App Runner provides you with the option to choose between Internet Protocol version 4 (IPv4) and dual-stack (IPv4 and IPv6) for your incoming public network configuration. This is an optional parameter. If you do not specify an IpAddressType, it defaults to select IPv4.
Currently, App Runner supports dual-stack for only Public endpoint. Only IPv4 is supported for Private endpoint. If you update a service that's using dual-stack Public endpoint to a Private endpoint, your App Runner service will default to support only IPv4 for Private endpoint and fail to receive traffic originating from IPv6 endpoint.
The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Historical metrics definitions in the Amazon Connect Administrator's Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
The Negate key in Metric Level Filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
The metrics to retrieve. Specify the name, groupings, and filters for each metric. The following historical metrics are available. For a description of each metric, see Historical metrics definitions in the Amazon Connect Administrator's Guide.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Data for this metric is available starting from October 1, 2023 0:00:00 GMT.
Unit: Percentage
Valid groupings and filters: Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only in Amazon Web Services Regions where Forecasting, capacity planning, and scheduling is available.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid metric filter key: INITIATION_METHOD. For now, this metric only supports the following as INITIATION_METHOD: INBOUND | OUTBOUND | CALLBACK | API
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
The Negate key in Metric Level Filters is not applicable for this metric.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid metric filter key: INITIATION_METHOD
Valid groupings and filters: Queue, Channel, Routing Profile, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid metric filter key: INITIATION_METHOD, DISCONNECT_REASON
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy, Feature
Feature is a valid filter but not a valid grouping.
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
Unit: Seconds
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
This metric is available only for contacts analyzed by Contact Lens conversational analytics.
Unit: Percentage
Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent Hierarchy
You can include up to 20 SERVICE_LEVEL metrics in a request.
Unit: Percent
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Threshold: For ThresholdValue, enter any whole number from 1 to 604800 (inclusive), in seconds. For Comparison, you must enter LT (for \"Less than\").
Valid metric filter key: DISCONNECT_REASON
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
Unit: Count
Valid groupings and filters: Queue, Channel, Routing Profile
This operation is used with the Amazon GameLift FleetIQ solution and game server groups.
Locates an available game server and temporarily reserves it to host gameplay and players. This operation is called from a game client or client service (such as a matchmaker) to request hosting resources for a new game session. In response, Amazon GameLift FleetIQ locates an available game server, places it in CLAIMED status for 60 seconds, and returns connection information that players can use to connect to the game server.
To claim a game server, identify a game server group. You can also specify a game server ID, although this approach bypasses Amazon GameLift FleetIQ placement optimization. Optionally, include game data to pass to the game server at the start of a game session, such as a game map or player information. Add filter options to further restrict how a game server is chosen, such as only allowing game servers on ACTIVE instances to be claimed.
When a game server is successfully claimed, connection information is returned. A claimed game server's utilization status remains AVAILABLE while the claim status is set to CLAIMED for up to 60 seconds. This time period gives the game server time to update its status to UTILIZED after players join. If the game server's status is not updated within 60 seconds, the game server reverts to unclaimed status and is available to be claimed by another request. The claim time period is a fixed value and is not configurable.
If you try to claim a specific game server, this request will fail in the following cases:
If the game server utilization status is UTILIZED.
If the game server claim status is CLAIMED.
If the game server is running on an instance in DRAINING status and the provided filter option does not allow placing on DRAINING instances.
Learn more
", "CreateAlias": "Creates an alias for a fleet. In most situations, you can use an alias ID in place of a fleet ID. An alias provides a level of abstraction for a fleet that is useful when redirecting player traffic from one fleet to another, such as when updating your game build.
Amazon GameLift supports two types of routing strategies for aliases: simple and terminal. A simple alias points to an active fleet. A terminal alias is used to display messaging or link to a URL instead of routing players to an active fleet. For example, you might use a terminal alias when a game version is no longer supported and you want to direct players to an upgrade site.
To create a fleet alias, specify an alias name, routing strategy, and optional description. Each simple alias can point to only one fleet, but a fleet can have multiple aliases. If successful, a new alias record is returned, including an alias ID and an ARN. You can reassign an alias to another fleet by calling UpdateAlias.
Related actions
", "CreateBuild": "Creates a new Amazon GameLift build resource for your game server binary files. Combine game server binaries into a zip file for use with Amazon GameLift.
When setting up a new game build for Amazon GameLift, we recommend using the CLI command upload-build . This helper command combines two tasks: (1) it uploads your build files from a file directory to an Amazon GameLift Amazon S3 location, and (2) it creates a new build resource.
You can use the CreateBuild operation in the following scenarios:
Create a new game build with build files that are in an Amazon S3 location under an Amazon Web Services account that you control. To use this option, you give Amazon GameLift access to the Amazon S3 bucket. With permissions in place, specify a build name, operating system, and the Amazon S3 storage location of your game build.
Upload your build files to a Amazon GameLift Amazon S3 location. To use this option, specify a build name and operating system. This operation creates a new build resource and also returns an Amazon S3 location with temporary access credentials. Use the credentials to manually upload your build files to the specified Amazon S3 location. For more information, see Uploading Objects in the Amazon S3 Developer Guide. After you upload build files to the Amazon GameLift Amazon S3 location, you can't update them.
If successful, this operation creates a new build resource with a unique build ID and places it in INITIALIZED status. A build must be in READY status before you can create fleets with it.
Learn more
Create a Build with Files in Amazon S3
", - "CreateFleet": "Creates a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances to host your custom game server or Realtime Servers. Use this operation to configure the computing resources for your fleet and provide instructions for running game servers on each instance.
Most Amazon GameLift fleets can deploy instances to multiple locations, including the home Region (where the fleet is created) and an optional set of remote locations. Fleets that are created in the following Amazon Web Services Regions support multiple locations: us-east-1 (N. Virginia), us-west-2 (Oregon), eu-central-1 (Frankfurt), eu-west-1 (Ireland), ap-southeast-2 (Sydney), ap-northeast-1 (Tokyo), and ap-northeast-2 (Seoul). Fleets that are created in other Amazon GameLift Regions can deploy instances in the fleet's home Region only. All fleet instances use the same configuration regardless of location; however, you can adjust capacity settings and turn auto-scaling on/off for each location.
To create a fleet, choose the hardware for your instances, specify a game server build or Realtime script to deploy, and provide a runtime configuration to direct Amazon GameLift how to start and run game servers on each instance in the fleet. Set permissions for inbound traffic to your game servers, and enable optional features as needed. When creating a multi-location fleet, provide a list of additional remote locations.
If you need to debug your fleet, fetch logs, view performance metrics or other actions on the fleet, create the development fleet with port 22/3389 open. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished.
If successful, this operation creates a new Fleet resource and places it in NEW status, which prompts Amazon GameLift to initiate the fleet creation workflow.
Learn more
", + "CreateFleet": "Creates a fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances to host your custom game server or Realtime Servers. Use this operation to configure the computing resources for your fleet and provide instructions for running game servers on each instance.
Most Amazon GameLift fleets can deploy instances to multiple locations, including the home Region (where the fleet is created) and an optional set of remote locations. Fleets that are created in the following Amazon Web Services Regions support multiple locations: us-east-1 (N. Virginia), us-west-2 (Oregon), eu-central-1 (Frankfurt), eu-west-1 (Ireland), ap-southeast-2 (Sydney), ap-northeast-1 (Tokyo), and ap-northeast-2 (Seoul). Fleets that are created in other Amazon GameLift Regions can deploy instances in the fleet's home Region only. All fleet instances use the same configuration regardless of location; however, you can adjust capacity settings and turn auto-scaling on/off for each location.
To create a fleet, choose the hardware for your instances, specify a game server build or Realtime script to deploy, and provide a runtime configuration to direct Amazon GameLift how to start and run game servers on each instance in the fleet. Set permissions for inbound traffic to your game servers, and enable optional features as needed. When creating a multi-location fleet, provide a list of additional remote locations.
If you need to debug your fleet, fetch logs, view performance metrics or other actions on the fleet, create the development fleet with port 22/3389 open. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished.
If successful, this operation creates a new Fleet resource and places it in NEW status, which prompts Amazon GameLift to initiate the fleet creation workflow. You can track fleet creation by checking fleet status using DescribeFleetAttributes and DescribeFleetLocationAttributes/, or by monitoring fleet creation events using DescribeFleetEvents.
When the fleet status changes to ACTIVE, you can enable automatic scaling with PutScalingPolicy and set capacity for the home Region with UpdateFleetCapacity. When the status of each remote location reaches ACTIVE, you can set capacity by location using UpdateFleetCapacity.
Learn more
", "CreateFleetLocations": "Adds remote locations to a fleet and begins populating the new locations with EC2 instances. The new instances conform to the fleet's instance type, auto-scaling, and other configuration settings.
This operation cannot be used with fleets that don't support remote locations. Fleets can have multiple locations only if they reside in Amazon Web Services Regions that support this feature and were created after the feature was released in March 2021.
To add fleet locations, specify the fleet to be updated and provide a list of one or more locations.
If successful, this operation returns the list of added locations with their status set to NEW. Amazon GameLift initiates the process of starting an instance in each added location. You can track the status of each new location by monitoring location creation events using DescribeFleetEvents.
Learn more
", "CreateGameServerGroup": "This operation is used with the Amazon GameLift FleetIQ solution and game server groups.
Creates a Amazon GameLift FleetIQ game server group for managing game hosting on a collection of Amazon Elastic Compute Cloud instances for game hosting. This operation creates the game server group, creates an Auto Scaling group in your Amazon Web Services account, and establishes a link between the two groups. You can view the status of your game server groups in the Amazon GameLift console. Game server group metrics and events are emitted to Amazon CloudWatch.
Before creating a new game server group, you must have the following:
An Amazon Elastic Compute Cloud launch template that specifies how to launch Amazon Elastic Compute Cloud instances with your game server build. For more information, see Launching an Instance from a Launch Template in the Amazon Elastic Compute Cloud User Guide.
An IAM role that extends limited access to your Amazon Web Services account to allow Amazon GameLift FleetIQ to create and interact with the Auto Scaling group. For more information, see Create IAM roles for cross-service interaction in the Amazon GameLift FleetIQ Developer Guide.
To create a new game server group, specify a unique group name, IAM role and Amazon Elastic Compute Cloud launch template, and provide a list of instance types that can be used in the group. You must also set initial maximum and minimum limits on the group's instance count. You can optionally set an Auto Scaling policy with target tracking based on a Amazon GameLift FleetIQ metric.
Once the game server group and corresponding Auto Scaling group are created, you have full access to change the Auto Scaling group's configuration as needed. Several properties that are set when creating a game server group, including maximum/minimum size and auto-scaling policy settings, must be updated directly in the Auto Scaling group. Keep in mind that some Auto Scaling group properties are periodically updated by Amazon GameLift FleetIQ as part of its balancing activities to optimize for availability and cost.
Learn more
", "CreateGameSession": "Creates a multiplayer game session for players in a specific fleet location. This operation prompts an available server process to start a game session and retrieves connection information for the new game session. As an alternative, consider using the Amazon GameLift game session placement feature with StartGameSessionPlacement , which uses the FleetIQ algorithm and queues to optimize the placement process.
When creating a game session, you specify exactly where you want to place it and provide a set of game session configuration settings. The target fleet must be in ACTIVE status.
You can use this operation in the following ways:
To create a game session on an instance in a fleet's home Region, provide a fleet or alias ID along with your game session configuration.
To create a game session on an instance in a fleet's remote location, provide a fleet or alias ID and a location name, along with your game session configuration.
To create a game session on an instance in an Anywhere fleet, specify the fleet's custom location.
If successful, Amazon GameLift initiates a workflow to start a new game session and returns a GameSession object containing the game session configuration and status. When the game session status is ACTIVE, it is updated with connection information and you can create player sessions for the game session. By default, newly created game sessions are open to new players. You can restrict new player access by using UpdateGameSession to change the game session's player session creation policy.
Amazon GameLift retains logs for active for 14 days. To access the logs, call GetGameSessionLogUrl to download the log files.
Available in Amazon GameLift Local.
Learn more
", @@ -25,7 +25,7 @@ "DeleteFleetLocations": "Removes locations from a multi-location fleet. When deleting a location, all game server process and all instances that are still active in the location are shut down.
To delete fleet locations, identify the fleet ID and provide a list of the locations to be deleted.
If successful, GameLift sets the location status to DELETING, and begins to shut down existing server processes and terminate instances in each location being deleted. When completed, the location status changes to TERMINATED.
Learn more
Setting up Amazon GameLift fleets
", "DeleteGameServerGroup": "This operation is used with the Amazon GameLift FleetIQ solution and game server groups.
Terminates a game server group and permanently deletes the game server group record. You have several options for how these resources are impacted when deleting the game server group. Depending on the type of delete operation selected, this operation might affect these resources:
The game server group
The corresponding Auto Scaling group
All game servers that are currently running in the group
To delete a game server group, identify the game server group to delete and specify the type of delete operation to initiate. Game server groups can only be deleted if they are in ACTIVE or ERROR status.
If the delete request is successful, a series of operations are kicked off. The game server group status is changed to DELETE_SCHEDULED, which prevents new game servers from being registered and stops automatic scaling activity. Once all game servers in the game server group are deregistered, Amazon GameLift FleetIQ can begin deleting resources. If any of the delete operations fail, the game server group is placed in ERROR status.
Amazon GameLift FleetIQ emits delete events to Amazon CloudWatch.
Learn more
", "DeleteGameSessionQueue": "Deletes a game session queue. Once a queue is successfully deleted, unfulfilled StartGameSessionPlacement requests that reference the queue will fail. To delete a queue, specify the queue name.
", - "DeleteLocation": "Deletes a custom location.
Before deleting a custom location, review any fleets currently using the custom location and deregister the location if it is in use. For more information see, DeregisterCompute.
", + "DeleteLocation": "Deletes a custom location.
Before deleting a custom location, review any fleets currently using the custom location and deregister the location if it is in use. For more information, see DeregisterCompute.
