From 5b5356f39b4ec23e51eb3ad8f29c22cf573d7cfd Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 30 Aug 2024 18:14:46 +0000 Subject: [PATCH 1/3] Update to latest models --- .../next-release/api-change-backup-959.json | 5 + .../api-change-datazone-52929.json | 5 + .../next-release/api-change-logs-19510.json | 5 + .../api-change-redshiftdata-15518.json | 5 + .../data/backup/2018-11-15/service-2.json | 534 ++++--- .../datazone/2018-05-10/paginators-1.json | 18 + .../data/datazone/2018-05-10/service-2.json | 1405 ++++++++++++++++- botocore/data/logs/2014-03-28/service-2.json | 97 +- .../2019-12-20/endpoint-rule-set-1.json | 40 +- .../redshift-data/2019-12-20/service-2.json | 136 +- 10 files changed, 1912 insertions(+), 338 deletions(-) create mode 100644 .changes/next-release/api-change-backup-959.json create mode 100644 .changes/next-release/api-change-datazone-52929.json create mode 100644 .changes/next-release/api-change-logs-19510.json create mode 100644 .changes/next-release/api-change-redshiftdata-15518.json diff --git a/.changes/next-release/api-change-backup-959.json b/.changes/next-release/api-change-backup-959.json new file mode 100644 index 0000000000..6b6ec20a91 --- /dev/null +++ b/.changes/next-release/api-change-backup-959.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``backup``", + "description": "The latest update introduces two new attributes, VaultType and VaultState, to the DescribeBackupVault and ListBackupVaults APIs. The VaultState attribute reflects the current status of the vault, while the VaultType attribute indicates the specific category of the vault." +} diff --git a/.changes/next-release/api-change-datazone-52929.json b/.changes/next-release/api-change-datazone-52929.json new file mode 100644 index 0000000000..efbb9ac47e --- /dev/null +++ b/.changes/next-release/api-change-datazone-52929.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``datazone``", + "description": "Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls." +} diff --git a/.changes/next-release/api-change-logs-19510.json b/.changes/next-release/api-change-logs-19510.json new file mode 100644 index 0000000000..db9ba01b8f --- /dev/null +++ b/.changes/next-release/api-change-logs-19510.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``logs``", + "description": "This release introduces a new optional parameter: Entity, in PutLogEvents request" +} diff --git a/.changes/next-release/api-change-redshiftdata-15518.json b/.changes/next-release/api-change-redshiftdata-15518.json new file mode 100644 index 0000000000..0234b7f327 --- /dev/null +++ b/.changes/next-release/api-change-redshiftdata-15518.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``redshift-data``", + "description": "The release include the new Redshift DataAPI feature for session use, customer execute query with --session-keep-alive-seconds parameter and can submit follow-up queries to same sessions with returned`session-id`" +} diff --git a/botocore/data/backup/2018-11-15/service-2.json b/botocore/data/backup/2018-11-15/service-2.json index f2c72a78ca..4adb46a318 100644 --- a/botocore/data/backup/2018-11-15/service-2.json +++ b/botocore/data/backup/2018-11-15/service-2.json @@ -5,10 +5,12 @@ "endpointPrefix":"backup", "jsonVersion":"1.1", "protocol":"rest-json", + "protocols":["rest-json"], "serviceFullName":"AWS Backup", "serviceId":"Backup", "signatureVersion":"v4", - "uid":"backup-2018-11-15" + "uid":"backup-2018-11-15", + "auth":["aws.auth#sigv4"] }, "operations":{ "CancelLegalHold":{ @@ -27,7 +29,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

This action removes the specified legal hold on a recovery point. This action can only be performed by a user with sufficient permissions.

", + "documentation":"

Removes the specified legal hold on a recovery point. This action can only be performed by a user with sufficient permissions.

", "idempotent":true }, "CreateBackupPlan":{ @@ -116,7 +118,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

This action creates a legal hold on a recovery point (backup). A legal hold is a restraint on altering or deleting a backup until an authorized user cancels the legal hold. Any actions to delete or disassociate a recovery point will fail with an error if one or more active legal holds are on the recovery point.

", + "documentation":"

Creates a legal hold on a recovery point (backup). A legal hold is a restraint on altering or deleting a backup until an authorized user cancels the legal hold. Any actions to delete or disassociate a recovery point will fail with an error if one or more active legal holds are on the recovery point.

", "idempotent":true }, "CreateLogicallyAirGappedBackupVault":{ @@ -135,7 +137,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"InvalidRequestException"} ], - "documentation":"

This request creates a logical container to where backups may be copied.

This request includes a name, the Region, the maximum number of retention days, the minimum number of retention days, and optionally can include tags and a creator request ID.

Do not include sensitive data, such as passport numbers, in the name of a backup vault.

", + "documentation":"

Creates a logical container to where backups may be copied.

This request includes a name, the Region, the maximum number of retention days, the minimum number of retention days, and optionally can include tags and a creator request ID.

Do not include sensitive data, such as passport numbers, in the name of a backup vault.

", "idempotent":true }, "CreateReportPlan":{ @@ -173,7 +175,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

This is the first of two steps to create a restore testing plan; once this request is successful, finish the procedure with request CreateRestoreTestingSelection.

You must include the parameter RestoreTestingPlan. You may optionally include CreatorRequestId and Tags.

", + "documentation":"

Creates a restore testing plan.

The first of two steps to create a restore testing plan. After this request is successful, finish the procedure using CreateRestoreTestingSelection.

", "idempotent":true }, "CreateRestoreTestingSelection":{ @@ -855,7 +857,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"

Returns metadata of your saved backup plan templates, including the template ID, name, and the creation and deletion dates.

" + "documentation":"

Lists the backup plan templates.

" }, "ListBackupPlanVersions":{ "name":"ListBackupPlanVersions", @@ -888,7 +890,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Returns a list of all active backup plans for an authenticated account. The list contains information such as Amazon Resource Names (ARNs), plan IDs, creation and deletion dates, version IDs, plan names, and creator request IDs.

", + "documentation":"

Lists the active backup plans for the account.

", "idempotent":true }, "ListBackupSelections":{ @@ -1059,7 +1061,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Returns detailed information about all the recovery points of the type specified by a resource Amazon Resource Name (ARN).

For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.

", + "documentation":"

The information about the recovery points of the type specified by a resource Amazon Resource Name (ARN).

For Amazon EFS and Amazon EC2, this action only lists recovery points created by Backup.

", "idempotent":true }, "ListReportJobs":{ @@ -1183,7 +1185,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Returns a list of key-value pairs assigned to a target recovery point, backup plan, or backup vault.

ListTags only works for resource types that support full Backup management of their backups. Those resource types are listed in the \"Full Backup management\" section of the Feature availability by resource table.

", + "documentation":"

Returns the tags assigned to the resource, such as a target recovery point, backup plan, or backup vault.

", "idempotent":true }, "PutBackupVaultAccessPolicy":{ @@ -1216,7 +1218,7 @@ {"shape":"InvalidRequestException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.

Backup Vault Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations. For more information about how Backup Vault Lock relates to these regulations, see the Cohasset Associates Compliance Assessment.

", + "documentation":"

Applies Backup Vault Lock to a backup vault, preventing attempts to delete any recovery point stored in or created in a backup vault. Vault Lock also prevents attempts to update the lifecycle policy that controls the retention period of any recovery point currently stored in a backup vault. If specified, Vault Lock enforces a minimum and maximum retention period for future backup and copy jobs that target a backup vault.

Backup Vault Lock has been assessed by Cohasset Associates for use in environments that are subject to SEC 17a-4, CFTC, and FINRA regulations. For more information about how Backup Vault Lock relates to these regulations, see the Cohasset Associates Compliance Assessment.

For more information, see Backup Vault Lock.

", "idempotent":true }, "PutBackupVaultNotifications":{ @@ -1340,7 +1342,7 @@ {"shape":"InvalidRequestException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Attempts to cancel a job to create a one-time backup of a resource.

This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP , Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune.

" + "documentation":"

Attempts to cancel a job to create a one-time backup of a resource.

This action is not supported for the following services: Amazon FSx for Windows File Server, Amazon FSx for Lustre, Amazon FSx for NetApp ONTAP, Amazon FSx for OpenZFS, Amazon DocumentDB (with MongoDB compatibility), Amazon RDS, Amazon Aurora, and Amazon Neptune.

" }, "TagResource":{ "name":"TagResource", @@ -1356,7 +1358,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).

", + "documentation":"

Assigns a set of key-value pairs to a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN).

This API is supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS.

", "idempotent":true }, "UntagResource":{ @@ -1372,7 +1374,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN)

", + "documentation":"

Removes a set of key-value pairs from a recovery point, backup plan, or backup vault identified by an Amazon Resource Name (ARN)

This API is not supported for recovery points for resource types including Aurora, Amazon DocumentDB. Amazon EBS, Amazon FSx, Neptune, and Amazon RDS.

", "idempotent":true }, "UpdateBackupPlan":{ @@ -1389,7 +1391,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Updates an existing backup plan identified by its backupPlanId with the input document in JSON format. The new version is uniquely identified by a VersionId.

", + "documentation":"

Updates the specified backup plan. The new version is uniquely identified by its ID.

", "idempotent":true }, "UpdateFramework":{ @@ -1409,7 +1411,7 @@ {"shape":"ConflictException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Updates an existing framework identified by its FrameworkName with the input document in JSON format.

", + "documentation":"

Updates the specified framework.

", "idempotent":true }, "UpdateGlobalSettings":{ @@ -1442,7 +1444,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Sets the transition lifecycle of a recovery point.

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

This operation does not support continuous backups.

", + "documentation":"

Sets the transition lifecycle of a recovery point.

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

If your lifecycle currently uses the parameters DeleteAfterDays and MoveToColdStorageAfterDays, include these parameters and their values when you call this operation. Not including them may result in your plan updating with null values.

This operation does not support continuous backups.

", "idempotent":true }, "UpdateRegionSettings":{ @@ -1474,7 +1476,7 @@ {"shape":"MissingParameterValueException"}, {"shape":"ConflictException"} ], - "documentation":"

Updates an existing report plan identified by its ReportPlanName with the input document in JSON format.

", + "documentation":"

Updates the specified report plan.

", "idempotent":true }, "UpdateRestoreTestingPlan":{ @@ -1512,7 +1514,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Most elements except the RestoreTestingSelectionName can be updated with this request.

RestoreTestingSelection can use either protected resource ARNs or conditions, but not both. That is, if your selection has ProtectedResourceArns, requesting an update with the parameter ProtectedResourceConditions will be unsuccessful.

", + "documentation":"

Updates the specified restore testing selection.

Most elements except the RestoreTestingSelectionName can be updated with this request.

You can use either protected resource ARNs or conditions, but not both.

", "idempotent":true } }, @@ -1534,7 +1536,7 @@ "documentation":"

Specifies the backup option for a selected resource. This option is only available for Windows VSS backup jobs.

Valid values:

Set to \"WindowsVSS\":\"enabled\" to enable the WindowsVSS backup option and create a Windows VSS backup.

Set to \"WindowsVSS\":\"disabled\" to create a regular backup. The WindowsVSS option is not enabled by default.

If you specify an invalid option, you get an InvalidParameterValueException exception.

For more information about Windows VSS backups, see Creating a VSS-Enabled Windows Backup.

" } }, - "documentation":"

A list of backup options for each resource type.

" + "documentation":"

The backup options for each resource type.

" }, "AdvancedBackupSettings":{ "type":"list", @@ -1586,11 +1588,11 @@ }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "RecoveryPointArn":{ "shape":"ARN", @@ -1666,11 +1668,11 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "InitiationDate":{ "shape":"timestamp", - "documentation":"

This is the date on which the backup job was initiated.

" + "documentation":"

The date on which the backup job was initiated.

" }, "MessageCategory":{ "shape":"string", @@ -1782,7 +1784,7 @@ "members":{ "BackupPlanName":{ "shape":"BackupPlanName", - "documentation":"

The display name of a backup plan. Must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

The display name of a backup plan. Must contain only alphanumeric or '-_.' special characters.

If this is set in the console, it can contain 1 to 50 characters; if this is set through CLI or API, it can contain 1 to 200 characters.

" }, "Rules":{ "shape":"BackupRules", @@ -1877,7 +1879,7 @@ }, "LastExecutionDate":{ "shape":"timestamp", - "documentation":"

The last time a job to back up resources was run with this rule. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" + "documentation":"

The last time this backup plan was run. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" }, "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", @@ -1899,7 +1901,7 @@ }, "TargetBackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "ScheduleExpression":{ "shape":"CronExpression", @@ -1915,11 +1917,11 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

" }, "RecoveryPointTags":{ "shape":"Tags", - "documentation":"

An array of key-value pair strings that are assigned to resources that are associated with this rule when restored from backup.

" + "documentation":"

The tags that are assigned to resources that are associated with this rule when restored from backup.

" }, "RuleId":{ "shape":"string", @@ -1935,7 +1937,7 @@ }, "ScheduleExpressionTimezone":{ "shape":"Timezone", - "documentation":"

This is the timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone.

" + "documentation":"

The timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone.

" } }, "documentation":"

Specifies a scheduled task used to back up a selection of resources.

" @@ -1953,7 +1955,7 @@ }, "TargetBackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "ScheduleExpression":{ "shape":"CronExpression", @@ -1969,11 +1971,11 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

This parameter has a maximum value of 100 years (36,500 days).

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold storage.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

This parameter has a maximum value of 100 years (36,500 days).

" }, "RecoveryPointTags":{ "shape":"Tags", - "documentation":"

To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.

" + "documentation":"

The tags to assign to the resources.

" }, "CopyActions":{ "shape":"CopyActions", @@ -1985,7 +1987,7 @@ }, "ScheduleExpressionTimezone":{ "shape":"Timezone", - "documentation":"

This is the timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone.

" + "documentation":"

The timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone.

" } }, "documentation":"

Specifies a scheduled task used to back up a selection of resources.

" @@ -2019,22 +2021,22 @@ }, "Resources":{ "shape":"ResourceArns", - "documentation":"

A list of Amazon Resource Names (ARNs) to assign to a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.

If you need to assign many resources to a backup plan, consider a different resource selection strategy, such as assigning all resources of a resource type or refining your resource selection using tags.

" + "documentation":"

The Amazon Resource Names (ARNs) of the resources to assign to a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.

If you need to assign many resources to a backup plan, consider a different resource selection strategy, such as assigning all resources of a resource type or refining your resource selection using tags.

If you specify multiple ARNs, the resources much match any of the ARNs (OR logic).

" }, "ListOfTags":{ "shape":"ListOfTags", - "documentation":"

A list of conditions that you define to assign resources to your backup plans using tags. For example, \"StringEquals\": { \"Key\": \"aws:ResourceTag/CreatedByCryo\", \"Value\": \"true\" },. Condition operators are case sensitive.

ListOfTags differs from Conditions as follows:

" + "documentation":"

The conditions that you define to assign resources to your backup plans using tags. For example, \"StringEquals\": { \"ConditionKey\": \"backup\", \"ConditionValue\": \"daily\"}.

ListOfTags supports only StringEquals. Condition operators are case sensitive.

If you specify multiple conditions, the resources much match any of the conditions (OR logic).

" }, "NotResources":{ "shape":"ResourceArns", - "documentation":"

A list of Amazon Resource Names (ARNs) to exclude from a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.

If you need to exclude many resources from a backup plan, consider a different resource selection strategy, such as assigning only one or a few resource types or refining your resource selection using tags.

" + "documentation":"

The Amazon Resource Names (ARNs) of the resources to exclude from a backup plan. The maximum number of ARNs is 500 without wildcards, or 30 ARNs with wildcards.

If you need to exclude many resources from a backup plan, consider a different resource selection strategy, such as assigning only one or a few resource types or refining your resource selection using tags.

" }, "Conditions":{ "shape":"Conditions", - "documentation":"

A list of conditions that you define to assign resources to your backup plans using tags. For example, \"StringEquals\": { \"Key\": \"aws:ResourceTag/CreatedByCryo\", \"Value\": \"true\" },. Condition operators are case sensitive.

Conditions differs from ListOfTags as follows:

" + "documentation":"

The conditions that you define to assign resources to your backup plans using tags. For example, \"StringEquals\": { \"ConditionKey\": \"aws:ResourceTag/backup\", \"ConditionValue\": \"daily\" }.

Conditions supports StringEquals, StringLike, StringNotEquals, and StringNotLike. Condition operators are case sensitive.

If you specify multiple conditions, the resources much match all conditions (AND logic).

" } }, - "documentation":"

Used to specify a set of resources to a backup plan.

Specifying your desired Conditions, ListOfTags, NotResources, and/or Resources is recommended. If none of these are specified, Backup will attempt to select all supported and opted-in storage resources, which could have unintended cost implications.

" + "documentation":"

Used to specify a set of resources to a backup plan.

We recommend that you specify conditions, tags, or resources to include or exclude. Otherwise, Backup attempts to select all supported and opted-in storage resources, which could have unintended cost implications.

For more information, see Assigning resources programmatically.

" }, "BackupSelectionName":{ "type":"string", @@ -2109,11 +2111,19 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" + }, + "VaultType":{ + "shape":"VaultType", + "documentation":"

The type of vault in which the described recovery point is stored.

" + }, + "VaultState":{ + "shape":"VaultState", + "documentation":"

The current state of the vault.

" }, "CreationDate":{ "shape":"timestamp", @@ -2167,7 +2177,7 @@ "documentation":"

A timestamp that specifies when to delete a recovery point.

" } }, - "documentation":"

Contains DeleteAt and MoveToColdStorageAt timestamps, which are used to specify a lifecycle for a recovery point.

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

Contains DeleteAt and MoveToColdStorageAt timestamps, which are used to specify a lifecycle for a recovery point.

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

" }, "CancelLegalHoldInput":{ "type":"structure", @@ -2178,19 +2188,19 @@ "members":{ "LegalHoldId":{ "shape":"string", - "documentation":"

Legal hold ID required to remove the specified legal hold on a recovery point.

", + "documentation":"

The ID of the legal hold.

", "location":"uri", "locationName":"legalHoldId" }, "CancelDescription":{ "shape":"string", - "documentation":"

String describing the reason for removing the legal hold.

", + "documentation":"

A string the describes the reason for removing the legal hold.

