A field in a CloudTrail event record on which to filter events to be logged. For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for selecting events as filtering is not supported.
For CloudTrail event records, supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is eventCategory.
readOnly - Optional. Can be set to Equals a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - For filtering management events only. This can be set only to NotEquals kms.amazonaws.com.
eventName - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple values for this field, separated by commas.
eventCategory - This is required and must be set to Equals.
For CloudTrail event records, the value must be Management or Data.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For non-Amazon Web Services events, the value must be ActivityAuditLog.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Node
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
You can have only one resources.type field per selector. To log data events on more than one resource type, add another selector.
resources.ARN - You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type equals AWS::DynamoDB::Stream, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type equals AWS::EC2::Snapshot, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:emrwal:<region>::workspace/<workspace_name>
When resources.type equals AWS::FinSpace::Environment, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type equals AWS::Glue::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type equals AWS::GuardDuty::Detector, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type equals AWS::S3::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith or NotStartsWith operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type equals AWS::S3Outposts::Object, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
A field in a CloudTrail event record on which to filter events to be logged. For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the field is used only for selecting events as filtering is not supported.
For CloudTrail event records, supported fields include readOnly, eventCategory, eventSource (for management events), eventName, resources.type, and resources.ARN.
For event data stores for Config configuration items, Audit Manager evidence, or non-Amazon Web Services events, the only supported field is eventCategory.
readOnly - Optional. Can be set to Equals a value of true or false. If you do not add this field, CloudTrail logs both read and write events. A value of true logs only read events. A value of false logs only write events.
eventSource - For filtering management events only. This can be set only to NotEquals kms.amazonaws.com.
eventName - Can use any operator. You can use it to filter in or filter out any data event logged to CloudTrail, such as PutBucket or GetSnapshotBlock. You can have multiple values for this field, separated by commas.
eventCategory - This is required and must be set to Equals.
For CloudTrail event records, the value must be Management or Data.
For Config configuration items, the value must be ConfigurationItem.
For Audit Manager evidence, the value must be Evidence.
For non-Amazon Web Services events, the value must be ActivityAuditLog.
resources.type - This field is required for CloudTrail data events. resources.type can only use the Equals operator, and the value can be one of the following:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SSMMessages::ControlChannel
AWS::VerifiedPermissions::PolicyStore
You can have only one resources.type field per selector. To log data events on more than one resource type, add another selector.
resources.ARN - You can use any operator with resources.ARN, but if you use Equals or NotEquals, the value must exactly match the ARN of a valid resource of the type you've specified in the template as the value of resources.type. For example, if resources.type equals AWS::S3::Object, the ARN must be in one of the following formats. To log all data events for all objects in a specific S3 bucket, use the StartsWith operator, and include only the bucket ARN as the matching value.
The trailing slash is intentional; do not exclude it. Replace the text between less than and greater than symbols (<>) with resource-specific information.
arn:<partition>:s3:::<bucket_name>/
arn:<partition>:s3:::<bucket_name>/<object_path>/
When resources.type equals AWS::DynamoDB::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>
When resources.type equals AWS::Lambda::Function, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:lambda:<region>:<account_ID>:function:<function_name>
When resources.type equals AWS::CloudTrail::Channel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cloudtrail:<region>:<account_ID>:channel/<channel_UUID>
When resources.type equals AWS::CodeWhisperer::Profile, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:codewhisperer:<region>:<account_ID>:profile/<profile_ID>
When resources.type equals AWS::Cognito::IdentityPool, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:cognito-identity:<region>:<account_ID>:identitypool/<identity_pool_ID>
When resources.type equals AWS::DynamoDB::Stream, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:dynamodb:<region>:<account_ID>:table/<table_name>/stream/<date_time>
When resources.type equals AWS::EC2::Snapshot, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ec2:<region>::snapshot/<snapshot_ID>
When resources.type equals AWS::EMRWAL::Workspace, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:emrwal:<region>::workspace/<workspace_name>
When resources.type equals AWS::FinSpace::Environment, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:finspace:<region>:<account_ID>:environment/<environment_ID>
When resources.type equals AWS::Glue::Table, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:glue:<region>:<account_ID>:table/<database_name>/<table_name>
When resources.type equals AWS::GuardDuty::Detector, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:guardduty:<region>:<account_ID>:detector/<detector_ID>
When resources.type equals AWS::KendraRanking::ExecutionPlan, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:kendra-ranking:<region>:<account_ID>:rescore-execution-plan/<rescore_execution_plan_ID>
When resources.type equals AWS::ManagedBlockchain::Network, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:::networks/<network_name>
When resources.type equals AWS::ManagedBlockchain::Node, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:managedblockchain:<region>:<account_ID>:nodes/<node_ID>
When resources.type equals AWS::MedicalImaging::Datastore, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:medical-imaging:<region>:<account_ID>:datastore/<data_store_ID>
When resources.type equals AWS::SageMaker::ExperimentTrialComponent, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:experiment-trial-component/<experiment_trial_component_name>
When resources.type equals AWS::SageMaker::FeatureGroup, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:sagemaker:<region>:<account_ID>:feature-group/<feature_group_name>
When resources.type equals AWS::S3::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in one of the following formats. To log events on all objects in an S3 access point, we recommend that you use only the access point ARN, don’t include the object path, and use the StartsWith or NotStartsWith operators.
