From 2c7becceb2c63290dc02830b029d17436182d910 Mon Sep 17 00:00:00 2001 From: awssdkgo Date: Fri, 22 Mar 2024 18:20:01 +0000 Subject: [PATCH] Release v1.51.6 (2024-03-22) === ### Service Client Updates * `service/firehose`: Updates service documentation * Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy. * `service/kendra`: Updates service documentation * Documentation update, March 2024. Corrects some docs for Amazon Kendra. * `service/pricing`: Updates service API and documentation * `service/rolesanywhere`: Updates service API and documentation * `service/securityhub`: Updates service API and documentation --- CHANGELOG.md | 12 + aws/version.go | 2 +- models/apis/firehose/2015-08-04/docs-2.json | 4 +- models/apis/kendra/2019-02-03/docs-2.json | 62 +-- models/apis/pricing/2017-10-15/api-2.json | 11 +- models/apis/pricing/2017-10-15/docs-2.json | 6 + .../apis/rolesanywhere/2018-05-10/api-2.json | 4 +- .../apis/rolesanywhere/2018-05-10/docs-2.json | 8 +- .../2018-05-10/endpoint-rule-set-1.json | 366 ++++++++---------- models/apis/securityhub/2018-10-26/api-2.json | 5 +- .../apis/securityhub/2018-10-26/docs-2.json | 7 +- service/firehose/api.go | 14 + service/firehose/doc.go | 2 + service/kendra/api.go | 242 +++++++++--- service/pricing/api.go | 70 ++++ service/pricing/errors.go | 7 + service/rolesanywhere/api.go | 17 +- service/securityhub/api.go | 27 +- service/securityhub/doc.go | 85 ++-- 19 files changed, 578 insertions(+), 373 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9baae1c99e..75e1411bf98 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +Release v1.51.6 (2024-03-22) +=== + +### Service Client Updates +* `service/firehose`: Updates service documentation + * Updates Amazon Firehose documentation for message regarding Enforcing Tags IAM Policy. +* `service/kendra`: Updates service documentation + * Documentation update, March 2024. Corrects some docs for Amazon Kendra. +* `service/pricing`: Updates service API and documentation +* `service/rolesanywhere`: Updates service API and documentation +* `service/securityhub`: Updates service API and documentation + Release v1.51.5 (2024-03-21) === diff --git a/aws/version.go b/aws/version.go index d0276e7a2d6..5bfc33b7fe8 100644 --- a/aws/version.go +++ b/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.51.5" +const SDKVersion = "1.51.6" diff --git a/models/apis/firehose/2015-08-04/docs-2.json b/models/apis/firehose/2015-08-04/docs-2.json index 4cbbe0db2c3..7b11aba1990 100644 --- a/models/apis/firehose/2015-08-04/docs-2.json +++ b/models/apis/firehose/2015-08-04/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "Amazon Data Firehose

Amazon Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other supportd destinations.

", + "service": "Amazon Data Firehose

Amazon Data Firehose was previously known as Amazon Kinesis Data Firehose.

Amazon Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other supportd destinations.

", "operations": { "CreateDeliveryStream": "

Creates a Firehose delivery stream.

By default, you can create up to 50 delivery streams per Amazon Web Services Region.

This is an asynchronous operation that immediately returns. The initial status of the delivery stream is CREATING. After the delivery stream is created, its status is ACTIVE and it now accepts data. If the delivery stream creation fails, the status transitions to CREATING_FAILED. Attempts to send data to a delivery stream that is not in the ACTIVE state cause an exception. To check the state of a delivery stream, use DescribeDeliveryStream.

If the status of a delivery stream is CREATING_FAILED, this status doesn't change, and you can't invoke CreateDeliveryStream again on it. However, you can invoke the DeleteDeliveryStream operation to delete it.

A Firehose delivery stream can be configured to receive records directly from providers using PutRecord or PutRecordBatch, or it can be configured to use an existing Kinesis stream as its source. To specify a Kinesis data stream as input, set the DeliveryStreamType parameter to KinesisStreamAsSource, and provide the Kinesis stream Amazon Resource Name (ARN) and role ARN in the KinesisStreamSourceConfiguration parameter.

To create a delivery stream with server-side encryption (SSE) enabled, include DeliveryStreamEncryptionConfigurationInput in your request. This is optional. You can also invoke StartDeliveryStreamEncryption to turn on SSE for an existing delivery stream that doesn't have SSE enabled.

A delivery stream is configured with a single destination, such as Amazon Simple Storage Service (Amazon S3), Amazon Redshift, Amazon OpenSearch Service, Amazon OpenSearch Serverless, Splunk, and any custom HTTP endpoint or HTTP endpoints owned by or supported by third-party service providers, including Datadog, Dynatrace, LogicMonitor, MongoDB, New Relic, and Sumo Logic. You must specify only one of the following destination configuration parameters: ExtendedS3DestinationConfiguration, S3DestinationConfiguration, ElasticsearchDestinationConfiguration, RedshiftDestinationConfiguration, or SplunkDestinationConfiguration.

When you specify S3DestinationConfiguration, you can also provide the following optional values: BufferingHints, EncryptionConfiguration, and CompressionFormat. By default, if no BufferingHints value is provided, Firehose buffers data up to 5 MB or for 5 minutes, whichever condition is satisfied first. BufferingHints is a hint, so there are some cases where the service cannot adhere to these conditions strictly. For example, record boundaries might be such that the size is a little over or under the configured buffering size. By default, no encryption is performed. We strongly recommend that you enable encryption to ensure secure data storage in Amazon S3.

A few notes about Amazon Redshift as a destination:

Firehose assumes the IAM role that is configured as part of the destination. The role should allow the Firehose principal to assume the role, and the role should have permissions that allow the service to deliver the data. For more information, see Grant Firehose Access to an Amazon S3 Destination in the Amazon Firehose Developer Guide.

", "DeleteDeliveryStream": "

Deletes a delivery stream and its data.

You can delete a delivery stream only if it is in one of the following states: ACTIVE, DELETING, CREATING_FAILED, or DELETING_FAILED. You can't delete a delivery stream that is in the CREATING state. To check the state of a delivery stream, use DescribeDeliveryStream.

DeleteDeliveryStream is an asynchronous API. When an API request to DeleteDeliveryStream succeeds, the delivery stream is marked for deletion, and it goes into the DELETING state.While the delivery stream is in the DELETING state, the service might continue to accept records, but it doesn't make any guarantees with respect to delivering the data. Therefore, as a best practice, first stop any applications that are sending records before you delete a delivery stream.

Removal of a delivery stream that is in the DELETING state is a low priority operation for the service. A stream may remain in the DELETING state for several minutes. Therefore, as a best practice, applications should not wait for streams in the DELETING state to be removed.

", @@ -1722,7 +1722,7 @@ "TagDeliveryStreamInputTagList": { "base": null, "refs": { - "CreateDeliveryStreamInput$Tags": "

A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a delivery stream.

", + "CreateDeliveryStreamInput$Tags": "

A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to Amazon Web Services resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see Using Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User Guide.

You can specify up to 50 tags when creating a delivery stream.

If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose performs an additional authorization on the firehose:TagDeliveryStream action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose delivery streams with IAM resource tags will fail with an AccessDeniedException such as following.

AccessDeniedException

User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.

For an example IAM policy, see Tag example.

", "TagDeliveryStreamInput$Tags": "

A set of key-value pairs to use to create the tags.

" } }, diff --git a/models/apis/kendra/2019-02-03/docs-2.json b/models/apis/kendra/2019-02-03/docs-2.json index 627b8232f9a..ca21b43ae60 100644 --- a/models/apis/kendra/2019-02-03/docs-2.json +++ b/models/apis/kendra/2019-02-03/docs-2.json @@ -21,20 +21,20 @@ "DeleteDataSource": "

Deletes an Amazon Kendra data source connector. An exception is not thrown if the data source is already being deleted. While the data source is being deleted, the Status field returned by a call to the DescribeDataSource API is set to DELETING. For more information, see Deleting Data Sources.

Deleting an entire data source or re-syncing your index after deleting specific documents from a data source could take up to an hour or more, depending on the number of documents you want to delete.

", "DeleteExperience": "

Deletes your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see Building a search experience with no code.

", "DeleteFaq": "

Removes an FAQ from an index.

", - "DeleteIndex": "

Deletes an existing Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the Status field returned by a call to the DescribeIndex API is set to DELETING.

", + "DeleteIndex": "

Deletes an Amazon Kendra index. An exception is not thrown if the index is already being deleted. While the index is being deleted, the Status field returned by a call to the DescribeIndex API is set to DELETING.

", "DeletePrincipalMapping": "

Deletes a group so that all users and sub groups that belong to the group can no longer access documents only available to that group.

For example, after deleting the group \"Summer Interns\", all interns who belonged to that group no longer see intern-only documents in their search results.

If you want to delete or replace users or sub groups of a group, you need to use the PutPrincipalMapping operation. For example, if a user in the group \"Engineering\" leaves the engineering team and another user takes their place, you provide an updated list of users or sub groups that belong to the \"Engineering\" group when calling PutPrincipalMapping. You can update your internal list of users or sub groups and input this list when calling PutPrincipalMapping.

DeletePrincipalMapping is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", "DeleteQuerySuggestionsBlockList": "

Deletes a block list used for query suggestions for an index.

A deleted block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to add back the queries that were previously blocked.

DeleteQuerySuggestionsBlockList is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", - "DeleteThesaurus": "

Deletes an existing Amazon Kendra thesaurus.

", + "DeleteThesaurus": "

Deletes an Amazon Kendra thesaurus.

", "DescribeAccessControlConfiguration": "

Gets information about an access control configuration that you created for your documents in an index. This includes user and group access information for your documents. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents.

", "DescribeDataSource": "

Gets information about an Amazon Kendra data source connector.

", "DescribeExperience": "

Gets information about your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see Building a search experience with no code.