", "location":"querystring", "locationName":"cancelDescription" }, "RetainRecordInDays":{ "shape":"Long", - "documentation":"

The integer amount in days specifying amount of days after this API operation to remove legal hold.

", + "documentation":"

The integer amount, in days, after which to remove legal hold.

", "location":"querystring", "locationName":"retainRecordInDays" } @@ -2243,7 +2253,7 @@ "documentation":"

The value in a key-value pair. For example, in the tag Department: Accounting, Accounting is the value.

" } }, - "documentation":"

Includes information about tags you define to assign tagged resources to a backup plan.

" + "documentation":"

Includes information about tags you define to assign tagged resources to a backup plan.

Include the prefix aws:ResourceTag in your tags. For example, \"aws:ResourceTag/TagKey1\": \"Value1\".

" }, "ConditionParameters":{ "type":"list", @@ -2305,7 +2315,7 @@ "documentation":"

The value of parameter, for example, hourly.

" } }, - "documentation":"

A list of parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: \"backup plan frequency is at least daily and the retention period is at least 1 year\". The first parameter is daily. The second parameter is 1 year.

" + "documentation":"

The parameters for a control. A control can have zero, one, or more than one parameter. An example of a control with two parameters is: \"backup plan frequency is at least daily and the retention period is at least 1 year\". The first parameter is daily. The second parameter is 1 year.

" }, "ControlInputParameters":{ "type":"list", @@ -2325,7 +2335,7 @@ }, "Tags":{ "shape":"stringMap", - "documentation":"

The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string. The structure to assign a tag is: [{\"Key\":\"string\",\"Value\":\"string\"}].

" + "documentation":"

The tag key-value pair applied to those Amazon Web Services resources that you want to trigger an evaluation for a rule. A maximum of one key-value pair can be provided. The tag value is optional, but it cannot be an empty string if you are creating or editing a framework from the console (though the value can be an empty string when included in a CloudFormation template).

The structure to assign a tag is: [{\"Key\":\"string\",\"Value\":\"string\"}].

" } }, "documentation":"

A framework consists of one or more controls. Each control has its own control scope. The control scope can include one or more resource types, a combination of a tag key and value, or a combination of one resource type and one resource ID. If no scope is specified, evaluations for the rule are triggered when any resource in your recording group changes in configuration.

To set a control scope that includes all of a particular resource, leave the ControlScope empty or do not pass it when calling CreateFramework.

" @@ -2337,7 +2347,7 @@ "Lifecycle":{"shape":"Lifecycle"}, "DestinationBackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies the destination backup vault for the copied backup. For example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" } }, "documentation":"

The details of the copy operation.

" @@ -2359,7 +2369,7 @@ }, "SourceBackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a source copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a source copy vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "SourceRecoveryPointArn":{ "shape":"ARN", @@ -2367,7 +2377,7 @@ }, "DestinationBackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a destination copy vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a destination copy vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "DestinationRecoveryPointArn":{ "shape":"ARN", @@ -2416,11 +2426,11 @@ }, "CompositeMemberIdentifier":{ "shape":"string", - "documentation":"

This is the identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" + "documentation":"

The identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" }, "NumberOfChildJobs":{ "shape":"Long", - "documentation":"

This is the number of child (nested) copy jobs.

" + "documentation":"

The number of child (nested) copy jobs.

" }, "ChildJobsInState":{ "shape":"CopyJobChildJobsInState", @@ -2428,7 +2438,7 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "MessageCategory":{ "shape":"string", @@ -2473,7 +2483,7 @@ "members":{ "Region":{ "shape":"Region", - "documentation":"

This is the Amazon Web Services Regions within the job summary.

" + "documentation":"

The Amazon Web Services Regions within the job summary.

" }, "AccountId":{ "shape":"AccountId", @@ -2520,11 +2530,11 @@ "members":{ "BackupPlan":{ "shape":"BackupPlanInput", - "documentation":"

Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules.

" + "documentation":"

The body of a backup plan. Includes a BackupPlanName and one or more sets of Rules.

" }, "BackupPlanTags":{ "shape":"Tags", - "documentation":"

To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair. The specified tags are assigned to all backups created with this plan.

" + "documentation":"

The tags to assign to the backup plan.

" }, "CreatorRequestId":{ "shape":"string", @@ -2537,7 +2547,7 @@ "members":{ "BackupPlanId":{ "shape":"string", - "documentation":"

Uniquely identifies a backup plan.

" + "documentation":"

The ID of the backup plan.

" }, "BackupPlanArn":{ "shape":"ARN", @@ -2553,7 +2563,7 @@ }, "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", - "documentation":"

A list of BackupOptions settings for a resource type. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.

" + "documentation":"

The settings for a resource type. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.

" } } }, @@ -2566,13 +2576,13 @@ "members":{ "BackupPlanId":{ "shape":"string", - "documentation":"

Uniquely identifies the backup plan to be associated with the selection of resources.

", + "documentation":"

The ID of the backup plan.

", "location":"uri", "locationName":"backupPlanId" }, "BackupSelection":{ "shape":"BackupSelection", - "documentation":"

Specifies the body of a request to assign a set of resources to a backup plan.

" + "documentation":"

The body of a request to assign a set of resources to a backup plan.

" }, "CreatorRequestId":{ "shape":"string", @@ -2589,7 +2599,7 @@ }, "BackupPlanId":{ "shape":"string", - "documentation":"

Uniquely identifies a backup plan.

" + "documentation":"

The ID of the backup plan.

" }, "CreationDate":{ "shape":"timestamp", @@ -2609,7 +2619,7 @@ }, "BackupVaultTags":{ "shape":"Tags", - "documentation":"

Metadata that you can assign to help organize the resources that you create. Each tag is a key-value pair.

" + "documentation":"

The tags to assign to the backup vault.

" }, "EncryptionKeyArn":{ "shape":"ARN", @@ -2630,7 +2640,7 @@ }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "CreationDate":{ "shape":"timestamp", @@ -2655,7 +2665,7 @@ }, "FrameworkControls":{ "shape":"FrameworkControls", - "documentation":"

A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" + "documentation":"

The controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" }, "IdempotencyToken":{ "shape":"string", @@ -2664,7 +2674,7 @@ }, "FrameworkTags":{ "shape":"stringMap", - "documentation":"

Metadata that you can assign to help organize the frameworks that you create. Each tag is a key-value pair.

" + "documentation":"

The tags to assign to the framework.

" } } }, @@ -2690,11 +2700,11 @@ "members":{ "Title":{ "shape":"string", - "documentation":"

This is the string title of the legal hold.

" + "documentation":"

The title of the legal hold.

" }, "Description":{ "shape":"string", - "documentation":"

This is the string description of the legal hold.

" + "documentation":"

The description of the legal hold.

" }, "IdempotencyToken":{ "shape":"string", @@ -2702,7 +2712,7 @@ }, "RecoveryPointSelection":{ "shape":"RecoveryPointSelection", - "documentation":"

This specifies criteria to assign a set of resources, such as resource types or backup vaults.

" + "documentation":"

The criteria to assign a set of resources, such as resource types or backup vaults.

" }, "Tags":{ "shape":"Tags", @@ -2715,31 +2725,31 @@ "members":{ "Title":{ "shape":"string", - "documentation":"

This is the string title of the legal hold returned after creating the legal hold.

" + "documentation":"

The title of the legal hold.

" }, "Status":{ "shape":"LegalHoldStatus", - "documentation":"

This displays the status of the legal hold returned after creating the legal hold. Statuses can be ACTIVE, PENDING, CANCELED, CANCELING, or FAILED.

" + "documentation":"

The status of the legal hold.

" }, "Description":{ "shape":"string", - "documentation":"

This is the returned string description of the legal hold.

" + "documentation":"

The description of the legal hold.

" }, "LegalHoldId":{ "shape":"string", - "documentation":"

Legal hold ID returned for the specified legal hold on a recovery point.

" + "documentation":"

The ID of the legal hold.

" }, "LegalHoldArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Number) of the created legal hold.

" + "documentation":"

The Amazon Resource Name (ARN) of the legal hold.

" }, "CreationDate":{ "shape":"timestamp", - "documentation":"

Time in number format when legal hold was created.

" + "documentation":"

The time when the legal hold was created.

" }, "RecoveryPointSelection":{ "shape":"RecoveryPointSelection", - "documentation":"

This specifies criteria to assign a set of resources, such as resource types or backup vaults.

" + "documentation":"

The criteria to assign to a set of resources, such as resource types or backup vaults.

" } } }, @@ -2753,25 +2763,25 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

This is the name of the vault that is being created.

", + "documentation":"

The name of a logical container where backups are stored. Logically air-gapped backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, "BackupVaultTags":{ "shape":"Tags", - "documentation":"

These are the tags that will be included in the newly-created vault.

" + "documentation":"

The tags to assign to the vault.

" }, "CreatorRequestId":{ "shape":"string", - "documentation":"

This is the ID of the creation request.

This parameter is optional. If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" + "documentation":"

The ID of the creation request.

This parameter is optional. If used, this parameter must contain 1 to 50 alphanumeric or '-_.' characters.

" }, "MinRetentionDays":{ "shape":"Long", - "documentation":"

This setting specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, no minimum retention period is enforced.

If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If a job retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault.

" + "documentation":"

This setting specifies the minimum retention period that the vault retains its recovery points.

The minimum value accepted is 7 days.

" }, "MaxRetentionDays":{ "shape":"Long", - "documentation":"

This is the setting that specifies the maximum retention period that the vault retains its recovery points. If this parameter is not specified, Backup does not enforce a maximum retention period on the recovery points in the vault (allowing indefinite storage).

If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or shorter than the maximum retention period. If the job retention period is longer than that maximum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault.

" + "documentation":"

The maximum retention period that the vault retains its recovery points.

" } } }, @@ -2780,11 +2790,11 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Logically air-gapped backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Logically air-gapped backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Name) of the vault being created.

" + "documentation":"

The ARN (Amazon Resource Name) of the vault.

" }, "CreationDate":{ "shape":"timestamp", @@ -2792,7 +2802,7 @@ }, "VaultState":{ "shape":"VaultState", - "documentation":"

This is the current state of the vault.

" + "documentation":"

The current state of the vault.

" } } }, @@ -2822,7 +2832,7 @@ }, "ReportPlanTags":{ "shape":"stringMap", - "documentation":"

Metadata that you can assign to help organize the report plans that you create. Each tag is a key-value pair.

" + "documentation":"

The tags to assign to the report plan.

" }, "IdempotencyToken":{ "shape":"string", @@ -2862,7 +2872,7 @@ }, "Tags":{ "shape":"SensitiveStringMap", - "documentation":"

Optional tags to include. A tag is a key-value pair you can use to manage, filter, and search for your resources. Allowed characters include UTF-8 letters,numbers, spaces, and the following characters: + - = . _ : /.

" + "documentation":"

The tags to assign to the restore testing plan.

" } } }, @@ -2922,19 +2932,19 @@ "members":{ "CreationTime":{ "shape":"Timestamp", - "documentation":"

This is the time the resource testing selection was created successfully.

" + "documentation":"

The time that the resource testing selection was created.

" }, "RestoreTestingPlanArn":{ "shape":"String", - "documentation":"

This is the ARN of the restore testing plan with which the restore testing selection is associated.

" + "documentation":"

The ARN of the restore testing plan with which the restore testing selection is associated.

" }, "RestoreTestingPlanName":{ "shape":"String", - "documentation":"

Unique string that is the name of the restore testing plan.

The name cannot be changed after creation. The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" + "documentation":"

The name of the restore testing plan.

The name cannot be changed after creation. The name consists of only alphanumeric characters and underscores. Maximum length is 50.

" }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

This is the unique name of the restore testing selection that belongs to the related restore testing plan.

" + "documentation":"

The name of the restore testing selection for the related restore testing plan.

" } } }, @@ -3029,7 +3039,7 @@ "members":{ "BackupVaultName":{ "shape":"string", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" } @@ -3053,7 +3063,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

", "location":"uri", "locationName":"backupVaultName" } @@ -3080,7 +3090,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -3180,11 +3190,11 @@ }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "RecoveryPointArn":{ "shape":"ARN", @@ -3268,15 +3278,15 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "InitiationDate":{ "shape":"timestamp", - "documentation":"

This is the date a backup job was initiated.

" + "documentation":"

The date a backup job was initiated.

" }, "MessageCategory":{ "shape":"string", - "documentation":"

This is the job count for the specified message category.

Example strings may include AccessDenied, SUCCESS, AGGREGATE_ALL, and INVALIDPARAMETERS. View Monitoring for a list of accepted MessageCategory strings.

" + "documentation":"

The job count for the specified message category.

Example strings may include AccessDenied, SUCCESS, AGGREGATE_ALL, and INVALIDPARAMETERS. View Monitoring for a list of accepted MessageCategory strings.

" } } }, @@ -3286,13 +3296,13 @@ "members":{ "BackupVaultName":{ "shape":"string", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, "BackupVaultAccountId":{ "shape":"string", - "documentation":"

This is the account ID of the specified backup vault.

", + "documentation":"

The account ID of the specified backup vault.

", "location":"querystring", "locationName":"backupVaultAccountId" } @@ -3303,15 +3313,19 @@ "members":{ "BackupVaultName":{ "shape":"string", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "VaultType":{ "shape":"VaultType", - "documentation":"

This is the type of vault described.

" + "documentation":"

The type of vault described.

" + }, + "VaultState":{ + "shape":"VaultState", + "documentation":"

The current state of the vault.->

" }, "EncryptionKeyArn":{ "shape":"ARN", @@ -3335,7 +3349,7 @@ }, "MinRetentionDays":{ "shape":"Long", - "documentation":"

The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock does not enforce a minimum retention period.

If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.

" + "documentation":"

The Backup Vault Lock setting that specifies the minimum retention period that the vault retains its recovery points. If this parameter is not specified, Vault Lock will not enforce a minimum retention period.

If specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails the backup or copy job, and you should either modify your lifecycle settings or use a different vault. Recovery points already stored in the vault prior to Vault Lock are not affected.

" }, "MaxRetentionDays":{ "shape":"Long", @@ -3397,7 +3411,7 @@ }, "FrameworkControls":{ "shape":"FrameworkControls", - "documentation":"

A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" + "documentation":"

The controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" }, "CreationTime":{ "shape":"timestamp", @@ -3464,27 +3478,27 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The name of the resource that belongs to the specified backup.

" }, "LastBackupVaultArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Name) of the backup vault that contains the most recent backup recovery point.

" + "documentation":"

The ARN (Amazon Resource Name) of the backup vault that contains the most recent backup recovery point.

" }, "LastRecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Name) of the most recent recovery point.

" + "documentation":"

The ARN (Amazon Resource Name) of the most recent recovery point.

" }, "LatestRestoreExecutionTimeMinutes":{ "shape":"Long", - "documentation":"

This is the time in minutes the most recent restore job took to complete.

" + "documentation":"

The time, in minutes, that the most recent restore job took to complete.

" }, "LatestRestoreJobCreationDate":{ "shape":"timestamp", - "documentation":"

This is the creation date of the most recent restore job.

" + "documentation":"

The creation date of the most recent restore job.

" }, "LatestRestoreRecoveryPointCreationDate":{ "shape":"timestamp", - "documentation":"

This is the date the most recent recovery point was created.

" + "documentation":"

The date the most recent recovery point was created.

" } } }, @@ -3497,7 +3511,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -3509,7 +3523,7 @@ }, "BackupVaultAccountId":{ "shape":"AccountId", - "documentation":"

This is the account ID of the specified backup vault.

", + "documentation":"

The account ID of the specified backup vault.

", "location":"querystring", "locationName":"backupVaultAccountId" } @@ -3524,15 +3538,15 @@ }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "SourceBackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in; for example, arn:aws:backup:us-east-1:123456789012:vault:BackupVault. If the recovery is restored to the same Amazon Web Services account or Region, this value will be null.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies the source vault where the resource was originally backed up in; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault. If the recovery is restored to the same Amazon Web Services account or Region, this value will be null.

" }, "ResourceArn":{ "shape":"ARN", @@ -3552,7 +3566,7 @@ }, "Status":{ "shape":"RecoveryPointStatus", - "documentation":"

A status code specifying the state of the recovery point.

PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan. You can also increase your backup plan window using the Console by choosing and editing your backup plan.

EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started.

STOPPED status occurs on a continuous backup where a user has taken some action that causes the continuous backup to be disabled. This can be caused by the removal of permissions, turning off versioning, turning off events being sent to EventBridge, or disabling the EventBridge rules that are put in place by Backup.

To resolve STOPPED status, ensure that all requested permissions are in place and that versioning is enabled on the S3 bucket. Once these conditions are met, the next instance of a backup rule running will result in a new continuous recovery point being created. The recovery points with STOPPED status do not need to be deleted.

For SAP HANA on Amazon EC2 STOPPED status occurs due to user action, application misconfiguration, or backup failure. To ensure that future continuous backups succeed, refer to the recovery point status and check SAP HANA for details.

" + "documentation":"

A status code specifying the state of the recovery point.

PARTIAL status indicates Backup could not create the recovery point before the backup window closed. To increase your backup plan window using the API, see UpdateBackupPlan. You can also increase your backup plan window using the Console by choosing and editing your backup plan.

EXPIRED status indicates that the recovery point has exceeded its retention period, but Backup lacks permission or is otherwise unable to delete it. To manually delete these recovery points, see Step 3: Delete the recovery points in the Clean up resources section of Getting started.

STOPPED status occurs on a continuous backup where a user has taken some action that causes the continuous backup to be disabled. This can be caused by the removal of permissions, turning off versioning, turning off events being sent to EventBridge, or disabling the EventBridge rules that are put in place by Backup. For recovery points of Amazon S3, Amazon RDS, and Amazon Aurora resources, this status occurs when the retention period of a continuous backup rule is changed.

To resolve STOPPED status, ensure that all requested permissions are in place and that versioning is enabled on the S3 bucket. Once these conditions are met, the next instance of a backup rule running will result in a new continuous recovery point being created. The recovery points with STOPPED status do not need to be deleted.

For SAP HANA on Amazon EC2 STOPPED status occurs due to user action, application misconfiguration, or backup failure. To ensure that future continuous backups succeed, refer to the recovery point status and check SAP HANA for details.

