docs(client-secrets-manager): Documentation updates for Secrets Manager

aws · Oct 19, 2023 · 8e1937d · 8e1937d
1 parent b10e47f
commit 8e1937d
Show file tree

Hide file tree

Showing 4 changed files with 83 additions and 167 deletions.
diff --git a/clients/client-secrets-manager/src/commands/TagResourceCommand.ts b/clients/client-secrets-manager/src/commands/TagResourceCommand.ts
@@ -39,32 +39,8 @@ export interface TagResourceCommandOutput extends __MetadataBearer {}
  * @public
  * <p>Attaches tags to a secret. Tags consist of a key name and a value. Tags are part of the
  *       secret's metadata. They are not associated with specific versions of the secret. This operation appends tags to the existing list of tags.</p>
- *          <p>The following restrictions apply to tags:</p>
- *          <ul>
- *             <li>
- *                <p>Maximum number of tags per secret: 50</p>
- *             </li>
- *             <li>
- *                <p>Maximum key length: 127 Unicode characters in UTF-8</p>
- *             </li>
- *             <li>
- *                <p>Maximum value length: 255 Unicode characters in UTF-8</p>
- *             </li>
- *             <li>
- *                <p>Tag keys and values are case sensitive.</p>
- *             </li>
- *             <li>
- *                <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it
- *             for Amazon Web Services use. You can't edit or delete tag names or values with this
- *               prefix. Tags with this prefix do not count against your tags per secret limit.</p>
- *             </li>
- *             <li>
- *                <p>If you use your tagging schema across multiple services and resources,
- *               other services might have restrictions on allowed characters. Generally
- *               allowed characters: letters, spaces, and numbers representable in UTF-8, plus the
- *               following special characters: + - = . _ : / @.</p>
- *             </li>
- *          </ul>
+ *          <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for Tagging</a> in the <i>Amazon Web Services General
+ *       Reference guide</i>.</p>
  *          <important>
  *             <p>If you use tags as part of your security strategy, then adding or removing a tag can
  *         change permissions. If successfully completing this operation would result in you losing

diff --git a/clients/client-secrets-manager/src/endpoint/ruleset.ts b/clients/client-secrets-manager/src/endpoint/ruleset.ts
@@ -6,25 +6,27 @@ import { RuleSetObject } from "@smithy/types";
    or see "smithy.rules#endpointRuleSet"
    in codegen/sdk-codegen/aws-models/secrets-manager.json */
 
-const q="required",
-r="fn",
-s="argv",
-t="ref";
-const a="isSet",
-b="tree",
-c="error",
-d="endpoint",
-e="PartitionResult",
-f={[q]:false,"type":"String"},
-g={[q]:true,"default":false,"type":"Boolean"},
-h={[t]:"Endpoint"},
-i={[r]:"booleanEquals",[s]:[{[t]:"UseFIPS"},true]},
-j={[r]:"booleanEquals",[s]:[{[t]:"UseDualStack"},true]},
-k={},
-l={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsFIPS"]}]},
-m={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsDualStack"]}]},
-n=[i],
-o=[j],
-p=[{[t]:"Region"}];
-const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]},{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"Invalid Configuration: Missing Region",type:c}]};
+const s="required",
+t="fn",
+u="argv",
+v="ref";
+const a=true,
+b="isSet",
+c="booleanEquals",
+d="error",
+e="endpoint",
+f="tree",
+g="PartitionResult",
+h={[s]:false,"type":"String"},
+i={[s]:true,"default":false,"type":"Boolean"},
+j={[v]:"Endpoint"},
+k={[t]:c,[u]:[{[v]:"UseFIPS"},true]},
+l={[t]:c,[u]:[{[v]:"UseDualStack"},true]},
+m={},
+n={[t]:"getAttr",[u]:[{[v]:g},"supportsFIPS"]},
+o={[t]:c,[u]:[true,{[t]:"getAttr",[u]:[{[v]:g},"supportsDualStack"]}]},
+p=[k],
+q=[l],
+r=[{[v]:"Region"}];
+const _data={version:"1.0",parameters:{Region:h,UseDualStack:i,UseFIPS:i,Endpoint:h},rules:[{conditions:[{[t]:b,[u]:[j]}],rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:j,properties:m,headers:m},type:e}],type:f},{conditions:[{[t]:b,[u]:r}],rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:g}],rules:[{conditions:[k,l],rules:[{conditions:[{[t]:c,[u]:[a,n]},o],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:p,rules:[{conditions:[{[t]:c,[u]:[n,a]}],rules:[{endpoint:{url:"https://secretsmanager-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:q,rules:[{conditions:[o],rules:[{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://secretsmanager.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]};
 export const ruleSet: RuleSetObject = _data;
diff --git a/clients/client-secrets-manager/src/models/models_0.ts b/clients/client-secrets-manager/src/models/models_0.ts
@@ -203,17 +203,10 @@ export interface CreateSecretRequest {
    *       Secrets Manager creates an initial version for the secret, and this parameter specifies the unique
    *       identifier for the new version. </p>
    *          <note>
-   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
-   *         leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it
-   *         as the value for this parameter in the request. If you don't use the SDK and instead
-   *         generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
-   *         <code>ClientRequestToken</code> yourself for the new version and include the value in the
-   *         request.</p>
+   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
    *          </note>
-   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental
-   *       creation of duplicate versions if there are failures and retries during a rotation. We
-   *       recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
-   *       ensure uniqueness of your versions within the specified secret. </p>
+   *          <p>If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> and include it in the request.</p>
+   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
    *          <ul>
    *             <li>
    *                <p>If the <code>ClientRequestToken</code> value isn't already associated with a version
@@ -298,32 +291,8 @@ export interface CreateSecretRequest {
    *       JSON parameter for the various command line tool environments, see <a href="https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json">Using JSON for
    *         Parameters</a>. If your command-line tool or SDK requires quotation marks around the parameter, you should
    *       use single quotes to avoid confusion with the double quotes required in the JSON text.</p>
-   *          <p>The following restrictions apply to tags:</p>
-   *          <ul>
-   *             <li>
-   *                <p>Maximum number of tags per secret: 50</p>
-   *             </li>
-   *             <li>
-   *                <p>Maximum key length: 127 Unicode characters in UTF-8</p>
-   *             </li>
-   *             <li>
-   *                <p>Maximum value length: 255 Unicode characters in UTF-8</p>
-   *             </li>
-   *             <li>
-   *                <p>Tag keys and values are case sensitive.</p>
-   *             </li>
-   *             <li>
-   *                <p>Do not use the <code>aws:</code> prefix in your tag names or values because Amazon Web Services reserves it
-   *             for Amazon Web Services use. You can't edit or delete tag names or values with this
-   *               prefix. Tags with this prefix do not count against your tags per secret limit.</p>
-   *             </li>
-   *             <li>
-   *                <p>If you use your tagging schema across multiple services and resources,
-   *               other services might have restrictions on allowed characters. Generally
-   *               allowed characters: letters, spaces, and numbers representable in UTF-8, plus the
-   *               following special characters: + - = . _ : / @.</p>
-   *             </li>
-   *          </ul>
+   *          <p>For tag quotas and naming restrictions, see <a href="https://docs.aws.amazon.com/general/latest/gr/arg.html#taged-reference-quotas">Service quotas for Tagging</a> in the <i>Amazon Web Services General
+   *       Reference guide</i>.</p>
    */
   Tags?: Tag[];
 