", "DeleteMatchmakingConfiguration": "Permanently removes a FlexMatch matchmaking configuration. To delete, specify the configuration name. A matchmaking configuration cannot be deleted if it is being used in any active matchmaking tickets.
", "DeleteMatchmakingRuleSet": "Deletes an existing matchmaking rule set. To delete the rule set, provide the rule set name. Rule sets cannot be deleted if they are currently being used by a matchmaking configuration.
Learn more
", "DeleteScalingPolicy": "Deletes a fleet scaling policy. Once deleted, the policy is no longer in force and Amazon GameLift removes all record of it. To delete a scaling policy, specify both the scaling policy name and the fleet ID it is associated with.
To temporarily suspend scaling policies, use StopFleetActions. This operation suspends all policies for the fleet.
", @@ -267,7 +267,7 @@ "BuildIdOrArn": { "base": null, "refs": { - "CreateFleetInput$BuildId": "The unique identifier for a custom game server build to be deployed on fleet instances. You can use either the build ID or ARN. The build must be uploaded to Amazon GameLift and in READY status. This fleet property cannot be changed later.
The unique identifier for a custom game server build to be deployed on fleet instances. You can use either the build ID or ARN. The build must be uploaded to Amazon GameLift and in READY status. This fleet property can't be changed after the fleet is created.
A unique identifier for the build to delete. You can use either the build ID or ARN value.
", "DescribeBuildInput$BuildId": "A unique identifier for the build to retrieve properties for. You can use either the build ID or ARN value.
", "ListFleetsInput$BuildId": "A unique identifier for the build to request fleets for. Use this parameter to return only fleets using a specified build. Use either the build ID or ARN value.
", @@ -1244,8 +1244,8 @@ "FleetType": { "base": null, "refs": { - "CreateFleetInput$FleetType": "Indicates whether to use On-Demand or Spot instances for this fleet. By default, this property is set to ON_DEMAND. Learn more about when to use On-Demand versus Spot Instances. This property cannot be changed after the fleet is created.
Indicates whether to use On-Demand or Spot instances for this fleet. By default, this property is set to ON_DEMAND. Learn more about when to use On-Demand versus Spot Instances. This property cannot be changed after the fleet is created.
Indicates whether to use On-Demand or Spot instances for this fleet. By default, this property is set to ON_DEMAND. Learn more about when to use On-Demand versus Spot Instances. This fleet property can't be changed after the fleet is created.
Indicates whether to use On-Demand or Spot instances for this fleet. By default, this property is set to ON_DEMAND. Learn more about when to use On-Demand versus Spot Instances. This fleet property can't be changed after the fleet is created.
A collection of objects containing properties for each instance returned.
" } }, + "InstanceRoleCredentialsProvider": { + "base": null, + "refs": { + "CreateFleetInput$InstanceRoleCredentialsProvider": "Prompts Amazon GameLift to generate a shared credentials file for the IAM role defined in InstanceRoleArn. The shared credentials file is stored on each fleet instance and refreshed as needed. Use shared credentials for applications that are deployed along with the game server executable, if the game server is integrated with server SDK version 5.x. For more information about using shared credentials, see Communicate with other Amazon Web Services resources from your fleets.
Indicates that fleet instances maintain a shared credentials file for the IAM role defined in InstanceRoleArn. Shared credentials allow applications that are deployed with the game server executable to communicate with other Amazon Web Services resources. This property is used only when the game server is integrated with the server SDK version 5.x. For more information about using shared credentials, see Communicate with other Amazon Web Services resources from your fleets.
The network communication protocol used by the fleet.
" } }, + "IpRange": { + "base": null, + "refs": { + "IpPermission$IpRange": "A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: \"000.000.000.000/[subnet mask]\" or optionally the shortened version \"0.0.0.0/[subnet mask]\".
A descriptive label that is associated with an alias. Alias names do not need to be unique.
" } }, - "NonBlankString": { - "base": null, - "refs": { - "IpPermission$IpRange": "A range of allowed IP addresses. This value must be expressed in CIDR notation. Example: \"000.000.000.000/[subnet mask]\" or optionally the shortened version \"0.0.0.0/[subnet mask]\".
The secret access key that can be used to sign requests.
", "AwsCredentials$SessionToken": "The token that users must pass to the service API to use the temporary credentials.
", "ConflictException$Message": null, - "CreateFleetInput$InstanceRoleArn": "A unique identifier for an IAM role that manages access to your Amazon Web Services services. With an instance role ARN set, any application that runs on an instance in this fleet can assume the role, including install scripts, server processes, and daemons (background processes). Create a role or look up a role's ARN by using the IAM dashboard in the Amazon Web Services Management Console. Learn more about using on-box credentials for your game servers at Access external resources from a game server. This property cannot be changed after the fleet is created.
", + "CreateFleetInput$InstanceRoleArn": "A unique identifier for an IAM role with access permissions to other Amazon Web Services services. Any application that runs on an instance in the fleet--including install scripts, server processes, and other processes--can use these permissions to interact with Amazon Web Services resources that you own or have access to. For more information about using the role with your game server builds, see Communicate with other Amazon Web Services resources from your fleets. This fleet property can't be changed after the fleet is created.
", "Event$Message": "Additional information related to the event.
", - "FleetAttributes$InstanceRoleArn": "A unique identifier for an IAM role that manages access to your Amazon Web Services services. With an instance role ARN set, any application that runs on an instance in this fleet can assume the role, including install scripts, server processes, and daemons (background processes). Create a role or look up a role's ARN by using the IAM dashboard in the Amazon Web Services Management Console. Learn more about using on-box credentials for your game servers at Access external resources from a game server.
", + "FleetAttributes$InstanceRoleArn": "A unique identifier for an IAM role with access permissions to other Amazon Web Services services. Any application that runs on an instance in the fleet--including install scripts, server processes, and other processes--can use these permissions to interact with Amazon Web Services resources that you own or have access to. For more information about using the role with your game server builds, see Communicate with other Amazon Web Services resources from your fleets.
", "FleetCapacityExceededException$Message": null, "GameSessionFullException$Message": null, "IdempotentParameterMismatchException$Message": null, @@ -2361,7 +2368,6 @@ "CreateGameSessionInput$Name": "A descriptive label that is associated with a game session. Session names do not need to be unique.
", "CreateGameSessionInput$CreatorId": "A unique identifier for a player or entity creating the game session.
If you add a resource creation limit policy to a fleet, the CreateGameSession operation requires a CreatorId. Amazon GameLift limits the number of game session creation requests with the same CreatorId in a specified time period.
If you your fleet doesn't have a resource creation limit policy and you provide a CreatorId in your CreateGameSession requests, Amazon GameLift limits requests to one request per CreatorId per second.
To not limit CreateGameSession requests with the same CreatorId, don't provide a CreatorId in your CreateGameSession request.
A human-readable description of the matchmaking configuration.
", - "CreatePlayerSessionInput$PlayerId": "A unique identifier for a player. Player IDs are developer-defined.
", "CreateScriptInput$Name": "A descriptive label that is associated with a script. Script names don't need to be unique. You can use UpdateScript to change this value later.
", "CreateScriptInput$Version": "Version information associated with a build or script. Version strings don't need to be unique. You can use UpdateScript to change this value later.
", "CreateVpcPeeringAuthorizationInput$GameLiftAwsAccountId": "A unique identifier for the Amazon Web Services account that you use to manage your Amazon GameLift fleet. You can find your Account ID in the Amazon Web Services Management Console under account settings.
", @@ -2398,13 +2404,11 @@ "DescribeMatchmakingConfigurationsOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", "DescribeMatchmakingRuleSetsInput$NextToken": "A token that indicates the start of the next sequential page of results. Use the token that is returned with a previous call to this operation. To start at the beginning of the result set, do not specify a value.
", "DescribeMatchmakingRuleSetsOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", - "DescribePlayerSessionsInput$PlayerId": "A unique identifier for a player to retrieve player sessions for.
", "DescribePlayerSessionsInput$PlayerSessionStatusFilter": "Player session status to filter results on. Note that when a PlayerSessionId or PlayerId is provided in a DescribePlayerSessions request, then the PlayerSessionStatusFilter has no effect on the response.
Possible player session statuses include the following:
RESERVED -- The player session request has been received, but the player has not yet connected to the server process and/or been validated.
ACTIVE -- The player has been validated by the server process and is currently connected.
COMPLETED -- The player connection has been dropped.
TIMEDOUT -- A player session request was received, but the player did not connect and/or was not validated within the timeout limit (60 seconds).
A token that indicates the start of the next sequential page of results. Use the token that is returned with a previous call to this operation. To start at the beginning of the result set, do not specify a value. If a player session ID is specified, this parameter is ignored.
", "DescribePlayerSessionsOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", "DescribeScalingPoliciesInput$NextToken": "A token that indicates the start of the next sequential page of results. Use the token that is returned with a previous call to this operation. To start at the beginning of the result set, do not specify a value.
", "DescribeScalingPoliciesOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", - "DesiredPlayerSession$PlayerId": "A unique identifier for a player to associate with the player session.
", "Event$EventId": "A unique identifier for a fleet event.
", "Event$ResourceId": "A unique identifier for an event resource, such as a fleet ID.
", "Event$PreSignedLogUrl": "Location of stored logs with additional detail that is related to the event. This is useful for debugging issues. The URL is valid for 15 minutes. You can also access fleet creation logs through the Amazon GameLift console.
", @@ -2429,17 +2433,11 @@ "ListGameServersOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", "ListLocationsInput$NextToken": "A token that indicates the start of the next sequential page of results. Use the token that is returned with a previous call to this operation. To start at the beginning of the result set, do not specify a value.
", "ListLocationsOutput$NextToken": "A token that indicates where to resume retrieving results on the next call to this operation. If no token is returned, these results represent the end of the list.
", - "MatchedPlayerSession$PlayerId": "A unique identifier for a player
", "MatchmakingConfiguration$Description": "A descriptive label that is associated with matchmaking configuration.
", - "PlacedPlayerSession$PlayerId": "A unique identifier for a player that is associated with this player session.
", - "Player$PlayerId": "A unique identifier for a player
", "Player$Team": "Name of the team that the player is assigned to in a match. Team names are defined in a matchmaking rule set.
", "PlayerAttributeMap$key": null, "PlayerDataMap$key": null, - "PlayerIdList$member": null, - "PlayerLatency$PlayerId": "A unique identifier for a player associated with the latency data.
", "PlayerLatency$RegionIdentifier": "Name of the Region that is associated with the latency value.
", - "PlayerSession$PlayerId": "A unique identifier for a player that is associated with this player session.
", "PlayerSession$GameSessionId": "A unique identifier for the game session that the player session is connected to.
", "PutScalingPolicyInput$Name": "A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique. A fleet can have only one scaling policy with the same name.
", "PutScalingPolicyOutput$Name": "A descriptive label that is associated with a fleet's scaling policy. Policy names do not need to be unique.
", @@ -2553,12 +2551,33 @@ "CreatePlayerSessionsInput$PlayerDataMap": "Map of string pairs, each specifying a player ID and a set of developer-defined information related to the player. Amazon GameLift does not use this data, so it can be formatted as needed for use in the game. Any player data strings for player IDs that are not included in the PlayerIds parameter are ignored.
A unique identifier for a player. Player IDs are developer-defined.
", + "DescribePlayerSessionsInput$PlayerId": "A unique identifier for a player to retrieve player sessions for.
", + "DesiredPlayerSession$PlayerId": "A unique identifier for a player to associate with the player session.
", + "MatchedPlayerSession$PlayerId": "A unique identifier for a player
", + "PlacedPlayerSession$PlayerId": "A unique identifier for a player that is associated with this player session.
", + "Player$PlayerId": "A unique identifier for a player
", + "PlayerIdList$member": null, + "PlayerIdsForAcceptMatch$member": null, + "PlayerLatency$PlayerId": "A unique identifier for a player associated with the latency data.
", + "PlayerSession$PlayerId": "A unique identifier for a player that is associated with this player session.
" + } + }, "PlayerIdList": { "base": null, "refs": { "CreatePlayerSessionsInput$PlayerIds": "List of unique identifiers for the players to be added.
" } }, + "PlayerIdsForAcceptMatch": { + "base": null, + "refs": { + "AcceptMatchInput$PlayerIds": "A unique identifier for a player delivering the response. This parameter can include one or multiple player IDs.
" + } + }, "PlayerLatency": { "base": "Regional latency information for a player, used when requesting a new game session. This value indicates the amount of time lag that exists when the player is connected to a fleet in the specified Region. The relative difference between a player's latency values for multiple Regions are used to determine which fleets are best suited to place a new game session for the player.
", "refs": { @@ -2910,7 +2929,7 @@ "ScriptIdOrArn": { "base": null, "refs": { - "CreateFleetInput$ScriptId": "The unique identifier for a Realtime configuration script to be deployed on fleet instances. You can use either the script ID or ARN. Scripts must be uploaded to Amazon GameLift prior to creating the fleet. This fleet property cannot be changed later.
", + "CreateFleetInput$ScriptId": "The unique identifier for a Realtime configuration script to be deployed on fleet instances. You can use either the script ID or ARN. Scripts must be uploaded to Amazon GameLift prior to creating the fleet. This fleet property can't be changed after the fleet is created.
", "DeleteScriptInput$ScriptId": "A unique identifier for the Realtime script to delete. You can use either the script ID or ARN value.
", "DescribeScriptInput$ScriptId": "A unique identifier for the Realtime script to retrieve properties for. You can use either the script ID or ARN value.
", "ListFleetsInput$ScriptId": "A unique identifier for the Realtime script to request fleets for. Use this parameter to return only fleets using a specified script. Use either the script ID or ARN value.
", @@ -3039,7 +3058,6 @@ "StringList": { "base": null, "refs": { - "AcceptMatchInput$PlayerIds": "A unique identifier for a player delivering the response. This parameter can include one or multiple player IDs.
", "CreateFleetInput$LogPaths": " This parameter is no longer used. To specify where Amazon GameLift should store log files once a server process shuts down, use the Amazon GameLift server API ProcessReady() and specify one or more directory paths in logParameters. For more information, see Initialize the server process in the Amazon GameLift Developer Guide.