" }, "StatusMessage":{ "shape":"string", @@ -3576,7 +3590,7 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups that are transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

" }, "EncryptionKeyArn":{ "shape":"ARN", @@ -3600,7 +3614,7 @@ }, "CompositeMemberIdentifier":{ "shape":"string", - "documentation":"

This is the identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" + "documentation":"

The identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" }, "IsParent":{ "shape":"boolean", @@ -3608,11 +3622,11 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The name of the resource that belongs to the specified backup.

" }, "VaultType":{ "shape":"VaultType", - "documentation":"

This is the type of vault in which the described recovery point is stored.

" + "documentation":"

The type of vault in which the described recovery point is stored.

" } } }, @@ -3626,11 +3640,11 @@ "members":{ "ResourceTypeOptInPreference":{ "shape":"ResourceTypeOptInPreference", - "documentation":"

Returns a list of all services along with the opt-in preferences in the Region.

" + "documentation":"

The services along with the opt-in preferences in the Region.

" }, "ResourceTypeManagementPreference":{ "shape":"ResourceTypeManagementPreference", - "documentation":"

Returns whether Backup fully manages the backups for a resource type.

For the benefits of full Backup management, see Full Backup management.

For a list of resource types and whether each supports full Backup management, see the Feature availability by resource table.

If \"DynamoDB\":false, you can enable full Backup management for DynamoDB backup by enabling Backup's advanced DynamoDB backup features.

" + "documentation":"

Returns whether Backup fully manages the backups for a resource type.

For the benefits of full Backup management, see Full Backup management.

For a list of resource types and whether each supports full Backup management, see the Feature availability by resource table.

If \"DynamoDB\":false, you can enable full Backup management for DynamoDB backup by enabling Backup's advanced DynamoDB backup features.

" } } }, @@ -3651,7 +3665,7 @@ "members":{ "ReportJob":{ "shape":"ReportJob", - "documentation":"

A list of information about a report job, including its completion and creation times, report destination, unique report job ID, Amazon Resource Name (ARN), report template, status, and status message.

" + "documentation":"

The information about a report job, including its completion and creation times, report destination, unique report job ID, Amazon Resource Name (ARN), report template, status, and status message.

" } } }, @@ -3737,7 +3751,7 @@ }, "CreatedResourceArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a resource whose recovery point is being restored. The format of the ARN depends on the resource type of the backed-up resource.

" + "documentation":"

The Amazon Resource Name (ARN) of the resource that was created by the restore job.

The format of the ARN depends on the resource type of the backed-up resource.

" }, "ResourceType":{ "shape":"ResourceType", @@ -3745,7 +3759,7 @@ }, "RecoveryPointCreationDate":{ "shape":"timestamp", - "documentation":"

This is the creation date of the recovery point made by the specifed restore job.

" + "documentation":"

The creation date of the recovery point made by the specifed restore job.

" }, "CreatedBy":{ "shape":"RestoreJobCreator", @@ -3753,15 +3767,15 @@ }, "ValidationStatus":{ "shape":"RestoreValidationStatus", - "documentation":"

This is the status of validation run on the indicated restore job.

" + "documentation":"

The status of validation run on the indicated restore job.

" }, "ValidationStatusMessage":{ "shape":"string", - "documentation":"

This describes the status of validation run on the indicated restore job.

" + "documentation":"

The status message.

" }, "DeletionStatus":{ "shape":"RestoreDeletionStatus", - "documentation":"

This notes the status of the data generated by the restore test. The status may be Deleting, Failed, or Successful.

" + "documentation":"

The status of the data generated by the restore test.

" }, "DeletionStatusMessage":{ "shape":"string", @@ -3778,13 +3792,13 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

This is the name of a logical container where the child (nested) recovery point is stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where the child (nested) recovery point is stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, "RecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the Amazon Resource Name (ARN) that uniquely identifies the child (nested) recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

", + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies the child (nested) recovery point; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

", "location":"uri", "locationName":"recoveryPointArn" } @@ -3876,7 +3890,7 @@ }, "ControlInputParameters":{ "shape":"ControlInputParameters", - "documentation":"

A list of ParameterName and ParameterValue pairs.

" + "documentation":"

The name/value pairs.

" }, "ControlScope":{ "shape":"ControlScope", @@ -3996,7 +4010,7 @@ }, "LastExecutionDate":{ "shape":"timestamp", - "documentation":"

The last time a job to back up resources was run with this backup plan. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" + "documentation":"

The last time this backup plan was run. A date and time, in Unix format and Coordinated Universal Time (UTC). The value of LastExecutionDate is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26, 2018 12:11:30.087 AM.

" }, "AdvancedBackupSettings":{ "shape":"AdvancedBackupSettings", @@ -4056,7 +4070,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" } @@ -4067,11 +4081,11 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "Policy":{ "shape":"IAMPolicy", @@ -4085,7 +4099,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" } @@ -4096,11 +4110,11 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "SNSTopicArn":{ "shape":"ARN", @@ -4118,7 +4132,7 @@ "members":{ "LegalHoldId":{ "shape":"string", - "documentation":"

This is the ID required to use GetLegalHold. This unique ID is associated with a specific legal hold.

", + "documentation":"

The ID of the legal hold.

", "location":"uri", "locationName":"legalHoldId" } @@ -4129,43 +4143,43 @@ "members":{ "Title":{ "shape":"string", - "documentation":"

This is the string title of the legal hold.

" + "documentation":"

The title of the legal hold.

" }, "Status":{ "shape":"LegalHoldStatus", - "documentation":"

This is the status of the legal hold. Statuses can be ACTIVE, CREATING, CANCELED, and CANCELING.

" + "documentation":"

The status of the legal hold.

" }, "Description":{ "shape":"string", - "documentation":"

This is the returned string description of the legal hold.

" + "documentation":"

The description of the legal hold.

" }, "CancelDescription":{ "shape":"string", - "documentation":"

String describing the reason for removing the legal hold.

" + "documentation":"

The reason for removing the legal hold.

" }, "LegalHoldId":{ "shape":"string", - "documentation":"

This is the returned ID associated with a specified legal hold.

" + "documentation":"

The ID of the legal hold.

" }, "LegalHoldArn":{ "shape":"ARN", - "documentation":"

This is the returned framework ARN for the specified legal hold. An Amazon Resource Name (ARN) uniquely identifies a resource. The format of the ARN depends on the resource type.

" + "documentation":"

The framework ARN for the specified legal hold. The format of the ARN depends on the resource type.

" }, "CreationDate":{ "shape":"timestamp", - "documentation":"

Time in number format when legal hold was created.

" + "documentation":"

The time when the legal hold was created.

" }, "CancellationDate":{ "shape":"timestamp", - "documentation":"

Time in number when legal hold was cancelled.

" + "documentation":"

The time when the legal hold was cancelled.

" }, "RetainRecordUntil":{ "shape":"timestamp", - "documentation":"

This is the date and time until which the legal hold record will be retained.

" + "documentation":"

The date and time until which the legal hold record is retained.

" }, "RecoveryPointSelection":{ "shape":"RecoveryPointSelection", - "documentation":"

This specifies criteria to assign a set of resources, such as resource types or backup vaults.

" + "documentation":"

The criteria to assign a set of resources, such as resource types or backup vaults.

" } } }, @@ -4178,7 +4192,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -4190,7 +4204,7 @@ }, "BackupVaultAccountId":{ "shape":"AccountId", - "documentation":"

This is the account ID of the specified backup vault.

", + "documentation":"

The account ID of the specified backup vault.

", "location":"querystring", "locationName":"backupVaultAccountId" } @@ -4201,7 +4215,7 @@ "members":{ "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "RecoveryPointArn":{ "shape":"ARN", @@ -4213,7 +4227,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

This is the resource type associated with the recovery point.

" + "documentation":"

The resource type of the recovery point.

" } } }, @@ -4251,7 +4265,7 @@ "members":{ "BackupVaultAccountId":{ "shape":"String", - "documentation":"

This is the account ID of the specified backup vault.

", + "documentation":"

The account ID of the specified backup vault.

", "location":"querystring", "locationName":"BackupVaultAccountId" }, @@ -4337,7 +4351,7 @@ "members":{ "ResourceTypes":{ "shape":"ResourceTypes", - "documentation":"

Contains a string with the supported Amazon Web Services resource types:

" + "documentation":"

Contains a string with the supported Amazon Web Services resource types:

" } } }, @@ -4429,31 +4443,31 @@ "members":{ "Title":{ "shape":"string", - "documentation":"

This is the title of a legal hold.

" + "documentation":"

The title of a legal hold.

" }, "Status":{ "shape":"LegalHoldStatus", - "documentation":"

This is the status of the legal hold. Statuses can be ACTIVE, CREATING, CANCELED, and CANCELING.

" + "documentation":"

The status of the legal hold.

" }, "Description":{ "shape":"string", - "documentation":"

This is the description of a legal hold.

" + "documentation":"

The description of a legal hold.

" }, "LegalHoldId":{ "shape":"string", - "documentation":"

ID of specific legal hold on one or more recovery points.

" + "documentation":"

The ID of the legal hold.

" }, "LegalHoldArn":{ "shape":"ARN", - "documentation":"

This is an Amazon Resource Number (ARN) that uniquely identifies the legal hold; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" + "documentation":"

The Amazon Resource Name (ARN) of the legal hold; for example, arn:aws:backup:us-east-1:123456789012:recovery-point:1EB3B5E7-9EB0-435A-A80B-108B488B0D45.

" }, "CreationDate":{ "shape":"timestamp", - "documentation":"

This is the time in number format when legal hold was created.

" + "documentation":"

The time when the legal hold was created.

" }, "CancellationDate":{ "shape":"timestamp", - "documentation":"

This is the time in number format when legal hold was cancelled.

" + "documentation":"

The time when the legal hold was cancelled.

" } }, "documentation":"

A legal hold is an administrative tool that helps prevent backups from being deleted while under a hold. While the hold is in place, backups under a hold cannot be deleted and lifecycle policies that would alter the backup status (such as transition to cold storage) are delayed until the legal hold is removed. A backup can have more than one legal hold. Legal holds are applied to one or more backups (also known as recovery points). These backups can be filtered by resource types and by resource IDs.

" @@ -4476,18 +4490,18 @@ "members":{ "MoveToColdStorageAfterDays":{ "shape":"Long", - "documentation":"

Specifies the number of days after creation that a recovery point is moved to cold storage.

" + "documentation":"

The number of days after creation that a recovery point is moved to cold storage.

" }, "DeleteAfterDays":{ "shape":"Long", - "documentation":"

Specifies the number of days after creation that a recovery point is deleted. Must be greater than 90 days plus MoveToColdStorageAfterDays.

" + "documentation":"

The number of days after creation that a recovery point is deleted. This value must be at least 90 days after the number of days specified in MoveToColdStorageAfterDays.

" }, "OptInToArchiveForSupportedResources":{ "shape":"Boolean", - "documentation":"

Optional Boolean. If this is true, this setting will instruct your backup plan to transition supported resources to archive (cold) storage tier in accordance with your lifecycle settings.

" + "documentation":"

If the value is true, your backup plan transitions supported resources to archive (cold) storage tier in accordance with your lifecycle settings.

" } }, - "documentation":"

Contains an array of Transition objects specifying how long in days before a recovery point transitions to cold storage or is deleted.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

Specifies the time period, in days, before a recovery point transitions to cold storage or is deleted.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, on the console, the retention setting must be 90 days greater than the transition to cold after days setting. The transition to cold after days setting can't be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

To remove the existing lifecycle and retention periods and keep your recovery points indefinitely, specify -1 for MoveToColdStorageAfterDays and DeleteAfterDays.

" }, "LimitExceededException":{ "type":"structure", @@ -4535,13 +4549,13 @@ }, "AggregationPeriod":{ "shape":"AggregationPeriod", - "documentation":"

This is the period that sets the boundaries for returned results.

Acceptable values include

", + "documentation":"

The period for the returned results.

", "location":"querystring", "locationName":"AggregationPeriod" }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

This parameter sets the maximum number of items to be returned.

The value is an integer. Range of accepted values is from 1 to 500.

", + "documentation":"

The maximum number of items to be returned.

The value is an integer. Range of accepted values is from 1 to 500.

", "location":"querystring", "locationName":"MaxResults" }, @@ -4558,11 +4572,11 @@ "members":{ "BackupJobSummaries":{ "shape":"BackupJobSummaryList", - "documentation":"

This request returns a summary that contains Region, Account, State, ResourceType, MessageCategory, StartTime, EndTime, and Count of included jobs.

" + "documentation":"

The summary information.

" }, "AggregationPeriod":{ "shape":"string", - "documentation":"

This is the period that sets the boundaries for returned results.

" + "documentation":"

The period for the returned results.

" }, "NextToken":{ "shape":"string", @@ -4599,7 +4613,7 @@ }, "ByBackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

Returns only backup jobs that will be stored in the specified backup vault. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

Returns only backup jobs that will be stored in the specified backup vault. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"querystring", "locationName":"backupVaultName" }, @@ -4617,7 +4631,7 @@ }, "ByResourceType":{ "shape":"ResourceType", - "documentation":"

Returns only backup jobs for the specified resources:

", + "documentation":"

Returns only backup jobs for the specified resources:

", "location":"querystring", "locationName":"resourceType" }, @@ -4677,7 +4691,7 @@ }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

The maximum number of items to be returned.

", + "documentation":"

The maximum number of items to return.

", "location":"querystring", "locationName":"maxResults" } @@ -4765,7 +4779,7 @@ }, "BackupPlansList":{ "shape":"BackupPlansList", - "documentation":"

An array of backup plan list items containing metadata about your saved backup plans.

" + "documentation":"

Information about the backup plans.

" } } }, @@ -4877,7 +4891,7 @@ }, "AggregationPeriod":{ "shape":"AggregationPeriod", - "documentation":"

This is the period that sets the boundaries for returned results.

", + "documentation":"

The period for the returned results.

", "location":"querystring", "locationName":"AggregationPeriod" }, @@ -4904,7 +4918,7 @@ }, "AggregationPeriod":{ "shape":"string", - "documentation":"

This is the period that sets the boundaries for returned results.

" + "documentation":"

The period for the returned results.

" }, "NextToken":{ "shape":"string", @@ -4953,13 +4967,13 @@ }, "ByResourceType":{ "shape":"ResourceType", - "documentation":"

Returns only backup jobs for the specified resources:

", + "documentation":"

Returns only backup jobs for the specified resources:

", "location":"querystring", "locationName":"resourceType" }, "ByDestinationVaultArn":{ "shape":"string", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a source backup vault to copy from; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

", + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a source backup vault to copy from; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

", "location":"querystring", "locationName":"destinationVaultArn" }, @@ -5030,7 +5044,7 @@ "members":{ "Frameworks":{ "shape":"FrameworkList", - "documentation":"

A list of frameworks with details for each framework, including the framework name, Amazon Resource Name (ARN), description, number of controls, creation time, and deployment status.

" + "documentation":"

The frameworks with details for each framework, including the framework name, Amazon Resource Name (ARN), description, number of controls, creation time, and deployment status.

" }, "NextToken":{ "shape":"string", @@ -5078,13 +5092,13 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

This is the list of protected resources by backup vault within the vault(s) you specify by name.

", + "documentation":"

The list of protected resources by backup vault within the vault(s) you specify by name.

", "location":"uri", "locationName":"backupVaultName" }, "BackupVaultAccountId":{ "shape":"AccountId", - "documentation":"

This is the list of protected resources by backup vault within the vault(s) you specify by account ID.

", + "documentation":"

The list of protected resources by backup vault within the vault(s) you specify by account ID.

", "location":"querystring", "locationName":"backupVaultAccountId" }, @@ -5151,7 +5165,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

Backup vault name might not be available when a supported service creates the backup.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

Backup vault name might not be available when a supported service creates the backup.

", "location":"uri", "locationName":"backupVaultName" }, @@ -5181,7 +5195,7 @@ }, "ByResourceType":{ "shape":"ResourceType", - "documentation":"

Returns only recovery points that match the specified resource type(s):

", + "documentation":"

Returns only recovery points that match the specified resource type(s):

", "location":"querystring", "locationName":"resourceType" }, @@ -5230,19 +5244,19 @@ "members":{ "LegalHoldId":{ "shape":"string", - "documentation":"

This is the ID of the legal hold.

", + "documentation":"

The ID of the legal hold.

", "location":"uri", "locationName":"legalHoldId" }, "NextToken":{ "shape":"string", - "documentation":"

This is the next item following a partial list of returned resources. For example, if a request is made to return MaxResults number of resources, NextToken allows you to return more items in your list starting at the location pointed to by the next token.

", + "documentation":"

The next item following a partial list of returned resources. For example, if a request is made to return MaxResults number of resources, NextToken allows you to return more items in your list starting at the location pointed to by the next token.

", "location":"querystring", "locationName":"nextToken" }, "MaxResults":{ "shape":"MaxResults", - "documentation":"

This is the maximum number of resource list items to be returned.

", + "documentation":"

The maximum number of resource list items to be returned.

", "location":"querystring", "locationName":"maxResults" } @@ -5253,11 +5267,11 @@ "members":{ "RecoveryPoints":{ "shape":"RecoveryPointsList", - "documentation":"

This is a list of the recovery points returned by ListRecoveryPointsByLegalHold.

" + "documentation":"

The recovery points.

" }, "NextToken":{ "shape":"string", - "documentation":"

This return is the next item following a partial list of returned resources.

" + "documentation":"

The next item following a partial list of returned resources.

" } } }, @@ -5380,7 +5394,7 @@ "members":{ "ReportPlans":{ "shape":"ReportPlanList", - "documentation":"

A list of your report plans with detailed information for each plan. This information includes the Amazon Resource Name (ARN), report plan name, description, settings, delivery channel, deployment status, creation time, and last times the report plan attempted to and successfully ran.

" + "documentation":"

The report plans with detailed information for each plan. This information includes the Amazon Resource Name (ARN), report plan name, description, settings, delivery channel, deployment status, creation time, and last times the report plan attempted to and successfully ran.

" }, "NextToken":{ "shape":"string", @@ -5411,7 +5425,7 @@ }, "AggregationPeriod":{ "shape":"AggregationPeriod", - "documentation":"

This is the period that sets the boundaries for returned results.

Acceptable values include

", + "documentation":"

The period for the returned results.

