The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance or DB cluster.
The EnableLogTypes and DisableLogTypes arrays determine which logs will be exported (or not exported) to CloudWatch Logs.
The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance or DB cluster.
The EnableLogTypes and DisableLogTypes arrays determine which logs will be exported (or not exported) to CloudWatch Logs.
Valid log types are: audit (to publish audit logs) and slowquery (to publish slow-query logs). See Publishing Neptune logs to Amazon CloudWatch logs.
The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster.
", + "ModifyDBClusterMessage$CloudwatchLogsExportConfiguration": "The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB cluster. See Using the CLI to publish Neptune audit logs to CloudWatch Logs.
", "ModifyDBInstanceMessage$CloudwatchLogsExportConfiguration": "The configuration setting for the log types to be enabled for export to CloudWatch Logs for a specific DB instance or DB cluster.
" } }, @@ -1427,9 +1427,9 @@ "refs": { "CloudwatchLogsExportConfiguration$EnableLogTypes": "The list of log types to enable.
", "CloudwatchLogsExportConfiguration$DisableLogTypes": "The list of log types to disable.
", - "CreateDBClusterMessage$EnableCloudwatchLogsExports": "The list of log types that need to be enabled for exporting to CloudWatch Logs.
", + "CreateDBClusterMessage$EnableCloudwatchLogsExports": "A list of the log types that this DB cluster should export to CloudWatch Logs. Valid log types are: audit (to publish audit logs) and slowquery (to publish slow-query logs). See Publishing Neptune logs to Amazon CloudWatch logs.
The list of log types that need to be enabled for exporting to CloudWatch Logs.
", - "DBCluster$EnabledCloudwatchLogsExports": "A list of log types that this DB cluster is configured to export to CloudWatch Logs.
", + "DBCluster$EnabledCloudwatchLogsExports": "A list of the log types that this DB cluster is configured to export to CloudWatch Logs. Valid log types are: audit (to publish audit logs to CloudWatch) and slowquery (to publish slow-query logs to CloudWatch). See Publishing Neptune logs to Amazon CloudWatch logs.
The types of logs that the database engine has available for export to CloudWatch Logs.
", "DBInstance$EnabledCloudwatchLogsExports": "A list of log types that this DB instance is configured to export to CloudWatch Logs.
", "PendingCloudwatchLogsExports$LogTypesToEnable": "Log types that are in the process of being deactivated. After they are deactivated, these log types aren't exported to CloudWatch Logs.
", @@ -1571,7 +1571,7 @@ } }, "PendingCloudwatchLogsExports": { - "base": "A list of the log types whose configuration is still pending. In other words, these log types are in the process of being activated or deactivated.
", + "base": "A list of the log types whose configuration is still pending. In other words, these log types are in the process of being activated or deactivated.
Valid log types are: audit (to publish audit logs) and slowquery (to publish slow-query logs). See Publishing Neptune logs to Amazon CloudWatch logs.
This PendingCloudwatchLogsExports structure specifies pending changes to which CloudWatch logs are enabled and which are disabled.
This PendingCloudwatchLogsExports structure specifies pending changes to which CloudWatch logs are enabled and which are disabled.
This data type is used as a response element in the ModifyDBInstance action.
", + "base": "This data type is used as a response element in the ModifyDBInstance action.
", "refs": { "DBInstance$PendingModifiedValues": "Specifies that changes to the DB instance are pending. This element is only included when changes are pending. Specific changes are identified by subelements.
" } @@ -1855,6 +1855,7 @@ "CharacterSet$CharacterSetDescription": "The description of the character set.
", "ClusterPendingModifiedValues$DBClusterIdentifier": "The DBClusterIdentifier value for the DB cluster.
", "ClusterPendingModifiedValues$EngineVersion": "The database engine version.
", + "ClusterPendingModifiedValues$StorageType": "The storage type for the DB cluster.
", "CopyDBClusterParameterGroupMessage$SourceDBClusterParameterGroupIdentifier": "The identifier or Amazon Resource Name (ARN) for the source DB cluster parameter group. For information about creating an ARN, see Constructing an Amazon Resource Name (ARN).
Constraints:
Must specify a valid DB cluster parameter group.
If the source DB cluster parameter group is in the same Amazon Region as the copy, specify a valid DB parameter group identifier, for example my-db-cluster-param-group, or a valid ARN.
If the source DB parameter group is in a different Amazon Region than the copy, specify a valid DB cluster parameter group ARN, for example arn:aws:rds:us-east-1:123456789012:cluster-pg:custom-cluster-group1.
The identifier for the copied DB cluster parameter group.