", "DescribeFaq": "

Gets information about an FAQ list.

", "DescribeFeaturedResultsSet": "

Gets information about a set of featured results. Features results are placed above all other results for certain queries. If there's an exact match of a query, then one or more specific documents are featured in the search results.

", - "DescribeIndex": "

Gets information about an existing Amazon Kendra index.

", + "DescribeIndex": "

Gets information about an Amazon Kendra index.

", "DescribePrincipalMapping": "

Describes the processing of PUT and DELETE actions for mapping users to their groups. This includes information on the status of actions currently processing or yet to be processed, when actions were last updated, when actions were received by Amazon Kendra, the latest action that should process and apply after other actions, and useful error messages if an action could not be processed.

DescribePrincipalMapping is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", "DescribeQuerySuggestionsBlockList": "

Gets information about a block list used for query suggestions for an index.

This is used to check the current settings that are applied to a block list.

DescribeQuerySuggestionsBlockList is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", "DescribeQuerySuggestionsConfig": "

Gets information on the settings of query suggestions for an index.

This is used to check the current settings applied to query suggestions.

DescribeQuerySuggestionsConfig is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", - "DescribeThesaurus": "

Gets information about an existing Amazon Kendra thesaurus.

", + "DescribeThesaurus": "

Gets information about an Amazon Kendra thesaurus.

", "DisassociateEntitiesFromExperience": "

Prevents users or groups in your IAM Identity Center identity source from accessing your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see Building a search experience with no code.

", "DisassociatePersonasFromEntities": "

Removes the specific permissions of users or groups in your IAM Identity Center identity source with access to your Amazon Kendra experience. You can create an Amazon Kendra experience such as a search application. For more information on creating a search application experience, see Building a search experience with no code.

", "GetQuerySuggestions": "

Fetches the queries that are suggested to your users.

GetQuerySuggestions is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", @@ -61,10 +61,10 @@ "TagResource": "

Adds the specified tag to the specified index, FAQ, or data source resource. If the tag already exists, the existing value is replaced with the new value.

", "UntagResource": "

Removes a tag from an index, FAQ, or a data source.

", "UpdateAccessControlConfiguration": "

Updates an access control configuration for your documents in an index. This includes user and group access information for your documents. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents.

You can update an access control configuration you created without indexing all of your documents again. For example, your index contains top-secret company documents that only certain employees or users should access. You created an 'allow' access control configuration for one user who recently joined the 'top-secret' team, switching from a team with 'deny' access to top-secret documents. However, the user suddenly returns to their previous team and should no longer have access to top secret documents. You can update the access control configuration to re-configure access control for your documents as circumstances change.

You call the BatchPutDocument API to apply the updated access control configuration, with the AccessControlConfigurationId included in the Document object. If you use an S3 bucket as a data source, you synchronize your data source to apply the AccessControlConfigurationId in the .metadata.json file. Amazon Kendra currently only supports access control configuration for S3 data sources and documents indexed using the BatchPutDocument API.

", - "UpdateDataSource": "

Updates an existing Amazon Kendra data source connector.

", + "UpdateDataSource": "

Updates an Amazon Kendra data source connector.

", "UpdateExperience": "

Updates your Amazon Kendra experience such as a search application. For more information on creating a search application experience, see Building a search experience with no code.

", "UpdateFeaturedResultsSet": "

Updates a set of featured results. Features results are placed above all other results for certain queries. You map specific queries to specific documents for featuring in the results. If a query contains an exact match of a query, then one or more specific documents are featured in the search results.

", - "UpdateIndex": "

Updates an existing Amazon Kendra index.

", + "UpdateIndex": "

Updates an Amazon Kendra index.

", "UpdateQuerySuggestionsBlockList": "

Updates a block list used for query suggestions for an index.

Updates to a block list might not take effect right away. Amazon Kendra needs to refresh the entire suggestions list to apply any updates to the block list. Other changes not related to the block list apply immediately.

If a block list is updating, then you need to wait for the first update to finish before submitting another update.

Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.

UpdateQuerySuggestionsBlockList is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", "UpdateQuerySuggestionsConfig": "

Updates the settings of query suggestions for an index.

Amazon Kendra supports partial updates, so you only need to provide the fields you want to update.

If an update is currently processing, you need to wait for the update to finish before making another update.

Updates to query suggestions settings might not take effect right away. The time for your updated settings to take effect depends on the updates made and the number of search queries in your index.

You can still enable/disable query suggestions at any time.

UpdateQuerySuggestionsConfig is currently not supported in the Amazon Web Services GovCloud (US-West) region.

", "UpdateThesaurus": "

Updates a thesaurus for an index.

" @@ -146,7 +146,7 @@ "AlfrescoConfiguration": { "base": "

Provides the configuration information to connect to Alfresco as your data source.

Support for AlfrescoConfiguration ended May 2023. We recommend migrating to or using the Alfresco data source template schema / TemplateConfiguration API.

", "refs": { - "DataSourceConfiguration$AlfrescoConfiguration": "

Provides the configuration information to connect to Alfresco as your data source.

Support for AlfrescoConfiguration ended May 2023. We recommend migrating to or using the Alfresco data source template schema / TemplateConfiguration API.

" + "DataSourceConfiguration$AlfrescoConfiguration": "

Provides the configuration information to connect to Alfresco as your data source.

Support for AlfrescoConfiguration ended May 2023. We recommend migrating to or using the Alfresco data source template schema / TemplateConfiguration API.

" } }, "AlfrescoEntity": { @@ -864,8 +864,8 @@ "QuipConfiguration$InclusionPatterns": "

A list of regular expression patterns to include certain files in your Quip file system. Files that match the patterns are included in the index. Files that don't match the patterns are excluded from the index. If a file matches both an inclusion pattern and an exclusion pattern, the exclusion pattern takes precedence, and the file isn't included in the index.

", "QuipConfiguration$ExclusionPatterns": "

A list of regular expression patterns to exclude certain files in your Quip file system. Files that match the patterns are excluded from the index. Files that don’t match the patterns are included in the index. If a file matches both an inclusion pattern and an exclusion pattern, the exclusion pattern takes precedence, and the file isn't included in the index.

", "S3DataSourceConfiguration$InclusionPrefixes": "

A list of S3 prefixes for the documents that should be included in the index.

", - "S3DataSourceConfiguration$InclusionPatterns": "

A list of glob patterns for documents that should be indexed. If a document that matches an inclusion pattern also matches an exclusion pattern, the document is not indexed.

Some examples are:

", - "S3DataSourceConfiguration$ExclusionPatterns": "

A list of glob patterns for documents that should not be indexed. If a document that matches an inclusion prefix or inclusion pattern also matches an exclusion pattern, the document is not indexed.

Some examples are:

", + "S3DataSourceConfiguration$InclusionPatterns": "

A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to include in your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:

For more examples, see Use of Exclude and Include Filters in the Amazon Web Services CLI Command Reference.

", + "S3DataSourceConfiguration$ExclusionPatterns": "

A list of glob patterns (patterns that can expand a wildcard pattern into a list of path names that match the given pattern) for certain file names and file types to exclude from your index. If a document matches both an inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence and the document is not indexed. Examples of glob patterns include:

For more examples, see Use of Exclude and Include Filters in the Amazon Web Services CLI Command Reference.

", "SalesforceConfiguration$IncludeAttachmentFilePatterns": "

A list of regular expression patterns to include certain documents in your Salesforce. Documents that match the patterns are included in the index. Documents that don't match the patterns are excluded from the index. If a document matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the document isn't included in the index.

The pattern is applied to the name of the attached file.

", "SalesforceConfiguration$ExcludeAttachmentFilePatterns": "

A list of regular expression patterns to exclude certain documents in your Salesforce. Documents that match the patterns are excluded from the index. Documents that don't match the patterns are included in the index. If a document matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the document isn't included in the index.

The pattern is applied to the name of the attached file.

", "ServiceNowKnowledgeArticleConfiguration$IncludeAttachmentFilePatterns": "

A list of regular expression patterns applied to include knowledge article attachments. Attachments that match the patterns are included in the index. Items that don't match the patterns are excluded from the index. If an item matches both an inclusion and exclusion pattern, the exclusion pattern takes precedence and the item isn't included in the index.

", @@ -1413,7 +1413,7 @@ "DocumentMetadataBoolean": { "base": null, "refs": { - "Relevance$Freshness": "

Indicates that this field determines how \"fresh\" a document is. For example, if document 1 was created on November 5, and document 2 was created on October 31, document 1 is \"fresher\" than document 2. You can only set the Freshness field on one DATE type field. Only applies to DATE fields.

" + "Relevance$Freshness": "

Indicates that this field determines how \"fresh\" a document is. For example, if document 1 was created on November 5, and document 2 was created on October 31, document 1 is \"fresher\" than document 2. Only applies to DATE fields.

" } }, "DocumentMetadataConfiguration": { @@ -1963,9 +1963,9 @@ } }, "FsxConfiguration": { - "base": "

Provides the configuration information to connect to Amazon FSx as your data source.

", + "base": "

Provides the configuration information to connect to Amazon FSx as your data source.

Amazon Kendra now supports an upgraded Amazon FSx Windows connector.

You must now use the TemplateConfiguration object instead of the FsxConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won't be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

", "refs": { - "DataSourceConfiguration$FsxConfiguration": "

Provides the configuration information to connect to Amazon FSx as your data source.

" + "DataSourceConfiguration$FsxConfiguration": "

Provides the configuration information to connect to Amazon FSx as your data source.

Amazon Kendra now supports an upgraded Amazon FSx Windows connector.

You must now use the TemplateConfiguration object instead of the FsxConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won't be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

" } }, "FsxFileSystemType": { @@ -1995,9 +1995,9 @@ } }, "GitHubConfiguration": { - "base": "

Provides the configuration information to connect to GitHub as your data source.

", + "base": "

Provides the configuration information to connect to GitHub as your data source.

Amazon Kendra now supports an upgraded GitHub connector.