", "location":"querystring", "locationName":"AggregationPeriod" }, @@ -5438,7 +5452,7 @@ }, "AggregationPeriod":{ "shape":"string", - "documentation":"

This is the period that sets the boundaries for returned results.

" + "documentation":"

The period for the returned results.

" }, "NextToken":{ "shape":"string", @@ -5524,7 +5538,7 @@ }, "ByResourceType":{ "shape":"ResourceType", - "documentation":"

Include this parameter to return only restore jobs for the specified resources:

", + "documentation":"

Include this parameter to return only restore jobs for the specified resources:

", "location":"querystring", "locationName":"resourceType" }, @@ -5693,7 +5707,7 @@ }, "Tags":{ "shape":"Tags", - "documentation":"

To help organize your resources, you can assign your own metadata to the resources you create. Each tag is a key-value pair.

" + "documentation":"

Information about the tags.

" } } }, @@ -5753,15 +5767,15 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "LastBackupVaultArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Name) of the backup vault that contains the most recent backup recovery point.

" + "documentation":"

The ARN (Amazon Resource Name) of the backup vault that contains the most recent backup recovery point.

" }, "LastRecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the ARN (Amazon Resource Name) of the most recent recovery point.

" + "documentation":"

The ARN (Amazon Resource Name) of the most recent recovery point.

" } }, "documentation":"

A structure that contains information about a backed-up resource.

" @@ -5778,7 +5792,7 @@ "documentation":"

Filters the values of your tagged resources for only those resources that you tagged that do not have the same value. Also called \"negated matching.\"

" } }, - "documentation":"

A list of conditions that you define for resources in your restore testing plan using tags.

For example, \"StringEquals\": { \"Key\": \"aws:ResourceTag/CreatedByCryo\", \"Value\": \"true\" },. Condition operators are case sensitive.

" + "documentation":"

The conditions that you define for resources in your restore testing plan using tags.

" }, "ProtectedResourcesList":{ "type":"list", @@ -5790,7 +5804,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -5812,7 +5826,7 @@ }, "MinRetentionDays":{ "shape":"Long", - "documentation":"

The Backup Vault Lock configuration that specifies the minimum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to retain certain data for at least seven years (2555 days).

If this parameter is not specified, Vault Lock will not enforce a minimum retention period.

If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. The shortest minimum retention period you can specify is 1 day. Recovery points already saved in the vault prior to Vault Lock are not affected.

" + "documentation":"

The Backup Vault Lock configuration that specifies the minimum retention period that the vault retains its recovery points. This setting can be useful if, for example, your organization's policies require you to retain certain data for at least seven years (2555 days).

This parameter is required when a vault lock is created through CloudFormation; otherwise, this parameter is optional. If this parameter is not specified, Vault Lock will not enforce a minimum retention period.

If this parameter is specified, any backup or copy job to the vault must have a lifecycle policy with a retention period equal to or longer than the minimum retention period. If the job's retention period is shorter than that minimum retention period, then the vault fails that backup or copy job, and you should either modify your lifecycle settings or use a different vault. The shortest minimum retention period you can specify is 1 day. Recovery points already saved in the vault prior to Vault Lock are not affected.

" }, "MaxRetentionDays":{ "shape":"Long", @@ -5834,7 +5848,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -5844,7 +5858,7 @@ }, "BackupVaultEvents":{ "shape":"BackupVaultEvents", - "documentation":"

An array of events that indicate the status of jobs to back up resources to the backup vault.

For common use cases and code samples, see Using Amazon SNS to track Backup events.

The following events are supported:

The list below shows items that are deprecated events (for reference) and are no longer in use. They are no longer supported and will not return statuses or notifications. Refer to the list above for current supported events.

" + "documentation":"

An array of events that indicate the status of jobs to back up resources to the backup vault.

For common use cases and code samples, see Using Amazon SNS to track Backup events.

The following events are supported:

The list below includes both supported events and deprecated events that are no longer in use (for reference). Deprecated events do not return statuses or notifications. Refer to the list above for the supported events.

" } } }, @@ -5863,7 +5877,7 @@ }, "ValidationStatus":{ "shape":"RestoreValidationStatus", - "documentation":"

This is the status of your restore validation.

" + "documentation":"

The status of your restore validation.

" }, "ValidationStatusMessage":{ "shape":"string", @@ -5880,11 +5894,11 @@ }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "SourceBackupVaultArn":{ "shape":"ARN", @@ -5912,7 +5926,7 @@ }, "StatusMessage":{ "shape":"string", - "documentation":"

A message explaining the reason of the recovery point deletion failure.

" + "documentation":"

A message explaining the current status of the recovery point.

" }, "CreationDate":{ "shape":"timestamp", @@ -5932,7 +5946,7 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

" }, "EncryptionKeyArn":{ "shape":"ARN", @@ -5948,11 +5962,11 @@ }, "ParentRecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the Amazon Resource Name (ARN) of the parent (composite) recovery point.

" + "documentation":"

The Amazon Resource Name (ARN) of the parent (composite) recovery point.

" }, "CompositeMemberIdentifier":{ "shape":"string", - "documentation":"

This is the identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" + "documentation":"

The identifier of a resource within a composite group, such as nested (child) recovery point belonging to a composite (parent) stack. The ID is transferred from the logical ID within a stack.

" }, "IsParent":{ "shape":"boolean", @@ -5960,11 +5974,11 @@ }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "VaultType":{ "shape":"VaultType", - "documentation":"

This is the type of vault in which the described recovery point is stored.

" + "documentation":"

The type of vault in which the described recovery point is stored.

" } }, "documentation":"

Contains detailed information about the recovery points stored in a backup vault.

" @@ -5990,7 +6004,7 @@ }, "StatusMessage":{ "shape":"string", - "documentation":"

A message explaining the reason of the recovery point deletion failure.

" + "documentation":"

A message explaining the current status of the recovery point.

" }, "EncryptionKeyArn":{ "shape":"ARN", @@ -6002,7 +6016,7 @@ }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "IsParent":{ "shape":"boolean", @@ -6010,15 +6024,15 @@ }, "ParentRecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the Amazon Resource Name (ARN) of the parent (composite) recovery point.

" + "documentation":"

The Amazon Resource Name (ARN) of the parent (composite) recovery point.

" }, "ResourceName":{ "shape":"string", - "documentation":"

This is the non-unique name of the resource that belongs to the specified backup.

" + "documentation":"

The non-unique name of the resource that belongs to the specified backup.

" }, "VaultType":{ "shape":"VaultType", - "documentation":"

This is the type of vault in which the described recovery point is stored.

" + "documentation":"

The type of vault in which the described recovery point is stored.

" } }, "documentation":"

Contains detailed information about a saved recovery point.

" @@ -6054,19 +6068,19 @@ "members":{ "RecoveryPointArn":{ "shape":"ARN", - "documentation":"

This is the Amazon Resource Name (ARN) of the parent (composite) recovery point.

" + "documentation":"

The Amazon Resource Name (ARN) of the parent (composite) recovery point.

" }, "ResourceArn":{ "shape":"ARN", - "documentation":"

This is the Amazon Resource Name (ARN) that uniquely identifies a saved resource.

" + "documentation":"

The Amazon Resource Name (ARN) that uniquely identifies a saved resource.

" }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

This is the Amazon Web Services resource type that is saved as a recovery point.

" + "documentation":"

The Amazon Web Services resource type that is saved as a recovery point.

" }, "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

This is the name of the backup vault (the logical container in which backups are stored).

" + "documentation":"

The name of the backup vault (the logical container in which backups are stored).

" } }, "documentation":"

This is a recovery point which is a child (nested) recovery point of a parent (composite) recovery point. These recovery points can be disassociated from their parent (composite) recovery point, in which case they will no longer be a member.

" @@ -6114,7 +6128,7 @@ }, "Formats":{ "shape":"FormatList", - "documentation":"

A list of the format of your reports: CSV, JSON, or both. If not specified, the default format is CSV.

" + "documentation":"

The format of your reports: CSV, JSON, or both. If not specified, the default format is CSV.

" } }, "documentation":"

Contains information from your report plan about where to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.

" @@ -6252,7 +6266,7 @@ }, "Accounts":{ "shape":"stringList", - "documentation":"

These are the accounts to be included in the report.

" + "documentation":"

These are the accounts to be included in the report.

Use string value of ROOT to include all organizational units.

" }, "OrganizationUnits":{ "shape":"stringList", @@ -6260,7 +6274,7 @@ }, "Regions":{ "shape":"stringList", - "documentation":"

These are the Regions to be included in the report.

" + "documentation":"

These are the Regions to be included in the report.

Use the wildcard as the string value to include all Regions.

" } }, "documentation":"

Contains detailed information about a report setting.

" @@ -6437,7 +6451,7 @@ }, "IamRoleArn":{ "shape":"IAMRoleArn", - "documentation":"

Specifies the IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access.

" + "documentation":"

The IAM role ARN used to create the target recovery point; for example, arn:aws:iam::123456789012:role/S3Access.

" }, "ExpectedCompletionTimeMinutes":{ "shape":"Long", @@ -6461,7 +6475,7 @@ }, "ValidationStatus":{ "shape":"RestoreValidationStatus", - "documentation":"

This is the status of validation run on the indicated restore job.

" + "documentation":"

The status of validation run on the indicated restore job.

" }, "ValidationStatusMessage":{ "shape":"string", @@ -6488,7 +6502,7 @@ "members":{ "RecoveryPointSelection":{ "shape":"RestoreTestingRecoveryPointSelection", - "documentation":"

Required: Algorithm; Required: Recovery point types; IncludeVaults (one or more). Optional: SelectionWindowDays ('30' if not specified); ExcludeVaults (list of selectors), defaults to empty list if not listed.

" + "documentation":"

RecoveryPointSelection has five parameters (three required and two optional). The values you specify determine which recovery point is included in the restore test. You must indicate with Algorithm if you want the latest recovery point within your SelectionWindowDays or if you want a random recovery point, and you must indicate through IncludeVaults from which vaults the recovery points can be chosen.

Algorithm (required) Valid values: \"LATEST_WITHIN_WINDOW\" or \"RANDOM_WITHIN_WINDOW\".

Recovery point types (required) Valid values: \"SNAPSHOT\" and/or \"CONTINUOUS\". Include SNAPSHOT to restore only snapshot recovery points; include CONTINUOUS to restore continuous recovery points (point in time restore / PITR); use both to restore either a snapshot or a continuous recovery point. The recovery point will be determined by the value for Algorithm.

IncludeVaults (required). You must include one or more backup vaults. Use the wildcard [\"*\"] or specific ARNs.

SelectionWindowDays (optional) Value must be an integer (in days) from 1 to 365. If not included, the value defaults to 30.

ExcludeVaults (optional). You can choose to input one or more specific backup vault ARNs to exclude those vaults' contents from restore eligibility. Or, you can include a list of selectors. If this parameter and its value are not included, it defaults to empty list.

" }, "RestoreTestingPlanName":{ "shape":"String", @@ -6545,7 +6559,7 @@ }, "RestoreTestingPlanName":{ "shape":"String", - "documentation":"

This is the restore testing plan name.

" + "documentation":"

The restore testing plan name.

" }, "ScheduleExpression":{ "shape":"String", @@ -6589,7 +6603,7 @@ }, "RestoreTestingPlanName":{ "shape":"String", - "documentation":"

This is the restore testing plan name.

" + "documentation":"

The restore testing plan name.

" }, "ScheduleExpression":{ "shape":"String", @@ -6649,14 +6663,14 @@ }, "RecoveryPointTypes":{ "shape":"RestoreTestingRecoveryPointTypeList", - "documentation":"

These are the types of recovery points.

" + "documentation":"

These are the types of recovery points.

Include SNAPSHOT to restore only snapshot recovery points; include CONTINUOUS to restore continuous recovery points (point in time restore / PITR); use both to restore either a snapshot or a continuous recovery point. The recovery point will be determined by the value for Algorithm.

" }, "SelectionWindowDays":{ "shape":"integer", "documentation":"

Accepted values are integers from 1 to 365.

" } }, - "documentation":"

Required: Algorithm; Required: Recovery point types; IncludeVaults(one or more). Optional: SelectionWindowDays ('30' if not specified);ExcludeVaults (list of selectors), defaults to empty list if not listed.

" + "documentation":"

RecoveryPointSelection has five parameters (three required and two optional). The values you specify determine which recovery point is included in the restore test. You must indicate with Algorithm if you want the latest recovery point within your SelectionWindowDays or if you want a random recovery point, and you must indicate through IncludeVaults from which vaults the recovery points can be chosen.

Algorithm (required) Valid values: \"LATEST_WITHIN_WINDOW\" or \"RANDOM_WITHIN_WINDOW\".

Recovery point types (required) Valid values: \"SNAPSHOT\" and/or \"CONTINUOUS\". Include SNAPSHOT to restore only snapshot recovery points; include CONTINUOUS to restore continuous recovery points (point in time restore / PITR); use both to restore either a snapshot or a continuous recovery point. The recovery point will be determined by the value for Algorithm.

IncludeVaults (required). You must include one or more backup vaults. Use the wildcard [\"*\"] or specific ARNs.

SelectionWindowDays (optional) Value must be an integer (in days) from 1 to 365. If not included, the value defaults to 30.

ExcludeVaults (optional). You can choose to input one or more specific backup vault ARNs to exclude those vaults' contents from restore eligibility. Or, you can include a list of selectors. If this parameter and its value are not included, it defaults to empty list.

" }, "RestoreTestingRecoveryPointSelectionAlgorithm":{ "type":"string", @@ -6706,7 +6720,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

This is the unique name of the restore testing selection that belongs to the related restore testing plan.

" + "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

" }, "ValidationWindowHours":{ "shape":"integer", @@ -6759,7 +6773,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

This is the unique name of the restore testing selection that belongs to the related restore testing plan.

" + "documentation":"

The unique name of the restore testing selection that belongs to the related restore testing plan.

" }, "ValidationWindowHours":{ "shape":"integer", @@ -6780,7 +6794,7 @@ "members":{ "CreationTime":{ "shape":"Timestamp", - "documentation":"

This is the date and time that a restore testing selection was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26,2018 12:11:30.087 AM.

" + "documentation":"

The date and time that a restore testing selection was created, in Unix format and Coordinated Universal Time (UTC). The value of CreationTime is accurate to milliseconds. For example, the value 1516925490.087 represents Friday, January 26,2018 12:11:30.087 AM.

" }, "IamRoleArn":{ "shape":"String", @@ -6818,7 +6832,7 @@ }, "ProtectedResourceConditions":{ "shape":"ProtectedResourceConditions", - "documentation":"

A list of conditions that you define for resources in your restore testing plan using tags.

For example, \"StringEquals\": { \"Key\": \"aws:ResourceTag/CreatedByCryo\", \"Value\": \"true\" },. Condition operators are case sensitive.

" + "documentation":"

The conditions that you define for resources in your restore testing plan using tags.

" }, "RestoreMetadataOverrides":{ "shape":"SensitiveStringMap", @@ -6878,7 +6892,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "ResourceArn":{ "shape":"ARN", @@ -6902,15 +6916,15 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

This parameter has a maximum value of 100 years (36,500 days).

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup will transition and expire backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

This parameter has a maximum value of 100 years (36,500 days).

" }, "RecoveryPointTags":{ "shape":"Tags", - "documentation":"

To help organize your resources, you can assign your own metadata to the resources that you create. Each tag is a key-value pair.

" + "documentation":"

The tags to assign to the resources.

" }, "BackupOptions":{ "shape":"BackupOptions", - "documentation":"

Specifies the backup option for a selected resource. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.

Valid values: Set to \"WindowsVSS\":\"enabled\" to enable the WindowsVSS backup option and create a Windows VSS backup. Set to \"WindowsVSS\"\"disabled\" to create a regular backup. The WindowsVSS option is not enabled by default.

" + "documentation":"

The backup option for a selected resource. This option is only available for Windows Volume Shadow Copy Service (VSS) backup jobs.

Valid values: Set to \"WindowsVSS\":\"enabled\" to enable the WindowsVSS backup option and create a Windows VSS backup. Set to \"WindowsVSS\"\"disabled\" to create a regular backup. The WindowsVSS option is not enabled by default.

" } } }, @@ -6950,11 +6964,11 @@ }, "SourceBackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical source container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

" + "documentation":"

The name of a logical source container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

" }, "DestinationBackupVaultArn":{ "shape":"ARN", - "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a destination backup vault to copy to; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An Amazon Resource Name (ARN) that uniquely identifies a destination backup vault to copy to; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "IamRoleArn":{ "shape":"IAMRoleArn", @@ -7023,7 +7037,7 @@ }, "Metadata":{ "shape":"Metadata", - "documentation":"

A set of metadata key-value pairs. Contains information, such as a resource name, required to restore a recovery point.

You can get configuration metadata about a resource at the time it was backed up by calling GetRecoveryPointRestoreMetadata. However, values in addition to those provided by GetRecoveryPointRestoreMetadata might be required to restore a resource. For example, you might need to provide a new resource name if the original already exists.

You need to specify specific metadata to restore an Amazon Elastic File System (Amazon EFS) instance:

" + "documentation":"

A set of metadata key-value pairs.

You can get configuration metadata about a resource at the time it was backed up by calling GetRecoveryPointRestoreMetadata. However, values in addition to those provided by GetRecoveryPointRestoreMetadata might be required to restore a resource. For example, you might need to provide a new resource name if the original already exists.

For more information about the metadata for each resource, see the following:

" }, "IamRoleArn":{ "shape":"IAMRoleArn", @@ -7035,7 +7049,7 @@ }, "ResourceType":{ "shape":"ResourceType", - "documentation":"

Starts a job to restore a recovery point for one of the following resources:

" + "documentation":"

Starts a job to restore a recovery point for one of the following resources:

" }, "CopySourceTagsToRestoredResource":{ "shape":"boolean", @@ -7088,7 +7102,7 @@ "members":{ "ResourceArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.

", + "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.

ARNs that do not include backup are incompatible with tagging. TagResource and UntagResource with invalid ARNs will result in an error. Acceptable ARN content can include arn:aws:backup:us-east. Invalid ARN content may look like arn:aws:ec2:us-east.

", "location":"uri", "locationName":"resourceArn" }, @@ -7116,13 +7130,13 @@ "members":{ "ResourceArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.