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>
arn:<partition>:s3:<region>:<account_ID>:accesspoint/<access_point_name>/object/<object_path>
When resources.type equals AWS::S3ObjectLambda::AccessPoint, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-object-lambda:<region>:<account_ID>:accesspoint/<access_point_name>
When resources.type equals AWS::S3Outposts::Object, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:s3-outposts:<region>:<account_ID>:<object_path>
When resources.type equals AWS::SSMMessages::ControlChannel, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:ssmmessages:<region>:<account_ID>:control-channel/<channel_ID>
When resources.type equals AWS::VerifiedPermissions::PolicyStore, and the operator is set to Equals or NotEquals, the ARN must be in the following format:
arn:<partition>:verifiedpermissions:<region>:<account_ID>:policy-store/<policy_store_UUID>
The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years.
" + "documentation":"The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years. CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you plan to copy trail events to this event data store, we recommend that you consider both the age of the events that you want to copy as well as how long you want to keep the copied events in your event data store. For example, if you copy trail events that are 5 years old and specify a retention period of 7 years, the event data store will retain those events for two years.
The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
The following resource types are also available through advanced event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see AdvancedFieldSelector.
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Node
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
The resource type in which you want to log data events. You can specify the following basic event selector resource types:
AWS::DynamoDB::Table
AWS::Lambda::Function
AWS::S3::Object
The following resource types are also available through advanced event selectors. Basic event selector resource types are valid in advanced event selectors, but advanced event selector resource types are not valid in basic event selectors. For more information, see AdvancedFieldSelector.
AWS::CloudTrail::Channel
AWS::CodeWhisperer::Profile
AWS::Cognito::IdentityPool
AWS::DynamoDB::Stream
AWS::EC2::Snapshot
AWS::EMRWAL::Workspace
AWS::FinSpace::Environment
AWS::Glue::Table
AWS::GuardDuty::Detector
AWS::KendraRanking::ExecutionPlan
AWS::ManagedBlockchain::Network
AWS::ManagedBlockchain::Node
AWS::MedicalImaging::Datastore
AWS::SageMaker::ExperimentTrialComponent
AWS::SageMaker::FeatureGroup
AWS::S3::AccessPoint
AWS::S3ObjectLambda::AccessPoint
AWS::S3Outposts::Object
AWS::SSMMessages::ControlChannel
AWS::VerifiedPermissions::PolicyStore
You are already running the maximum number of concurrent queries. Wait a minute for some queries to finish, and then run the query again.
", + "documentation":"You are already running the maximum number of concurrent queries. The maximum number of concurrent queries is 10. Wait a minute for some queries to finish, and then run the query again.
", "exception":true }, "MaxQueryResults":{ @@ -4215,7 +4215,7 @@ }, "RetentionPeriod":{ "shape":"RetentionPeriod", - "documentation":"The retention period, in days.
" + "documentation":"The retention period of the event data store, in days. You can set a retention period of up to 2557 days, the equivalent of seven years. CloudTrail Lake determines whether to retain an event by checking if the eventTime of the event is within the specified retention period. For example, if you set a retention period of 90 days, CloudTrail will remove events when the eventTime is older than 90 days.
If you decrease the retention period of an event data store, CloudTrail will remove any events with an eventTime older than the new retention period. For example, if the previous retention period was 365 days and you decrease it to 100 days, CloudTrail will remove events with an eventTime older than 100 days.
This API is in preview release for Amazon Connect and is subject to change.
Associates a security key to the instance.