You must now use the TemplateConfiguration object instead of the GitHubConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won’t be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

", "refs": { - "DataSourceConfiguration$GitHubConfiguration": "

Provides the configuration information to connect to GitHub as your data source.

" + "DataSourceConfiguration$GitHubConfiguration": "

Provides the configuration information to connect to GitHub as your data source.

Amazon Kendra now supports an upgraded GitHub connector.

You must now use the TemplateConfiguration object instead of the GitHubConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won’t be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

" } }, "GitHubDocumentCrawlProperties": { @@ -2230,7 +2230,7 @@ "CreateIndexRequest$Name": "

A name for the index.

", "DescribeIndexResponse$Name": "

The name of the index.

", "IndexConfigurationSummary$Name": "

The name of the index.

", - "UpdateIndexRequest$Name": "

The name of the index you want to update.

" + "UpdateIndexRequest$Name": "

A new name for the index.

" } }, "IndexStatistics": { @@ -2798,7 +2798,7 @@ "Order": { "base": null, "refs": { - "Relevance$RankOrder": "

Determines how values should be interpreted.

When the RankOrder field is ASCENDING, higher numbers are better. For example, a document with a rating score of 10 is higher ranking than a document with a rating score of 1.

When the RankOrder field is DESCENDING, lower numbers are better. For example, in a task tracking application, a priority 1 task is more important than a priority 5 task.

Only applies to LONG and DOUBLE fields.

" + "Relevance$RankOrder": "

Determines how values should be interpreted.

When the RankOrder field is ASCENDING, higher numbers are better. For example, a document with a rating score of 10 is higher ranking than a document with a rating score of 1.

When the RankOrder field is DESCENDING, lower numbers are better. For example, in a task tracking application, a priority 1 task is more important than a priority 5 task.

Only applies to LONG fields.

" } }, "OrganizationId": { @@ -2810,7 +2810,7 @@ "OrganizationName": { "base": null, "refs": { - "OnPremiseConfiguration$OrganizationName": "

The name of the organization of the GitHub Enterprise Server (in-premise) account you want to connect to. You can find your organization name by logging into GitHub desktop and selecting Your organizations under your profile picture dropdown.

", + "OnPremiseConfiguration$OrganizationName": "

The name of the organization of the GitHub Enterprise Server (on-premises) account you want to connect to. You can find your organization name by logging into GitHub desktop and selecting Your organizations under your profile picture dropdown.

", "SaaSConfiguration$OrganizationName": "

The name of the organization of the GitHub Enterprise Cloud (SaaS) account you want to connect to. You can find your organization name by logging into GitHub desktop and selecting Your organizations under your profile picture dropdown.

" } }, @@ -3029,9 +3029,9 @@ "base": null, "refs": { "ConflictingItem$QueryText": "

The text of the conflicting query.

", - "QueryRequest$QueryText": "

The input query text for the search. Amazon Kendra truncates queries at 30 token words, which excludes punctuation and stop words. Truncation still applies if you use Boolean or more advanced, complex queries.

", + "QueryRequest$QueryText": "

The input query text for the search. Amazon Kendra truncates queries at 30 token words, which excludes punctuation and stop words. Truncation still applies if you use Boolean or more advanced, complex queries. For example, Timeoff AND October AND Category:HR is counted as 3 tokens: timeoff, october, hr. For more information, see Searching with advanced query syntax in the Amazon Kendra Developer Guide.

", "QueryTextList$member": null, - "RetrieveRequest$QueryText": "

The input query text to retrieve relevant passages for the search. Amazon Kendra truncates queries at 30 token words, which excludes punctuation and stop words. Truncation still applies if you use Boolean or more advanced, complex queries.

" + "RetrieveRequest$QueryText": "

The input query text to retrieve relevant passages for the search. Amazon Kendra truncates queries at 30 token words, which excludes punctuation and stop words. Truncation still applies if you use Boolean or more advanced, complex queries. For example, Timeoff AND October AND Category:HR is counted as 3 tokens: timeoff, october, hr. For more information, see Searching with advanced query syntax in the Amazon Kendra Developer Guide.

" } }, "QueryTextList": { @@ -3118,7 +3118,7 @@ "ClickFeedback$ResultId": "

The identifier of the search result that was clicked.

", "ExpandedResultItem$Id": "

The identifier for the expanded result.

", "FeaturedResultsItem$Id": "

The identifier of the featured result.

", - "QueryResultItem$Id": "

The identifier for the query result.

", + "QueryResultItem$Id": "

The unique identifier for the query result item id (Id) and the query result item document id (DocumentId) combined. The value of this field changes with every request, even when you have the same documents.

", "RelevanceFeedback$ResultId": "

The identifier of the search result that the user provided relevance feedback for.

", "RetrieveResultItem$Id": "

The identifier of the relevant passage result.

", "Suggestion$Id": "

The UUID (universally unique identifier) of a single query suggestion.

" @@ -3160,7 +3160,7 @@ "DescribeDataSourceResponse$RoleArn": "

The Amazon Resource Name (ARN) of the role with permission to access the data source and required resources.

", "DescribeExperienceResponse$RoleArn": "

Shows the Amazon Resource Name (ARN) of a role with permission to access Query API, QuerySuggestions API, SubmitFeedback API, and IAM Identity Center that stores your user and group information.

", "DescribeFaqResponse$RoleArn": "

The Amazon Resource Name (ARN) of the role that provides access to the S3 bucket containing the input files for the FAQ.

", - "DescribeIndexResponse$RoleArn": "

The Amazon Resource Name (ARN) of the IAM role that gives Amazon Kendra permission to write to your Amazon Cloudwatch logs.

", + "DescribeIndexResponse$RoleArn": "

The Amazon Resource Name (ARN) of the IAM role that gives Amazon Kendra permission to write to your Amazon CloudWatch logs.

", "DescribeQuerySuggestionsBlockListResponse$RoleArn": "

The IAM (Identity and Access Management) role used by Amazon Kendra to access the block list text file in S3.

The role needs S3 read permissions to your file in S3 and needs to give STS (Security Token Service) assume role permissions to Amazon Kendra.

", "DescribeThesaurusResponse$RoleArn": "

An IAM role that gives Amazon Kendra permissions to access thesaurus file specified in SourceS3Path.

", "JwtTokenTypeConfiguration$SecretManagerArn": "

The Amazon Resource Name (arn) of the secret.

", @@ -3181,9 +3181,9 @@ } }, "S3DataSourceConfiguration": { - "base": "

Provides the configuration information to connect to an Amazon S3 bucket.

", + "base": "

Provides the configuration information to connect to an Amazon S3 bucket.

Amazon Kendra now supports an upgraded Amazon S3 connector.

You must now use the TemplateConfiguration object instead of the S3DataSourceConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won't be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

", "refs": { - "DataSourceConfiguration$S3Configuration": "

Provides the configuration information to connect to an Amazon S3 bucket as your data source.

" + "DataSourceConfiguration$S3Configuration": "

Provides the configuration information to connect to an Amazon S3 bucket as your data source.

Amazon Kendra now supports an upgraded Amazon S3 connector.

You must now use the TemplateConfiguration object instead of the S3DataSourceConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won't be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

" } }, "S3ObjectKey": { @@ -3385,7 +3385,7 @@ "base": "

Provides the identifier of the KMS key used to encrypt data indexed by Amazon Kendra. Amazon Kendra doesn't support asymmetric keys.

", "refs": { "CreateIndexRequest$ServerSideEncryptionConfiguration": "

The identifier of the KMS customer managed key (CMK) that's used to encrypt data indexed by Amazon Kendra. Amazon Kendra doesn't support asymmetric CMKs.

", - "DescribeIndexResponse$ServerSideEncryptionConfiguration": "

The identifier of the KMScustomer master key (CMK) that is used to encrypt your data. Amazon Kendra doesn't support asymmetric CMKs.

" + "DescribeIndexResponse$ServerSideEncryptionConfiguration": "

The identifier of the KMS customer master key (CMK) that is used to encrypt your data. Amazon Kendra doesn't support asymmetric CMKs.

" } }, "ServiceNowAuthenticationType": { @@ -3502,9 +3502,9 @@ } }, "SlackConfiguration": { - "base": "

Provides the configuration information to connect to Slack as your data source.

", + "base": "

Provides the configuration information to connect to Slack as your data source.

Amazon Kendra now supports an upgraded Slack connector.

You must now use the TemplateConfiguration object instead of the SlackConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won’t be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

", "refs": { - "DataSourceConfiguration$SlackConfiguration": "

Provides the configuration information to connect to Slack as your data source.

" + "DataSourceConfiguration$SlackConfiguration": "

Provides the configuration information to connect to Slack as your data source.

Amazon Kendra now supports an upgraded Slack connector.

You must now use the TemplateConfiguration object instead of the SlackConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won't be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

" } }, "SlackEntity": { @@ -3947,7 +3947,7 @@ "DescribeFaqResponse$CreatedAt": "

The Unix timestamp when the FAQ was created.

", "DescribeFaqResponse$UpdatedAt": "

The Unix timestamp when the FAQ was last updated.

", "DescribeIndexResponse$CreatedAt": "

The Unix timestamp when the index was created.

", - "DescribeIndexResponse$UpdatedAt": "

The Unix when the index was last updated.

", + "DescribeIndexResponse$UpdatedAt": "

The Unix timestamp when the index was last updated.

", "DescribeQuerySuggestionsBlockListResponse$CreatedAt": "

The Unix timestamp when a block list for query suggestions was created.

", "DescribeQuerySuggestionsBlockListResponse$UpdatedAt": "

The Unix timestamp when a block list for query suggestions was last updated.

", "DescribeQuerySuggestionsConfigResponse$LastSuggestionsBuildTime": "

The Unix timestamp when query suggestions for an index was last updated.

Amazon Kendra automatically updates suggestions every 24 hours, after you change a setting or after you apply a block list.