Constraints:
Cannot be null, empty, or blank
Must contain from 1 to 255 letters, numbers, or hyphens
First character must be a letter
Cannot end with a hyphen or contain two consecutive hyphens
Example: my-cluster-param-group1
A description for the copied DB cluster parameter group.
", @@ -1891,6 +1892,7 @@ "CreateDBClusterMessage$ReplicationSourceIdentifier": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a Read Replica.
", "CreateDBClusterMessage$KmsKeyId": "The Amazon KMS key identifier for an encrypted DB cluster.
The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are creating a DB cluster with the same Amazon account that owns the KMS encryption key used to encrypt the new DB cluster, then you can use the KMS key alias instead of the ARN for the KMS encryption key.
If an encryption key is not specified in KmsKeyId:
If ReplicationSourceIdentifier identifies an encrypted source, then Amazon Neptune will use the encryption key used to encrypt the source. Otherwise, Amazon Neptune will use your default encryption key.
If the StorageEncrypted parameter is true and ReplicationSourceIdentifier is not specified, then Amazon Neptune will use your default encryption key.
Amazon KMS creates the default encryption key for your Amazon account. Your Amazon account has a different default encryption key for each Amazon Region.
If you create a Read Replica of an encrypted DB cluster in another Amazon Region, you must set KmsKeyId to a KMS key ID that is valid in the destination Amazon Region. This key is used to encrypt the Read Replica in that Amazon Region.
This parameter is not currently supported.
", + "CreateDBClusterMessage$StorageType": "The storage type to associate with the DB cluster.
Valid Values:
standard | iopt1
Default:
standard
When you create a Neptune cluster with the storage type set to iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to standard.
The name of the DB cluster parameter group.
Constraints:
Must match the name of an existing DBClusterParameterGroup.
This value is stored as a lowercase string.
The DB cluster parameter group family name. A DB cluster parameter group can be associated with one and only one DB cluster parameter group family, and can be applied only to a DB cluster running a database engine and engine version compatible with that DB cluster parameter group family.
", "CreateDBClusterParameterGroupMessage$Description": "The description for the DB cluster parameter group.
", @@ -1951,6 +1953,7 @@ "DBCluster$DbClusterResourceId": "The Amazon Region-unique, immutable identifier for the DB cluster. This identifier is found in Amazon CloudTrail log entries whenever the Amazon KMS key for the DB cluster is accessed.
", "DBCluster$DBClusterArn": "The Amazon Resource Name (ARN) for the DB cluster.
", "DBCluster$CloneGroupId": "Identifies the clone group to which the DB cluster is associated.
", + "DBCluster$StorageType": "The storage type associated with the DB cluster.
", "DBClusterEndpoint$DBClusterEndpointIdentifier": "The identifier associated with the endpoint. This parameter is stored as a lowercase string.
", "DBClusterEndpoint$DBClusterIdentifier": "The DB cluster identifier of the DB cluster associated with the endpoint. This parameter is stored as a lowercase string.
", "DBClusterEndpoint$DBClusterEndpointResourceIdentifier": "A unique system-generated identifier for an endpoint. It remains the same for the whole life of the endpoint.
", @@ -1987,6 +1990,7 @@ "DBClusterSnapshot$KmsKeyId": "If StorageEncrypted is true, the Amazon KMS key identifier for the encrypted DB cluster snapshot.
The Amazon Resource Name (ARN) for the DB cluster snapshot.
", "DBClusterSnapshot$SourceDBClusterSnapshotArn": "If the DB cluster snapshot was copied from a source DB cluster snapshot, the Amazon Resource Name (ARN) for the source DB cluster snapshot, otherwise, a null value.
", + "DBClusterSnapshot$StorageType": "The storage type associated with the DB cluster snapshot.
", "DBClusterSnapshotAttribute$AttributeName": "The name of the manual DB cluster snapshot attribute.
The attribute named restore refers to the list of Amazon accounts that have permission to copy or restore the manual DB cluster snapshot. For more information, see the ModifyDBClusterSnapshotAttribute API action.
The identifier of the manual DB cluster snapshot that the attributes apply to.
", "DBClusterSnapshotMessage$Marker": " An optional pagination token provided by a previous DescribeDBClusterSnapshots request. If this parameter is specified, the response includes only records beyond the marker, up to the value specified by MaxRecords.
The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Region, occurring on a random day of the week.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", "ModifyDBClusterMessage$EngineVersion": "The version number of the database engine to which you want to upgrade. Changing this parameter results in an outage. The change is applied during the next maintenance window unless the ApplyImmediately parameter is set to true.