" }, + "AssociateTrafficDistributionGroupUser":{ + "name":"AssociateTrafficDistributionGroupUser", + "http":{ + "method":"PUT", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"AssociateTrafficDistributionGroupUserRequest"}, + "output":{"shape":"AssociateTrafficDistributionGroupUserResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"Associates an agent with a traffic distribution group.
", + "idempotent":true + }, "ClaimPhoneNumber":{ "name":"ClaimPhoneNumber", "http":{ @@ -1445,6 +1464,25 @@ ], "documentation":"This API is in preview release for Amazon Connect and is subject to change.
Deletes the specified security key.
" }, + "DisassociateTrafficDistributionGroupUser":{ + "name":"DisassociateTrafficDistributionGroupUser", + "http":{ + "method":"DELETE", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"DisassociateTrafficDistributionGroupUserRequest"}, + "output":{"shape":"DisassociateTrafficDistributionGroupUserResponse"}, + "errors":[ + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceConflictException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"Disassociates an agent from a traffic distribution group.
", + "idempotent":true + }, "DismissUserContact":{ "name":"DismissUserContact", "http":{ @@ -1928,7 +1966,7 @@ {"shape":"InternalServiceException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists phone numbers claimed to your Amazon Connect instance or traffic distribution group. If the provided TargetArn is a traffic distribution group, you can call this API in both Amazon Web Services Regions associated with traffic distribution group.
For more information about phone numbers, see Set Up Phone Numbers for Your Contact Center in the Amazon Connect Administrator Guide.
" + "documentation":"Lists phone numbers claimed to your Amazon Connect instance or traffic distribution group. If the provided TargetArn is a traffic distribution group, you can call this API in both Amazon Web Services Regions associated with traffic distribution group.
For more information about phone numbers, see Set Up Phone Numbers for Your Contact Center in the Amazon Connect Administrator Guide.
When given an instance ARN, ListPhoneNumbersV2 returns only the phone numbers claimed to the instance.
When given a traffic distribution group ARN ListPhoneNumbersV2 returns only the phone numbers claimed to the traffic distribution group.
Lists task templates for the specified Amazon Connect instance.
" }, + "ListTrafficDistributionGroupUsers":{ + "name":"ListTrafficDistributionGroupUsers", + "http":{ + "method":"GET", + "requestUri":"/traffic-distribution-group/{TrafficDistributionGroupId}/user" + }, + "input":{"shape":"ListTrafficDistributionGroupUsersRequest"}, + "output":{"shape":"ListTrafficDistributionGroupUsersResponse"}, + "errors":[ + {"shape":"ResourceNotFoundException"}, + {"shape":"InvalidRequestException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ThrottlingException"}, + {"shape":"InternalServiceException"} + ], + "documentation":"Lists traffic distribution group users.
" + }, "ListTrafficDistributionGroups":{ "name":"ListTrafficDistributionGroups", "http":{ @@ -3256,7 +3311,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalServiceException"} ], - "documentation":"Updates the traffic distribution for a given traffic distribution group.
For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.
" + "documentation":"Updates the traffic distribution for a given traffic distribution group.
You can change the SignInConfig only for a default TrafficDistributionGroup. If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.
For more information about updating a traffic distribution group, see Update telephony traffic distribution across Amazon Web Services Regions in the Amazon Connect Administrator Guide.
" }, "UpdateUserHierarchy":{ "name":"UpdateUserHierarchy", @@ -3467,6 +3522,17 @@ "TIME_SINCE_LAST_INBOUND" ] }, + "AgentConfig":{ + "type":"structure", + "required":["Distributions"], + "members":{ + "Distributions":{ + "shape":"DistributionList", + "documentation":"Information about traffic distributions.
" + } + }, + "documentation":"The distribution of agents between the instance and its replica(s).
" + }, "AgentContactReference":{ "type":"structure", "members":{ @@ -3938,6 +4004,35 @@ } } }, + "AssociateTrafficDistributionGroupUserRequest":{ + "type":"structure", + "required":[ + "TrafficDistributionGroupId", + "UserId", + "InstanceId" + ], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "documentation":"The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "UserId":{ + "shape":"UserId", + "documentation":"The identifier of the user account. This can be the ID or the ARN of the user.
" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
" + } + } + }, + "AssociateTrafficDistributionGroupUserResponse":{ + "type":"structure", + "members":{ + } + }, "AssociationId":{ "type":"string", "max":100, @@ -5185,7 +5280,7 @@ }, "AgentAvailabilityTimer":{ "shape":"AgentAvailabilityTimer", - "documentation":"Whether agents with this routing profile will have their routing order calculated based on time since their last inbound contact or longest idle time.