", @@ -4103,9 +4103,9 @@ "UserGroupResolutionConfiguration": { "base": "

Provides the configuration information to get users and groups from an IAM Identity Center identity source. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents. You can also use the PutPrincipalMapping API to map users to their groups so that you only need to provide the user ID when you issue the query.

To set up an IAM Identity Center identity source in the console to use with Amazon Kendra, see Getting started with an IAM Identity Center identity source. You must also grant the required permissions to use IAM Identity Center with Amazon Kendra. For more information, see IAM roles for IAM Identity Center.

Amazon Kendra currently does not support using UserGroupResolutionConfiguration with an Amazon Web Services organization member account for your IAM Identity Center identify source. You must create your index in the management account for the organization in order to use UserGroupResolutionConfiguration.

", "refs": { - "CreateIndexRequest$UserGroupResolutionConfiguration": "

Gets users and groups from IAM Identity Center identity source. To configure this, see UserGroupResolutionConfiguration.

", - "DescribeIndexResponse$UserGroupResolutionConfiguration": "

Whether you have enabled the configuration for fetching access levels of groups and users from an IAM Identity Center identity source.

", - "UpdateIndexRequest$UserGroupResolutionConfiguration": "

Enables fetching access levels of groups and users from an IAM Identity Center identity source. To configure this, see UserGroupResolutionConfiguration.

" + "CreateIndexRequest$UserGroupResolutionConfiguration": "

Gets users and groups from IAM Identity Center identity source. To configure this, see UserGroupResolutionConfiguration. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents.

", + "DescribeIndexResponse$UserGroupResolutionConfiguration": "

Whether you have enabled IAM Identity Center identity source for your users and groups. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents.

", + "UpdateIndexRequest$UserGroupResolutionConfiguration": "

Gets users and groups from IAM Identity Center identity source. To configure this, see UserGroupResolutionConfiguration. This is useful for user context filtering, where search results are filtered based on the user or their group access to documents.

" } }, "UserGroupResolutionMode": { @@ -4154,7 +4154,7 @@ "ValueImportanceMap": { "base": null, "refs": { - "Relevance$ValueImportanceMap": "

A list of values that should be given a different boost when they appear in the result list. For example, if you are boosting a field called \"department,\" query terms that match the department field are boosted in the result. However, you can add entries from the department field to boost documents with those values higher.

For example, you can add entries to the map with names of departments. If you add \"HR\",5 and \"Legal\",3 those departments are given special attention when they appear in the metadata of a document. When those terms appear they are given the specified importance instead of the regular importance for the boost.

" + "Relevance$ValueImportanceMap": "

A list of values that should be given a different boost when they appear in the result list. For example, if you are boosting a field called \"department\", query terms that match the department field are boosted in the result. However, you can add entries from the department field to boost documents with those values higher.

For example, you can add entries to the map with names of departments. If you add \"HR\",5 and \"Legal\",3 those departments are given special attention when they appear in the metadata of a document. When those terms appear they are given the specified importance instead of the regular importance for the boost.

" } }, "ValueImportanceMapKey": { diff --git a/models/apis/pricing/2017-10-15/api-2.json b/models/apis/pricing/2017-10-15/api-2.json index 3c9d439e8ab..9008e7ee954 100644 --- a/models/apis/pricing/2017-10-15/api-2.json +++ b/models/apis/pricing/2017-10-15/api-2.json @@ -61,7 +61,8 @@ {"shape":"NotFoundException"}, {"shape":"AccessDeniedException"}, {"shape":"InternalErrorException"}, - {"shape":"ThrottlingException"} + {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"} ] }, "GetProducts":{ @@ -96,6 +97,7 @@ {"shape":"AccessDeniedException"}, {"shape":"InternalErrorException"}, {"shape":"ThrottlingException"}, + {"shape":"ResourceNotFoundException"}, {"shape":"ExpiredNextTokenException"} ] } @@ -333,6 +335,13 @@ "max":255, "min":1 }, + "ResourceNotFoundException":{ + "type":"structure", + "members":{ + "Message":{"shape":"errorMessage"} + }, + "exception":true + }, "Service":{ "type":"structure", "required":["ServiceCode"], diff --git a/models/apis/pricing/2017-10-15/docs-2.json b/models/apis/pricing/2017-10-15/docs-2.json index 19b1e4f94c9..6cae3ae9287 100644 --- a/models/apis/pricing/2017-10-15/docs-2.json +++ b/models/apis/pricing/2017-10-15/docs-2.json @@ -197,6 +197,11 @@ "PriceList$RegionCode": "

This is used to filter the Price List by Amazon Web Services Region. For example, to get the price list only for the US East (N. Virginia) Region, use us-east-1. If nothing is specified, you retrieve price lists for all applicable Regions. The available RegionCode list can be retrieved from GetAttributeValues API.

" } }, + "ResourceNotFoundException": { + "base": "

The requested resource can't be found.

", + "refs": { + } + }, "Service": { "base": "

The metadata for a service, such as the service code and available attribute names.

", "refs": { @@ -262,6 +267,7 @@ "InvalidNextTokenException$Message": null, "InvalidParameterException$Message": null, "NotFoundException$Message": null, + "ResourceNotFoundException$Message": null, "ThrottlingException$Message": null } } diff --git a/models/apis/rolesanywhere/2018-05-10/api-2.json b/models/apis/rolesanywhere/2018-05-10/api-2.json index 825f9748194..b96623c3bc7 100644 --- a/models/apis/rolesanywhere/2018-05-10/api-2.json +++ b/models/apis/rolesanywhere/2018-05-10/api-2.json @@ -461,7 +461,7 @@ "CreateProfileRequestDurationSecondsInteger":{ "type":"integer", "box":true, - "max":3600, + "max":43200, "min":900 }, "CreateTrustAnchorRequest":{ @@ -1085,7 +1085,7 @@ "UpdateProfileRequestDurationSecondsInteger":{ "type":"integer", "box":true, - "max":3600, + "max":43200, "min":900 }, "UpdateProfileRequestSessionPolicyString":{ diff --git a/models/apis/rolesanywhere/2018-05-10/docs-2.json b/models/apis/rolesanywhere/2018-05-10/docs-2.json index 7d0827b20d8..c4820e70908 100644 --- a/models/apis/rolesanywhere/2018-05-10/docs-2.json +++ b/models/apis/rolesanywhere/2018-05-10/docs-2.json @@ -17,7 +17,7 @@ "GetProfile": "

Gets a profile.

Required permissions: rolesanywhere:GetProfile.

", "GetSubject": "

Gets a subject, which associates a certificate identity with authentication attempts. The subject stores auditing information such as the status of the last authentication attempt, the certificate data used in the attempt, and the last time the associated identity attempted authentication.

Required permissions: rolesanywhere:GetSubject.

", "GetTrustAnchor": "

Gets a trust anchor.

Required permissions: rolesanywhere:GetTrustAnchor.

", - "ImportCrl": "

Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA). IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:ImportCrl.

", + "ImportCrl": "

Imports the certificate revocation list (CRL). A CRL is a list of certificates that have been revoked by the issuing certificate Authority (CA).In order to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere validates against the CRL before issuing credentials.

Required permissions: rolesanywhere:ImportCrl.

", "ListCrls": "

Lists all certificate revocation lists (CRL) in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListCrls.

", "ListProfiles": "

Lists all profiles in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListProfiles.

", "ListSubjects": "

Lists the subjects in the authenticated account and Amazon Web Services Region.

Required permissions: rolesanywhere:ListSubjects.

", @@ -79,7 +79,7 @@ "CreateProfileRequestDurationSecondsInteger": { "base": null, "refs": { - "CreateProfileRequest$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + "CreateProfileRequest$durationSeconds": "

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details.

" } }, "CreateTrustAnchorRequest": { @@ -162,7 +162,7 @@ "base": null, "refs": { "ListRequest$pageSize": "

The number of resources in the paginated list.

", - "ProfileDetail$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + "ProfileDetail$durationSeconds": "

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details.

" } }, "ListCrlsResponse": { @@ -588,7 +588,7 @@ "UpdateProfileRequestDurationSecondsInteger": { "base": null, "refs": { - "UpdateProfileRequest$durationSeconds": "

The number of seconds the vended session credentials are valid for.

" + "UpdateProfileRequest$durationSeconds": "

Used to determine how long sessions vended using this profile are valid for. See the Expiration section of the CreateSession API documentation page for more details.

" } }, "UpdateProfileRequestSessionPolicyString": { diff --git a/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json b/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json index 8c80f513d77..8f0a912dd04 100644 --- a/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json +++ b/models/apis/rolesanywhere/2018-05-10/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -58,293 +57,258 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, { - "conditions": [], - "type": "tree", + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ { - "ref": "UseFIPS" + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] }, true ] } ], - "type": "tree", "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } - ] - } - ] - }, { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://rolesanywhere-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] + ], + "type": "tree" }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ], + "type": "tree" + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://rolesanywhere.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], - "type": "tree", + ], "rules": [ { "conditions": [], "endpoint": { - "url": "https://rolesanywhere.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://rolesanywhere.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "endpoint": { + "url": "https://rolesanywhere.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } - ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" + ], + "type": "tree" } - ] + ], + "type": "tree" + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index cfc85480974..57277443043 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -9169,9 +9169,9 @@ "members":{ "Gte":{"shape":"Double"}, "Lte":{"shape":"Double"}, - "Eq":{"shape":"Double"}, "Gt":{"shape":"Double"}, - "Lt":{"shape":"Double"} + "Lt":{"shape":"Double"}, + "Eq":{"shape":"Double"} } }, "NumberFilterList":{ @@ -10832,6 +10832,7 @@ "FixAvailable":{"shape":"VulnerabilityFixAvailable"}, "EpssScore":{"shape":"Double"}, "ExploitAvailable":{"shape":"VulnerabilityExploitAvailable"}, + "LastKnownExploitAt":{"shape":"NonEmptyString"}, "CodeVulnerabilities":{"shape":"VulnerabilityCodeVulnerabilitiesList"} } }, diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index 10d13207f36..c1858b4a4b8 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -1,6 +1,6 @@ { "version": "2.0", - "service": "

Security Hub provides you with a comprehensive view of your security state in Amazon Web Services and helps you assess your Amazon Web Services environment against security industry standards and best practices.