", + "documentation":"

An ARN that uniquely identifies a resource. The format of the ARN depends on the type of the tagged resource.

ARNs that do not include backup are incompatible with tagging. TagResource and UntagResource with invalid ARNs will result in an error. Acceptable ARN content can include arn:aws:backup:us-east. Invalid ARN content may look like arn:aws:ec2:us-east.

", "location":"uri", "locationName":"resourceArn" }, "TagKeyList":{ "shape":"TagKeyList", - "documentation":"

A list of keys to identify which key-value tags to remove from a resource.

" + "documentation":"

The keys to identify which key-value tags to remove from a resource.

" } } }, @@ -7135,13 +7149,13 @@ "members":{ "BackupPlanId":{ "shape":"string", - "documentation":"

Uniquely identifies a backup plan.

", + "documentation":"

The ID of the backup plan.

", "location":"uri", "locationName":"backupPlanId" }, "BackupPlan":{ "shape":"BackupPlanInput", - "documentation":"

Specifies the body of a backup plan. Includes a BackupPlanName and one or more sets of Rules.

" + "documentation":"

The body of a backup plan. Includes a BackupPlanName and one or more sets of Rules.

" } } }, @@ -7186,7 +7200,7 @@ }, "FrameworkControls":{ "shape":"FrameworkControls", - "documentation":"

A list of the controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" + "documentation":"

The controls that make up the framework. Each control in the list has a name, input parameters, and scope.

" }, "IdempotencyToken":{ "shape":"string", @@ -7230,7 +7244,7 @@ "members":{ "BackupVaultName":{ "shape":"BackupVaultName", - "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created. They consist of lowercase letters, numbers, and hyphens.

", + "documentation":"

The name of a logical container where backups are stored. Backup vaults are identified by names that are unique to the account used to create them and the Amazon Web Services Region where they are created.

", "location":"uri", "locationName":"backupVaultName" }, @@ -7251,7 +7265,7 @@ "members":{ "BackupVaultArn":{ "shape":"ARN", - "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:vault:aBackupVault.

" + "documentation":"

An ARN that uniquely identifies a backup vault; for example, arn:aws:backup:us-east-1:123456789012:backup-vault:aBackupVault.

" }, "RecoveryPointArn":{ "shape":"ARN", @@ -7259,7 +7273,7 @@ }, "Lifecycle":{ "shape":"Lifecycle", - "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that are able to be transitioned to cold storage are listed in the \"Lifecycle to cold storage\" section of the Feature availability by resource table. Backup ignores this expression for other resource types.

" + "documentation":"

The lifecycle defines when a protected resource is transitioned to cold storage and when it expires. Backup transitions and expires backups automatically according to the lifecycle that you define.

Backups transitioned to cold storage must be stored in cold storage for a minimum of 90 days. Therefore, the “retention” setting must be 90 days greater than the “transition to cold after days” setting. The “transition to cold after days” setting cannot be changed after a backup has been transitioned to cold.

Resource types that can transition to cold storage are listed in the Feature availability by resource table. Backup ignores this expression for other resource types.

" }, "CalculatedLifecycle":{ "shape":"CalculatedLifecycle", @@ -7296,11 +7310,11 @@ }, "ReportDeliveryChannel":{ "shape":"ReportDeliveryChannel", - "documentation":"

A structure that contains information about where to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.

" + "documentation":"

The information about where to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.

" }, "ReportSetting":{ "shape":"ReportSetting", - "documentation":"

Identifies the report template for the report. Reports are built using a report template. The report templates are:

RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT

If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT, this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.

" + "documentation":"

The report template for the report. Reports are built using a report template. The report templates are:

RESOURCE_COMPLIANCE_REPORT | CONTROL_COMPLIANCE_REPORT | BACKUP_JOB_REPORT | COPY_JOB_REPORT | RESTORE_JOB_REPORT

If the report template is RESOURCE_COMPLIANCE_REPORT or CONTROL_COMPLIANCE_REPORT, this API resource also describes the report coverage by Amazon Web Services Regions and frameworks.

" }, "IdempotencyToken":{ "shape":"string", @@ -7339,7 +7353,7 @@ }, "RestoreTestingPlanName":{ "shape":"String", - "documentation":"

This is the restore testing plan name you wish to update.

", + "documentation":"

The name of the restore testing plan name.

", "location":"uri", "locationName":"RestoreTestingPlanName" } @@ -7356,7 +7370,7 @@ "members":{ "CreationTime":{ "shape":"Timestamp", - "documentation":"

This is the time the resource testing plan was created.

" + "documentation":"

The time the resource testing plan was created.

" }, "RestoreTestingPlanArn":{ "shape":"String", @@ -7368,7 +7382,7 @@ }, "UpdateTime":{ "shape":"Timestamp", - "documentation":"

This is the time the update completed for the restore testing plan.

" + "documentation":"

The time the update completed for the restore testing plan.

" } } }, @@ -7392,7 +7406,7 @@ }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

This is the required restore testing selection name of the restore testing selection you wish to update.

", + "documentation":"

The required restore testing selection name of the restore testing selection you wish to update.

", "location":"uri", "locationName":"RestoreTestingSelectionName" } @@ -7410,7 +7424,7 @@ "members":{ "CreationTime":{ "shape":"Timestamp", - "documentation":"

This is the time the resource testing selection was updated successfully.

" + "documentation":"

The time the resource testing selection was updated successfully.

" }, "RestoreTestingPlanArn":{ "shape":"String", @@ -7418,15 +7432,15 @@ }, "RestoreTestingPlanName":{ "shape":"String", - "documentation":"

This is the restore testing plan with which the updated restore testing selection is associated.

" + "documentation":"

The restore testing plan with which the updated restore testing selection is associated.

" }, "RestoreTestingSelectionName":{ "shape":"String", - "documentation":"

This is the returned restore testing selection name.

" + "documentation":"

The returned restore testing selection name.

" }, "UpdateTime":{ "shape":"Timestamp", - "documentation":"

This is the time the update completed for the restore testing selection.

" + "documentation":"

The time the update completed for the restore testing selection.

" } } }, diff --git a/botocore/data/datazone/2018-05-10/paginators-1.json b/botocore/data/datazone/2018-05-10/paginators-1.json index 5fbd673fd3..2899e839b1 100644 --- a/botocore/data/datazone/2018-05-10/paginators-1.json +++ b/botocore/data/datazone/2018-05-10/paginators-1.json @@ -161,6 +161,24 @@ "output_token": "nextToken", "limit_key": "maxResults", "result_key": "items" + }, + "ListDomainUnitsForParent": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "items" + }, + "ListEntityOwners": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "owners" + }, + "ListPolicyGrants": { + "input_token": "nextToken", + "output_token": "nextToken", + "limit_key": "maxResults", + "result_key": "grantList" } } } diff --git a/botocore/data/datazone/2018-05-10/service-2.json b/botocore/data/datazone/2018-05-10/service-2.json index b4f91c15d2..9650622bf4 100644 --- a/botocore/data/datazone/2018-05-10/service-2.json +++ b/botocore/data/datazone/2018-05-10/service-2.json @@ -54,6 +54,49 @@ "documentation":"

Accepts a subscription request to a specific asset.

", "idempotent":true }, + "AddEntityOwner":{ + "name":"AddEntityOwner", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/addOwner", + "responseCode":201 + }, + "input":{"shape":"AddEntityOwnerInput"}, + "output":{"shape":"AddEntityOwnerOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Adds the owner of an entity (a domain unit).

", + "idempotent":true + }, + "AddPolicyGrant":{ + "name":"AddPolicyGrant", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/policies/managed/{entityType}/{entityIdentifier}/addGrant", + "responseCode":201 + }, + "input":{"shape":"AddPolicyGrantInput"}, + "output":{"shape":"AddPolicyGrantOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Adds a policy grant (an authorization policy) to a specified entity, including domain units, environment blueprint configurations, or environment profiles.

", + "idempotent":true + }, "AssociateEnvironmentRole":{ "name":"AssociateEnvironmentRole", "http":{ @@ -287,6 +330,27 @@ "documentation":"

Creates an Amazon DataZone domain.

", "idempotent":true }, + "CreateDomainUnit":{ + "name":"CreateDomainUnit", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/domain-units", + "responseCode":201 + }, + "input":{"shape":"CreateDomainUnitInput"}, + "output":{"shape":"CreateDomainUnitOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Creates a domain unit in Amazon DataZone.

", + "idempotent":true + }, "CreateEnvironment":{ "name":"CreateEnvironment", "http":{ @@ -697,6 +761,27 @@ "documentation":"

Deletes a Amazon DataZone domain.

", "idempotent":true }, + "DeleteDomainUnit":{ + "name":"DeleteDomainUnit", + "http":{ + "method":"DELETE", + "requestUri":"/v2/domains/{domainIdentifier}/domain-units/{identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteDomainUnitInput"}, + "output":{"shape":"DeleteDomainUnitOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Deletes a domain unit.

", + "idempotent":true + }, "DeleteEnvironment":{ "name":"DeleteEnvironment", "http":{ @@ -1134,6 +1219,25 @@ ], "documentation":"

Gets an Amazon DataZone domain.

" }, + "GetDomainUnit":{ + "name":"GetDomainUnit", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/domain-units/{identifier}", + "responseCode":200 + }, + "input":{"shape":"GetDomainUnitInput"}, + "output":{"shape":"GetDomainUnitOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Gets the details of the specified domain unit.

" + }, "GetEnvironment":{ "name":"GetEnvironment", "http":{ @@ -1654,6 +1758,24 @@ ], "documentation":"

Lists data sources in Amazon DataZone.

" }, + "ListDomainUnitsForParent":{ + "name":"ListDomainUnitsForParent", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/domain-units", + "responseCode":200 + }, + "input":{"shape":"ListDomainUnitsForParentInput"}, + "output":{"shape":"ListDomainUnitsForParentOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Lists child domain units for the specified parent domain unit.

" + }, "ListDomains":{ "name":"ListDomains", "http":{ @@ -1675,6 +1797,24 @@ ], "documentation":"

Lists Amazon DataZone domains.

" }, + "ListEntityOwners":{ + "name":"ListEntityOwners", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/owners", + "responseCode":200 + }, + "input":{"shape":"ListEntityOwnersInput"}, + "output":{"shape":"ListEntityOwnersOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Lists the entity (domain units) owners.

" + }, "ListEnvironmentActions":{ "name":"ListEnvironmentActions", "http":{ @@ -1824,6 +1964,24 @@ ], "documentation":"

Lists all Amazon DataZone notifications.

" }, + "ListPolicyGrants":{ + "name":"ListPolicyGrants", + "http":{ + "method":"GET", + "requestUri":"/v2/domains/{domainIdentifier}/policies/managed/{entityType}/{entityIdentifier}/grants", + "responseCode":200 + }, + "input":{"shape":"ListPolicyGrantsInput"}, + "output":{"shape":"ListPolicyGrantsOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Lists policy grants.

" + }, "ListProjectMemberships":{ "name":"ListProjectMemberships", "http":{ @@ -2082,6 +2240,45 @@ "documentation":"

Rejects the specified subscription request.

", "idempotent":true }, + "RemoveEntityOwner":{ + "name":"RemoveEntityOwner", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/entities/{entityType}/{entityIdentifier}/removeOwner", + "responseCode":204 + }, + "input":{"shape":"RemoveEntityOwnerInput"}, + "output":{"shape":"RemoveEntityOwnerOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Removes an owner from an entity.

", + "idempotent":true + }, + "RemovePolicyGrant":{ + "name":"RemovePolicyGrant", + "http":{ + "method":"POST", + "requestUri":"/v2/domains/{domainIdentifier}/policies/managed/{entityType}/{entityIdentifier}/removeGrant", + "responseCode":204 + }, + "input":{"shape":"RemovePolicyGrantInput"}, + "output":{"shape":"RemovePolicyGrantOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Removes a policy grant.

", + "idempotent":true + }, "RevokeSubscription":{ "name":"RevokeSubscription", "http":{ @@ -2342,6 +2539,27 @@ "documentation":"

Updates a Amazon DataZone domain.

", "idempotent":true }, + "UpdateDomainUnit":{ + "name":"UpdateDomainUnit", + "http":{ + "method":"PUT", + "requestUri":"/v2/domains/{domainIdentifier}/domain-units/{identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateDomainUnitInput"}, + "output":{"shape":"UpdateDomainUnitOutput"}, + "errors":[ + {"shape":"InternalServerException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ConflictException"}, + {"shape":"ValidationException"}, + {"shape":"UnauthorizedException"} + ], + "documentation":"

Updates the domain unit.

", + "idempotent":true + }, "UpdateEnvironment":{ "name":"UpdateEnvironment", "http":{ @@ -2805,6 +3023,124 @@ "documentation":"

The parameters of the environment action.

", "union":true }, + "AddEntityOwnerInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "owner" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

", + "idempotencyToken":true + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which you want to add the entity owner.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity to which you want to add an owner.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"DataZoneEntityType", + "documentation":"

The type of an entity.

", + "location":"uri", + "locationName":"entityType" + }, + "owner":{ + "shape":"OwnerProperties", + "documentation":"

The owner that you want to add to the entity.

" + } + } + }, + "AddEntityOwnerOutput":{ + "type":"structure", + "members":{ + } + }, + "AddPolicyGrantInput":{ + "type":"structure", + "required":[ + "detail", + "domainIdentifier", + "entityIdentifier", + "entityType", + "policyType", + "principal" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

", + "idempotencyToken":true + }, + "detail":{ + "shape":"PolicyGrantDetail", + "documentation":"

The details of the policy grant.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to add a policy grant.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity (resource) to which you want to add a policy grant.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"TargetEntityType", + "documentation":"

The type of entity (resource) to which the grant is added.

", + "location":"uri", + "locationName":"entityType" + }, + "policyType":{ + "shape":"ManagedPolicyType", + "documentation":"

The type of policy that you want to grant.

" + }, + "principal":{ + "shape":"PolicyGrantPrincipal", + "documentation":"

The principal to whom the permissions are granted.

" + } + } + }, + "AddPolicyGrantOutput":{ + "type":"structure", + "members":{ + } + }, + "AddToProjectMemberPoolPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, + "AllDomainUnitsGrantFilter":{ + "type":"structure", + "members":{ + }, + "documentation":"

The grant filter for all domain units.

" + }, + "AllUsersGrantFilter":{ + "type":"structure", + "members":{ + }, + "documentation":"

The all users grant filter.

" + }, "ApplicableAssetTypes":{ "type":"list", "member":{"shape":"TypeName"} @@ -4021,6 +4357,16 @@ } } }, + "CreateAssetTypePolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, "CreateDataProductInput":{ "type":"structure", "required":[ @@ -4480,6 +4826,10 @@ "shape":"String", "documentation":"

The URL of the data portal for this Amazon DataZone domain.

" }, + "rootDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the root domain unit.

" + }, "singleSignOn":{ "shape":"SingleSignOn", "documentation":"

The single-sign on configuration of the Amazon DataZone domain.

" @@ -4494,29 +4844,120 @@ } } }, - "CreateEnvironmentActionInput":{ + "CreateDomainUnitInput":{ "type":"structure", "required":[ "domainIdentifier", - "environmentIdentifier", "name", - "parameters" + "parentDomainUnitIdentifier" ], "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

", + "idempotencyToken":true + }, "description":{ - "shape":"String", - "documentation":"

The description of the environment action that is being created in the environment.

" + "shape":"DomainUnitDescription", + "documentation":"

The description of the domain unit.

" }, "domainIdentifier":{ "shape":"DomainId", - "documentation":"

The ID of the Amazon DataZone domain in which the environment action is created.

", + "documentation":"

The ID of the domain where you want to crate a domain unit.

", "location":"uri", "locationName":"domainIdentifier" }, - "environmentIdentifier":{ - "shape":"EnvironmentId", - "documentation":"

The ID of the environment in which the environment action is created.

", - "location":"uri", + "name":{ + "shape":"DomainUnitName", + "documentation":"

The name of the domain unit.

" + }, + "parentDomainUnitIdentifier":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the parent domain unit.

" + } + } + }, + "CreateDomainUnitOutput":{ + "type":"structure", + "required":[ + "ancestorDomainUnitIds", + "domainId", + "id", + "name", + "owners" + ], + "members":{ + "ancestorDomainUnitIds":{ + "shape":"DomainUnitIds", + "documentation":"

The IDs of the ancestor domain units.

" + }, + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The timestamp at which the domain unit was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the domain unit.

" + }, + "description":{ + "shape":"DomainUnitDescription", + "documentation":"

The description of the domain unit.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where the domain unit was created.

" + }, + "id":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, + "name":{ + "shape":"DomainUnitName", + "documentation":"

The name of the domain unit.

" + }, + "owners":{ + "shape":"DomainUnitOwners", + "documentation":"

The owners of the domain unit.

" + }, + "parentDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the parent domain unit.

" + } + } + }, + "CreateDomainUnitPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, + "CreateEnvironmentActionInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "environmentIdentifier", + "name", + "parameters" + ], + "members":{ + "description":{ + "shape":"String", + "documentation":"

The description of the environment action that is being created in the environment.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the Amazon DataZone domain in which the environment action is created.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "environmentIdentifier":{ + "shape":"EnvironmentId", + "documentation":"

The ID of the environment in which the environment action is created.

", + "location":"uri", "locationName":"environmentIdentifier" }, "name":{ @@ -4819,6 +5260,16 @@ } } }, + "CreateEnvironmentProfilePolicyGrantDetail":{ + "type":"structure", + "members":{ + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, "CreateFormTypeInput":{ "type":"structure", "required":[ @@ -4894,6 +5345,16 @@ } } }, + "CreateFormTypePolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, "CreateGlossaryInput":{ "type":"structure", "required":[ @@ -4966,6 +5427,16 @@ } } }, + "CreateGlossaryPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, "CreateGlossaryTermInput":{ "type":"structure", "required":[ @@ -5177,6 +5648,10 @@ "location":"uri", "locationName":"domainIdentifier" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit. This parameter is not required and if it is not specified, then the project is created at the root domain unit level.

" + }, "glossaryTerms":{ "shape":"GlossaryTerms", "documentation":"

The glossary terms that can be used in this Amazon DataZone project.