" + "documentation":"Whether agents with this routing profile will have their routing order calculated based on longest idle time or time since their last inbound contact.
" } } }, @@ -7223,6 +7318,39 @@ } } }, + "DisassociateTrafficDistributionGroupUserRequest":{ + "type":"structure", + "required":[ + "TrafficDistributionGroupId", + "UserId", + "InstanceId" + ], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "documentation":"The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "UserId":{ + "shape":"UserId", + "documentation":"The identifier for the user. This can be the ID or the ARN of the user.
", + "location":"querystring", + "locationName":"UserId" + }, + "InstanceId":{ + "shape":"InstanceId", + "documentation":"The identifier of the Amazon Connect instance. You can find the instance ID in the Amazon Resource Name (ARN) of the instance.
", + "location":"querystring", + "locationName":"InstanceId" + } + } + }, + "DisassociateTrafficDistributionGroupUserResponse":{ + "type":"structure", + "members":{ + } + }, "DismissUserContactRequest":{ "type":"structure", "required":[ @@ -8420,7 +8548,7 @@ }, "UserId":{ "shape":"AgentResourceId", - "documentation":"The identifier for the user.
" + "documentation":"The identifier for the user. This can be the ID or the ARN of the user.
" } } }, @@ -8687,6 +8815,14 @@ "Arn":{ "shape":"TrafficDistributionGroupArn", "documentation":"The Amazon Resource Name (ARN) of the traffic distribution group.
" + }, + "SignInConfig":{ + "shape":"SignInConfig", + "documentation":"The distribution of allowing signing in to the instance and its replica(s).
" + }, + "AgentConfig":{ + "shape":"AgentConfig", + "documentation":"The distribution of agents between the instance and its replica(s).
" } } }, @@ -10998,6 +11134,44 @@ } } }, + "ListTrafficDistributionGroupUsersRequest":{ + "type":"structure", + "required":["TrafficDistributionGroupId"], + "members":{ + "TrafficDistributionGroupId":{ + "shape":"TrafficDistributionGroupIdOrArn", + "documentation":"The identifier of the traffic distribution group. This can be the ID or the ARN if the API is being called in the Region where the traffic distribution group was created. The ARN must be provided if the call is from the replicated Region.
", + "location":"uri", + "locationName":"TrafficDistributionGroupId" + }, + "MaxResults":{ + "shape":"MaxResult10", + "documentation":"The maximum number of results to return per page.
", + "box":true, + "location":"querystring", + "locationName":"maxResults" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"The token for the next set of results. Use the value returned in the previous response in the next request to retrieve the next set of results.
", + "location":"querystring", + "locationName":"nextToken" + } + } + }, + "ListTrafficDistributionGroupUsersResponse":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"If there are additional results, this is the token for the next set of results.
" + }, + "TrafficDistributionGroupUserSummaryList":{ + "shape":"TrafficDistributionGroupUserSummaryList", + "documentation":"A list of traffic distribution group users.
" + } + } + }, "ListTrafficDistributionGroupsRequest":{ "type":"structure", "members":{ @@ -13932,6 +14106,39 @@ "error":{"httpStatusCode":402}, "exception":true }, + "SignInConfig":{ + "type":"structure", + "required":["Distributions"], + "members":{ + "Distributions":{ + "shape":"SignInDistributionList", + "documentation":"Information about traffic distributions.
" + } + }, + "documentation":"The distribution of allowing signing in to the instance and its replica(s).
" + }, + "SignInDistribution":{ + "type":"structure", + "required":[ + "Region", + "Enabled" + ], + "members":{ + "Region":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region of the sign in distribution.
" + }, + "Enabled":{ + "shape":"Boolean", + "documentation":"Whether sign in distribution is enabled.
" + } + }, + "documentation":"The distribution of sign in traffic between the instance and its replica(s).
" + }, + "SignInDistributionList":{ + "type":"list", + "member":{"shape":"SignInDistribution"} + }, "SingleSelectOptions":{ "type":"list", "member":{"shape":"TaskTemplateSingleSelectOption"} @@ -14971,6 +15178,10 @@ "Tags":{ "shape":"TagMap", "documentation":"The tags used to organize, track, or control access for this resource. For example, { \"tags\": {\"key1\":\"value1\", \"key2\":\"value2\"} }.