This parameter is no longer used. Game session log paths are now defined using the Amazon GameLift server API ProcessReady() logParameters. See more information in the Server API Reference.
The number of connections used for the session.
" } }, + "ConnectorDataSource": { + "base": "Specifies a source generated with standard connection options.
", + "refs": { + "CodeGenConfigurationNode$ConnectorDataSource": "Specifies a source generated with standard connection options.
" + } + }, + "ConnectorDataTarget": { + "base": "Specifies a target generated with standard connection options.
", + "refs": { + "CodeGenConfigurationNode$ConnectorDataTarget": "Specifies a target generated with standard connection options.
" + } + }, + "ConnectorOptions": { + "base": null, + "refs": { + "ConnectorDataSource$Data": "A map specifying connection options for the node. You can find standard connection options for the corresponding connection type in the Connection parameters section of the Glue documentation.
", + "ConnectorDataTarget$Data": "A map specifying connection options for the node. You can find standard connection options for the corresponding connection type in the Connection parameters section of the Glue documentation.
" + } + }, "ContextWords": { "base": null, "refs": { @@ -2798,6 +2817,8 @@ "CatalogKinesisSource$Database": "The name of the database to read from.
", "CatalogSource$Database": "The name of the database to read from.
", "CatalogSource$Table": "The name of the table in the database to read from.
", + "ConnectorDataSource$ConnectionType": "The connectionType, as provided to the underlying Glue library. This node type supports the following connection types:
bigquery
The connectionType, as provided to the underlying Glue library. This node type supports the following connection types:
bigquery
The name defined for the custom code node class.
", "DQDLAliases$value": null, "DQResultsPublishingOptions$ResultsS3Prefix": "The Amazon S3 prefix prepended to the results.
", @@ -3317,6 +3338,8 @@ "AmazonRedshiftNodeData$StagingTable": "The name of the temporary staging table that is used when doing a MERGE or APPEND with upsert.
", "Blueprint$BlueprintLocation": "Specifies the path in Amazon S3 where the blueprint is published.
", "Blueprint$BlueprintServiceLocation": "Specifies a path in Amazon S3 where the blueprint is copied when you call CreateBlueprint/UpdateBlueprint to register the blueprint in Glue.
The value provided for comparison on the crawl field.
", "CreateDevEndpointRequest$EndpointName": "The name to be assigned to the new DevEndpoint.
The subnet ID for the new DevEndpoint to use.
Specifies the data schema for the custom Athena source.
", "CatalogDeltaSource$OutputSchemas": "Specifies the data schema for the Delta Lake source.
", "CatalogHudiSource$OutputSchemas": "Specifies the data schema for the Hudi source.
", + "ConnectorDataSource$OutputSchemas": "Specifies the data schema for this source.
", "CustomCode$OutputSchemas": "Specifies the data schema for the custom code transform.
", "DynamicTransform$OutputSchemas": "Specifies the data schema for the dynamic transform.
", "JDBCConnectorSource$OutputSchemas": "Specifies the data schema for the custom JDBC source.
", @@ -5718,6 +5742,8 @@ "CatalogKafkaSource$Name": "The name of the data store.
", "CatalogKinesisSource$Name": "The name of the data source.
", "CatalogSource$Name": "The name of the data store.
", + "ConnectorDataSource$Name": "The name of this source node.
", + "ConnectorDataTarget$Name": "The name of this target node.
", "CustomCode$Name": "The name of the transform node.
", "DQDLAliases$key": null, "DirectJDBCSource$Name": "The name of the JDBC source connection.
", @@ -5964,6 +5990,7 @@ "AmazonRedshiftTarget$Inputs": "The nodes that are inputs to the data target.
", "ApplyMapping$Inputs": "The data inputs identified by their node names.
", "BasicCatalogTarget$Inputs": "The nodes that are inputs to the data target.
", + "ConnectorDataTarget$Inputs": "The nodes that are inputs to the data target.
", "DropDuplicates$Inputs": "The data inputs identified by their node names.
", "DropFields$Inputs": "The data inputs identified by their node names.
", "DropNullFields$Inputs": "The data inputs identified by their node names.
", diff --git a/models/apis/glue/2017-03-31/endpoint-rule-set-1.json b/models/apis/glue/2017-03-31/endpoint-rule-set-1.json index d1bd27f670a..c84cb14f3c0 100644 --- a/models/apis/glue/2017-03-31/endpoint-rule-set-1.json +++ b/models/apis/glue/2017-03-31/endpoint-rule-set-1.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,11 +212,11 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -231,14 +227,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -252,7 +250,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -272,7 +269,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -283,14 +279,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -301,9 +299,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [], diff --git a/models/apis/glue/2017-03-31/endpoint-tests-1.json b/models/apis/glue/2017-03-31/endpoint-tests-1.json index 4589c59b3f0..731b4b70ad1 100644 --- a/models/apis/glue/2017-03-31/endpoint-tests-1.json +++ b/models/apis/glue/2017-03-31/endpoint-tests-1.json @@ -646,6 +646,17 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" diff --git a/models/apis/network-firewall/2020-11-12/api-2.json b/models/apis/network-firewall/2020-11-12/api-2.json index e881d09b40d..5f61b3c4f57 100644 --- a/models/apis/network-firewall/2020-11-12/api-2.json +++ b/models/apis/network-firewall/2020-11-12/api-2.json @@ -616,6 +616,18 @@ "type":"list", "member":{"shape":"Address"} }, + "AnalysisResult":{ + "type":"structure", + "members":{ + "IdentifiedRuleIds":{"shape":"RuleIdList"}, + "IdentifiedType":{"shape":"IdentifiedType"}, + "AnalysisDetail":{"shape":"CollectionMember_String"} + } + }, + "AnalysisResultList":{ + "type":"list", + "member":{"shape":"AnalysisResult"} + }, "AssociateFirewallPolicyRequest":{ "type":"structure", "required":["FirewallPolicyArn"], @@ -796,7 +808,8 @@ "Tags":{"shape":"TagList"}, "DryRun":{"shape":"Boolean"}, "EncryptionConfiguration":{"shape":"EncryptionConfiguration"}, - "SourceMetadata":{"shape":"SourceMetadata"} + "SourceMetadata":{"shape":"SourceMetadata"}, + "AnalyzeRuleGroup":{"shape":"Boolean"} } }, "CreateRuleGroupResponse":{ @@ -1009,7 +1022,8 @@ "members":{ "RuleGroupName":{"shape":"ResourceName"}, "RuleGroupArn":{"shape":"ResourceArn"}, - "Type":{"shape":"RuleGroupType"} + "Type":{"shape":"RuleGroupType"}, + "AnalyzeRuleGroup":{"shape":"Boolean"} } }, "DescribeRuleGroupResponse":{ @@ -1305,6 +1319,13 @@ "key":{"shape":"RuleVariableName"}, "value":{"shape":"IPSet"} }, + "IdentifiedType":{ + "type":"string", + "enum":[ + "STATELESS_RULE_FORWARDING_ASYMMETRICALLY", + "STATELESS_RULE_CONTAINS_TCP_FLAGS" + ] + }, "InsufficientCapacityException":{ "type":"structure", "members":{ @@ -1745,7 +1766,8 @@ "EncryptionConfiguration":{"shape":"EncryptionConfiguration"}, "SourceMetadata":{"shape":"SourceMetadata"}, "SnsTopic":{"shape":"ResourceArn"}, - "LastModifiedTime":{"shape":"LastUpdateTime"} + "LastModifiedTime":{"shape":"LastUpdateTime"}, + "AnalysisResults":{"shape":"AnalysisResultList"} } }, "RuleGroupType":{ @@ -1759,6 +1781,10 @@ "type":"list", "member":{"shape":"RuleGroupMetadata"} }, + "RuleIdList":{ + "type":"list", + "member":{"shape":"CollectionMember_String"} + }, "RuleOption":{ "type":"structure", "required":["Keyword"], @@ -2363,7 +2389,8 @@ "Description":{"shape":"Description"}, "DryRun":{"shape":"Boolean"}, "EncryptionConfiguration":{"shape":"EncryptionConfiguration"}, - "SourceMetadata":{"shape":"SourceMetadata"} + "SourceMetadata":{"shape":"SourceMetadata"}, + "AnalyzeRuleGroup":{"shape":"Boolean"} } }, "UpdateRuleGroupResponse":{ diff --git a/models/apis/network-firewall/2020-11-12/docs-2.json b/models/apis/network-firewall/2020-11-12/docs-2.json index 87146ce552d..7d325639a9b 100644 --- a/models/apis/network-firewall/2020-11-12/docs-2.json +++ b/models/apis/network-firewall/2020-11-12/docs-2.json @@ -7,7 +7,7 @@ "CreateFirewall": "Creates an Network Firewall Firewall and accompanying FirewallStatus for a VPC.
The firewall defines the configuration settings for an Network Firewall firewall. The settings that you can define at creation include the firewall policy, the subnets in your VPC to use for the firewall endpoints, and any tags that are attached to the firewall Amazon Web Services resource.
After you create a firewall, you can provide additional settings, like the logging configuration.
To update the settings for a firewall, you use the operations that apply to the settings themselves, for example UpdateLoggingConfiguration, AssociateSubnets, and UpdateFirewallDeleteProtection.
To manage a firewall's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about firewalls, use ListFirewalls and DescribeFirewall.
", "CreateFirewallPolicy": "Creates the firewall policy for the firewall according to the specifications.
An Network Firewall firewall policy defines the behavior of a firewall, in a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.
", "CreateRuleGroup": "Creates the specified stateless or stateful rule group, which includes the rules for network traffic inspection, a capacity setting, and tags.
You provide your rule group specification in your request using either RuleGroup or Rules.
Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains the Certificate Manager certificate associations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall.
After you create a TLS inspection configuration, you can associate it with a new firewall policy.
To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.
For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
", + "CreateTLSInspectionConfiguration": "Creates an Network Firewall TLS inspection configuration. A TLS inspection configuration contains Certificate Manager certificate associations between and the scope configurations that Network Firewall uses to decrypt and re-encrypt traffic traveling through your firewall.
After you create a TLS inspection configuration, you can associate it with a new firewall policy.
To update the settings for a TLS inspection configuration, use UpdateTLSInspectionConfiguration.
To manage a TLS inspection configuration's tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about TLS inspection configurations, use ListTLSInspectionConfigurations and DescribeTLSInspectionConfiguration.
For more information about TLS inspection configurations, see Inspecting SSL/TLS traffic with TLS inspection configurations in the Network Firewall Developer Guide.
", "DeleteFirewall": "Deletes the specified Firewall and its FirewallStatus. This operation requires the firewall's DeleteProtection flag to be FALSE. You can't revert this operation.
You can check whether a firewall is in use by reviewing the route tables for the Availability Zones where you have firewall subnet mappings. Retrieve the subnet mappings by calling DescribeFirewall. You define and update the route tables through Amazon VPC. As needed, update the route tables for the zones to remove the firewall endpoints. When the route tables no longer use the firewall endpoints, you can remove the firewall safely.
To delete a firewall, remove the delete protection if you need to using UpdateFirewallDeleteProtection, then delete the firewall by calling DeleteFirewall.
", "DeleteFirewallPolicy": "Deletes the specified FirewallPolicy.
", "DeleteResourcePolicy": "Deletes a resource policy that you created in a PutResourcePolicy request.
", @@ -73,6 +73,18 @@ "ServerCertificateScope$Destinations": "The destination IP addresses and address ranges to decrypt for inspection, in CIDR notation. If not specified, this matches with any destination address.
" } }, + "AnalysisResult": { + "base": "The analysis result for Network Firewall's stateless rule group analyzer. Every time you call CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup on a stateless rule group, Network Firewall analyzes the stateless rule groups in your account and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in a list of analysis results.
", + "refs": { + "AnalysisResultList$member": null + } + }, + "AnalysisResultList": { + "base": null, + "refs": { + "RuleGroupResponse$AnalysisResults": "The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network Firewall analyzes the rule group and identifies the rules that might adversely effect your firewall's functionality. For example, if Network Firewall detects a rule that's routing traffic asymmetrically, which impacts the service's ability to properly process traffic, the service includes the rule in the list of analysis results.
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.
If set to FALSE, Network Firewall makes the requested changes to your resources.
Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then creates the rule group for you. To run the stateless rule group analyzer without creating the rule group, set DryRun to TRUE.
Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis.
A flag indicating whether it is possible to delete the firewall. A setting of TRUE indicates that the firewall is protected against deletion. Use this setting to protect against accidentally deleting a firewall that is in use. When you create a firewall, the operation initializes this flag to TRUE.
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
A setting indicating whether the firewall is protected against a change to the firewall policy association. Use this setting to protect against accidentally modifying the firewall policy for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.
If set to FALSE, Network Firewall makes the requested changes to your resources.
Indicates whether you want Network Firewall to just check the validity of the request, rather than run the request.
If set to TRUE, Network Firewall checks whether the request can run successfully, but doesn't actually make the requested changes. The call returns the value that the request would return if you ran it with dry run set to FALSE, but doesn't make additions or changes to your resources. This option allows you to make sure that you have the required permissions to run the request and that your request parameters are valid.
If set to FALSE, Network Firewall makes the requested changes to your resources.
Indicates whether you want Network Firewall to analyze the stateless rules in the rule group for rule behavior such as asymmetric routing. If set to TRUE, Network Firewall runs the analysis and then updates the rule group for you. To run the stateless rule group analyzer without updating the rule group, set DryRun to TRUE.
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
A setting indicating whether the firewall is protected against changes to the subnet associations. Use this setting to protect against accidentally modifying the subnet associations for a firewall that is in use. When you create a firewall, the operation initializes this setting to TRUE.
Defines the actions to take on the SSL/TLS connection if the certificate presented by the server in the connection has a revoked or unknown status.
", "refs": { - "ServerCertificateConfiguration$CheckCertificateRevocationStatus": "When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To use this option, you must specify a CertificateAuthorityArn in ServerCertificateConfiguration.
When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration.
Provides analysis details for the identified rule.