" @@ -5248,6 +5723,10 @@ "shape":"DomainId", "documentation":"

The identifier of the Amazon DataZone domain in which the project was created.

" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

Specifies the error message that is returned if the operation cannot be successfully completed.

" @@ -5274,6 +5753,16 @@ } } }, + "CreateProjectPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy grant is applied to child domain units.

" + } + }, + "documentation":"

The details of the policy grant.

" + }, "CreateSubscriptionGrantInput":{ "type":"structure", "required":[ @@ -6264,6 +6753,10 @@ "max":256, "min":1 }, + "DataZoneEntityType":{ + "type":"string", + "enum":["DOMAIN_UNIT"] + }, "DateTime":{ "type":"timestamp", "timestampFormat":"iso8601" @@ -6545,6 +7038,32 @@ } } }, + "DeleteDomainUnitInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to delete a domain unit.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit that you want to delete.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "DeleteDomainUnitOutput":{ + "type":"structure", + "members":{ + } + }, "DeleteEnvironmentActionInput":{ "type":"structure", "required":[ @@ -7198,6 +7717,142 @@ }, "documentation":"

A summary of a Amazon DataZone domain.

" }, + "DomainUnitDescription":{ + "type":"string", + "max":2048, + "min":0, + "sensitive":true + }, + "DomainUnitDesignation":{ + "type":"string", + "enum":["OWNER"] + }, + "DomainUnitFilterForProject":{ + "type":"structure", + "required":["domainUnit"], + "members":{ + "domainUnit":{ + "shape":"DomainUnitId", + "documentation":"

The domain unit ID to use in the filter.

" + }, + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether to include child domain units.

", + "box":true + } + }, + "documentation":"

The domain unit filter of the project grant filter.

" + }, + "DomainUnitGrantFilter":{ + "type":"structure", + "members":{ + "allDomainUnitsGrantFilter":{ + "shape":"AllDomainUnitsGrantFilter", + "documentation":"

Specifies a grant filter containing all domain units.

" + } + }, + "documentation":"

The grant filter for the domain unit. In the current release of Amazon DataZone, the only supported filter is the allDomainUnitsGrantFilter.

", + "union":true + }, + "DomainUnitGroupProperties":{ + "type":"structure", + "members":{ + "groupId":{ + "shape":"String", + "documentation":"

The ID of the domain unit group.

" + } + }, + "documentation":"

The properties of a domain unit group.

" + }, + "DomainUnitId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^[a-z0-9_\\-]+$" + }, + "DomainUnitIds":{ + "type":"list", + "member":{"shape":"DomainUnitId"} + }, + "DomainUnitName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[\\w -]+$", + "sensitive":true + }, + "DomainUnitOwnerProperties":{ + "type":"structure", + "members":{ + "group":{ + "shape":"DomainUnitGroupProperties", + "documentation":"

Indicates that the domain unit owner is a group.

" + }, + "user":{ + "shape":"DomainUnitUserProperties", + "documentation":"

Indicates that the domain unit owner is a user.

" + } + }, + "documentation":"

The properties of the domain unit owner.

", + "union":true + }, + "DomainUnitOwners":{ + "type":"list", + "member":{"shape":"DomainUnitOwnerProperties"}, + "max":20, + "min":0 + }, + "DomainUnitPolicyGrantPrincipal":{ + "type":"structure", + "required":["domainUnitDesignation"], + "members":{ + "domainUnitDesignation":{ + "shape":"DomainUnitDesignation", + "documentation":"

Specifes the designation of the domain unit users.

" + }, + "domainUnitGrantFilter":{ + "shape":"DomainUnitGrantFilter", + "documentation":"

The grant filter for the domain unit.

" + }, + "domainUnitIdentifier":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + } + }, + "documentation":"

The domain unit principal to whom the policy is granted.

" + }, + "DomainUnitSummaries":{ + "type":"list", + "member":{"shape":"DomainUnitSummary"} + }, + "DomainUnitSummary":{ + "type":"structure", + "required":[ + "id", + "name" + ], + "members":{ + "id":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit summary.

" + }, + "name":{ + "shape":"String", + "documentation":"

The name of the domain unit summary.

" + } + }, + "documentation":"

The summary of the domain unit.

" + }, + "DomainUnitUserProperties":{ + "type":"structure", + "members":{ + "userId":{ + "shape":"String", + "documentation":"

The ID of teh domain unit user.

" + } + }, + "documentation":"

The properties of the domain unit user.

" + }, "EdgeDirection":{ "type":"string", "enum":[ @@ -7231,6 +7886,10 @@ "type":"string", "pattern":"^[a-zA-Z0-9_-]{1,36}$" }, + "EntityOwners":{ + "type":"list", + "member":{"shape":"OwnerPropertiesOutput"} + }, "EntityType":{ "type":"string", "enum":[ @@ -8592,6 +9251,10 @@ "shape":"String", "documentation":"

The URL of the data portal for this Amazon DataZone domain.

" }, + "rootDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the root domain in Amazon Datazone.

" + }, "singleSignOn":{ "shape":"SingleSignOn", "documentation":"

The single sing-on option of the specified Amazon DataZone domain.

" @@ -8606,6 +9269,78 @@ } } }, + "GetDomainUnitInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to get a domain unit.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"DomainUnitId", + "documentation":"

The identifier of the domain unit that you want to get.

", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetDomainUnitOutput":{ + "type":"structure", + "required":[ + "domainId", + "id", + "name", + "owners" + ], + "members":{ + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The time stamp at which the domain unit was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the domain unit.

" + }, + "description":{ + "shape":"DomainUnitDescription", + "documentation":"

The description of the domain unit.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which the domain unit lives.

" + }, + "id":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, + "lastUpdatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The timestamp at which the domain unit was last updated.

" + }, + "lastUpdatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who last updated the domain unit.

" + }, + "name":{ + "shape":"DomainUnitName", + "documentation":"

The name of the domain unit.

" + }, + "owners":{ + "shape":"DomainUnitOwners", + "documentation":"

The owners of the domain unit.

" + }, + "parentDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the parent domain unit.

" + } + } + }, "GetEnvironmentActionInput":{ "type":"structure", "required":[ @@ -9644,6 +10379,10 @@ "shape":"DomainId", "documentation":"

The ID of the Amazon DataZone domain in which the project exists.

" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

Specifies the error message that is returned if the operation cannot be successfully completed.

" @@ -10461,11 +11200,22 @@ }, "GroupIdentifier":{ "type":"string", - "pattern":"(^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$|[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\t\\n\\r ]+)" + "pattern":"(^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$|[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\t\\n\\r ]+)" + }, + "GroupPolicyGrantPrincipal":{ + "type":"structure", + "members":{ + "groupIdentifier":{ + "shape":"GroupIdentifier", + "documentation":"

The ID Of the group of the group principal.

" + } + }, + "documentation":"

The group principal to whom the policy is granted.

", + "union":true }, "GroupProfileId":{ "type":"string", - "pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$" + "pattern":"^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$" }, "GroupProfileName":{ "type":"string", @@ -11171,11 +11921,58 @@ } } }, - "ListDomainsInput":{ + "ListDomainUnitsForParentInput":{ "type":"structure", + "required":[ + "domainIdentifier", + "parentDomainUnitIdentifier" + ], "members":{ - "maxResults":{ - "shape":"MaxResultsForListDomains", + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain in which you want to list domain units for a parent domain unit.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "maxResults":{ + "shape":"MaxResultsForListDomains", + "documentation":"

The maximum number of domain units to return in a single call to ListDomainUnitsForParent. When the number of domain units to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of domain units is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of domain units, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.

", + "location":"querystring", + "locationName":"nextToken" + }, + "parentDomainUnitIdentifier":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the parent domain unit.

", + "location":"querystring", + "locationName":"parentDomainUnitIdentifier" + } + } + }, + "ListDomainUnitsForParentOutput":{ + "type":"structure", + "required":["items"], + "members":{ + "items":{ + "shape":"DomainUnitSummaries", + "documentation":"

The results returned by this action.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of domain units is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of domain units, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListDomainUnitsForParent to list the next set of domain units.

" + } + } + }, + "ListDomainsInput":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResultsForListDomains", "documentation":"

The maximum number of domains to return in a single call to ListDomains. When the number of domains to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListDomains to list the next set of domains.

", "location":"querystring", "locationName":"maxResults" @@ -11208,6 +12005,60 @@ } } }, + "ListEntityOwnersInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to list entity owners.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity that you want to list.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"DataZoneEntityType", + "documentation":"

The type of the entity that you want to list.

", + "location":"uri", + "locationName":"entityType" + }, + "maxResults":{ + "shape":"MaxResultsForListDomains", + "documentation":"

The maximum number of entities to return in a single call to ListEntityOwners. When the number of entities to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListEntityOwners to list the next set of entities.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of entities is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of entities, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListEntityOwners to list the next set of entities.

", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListEntityOwnersOutput":{ + "type":"structure", + "required":["owners"], + "members":{ + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of entities is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of entities, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListEntityOwners to list the next set of entities.

" + }, + "owners":{ + "shape":"EntityOwners", + "documentation":"

The owners of the entity.

" + } + } + }, "ListEnvironmentActionSummaries":{ "type":"list", "member":{"shape":"EnvironmentActionSummary"} @@ -11691,6 +12542,67 @@ } } }, + "ListPolicyGrantsInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "policyType" + ], + "members":{ + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to list policy grants.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity for which you want to list policy grants.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"TargetEntityType", + "documentation":"

The type of entity for which you want to list policy grants.

", + "location":"uri", + "locationName":"entityType" + }, + "maxResults":{ + "shape":"MaxResultsForListDomains", + "documentation":"

The maximum number of grants to return in a single call to ListPolicyGrants. When the number of grants to be listed is greater than the value of MaxResults, the response contains a NextToken value that you can use in a subsequent call to ListPolicyGrants to list the next set of grants.

", + "location":"querystring", + "locationName":"maxResults" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

", + "location":"querystring", + "locationName":"nextToken" + }, + "policyType":{ + "shape":"ManagedPolicyType", + "documentation":"

The type of policy that you want to list.

", + "location":"querystring", + "locationName":"policyType" + } + } + }, + "ListPolicyGrantsOutput":{ + "type":"structure", + "required":["grantList"], + "members":{ + "grantList":{ + "shape":"PolicyGrantList", + "documentation":"

The results of this action - the listed grants.

" + }, + "nextToken":{ + "shape":"PaginationToken", + "documentation":"

When the number of grants is greater than the default value for the MaxResults parameter, or if you explicitly specify a value for MaxResults that is less than the number of grants, the response includes a pagination token named NextToken. You can specify this NextToken value in a subsequent call to ListPolicyGrants to list the next set of grants.

" + } + } + }, "ListProjectMembershipsInput":{ "type":"structure", "required":[ @@ -12309,6 +13221,22 @@ "min":0, "sensitive":true }, + "ManagedPolicyType":{ + "type":"string", + "enum":[ + "CREATE_DOMAIN_UNIT", + "OVERRIDE_DOMAIN_UNIT_OWNERS", + "ADD_TO_PROJECT_MEMBER_POOL", + "OVERRIDE_PROJECT_OWNERS", + "CREATE_GLOSSARY", + "CREATE_FORM_TYPE", + "CREATE_ASSET_TYPE", + "CREATE_PROJECT", + "CREATE_ENVIRONMENT_PROFILE", + "DELEGATE_CREATE_ENVIRONMENT_PROFILE", + "CREATE_ENVIRONMENT" + ] + }, "MaxResults":{ "type":"integer", "box":true, @@ -12637,11 +13565,203 @@ "type":"list", "member":{"shape":"NotificationOutput"} }, + "OverrideDomainUnitOwnersPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy is inherited by child domain units.

" + } + }, + "documentation":"

The grant details of the override domain unit owners policy.

" + }, + "OverrideProjectOwnersPolicyGrantDetail":{ + "type":"structure", + "members":{ + "includeChildDomainUnits":{ + "shape":"Boolean", + "documentation":"

Specifies whether the policy is inherited by child domain units.

" + } + }, + "documentation":"

The details of the override project owners policy grant.

" + }, + "OwnerGroupProperties":{ + "type":"structure", + "required":["groupIdentifier"], + "members":{ + "groupIdentifier":{ + "shape":"GroupIdentifier", + "documentation":"

The ID of the domain unit owners group.

" + } + }, + "documentation":"

The properties of the domain unit owners group.

" + }, + "OwnerGroupPropertiesOutput":{ + "type":"structure", + "members":{ + "groupId":{ + "shape":"String", + "documentation":"

The ID of the domain unit owners group.

" + } + }, + "documentation":"

The properties of the domain unit owners group.

" + }, + "OwnerProperties":{ + "type":"structure", + "members":{ + "group":{ + "shape":"OwnerGroupProperties", + "documentation":"

Specifies that the domain unit owner is a group.

" + }, + "user":{ + "shape":"OwnerUserProperties", + "documentation":"

Specifies that the domain unit owner is a user.

" + } + }, + "documentation":"

The properties of a domain unit's owner.

", + "union":true + }, + "OwnerPropertiesOutput":{ + "type":"structure", + "members":{ + "group":{ + "shape":"OwnerGroupPropertiesOutput", + "documentation":"

Specifies that the domain unit owner is a group.

" + }, + "user":{ + "shape":"OwnerUserPropertiesOutput", + "documentation":"

Specifies that the domain unit owner is a user.

" + } + }, + "documentation":"

The ID of the domain unit owners group.

", + "union":true + }, + "OwnerUserProperties":{ + "type":"structure", + "required":["userIdentifier"], + "members":{ + "userIdentifier":{ + "shape":"UserIdentifier", + "documentation":"

The ID of the owner user.

" + } + }, + "documentation":"

The properties of the owner user.

" + }, + "OwnerUserPropertiesOutput":{ + "type":"structure", + "members":{ + "userId":{ + "shape":"String", + "documentation":"

The ID of the owner user.

" + } + }, + "documentation":"

The properties of the owner user.

" + }, "PaginationToken":{ "type":"string", "max":8192, "min":1 }, + "PolicyGrantDetail":{ + "type":"structure", + "members":{ + "addToProjectMemberPool":{ + "shape":"AddToProjectMemberPoolPolicyGrantDetail", + "documentation":"

Specifies that the policy grant is to be added to the members of the project.

" + }, + "createAssetType":{ + "shape":"CreateAssetTypePolicyGrantDetail", + "documentation":"

Specifies that this is a create asset type policy.

" + }, + "createDomainUnit":{ + "shape":"CreateDomainUnitPolicyGrantDetail", + "documentation":"

Specifies that this is a create domain unit policy.

" + }, + "createEnvironment":{ + "shape":"Unit", + "documentation":"

Specifies that this is a create environment policy.

" + }, + "createEnvironmentProfile":{ + "shape":"CreateEnvironmentProfilePolicyGrantDetail", + "documentation":"

Specifies that this is a create environment profile policy.

" + }, + "createFormType":{ + "shape":"CreateFormTypePolicyGrantDetail", + "documentation":"

Specifies that this is a create form type policy.

" + }, + "createGlossary":{ + "shape":"CreateGlossaryPolicyGrantDetail", + "documentation":"

Specifies that this is a create glossary policy.

" + }, + "createProject":{ + "shape":"CreateProjectPolicyGrantDetail", + "documentation":"

Specifies that this is a create project policy.

" + }, + "delegateCreateEnvironmentProfile":{ + "shape":"Unit", + "documentation":"

Specifies that this is the delegation of the create environment profile policy.

" + }, + "overrideDomainUnitOwners":{ + "shape":"OverrideDomainUnitOwnersPolicyGrantDetail", + "documentation":"

Specifies whether to override domain unit owners.

" + }, + "overrideProjectOwners":{ + "shape":"OverrideProjectOwnersPolicyGrantDetail", + "documentation":"

Specifies whether to override project owners.

" + } + }, + "documentation":"

The details of the policy grant.

", + "union":true + }, + "PolicyGrantList":{ + "type":"list", + "member":{"shape":"PolicyGrantMember"} + }, + "PolicyGrantMember":{ + "type":"structure", + "members":{ + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

Specifies the timestamp at which policy grant member was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

Specifies the user who created the policy grant member.

" + }, + "detail":{ + "shape":"PolicyGrantDetail", + "documentation":"

The details of the policy grant member.

" + }, + "principal":{ + "shape":"PolicyGrantPrincipal", + "documentation":"

The principal of the policy grant member.

" + } + }, + "documentation":"

A member of the policy grant list.

" + }, + "PolicyGrantPrincipal":{ + "type":"structure", + "members":{ + "domainUnit":{ + "shape":"DomainUnitPolicyGrantPrincipal", + "documentation":"

The domain unit of the policy grant principal.

" + }, + "group":{ + "shape":"GroupPolicyGrantPrincipal", + "documentation":"

The group of the policy grant principal.

" + }, + "project":{ + "shape":"ProjectPolicyGrantPrincipal", + "documentation":"

The project of the policy grant principal.

" + }, + "user":{ + "shape":"UserPolicyGrantPrincipal", + "documentation":"

The user of the policy grant principal.

" + } + }, + "documentation":"

The policy grant principal.

", + "union":true + }, "PostLineageEventInput":{ "type":"structure", "required":[ @@ -12761,6 +13881,24 @@ }, "documentation":"

Specifies the error message that is returned if the operation cannot be successfully completed.

" }, + "ProjectDesignation":{ + "type":"string", + "enum":[ + "OWNER", + "CONTRIBUTOR" + ] + }, + "ProjectGrantFilter":{ + "type":"structure", + "members":{ + "domainUnitFilter":{ + "shape":"DomainUnitFilterForProject", + "documentation":"

The domain unit filter of the project grant filter.

" + } + }, + "documentation":"

The project grant filter.

", + "union":true + }, "ProjectId":{ "type":"string", "pattern":"^[a-zA-Z0-9_-]{1,36}$" @@ -12794,6 +13932,25 @@ "pattern":"^[\\w -]+$", "sensitive":true }, + "ProjectPolicyGrantPrincipal":{ + "type":"structure", + "required":["projectDesignation"], + "members":{ + "projectDesignation":{ + "shape":"ProjectDesignation", + "documentation":"

The project designation of the project policy grant principal.

" + }, + "projectGrantFilter":{ + "shape":"ProjectGrantFilter", + "documentation":"

The project grant filter of the project policy grant principal.