@@ -1595,16 +1564,10 @@ export interface PutSecretValueRequest {
    * @public
    * <p>A unique identifier for the new version of the secret. </p>
    *          <note>
-   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
-   *         leave this parameter empty because they generate a random UUID for you. If you don't
-   *         use the SDK and instead generate a raw HTTP request to the
-   *         Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> yourself
-   *         for new versions and include that value in the request. </p>
+   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
    *          </note>
-   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental
-   *       creation of duplicate versions if there are failures and retries during the Lambda rotation
-   *       function processing. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
-   *       ensure uniqueness within the specified secret. </p>
+   *          <p>If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> and include it in the request.</p>
+   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
    *          <ul>
    *             <li>
    *                <p>If the <code>ClientRequestToken</code> value isn't already associated with a version
@@ -1810,19 +1773,13 @@ export interface RotateSecretRequest {
 
   /**
    * @public
-   * <p>A unique identifier for the new version of the secret that helps
-   *     ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if
-   *     there are failures and retries during rotation. This value becomes the
-   *     <code>VersionId</code> of the new version.</p>
-   *          <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDK to call this operation, then you can
-   *     leave this parameter empty. The CLI or SDK generates a random UUID for you and includes that
-   *     in the request for this parameter. If you don't use the SDK and instead generate a raw HTTP
-   *     request to the Secrets Manager service endpoint, then you must generate a
-   *     <code>ClientRequestToken</code> yourself for new versions and include that value in the
-   *     request.</p>
-   *          <p>You only need to specify this value if you implement your own retry logic and you want to
-   *     ensure that Secrets Manager doesn't attempt to create a secret version twice. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to
-   *     ensure uniqueness within the specified secret. </p>
+   * <p>A unique identifier for the new version of the secret. You only need to specify this value if you implement your own retry logic and you want to
+   *     ensure that Secrets Manager doesn't attempt to create a secret version twice.</p>
+   *          <note>
+   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
+   *          </note>
+   *          <p>If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> and include it in the request.</p>
+   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
    */
   ClientRequestToken?: string;
 
@@ -1963,14 +1920,10 @@ export interface UpdateSecretRequest {
    *     a new version for the secret, and this parameter specifies the unique identifier for the new
    *     version.</p>
    *          <note>
-   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can
-   *         leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it
-   *         as the value for this parameter in the request. If you don't use the SDK and instead
-   *         generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a
-   *         <code>ClientRequestToken</code> yourself for the new version and include the value in the
-   *         request.</p>
+   *             <p>If you use the Amazon Web Services CLI or one of the Amazon Web Services SDKs to call this operation, then you can leave this parameter empty. The CLI or SDK generates a random UUID for you and includes it as the value for this parameter in the request. </p>
    *          </note>
-   *          <p>This value becomes the <code>VersionId</code> of the new version.</p>
+   *          <p>If you generate a raw HTTP request to the Secrets Manager service endpoint, then you must generate a <code>ClientRequestToken</code> and include it in the request.</p>
+   *          <p>This value helps ensure idempotency. Secrets Manager uses this value to prevent the accidental creation of duplicate versions if there are failures and retries during a rotation. We recommend that you generate a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID-type</a> value to ensure uniqueness of your versions within the specified secret. </p>
    */
   ClientRequestToken?: string;