", + "RuleIdList$member": null, "RuleTargets$member": null, "StatefulActions$member": null, "StatelessActions$member": null, @@ -616,6 +633,12 @@ "RuleVariables$IPSets": "A list of IP addresses and address ranges, in CIDR notation.
" } }, + "IdentifiedType": { + "base": null, + "refs": { + "AnalysisResult$IdentifiedType": "The types of rule configurations that Network Firewall analyzes your rule groups for. Network Firewall analyzes stateless rule groups for the following types of rule configurations:
STATELESS_RULE_FORWARDING_ASYMMETRICALLY
Cause: One or more stateless rules with the action pass or forward are forwarding traffic asymmetrically. Specifically, the rule's set of source IP addresses or their associated port numbers, don't match the set of destination IP addresses or their associated port numbers.
To mitigate: Make sure that there's an existing return path. For example, if the rule allows traffic from source 10.1.0.0/24 to destination 20.1.0.0/24, you should allow return traffic from source 20.1.0.0/24 to destination 10.1.0.0/24.
STATELESS_RULE_CONTAINS_TCP_FLAGS
Cause: At least one stateless rule with the action pass orforward contains TCP flags that are inconsistent in the forward and return directions.
To mitigate: Prevent asymmetric routing issues caused by TCP flags by following these actions:
Remove unnecessary TCP flag inspections from the rules.
If you need to inspect TCP flags, check that the rules correctly account for changes in TCP flags throughout the TCP connection cycle, for example SYN and ACK flags used in a 3-way TCP handshake.
Amazon Web Services doesn't currently have enough available capacity to fulfill your request. Try your request later.
", "refs": { @@ -957,7 +980,7 @@ "RuleGroupResponse$RuleGroupArn": "The Amazon Resource Name (ARN) of the rule group.
If this response is for a create request that had DryRun set to TRUE, then this ARN is a placeholder that isn't attached to a valid resource.
The Amazon resource name (ARN) of the Amazon Simple Notification Service SNS topic that's used to record changes to the managed rule group. You can subscribe to the SNS topic to receive notifications when the managed rule group is modified, such as for new versions and for version expiration. For more information, see the Amazon Simple Notification Service Developer Guide..
", "ServerCertificate$ResourceArn": "The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.
", - "ServerCertificateConfiguration$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about the certificate requirements for outbound inspection, see Requirements for using SSL/TLS certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
", + "ServerCertificateConfiguration$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.
The following limitations apply:
You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.
You can't use certificates issued by Private Certificate Authority.
For more information about configuring certificates for outbound inspection, see Using SSL/TLS certificates with certificates with TLS inspection configurations in the Network Firewall Developer Guide.
For information about working with certificates in ACM, see Importing certificates in the Certificate Manager User Guide.
", "SourceMetadata$SourceArn": "The Amazon Resource Name (ARN) of the rule group that your own rule group is copied from.
", "StatefulRuleGroupReference$ResourceArn": "The Amazon Resource Name (ARN) of the stateful rule group.
", "StatelessRuleGroupReference$ResourceArn": "The Amazon Resource Name (ARN) of the stateless rule group.
", @@ -1075,8 +1098,8 @@ "RevocationCheckAction": { "base": null, "refs": { - "CheckCertificateRevocationStatusActions$RevokedStatusAction": "Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
DROP - Network Firewall fails closed and drops all subsequent traffic.
REJECT - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. REJECT is available only for TCP traffic.
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
DROP - Network Firewall fails closed and drops all subsequent traffic.
REJECT - Network Firewall sends a TCP reject packet back to your client so that the client can immediately establish a new session. Network Firewall then fails closed and drops all subsequent traffic. REJECT is available only for TCP traffic.
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has a revoked status.
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.
Configures how Network Firewall processes traffic when it determines that the certificate presented by the server in the SSL/TLS connection has an unknown status, or a status that cannot be determined for any other reason, including when the service is unable to connect to the OCSP and CRL endpoints for the certificate.
PASS - Allow the connection to continue, and pass subsequent packets to the stateful engine for inspection.
DROP - Network Firewall closes the connection and drops subsequent packets for that connection.
REJECT - Network Firewall sends a TCP reject packet back to your client. The service closes the connection and drops subsequent packets for that connection. REJECT is available only for TCP traffic.
The rule group metadata objects that you've defined. Depending on your setting for max results and the number of rule groups, this might not be the full list.
" } }, + "RuleIdList": { + "base": null, + "refs": { + "AnalysisResult$IdentifiedRuleIds": "The priority number of the stateless rules identified in the analysis.
" + } + }, "RuleOption": { "base": "Additional settings for a stateful rule. This is part of the StatefulRule configuration.
", "refs": { @@ -1153,7 +1182,7 @@ "RuleOrder": { "base": null, "refs": { - "StatefulEngineOptions$RuleOrder": "Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER is the default and recommended option. With STRICT_ORDER, provide your rules in the order that you want them to be evaluated. You can then choose one or more default actions for packets that don't match any rules. Choose STRICT_ORDER to have the stateful rules engine determine the evaluation order of your rules. The default action for this rule order is PASS, followed by DROP, REJECT, and ALERT actions. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
Indicates how to manage the order of the rule evaluation for the rule group. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
A string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.
You must provide either this rules setting or a populated RuleGroup setting, but not both.
You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.
", - "RulesSource$RulesString": "Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
", + "RulesSource$RulesString": "Stateful inspection criteria, provided in Suricata compatible rules. Suricata is an open-source threat detection framework that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
You can't use the priority keyword if the RuleOrder option in StatefulRuleOptions is set to STRICT_ORDER.
A string containing stateful rule group rules specifications in Suricata flat format, with one rule per line. Use this to import your existing Suricata compatible rule groups.
You must provide either this rules setting or a populated RuleGroup setting, but not both.
You can provide your rule group specification in Suricata flat format through this setting when you create or update your rule group. The call response returns a RuleGroup object that Network Firewall has populated from your string.
" } }, @@ -1203,7 +1232,7 @@ } }, "ServerCertificateConfiguration": { - "base": "Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration. You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Requirements for using SSL/TLS server certficiates with TLS inspection configurations in the Network Firewall Developer Guide.
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
Configures the Certificate Manager certificates and scope that Network Firewall uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration. You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn for outbound SSL/TLS inspection, or both. For information about working with certificates for TLS inspection, see Using SSL/TLS server certficiates with TLS inspection configurations in the Network Firewall Developer Guide.
If a server certificate that's associated with your TLSInspectionConfiguration is revoked, deleted, or expired it can result in client-side TLS errors.
The list of a server certificate configuration's Certificate Manager certificates, used for inbound SSL/TLS inspection.
" + "ServerCertificateConfiguration$ServerCertificates": "The list of server certificates to use for inbound SSL/TLS inspection.
" } }, "Setting": { @@ -1261,7 +1290,7 @@ "StatefulAction": { "base": null, "refs": { - "StatefulRule$Action": "Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
PASS - Permits the packets to go to the intended destination.
DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP.
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
PASS - Permits the packets to go to the intended destination.
DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP.
Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.
", "refs": { "DescribeRuleGroupMetadataResponse$StatefulRuleOptions": null, - "RuleGroup$StatefulRuleOptions": "Additional options governing how Network Firewall handles stateful rules. The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings.
" + "RuleGroup$StatefulRuleOptions": "Additional options governing how Network Firewall handles stateful rules. The policies where you use your stateful rule group must have stateful rule options settings that are compatible with these settings. Some limitations apply; for more information, see Strict evaluation order in the Network Firewall Developer Guide.
" } }, "StatefulRuleProtocol": { diff --git a/models/apis/quicksight/2018-04-01/api-2.json b/models/apis/quicksight/2018-04-01/api-2.json index 2418eae3d13..10fca33f837 100644 --- a/models/apis/quicksight/2018-04-01/api-2.json +++ b/models/apis/quicksight/2018-04-01/api-2.json @@ -3014,7 +3014,8 @@ "ThemeArn":{"shape":"Arn"}, "CreatedTime":{"shape":"Timestamp"}, "LastUpdatedTime":{"shape":"Timestamp"}, - "Sheets":{"shape":"SheetList"} + "Sheets":{"shape":"SheetList"}, + "Options":{"shape":"AssetOptions"} } }, "AnalysisDefaults":{ @@ -3034,7 +3035,8 @@ "ParameterDeclarations":{"shape":"ParameterDeclarationList"}, "FilterGroups":{"shape":"FilterGroupList"}, "ColumnConfigurations":{"shape":"ColumnConfigurationList"}, - "AnalysisDefaults":{"shape":"AnalysisDefaults"} + "AnalysisDefaults":{"shape":"AnalysisDefaults"}, + "Options":{"shape":"AssetOptions"} } }, "AnalysisError":{ @@ -3708,6 +3710,13 @@ "max":100, "min":1 }, + "AssetOptions":{ + "type":"structure", + "members":{ + "Timezone":{"shape":"String"}, + "WeekStart":{"shape":"DayOfTheWeek"} + } + }, "AssignmentStatus":{ "type":"string", "enum":[ @@ -4268,6 +4277,7 @@ "members":{ "ColumnName":{"shape":"ColumnName"}, "NewColumnType":{"shape":"ColumnDataType"}, + "SubType":{"shape":"ColumnDataSubType"}, "Format":{"shape":"TypeCastFormat"} } }, @@ -4479,6 +4489,13 @@ "MEASURE" ] }, + "ColumnDataSubType":{ + "type":"string", + "enum":[ + "FLOAT", + "FIXED" + ] + }, "ColumnDataType":{ "type":"string", "enum":[ @@ -6090,7 +6107,8 @@ "DataSetArns":{"shape":"DataSetArnsList"}, "Description":{"shape":"VersionDescription"}, "ThemeArn":{"shape":"Arn"}, - "Sheets":{"shape":"SheetList"} + "Sheets":{"shape":"SheetList"}, + "Options":{"shape":"AssetOptions"} } }, "DashboardVersionDefinition":{ @@ -6103,7 +6121,8 @@ "ParameterDeclarations":{"shape":"ParameterDeclarationList"}, "FilterGroups":{"shape":"FilterGroupList"}, "ColumnConfigurations":{"shape":"ColumnConfigurationList"}, - "AnalysisDefaults":{"shape":"AnalysisDefaults"} + "AnalysisDefaults":{"shape":"AnalysisDefaults"}, + "Options":{"shape":"AssetOptions"} } }, "DashboardVersionSummary":{ @@ -6874,6 +6893,18 @@ "min":1, "pattern":"^(?:LAST_DAY_OF_MONTH|1[0-9]|2[0-8]|[12]|[3-9])$" }, + "DayOfTheWeek":{ + "type":"string", + "enum":[ + "SUNDAY", + "MONDAY", + "TUESDAY", + "WEDNESDAY", + "THURSDAY", + "FRIDAY", + "SATURDAY" + ] + }, "DayOfWeek":{ "type":"string", "enum":[ @@ -11307,7 +11338,8 @@ ], "members":{ "Name":{"shape":"ColumnName"}, - "Type":{"shape":"InputColumnDataType"} + "Type":{"shape":"InputColumnDataType"}, + "SubType":{"shape":"ColumnDataSubType"} } }, "InputColumnDataType":{ @@ -13644,7 +13676,8 @@ "members":{ "Name":{"shape":"ColumnName"}, "Description":{"shape":"ColumnDescriptiveText"}, - "Type":{"shape":"ColumnDataType"} + "Type":{"shape":"ColumnDataType"}, + "SubType":{"shape":"ColumnDataSubType"} } }, "OutputColumnList":{ @@ -17228,7 +17261,8 @@ "Description":{"shape":"VersionDescription"}, "SourceEntityArn":{"shape":"Arn"}, "ThemeArn":{"shape":"Arn"}, - "Sheets":{"shape":"SheetList"} + "Sheets":{"shape":"SheetList"}, + "Options":{"shape":"AssetOptions"} } }, "TemplateVersionDefinition":{ @@ -17241,7 +17275,8 @@ "ParameterDeclarations":{"shape":"ParameterDeclarationList"}, "FilterGroups":{"shape":"FilterGroupList"}, "ColumnConfigurations":{"shape":"ColumnConfigurationList"}, - "AnalysisDefaults":{"shape":"AnalysisDefaults"} + "AnalysisDefaults":{"shape":"AnalysisDefaults"}, + "Options":{"shape":"AssetOptions"} } }, "TemplateVersionSummary":{ diff --git a/models/apis/quicksight/2018-04-01/docs-2.json b/models/apis/quicksight/2018-04-01/docs-2.json index 0241f2a6361..a5357b12400 100644 --- a/models/apis/quicksight/2018-04-01/docs-2.json +++ b/models/apis/quicksight/2018-04-01/docs-2.json @@ -1058,6 +1058,17 @@ "StartAssetBundleExportJobRequest$ResourceArns": "An array of resource ARNs to export. The following resources are supported.
Analysis
Dashboard
DataSet
DataSource
RefreshSchedule
Theme
VPCConnection
The API caller must have the necessary permissions in their IAM role to access each resource before the resources can be exported.
" } }, + "AssetOptions": { + "base": "An array of analysis level configurations.
", + "refs": { + "Analysis$Options": null, + "AnalysisDefinition$Options": "An array of option definitions for an analysis.
", + "DashboardVersion$Options": null, + "DashboardVersionDefinition$Options": "An array of option definitions for a dashboard.
", + "TemplateVersion$Options": null, + "TemplateVersionDefinition$Options": "An array of option definitions for a template.
" + } + }, "AssignmentStatus": { "base": null, "refs": { @@ -1910,11 +1921,19 @@ "TopicColumn$ColumnDataRole": "The role of the column in the data. Valid values are DIMENSION and MEASURE.
The sub data type of the new column. Sub types are only available for decimal columns that are part of a SPICE dataset.
", + "InputColumn$SubType": "The sub data type of the column. Sub types are only available for decimal columns that are part of a SPICE dataset.
", + "OutputColumn$SubType": "The sub data type of the column.
" + } + }, "ColumnDataType": { "base": null, "refs": { "CastColumnTypeOperation$NewColumnType": "New column data type.
", - "OutputColumn$Type": "The type.
" + "OutputColumn$Type": "The data type of the column.