Security Hub collects security data across Amazon Web Services accounts, Amazon Web Services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues.

To help you manage the security state of your organization, Security Hub supports multiple security standards. These include the Amazon Web Services Foundational Security Best Practices (FSBP) standard developed by Amazon Web Services, and external compliance frameworks such as the Center for Internet Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), and the National Institute of Standards and Technology (NIST). Each standard includes several security controls, each of which represents a security best practice. Security Hub runs checks against security controls and generates control findings to help you assess your compliance against security best practices.

In addition to generating control findings, Security Hub also receives findings from other Amazon Web Services, such as Amazon GuardDuty and Amazon Inspector, and supported third-party products. This gives you a single pane of glass into a variety of security-related issues. You can also send Security Hub findings to other Amazon Web Services and supported third-party products.

Security Hub offers automation features that help you triage and remediate security issues. For example, you can use automation rules to automatically update critical findings when a security check fails. You can also leverage the integration with Amazon EventBridge to trigger automatic responses to specific findings.

This guide, the Security Hub API Reference, provides information about the Security Hub API. This includes supported resources, HTTP methods, parameters, and schemas. If you're new to Security Hub, you might find it helpful to also review the Security Hub User Guide . The user guide explains key concepts and provides procedures that demonstrate how to use Security Hub features. It also provides information about topics such as integrating Security Hub with other Amazon Web Services.

In addition to interacting with Security Hub by making calls to the Security Hub API, you can use a current version of an Amazon Web Services command line tool or SDK. Amazon Web Services provides tools and SDKs that consist of libraries and sample code for various languages and platforms, such as PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide convenient, programmatic access to Security Hub and other Amazon Web Services . They also handle tasks such as signing requests, managing errors, and retrying requests automatically. For information about installing and using the Amazon Web Services tools and SDKs, see Tools to Build on Amazon Web Services.

With the exception of operations that are related to central configuration, Security Hub API requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, call the same API operation in each Region in which you want to apply the change. When you use central configuration, API requests for enabling Security Hub, standards, and controls are executed in the home Region and all linked Regions. For a list of central configuration operations, see the Central configuration terms and concepts section of the Security Hub User Guide.

The following throttling limits apply to Security Hub API operations.

", + "service": "

Security Hub provides you with a comprehensive view of the security state of your Amazon Web Services environment and resources. It also provides you with the readiness status of your environment based on controls from supported security standards. Security Hub collects security data from Amazon Web Services accounts, services, and integrated third-party products and helps you analyze security trends in your environment to identify the highest priority security issues. For more information about Security Hub, see the Security Hub User Guide .

When you use operations in the Security Hub API, the requests are executed only in the Amazon Web Services Region that is currently active or in the specific Amazon Web Services Region that you specify in your request. Any configuration or settings change that results from the operation is applied only to that Region. To make the same change in other Regions, run the same command for each Region in which you want to apply the change.

For example, if your Region is set to us-west-2, when you use CreateMembers to add a member account to Security Hub, the association of the member account with the administrator account is created only in the us-west-2 Region. Security Hub must be enabled for the member account in the same Region that the invitation was sent from.

The following throttling limits apply to using Security Hub API operations.

", "operations": { "AcceptAdministratorInvitation": "

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

", "AcceptInvitation": "

This method is deprecated. Instead, use AcceptAdministratorInvitation.

The Security Hub console continues to use AcceptInvitation. It will eventually change to use AcceptAdministratorInvitation. Any IAM policies that specifically control access to this function must continue to use AcceptInvitation. You should also add AcceptAdministratorInvitation to your policies to ensure that the correct permissions are in place after the console begins to use AcceptAdministratorInvitation.

Accepts the invitation to be a member account and be monitored by the Security Hub administrator account that the invitation was sent from.

This operation is only used by member accounts that are not added through Organizations.

When the member account accepts the invitation, permission is granted to the administrator account to view findings generated in the member account.

", @@ -5218,9 +5218,9 @@ "GeoLocation$Lat": "

The latitude of the location.

", "NumberFilter$Gte": "

The greater-than-equal condition to be applied to a single field when querying for findings.

", "NumberFilter$Lte": "

The less-than-equal condition to be applied to a single field when querying for findings.

", - "NumberFilter$Eq": "

The equal-to condition to be applied to a single field when querying for findings.

", "NumberFilter$Gt": "

The greater-than condition to be applied to a single field when querying for findings.

", "NumberFilter$Lt": "

The less-than condition to be applied to a single field when querying for findings.

", + "NumberFilter$Eq": "

The equal-to condition to be applied to a single field when querying for findings.

", "ParameterValue$Double": "

A control parameter that is a double.

", "Severity$Product": "

Deprecated. This attribute isn't included in findings. Instead of providing Product, provide Original.

The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.

", "SeverityUpdate$Product": "

The native severity as defined by the Amazon Web Services service or integrated partner product that generated the finding.

", @@ -8012,6 +8012,7 @@ "VpcInfoCidrBlockSetDetails$CidrBlock": "

The IPv4 CIDR block for the VPC.

", "VpcInfoIpv6CidrBlockSetDetails$Ipv6CidrBlock": "

The IPv6 CIDR block for the VPC.

", "Vulnerability$Id": "

The identifier of the vulnerability.

", + "Vulnerability$LastKnownExploitAt": "

The date and time of the last exploit associated with a finding discovered in your environment.

", "VulnerabilityCodeVulnerabilities$SourceArn": "

The Amazon Resource Name (ARN) of the Lambda layer in which the code vulnerability is located.

", "VulnerabilityVendor$Name": "

The name of the vendor.

", "VulnerabilityVendor$Url": "

The URL of the vulnerability advisory.

", @@ -8089,7 +8090,7 @@ "AwsLambdaFunctionDetails$Architectures": "

The instruction set architecture that the function uses. Valid values are x86_64 or arm64.

", "AwsLambdaFunctionVpcConfig$SecurityGroupIds": "

A list of VPC security groups IDs.

", "AwsLambdaFunctionVpcConfig$SubnetIds": "

A list of VPC subnet IDs.

", - "AwsLambdaLayerVersionDetails$CompatibleRuntimes": "

The layer's compatible function runtimes.

The following list includes deprecated runtimes. For more information, see Runtime deprecation policy in the Lambda Developer Guide.

Array Members: Maximum number of 5 items.

Valid Values: nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | nodejs12.x | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 | dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 | ruby2.7 | provided | provided.al2 | nodejs18.x | python3.10 | java17 | ruby3.2 | python3.11 | nodejs20.x | provided.al2023 | python3.12 | java21

", + "AwsLambdaLayerVersionDetails$CompatibleRuntimes": "

The layer's compatible runtimes. Maximum number of five items.

Valid values: nodejs10.x | nodejs12.x | java8 | java11 | python2.7 | python3.6 | python3.7 | python3.8 | dotnetcore1.0 | dotnetcore2.1 | go1.x | ruby2.5 | provided

", "AwsOpenSearchServiceDomainVpcOptionsDetails$SecurityGroupIds": "

The list of security group IDs that are associated with the VPC endpoints for the domain.

", "AwsOpenSearchServiceDomainVpcOptionsDetails$SubnetIds": "

A list of subnet IDs that are associated with the VPC endpoints for the domain.

", "AwsRdsDbClusterSnapshotDbClusterSnapshotAttribute$AttributeValues": "

The value(s) for the manual DB cluster snapshot attribute. If the AttributeName field is set to restore, then this element returns a list of IDs of the Amazon Web Services accounts that are authorized to copy or restore the manual DB cluster snapshot. If a value of all is in the list, then the manual DB cluster snapshot is public and available for any Amazon Web Services account to copy or restore.

