoString methods. + TdeCredentialPassword *string `type:"string" sensitive:"true"` // The time zone of the DB instance. Timezone *string `type:"string"` @@ -10448,7 +10450,7 @@ func (s *CreateGlobalClusterOutput) SetGlobalCluster(v *GlobalCluster) *CreateGl // Contains the details of an Amazon Neptune DB cluster. // -// This data type is used as a response element in the DescribeDBClusters action. +// This data type is used as a response element in the DescribeDBClusters. type DBCluster struct { _ struct{} `type:"structure"` @@ -11202,8 +11204,7 @@ type DBClusterRole struct { _ struct{} `type:"structure"` // The name of the feature associated with the Amazon Identity and Access Management - // (IAM) role. For the list of supported feature names, see DescribeDBEngineVersions - // (https://docs.aws.amazon.com/neptune/latest/userguide/api-other-apis.html#DescribeDBEngineVersions). + // (IAM) role. For the list of supported feature names, see DescribeDBEngineVersions. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role that is associated with the @@ -12837,7 +12838,7 @@ type DeleteDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -16756,7 +16757,7 @@ type FailoverDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -17513,7 +17514,7 @@ type ModifyDBClusterInput struct { // // For a list of valid engine versions, see Engine Releases for Amazon Neptune // (https://docs.aws.amazon.com/neptune/latest/userguide/engine-releases.html), - // or call DescribeDBEngineVersions (https://docs.aws.amazon.com/neptune/latest/userguide/api-other-apis.html#DescribeDBEngineVersions). + // or call DescribeDBEngineVersions. EngineVersion *string `type:"string"` // Not supported by Neptune. @@ -17733,7 +17734,7 @@ type ModifyDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -18211,7 +18212,11 @@ type ModifyDBInstanceInput struct { // The password for the given ARN from the key store in order to access the // device. - TdeCredentialPassword *string `type:"string"` + // + // TdeCredentialPassword is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by ModifyDBInstanceInput's + // String and GoString methods. + TdeCredentialPassword *string `type:"string" sensitive:"true"` // A list of EC2 VPC security groups to authorize on this DB instance. This // change is asynchronously applied as soon as possible. @@ -19675,7 +19680,7 @@ type PromoteReadReplicaDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -19960,8 +19965,7 @@ type RemoveRoleFromDBClusterInput struct { DBClusterIdentifier *string `type:"string" required:"true"` // The name of the feature for the DB cluster that the IAM role is to be disassociated - // from. For the list of supported feature names, see DescribeDBEngineVersions - // (https://docs.aws.amazon.com/neptune/latest/userguide/api-other-apis.html#DescribeDBEngineVersions). + // from. For the list of supported feature names, see DescribeDBEngineVersions. FeatureName *string `type:"string"` // The Amazon Resource Name (ARN) of the IAM role to disassociate from the DB @@ -20757,7 +20761,7 @@ type RestoreDBClusterFromSnapshotOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -21061,7 +21065,7 @@ type RestoreDBClusterToPointInTimeOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -21237,7 +21241,7 @@ type StartDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } @@ -21317,7 +21321,7 @@ type StopDBClusterOutput struct { // Contains the details of an Amazon Neptune DB cluster. // - // This data type is used as a response element in the DescribeDBClusters action. + // This data type is used as a response element in the DescribeDBClusters. DBCluster *DBCluster `type:"structure"` } diff --git a/service/pinpoint/api.go b/service/pinpoint/api.go index 774ed56f690..dd00f338887 100644 --- a/service/pinpoint/api.go +++ b/service/pinpoint/api.go @@ -21395,7 +21395,8 @@ type EndpointBatchItem struct { // specified by the Address property. EndpointStatus *string `type:"string"` - // The unique identifier for the endpoint in the context of the batch. + // The case insensitive unique identifier for the endpoint in the context of + // the batch. The identifier can't contain $, { or }. Id *string `type:"string"` // The geographic information for the endpoint. diff --git a/service/redshift/api.go b/service/redshift/api.go index db9f7038791..f8869413c51 100644 --- a/service/redshift/api.go +++ b/service/redshift/api.go @@ -1260,6 +1260,10 @@ func (c *Redshift) CreateClusterRequest(input *CreateClusterInput) (req *request // // The value must be either -1 or an integer between 1 and 3,653. // +// - ErrCodeIpv6CidrBlockNotFoundFault "Ipv6CidrBlockNotFoundFault" +// There are no subnets in your VPC with associated IPv6 CIDR blocks. To use +// dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/CreateCluster func (c *Redshift) CreateCluster(input *CreateClusterInput) (*CreateClusterOutput, error) { req, out := c.CreateClusterRequest(input) @@ -10929,6 +10933,10 @@ func (c *Redshift) ModifyClusterRequest(input *ModifyClusterInput) (req *request // - ErrCodeCustomCnameAssociationFault "CustomCnameAssociationFault" // An error occurred when an attempt was made to change the custom domain association. // +// - ErrCodeIpv6CidrBlockNotFoundFault "Ipv6CidrBlockNotFoundFault" +// There are no subnets in your VPC with associated IPv6 CIDR blocks. To use +// dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/ModifyCluster func (c *Redshift) ModifyCluster(input *ModifyClusterInput) (*ModifyClusterOutput, error) { req, out := c.ModifyClusterRequest(input) @@ -13061,6 +13069,10 @@ func (c *Redshift) RestoreFromClusterSnapshotRequest(input *RestoreFromClusterSn // - ErrCodeUnsupportedOperationFault "UnsupportedOperation" // The requested operation isn't supported. // +// - ErrCodeIpv6CidrBlockNotFoundFault "Ipv6CidrBlockNotFoundFault" +// There are no subnets in your VPC with associated IPv6 CIDR blocks. To use +// dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/redshift-2012-12-01/RestoreFromClusterSnapshot func (c *Redshift) RestoreFromClusterSnapshot(input *RestoreFromClusterSnapshotInput) (*RestoreFromClusterSnapshotOutput, error) { req, out := c.RestoreFromClusterSnapshotRequest(input) @@ -15613,6 +15625,9 @@ type Cluster struct { // the cluster to access other Amazon Web Services services. IamRoles []*ClusterIamRole `locationNameList:"ClusterIamRole" type:"list"` + // The IP address type for the cluster. Possible values are ipv4 and dualstack. + IpAddressType *string `type:"string"` + // The Key Management Service (KMS) key ID of the encryption key used to encrypt // data in the cluster. KmsKeyId *string `type:"string"` @@ -15924,6 +15939,12 @@ func (s *Cluster) SetIamRoles(v []*ClusterIamRole) *Cluster { return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *Cluster) SetIpAddressType(v string) *Cluster { + s.IpAddressType = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *Cluster) SetKmsKeyId(v string) *Cluster { s.KmsKeyId = &v @@ -16685,6 +16706,10 @@ type ClusterSubnetGroup struct { // A list of the VPC Subnet elements. Subnets []*Subnet `locationNameList:"Subnet" type:"list"` + // The IP address types supported by this cluster subnet group. Possible values + // are ipv4 and dualstack. + SupportedClusterIpAddressTypes []*string `locationNameList:"item" type:"list"` + // The list of tags for the cluster subnet group. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -16734,6 +16759,12 @@ func (s *ClusterSubnetGroup) SetSubnets(v []*Subnet) *ClusterSubnetGroup { return s } +// SetSupportedClusterIpAddressTypes sets the SupportedClusterIpAddressTypes field's value. +func (s *ClusterSubnetGroup) SetSupportedClusterIpAddressTypes(v []*string) *ClusterSubnetGroup { + s.SupportedClusterIpAddressTypes = v + return s +} + // SetTags sets the Tags field's value. func (s *ClusterSubnetGroup) SetTags(v []*Tag) *ClusterSubnetGroup { s.Tags = v @@ -17222,6 +17253,10 @@ type CreateClusterInput struct { // in the Amazon Redshift Cluster Management Guide. IamRoles []*string `locationNameList:"IamRoleArn" type:"list"` + // The IP address types that the cluster supports. Possible values are ipv4 + // and dualstack. + IpAddressType *string `type:"string"` + // The Key Management Service (KMS) key ID of the encryption key that you want // to use to encrypt data in the cluster. KmsKeyId *string `type:"string"` @@ -17522,6 +17557,12 @@ func (s *CreateClusterInput) SetIamRoles(v []*string) *CreateClusterInput { return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *CreateClusterInput) SetIpAddressType(v string) *CreateClusterInput { + s.IpAddressType = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *CreateClusterInput) SetKmsKeyId(v string) *CreateClusterInput { s.KmsKeyId = &v @@ -29610,6 +29651,10 @@ type ModifyClusterInput struct { // the Amazon Redshift cluster can use to retrieve and store keys in an HSM. HsmConfigurationIdentifier *string `type:"string"` + // The IP address types that the cluster supports. Possible values are ipv4 + // and dualstack. + IpAddressType *string `type:"string"` + // The Key Management Service (KMS) key ID of the encryption key that you want // to use to encrypt data in the cluster. KmsKeyId *string `type:"string"` @@ -29855,6 +29900,12 @@ func (s *ModifyClusterInput) SetHsmConfigurationIdentifier(v string) *ModifyClus return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *ModifyClusterInput) SetIpAddressType(v string) *ModifyClusterInput { + s.IpAddressType = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *ModifyClusterInput) SetKmsKeyId(v string) *ModifyClusterInput { s.KmsKeyId = &v @@ -31600,6 +31651,9 @@ type NetworkInterface struct { // The Availability Zone. AvailabilityZone *string `type:"string"` + // The IPv6 address of the network interface within the subnet. + Ipv6Address *string `type:"string"` + // The network interface identifier. NetworkInterfaceId *string `type:"string"` @@ -31634,6 +31688,12 @@ func (s *NetworkInterface) SetAvailabilityZone(v