" } }, "ColumnDescription": { @@ -2073,7 +2092,7 @@ "ColumnIdentifier$ColumnName": "The name of the column.
", "ColumnList$member": null, "InputColumn$Name": "The name of this column in the underlying data source.
", - "OutputColumn$Name": "A display name for the dataset.
", + "OutputColumn$Name": "The display name of the column..
", "RenameColumnOperation$ColumnName": "The name of the column to be renamed.
", "RenameColumnOperation$NewColumnName": "The new name for the column.
", "TagColumnOperation$ColumnName": "The column that this operation acts on.
", @@ -3414,6 +3433,12 @@ "ScheduleRefreshOnEntity$DayOfMonth": "The day of the month that you want to schedule refresh on.
" } }, + "DayOfTheWeek": { + "base": null, + "refs": { + "AssetOptions$WeekStart": "Determines the week start day for an analysis.
" + } + }, "DayOfWeek": { "base": null, "refs": { @@ -10150,6 +10175,7 @@ "AssetBundleImportJobRefreshScheduleOverrideParameters$ScheduleId": "A partial identifier for the specific RefreshSchedule resource being overridden. This structure is used together with the DataSetId structure.
An option to request a CloudFormation variable for a prefix to be prepended to each resource's ID before import. The prefix is only added to the asset IDs and does not change the name of the asset.
", "AssetBundleImportSourceDescription$Body": "An HTTPS download URL for the provided asset bundle that you optionally provided at the start of the import job. This URL is valid for five minutes after issuance. Call DescribeAssetBundleExportJob again for a fresh URL if needed. The downloaded asset bundle is a .qs zip file.
Determines the timezone for the analysis.
", "AttributeAggregationFunction$ValueForMultipleValues": "Used by the UNIQUE_VALUE aggregation function. If there are multiple values for the field used by the aggregation, the value for this property will be returned instead. Defaults to '*'.
The text for the axis label.
", "CancelIngestionRequest$DataSetId": "The ID of the dataset used in the ingestion.
", diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json index 55e2779e94a..cb4c46a010a 100644 --- a/models/endpoints/endpoints.json +++ b/models/endpoints/endpoints.json @@ -17451,6 +17451,7 @@ "ap-northeast-1" : { }, "ap-northeast-2" : { }, "ap-southeast-1" : { }, + "ap-southeast-2" : { }, "ca-central-1" : { "variants" : [ { "hostname" : "voice-chime-fips.ca-central-1.amazonaws.com", diff --git a/service/apprunner/api.go b/service/apprunner/api.go index c5cc4731457..1c0d800f891 100644 --- a/service/apprunner/api.go +++ b/service/apprunner/api.go @@ -9008,6 +9008,18 @@ type NetworkConfiguration struct { // Network configuration settings for inbound message traffic. IngressConfiguration *IngressConfiguration `type:"structure"` + + // App Runner provides you with the option to choose between Internet Protocol + // version 4 (IPv4) and dual-stack (IPv4 and IPv6) for your incoming public + // network configuration. This is an optional parameter. If you do not specify + // an IpAddressType, it defaults to select IPv4. + // + // Currently, App Runner supports dual-stack for only Public endpoint. Only + // IPv4 is supported for Private endpoint. If you update a service that's using + // dual-stack Public endpoint to a Private endpoint, your App Runner service + // will default to support only IPv4 for Private endpoint and fail to receive + // traffic originating from IPv6 endpoint. + IpAddressType *string `type:"string" enum:"IpAddressType"` } // String returns the string representation. @@ -9055,6 +9067,12 @@ func (s *NetworkConfiguration) SetIngressConfiguration(v *IngressConfiguration) return s } +// SetIpAddressType sets the IpAddressType field's value. +func (s *NetworkConfiguration) SetIpAddressType(v string) *NetworkConfiguration { + s.IpAddressType = &v + return s +} + // Describes an App Runner observability configuration resource. Multiple revisions // of a configuration have the same ObservabilityConfigurationName and different // ObservabilityConfigurationRevision values. @@ -11430,6 +11448,22 @@ func ImageRepositoryType_Values() []string { } } +const ( + // IpAddressTypeIpv4 is a IpAddressType enum value + IpAddressTypeIpv4 = "IPV4" + + // IpAddressTypeDualStack is a IpAddressType enum value + IpAddressTypeDualStack = "DUAL_STACK" +) + +// IpAddressType_Values returns all elements of the IpAddressType enum +func IpAddressType_Values() []string { + return []string{ + IpAddressTypeIpv4, + IpAddressTypeDualStack, + } +} + const ( // ObservabilityConfigurationStatusActive is a ObservabilityConfigurationStatus enum value ObservabilityConfigurationStatusActive = "ACTIVE" diff --git a/service/connect/api.go b/service/connect/api.go index f904571b845..d663ebe7315 100644 --- a/service/connect/api.go +++ b/service/connect/api.go @@ -40325,6 +40325,46 @@ type GetMetricDataV2Input struct { // Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent // Hierarchy // + // PERCENT_NON_TALK_TIME + // + // This metric is available only for contacts analyzed by Contact Lens conversational + // analytics. + // + // Unit: Percentage + // + // Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent + // Hierarchy + // + // PERCENT_TALK_TIME + // + // This metric is available only for contacts analyzed by Contact Lens conversational + // analytics. + // + // Unit: Percentage + // + // Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent + // Hierarchy + // + // PERCENT_TALK_TIME_AGENT + // + // This metric is available only for contacts analyzed by Contact Lens conversational + // analytics. + // + // Unit: Percentage + // + // Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent + // Hierarchy + // + // PERCENT_TALK_TIME_CUSTOMER + // + // This metric is available only for contacts analyzed by Contact Lens conversational + // analytics. + // + // Unit: Percentage + // + // Valid groupings and filters: Queue, Channel, Routing Profile, Agent, Agent + // Hierarchy + // // SERVICE_LEVEL // // You can include up to 20 SERVICE_LEVEL metrics in a request. diff --git a/service/gamelift/api.go b/service/gamelift/api.go index 778b3218f15..67d2770576e 100644 --- a/service/gamelift/api.go +++ b/service/gamelift/api.go @@ -605,6 +605,14 @@ func (c *GameLift) CreateFleetRequest(input *CreateFleetInput) (req *request.Req // If successful, this operation creates a new Fleet resource and places it // in NEW status, which prompts Amazon GameLift to initiate the fleet creation // workflow (https://docs.aws.amazon.com/gamelift/latest/developerguide/fleets-creating-all.html#fleets-creation-workflow). +// You can track fleet creation by checking fleet status using DescribeFleetAttributes +// and DescribeFleetLocationAttributes/, or by monitoring fleet creation events +// using DescribeFleetEvents. +// +// When the fleet status changes to ACTIVE, you can enable automatic scaling +// with PutScalingPolicy and set capacity for the home Region with UpdateFleetCapacity. +// When the status of each remote location reaches ACTIVE, you can set capacity +// by location using UpdateFleetCapacity. // // # Learn more // @@ -2935,8 +2943,8 @@ func (c *GameLift) DeleteLocationRequest(input *DeleteLocationInput) (req *reque // Deletes a custom location. // // Before deleting a custom location, review any fleets currently using the -// custom location and deregister the location if it is in use. For more information -// see, DeregisterCompute (https://docs.aws.amazon.com/gamelift/latest/apireference/API_DeregisterCompute.html). +// custom location and deregister the location if it is in use. For more information, +// see DeregisterCompute (https://docs.aws.amazon.com/gamelift/latest/apireference/API_DeregisterCompute.html). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about @@ -9858,6 +9866,10 @@ func (c *GameLift) RegisterComputeRequest(input *RegisterComputeInput) (req *req // the request. Clients can retry such requests immediately or after a waiting // period. // +// - LimitExceededException +// The requested operation would cause the resource to exceed the allowed service +// limit. Resolve the issue before retrying. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/gamelift-2015-10-01/RegisterCompute func (c *GameLift) RegisterCompute(input *RegisterComputeInput) (*RegisterComputeOutput, error) { req, out := c.RegisterComputeRequest(input) @@ -13150,8 +13162,12 @@ type AcceptMatchInput struct { // A unique identifier for a player delivering the response. This parameter // can include one or multiple player IDs. // + // PlayerIds is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by AcceptMatchInput's + // String and GoString methods. + // // PlayerIds is a required field - PlayerIds []*string `type:"list" required:"true"` + PlayerIds []*string `type:"list" required:"true" sensitive:"true"` // A unique identifier for a matchmaking ticket. The ticket must be in status // REQUIRES_ACCEPTANCE; otherwise this request will fail. @@ -13911,7 +13927,11 @@ type Compute struct { // The IP address of a compute resource. Amazon GameLift requires a DNS name // or IP address for a compute. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Compute's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // The name of the custom location you added to the fleet that this compute // resource resides in. @@ -14415,8 +14435,8 @@ type CreateFleetInput struct { // The unique identifier for a custom game server build to be deployed on fleet // instances. You can use either the build ID or ARN. The build must be uploaded - // to Amazon GameLift and in READY status. This fleet property cannot be changed - // later. + // to Amazon GameLift and in READY status. This fleet property can't be changed + // after the fleet is created. BuildId *string `type:"string"` // Prompts Amazon GameLift to generate a TLS/SSL certificate for the fleet. @@ -14462,20 +14482,28 @@ type CreateFleetInput struct { // Indicates whether to use On-Demand or Spot instances for this fleet. By default, // this property is set to ON_DEMAND. Learn more about when to use On-Demand // versus Spot Instances (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-ec2-instances.html#gamelift-ec2-instances-spot). - // This property cannot be changed after the fleet is created. + // This fleet property can't be changed after the fleet is created. FleetType *string `type:"string" enum:"FleetType"` - // A unique identifier for an IAM role that manages access to your Amazon Web - // Services services. With an instance role ARN set, any application that runs - // on an instance in this fleet can assume the role, including install scripts, - // server processes, and daemons (background processes). Create a role or look - // up a role's ARN by using the IAM dashboard (https://console.aws.amazon.com/iam/) - // in the Amazon Web Services Management Console. Learn more about using on-box - // credentials for your game servers at Access external resources from a game - // server (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). - // This property cannot be changed after the fleet is created. + // A unique identifier for an IAM role with access permissions to other Amazon + // Web Services services. Any application that runs on an instance in the fleet--including + // install scripts, server processes, and other processes--can use these permissions + // to interact with Amazon Web Services resources that you own or have access + // to. For more information about using the role with your game server builds, + // see Communicate with other Amazon Web Services resources from your fleets + // (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). + // This fleet property can't be changed after the fleet is created. InstanceRoleArn *string `min:"1" type:"string"` + // Prompts Amazon GameLift to generate a shared credentials file for the IAM + // role defined in InstanceRoleArn. The shared credentials file is stored on + // each fleet instance and refreshed as needed. Use shared credentials for applications + // that are deployed along with the game server executable, if the game server + // is integrated with server SDK version 5.x. For more information about using + // shared credentials, see Communicate with other Amazon Web Services resources + // from your fleets (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). + InstanceRoleCredentialsProvider *string `type:"string" enum:"InstanceRoleCredentialsProvider"` + // A set of remote locations to deploy additional instances to and manage as // part of the fleet. This parameter can only be used when creating fleets in // Amazon Web Services Regions that support multiple locations. You can add @@ -14547,7 +14575,7 @@ type CreateFleetInput struct { // The unique identifier for a Realtime configuration script to be deployed // on fleet instances. You can use either the script ID or ARN. Scripts must // be uploaded to Amazon GameLift prior to creating the fleet. This fleet property - // cannot be changed later. + // can't be changed after the fleet is created. ScriptId *string `type:"string"` // This parameter is no longer used. Specify server launch parameters using @@ -14722,6 +14750,12 @@ func (s *CreateFleetInput) SetInstanceRoleArn(v string) *CreateFleetInput { return s } +// SetInstanceRoleCredentialsProvider sets the InstanceRoleCredentialsProvider field's value. +func (s *CreateFleetInput) SetInstanceRoleCredentialsProvider(v string) *CreateFleetInput { + s.InstanceRoleCredentialsProvider = &v + return s +} + // SetLocations sets the Locations field's value. func (s *CreateFleetInput) SetLocations(v []*LocationConfiguration) *CreateFleetInput { s.Locations = v @@ -16264,8 +16298,12 @@ type CreatePlayerSessionInput struct { // A unique identifier for a player. Player IDs are developer-defined. // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreatePlayerSessionInput's + // String and GoString methods. + // // PlayerId is a required field - PlayerId *string `min:"1" type:"string" required:"true"` + PlayerId *string `min:"1" type:"string" required:"true" sensitive:"true"` } // String returns the string representation. @@ -16376,8 +16414,12 @@ type CreatePlayerSessionsInput struct { // List of unique identifiers for the players to be added. // + // PlayerIds is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by CreatePlayerSessionsInput's + // String and GoString methods. + // // PlayerIds is a required field - PlayerIds []*string `min:"1" type:"list" required:"true"` + PlayerIds []*string `min:"1" type:"list" required:"true" sensitive:"true"` } // String returns the string representation. @@ -20686,7 +20728,11 @@ type DescribePlayerSessionsInput struct { NextToken *string `min:"1" type:"string"` // A unique identifier for a player to retrieve player sessions for. - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DescribePlayerSessionsInput's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // A unique identifier for a player session to retrieve. PlayerSessionId *string `type:"string"` @@ -21270,7 +21316,11 @@ type DesiredPlayerSession struct { PlayerData *string `min:"1" type:"string"` // A unique identifier for a player to associate with the player session. - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by DesiredPlayerSession's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` } // String returns the string representation. @@ -21814,19 +21864,27 @@ type FleetAttributes struct { // Indicates whether to use On-Demand or Spot instances for this fleet. By default, // this property is set to ON_DEMAND. Learn more about when to use