" + }, + "projectIdentifier":{ + "shape":"ProjectId", + "documentation":"

The project ID of the project policy grant principal.

" + } + }, + "documentation":"

The project policy grant principal.

" + }, "ProjectStatus":{ "type":"string", "enum":[ @@ -12831,6 +13988,10 @@ "shape":"DomainId", "documentation":"

The identifier of a Amazon DataZone domain where the project exists.

" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

Specifies the error message that is returned if the operation cannot be successfully completed.

" @@ -13376,6 +14537,97 @@ "type":"list", "member":{"shape":"RelationalFilterConfiguration"} }, + "RemoveEntityOwnerInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "owner" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

", + "idempotencyToken":true + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to remove an owner from an entity.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity from which you want to remove an owner.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"DataZoneEntityType", + "documentation":"

The type of the entity from which you want to remove an owner.

", + "location":"uri", + "locationName":"entityType" + }, + "owner":{ + "shape":"OwnerProperties", + "documentation":"

The owner that you want to remove from an entity.

" + } + } + }, + "RemoveEntityOwnerOutput":{ + "type":"structure", + "members":{ + } + }, + "RemovePolicyGrantInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "entityIdentifier", + "entityType", + "policyType", + "principal" + ], + "members":{ + "clientToken":{ + "shape":"ClientToken", + "documentation":"

A unique, case-sensitive identifier that is provided to ensure the idempotency of the request.

", + "idempotencyToken":true + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to remove a policy grant.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "entityIdentifier":{ + "shape":"String", + "documentation":"

The ID of the entity from which you want to remove a policy grant.

", + "location":"uri", + "locationName":"entityIdentifier" + }, + "entityType":{ + "shape":"TargetEntityType", + "documentation":"

The type of the entity from which you want to remove a policy grant.

", + "location":"uri", + "locationName":"entityType" + }, + "policyType":{ + "shape":"ManagedPolicyType", + "documentation":"

The type of the policy that you want to remove.

" + }, + "principal":{ + "shape":"PolicyGrantPrincipal", + "documentation":"

The principal from which you want to remove a policy grant.

" + } + } + }, + "RemovePolicyGrantOutput":{ + "type":"structure", + "members":{ + } + }, "RequestReason":{ "type":"string", "max":4096, @@ -15023,6 +16275,14 @@ "key":{"shape":"TagKey"}, "value":{"shape":"TagValue"} }, + "TargetEntityType":{ + "type":"string", + "enum":[ + "DOMAIN_UNIT", + "ENVIRONMENT_BLUEPRINT_CONFIGURATION", + "ENVIRONMENT_PROFILE" + ] + }, "TaskId":{ "type":"string", "pattern":"^[a-zA-Z0-9_-]{1,36}$" @@ -15341,6 +16601,12 @@ }, "exception":true }, + "Unit":{ + "type":"structure", + "members":{ + }, + "documentation":"

The details of the policy of creating an environment.

" + }, "UntagResourceRequest":{ "type":"structure", "required":[ @@ -15679,12 +16945,96 @@ "shape":"String", "documentation":"

The name to be updated as part of the UpdateDomain action.

" }, + "rootDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the root domain unit.

" + }, "singleSignOn":{ "shape":"SingleSignOn", "documentation":"

The single sign-on option of the Amazon DataZone domain.

" } } }, + "UpdateDomainUnitInput":{ + "type":"structure", + "required":[ + "domainIdentifier", + "identifier" + ], + "members":{ + "description":{ + "shape":"DomainUnitDescription", + "documentation":"

The description of the domain unit that you want to update.

" + }, + "domainIdentifier":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to update a domain unit.

", + "location":"uri", + "locationName":"domainIdentifier" + }, + "identifier":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit that you want to update.

", + "location":"uri", + "locationName":"identifier" + }, + "name":{ + "shape":"DomainUnitName", + "documentation":"

The name of the domain unit that you want to update.

" + } + } + }, + "UpdateDomainUnitOutput":{ + "type":"structure", + "required":[ + "domainId", + "id", + "name", + "owners" + ], + "members":{ + "createdAt":{ + "shape":"CreatedAt", + "documentation":"

The time stamp at which the domain unit that you want to update was created.

" + }, + "createdBy":{ + "shape":"CreatedBy", + "documentation":"

The user who created the domain unit that you want to update.

" + }, + "description":{ + "shape":"DomainUnitDescription", + "documentation":"

The description of the domain unit that you want to update.

" + }, + "domainId":{ + "shape":"DomainId", + "documentation":"

The ID of the domain where you want to update the domain unit.

" + }, + "id":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit that you want to update.

" + }, + "lastUpdatedAt":{ + "shape":"UpdatedAt", + "documentation":"

The timestamp at which the domain unit was last updated.

" + }, + "lastUpdatedBy":{ + "shape":"UpdatedBy", + "documentation":"

The user who last updated the domain unit.

" + }, + "name":{ + "shape":"DomainUnitName", + "documentation":"

The name of the domain unit that you want to update.

" + }, + "owners":{ + "shape":"DomainUnitOwners", + "documentation":"

The owners of the domain unit that you want to update.

" + }, + "parentDomainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the parent domain unit.

" + } + } + }, "UpdateEnvironmentActionInput":{ "type":"structure", "required":[ @@ -16213,7 +17563,7 @@ }, "domainIdentifier":{ "shape":"DomainId", - "documentation":"

The identifier of the Amazon DataZone domain in which a project is to be updated.

", + "documentation":"

The ID of the Amazon DataZone domain where a project is being updated.

", "location":"uri", "locationName":"domainIdentifier" }, @@ -16258,6 +17608,10 @@ "shape":"DomainId", "documentation":"

The identifier of the Amazon DataZone domain in which a project is updated.

" }, + "domainUnitId":{ + "shape":"DomainUnitId", + "documentation":"

The ID of the domain unit.

" + }, "failureReasons":{ "shape":"FailureReasons", "documentation":"

Specifies the error message that is returned if the operation cannot be successfully completed.

" @@ -16701,7 +18055,22 @@ }, "UserIdentifier":{ "type":"string", - "pattern":"(^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$|^[a-zA-Z_0-9+=,.@-]+$|^arn:aws:iam::\\d{12}:.+$)" + "pattern":"(^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$|^[a-zA-Z_0-9+=,.@-]+$|^arn:aws:iam::\\d{12}:.+$)" + }, + "UserPolicyGrantPrincipal":{ + "type":"structure", + "members":{ + "allUsersGrantFilter":{ + "shape":"AllUsersGrantFilter", + "documentation":"

The all users grant filter of the user policy grant principal.

" + }, + "userIdentifier":{ + "shape":"UserIdentifier", + "documentation":"

The user ID of the user policy grant principal.

" + } + }, + "documentation":"

The user policy grant principal.

", + "union":true }, "UserProfileDetails":{ "type":"structure", @@ -16720,7 +18089,7 @@ }, "UserProfileId":{ "type":"string", - "pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$" + "pattern":"^([0-9a-f]{10}-|)[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}$" }, "UserProfileName":{ "type":"string", diff --git a/botocore/data/logs/2014-03-28/service-2.json b/botocore/data/logs/2014-03-28/service-2.json index ad965a676c..dfbbad7726 100644 --- a/botocore/data/logs/2014-03-28/service-2.json +++ b/botocore/data/logs/2014-03-28/service-2.json @@ -820,7 +820,7 @@ {"shape":"ServiceUnavailableException"}, {"shape":"LimitExceededException"} ], - "documentation":"

Creates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.

Data protection policy

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Subscription filter policy

A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

Each account can have one account-level subscription filter policy. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

" + "documentation":"

Creates an account-level data protection policy or subscription filter policy that applies to all log groups or a subset of log groups in the account.

Data protection policy

A data protection policy can help safeguard sensitive data that's ingested by your log groups by auditing and masking the sensitive log data. Each account can have only one account-level data protection policy.

Sensitive data is detected and masked when it is ingested into a log group. When you set a data protection policy, log events ingested into the log groups before that time are not masked.

If you use PutAccountPolicy to create a data protection policy for your whole account, it applies to both existing log groups and all log groups that are created later in this account. The account-level policy is applied to existing log groups with eventual consistency. It might take up to 5 minutes before sensitive data in existing log groups begins to be masked.

By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks. A user who has the logs:Unmask permission can use a GetLogEvents or FilterLogEvents operation with the unmask parameter set to true to view the unmasked log events. Users with the logs:Unmask can also view unmasked data in the CloudWatch Logs console by running a CloudWatch Logs Insights query with the unmask query command.

For more information, including a list of types of data that can be audited and masked, see Protect sensitive log data with masking.

To use the PutAccountPolicy operation for a data protection policy, you must be signed on with the logs:PutDataProtectionPolicy and logs:PutAccountPolicy permissions.

The PutAccountPolicy operation applies to all log groups in the account. You can use PutDataProtectionPolicy to create a data protection policy that applies to just one log group. If a log group has its own data protection policy and the account also has an account-level data protection policy, then the two policies are cumulative. Any sensitive term specified in either policy is masked.

Subscription filter policy

A subscription filter policy sets up a real-time feed of log events from CloudWatch Logs to other Amazon Web Services services. Account-level subscription filter policies apply to both existing log groups and log groups that are created later in this account. Supported destinations are Kinesis Data Streams, Firehose, and Lambda. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

Each account can have one account-level subscription filter policy per Region. If you are updating an existing filter, you must specify the correct name in PolicyName. To perform a PutAccountPolicy subscription filter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

" }, "PutDataProtectionPolicy":{ "name":"PutDataProtectionPolicy", @@ -952,7 +952,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Creates or updates a metric filter and associates it with the specified log group. With metric filters, you can configure rules to extract metric data from log events ingested through PutLogEvents.

The maximum number of metric filters that can be associated with a log group is 100.

When you create a metric filter, you can also optionally assign a unit and dimensions to the metric that is created.

Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as IPAddress or requestID as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric.

CloudWatch Logs might disable a metric filter if it generates 1,000 different name/value pairs for your specified dimensions within one hour.

You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges.

" + "documentation":"

Creates or updates a metric filter and associates it with the specified log group. With metric filters, you can configure rules to extract metric data from log events ingested through PutLogEvents.

The maximum number of metric filters that can be associated with a log group is 100.

Using regular expressions to create metric filters is supported. For these filters, there is a quotas of quota of two regular expression patterns within a single filter pattern. There is also a quota of five regular expression patterns per log group. For more information about using regular expressions in metric filters, see Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail.

When you create a metric filter, you can also optionally assign a unit and dimensions to the metric that is created.

Metrics extracted from log events are charged as custom metrics. To prevent unexpected high charges, do not specify high-cardinality fields such as IPAddress or requestID as dimensions. Each different value found for a dimension is treated as a separate metric and accrues charges as a separate custom metric.

CloudWatch Logs might disable a metric filter if it generates 1,000 different name/value pairs for your specified dimensions within one hour.

You can also set up a billing alarm to alert you if your charges are higher than expected. For more information, see Creating a Billing Alarm to Monitor Your Estimated Amazon Web Services Charges.

" }, "PutQueryDefinition":{ "name":"PutQueryDefinition", @@ -1014,7 +1014,7 @@ {"shape":"LimitExceededException"}, {"shape":"ServiceUnavailableException"} ], - "documentation":"

Creates or updates a subscription filter and associates it with the specified log group. With subscription filters, you can subscribe to a real-time stream of log events ingested through PutLogEvents and have them delivered to a specific destination. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

Each log group can have up to two subscription filters associated with it. If you are updating an existing filter, you must specify the correct name in filterName.

To perform a PutSubscriptionFilter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

" + "documentation":"

Creates or updates a subscription filter and associates it with the specified log group. With subscription filters, you can subscribe to a real-time stream of log events ingested through PutLogEvents and have them delivered to a specific destination. When log events are sent to the receiving service, they are Base64 encoded and compressed with the GZIP format.

The following destinations are supported for subscription filters:

Each log group can have up to two subscription filters associated with it. If you are updating an existing filter, you must specify the correct name in filterName.

Using regular expressions to create subscription filters is supported. For these filters, there is a quotas of quota of two regular expression patterns within a single filter pattern. There is also a quota of five regular expression patterns per log group. For more information about using regular expressions in subscription filters, see Filter pattern syntax for metric filters, subscription filters, filter log events, and Live Tail.

To perform a PutSubscriptionFilter operation for any destination except a Lambda function, you must also have the iam:PassRole permission.

" }, "StartLiveTail":{ "name":"StartLiveTail", @@ -1031,7 +1031,7 @@ {"shape":"LimitExceededException"}, {"shape":"InvalidOperationException"} ], - "documentation":"

Starts a Live Tail streaming session for one or more log groups. A Live Tail session returns a stream of log events that have been recently ingested in the log groups. For more information, see Use Live Tail to view logs in near real time.

The response to this operation is a response stream, over which the server sends live log events and the client receives them.

The following objects are sent over the stream:

You can end a session before it times out by closing the session stream or by closing the client that is receiving the stream. The session also ends if the established connection between the client and the server breaks.

For examples of using an SDK to start a Live Tail session, see Start a Live Tail session using an Amazon Web Services SDK.

", + "documentation":"

Starts a Live Tail streaming session for one or more log groups. A Live Tail session returns a stream of log events that have been recently ingested in the log groups. For more information, see Use Live Tail to view logs in near real time.

The response to this operation is a response stream, over which the server sends live log events and the client receives them.

The following objects are sent over the stream:

You can end a session before it times out by closing the session stream or by closing the client that is receiving the stream. The session also ends if the established connection between the client and the server breaks.

For examples of using an SDK to start a Live Tail session, see Start a Live Tail session using an Amazon Web Services SDK.

", "endpoint":{"hostPrefix":"streaming-"} }, "StartQuery":{ @@ -2445,6 +2445,66 @@ "type":"string", "max":256 }, + "Entity":{ + "type":"structure", + "members":{ + "keyAttributes":{ + "shape":"EntityKeyAttributes", + "documentation":"

Reserved for future use.

" + }, + "attributes":{ + "shape":"EntityAttributes", + "documentation":"

Reserved for future use.

" + } + }, + "documentation":"

Reserved for future use.

" + }, + "EntityAttributes":{ + "type":"map", + "key":{"shape":"EntityAttributesKey"}, + "value":{"shape":"EntityAttributesValue"}, + "max":10, + "min":0 + }, + "EntityAttributesKey":{ + "type":"string", + "max":256, + "min":1 + }, + "EntityAttributesValue":{ + "type":"string", + "max":512, + "min":1 + }, + "EntityKeyAttributes":{ + "type":"map", + "key":{"shape":"EntityKeyAttributesKey"}, + "value":{"shape":"EntityKeyAttributesValue"}, + "max":3, + "min":2 + }, + "EntityKeyAttributesKey":{ + "type":"string", + "max":32, + "min":1 + }, + "EntityKeyAttributesValue":{ + "type":"string", + "max":512, + "min":1 + }, + "EntityRejectionErrorType":{ + "type":"string", + "enum":[ + "InvalidEntity", + "InvalidTypeValue", + "InvalidKeyAttributes", + "InvalidAttributes", + "EntitySizeTooLarge", + "UnsupportedLogGroupType", + "MissingRequiredFields" + ] + }, "Enumerations":{ "type":"map", "key":{"shape":"TokenString"}, @@ -2598,11 +2658,11 @@ }, "logStreamNames":{ "shape":"InputLogStreamNames", - "documentation":"

Filters the results to only logs from the log streams in this list.

If you specify a value for both logStreamNamePrefix and logStreamNames, the action returns an InvalidParameterException error.

" + "documentation":"

Filters the results to only logs from the log streams in this list.

If you specify a value for both logStreamNames and logStreamNamePrefix, the action returns an InvalidParameterException error.

" }, "logStreamNamePrefix":{ "shape":"LogStreamName", - "documentation":"

Filters the results to include only events from log streams that have names starting with this prefix.

If you specify a value for both logStreamNamePrefix and logStreamNames, but the value for logStreamNamePrefix does not match any log stream names specified in logStreamNames, the action returns an InvalidParameterException error.

" + "documentation":"

Filters the results to include only events from log streams that have names starting with this prefix.

If you specify a value for both logStreamNamePrefix and logStreamNames, the action returns an InvalidParameterException error.

" }, "startTime":{ "shape":"Timestamp", @@ -3649,7 +3709,7 @@ "documentation":"

Contains the values found for a dynamic token, and the number of times each value was found.

" } }, - "documentation":"

A tructures that contains information about one pattern token related to an anomaly.

For more information about patterns and tokens, see CreateLogAnomalyDetector.

" + "documentation":"

A structure that contains information about one pattern token related to an anomaly.

For more information about patterns and tokens, see CreateLogAnomalyDetector.

" }, "PatternTokens":{ "type":"list", @@ -3701,7 +3761,7 @@ }, "policyDocument":{ "shape":"AccountPolicyDocument", - "documentation":"

Specify the policy, in JSON.

Data protection policy

A data protection policy must include two JSON blocks:

For an example data protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match exactly.

In addition to the two JSON blocks, the policyDocument can also include Name, Description, and Version fields. The Name is different than the operation's policyName parameter, and is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.

The JSON specified in policyDocument can be up to 30,720 characters long.

Subscription filter policy

A subscription filter policy can include the following attributes in a JSON block:

" + "documentation":"

Specify the policy, in JSON.

Data protection policy

A data protection policy must include two JSON blocks:

For an example data protection policy, see the Examples section on this page.

The contents of the two DataIdentifer arrays must match exactly.

In addition to the two JSON blocks, the policyDocument can also include Name, Description, and Version fields. The Name is different than the operation's policyName parameter, and is used as a dimension when CloudWatch Logs reports audit findings metrics to CloudWatch.

The JSON specified in policyDocument can be up to 30,720 characters long.

Subscription filter policy

A subscription filter policy can include the following attributes in a JSON block:

" }, "policyType":{ "shape":"PolicyType", @@ -3838,7 +3898,7 @@ }, "logType":{ "shape":"LogType", - "documentation":"

Defines the type of log that the source is sending.

" + "documentation":"

Defines the type of log that the source is sending.

" }, "tags":{ "shape":"Tags", @@ -3934,6 +3994,10 @@ "sequenceToken":{ "shape":"SequenceToken", "documentation":"

The sequence token obtained from the response of the previous PutLogEvents call.