string) *NetworkInterface { return s } +// SetIpv6Address sets the Ipv6Address field's value. +func (s *NetworkInterface) SetIpv6Address(v string) *NetworkInterface { + s.Ipv6Address = &v + return s +} + // SetNetworkInterfaceId sets the NetworkInterfaceId field's value. func (s *NetworkInterface) SetNetworkInterfaceId(v string) *NetworkInterface { s.NetworkInterfaceId = &v @@ -33643,6 +33703,9 @@ type RestoreFromClusterSnapshotInput struct { // in the Amazon Redshift Cluster Management Guide. IamRoles []*string `locationNameList:"IamRoleArn" type:"list"` + // The IP address type for the cluster. Possible values are ipv4 and dualstack. + IpAddressType *string `type:"string"` + // The Key Management Service (KMS) key ID of the encryption key that encrypts // data in the cluster restored from a shared snapshot. You can also provide // the key ID when you restore from an unencrypted snapshot to an encrypted @@ -33893,6 +33956,12 @@ func (s *RestoreFromClusterSnapshotInput) SetIamRoles(v []*string) *RestoreFromC return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *RestoreFromClusterSnapshotInput) SetIpAddressType(v string) *RestoreFromClusterSnapshotInput { + s.IpAddressType = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *RestoreFromClusterSnapshotInput) SetKmsKeyId(v string) *RestoreFromClusterSnapshotInput { s.KmsKeyId = &v diff --git a/service/redshift/errors.go b/service/redshift/errors.go index 3d76646b3bc..470b464c0f3 100644 --- a/service/redshift/errors.go +++ b/service/redshift/errors.go @@ -566,6 +566,13 @@ const ( // The cluster subnet group does not cover all Availability Zones. ErrCodeInvalidVPCNetworkStateFault = "InvalidVPCNetworkStateFault" + // ErrCodeIpv6CidrBlockNotFoundFault for service response error code + // "Ipv6CidrBlockNotFoundFault". + // + // There are no subnets in your VPC with associated IPv6 CIDR blocks. To use + // dual-stack mode, associate an IPv6 CIDR block with each subnet in your VPC. + ErrCodeIpv6CidrBlockNotFoundFault = "Ipv6CidrBlockNotFoundFault" + // ErrCodeLimitExceededFault for service response error code // "LimitExceededFault". // diff --git a/service/wafv2/api.go b/service/wafv2/api.go index 72f1139b6b1..5aa838a891f 100644 --- a/service/wafv2/api.go +++ b/service/wafv2/api.go @@ -69,18 +69,33 @@ func (c *WAFV2) AssociateWebACLRequest(input *AssociateWebACLInput) (req *reques // of the web ACL. For information, see UpdateDistribution (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html) // in the Amazon CloudFront Developer Guide. // -// When you make changes to web ACLs or web ACL components, like rules and rule -// groups, WAF propagates the changes everywhere that the web ACL and its components -// are stored and used. Your changes are applied within seconds, but there might -// be a brief period of inconsistency when the changes have arrived in some -// places and not in others. So, for example, if you change a rule action setting, -// the action might be the old action in one area and the new action in another -// area. Or if you add an IP address to an IP set used in a blocking rule, the -// new address might briefly be blocked in one area while still allowed in another. -// This temporary inconsistency can occur when you first associate a web ACL -// with an Amazon Web Services resource and when you change a web ACL that is -// already associated with a resource. Generally, any inconsistencies of this -// type last only a few seconds. +// # Required permissions for customer-managed IAM policies +// +// This call requires permissions that are specific to the protected resource +// type. For details, see Permissions for AssociateWebACL (https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-AssociateWebACL) +// in the WAF Developer Guide. +// +// # Temporary inconsistencies during updates +// +// When you create or change a web ACL or other WAF resources, the changes take +// a small amount of time to propagate to all areas where the resources are +// stored. The propagation time can be from a few seconds to a number of minutes. +// +// The following are examples of the temporary inconsistencies that you might +// notice during change propagation: +// +// - After you create a web ACL, if you try to associate it with a resource, +// you might get an exception indicating that the web ACL is unavailable. +// +// - After you add a rule group to a web ACL, the new rule group rules might +// be in effect in one area where the web ACL is used and not in another. +// +// - After you change a rule action setting, you might see the old action +// in some places and the new action in others. +// +// - After you add an IP address to an IP set that is in use in a blocking +// rule, the new address might be blocked in one area while still allowed +// in another. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2142,6 +2157,12 @@ func (c *WAFV2) DisassociateWebACLRequest(input *DisassociateWebACLInput) (req * // (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html) // in the Amazon CloudFront API Reference. // +// # Required permissions for customer-managed IAM policies +// +// This call requires permissions that are specific to the protected resource +// type. For details, see Permissions for DisassociateWebACL (https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-DisassociateWebACL) +// in the WAF Developer Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -3550,6 +3571,22 @@ func (c *WAFV2) GetWebACLForResourceRequest(input *GetWebACLForResourceInput) (r // // Retrieves the WebACL for the specified resource. // +// This call uses GetWebACL, to verify that your account has permission to access +// the retrieved web ACL. If you get an error that indicates that your account +// isn't authorized to perform wafv2:GetWebACL on the resource, that error won't +// be included in your CloudTrail event history. +// +// For Amazon CloudFront, don't use this call. Instead, call the CloudFront +// action GetDistributionConfig. For information, see GetDistributionConfig +// (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_GetDistributionConfig.html) +// in the Amazon CloudFront API Reference. +// +// # Required permissions for customer-managed IAM policies +// +// This call requires permissions that are specific to the protected resource +// type. For details, see Permissions for GetWebACLForResource (https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-GetWebACLForResource) +// in the WAF Developer Guide. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -4479,8 +4516,18 @@ func (c *WAFV2) ListResourcesForWebACLRequest(input *ListResourcesForWebACLInput // ListResourcesForWebACL API operation for AWS WAFV2. // // Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources -// that are associated with the specified web ACL. If you want the list of Amazon -// CloudFront resources, use the CloudFront call ListDistributionsByWebACLId. +// that are associated with the specified web ACL. +// +// For Amazon CloudFront, don't use this call. Instead, use the CloudFront call +// ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId +// (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html) +// in the Amazon CloudFront API Reference. +// +// # Required permissions for customer-managed IAM policies +// +// This call requires permissions that are specific to the protected resource +// type. For details, see Permissions for ListResourcesForWebACL (https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-ListResourcesForWebACL) +// in the WAF Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5589,18 +5636,27 @@ func (c *WAFV2) UpdateIPSetRequest(input *UpdateIPSetInput) (req *request.Reques // // # Provide the complete IP set specification to this call // -// When you make changes to web ACLs or web ACL components, like rules and rule -// groups, WAF propagates the changes everywhere that the web ACL and its components -// are stored and used. Your changes are applied within seconds, but there might -// be a brief period of inconsistency when the changes have arrived in some -// places and not in others. So, for example, if you change a rule action setting, -// the action might be the old action in one area and the new action in another -// area. Or if you add an IP address to an IP set used in a blocking rule, the -// new address might briefly be blocked in one area while still allowed in another. -// This temporary inconsistency can occur when you first associate a web ACL -// with an Amazon Web Services resource and when you change a web ACL that is -// already associated with a resource. Generally, any inconsistencies of this -// type last only a few seconds. +// # Temporary inconsistencies during updates +// +// When you create or change a web ACL or other WAF resources, the changes take +// a small amount of time to propagate to all areas where the resources are +// stored. The propagation time can be from a few seconds to a number of minutes. +// +// The following are examples of the temporary inconsistencies that you might +// notice during change propagation: +// +// - After you create a web ACL, if you try to associate it with a resource, +// you might get an exception indicating that the web ACL is unavailable. +// +// - After you add a rule group to a web ACL, the new rule group rules might +// be in effect in one area where the web ACL is used and not in another. +// +// - After you change a rule action setting, you might see the old action +// in some places and the new action in others. +// +// - After you add an IP address to an IP set that is in use in a blocking +// rule, the new address might be blocked in one area while still allowed +// in another. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5852,18 +5908,27 @@ func (c *WAFV2) UpdateRegexPatternSetRequest(input *UpdateRegexPatternSetInput) // // # Provide the complete regex pattern set specification to this call // -// When you make changes to web ACLs or web ACL components, like rules and rule -// groups, WAF propagates the changes everywhere that the web ACL and its components -// are stored and used. Your changes are applied within seconds, but there might -// be a brief period of inconsistency when the changes have arrived in some -// places and not in others. So, for example, if you change a rule action setting, -// the action might be the old action in one area and the new action in another -// area. Or if you add an IP address to an IP set used in a blocking rule, the -// new address might briefly be blocked in one area while still allowed in another. -// This temporary inconsistency can occur when you first associate a web ACL -// with an Amazon Web Services resource and when you change a web ACL that is -// already associated with a resource. Generally, any inconsistencies of this -// type last only a few seconds. +// # Temporary inconsistencies during updates +// +// When you create or change a web ACL or other WAF resources, the changes take +// a small amount of time to propagate to all areas where the resources are +// stored. The propagation time can be from a few seconds to a number of minutes. +// +// The following are examples of the temporary inconsistencies that you might +// notice during change propagation: +// +// - After you create a web ACL, if you try to associate it with a resource, +// you might get an exception indicating that the web ACL is unavailable. +// +// - After you add a rule group to a web ACL, the new rule group rules might +// be in effect in one area where the web ACL is used and not in another. +// +// - After you change a rule action setting, you might see the old action +// in some places and the new action in others. +// +// - After you add an IP address to an IP set that is in use in a blocking +// rule, the new address might be blocked in one area while still allowed +// in another. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -5995,25 +6060,34 @@ func (c *WAFV2) UpdateRuleGroupRequest(input *UpdateRuleGroupInput) (req *reques // // # Provide the complete rule group specification to this call // -// When you make changes to web ACLs or web ACL components, like rules and rule -// groups, WAF propagates the changes everywhere that the web ACL and its components -// are stored and used. Your changes are applied within seconds, but there might -// be a brief period of inconsistency when the changes have arrived in some -// places and not in others. So, for example, if you change a rule action setting, -// the action might be the old action in one area and the new action in another -// area. Or if you add an IP address to an IP set used in a blocking rule, the -// new address might briefly be blocked in one area while still allowed in another. -// This temporary inconsistency can occur when you first associate a web ACL -// with an Amazon Web Services resource and when you change a web ACL that is -// already associated with a resource. Generally, any inconsistencies of this -// type last only a few seconds. -// // A rule group defines a collection of rules to inspect and control web requests // that you can use in a WebACL. When you create a rule group, you define an // immutable capacity limit. If you update a rule group, you must stay within // the capacity. This allows others to reuse the rule group with confidence // in its capacity requirements. // +// # Temporary inconsistencies during updates +// +// When you create or change a web ACL or other WAF resources, the changes take +// a small amount of time to propagate to all areas where the resources are +// stored. The propagation time can be from a few seconds to a number of minutes. +// +// The following are examples of the temporary inconsistencies that you might +// notice during change propagation: +// +// - After you create a web ACL, if you try to associate it with a resource, +// you might get an exception indicating that the web ACL is unavailable. +// +// - After you add a rule group to a web ACL, the new rule group rules might +// be in effect in one area where the web ACL is used and not in another. +// +// - After you change a rule action setting, you might see the old action +// in some places and the new action in others. +// +// - After you add an IP address to an IP set that is in use in a blocking +// rule, the new address might be blocked in one area while still allowed +// in another. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -6170,19 +6244,6 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // // # Provide the complete web ACL specification to this call // -// When you make changes to web ACLs or web ACL components, like rules and rule -// groups, WAF propagates the changes everywhere that the web ACL and its components -// are stored and used. Your changes are applied within seconds, but there might -// be a brief period of inconsistency when the changes have arrived in some -// places and not in others. So, for example, if you change a rule action setting, -// the action might be the old action in one area and the new action in another -// area. Or if you add an IP address to an IP set used in a blocking rule, the -// new address might briefly be blocked in one area while still allowed in another. -// This temporary inconsistency can occur when you first associate a web ACL -// with an Amazon Web Services resource and when you change a web ACL that is -// already associated with a resource. Generally, any inconsistencies of this -// type last only a few seconds. -// // A web ACL defines a collection of rules to use to inspect and control web // requests. Each rule has a statement that defines what to look for in web // requests and an action that WAF applies to requests that match the statement. @@ -6195,6 +6256,28 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services // Verified Access instance. // +// # Temporary inconsistencies during updates +// +// When you create or change a web ACL or other WAF resources, the changes take +// a small amount of time to propagate to all areas where the resources are +// stored. The propagation time can be from a few seconds to a number of minutes. +// +// The following are examples of the temporary inconsistencies that you might +// notice during change propagation: +// +// - After you create a web ACL, if you try to associate it with a resource, +// you might get an exception indicating that the web ACL is unavailable. +// +// - After you add a rule group to a web ACL, the new rule group rules might +// be in effect in one area where the web ACL is used and not in another. +// +// - After you change a rule action setting, you might see the old action +// in some places and the new action in others. +// +// - After you add an IP address to an IP set that is in use in a blocking +// rule, the new address might be blocked in one area while still allowed +// in another. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -7336,9 +7419,9 @@ type ByteMatchStatement struct { // logs. For information about the logging fields, see Log fields (https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) // in the WAF Developer Guide. // - // * HeaderOrder: The comma-separated list of header names to match for. - // WAF creates a string that contains the ordered list of header names, from - // the headers in the web request, and then matches against that string. + // * HeaderOrder: The list of header names to match for. WAF creates a string + // that contains the ordered list of header names, from the headers in the + // web request, and then matches against that string. // // If SearchString includes alphabetic characters A-Z and a-z, note that the // value is case sensitive. @@ -8086,7 +8169,13 @@ type Cookies struct { MatchPattern *CookieMatchPattern `type:"structure" required:"true"` // The parts of the cookies to inspect with the rule inspection criteria. If - // you specify All, WAF inspects both keys and values. + // you specify ALL, WAF inspects both keys and values. + // + // All does not require a match to be found in the keys and a match to be found + // in the values. It requires a match to be found in the keys or the values + // or both. To require a match in the keys and in the values, use a logical + // AND statement to combine two match rules, one that inspects the keys and + // another that inspects the values. // // MatchScope is a required field MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"` @@ -13728,7 +13817,13 @@ type Headers struct { MatchPattern *HeaderMatchPattern `type:"structure" required:"true"` // The parts of the headers to match with the rule inspection criteria. If you - // specify All, WAF inspects both keys and values. + // specify ALL, WAF inspects both keys and values. + // + // All does not require a match to be found in the keys and a match to be found + // in the values. It requires a match to be found in the keys or the values + // or both. To require a match in the keys and in the values, use a logical + // AND statement to combine two match rules, one that inspects the keys and + // another that inspects the values. // // MatchScope is a required field MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"` @@ -14389,7 +14484,13 @@ type JsonBody struct { MatchPattern *JsonMatchPattern `type:"structure" required:"true"` // The parts of the JSON to match against using the MatchPattern. If you specify - // All, WAF matches against keys and values. + // ALL, WAF matches against keys and values. + // + // All does not require a match to be found in the keys and a match to be found + // in the values. It requires a match to be found in the keys or the values + // or both. To require a match in the keys and in the values, use a logical + // AND statement to combine two match rules, one that inspects the keys and + // another that inspects the values. // // MatchScope is a required field MatchScope *string `type:"string" required:"true" enum:"JsonMatchScope"`