On-Demand // versus Spot Instances (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-ec2-instances.html#gamelift-ec2-instances-spot). - // This property cannot be changed after the fleet is created. + // This fleet property can't be changed after the fleet is created. FleetType *string `type:"string" enum:"FleetType"` - // A unique identifier for an IAM role that manages access to your Amazon Web - // Services services. With an instance role ARN set, any application that runs - // on an instance in this fleet can assume the role, including install scripts, - // server processes, and daemons (background processes). Create a role or look - // up a role's ARN by using the IAM dashboard (https://console.aws.amazon.com/iam/) - // in the Amazon Web Services Management Console. Learn more about using on-box - // credentials for your game servers at Access external resources from a game - // server (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). + // A unique identifier for an IAM role with access permissions to other Amazon + // Web Services services. Any application that runs on an instance in the fleet--including + // install scripts, server processes, and other processes--can use these permissions + // to interact with Amazon Web Services resources that you own or have access + // to. For more information about using the role with your game server builds, + // see Communicate with other Amazon Web Services resources from your fleets + // (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). InstanceRoleArn *string `min:"1" type:"string"` + // Indicates that fleet instances maintain a shared credentials file for the + // IAM role defined in InstanceRoleArn. Shared credentials allow applications + // that are deployed with the game server executable to communicate with other + // Amazon Web Services resources. This property is used only when the game server + // is integrated with the server SDK version 5.x. For more information about + // using shared credentials, see Communicate with other Amazon Web Services + // resources from your fleets (https://docs.aws.amazon.com/gamelift/latest/developerguide/gamelift-sdk-server-resources.html). + InstanceRoleCredentialsProvider *string `type:"string" enum:"InstanceRoleCredentialsProvider"` + // The Amazon EC2 instance type that determines the computing resources of each // instance in the fleet. Instance type defines the CPU, memory, storage, and // networking capacity. See Amazon Elastic Compute Cloud Instance Types (http://aws.amazon.com/ec2/instance-types/) @@ -22004,6 +22062,12 @@ func (s *FleetAttributes) SetInstanceRoleArn(v string) *FleetAttributes { return s } +// SetInstanceRoleCredentialsProvider sets the InstanceRoleCredentialsProvider field's value. +func (s *FleetAttributes) SetInstanceRoleCredentialsProvider(v string) *FleetAttributes { + s.InstanceRoleCredentialsProvider = &v + return s +} + // SetInstanceType sets the InstanceType field's value. func (s *FleetAttributes) SetInstanceType(v string) *FleetAttributes { s.InstanceType = &v @@ -22959,7 +23023,11 @@ type GameSession struct { // The IP address of the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GameSession's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // The fleet location where the game session is running. This value might specify // the fleet's home Region or a remote location. Location is expressed as an @@ -22987,7 +23055,11 @@ type GameSession struct { // The port number for the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. - Port *int64 `min:"1" type:"integer"` + // + // Port is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GameSession's + // String and GoString methods. + Port *int64 `min:"1" type:"integer" sensitive:"true"` // Current status of the game session. A game session must have an ACTIVE status // to have player sessions. @@ -23160,7 +23232,11 @@ type GameSessionConnectionInfo struct { // The IP address of the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GameSessionConnectionInfo's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // A collection of player session IDs, one for each player ID that was included // in the original matchmaking request. @@ -23394,7 +23470,11 @@ type GameSessionPlacement struct { // The IP address of the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. This value isn't // final until placement status is FULFILLED. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GameSessionPlacement's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // Information on the matchmaking process for this game. Data is in JSON syntax, // formatted as a string. It identifies the matchmaking configuration used to @@ -23424,7 +23504,11 @@ type GameSessionPlacement struct { // The port number for the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. This value isn't // final until placement status is FULFILLED. - Port *int64 `min:"1" type:"integer"` + // + // Port is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by GameSessionPlacement's + // String and GoString methods. + Port *int64 `min:"1" type:"integer" sensitive:"true"` // Time stamp indicating when this request was placed in the queue. Format is // a number expressed in Unix time as milliseconds (for example "1469498468.057"). @@ -24313,7 +24397,11 @@ type Instance struct { InstanceId *string `type:"string"` // IP address that is assigned to the instance. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Instance's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // The fleet location of the instance, expressed as an Amazon Web Services Region // code, such as us-west-2. @@ -24439,7 +24527,11 @@ type InstanceAccess struct { InstanceId *string `type:"string"` // IP address assigned to the instance. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by InstanceAccess's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // Operating system that is running on the instance. OperatingSystem *string `type:"string" enum:"OperatingSystem"` @@ -24887,15 +24979,23 @@ type IpPermission struct { // // For fleets using Windows builds, only ports 1026-60000 are valid. // + // FromPort is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpPermission's + // String and GoString methods. + // // FromPort is a required field - FromPort *int64 `min:"1" type:"integer" required:"true"` + FromPort *int64 `min:"1" type:"integer" required:"true" sensitive:"true"` // A range of allowed IP addresses. This value must be expressed in CIDR notation. // Example: "000.000.000.000/[subnet mask]" or optionally the shortened version // "0.0.0.0/[subnet mask]". // + // IpRange is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpPermission's + // String and GoString methods. + // // IpRange is a required field - IpRange *string `type:"string" required:"true"` + IpRange *string `type:"string" required:"true" sensitive:"true"` // The network communication protocol used by the fleet. // @@ -24909,8 +25009,12 @@ type IpPermission struct { // // For fleets using Windows builds, only ports 1026-60000 are valid. // + // ToPort is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by IpPermission's + // String and GoString methods. + // // ToPort is a required field - ToPort *int64 `min:"1" type:"integer" required:"true"` + ToPort *int64 `min:"1" type:"integer" required:"true" sensitive:"true"` } // String returns the string representation. @@ -26381,7 +26485,11 @@ type MatchedPlayerSession struct { _ struct{} `type:"structure"` // A unique identifier for a player - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by MatchedPlayerSession's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // A unique identifier for a player session PlayerSessionId *string `type:"string"` @@ -27052,7 +27160,11 @@ type PlacedPlayerSession struct { _ struct{} `type:"structure"` // A unique identifier for a player that is associated with this player session. - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PlacedPlayerSession's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // A unique identifier for a player session. PlayerSessionId *string `type:"string"` @@ -27114,7 +27226,11 @@ type Player struct { PlayerAttributes map[string]*AttributeValue `type:"map"` // A unique identifier for a player - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by Player's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // Name of the team that the player is assigned to in a match. Team names are // defined in a matchmaking rule set. @@ -27202,7 +27318,11 @@ type PlayerLatency struct { LatencyInMilliseconds *float64 `type:"float"` // A unique identifier for a player associated with the latency data. - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PlayerLatency's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // Name of the Region that is associated with the latency value. RegionIdentifier *string `min:"1" type:"string"` @@ -27355,21 +27475,33 @@ type PlayerSession struct { // The IP address of the game session. To connect to a Amazon GameLift game // server, an app needs both the IP address and port number. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PlayerSession's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // Developer-defined information related to a player. Amazon GameLift does not // use this data, so it can be formatted as needed for use in the game. PlayerData *string `min:"1" type:"string"` // A unique identifier for a player that is associated with this player session. - PlayerId *string `min:"1" type:"string"` + // + // PlayerId is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PlayerSession's + // String and GoString methods. + PlayerId *string `min:"1" type:"string" sensitive:"true"` // A unique identifier for a player session. PlayerSessionId *string `type:"string"` // Port number for the game session. To connect to a Amazon GameLift server // process, an app needs both the IP address and port number. - Port *int64 `min:"1" type:"integer"` + // + // Port is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by PlayerSession's + // String and GoString methods. + Port *int64 `min:"1" type:"integer" sensitive:"true"` // Current status of the player session. // @@ -27833,7 +27965,11 @@ type RegisterComputeInput struct { // The IP address of the compute resource. Amazon GameLift requires either a // DNS name or IP address. - IpAddress *string `min:"1" type:"string"` + // + // IpAddress is a sensitive parameter and its value will be + // replaced with "sensitive" in string returned by RegisterComputeInput's + // String and GoString methods. + IpAddress *string `min:"1" type:"string" sensitive:"true"` // The name of a custom location to associate with the compute resource being // registered. @@ -34700,6 +34836,18 @@ func GameSessionStatusReason_Values() []string { } } +const ( + // InstanceRoleCredentialsProviderSharedCredentialFile is a InstanceRoleCredentialsProvider enum value + InstanceRoleCredentialsProviderSharedCredentialFile = "SHARED_CREDENTIAL_FILE" +) + +// InstanceRoleCredentialsProvider_Values returns all elements of the InstanceRoleCredentialsProvider enum +func InstanceRoleCredentialsProvider_Values() []string { + return []string{ + InstanceRoleCredentialsProviderSharedCredentialFile, + } +} + const ( // InstanceStatusPending is a InstanceStatus enum value InstanceStatusPending = "PENDING" diff --git a/service/glue/api.go b/service/glue/api.go index 718e24f2626..31095548ccf 100644 --- a/service/glue/api.go +++ b/service/glue/api.go @@ -25750,6 +25750,12 @@ type CodeGenConfigurationNode struct { // Specifies a target that uses a Glue Data Catalog table. CatalogTarget *BasicCatalogTarget `type:"structure"` + // Specifies a source generated with standard connection options. + ConnectorDataSource *ConnectorDataSource `type:"structure"` + + // Specifies a target generated with standard connection options. + ConnectorDataTarget *ConnectorDataTarget `type:"structure"` + // Specifies a transform that uses custom code you provide to perform the data // transformation. The output is a collection of DynamicFrames. CustomCode *CustomCode `type:"structure"` @@ -26021,6 +26027,16 @@ func (s *CodeGenConfigurationNode) Validate() error { invalidParams.AddNested("CatalogTarget", err.(request.ErrInvalidParams)) } } + if s.ConnectorDataSource != nil { + if err := s.ConnectorDataSource.Validate(); err != nil { + invalidParams.AddNested("ConnectorDataSource", err.(request.ErrInvalidParams)) + } + } + if s.ConnectorDataTarget != nil { + if err := s.ConnectorDataTarget.Validate(); err != nil { + invalidParams.AddNested("ConnectorDataTarget", err.(request.ErrInvalidParams)) + } + } if s.CustomCode != nil { if err := s.CustomCode.Validate(); err != nil { invalidParams.AddNested("CustomCode", err.(request.ErrInvalidParams)) @@ -26384,6 +26400,18 @@ func (s *CodeGenConfigurationNode) SetCatalogTarget(v *BasicCatalogTarget) *Code return s } +// SetConnectorDataSource sets the ConnectorDataSource field's value. +func (s *CodeGenConfigurationNode) SetConnectorDataSource(v *ConnectorDataSource) *CodeGenConfigurationNode { + s.ConnectorDataSource = v + return s +} + +// SetConnectorDataTarget sets the ConnectorDataTarget field's value. +func (s *CodeGenConfigurationNode) SetConnectorDataTarget(v *ConnectorDataTarget) *CodeGenConfigurationNode { + s.ConnectorDataTarget = v + return s +} + // SetCustomCode sets the CustomCode field's value. func (s *CodeGenConfigurationNode) SetCustomCode(v *CustomCode) *CodeGenConfigurationNode { s.CustomCode = v @@ -28385,6 +28413,199 @@ func (s *ConnectionsList) SetConnections(v []*string) *ConnectionsList { return s } +// Specifies a source generated with standard connection options. +type ConnectorDataSource struct { + _ struct{} `type:"structure"` + + // The connectionType, as provided to the underlying Glue library. This node + // type supports the following connection types: + // + // * bigquery + // + // ConnectionType is a required field + ConnectionType *string `type:"string" required:"true"` + + // A map specifying connection options for the node. You can find standard connection + // options for the corresponding connection type in the Connection parameters + // (https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-connect.html) + // section of the Glue documentation. + // + // Data is a required field + Data map[string]*string `type:"map" required:"true"` + + // The name of this source node. + // + // Name is a required field + Name *string `type:"string" required:"true"` + + // Specifies the data schema for this source. + OutputSchemas []*GlueSchema `type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectorDataSource) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectorDataSource) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ConnectorDataSource) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ConnectorDataSource"} + if s.ConnectionType == nil { + invalidParams.Add(request.NewErrParamRequired("ConnectionType")) + } + if s.Data == nil { + invalidParams.Add(request.NewErrParamRequired("Data")) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + if s.OutputSchemas != nil { + for i, v := range s.OutputSchemas { + if v == nil { + continue + } + if err := v.Validate(); err != nil { + invalidParams.AddNested(fmt.Sprintf("%s[%v]", "OutputSchemas", i), err.