", diff --git a/service/firehose/api.go b/service/firehose/api.go index a6a7326c237..f5ac526bc8a 100644 --- a/service/firehose/api.go +++ b/service/firehose/api.go @@ -3011,6 +3011,20 @@ type CreateDeliveryStreamInput struct { // in the Amazon Web Services Billing and Cost Management User Guide. // // You can specify up to 50 tags when creating a delivery stream. + // + // If you specify tags in the CreateDeliveryStream action, Amazon Data Firehose + // performs an additional authorization on the firehose:TagDeliveryStream action + // to verify if users have permissions to create tags. If you do not provide + // this permission, requests to create new Firehose delivery streams with IAM + // resource tags will fail with an AccessDeniedException such as following. + // + // AccessDeniedException + // + // User: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream + // on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit + // deny in an identity-based policy. + // + // For an example IAM policy, see Tag example. (https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html#API_CreateDeliveryStream_Examples) Tags []*Tag `min:"1" type:"list"` } diff --git a/service/firehose/doc.go b/service/firehose/doc.go index 2c7fd8e85f2..14e7f60c74e 100644 --- a/service/firehose/doc.go +++ b/service/firehose/doc.go @@ -3,6 +3,8 @@ // Package firehose provides the client and types for making API // requests to Amazon Kinesis Firehose. // +// Amazon Data Firehose was previously known as Amazon Kinesis Data Firehose. +// // Amazon Data Firehose is a fully managed service that delivers real-time streaming // data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon // OpenSearch Service, Amazon Redshift, Splunk, and various other supportd destinations. diff --git a/service/kendra/api.go b/service/kendra/api.go index 7a7c588c9bb..3c39092d8b5 100644 --- a/service/kendra/api.go +++ b/service/kendra/api.go @@ -2182,9 +2182,9 @@ func (c *Kendra) DeleteIndexRequest(input *DeleteIndexInput) (req *request.Reque // DeleteIndex API operation for AWSKendraFrontendService. // -// Deletes an existing Amazon Kendra index. An exception is not thrown if the -// index is already being deleted. While the index is being deleted, the Status -// field returned by a call to the DescribeIndex API is set to DELETING. +// Deletes an Amazon Kendra index. An exception is not thrown if the index is +// already being deleted. While the index is being deleted, the Status field +// returned by a call to the DescribeIndex API is set to DELETING. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -2511,7 +2511,7 @@ func (c *Kendra) DeleteThesaurusRequest(input *DeleteThesaurusInput) (req *reque // DeleteThesaurus API operation for AWSKendraFrontendService. // -// Deletes an existing Amazon Kendra thesaurus. +// Deletes an Amazon Kendra thesaurus. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3104,7 +3104,7 @@ func (c *Kendra) DescribeIndexRequest(input *DescribeIndexInput) (req *request.R // DescribeIndex API operation for AWSKendraFrontendService. // -// Gets information about an existing Amazon Kendra index. +// Gets information about an Amazon Kendra index. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -3510,7 +3510,7 @@ func (c *Kendra) DescribeThesaurusRequest(input *DescribeThesaurusInput) (req *r // DescribeThesaurus API operation for AWSKendraFrontendService. // -// Gets information about an existing Amazon Kendra thesaurus. +// Gets information about an Amazon Kendra thesaurus. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7028,7 +7028,7 @@ func (c *Kendra) UpdateDataSourceRequest(input *UpdateDataSourceInput) (req *req // UpdateDataSource API operation for AWSKendraFrontendService. // -// Updates an existing Amazon Kendra data source connector. +// Updates an Amazon Kendra data source connector. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -7340,7 +7340,7 @@ func (c *Kendra) UpdateIndexRequest(input *UpdateIndexInput) (req *request.Reque // UpdateIndex API operation for AWSKendraFrontendService. // -// Updates an existing Amazon Kendra index. +// Updates an Amazon Kendra index. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -12846,6 +12846,8 @@ type CreateIndexInput struct { // Gets users and groups from IAM Identity Center identity source. To configure // this, see UserGroupResolutionConfiguration (https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html). + // This is useful for user context filtering, where search results are filtered + // based on the user or their group access to documents. UserGroupResolutionConfiguration *UserGroupResolutionConfiguration `type:"structure"` // The user token configuration. @@ -13511,10 +13513,38 @@ type DataSourceConfiguration struct { // Provides the configuration information to connect to Amazon FSx as your data // source. + // + // Amazon Kendra now supports an upgraded Amazon FSx Windows connector. + // + // You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) + // object instead of the FsxConfiguration object to configure your connector. + // + // Connectors configured using the older console and API architecture will continue + // to function as configured. However, you won't be able to edit or update them. + // If you want to edit or update your connector configuration, you must create + // a new connector. + // + // We recommended migrating your connector workflow to the upgraded version. + // Support for connectors configured using the older architecture is scheduled + // to end by June 2024. FsxConfiguration *FsxConfiguration `type:"structure"` // Provides the configuration information to connect to GitHub as your data // source. + // + // Amazon Kendra now supports an upgraded GitHub connector. + // + // You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) + // object instead of the GitHubConfiguration object to configure your connector. + // + // Connectors configured using the older console and API architecture will continue + // to function as configured. However, you won’t be able to edit or update + // them. If you want to edit or update your connector configuration, you must + // create a new connector. + // + // We recommended migrating your connector workflow to the upgraded version. + // Support for connectors configured using the older architecture is scheduled + // to end by June 2024. GitHubConfiguration *GitHubConfiguration `type:"structure"` // Provides the configuration information to connect to Google Drive as your @@ -13533,6 +13563,21 @@ type DataSourceConfiguration struct { // Provides the configuration information to connect to an Amazon S3 bucket // as your data source. + // + // Amazon Kendra now supports an upgraded Amazon S3 connector. + // + // You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) + // object instead of the S3DataSourceConfiguration object to configure your + // connector. + // + // Connectors configured using the older console and API architecture will continue + // to function as configured. However, you won't be able to edit or update them. + // If you want to edit or update your connector configuration, you must create + // a new connector. + // + // We recommended migrating your connector workflow to the upgraded version. + // Support for connectors configured using the older architecture is scheduled + // to end by June 2024. S3Configuration *S3DataSourceConfiguration `type:"structure"` // Provides the configuration information to connect to Salesforce as your data @@ -13548,6 +13593,20 @@ type DataSourceConfiguration struct { SharePointConfiguration *SharePointConfiguration `type:"structure"` // Provides the configuration information to connect to Slack as your data source. + // + // Amazon Kendra now supports an upgraded Slack connector. + // + // You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) + // object instead of the SlackConfiguration object to configure your connector. + // + // Connectors configured using the older console and API architecture will continue + // to function as configured. However, you won't be able to edit or update them. + // If you want to edit or update your connector configuration, you must create + // a new connector. + // + // We recommended migrating your connector workflow to the upgraded version. + // Support for connectors configured using the older architecture is scheduled + // to end by June 2024. SlackConfiguration *SlackConfiguration `type:"structure"` // Provides a template for the configuration information to connect to your @@ -16252,10 +16311,10 @@ type DescribeIndexOutput struct { Name *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of the IAM role that gives Amazon Kendra permission - // to write to your Amazon Cloudwatch logs. + // to write to your Amazon CloudWatch logs. RoleArn *string `type:"string"` - // The identifier of the KMScustomer master key (CMK) that is used to encrypt + // The identifier of the KMS customer master key (CMK) that is used to encrypt // your data. Amazon Kendra doesn't support asymmetric CMKs. ServerSideEncryptionConfiguration *ServerSideEncryptionConfiguration `type:"structure"` @@ -16264,14 +16323,15 @@ type DescribeIndexOutput struct { // a message that explains why. Status *string `type:"string" enum:"IndexStatus"` - // The Unix when the index was last updated. + // The Unix timestamp when the index was last updated. UpdatedAt *time.Time `type:"timestamp"` // The user context policy for the Amazon Kendra index. UserContextPolicy *string `type:"string" enum:"UserContextPolicy"` - // Whether you have enabled the configuration for fetching access levels of - // groups and users from an IAM Identity Center identity source. + // Whether you have enabled IAM Identity Center identity source for your users + // and groups. This is useful for user context filtering, where search results + // are filtered based on the user or their group access to documents. UserGroupResolutionConfiguration *UserGroupResolutionConfiguration `type:"structure"` // The user token configuration for the Amazon Kendra index. @@ -19725,6 +19785,20 @@ func (s *FeaturedResultsSetSummary) SetStatus(v string) *FeaturedResultsSetSumma // Provides the configuration information to connect to Amazon FSx as your data // source. +// +// Amazon Kendra now supports an upgraded Amazon FSx Windows connector. +// +// You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) +// object instead of the FsxConfiguration object to configure your connector. +// +// Connectors configured using the older console and API architecture will continue +// to function as configured. However, you won't be able to edit or update them. +// If you want to edit or update your connector configuration, you must create +// a new connector. +// +// We recommended migrating your connector workflow to the upgraded version. +// Support for connectors configured using the older architecture is scheduled +// to end by June 2024. type FsxConfiguration struct { _ struct{} `type:"structure"` @@ -20228,6 +20302,20 @@ func (s *GetSnapshotsOutput) SetSnapshotsDataHeader(v []*string) *GetSnapshotsOu // Provides the configuration information to connect to GitHub as your data // source. +// +// Amazon Kendra now supports an upgraded GitHub connector. +// +// You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) +// object instead of the GitHubConfiguration object to configure your connector. +// +// Connectors configured using the older console and API architecture will continue +// to function as configured. However, you won’t be able to edit or update +// them. If you want to edit or update your connector configuration, you must +// create a new connector. +// +// We recommended migrating your connector workflow to the upgraded version. +// Support for connectors configured using the older architecture is scheduled +// to end by June 2024. type GitHubConfiguration struct { _ struct{} `type:"structure"` @@ -23848,7 +23936,7 @@ type OnPremiseConfiguration struct { // HostUrl is a required field HostUrl *string `min:"1" type:"string" required:"true"` - // The name of the organization of the GitHub Enterprise Server (in-premise) + // The name of the organization of the GitHub Enterprise Server (on-premises) // account you want to connect to. You can find your organization name by logging // into GitHub desktop and selecting Your organizations under your profile picture // dropdown. @@ -24622,7 +24710,10 @@ type QueryInput struct { // The input