" + }, + "IsDefault":{ + "shape":"Boolean", + "documentation":"Whether this is the default traffic distribution group created during instance replication. The default traffic distribution group cannot be deleted by the DeleteTrafficDistributionGroup API. The default traffic distribution group is deleted as part of the process for deleting a replica.
You can change the SignInConfig only for a default TrafficDistributionGroup. If you call UpdateTrafficDistribution with a modified SignInConfig and a non-default TrafficDistributionGroup, an InvalidRequestException is returned.
Information about a traffic distribution group.
" @@ -15020,6 +15231,10 @@ "Status":{ "shape":"TrafficDistributionGroupStatus", "documentation":"The status of the traffic distribution group.
CREATION_IN_PROGRESS means the previous CreateTrafficDistributionGroup operation is still in progress and has not yet completed.
ACTIVE means the previous CreateTrafficDistributionGroup operation has succeeded.
CREATION_FAILED indicates that the previous CreateTrafficDistributionGroup operation has failed.
PENDING_DELETION means the previous DeleteTrafficDistributionGroup operation is still in progress and has not yet completed.
DELETION_FAILED means the previous DeleteTrafficDistributionGroup operation has failed.
UPDATE_IN_PROGRESS means the previous UpdateTrafficDistributionGroup operation is still in progress and has not yet completed.
Whether this is the default traffic distribution group created during instance replication. The default traffic distribution group cannot be deleted by the DeleteTrafficDistributionGroup API. The default traffic distribution group is deleted as part of the process for deleting a replica.
Information about traffic distribution groups.
" @@ -15030,6 +15245,22 @@ "max":10, "min":0 }, + "TrafficDistributionGroupUserSummary":{ + "type":"structure", + "members":{ + "UserId":{ + "shape":"UserId", + "documentation":"The identifier for the user. This can be the ID or the ARN of the user.
" + } + }, + "documentation":"Summary information about a traffic distribution group user.
" + }, + "TrafficDistributionGroupUserSummaryList":{ + "type":"list", + "member":{"shape":"TrafficDistributionGroupUserSummary"}, + "max":10, + "min":0 + }, "TrafficType":{ "type":"string", "enum":[ @@ -15059,7 +15290,7 @@ }, "UserId":{ "shape":"AgentResourceId", - "documentation":"The identifier for the user.
" + "documentation":"The identifier for the user. This can be the ID or the ARN of the user.
" }, "ContactFlowId":{ "shape":"ContactFlowId", @@ -16293,6 +16524,14 @@ "TelephonyConfig":{ "shape":"TelephonyConfig", "documentation":"The distribution of traffic between the instance and its replica(s).
" + }, + "SignInConfig":{ + "shape":"SignInConfig", + "documentation":"The distribution of allowing signing in to the instance and its replica(s).
" + }, + "AgentConfig":{ + "shape":"AgentConfig", + "documentation":"The distribution of agents between the instance and its replica(s).
" } } }, diff --git a/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json b/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json index 79fee5593d..78128a590f 100644 --- a/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json +++ b/botocore/data/elbv2/2015-12-01/endpoint-rule-set-1.json @@ -3,7 +3,7 @@ "parameters": { "Region": { "builtIn": "AWS::Region", - "required": true, + "required": false, "documentation": "The AWS region used to dispatch the request.", "type": "String" }, @@ -32,13 +32,12 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "isSet", "argv": [ { - "ref": "Region" + "ref": "Endpoint" } - ], - "assign": "PartitionResult" + ] } ], "type": "tree", @@ -46,14 +45,20 @@ { "conditions": [ { - "fn": "isSet", + "fn": "booleanEquals", "argv": [ { - "ref": "Endpoint" - } + "ref": "UseFIPS" + }, + true ] } ], + "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], "type": "tree", "rules": [ { @@ -62,67 +67,42 @@ "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "ref": "UseDualStack" }, true ] } ], - "error": "Invalid Configuration: FIPS and custom endpoint are not supported", + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", "type": "error" }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" + "endpoint": { + "url": { + "ref": "Endpoint" }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" - }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, + } + ] + }, + { + "conditions": [], + "type": "tree", + "rules": [ { "conditions": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" - }, - true - ] - }, - { - "fn": "booleanEquals", + "fn": "isSet", "argv": [ { - "ref": "UseDualStack" - }, - true + "ref": "Region" + } ] } ], @@ -131,179 +111,240 @@ { "conditions": [ { - "fn": "booleanEquals", + "fn": "aws.partition", "argv": [ - true, { - "fn": "getAttr", + "ref": "Region" + } + ], + "assign": "PartitionResult" + } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, + }, { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } + ] + }, + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, { "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseFIPS" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseFIPS" }, - "supportsFIPS" + true ] } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "stringEquals", + "fn": "booleanEquals", "argv": [ - "aws-us-gov", + true, { "fn": "getAttr", "argv": [ { "ref": "PartitionResult" }, - "name" + "supportsFIPS" ] } ] } ], - "endpoint": { - "url": "https://elasticloadbalancing.