(request.ErrInvalidParams)) + } + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConnectionType sets the ConnectionType field's value. +func (s *ConnectorDataSource) SetConnectionType(v string) *ConnectorDataSource { + s.ConnectionType = &v + return s +} + +// SetData sets the Data field's value. +func (s *ConnectorDataSource) SetData(v map[string]*string) *ConnectorDataSource { + s.Data = v + return s +} + +// SetName sets the Name field's value. +func (s *ConnectorDataSource) SetName(v string) *ConnectorDataSource { + s.Name = &v + return s +} + +// SetOutputSchemas sets the OutputSchemas field's value. +func (s *ConnectorDataSource) SetOutputSchemas(v []*GlueSchema) *ConnectorDataSource { + s.OutputSchemas = v + return s +} + +// Specifies a target generated with standard connection options. +type ConnectorDataTarget struct { + _ struct{} `type:"structure"` + + // The connectionType, as provided to the underlying Glue library. This node + // type supports the following connection types: + // + // * bigquery + // + // ConnectionType is a required field + ConnectionType *string `type:"string" required:"true"` + + // A map specifying connection options for the node. You can find standard connection + // options for the corresponding connection type in the Connection parameters + // (https://docs.aws.amazon.com/glue/latest/dg/aws-glue-programming-etl-connect.html) + // section of the Glue documentation. + // + // Data is a required field + Data map[string]*string `type:"map" required:"true"` + + // The nodes that are inputs to the data target. + Inputs []*string `min:"1" type:"list"` + + // The name of this target node. + // + // Name is a required field + Name *string `type:"string" required:"true"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectorDataTarget) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s ConnectorDataTarget) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *ConnectorDataTarget) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "ConnectorDataTarget"} + if s.ConnectionType == nil { + invalidParams.Add(request.NewErrParamRequired("ConnectionType")) + } + if s.Data == nil { + invalidParams.Add(request.NewErrParamRequired("Data")) + } + if s.Inputs != nil && len(s.Inputs) < 1 { + invalidParams.Add(request.NewErrParamMinLen("Inputs", 1)) + } + if s.Name == nil { + invalidParams.Add(request.NewErrParamRequired("Name")) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetConnectionType sets the ConnectionType field's value. +func (s *ConnectorDataTarget) SetConnectionType(v string) *ConnectorDataTarget { + s.ConnectionType = &v + return s +} + +// SetData sets the Data field's value. +func (s *ConnectorDataTarget) SetData(v map[string]*string) *ConnectorDataTarget { + s.Data = v + return s +} + +// SetInputs sets the Inputs field's value. +func (s *ConnectorDataTarget) SetInputs(v []*string) *ConnectorDataTarget { + s.Inputs = v + return s +} + +// SetName sets the Name field's value. +func (s *ConnectorDataTarget) SetName(v string) *ConnectorDataTarget { + s.Name = &v + return s +} + // The details of a crawl in the workflow. type Crawl struct { _ struct{} `type:"structure"` diff --git a/service/networkfirewall/api.go b/service/networkfirewall/api.go index 1844f6a8569..d63df002a63 100644 --- a/service/networkfirewall/api.go +++ b/service/networkfirewall/api.go @@ -613,9 +613,9 @@ func (c *NetworkFirewall) CreateTLSInspectionConfigurationRequest(input *CreateT // CreateTLSInspectionConfiguration API operation for AWS Network Firewall. // // Creates an Network Firewall TLS inspection configuration. A TLS inspection -// configuration contains the Certificate Manager certificate associations that -// Network Firewall uses to decrypt and re-encrypt traffic traveling through -// your firewall. +// configuration contains Certificate Manager certificate associations between +// and the scope configurations that Network Firewall uses to decrypt and re-encrypt +// traffic traveling through your firewall. // // After you create a TLS inspection configuration, you can associate it with // a new firewall policy. @@ -4192,6 +4192,83 @@ func (s *Address) SetAddressDefinition(v string) *Address { return s } +// The analysis result for Network Firewall's stateless rule group analyzer. +// Every time you call CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup +// on a stateless rule group, Network Firewall analyzes the stateless rule groups +// in your account and identifies the rules that might adversely effect your +// firewall's functionality. For example, if Network Firewall detects a rule +// that's routing traffic asymmetrically, which impacts the service's ability +// to properly process traffic, the service includes the rule in a list of analysis +// results. +type AnalysisResult struct { + _ struct{} `type:"structure"` + + // Provides analysis details for the identified rule. + AnalysisDetail *string `type:"string"` + + // The priority number of the stateless rules identified in the analysis. + IdentifiedRuleIds []*string `type:"list"` + + // The types of rule configurations that Network Firewall analyzes your rule + // groups for. Network Firewall analyzes stateless rule groups for the following + // types of rule configurations: + // + // * STATELESS_RULE_FORWARDING_ASYMMETRICALLY Cause: One or more stateless + // rules with the action pass or forward are forwarding traffic asymmetrically. + // Specifically, the rule's set of source IP addresses or their associated + // port numbers, don't match the set of destination IP addresses or their + // associated port numbers. To mitigate: Make sure that there's an existing + // return path. For example, if the rule allows traffic from source 10.1.0.0/24 + // to destination 20.1.0.0/24, you should allow return traffic from source + // 20.1.0.0/24 to destination 10.1.0.0/24. + // + // * STATELESS_RULE_CONTAINS_TCP_FLAGS Cause: At least one stateless rule + // with the action pass orforward contains TCP flags that are inconsistent + // in the forward and return directions. To mitigate: Prevent asymmetric + // routing issues caused by TCP flags by following these actions: Remove + // unnecessary TCP flag inspections from the rules. If you need to inspect + // TCP flags, check that the rules correctly account for changes in TCP flags + // throughout the TCP connection cycle, for example SYN and ACK flags used + // in a 3-way TCP handshake. + IdentifiedType *string `type:"string" enum:"IdentifiedType"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnalysisResult) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AnalysisResult) GoString() string { + return s.String() +} + +// SetAnalysisDetail sets the AnalysisDetail field's value. +func (s *AnalysisResult) SetAnalysisDetail(v string) *AnalysisResult { + s.AnalysisDetail = &v + return s +} + +// SetIdentifiedRuleIds sets the IdentifiedRuleIds field's value. +func (s *AnalysisResult) SetIdentifiedRuleIds(v []*string) *AnalysisResult { + s.IdentifiedRuleIds = v + return s +} + +// SetIdentifiedType sets the IdentifiedType field's value. +func (s *AnalysisResult) SetIdentifiedType(v string) *AnalysisResult { + s.IdentifiedType = &v + return s +} + type AssociateFirewallPolicyInput struct { _ struct{} `type:"structure"` @@ -4723,12 +4800,12 @@ type CheckCertificateRevocationStatusActions struct { // * PASS - Allow the connection to continue, and pass subsequent packets // to the stateful engine for inspection. // - // * DROP - Network Firewall fails closed and drops all subsequent traffic. + // * DROP - Network Firewall closes the connection and drops subsequent packets + // for that connection. // - // * REJECT - Network Firewall sends a TCP reject packet back to your client - // so that the client can immediately establish a new session. Network Firewall - // then fails closed and drops all subsequent traffic. REJECT is available - // only for TCP traffic. + // * REJECT - Network Firewall sends a TCP reject packet back to your client. + // The service closes the connection and drops subsequent packets for that + // connection. REJECT is available only for TCP traffic. RevokedStatusAction *string `type:"string" enum:"RevocationCheckAction"` // Configures how Network Firewall processes traffic when it determines that @@ -4740,12 +4817,12 @@ type CheckCertificateRevocationStatusActions struct { // * PASS - Allow the connection to continue, and pass subsequent packets // to the stateful engine for inspection. // - // * DROP - Network Firewall fails closed and drops all subsequent traffic. + // * DROP - Network Firewall closes the connection and drops subsequent packets + // for that connection. // - // * REJECT - Network Firewall sends a TCP reject packet back to your client - // so that the client can immediately establish a new session. Network Firewall - // then fails closed and drops all subsequent traffic. REJECT is available - // only for TCP traffic. + // * REJECT - Network Firewall sends a TCP reject packet back to your client. + // The service closes the connection and drops subsequent packets for that + // connection. REJECT is available only for TCP traffic. UnknownStatusAction *string `type:"string" enum:"RevocationCheckAction"` } @@ -5209,6 +5286,13 @@ func (s *CreateFirewallPolicyOutput) SetUpdateToken(v string) *CreateFirewallPol type CreateRuleGroupInput struct { _ struct{} `type:"structure"` + // Indicates whether you want Network Firewall to analyze the stateless rules + // in the rule group for rule behavior such as asymmetric routing. If set to + // TRUE, Network Firewall runs the analysis and then creates the rule group + // for you. To run the stateless rule group analyzer without creating the rule + // group, set DryRun to TRUE. + AnalyzeRuleGroup *bool `type:"boolean"` + // The maximum operating resources that this rule group can use. Rule group // capacity is fixed at creation. When you update a rule group, you are limited // to this capacity. When you reference a rule group from a firewall policy, @@ -5381,6 +5465,12 @@ func (s *CreateRuleGroupInput) Validate() error { return nil } +// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value. +func (s *CreateRuleGroupInput) SetAnalyzeRuleGroup(v bool) *CreateRuleGroupInput { + s.AnalyzeRuleGroup = &v + return s +} + // SetCapacity sets the Capacity field's value. func (s *CreateRuleGroupInput) SetCapacity(v int64) *CreateRuleGroupInput { s.Capacity = &v @@ -6696,6 +6786,11 @@ func (s *DescribeResourcePolicyOutput) SetPolicy(v string) *DescribeResourcePoli type DescribeRuleGroupInput struct { _ struct{} `type:"structure"` + // Indicates whether you want Network Firewall to analyze the stateless rules + // in the rule group for rule behavior such as asymmetric routing. If set to + // TRUE, Network Firewall runs the analysis. + AnalyzeRuleGroup *bool `type:"boolean"` + // The Amazon Resource Name (ARN) of the rule group. // // You must specify the ARN or the name, and you can specify both. @@ -6749,6 +6844,12 @@ func (s *DescribeRuleGroupInput) Validate() error { return nil } +// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value. +func (s *DescribeRuleGroupInput) SetAnalyzeRuleGroup(v bool) *DescribeRuleGroupInput { + s.AnalyzeRuleGroup = &v + return s +} + // SetRuleGroupArn sets the RuleGroupArn field's value. func (s *DescribeRuleGroupInput) SetRuleGroupArn(v string) *DescribeRuleGroupInput { s.RuleGroupArn = &v @@ -10594,7 +10695,9 @@ type RuleGroup struct { // Additional options governing how Network Firewall handles stateful rules. // The policies where you use your stateful rule group must have stateful rule - // options settings that are compatible with these settings. + // options settings that are compatible with these settings. Some limitations + // apply; for more information, see Strict evaluation order (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-limitations-caveats.html) + // in the Network Firewall Developer Guide. StatefulRuleOptions *StatefulRuleOptions `type:"structure"` } @@ -10718,6 +10821,15 @@ func (s *RuleGroupMetadata) SetName(v string) *RuleGroupMetadata { type RuleGroupResponse struct { _ struct{} `type:"structure"` + // The list of analysis results for AnalyzeRuleGroup. If you set AnalyzeRuleGroup + // to TRUE in CreateRuleGroup, UpdateRuleGroup, or DescribeRuleGroup, Network + // Firewall analyzes the rule group and identifies the rules that might adversely + // effect your firewall's functionality. For example, if Network Firewall detects + // a rule that's routing traffic asymmetrically, which impacts the service's + // ability to properly process traffic, the service includes the rule in the + // list of analysis results. + AnalysisResults []*AnalysisResult `type:"list"` + // The maximum operating resources that this rule group can use. Rule group // capacity is fixed at creation. When you update a rule group, you are limited // to this capacity. When you reference a rule group from a firewall policy, @@ -10805,6 +10917,12 @@ func (s RuleGroupResponse) GoString() string { return s.String() } +// SetAnalysisResults sets the AnalysisResults field's value. +func (s *RuleGroupResponse) SetAnalysisResults(v []*AnalysisResult) *RuleGroupResponse { + s.AnalysisResults = v + return s +} + // SetCapacity sets the Capacity field's value. func (s *RuleGroupResponse) SetCapacity(v int64) *RuleGroupResponse { s.Capacity = &v @@ -11026,13 +11144,16 @@ type RulesSource struct { // Stateful inspection criteria for a domain list rule group. RulesSourceList *RulesSourceList `type:"structure"` - // Stateful inspection criteria, provided in Suricata compatible intrusion prevention - // system (IPS) rules. Suricata is an open-source network IPS that includes - // a standard rule-based language for network traffic inspection. + // Stateful inspection criteria, provided in Suricata compatible rules. Suricata + // is an open-source threat detection framework that includes a standard rule-based + // language for network traffic inspection. // // These rules contain the inspection criteria and the action to take for traffic // that matches the criteria, so this type of rule group doesn't have a separate // action setting. + // + // You can't use the priority keyword if the RuleOrder option in StatefulRuleOptions + // is set to STRICT_ORDER. RulesString *string `type:"string"` // An array of individual stateful rules inspection criteria to be used together @@ -11271,8 +11392,8 @@ func (s *ServerCertificate) SetResourceArn(v string) *ServerCertificate { // uses to decrypt and re-encrypt traffic using a TLSInspectionConfiguration. // You can configure ServerCertificates for inbound SSL/TLS inspection, a CertificateAuthorityArn // for outbound SSL/TLS inspection, or both. For information about working with -// certificates for TLS inspection, see Requirements for using SSL/TLS server -// certficiates with TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) +// certificates for TLS inspection, see Using SSL/TLS server certficiates with +// TLS inspection configurations (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) // in the Network Firewall Developer Guide. // // If a server certificate that's associated with your TLSInspectionConfiguration @@ -11281,7 +11402,7 @@ type ServerCertificateConfiguration struct { _ struct{} `type:"structure"` // The Amazon Resource Name (ARN) of the imported certificate authority (CA) - // certificate configured in Certificate Manager (ACM) to use for outbound SSL/TLS + // certificate within Certificate Manager (ACM) to use for outbound SSL/TLS // inspection. // // The following limitations apply: @@ -11291,8 +11412,8 @@ type ServerCertificateConfiguration struct { // // * You can't use certificates issued by Private Certificate Authority. // - // For more information about the certificate