For a list of valid engine versions, see Engine Releases for Amazon Neptune, or call DescribeDBEngineVersions.
", "ModifyDBClusterMessage$DBInstanceParameterGroupName": "The name of the DB parameter group to apply to all instances of the DB cluster.
When you apply a parameter group using DBInstanceParameterGroupName, parameter changes aren't applied during the next maintenance window but instead are applied immediately.
Default: The existing name setting
Constraints:
The DB parameter group must be in the same DB parameter group family as the target DB cluster version.
The DBInstanceParameterGroupName parameter is only valid in combination with the AllowMajorVersionUpgrade parameter.
The storage type to associate with the DB cluster.
Valid Values:
standard | iopt1
Default:
standard
The name of the DB cluster parameter group to modify.
", "ModifyDBClusterSnapshotAttributeMessage$DBClusterSnapshotIdentifier": "The identifier for the DB cluster snapshot to modify the attributes for.
", "ModifyDBClusterSnapshotAttributeMessage$AttributeName": "The name of the DB cluster snapshot attribute to modify.
To manage authorization for other Amazon accounts to copy or restore a manual DB cluster snapshot, set this value to restore.
(Not supported by Neptune)
", "RestoreDBClusterFromSnapshotMessage$KmsKeyId": "The Amazon KMS key identifier to use when restoring an encrypted DB cluster from a DB snapshot or DB cluster snapshot.
The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are restoring a DB cluster with the same Amazon account that owns the KMS encryption key used to encrypt the new DB cluster, then you can use the KMS key alias instead of the ARN for the KMS encryption key.
If you do not specify a value for the KmsKeyId parameter, then the following will occur:
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the DB snapshot or DB cluster snapshot.
If the DB snapshot or DB cluster snapshot in SnapshotIdentifier is not encrypted, then the restored DB cluster is not encrypted.
The name of the DB cluster parameter group to associate with the new DB cluster.
Constraints:
If supplied, must match the name of an existing DBClusterParameterGroup.
Specifies the storage type to be associated with the DB cluster.
Valid values: standard, iopt1
Default: standard
The name of the new DB cluster to be created.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens
First character must be a letter
Cannot end with a hyphen or contain two consecutive hyphens
The type of restore to be performed. You can specify one of the following values:
full-copy - The new DB cluster is restored as a full copy of the source DB cluster.
copy-on-write - The new DB cluster is restored as a clone of the source DB cluster.
If you don't specify a RestoreType value, then the new DB cluster is restored as a full copy of the source DB cluster.
The identifier of the source DB cluster from which to restore.
Constraints:
Must match the identifier of an existing DBCluster.
(Not supported by Neptune)
", "RestoreDBClusterToPointInTimeMessage$KmsKeyId": "The Amazon KMS key identifier to use when restoring an encrypted DB cluster from an encrypted DB cluster.
The KMS key identifier is the Amazon Resource Name (ARN) for the KMS encryption key. If you are restoring a DB cluster with the same Amazon account that owns the KMS encryption key used to encrypt the new DB cluster, then you can use the KMS key alias instead of the ARN for the KMS encryption key.
You can restore to a new DB cluster and encrypt the new DB cluster with a KMS key that is different than the KMS key used to encrypt the source DB cluster. The new DB cluster is encrypted with the KMS key identified by the KmsKeyId parameter.
If you do not specify a value for the KmsKeyId parameter, then the following will occur:
If the DB cluster is encrypted, then the restored DB cluster is encrypted using the KMS key that was used to encrypt the source DB cluster.
If the DB cluster is not encrypted, then the restored DB cluster is not encrypted.
If DBClusterIdentifier refers to a DB cluster that is not encrypted, then the restore request is rejected.
The name of the DB cluster parameter group to associate with the new DB cluster.
Constraints:
If supplied, must match the name of an existing DBClusterParameterGroup.
Specifies the storage type to be associated with the DB cluster.
Valid values: standard, iopt1
Default: standard
The DB cluster identifier of the Neptune DB cluster to be started. This parameter is stored as a lowercase string.
", "StopDBClusterMessage$DBClusterIdentifier": "The DB cluster identifier of the Neptune DB cluster to be stopped. This parameter is stored as a lowercase string.
", @@ -2345,6 +2352,7 @@ "DBCluster$LatestRestorableTime": "Specifies the latest time to which a database can be restored with point-in-time restore.
", "DBCluster$ClusterCreateTime": "Specifies the time when the DB cluster was created, in Universal Coordinated Time (UTC).
", "DBCluster$AutomaticRestartTime": "Time at which the DB cluster will be automatically restarted.