query text for the search. Amazon Kendra truncates queries at 30 // token words, which excludes punctuation and stop words. Truncation still - // applies if you use Boolean or more advanced, complex queries. + // applies if you use Boolean or more advanced, complex queries. For example, + // Timeoff AND October AND Category:HR is counted as 3 tokens: timeoff, october, + // hr. For more information, see Searching with advanced query syntax (https://docs.aws.amazon.com/kendra/latest/dg/searching-example.html#searching-index-query-syntax) + // in the Amazon Kendra Developer Guide. QueryText *string `type:"string"` // An array of document fields/attributes to include in the response. You can @@ -24993,7 +25084,9 @@ type QueryResultItem struct { // in DocumentExcerpt. Format *string `type:"string" enum:"QueryResultFormat"` - // The identifier for the query result. + // The unique identifier for the query result item id (Id) and the query result + // item document id (DocumentId) combined. The value of this field changes with + // every request, even when you have the same documents. Id *string `min:"1" type:"string"` // Indicates the confidence level of Amazon Kendra providing a relevant result @@ -25443,8 +25536,7 @@ type Relevance struct { // Indicates that this field determines how "fresh" a document is. For example, // if document 1 was created on November 5, and document 2 was created on October - // 31, document 1 is "fresher" than document 2. You can only set the Freshness - // field on one DATE type field. Only applies to DATE fields. + // 31, document 1 is "fresher" than document 2. Only applies to DATE fields. Freshness *bool `type:"boolean"` // The relative importance of the field in the search. Larger numbers provide @@ -25461,11 +25553,11 @@ type Relevance struct { // in a task tracking application, a priority 1 task is more important than // a priority 5 task. // - // Only applies to LONG and DOUBLE fields. + // Only applies to LONG fields. RankOrder *string `type:"string" enum:"Order"` // A list of values that should be given a different boost when they appear - // in the result list. For example, if you are boosting a field called "department," + // in the result list. For example, if you are boosting a field called "department", // query terms that match the department field are boosted in the result. However, // you can add entries from the department field to boost documents with those // values higher. @@ -25909,7 +26001,10 @@ type RetrieveInput struct { // The input query text to retrieve relevant passages for the search. Amazon // Kendra truncates queries at 30 token words, which excludes punctuation and // stop words. Truncation still applies if you use Boolean or more advanced, - // complex queries. + // complex queries. For example, Timeoff AND October AND Category:HR is counted + // as 3 tokens: timeoff, october, hr. For more information, see Searching with + // advanced query syntax (https://docs.aws.amazon.com/kendra/latest/dg/searching-example.html#searching-index-query-syntax) + // in the Amazon Kendra Developer Guide. // // QueryText is a required field QueryText *string `type:"string" required:"true"` @@ -26164,6 +26259,21 @@ func (s *RetrieveResultItem) SetScoreAttributes(v *ScoreAttributes) *RetrieveRes } // Provides the configuration information to connect to an Amazon S3 bucket. +// +// Amazon Kendra now supports an upgraded Amazon S3 connector. +// +// You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) +// object instead of the S3DataSourceConfiguration object to configure your +// connector. +// +// Connectors configured using the older console and API architecture will continue +// to function as configured. However, you won't be able to edit or update them. +// If you want to edit or update your connector configuration, you must create +// a new connector. +// +// We recommended migrating your connector workflow to the upgraded version. +// Support for connectors configured using the older architecture is scheduled +// to end by June 2024. type S3DataSourceConfiguration struct { _ struct{} `type:"structure"` @@ -26182,37 +26292,62 @@ type S3DataSourceConfiguration struct { // Each metadata file contains metadata about a single document. DocumentsMetadataConfiguration *DocumentsMetadataConfiguration `type:"structure"` - // A list of glob patterns for documents that should not be indexed. If a document - // that matches an inclusion prefix or inclusion pattern also matches an exclusion - // pattern, the document is not indexed. + // A list of glob patterns (patterns that can expand a wildcard pattern into + // a list of path names that match the given pattern) for certain file names + // and file types to exclude from your index. If a document matches both an + // inclusion and exclusion prefix or pattern, the exclusion prefix takes precendence + // and the document is not indexed. Examples of glob patterns include: + // + // * /myapp/config/*—All files inside config directory. + // + // * **/*.png—All .png files in all directories. + // + // * **/*.{png, ico, md}—All .png, .ico or .md files in all directories. + // + // * /myapp/src/**/*.ts—All .ts files inside src directory (and all its + // subdirectories). + // + // * **/!(*.module).ts—All .ts files but not .module.ts // - // Some examples (https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) - // are: + // * *.png , *.jpg—All PNG and JPEG image files in a directory (files with + // the extensions .png and .jpg). // - // * *.png , *.jpg will exclude all PNG and JPEG image files in a directory - // (files with the extensions .png and .jpg). + // * *internal*—All files in a directory that contain 'internal' in the + // file name, such as 'internal', 'internal_only', 'company_internal'. // - // * *internal* will exclude all files in a directory that contain 'internal' - // in the file name, such as 'internal', 'internal_only', 'company_internal'. + // * **/*internal*—All internal-related files in a directory and its subdirectories. // - // * **/*internal* will exclude all internal-related files in a directory - // and its subdirectories. + // For more examples, see Use of Exclude and Include Filters (https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) + // in the Amazon Web Services CLI Command Reference. ExclusionPatterns []*string `type:"list"` - // A list of glob patterns for documents that should be indexed. If a document - // that matches an inclusion pattern also matches an exclusion pattern, the - // document is not indexed. + // A list of glob patterns (patterns that can expand a wildcard pattern into + // a list of path names that match the given pattern) for certain file names + // and file types to include in your index. If a document matches both an inclusion + // and exclusion prefix or pattern, the exclusion prefix takes precendence and + // the document is not indexed. Examples of glob patterns include: // - // Some examples (https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) - // are: + // * /myapp/config/*—All files inside config directory. // - // * *.txt will include all text files in a directory (files with the extension - // .txt). + // * **/*.png—All .png files in all directories. // - // * **/*.txt will include all text files in a directory and its subdirectories. + // * **/*.{png, ico, md}—All .png, .ico or .md files in all directories. // - // * *tax* will include all files in a directory that contain 'tax' in the - // file name, such as 'tax', 'taxes', 'income_tax'. + // * /myapp/src/**/*.ts—All .ts files inside src directory (and all its + // subdirectories). + // + // * **/!(*.module).ts—All .ts files but not .module.ts + // + // * *.png , *.jpg—All PNG and JPEG image files in a directory (files with + // the extensions .png and .jpg). + // + // * *internal*—All files in a directory that contain 'internal' in the + // file name, such as 'internal', 'internal_only', 'company_internal'. + // + // * **/*internal*—All internal-related files in a directory and its subdirectories. + // + // For more examples, see Use of Exclude and Include Filters (https://docs.aws.amazon.com/cli/latest/reference/s3/#use-of-exclude-and-include-filters) + // in the Amazon Web Services CLI Command Reference. InclusionPatterns []*string `type:"list"` // A list of S3 prefixes for the documents that should be included in the index. @@ -28209,6 +28344,20 @@ func (s *SiteMapsConfiguration) SetSiteMaps(v []*string) *SiteMapsConfiguration } // Provides the configuration information to connect to Slack as your data source. +// +// Amazon Kendra now supports an upgraded Slack connector. +// +// You must now use the TemplateConfiguration (https://docs.aws.amazon.com/kendra/latest/APIReference/API_TemplateConfiguration.html) +// object instead of the SlackConfiguration object to configure your connector. +// +// Connectors configured using the older console and API architecture will continue +// to function as configured. However, you won’t be able to edit or update +// them. If you want to edit or update your connector configuration, you must +// create a new connector. +// +// We recommended migrating your connector workflow to the upgraded version. +// Support for connectors configured using the older architecture is scheduled +// to end by June 2024. type SlackConfiguration struct { _ struct{} `type:"structure"` @@ -30692,7 +30841,7 @@ type UpdateIndexInput struct { // Id is a required field Id *string `min:"36" type:"string" required:"true"` - // The name of the index you want to update. + // A new name for the index. Name *string `min:"1" type:"string"` // An Identity and Access Management (IAM) role that gives Amazon Kendra permission @@ -30702,9 +30851,10 @@ type UpdateIndexInput struct { // The user context policy. UserContextPolicy *string `type:"string" enum:"UserContextPolicy"` - // Enables fetching access levels of groups and users from an IAM Identity Center - // identity source. To configure this, see UserGroupResolutionConfiguration - // (https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html). + // Gets users and groups from IAM Identity Center identity source. To configure + // this, see UserGroupResolutionConfiguration (https://docs.aws.amazon.com/kendra/latest/dg/API_UserGroupResolutionConfiguration.html). + // This is useful for user context filtering, where search results are filtered + // based on the user or their group access to documents. UserGroupResolutionConfiguration *UserGroupResolutionConfiguration `type:"structure"` // The user token configuration. diff --git a/service/pricing/api.go b/service/pricing/api.go index 32665ac28b8..18f41ad9b68 100644 --- a/service/pricing/api.go +++ b/service/pricing/api.go @@ -402,6 +402,9 @@ func (c *Pricing) GetPriceListFileUrlRequest(input *GetPriceListFileUrlInput) (r // - ThrottlingException // You've made too many requests exceeding service quotas. // +// - ResourceNotFoundException +// The requested resource can't be found. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/pricing-2017-10-15/GetPriceListFileUrl func (c *Pricing) GetPriceListFileUrl(input *GetPriceListFileUrlInput) (*GetPriceListFileUrlOutput, error) { req, out := c.GetPriceListFileUrlRequest(input) @@ -667,6 +670,9 @@ func (c *Pricing) ListPriceListsRequest(input *ListPriceListsInput) (req *reques // - ThrottlingException // You've made too many requests exceeding service quotas. // +// - ResourceNotFoundException +// The requested resource can't be found. +// // - ExpiredNextTokenException // The pagination token expired. Try again without a pagination token. // @@ -1991,6 +1997,70 @@ func (s *PriceList) SetRegionCode(v string) *PriceList { return s } +// The requested resource can't be found. +type ResourceNotFoundException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ResourceNotFoundException) GoString() string { + return s.String() +} + +func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error { + return &ResourceNotFoundException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *ResourceNotFoundException) Code() string { + return "ResourceNotFoundException" +} + +// Message returns the exception's message. +func (s *ResourceNotFoundException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *ResourceNotFoundException) OrigErr() error { + return nil +} + +func (s *ResourceNotFoundException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *ResourceNotFoundException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *ResourceNotFoundException) RequestID() string { + return s.RespMetadata.RequestID +} + // The metadata for a service, such as the service code and available attribute // names. type Service struct { diff --git a/service/pricing/errors.go b/service/pricing/errors.go index 6c05802a344..fa9f184a3aa 100644 --- a/service/pricing/errors.go +++ b/service/pricing/errors.go @@ -45,6 +45,12 @@ const ( // The requested resource can't be found. ErrCodeNotFoundException = "NotFoundException" + // ErrCodeResourceNotFoundException for service response error code + // "ResourceNotFoundException". + // + // The requested resource can't be found. + ErrCodeResourceNotFoundException = "ResourceNotFoundException" + // ErrCodeThrottlingException for service response error code // "ThrottlingException". // @@ -59,5 +65,6 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "InvalidNextTokenException": newErrorInvalidNextTokenException, "InvalidParameterException": newErrorInvalidParameterException, "NotFoundException": newErrorNotFoundException, + "ResourceNotFoundException": newErrorResourceNotFoundException, "ThrottlingException": newErrorThrottlingException, } diff --git a/service/rolesanywhere/api.go b/service/rolesanywhere/api.go index 734f90b5b07..4c951e2a9ec 100644 --- a/service/rolesanywhere/api.go +++ b/service/rolesanywhere/api.go @@ -1329,8 +1329,9 @@ func (c *RolesAnywhere) ImportCrlRequest(input *ImportCrlInput) (req *request.Re // ImportCrl API operation for IAM Roles Anywhere. // // Imports the certificate revocation list (CRL). A CRL is a list of certificates -// that have been revoked by the issuing certificate Authority (CA). IAM Roles -// Anywhere validates against the CRL before issuing credentials. +// that have been revoked by the issuing certificate Authority (CA).In order +// to be properly imported, a CRL must be in PEM format. IAM Roles Anywhere +// validates against the CRL before issuing credentials. // // Required permissions: rolesanywhere:ImportCrl. // @@ -2717,7 +2718,9 @@ func (s *AccessDeniedException) RequestID() string { type CreateProfileInput struct { _ struct{} `type:"structure"` - // The number of seconds the vended session credentials are valid for. + // Used to determine how long sessions vended using this profile are valid for. + // See the Expiration section of the CreateSession API documentation (https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object) + // page for more details. DurationSeconds *int64 `locationName:"durationSeconds" min:"900" type:"integer"` // Specifies whether the profile is enabled. @@ -5169,7 +5172,9 @@ type ProfileDetail struct { // The Amazon Web Services account that created the profile. CreatedBy *string `locationName:"createdBy" type:"string"` - // The number of seconds the vended session credentials are valid for. + // Used to determine how long sessions vended using this profile are valid for. + // See the Expiration section of the CreateSession API documentation (https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object) + // page for more details. DurationSeconds *int64 `locationName:"durationSeconds" type:"integer"` // Indicates whether the profile is enabled. @@ -6399,7 +6404,9 @@ func (s *UpdateCrlOutput) SetCrl(v *CrlDetail) *UpdateCrlOutput { type UpdateProfileInput struct { _ struct{} `type:"structure"` - // The number of seconds the vended session credentials are valid for. + // Used to determine how long sessions vended using this profile are valid for. + // See the Expiration section of the CreateSession API documentation (https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html#credentials-object) + // page for more details. DurationSeconds *int64 `locationName:"durationSeconds" min:"900" type:"integer"` // A list of managed policy ARNs that apply to the vended session credentials. diff --git a/service/securityhub/api.go b/service/securityhub/api.go index 27826fa7f84..fbf9af61f7e 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -34009,20 +34009,11 @@ func (s *AwsLambdaFunctionVpcConfig) SetVpcId(v string) *AwsLambdaFunctionVpcCon type AwsLambdaLayerVersionDetails struct { _ struct{} `type:"structure"` - // The layer's compatible function runtimes (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html). + // The layer's compatible runtimes. Maximum number of five items. // - // The following list includes deprecated runtimes. For more information, see - // Runtime deprecation policy (https://docs.aws.amazon.com/lambda/latest/dg/lambda-runtimes.html#runtime-support-policy) - // in the Lambda Developer Guide. - // - // Array Members: Maximum number of 5 items. - // - // Valid Values: nodejs | nodejs4.3 | nodejs6.10 | nodejs8.10 | nodejs10.x | - // nodejs12.x | nodejs14.x | nodejs16.x | java8 | java8.al2 | java11 | python2.7 - // | python3.6 | python3.7 | python3.8 | python3.9 | dotnetcore1.0 | dotnetcore2.0 - // | dotnetcore2.1 | dotnetcore3.1 | dotnet6 | nodejs4.3-edge | go1.x | ruby2.5 - // | ruby2.7 | provided | provided.al2 | nodejs18.x | python3.10 | java17 | - // ruby3.2 | python3.11 | nodejs20.x | provided.al2023 | python3.12 | java21 + // Valid values: nodejs10.x | nodejs12.x | java8 | java11 | python2.7 | python3.6 + // | python3.7 | python3.8 | dotnetcore1.0 | dotnetcore2.1 | go1.x | ruby2.5 + // | provided CompatibleRuntimes []*string `type:"list"` // Indicates when the version was created. @@ -65407,6 +65398,10 @@ type Vulnerability struct { // Id is a required field Id *string `type:"string" required:"true"` + // The date and time of the last exploit associated with a finding discovered + // in your environment. + LastKnownExploitAt *string `type:"string"` + // A list of URLs that provide additional information about the vulnerability. ReferenceUrls []*string `type:"list"` @@ -65492,6 +65487,12 @@ func (s *Vulnerability) SetId(v string) *Vulnerability { return s } +// SetLastKnownExploitAt sets the LastKnownExploitAt field's value. +func (s *Vulnerability) SetLastKnownExploitAt(v string) *Vulnerability { + s.LastKnownExploitAt = &v + return s +} + // SetReferenceUrls sets the ReferenceUrls field's value. func (s *Vulnerability) SetReferenceUrls(v []*string) *Vulnerability { s.ReferenceUrls = v diff --git a/service/securityhub/doc.go b/service/securityhub/doc.go index 79a3a8673ae..f5499c8a0cd 100644 --- a/service/securityhub/doc.go +++ b/service/securityhub/doc.go @@ -3,68 +3,29 @@ // Package securityhub provides the client and types for making API // requests to AWS SecurityHub. // -// Security Hub provides you with a comprehensive view of your security state -// in Amazon Web Services and helps you assess your Amazon Web Services environment -// against security industry standards and best practices. -// -// Security Hub collects security data across Amazon Web Services accounts, -// Amazon Web Services, and supported third-party products and helps you analyze -// your security trends and identify the highest priority security issues. -// -// To help you manage the security state of your organization, Security Hub -// supports multiple security standards. These include the Amazon Web Services -// Foundational Security Best Practices (FSBP) standard developed by Amazon -// Web Services, and external compliance frameworks such as the Center for Internet -// Security (CIS), the Payment Card Industry Data Security Standard (PCI DSS), -// and the National Institute of Standards and Technology (NIST). Each standard -// includes several security controls, each of which represents a security best -// practice. Security Hub runs checks against security controls and generates -// control findings to help you assess your compliance against security best -// practices. -// -// In addition to generating control findings, Security Hub also receives findings -// from other Amazon Web Services, such as Amazon GuardDuty and Amazon Inspector, -// and supported third-party products. This gives you a single pane of glass -// into a variety of security-related issues. You can also send Security Hub -// findings to other Amazon Web Services and supported third-party products. -// -// Security Hub offers automation features that help you triage and remediate -// security issues. For example, you can use automation rules to automatically -// update critical findings when a security check fails. You can also leverage -// the integration with Amazon EventBridge to trigger automatic responses to -// specific findings. -// -// This guide, the Security Hub API Reference, provides information about the -// Security Hub API. This includes supported resources, HTTP methods, parameters, -// and schemas. If you're new to Security Hub, you might find it helpful to -// also review the Security Hub User Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). -// The user guide explains key concepts and provides procedures that demonstrate -// how to use Security Hub features. It also provides information about topics -// such as integrating Security Hub with other Amazon Web Services. -// -// In addition to interacting with Security Hub by making calls to the Security -// Hub API, you can use a current version of an Amazon Web Services command -// line tool or SDK. Amazon Web Services provides tools and SDKs that consist -// of libraries and sample code for various languages and platforms, such as -// PowerShell, Java, Go, Python, C++, and .NET. These tools and SDKs provide -// convenient, programmatic access to Security Hub and other Amazon Web Services -// . They also handle tasks such as signing requests, managing errors, and retrying -// requests automatically. For information about installing and using the Amazon -// Web Services tools and SDKs, see Tools to Build on Amazon Web Services (http://aws.amazon.com/developer/tools/). -// -// With the exception of operations that are related to central configuration, -// Security Hub API requests are executed only in the Amazon Web Services Region -// that is currently active or in the specific Amazon Web Services Region that -// you specify in your request. Any configuration or settings change that results -// from the operation is applied only to that Region. To make the same change -// in other Regions, call the same API operation in each Region in which you -// want to apply the change. When you use central configuration, API requests -// for enabling Security Hub, standards, and controls are executed in the home -// Region and all linked Regions. For a list of central configuration operations, -// see the Central configuration terms and concepts (https://docs.aws.amazon.com/securityhub/latest/userguide/central-configuration-intro.html#central-configuration-concepts) -// section of the Security Hub User Guide. -// -// The following throttling limits apply to Security Hub API operations. +// Security Hub provides you with a comprehensive view of the security state +// of your Amazon Web Services environment and resources. It also provides you +// with the readiness status of your environment based on controls from supported +// security standards. Security Hub collects security data from Amazon Web Services +// accounts, services, and integrated third-party products and helps you analyze +// security trends in your environment to identify the highest priority security +// issues. For more information about Security Hub, see the Security Hub User +// Guide (https://docs.aws.amazon.com/securityhub/latest/userguide/what-is-securityhub.html). +// +// When you use operations in the Security Hub API, the requests are executed +// only in the Amazon Web Services Region that is currently active or in the +// specific Amazon Web Services Region that you specify in your request. Any +// configuration or settings change that results from the operation is applied +// only to that Region. To make the same change in other Regions, run the same +// command for each Region in which you want to apply the change. +// +// For example, if your Region is set to us-west-2, when you use CreateMembers +// to add a member account to Security Hub, the association of the member account +// with the administrator account is created only in the us-west-2 Region. Security +// Hub must be enabled for the member account in the same Region that the invitation +// was sent from. +// +// The following throttling limits apply to using Security Hub API operations. // // - BatchEnableStandards - RateLimit of 1 request per second. BurstLimit // of 1 request per second.