requirements for outbound inspection, - // see Requirements for using SSL/TLS certificates with TLS inspection configurations + // For more information about configuring certificates for outbound inspection, + // see Using SSL/TLS certificates with certificates with TLS inspection configurations // (https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) // in the Network Firewall Developer Guide. // @@ -11304,15 +11425,14 @@ type ServerCertificateConfiguration struct { // When enabled, Network Firewall checks if the server certificate presented // by the server in the SSL/TLS connection has a revoked or unkown status. If // the certificate has an unknown or revoked status, you must specify the actions - // that Network Firewall takes on outbound traffic. To use this option, you - // must specify a CertificateAuthorityArn in ServerCertificateConfiguration. + // that Network Firewall takes on outbound traffic. To check the certificate + // revocation status, you must also specify a CertificateAuthorityArn in ServerCertificateConfiguration. CheckCertificateRevocationStatus *CheckCertificateRevocationStatusActions `type:"structure"` // A list of scopes. Scopes []*ServerCertificateScope `type:"list"` - // The list of a server certificate configuration's Certificate Manager certificates, - // used for inbound SSL/TLS inspection. + // The list of server certificates to use for inbound SSL/TLS inspection. ServerCertificates []*ServerCertificate `type:"list"` } @@ -11593,10 +11713,15 @@ type StatefulEngineOptions struct { _ struct{} `type:"structure"` // Indicates how to manage the order of stateful rule evaluation for the policy. - // DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided - // to the rule engine as Suricata compatible strings, and Suricata evaluates - // them based on certain settings. For more information, see Evaluation order - // for stateful rules (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html) + // STRICT_ORDER is the default and recommended option. With STRICT_ORDER, provide + // your rules in the order that you want them to be evaluated. You can then + // choose one or more default actions for packets that don't match any rules. + // Choose STRICT_ORDER to have the stateful rules engine determine the evaluation + // order of your rules. The default action for this rule order is PASS, followed + // by DROP, REJECT, and ALERT actions. Stateful rules are provided to the rule + // engine as Suricata compatible strings, and Suricata evaluates them based + // on your settings. For more information, see Evaluation order for stateful + // rules (https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html) // in the Network Firewall Developer Guide. RuleOrder *string `type:"string" enum:"RuleOrder"` @@ -11674,11 +11799,11 @@ type StatefulRule struct { // sends an alert log message, if alert logging is configured in the Firewall // LoggingConfiguration. // - // * ALERT - Permits the packets to go to the intended destination and sends - // an alert log message, if alert logging is configured in the Firewall LoggingConfiguration. - // You can use this action to test a rule that you intend to use to drop - // traffic. You can enable the rule with ALERT action, verify in the logs - // that the rule is filtering as you want, then change the action to DROP. + // * ALERT - Sends an alert log message, if alert logging is configured in + // the Firewall LoggingConfiguration. You can use this action to test a rule + // that you intend to use to drop traffic. You can enable the rule with ALERT + // action, verify in the logs that the rule is filtering as you want, then + // change the action to DROP. // // Action is a required field Action *string `type:"string" required:"true" enum:"StatefulAction"` @@ -14075,6 +14200,13 @@ func (s *UpdateLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingCon type UpdateRuleGroupInput struct { _ struct{} `type:"structure"` + // Indicates whether you want Network Firewall to analyze the stateless rules + // in the rule group for rule behavior such as asymmetric routing. If set to + // TRUE, Network Firewall runs the analysis and then updates the rule group + // for you. To run the stateless rule group analyzer without updating the rule + // group, set DryRun to TRUE. + AnalyzeRuleGroup *bool `type:"boolean"` + // A description of the rule group. Description *string `type:"string"` @@ -14206,6 +14338,12 @@ func (s *UpdateRuleGroupInput) Validate() error { return nil } +// SetAnalyzeRuleGroup sets the AnalyzeRuleGroup field's value. +func (s *UpdateRuleGroupInput) SetAnalyzeRuleGroup(v bool) *UpdateRuleGroupInput { + s.AnalyzeRuleGroup = &v + return s +} + // SetDescription sets the Description field's value. func (s *UpdateRuleGroupInput) SetDescription(v string) *UpdateRuleGroupInput { s.Description = &v @@ -14824,6 +14962,22 @@ func IPAddressType_Values() []string { } } +const ( + // IdentifiedTypeStatelessRuleForwardingAsymmetrically is a IdentifiedType enum value + IdentifiedTypeStatelessRuleForwardingAsymmetrically = "STATELESS_RULE_FORWARDING_ASYMMETRICALLY" + + // IdentifiedTypeStatelessRuleContainsTcpFlags is a IdentifiedType enum value + IdentifiedTypeStatelessRuleContainsTcpFlags = "STATELESS_RULE_CONTAINS_TCP_FLAGS" +) + +// IdentifiedType_Values returns all elements of the IdentifiedType enum +func IdentifiedType_Values() []string { + return []string{ + IdentifiedTypeStatelessRuleForwardingAsymmetrically, + IdentifiedTypeStatelessRuleContainsTcpFlags, + } +} + const ( // LogDestinationTypeS3 is a LogDestinationType enum value LogDestinationTypeS3 = "S3" diff --git a/service/quicksight/api.go b/service/quicksight/api.go index 71797cb5381..5237274860a 100644 --- a/service/quicksight/api.go +++ b/service/quicksight/api.go @@ -19259,6 +19259,9 @@ type Analysis struct { // The descriptive name of the analysis. Name *string `min:"1" type:"string"` + // An array of analysis level configurations. + Options *AssetOptions `type:"structure"` + // A list of the associated sheets with the unique identifier and name of each // sheet. Sheets []*Sheet `type:"list"` @@ -19330,6 +19333,12 @@ func (s *Analysis) SetName(v string) *Analysis { return s } +// SetOptions sets the Options field's value. +func (s *Analysis) SetOptions(v *AssetOptions) *Analysis { + s.Options = v + return s +} + // SetSheets sets the Sheets field's value. func (s *Analysis) SetSheets(v []*Sheet) *Analysis { s.Sheets = v @@ -19426,6 +19435,9 @@ type AnalysisDefinition struct { // in the Amazon QuickSight User Guide. FilterGroups []*FilterGroup `type:"list"` + // An array of option definitions for an analysis. + Options *AssetOptions `type:"structure"` + // An array of parameter declarations for an analysis. // // Parameters are named variables that can transfer a value for use by an action @@ -19569,6 +19581,12 @@ func (s *AnalysisDefinition) SetFilterGroups(v []*FilterGroup) *AnalysisDefiniti return s } +// SetOptions sets the Options field's value. +func (s *AnalysisDefinition) SetOptions(v *AssetOptions) *AnalysisDefinition { + s.Options = v + return s +} + // SetParameterDeclarations sets the ParameterDeclarations field's value. func (s *AnalysisDefinition) SetParameterDeclarations(v []*ParameterDeclaration) *AnalysisDefinition { s.ParameterDeclarations = v @@ -22347,6 +22365,47 @@ func (s *AssetBundleImportSourceDescription) SetS3Uri(v string) *AssetBundleImpo return s } +// An array of analysis level configurations. +type AssetOptions struct { + _ struct{} `type:"structure"` + + // Determines the timezone for the analysis. + Timezone *string `type:"string"` + + // Determines the week start day for an analysis. + WeekStart *string `type:"string" enum:"DayOfTheWeek"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssetOptions) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AssetOptions) GoString() string { + return s.String() +} + +// SetTimezone sets the Timezone field's value. +func (s *AssetOptions) SetTimezone(v string) *AssetOptions { + s.Timezone = &v + return s +} + +// SetWeekStart sets the WeekStart field's value. +func (s *AssetOptions) SetWeekStart(v string) *AssetOptions { + s.WeekStart = &v + return s +} + // Parameters for Amazon Athena. type AthenaParameters struct { _ struct{} `type:"structure"` @@ -25271,6 +25330,10 @@ type CastColumnTypeOperation struct { // // NewColumnType is a required field NewColumnType *string `type:"string" required:"true" enum:"ColumnDataType"` + + // The sub data type of the new column. Sub types are only available for decimal + // columns that are part of a SPICE dataset. + SubType *string `type:"string" enum:"ColumnDataSubType"` } // String returns the string representation. @@ -25328,6 +25391,12 @@ func (s *CastColumnTypeOperation) SetNewColumnType(v string) *CastColumnTypeOper return s } +// SetSubType sets the SubType field's value. +func (s *CastColumnTypeOperation) SetSubType(v string) *CastColumnTypeOperation { + s.SubType = &v + return s +} + // The dimension type field with categorical type columns.. type CategoricalDimensionField struct { _ struct{} `type:"structure"` @@ -34939,6 +35008,9 @@ type DashboardVersion struct { // Errors associated with this dashboard version. Errors []*DashboardError `min:"1" type:"list"` + // An array of analysis level configurations. + Options *AssetOptions `type:"structure"` + // A list of the associated sheets with the unique identifier and name of each // sheet. Sheets []*Sheet `type:"list"` @@ -35004,6 +35076,12 @@ func (s *DashboardVersion) SetErrors(v []*DashboardError) *DashboardVersion { return s } +// SetOptions sets the Options field's value. +func (s *DashboardVersion) SetOptions(v *AssetOptions) *DashboardVersion { + s.Options = v + return s +} + // SetSheets sets the Sheets field's value. func (s *DashboardVersion) SetSheets(v []*Sheet) *DashboardVersion { s.Sheets = v @@ -35062,6 +35140,9 @@ type DashboardVersionDefinition struct { // in the Amazon QuickSight User Guide. FilterGroups []*FilterGroup `type:"list"` + // An array of option definitions for a dashboard. + Options *AssetOptions `type:"structure"` + // The parameter declarations for a dashboard. Parameters are named variables // that can transfer a value for use by an action or an object. // @@ -35202,6 +35283,12 @@ func (s *DashboardVersionDefinition) SetFilterGroups(v []*FilterGroup) *Dashboar return s } +// SetOptions sets the Options field's value. +func (s *DashboardVersionDefinition) SetOptions(v *AssetOptions) *DashboardVersionDefinition { + s.Options = v + return s +} + // SetParameterDeclarations sets the ParameterDeclarations field's value. func (s *DashboardVersionDefinition) SetParameterDeclarations(v []*ParameterDeclaration) *DashboardVersionDefinition { s.ParameterDeclarations = v @@ -59137,6 +59224,10 @@ type InputColumn struct { // Name is a required field Name *string `min:"1" type:"string" required:"true"` + // The sub data type of the column. Sub types are only available for decimal + // columns that are part of a SPICE dataset. + SubType *string `type:"string" enum:"ColumnDataSubType"` + // The data type of the column. // // Type is a required field @@ -59186,6 +59277,12 @@ func (s *InputColumn) SetName(v string) *InputColumn { return s } +// SetSubType sets the SubType field's value. +func (s *InputColumn) SetSubType(v string) *InputColumn { + s.SubType = &v + return s +} + // SetType sets the Type field's value. func (s *InputColumn) SetType(v string) *InputColumn { s.Type = &v @@ -69497,10 +69594,13 @@ type OutputColumn struct { // A description for a column. Description *string `type:"string"` - // A display name for the dataset. + // The display name of the column.. Name *string `min:"1" type:"string"` - // The type. + // The sub data type of the column. + SubType *string `type:"string" enum:"ColumnDataSubType"` + + // The data type of the column. Type *string `type:"string" enum:"ColumnDataType"` } @@ -69534,6 +69634,12 @@ func (s *OutputColumn) SetName(v string) *OutputColumn { return s } +// SetSubType sets the SubType field's value. +func (s *OutputColumn) SetSubType(v string) *OutputColumn { + s.SubType = &v + return s +} + // SetType sets the Type field's value. func (s *OutputColumn) SetType(v string) *OutputColumn { s.Type = &v @@ -87577,6 +87683,9 @@ type TemplateVersion struct { // Errors associated with this template version. Errors []*TemplateError `min:"1" type:"list"` + // An array of analysis level configurations. + Options *AssetOptions `type:"structure"` + // A list of the associated sheets with the unique identifier and name of each // sheet. Sheets []*Sheet `type:"list"` @@ -87651,6 +87760,12 @@ func (s *TemplateVersion) SetErrors(v []*TemplateError) *TemplateVersion { return s } +// SetOptions sets the Options field's value. +func (s *TemplateVersion) SetOptions(v *AssetOptions) *TemplateVersion { + s.Options = v + return s +} + // SetSheets sets the Sheets field's value. func (s *TemplateVersion) SetSheets(v []*Sheet) *TemplateVersion { s.Sheets = v @@ -87707,6 +87822,9 @@ type TemplateVersionDefinition struct { // in the Amazon QuickSight User Guide. FilterGroups []*FilterGroup `type:"list"` + // An array of option definitions for a template. + Options *AssetOptions `type:"structure"` + // An array of parameter declarations for a template. // // Parameters are named variables that can transfer a value for use by an action @@ -87836,6 +87954,12 @@ func (s *TemplateVersionDefinition) SetFilterGroups(v []*FilterGroup) *TemplateV return s } +// SetOptions sets the Options field's value. +func (s *TemplateVersionDefinition) SetOptions(v *AssetOptions) *TemplateVersionDefinition { + s.Options = v + return s +} + // SetParameterDeclarations sets the ParameterDeclarations field's value. func (s *TemplateVersionDefinition) SetParameterDeclarations(v []*ParameterDeclaration) *TemplateVersionDefinition { s.ParameterDeclarations = v @@ -101884,6 +102008,22 @@ func ColumnDataRole_Values() []string { } } +const ( + // ColumnDataSubTypeFloat is a ColumnDataSubType enum value + ColumnDataSubTypeFloat = "FLOAT" + + // ColumnDataSubTypeFixed is a ColumnDataSubType enum value + ColumnDataSubTypeFixed = "FIXED" +) + +// ColumnDataSubType_Values returns all elements of the ColumnDataSubType enum +func ColumnDataSubType_Values() []string { + return []string{ + ColumnDataSubTypeFloat, + ColumnDataSubTypeFixed, + } +} + const ( // ColumnDataTypeString is a ColumnDataType enum value ColumnDataTypeString = "STRING" @@ -102568,6 +102708,42 @@ func DateAggregationFunction_Values() []string { } } +const ( + // DayOfTheWeekSunday is a DayOfTheWeek enum value + DayOfTheWeekSunday = "SUNDAY" + + // DayOfTheWeekMonday is a DayOfTheWeek enum value + DayOfTheWeekMonday = "MONDAY" + + // DayOfTheWeekTuesday is a DayOfTheWeek enum value + DayOfTheWeekTuesday = "TUESDAY" + + // DayOfTheWeekWednesday is a DayOfTheWeek enum value + DayOfTheWeekWednesday = "WEDNESDAY" + + // DayOfTheWeekThursday is a DayOfTheWeek enum value + DayOfTheWeekThursday = "THURSDAY" + + // DayOfTheWeekFriday is a DayOfTheWeek enum value + DayOfTheWeekFriday = "FRIDAY" + + // DayOfTheWeekSaturday is a DayOfTheWeek enum value + DayOfTheWeekSaturday = "SATURDAY" +) + +// DayOfTheWeek_Values returns all elements of the DayOfTheWeek enum +func DayOfTheWeek_Values() []string { + return []string{ + DayOfTheWeekSunday, + DayOfTheWeekMonday, + DayOfTheWeekTuesday, + DayOfTheWeekWednesday, + DayOfTheWeekThursday, + DayOfTheWeekFriday, + DayOfTheWeekSaturday, + } +} + const ( // DayOfWeekSunday is a DayOfWeek enum value DayOfWeekSunday = "SUNDAY"