{Region}.amazonaws.com", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "stringEquals", + "argv": [ + "aws-us-gov", + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "name" + ] + } + ] + } + ], + "endpoint": { + "url": "https://elasticloadbalancing.{Region}.amazonaws.com", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + }, + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] }, { "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" } ] - } - ] - }, - { - "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" - } - ] - }, - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ { - "fn": "booleanEquals", - "argv": [ - true, + "conditions": [ { - "fn": "getAttr", + "fn": "booleanEquals", "argv": [ { - "ref": "PartitionResult" + "ref": "UseDualStack" }, - "supportsDualStack" + true ] } + ], + "type": "tree", + "rules": [ + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + true, + { + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsDualStack" + ] + } + ] + } + ], + "type": "tree", + "rules": [ + { + "conditions": [], + "type": "tree", + "rules": [ + { + "conditions": [], + "endpoint": { + "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" + } + ] + } + ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" + } ] - } - ], - "type": "tree", - "rules": [ + }, { "conditions": [], "type": "tree", @@ -311,7 +352,7 @@ { "conditions": [], "endpoint": { - "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dualStackDnsSuffix}", + "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}", "properties": {}, "headers": {} }, @@ -320,28 +361,13 @@ ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } ] }, { "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://elasticloadbalancing.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } diff --git a/botocore/data/elbv2/2015-12-01/service-2.json b/botocore/data/elbv2/2015-12-01/service-2.json index d2f143bcde..df77c9e454 100644 --- a/botocore/data/elbv2/2015-12-01/service-2.json +++ b/botocore/data/elbv2/2015-12-01/service-2.json @@ -244,7 +244,7 @@ {"shape":"TargetGroupNotFoundException"}, {"shape":"InvalidTargetException"} ], - "documentation":"Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.
" + "documentation":"Deregisters the specified targets from the specified target group. After the targets are deregistered, they no longer receive traffic from the load balancer.
Note: If the specified target does not exist, the action returns successfully.
" }, "DescribeAccountLimits":{ "name":"DescribeAccountLimits", @@ -646,7 +646,7 @@ {"shape":"InvalidConfigurationRequestException"}, {"shape":"InvalidSecurityGroupException"} ], - "documentation":"Associates the specified security groups with the specified Application Load Balancer. The specified security groups override the previously associated security groups.
You can't specify a security group for a Network Load Balancer or Gateway Load Balancer.
" + "documentation":"Associates the specified security groups with the specified Application Load Balancer or Network Load Balancer. The specified security groups override the previously associated security groups.
You can't perform this operation on a Network Load Balancer unless you specified a security group for the load balancer when you created it.
You can't associate a security group with a Gateway Load Balancer.
" }, "SetSubnets":{ "name":"SetSubnets", @@ -1119,7 +1119,7 @@ }, "SecurityGroups":{ "shape":"SecurityGroups", - "documentation":"[Application Load Balancers] The IDs of the security groups for the load balancer.
" + "documentation":"[Application Load Balancers and Network Load Balancers] The IDs of the security groups for the load balancer.
" }, "Scheme":{ "shape":"LoadBalancerSchemeEnum", @@ -1725,6 +1725,14 @@ }, "exception":true }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{"type":"string"}, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum":{ + "type":"string", + "enum":[ + "on", + "off" + ] + }, "FixedResponseActionConfig":{ "type":"structure", "required":["StatusCode"], @@ -1943,7 +1951,7 @@ "documentation":"The maximum value of the limit.
" } }, - "documentation":"Information about an Elastic Load Balancing resource limit for your Amazon Web Services account.
" + "documentation":"Information about an Elastic Load Balancing resource limit for your Amazon Web Services account.
For more information, see the following:
[Application Load Balancers on Outposts] The ID of the customer-owned address pool.
" + }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{ + "shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic", + "documentation":"Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
" } }, "documentation":"Information about a load balancer.