The sequenceToken parameter is now ignored in PutLogEvents actions. PutLogEvents actions are now accepted and never return InvalidSequenceTokenException or DataAlreadyAcceptedException even if the sequence token is not valid.

" + }, + "entity":{ + "shape":"Entity", + "documentation":"

Reserved for future use.

" } } }, @@ -3947,6 +4011,10 @@ "rejectedLogEventsInfo":{ "shape":"RejectedLogEventsInfo", "documentation":"

The rejected events.

" + }, + "rejectedEntityInfo":{ + "shape":"RejectedEntityInfo", + "documentation":"

Reserved for future use.

" } } }, @@ -4235,6 +4303,17 @@ "max":10000, "min":0 }, + "RejectedEntityInfo":{ + "type":"structure", + "required":["errorType"], + "members":{ + "errorType":{ + "shape":"EntityRejectionErrorType", + "documentation":"

Reserved for future use.

" + } + }, + "documentation":"

Reserved for future use.

" + }, "RejectedLogEventsInfo":{ "type":"structure", "members":{ diff --git a/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json b/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json index f7f336276e..03ccfa2063 100644 --- a/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json +++ b/botocore/data/redshift-data/2019-12-20/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/botocore/data/redshift-data/2019-12-20/service-2.json b/botocore/data/redshift-data/2019-12-20/service-2.json index 2c67045ba9..3c0818ad76 100644 --- a/botocore/data/redshift-data/2019-12-20/service-2.json +++ b/botocore/data/redshift-data/2019-12-20/service-2.json @@ -5,6 +5,7 @@ "endpointPrefix":"redshift-data", "jsonVersion":"1.1", "protocol":"json", + "protocols":["json"], "serviceFullName":"Redshift Data API Service", "serviceId":"Redshift Data", "signatureVersion":"v4", @@ -23,8 +24,10 @@ "output":{"shape":"BatchExecuteStatementOutput"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ActiveSessionsExceededException"}, {"shape":"ActiveStatementsExceededException"}, - {"shape":"BatchExecuteStatementException"} + {"shape":"BatchExecuteStatementException"}, + {"shape":"InternalServerException"} ], "documentation":"

Runs one or more SQL statements, which can be data manipulation language (DML) or data definition language (DDL). Depending on the authorization method, use one of the following combinations of request parameters:

For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.

" }, @@ -69,6 +72,7 @@ "output":{"shape":"DescribeTableResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], @@ -84,8 +88,10 @@ "output":{"shape":"ExecuteStatementOutput"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"ActiveSessionsExceededException"}, {"shape":"ExecuteStatementException"}, - {"shape":"ActiveStatementsExceededException"} + {"shape":"ActiveStatementsExceededException"}, + {"shape":"InternalServerException"} ], "documentation":"

Runs an SQL statement, which can be data manipulation language (DML) or data definition language (DDL). This statement must be a single SQL statement. Depending on the authorization method, use one of the following combinations of request parameters:

For more information about the Amazon Redshift Data API and CLI usage examples, see Using the Amazon Redshift Data API in the Amazon Redshift Management Guide.

" }, @@ -114,6 +120,7 @@ "output":{"shape":"ListDatabasesResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], @@ -129,6 +136,7 @@ "output":{"shape":"ListSchemasResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], @@ -158,6 +166,7 @@ "output":{"shape":"ListTablesResponse"}, "errors":[ {"shape":"ValidationException"}, + {"shape":"QueryTimeoutException"}, {"shape":"InternalServerException"}, {"shape":"DatabaseConnectionException"} ], @@ -165,6 +174,14 @@ } }, "shapes":{ + "ActiveSessionsExceededException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

The Amazon Redshift Data API operation failed because the maximum number of active sessions exceeded.

", + "exception":true + }, "ActiveStatementsExceededException":{ "type":"structure", "members":{ @@ -192,10 +209,7 @@ }, "BatchExecuteStatementInput":{ "type":"structure", - "required":[ - "Database", - "Sqls" - ], + "required":["Sqls"], "members":{ "ClientToken":{ "shape":"ClientToken", @@ -203,7 +217,7 @@ "idempotencyToken":true }, "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "Database":{ @@ -218,6 +232,14 @@ "shape":"SecretArn", "documentation":"

The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.

" }, + "SessionId":{ + "shape":"UUID", + "documentation":"

The session identifier of the query.

" + }, + "SessionKeepAliveSeconds":{ + "shape":"SessionAliveSeconds", + "documentation":"

The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.

" + }, "Sqls":{ "shape":"SqlList", "documentation":"

One or more SQL statements to run.

 The SQL statements are run as a single transaction. They run serially in the order of the array. Subsequent SQL statements don't start until the previous statement in the array completes. If any SQL statement fails, then because they are run as one transaction, all work is rolled back.</p> 
" @@ -240,7 +262,7 @@ "type":"structure", "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This element is not returned when connecting to a serverless workgroup.

" }, "CreatedAt":{ @@ -251,18 +273,26 @@ "shape":"String", "documentation":"

The name of the database.

" }, + "DbGroups":{ + "shape":"DbGroupList", + "documentation":"

A list of colon (:) separated names of database groups.

" + }, "DbUser":{ "shape":"String", "documentation":"

The database user name.

" }, "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. This identifier is returned by BatchExecuteStatment.

" }, "SecretArn":{ "shape":"SecretArn", "documentation":"

The name or ARN of the secret that enables access to the database.

" }, + "SessionId":{ + "shape":"UUID", + "documentation":"

The session identifier of the query.

" + }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"

The serverless workgroup name or Amazon Resource Name (ARN). This element is not returned when connecting to a provisioned cluster.

" @@ -291,7 +321,7 @@ "required":["Id"], "members":{ "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement to cancel. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. This identifier is returned by BatchExecuteStatment, ExecuteStatment, and ListStatements.

" } } @@ -310,6 +340,12 @@ "max":64, "min":1 }, + "ClusterIdentifierString":{ + "type":"string", + "max":63, + "min":1, + "pattern":"^[a-z]([a-z0-9]|-[a-z0-9])*$" + }, "ColumnList":{ "type":"list", "member":{"shape":"ColumnMetadata"} @@ -390,12 +426,16 @@ "type":"list", "member":{"shape":"String"} }, + "DbGroupList":{ + "type":"list", + "member":{"shape":"String"} + }, "DescribeStatementRequest":{ "type":"structure", "required":["Id"], "members":{ "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement to describe. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. A suffix indicates the number of the SQL statement. For example, d9b6c0c9-0747-4bf4-b142-e8883122f766:2 has a suffix of :2 that indicates the second SQL statement of a batch query. This identifier is returned by BatchExecuteStatment, ExecuteStatement, and ListStatements.

" } } @@ -433,7 +473,7 @@ "documentation":"

A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set. The value is true if any substatement returns a result set.

" }, "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement described. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.

" }, "QueryParameters":{ @@ -464,6 +504,10 @@ "shape":"SecretArn", "documentation":"

The name or Amazon Resource Name (ARN) of the secret that enables access to the database.

" }, + "SessionId":{ + "shape":"String", + "documentation":"

The session identifier of the query.

" + }, "Status":{ "shape":"StatusString", "documentation":"

The status of the SQL statement being described. Status values are defined as follows:

" @@ -487,7 +531,7 @@ "required":["Database"], "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "ConnectedDatabase":{ @@ -567,10 +611,7 @@ }, "ExecuteStatementInput":{ "type":"structure", - "required":[ - "Database", - "Sql" - ], + "required":["Sql"], "members":{ "ClientToken":{ "shape":"ClientToken", @@ -578,7 +619,7 @@ "idempotencyToken":true }, "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "Database":{ @@ -597,6 +638,14 @@ "shape":"SecretArn", "documentation":"

The name or ARN of the secret that enables access to the database. This parameter is required when authenticating using Secrets Manager.

" }, + "SessionId":{ + "shape":"UUID", + "documentation":"

The session identifier of the query.

" + }, + "SessionKeepAliveSeconds":{ + "shape":"SessionAliveSeconds", + "documentation":"

The number of seconds to keep the session alive after the query finishes. The maximum time a session can keep alive is 24 hours. After 24 hours, the session is forced closed and the query is terminated.

" + }, "Sql":{ "shape":"StatementString", "documentation":"

The SQL statement text to run.

" @@ -619,7 +668,7 @@ "type":"structure", "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This element is not returned when connecting to a serverless workgroup.

" }, "CreatedAt":{ @@ -630,18 +679,26 @@ "shape":"String", "documentation":"

The name of the database.

" }, + "DbGroups":{ + "shape":"DbGroupList", + "documentation":"

A list of colon (:) separated names of database groups.

" + }, "DbUser":{ "shape":"String", "documentation":"

The database user name.

" }, "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.

" }, "SecretArn":{ "shape":"SecretArn", "documentation":"

The name or ARN of the secret that enables access to the database.

" }, + "SessionId":{ + "shape":"UUID", + "documentation":"

The session identifier of the query.

" + }, "WorkgroupName":{ "shape":"WorkgroupNameString", "documentation":"

The serverless workgroup name or Amazon Resource Name (ARN). This element is not returned when connecting to a provisioned cluster.

" @@ -688,7 +745,7 @@ "required":["Id"], "members":{ "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement whose results are to be fetched. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. A suffix indicates then number of the SQL statement. For example, d9b6c0c9-0747-4bf4-b142-e8883122f766:2 has a suffix of :2 that indicates the second SQL statement of a batch query. This identifier is returned by BatchExecuteStatment, ExecuteStatment, and ListStatements.

" }, "NextToken":{ @@ -738,7 +795,7 @@ "required":["Database"], "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "Database":{ @@ -785,7 +842,7 @@ "required":["Database"], "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "ConnectedDatabase":{ @@ -884,7 +941,7 @@ "required":["Database"], "members":{ "ClusterIdentifier":{ - "shape":"Location", + "shape":"ClusterIdentifierString", "documentation":"

The cluster identifier. This parameter is required when connecting to a cluster and authenticating using either Secrets Manager or temporary credentials.

" }, "ConnectedDatabase":{ @@ -938,7 +995,6 @@ } } }, - "Location":{"type":"string"}, "Long":{"type":"long"}, "PageSize":{ "type":"integer", @@ -953,6 +1009,14 @@ "type":"string", "min":1 }, + "QueryTimeoutException":{ + "type":"structure", + "members":{ + "Message":{"shape":"String"} + }, + "documentation":"

The Amazon Redshift Data API operation failed due to timeout.

", + "exception":true + }, "ResourceNotFoundException":{ "type":"structure", "required":[ @@ -977,6 +1041,12 @@ "member":{"shape":"String"} }, "SecretArn":{"type":"string"}, + "SessionAliveSeconds":{ + "type":"integer", + "box":true, + "max":86400, + "min":0 + }, "SqlList":{ "type":"list", "member":{"shape":"StatementString"}, @@ -1019,7 +1089,7 @@ "documentation":"

The date and time (UTC) the statement was created.

" }, "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The SQL statement identifier. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API.

" }, "IsBatchStatement":{ @@ -1042,6 +1112,10 @@ "shape":"SecretArn", "documentation":"

The name or Amazon Resource Name (ARN) of the secret that enables access to the database.

" }, + "SessionId":{ + "shape":"UUID", + "documentation":"

The session identifier of the query.

" + }, "StatementName":{ "shape":"StatementNameString", "documentation":"

The name of the SQL statement.

" @@ -1057,10 +1131,6 @@ }, "documentation":"

The SQL statement to run.

" }, - "StatementId":{ - "type":"string", - "pattern":"^[a-z0-9]{8}(-[a-z0-9]{4}){3}-[a-z0-9]{12}(:\\d+)?$" - }, "StatementList":{ "type":"list", "member":{"shape":"StatementData"} @@ -1120,7 +1190,7 @@ "documentation":"

A value that indicates whether the statement has a result set. The result set can be empty. The value is true for an empty result set.

" }, "Id":{ - "shape":"StatementId", + "shape":"UUID", "documentation":"

The identifier of the SQL statement. This value is a universally unique identifier (UUID) generated by Amazon Redshift Data API. A suffix indicates the number of the SQL statement. For example, d9b6c0c9-0747-4bf4-b142-e8883122f766:2 has a suffix of :2 that indicates the second SQL statement of a batch query.

" }, "QueryString":{ @@ -1177,6 +1247,10 @@ "documentation":"

The properties of a table.

" }, "Timestamp":{"type":"timestamp"}, + "UUID":{ + "type":"string", + "pattern":"^[a-z0-9]{8}(-[a-z0-9]{4}){3}-[a-z0-9]{12}(:\\d+)?$" + }, "ValidationException":{ "type":"structure", "members":{ From 8c5e3e502ec831481848c467150700dfac085c7f Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 30 Aug 2024 18:14:46 +0000 Subject: [PATCH 2/3] Update endpoints model --- botocore/data/endpoints.json | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index 1f468912de..eb50706f93 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -17527,7 +17527,18 @@ "protocols" : [ "https" ] }, "ca-central-1" : { - "protocols" : [ "https" ] + "protocols" : [ "https" ], + "variants" : [ { + "hostname" : "serverlessrepo-fips.ca-central-1.amazonaws.com", + "tags" : [ "fips" ] + } ] + }, + "ca-central-1-fips" : { + "credentialScope" : { + "region" : "ca-central-1" + }, + "deprecated" : true, + "hostname" : "serverlessrepo-fips.ca-central-1.amazonaws.com" }, "eu-central-1" : { "protocols" : [ "https" ] From 6cb9ba2b799c641035c8c5261e7c6f7dba402593 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Fri, 30 Aug 2024 18:15:55 +0000 Subject: [PATCH 3/3] Bumping version to 1.35.10 --- .changes/1.35.10.json | 22 +++++++++++++++++++ .../next-release/api-change-backup-959.json | 5 ----- .../api-change-datazone-52929.json | 5 ----- .../next-release/api-change-logs-19510.json | 5 ----- .../api-change-redshiftdata-15518.json | 5 ----- CHANGELOG.rst | 9 ++++++++ botocore/__init__.py | 2 +- docs/source/conf.py | 4 ++-- 8 files changed, 34 insertions(+), 23 deletions(-) create mode 100644 .changes/1.35.10.json delete mode 100644 .changes/next-release/api-change-backup-959.json delete mode 100644 .changes/next-release/api-change-datazone-52929.json delete mode 100644 .changes/next-release/api-change-logs-19510.json delete mode 100644 .changes/next-release/api-change-redshiftdata-15518.json diff --git a/.changes/1.35.10.json b/.changes/1.35.10.json new file mode 100644 index 0000000000..5a70eb323e --- /dev/null +++ b/.changes/1.35.10.json @@ -0,0 +1,22 @@ +[ + { + "category": "``backup``", + "description": "The latest update introduces two new attributes, VaultType and VaultState, to the DescribeBackupVault and ListBackupVaults APIs. The VaultState attribute reflects the current status of the vault, while the VaultType attribute indicates the specific category of the vault.", + "type": "api-change" + }, + { + "category": "``datazone``", + "description": "Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls.", + "type": "api-change" + }, + { + "category": "``logs``", + "description": "This release introduces a new optional parameter: Entity, in PutLogEvents request", + "type": "api-change" + }, + { + "category": "``redshift-data``", + "description": "The release include the new Redshift DataAPI feature for session use, customer execute query with --session-keep-alive-seconds parameter and can submit follow-up queries to same sessions with returned`session-id`", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-backup-959.json b/.changes/next-release/api-change-backup-959.json deleted file mode 100644 index 6b6ec20a91..0000000000 --- a/.changes/next-release/api-change-backup-959.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``backup``", - "description": "The latest update introduces two new attributes, VaultType and VaultState, to the DescribeBackupVault and ListBackupVaults APIs. The VaultState attribute reflects the current status of the vault, while the VaultType attribute indicates the specific category of the vault." -} diff --git a/.changes/next-release/api-change-datazone-52929.json b/.changes/next-release/api-change-datazone-52929.json deleted file mode 100644 index efbb9ac47e..0000000000 --- a/.changes/next-release/api-change-datazone-52929.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``datazone``", - "description": "Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls." -} diff --git a/.changes/next-release/api-change-logs-19510.json b/.changes/next-release/api-change-logs-19510.json deleted file mode 100644 index db9ba01b8f..0000000000 --- a/.changes/next-release/api-change-logs-19510.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``logs``", - "description": "This release introduces a new optional parameter: Entity, in PutLogEvents request" -} diff --git a/.changes/next-release/api-change-redshiftdata-15518.json b/.changes/next-release/api-change-redshiftdata-15518.json deleted file mode 100644 index 0234b7f327..0000000000 --- a/.changes/next-release/api-change-redshiftdata-15518.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``redshift-data``", - "description": "The release include the new Redshift DataAPI feature for session use, customer execute query with --session-keep-alive-seconds parameter and can submit follow-up queries to same sessions with returned`session-id`" -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 1bb3ea37e8..8fb04035a5 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,15 @@ CHANGELOG ========= +1.35.10 +======= + +* api-change:``backup``: The latest update introduces two new attributes, VaultType and VaultState, to the DescribeBackupVault and ListBackupVaults APIs. The VaultState attribute reflects the current status of the vault, while the VaultType attribute indicates the specific category of the vault. +* api-change:``datazone``: Amazon DataZone now adds new governance capabilities of Domain Units for organization within your Data Domains, and Authorization Policies for tighter controls. +* api-change:``logs``: This release introduces a new optional parameter: Entity, in PutLogEvents request +* api-change:``redshift-data``: The release include the new Redshift DataAPI feature for session use, customer execute query with --session-keep-alive-seconds parameter and can submit follow-up queries to same sessions with returned`session-id` + + 1.35.9 ====== diff --git a/botocore/__init__.py b/botocore/__init__.py index bfb37919b2..024967c42e 100644 --- a/botocore/__init__.py +++ b/botocore/__init__.py @@ -16,7 +16,7 @@ import os import re -__version__ = '1.35.9' +__version__ = '1.35.10' class NullHandler(logging.Handler): diff --git a/docs/source/conf.py b/docs/source/conf.py index 2d3296ac04..2d380db304 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -57,9 +57,9 @@ # built documents. # # The short X.Y version. -version = '1.35' +version = '1.35.' # The full version, including alpha/beta/rc tags. -release = '1.35.9' +release = '1.35.10' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.