" @@ -2682,7 +2694,7 @@ "documentation":"Information for a source IP condition. Specify only when Field is source-ip.
Information about a condition for a rule.
Each rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string. Note that the value for a condition cannot be empty.
Information about a condition for a rule.
Each rule can optionally include up to one of each of the following conditions: http-request-method, host-header, path-pattern, and source-ip. Each rule can also optionally include one or more of each of the following conditions: http-header and query-string. Note that the value for a condition cannot be empty.
For more information, see Quotas for your Application Load Balancers.
" }, "RuleConditionList":{ "type":"list", @@ -2803,6 +2815,10 @@ "SecurityGroups":{ "shape":"SecurityGroups", "documentation":"The IDs of the security groups.
" + }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{ + "shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum", + "documentation":"Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink. The default is on.
The IDs of the security groups associated with the load balancer.
" + }, + "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic":{ + "shape":"EnforceSecurityGroupInboundRulesOnPrivateLinkTrafficEnum", + "documentation":"Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through Amazon Web Services PrivateLink.
" } } }, @@ -2833,7 +2853,7 @@ }, "IpAddressType":{ "shape":"IpAddressType", - "documentation":"[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener. .
[Network Load Balancers] The type of IP addresses used by the subnets for your load balancer. The possible values are ipv4 (for IPv4 addresses) and dualstack (for IPv4 and IPv6 addresses). You can’t specify dualstack for a load balancer with a UDP or TCP_UDP listener.
The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If the target type is alb, the targeted Application Load Balancer must have at least one listener whose port matches the target group port. Not used if the target is a Lambda function.
The port on which the target is listening. If the target group protocol is GENEVE, the supported port is 6081. If the target type is alb, the targeted Application Load Balancer must have at least one listener whose port matches the target group port. This parameter is not used if the target is a Lambda function.
The port on which the targets are listening. Not used if the target is a Lambda function.
" + "documentation":"The port on which the targets are listening. This parameter is not used if the target is a Lambda function.
" }, "VpcId":{ "shape":"VpcId", @@ -3080,7 +3100,7 @@ }, "LoadBalancerArns":{ "shape":"LoadBalancerArns", - "documentation":"The Amazon Resource Names (ARN) of the load balancers that route traffic to this target group.
" + "documentation":"The Amazon Resource Name (ARN) of the load balancer that routes traffic to this target group. You can use each target group with only one load balancer.
" }, "TargetType":{ "shape":"TargetTypeEnum", diff --git a/botocore/data/omics/2022-11-28/service-2.json b/botocore/data/omics/2022-11-28/service-2.json index 7dcbf00e0a..1d25521ae1 100644 --- a/botocore/data/omics/2022-11-28/service-2.json +++ b/botocore/data/omics/2022-11-28/service-2.json @@ -4001,6 +4001,10 @@ "gpus":{ "shape":"GetRunTaskResponseGpusInteger", "documentation":"The number of Graphics Processing Units (GPU) specified in the task.
" + }, + "instanceType":{ + "shape":"TaskInstanceType", + "documentation":"The instance type for a task.
" } } }, @@ -4608,7 +4612,7 @@ }, "nextToken":{ "shape":"ListAnnotationImportJobsRequestNextTokenString", - "documentation":"Specify the pagination token from a previous request to retrieve the next page of results.
", + "documentation":"Specifies the pagination token from a previous request to retrieve the next page of results.
", "location":"querystring", "locationName":"nextToken" }, @@ -4644,7 +4648,7 @@ }, "nextToken":{ "shape":"String", - "documentation":"A pagination token that's included if more results are available.
" + "documentation":"Specifies the pagination token from a previous request to retrieve the next page of results.
" } } }, @@ -7460,6 +7464,10 @@ "min":1, "pattern":"[0-9]+" }, + "TaskInstanceType":{ + "type":"string", + "pattern":"[\\p{L}||\\p{M}||\\p{Z}||\\p{S}||\\p{N}||\\p{P}]+" + }, "TaskList":{ "type":"list", "member":{"shape":"TaskListItem"} @@ -7502,6 +7510,10 @@ "gpus":{ "shape":"TaskListItemGpusInteger", "documentation":"The number of Graphics Processing Units (GPU) specified for the task.
" + }, + "instanceType":{ + "shape":"TaskInstanceType", + "documentation":"The instance type for a task.
" } }, "documentation":"A workflow run task.
" diff --git a/botocore/data/secretsmanager/2017-10-17/service-2.json b/botocore/data/secretsmanager/2017-10-17/service-2.json index ef5169e86f..b74b8b2b4d 100644 --- a/botocore/data/secretsmanager/2017-10-17/service-2.json +++ b/botocore/data/secretsmanager/2017-10-17/service-2.json @@ -172,6 +172,7 @@ "output":{"shape":"ListSecretsResponse"}, "errors":[ {"shape":"InvalidParameterException"}, + {"shape":"InvalidRequestException"}, {"shape":"InvalidNextTokenException"}, {"shape":"InternalServiceError"} ], diff --git a/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json b/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json index 6f1477c015..2694e990a7 100644 --- a/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json +++ b/botocore/data/transfer/2018-11-05/endpoint-rule-set-1.json @@ -58,52 +58,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -111,13 +115,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -127,224 +140,175 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsFIPS" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://transfer-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://transfer.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://transfer.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/botocore/data/transfer/2018-11-05/service-2.json b/botocore/data/transfer/2018-11-05/service-2.json index 916b886bef..673f1450cb 100644 --- a/botocore/data/transfer/2018-11-05/service-2.json +++ b/botocore/data/transfer/2018-11-05/service-2.json @@ -65,7 +65,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ThrottlingException"} ], - "documentation":"Creates the connector, which captures the parameters for an outbound connection for the AS2 or SFTP protocol. The connector is required for sending files to an externally hosted AS2 or SFTP server. For more details about AS2 connectors, see Create AS2 connectors.
You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
Creates the connector, which captures the parameters for a connection for the AS2 or SFTP protocol. For AS2, the connector is required for sending files to an externally hosted AS2 server. For SFTP, the connector is required when sending files to an SFTP server or receiving files from an SFTP server. For more details about connectors, see Create AS2 connectors and Create SFTP connectors.
You must specify exactly one configuration object: either for AS2 (As2Config) or SFTP (SftpConfig).
Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.
For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.
For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:
If you are transferring file from a partner's SFTP server to a Transfer Family server, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.
If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.
Begins a file transfer between local Amazon Web Services storage and a remote AS2 or SFTP server.
For an AS2 connector, you specify the ConnectorId and one or more SendFilePaths to identify the files you want to transfer.
For an SFTP connector, the file transfer can be either outbound or inbound. In both cases, you specify the ConnectorId. Depending on the direction of the transfer, you also specify the following items:
If you are transferring file from a partner's SFTP server to Amazon Web Services storage, you specify one or more RetreiveFilePaths to identify the files you want to transfer, and a LocalDirectoryPath to specify the destination folder.
If you are transferring file to a partner's SFTP server from Amazon Web Services storage, you specify one or more SendFilePaths to identify the files you want to transfer, and a RemoteDirectoryPath to specify the destination folder.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
One or more source paths for the Transfer Family server. Each string represents a source file path for one outbound file transfer. For example, DOC-EXAMPLE-BUCKET/myfile.txt .
One or more source paths for the Transfer Family server. Each string represents a source file path for one outbound file transfer. For example, DOC-EXAMPLE-BUCKET/myfile.txt .
Replace DOC-EXAMPLE-BUCKET with one of your actual buckets.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
Connectors are used to send files using either the AS2 or SFTP protocol. For the access role, provide the Amazon Resource Name (ARN) of the Identity and Access Management role to use.
For AS2 connectors
With AS2, you can send files by calling StartFileTransfer and specifying the file paths in the request parameter, SendFilePaths. We use the file’s parent directory (for example, for --send-file-paths /bucket/dir/file.txt, parent directory is /bucket/dir/) to temporarily store a processed AS2 message file, store the MDN when we receive them from the partner, and write a final JSON file containing relevant metadata of the transmission. So, the AccessRole needs to provide read and write access to the parent directory of the file location used in the StartFileTransfer request. Additionally, you need to provide read and write access to the parent directory of the files that you intend to send with StartFileTransfer.
If you are using Basic authentication for your AS2 connector, the access role requires the secretsmanager:GetSecretValue permission for the secret. If the secret is encrypted using a customer-managed key instead of the Amazon Web Services managed key in Secrets Manager, then the role also needs the kms:Decrypt permission for that key.
For SFTP connectors
Make sure that the access role provides read and write access to the parent directory of the file location that's used in the StartFileTransfer request. Additionally, make sure that the role provides secretsmanager:GetSecretValue permission to Secrets Manager.