", + "DBCluster$IOOptimizedNextAllowedModificationTime": "The next time you can modify the DB cluster to use the iopt1 storage type.
Provides the time when the snapshot was taken, in Universal Coordinated Time (UTC).
", "DBClusterSnapshot$ClusterCreateTime": "Specifies the time when the DB cluster was created, in Universal Coordinated Time (UTC).
", "DBInstance$InstanceCreateTime": "Provides the date and time the DB instance was created.
", diff --git a/models/apis/neptune/2014-10-31/endpoint-tests-1.json b/models/apis/neptune/2014-10-31/endpoint-tests-1.json index 8b0bc663a10..8ac5ed557d2 100644 --- a/models/apis/neptune/2014-10-31/endpoint-tests-1.json +++ b/models/apis/neptune/2014-10-31/endpoint-tests-1.json @@ -685,6 +685,17 @@ "expect": { "error": "Invalid Configuration: Missing Region" } + }, + { + "documentation": "Partition doesn't support DualStack", + "expect": { + "error": "DualStack is enabled but this partition does not support DualStack" + }, + "params": { + "Region": "us-isob-east-1", + "UseFIPS": false, + "UseDualStack": true + } } ], "version": "1.0" diff --git a/models/apis/pinpoint/2016-12-01/docs-2.json b/models/apis/pinpoint/2016-12-01/docs-2.json index dd14a2c00c4..d92dcf7f24a 100644 --- a/models/apis/pinpoint/2016-12-01/docs-2.json +++ b/models/apis/pinpoint/2016-12-01/docs-2.json @@ -1599,7 +1599,7 @@ "BaiduMessage$TimeToLive": "The amount of time, in seconds, that the Baidu Cloud Push service should store the message if the recipient's device is offline. The default value and maximum supported time is 604,800 seconds (7 days).
", "CampaignLimits$Daily": "The maximum number of messages that a campaign can send to a single endpoint during a 24-hour period. For an application, this value specifies the default limit for the number of messages that campaigns and journeys can send to a single endpoint during a 24-hour period. The maximum value is 100.
", "CampaignLimits$MaximumDuration": "The maximum amount of time, in seconds, that a campaign can attempt to deliver a message after the scheduled start time for the campaign. The minimum value is 60 seconds.
", - "CampaignLimits$MessagesPerSecond": "The maximum number of messages that a campaign can send each second. For an application, this value specifies the default limit for the number of messages that campaigns can send each second. The minimum value is 50. The maximum value is 20,000.
", + "CampaignLimits$MessagesPerSecond": "The maximum number of messages that a campaign can send each second. For an application, this value specifies the default limit for the number of messages that campaigns can send each second. The minimum value is 1. The maximum value is 20,000.
", "CampaignLimits$Session": "The maximum total number of messages that the campaign can send per user session.
", "CampaignLimits$Total": "The maximum number of messages that a campaign can send to a single endpoint during the course of the campaign. If a campaign recurs, this setting applies to all runs of the campaign. The maximum value is 100.
", "CampaignResponse$HoldoutPercent": "The allocated percentage of users (segment members) who shouldn't receive messages from the campaign.
", diff --git a/models/apis/securityhub/2018-10-26/api-2.json b/models/apis/securityhub/2018-10-26/api-2.json index 6af536ec84a..cfc85480974 100644 --- a/models/apis/securityhub/2018-10-26/api-2.json +++ b/models/apis/securityhub/2018-10-26/api-2.json @@ -1239,7 +1239,9 @@ {"shape":"LimitExceededException"}, {"shape":"ResourceNotFoundException"}, {"shape":"ResourceInUseException"}, - {"shape":"AccessDeniedException"} + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"ResourceInUseException"} ] }, "UpdateSecurityHubConfiguration":{ @@ -1434,7 +1436,7 @@ }, "AlphaNumericNonEmptyString":{ "type":"string", - "pattern":"^[-_ a-zA-Z0-9]+$" + "pattern":"^([^\\u0000-\\u007F]|[-_ a-zA-Z0-9])+$" }, "ArnList":{ "type":"list", @@ -2744,7 +2746,8 @@ "TableId":{"shape":"NonEmptyString"}, "TableName":{"shape":"NonEmptyString"}, "TableSizeBytes":{"shape":"SizeBytes"}, - "TableStatus":{"shape":"NonEmptyString"} + "TableStatus":{"shape":"NonEmptyString"}, + "DeletionProtectionEnabled":{"shape":"Boolean"} } }, "AwsDynamoDbTableGlobalSecondaryIndex":{ @@ -2863,6 +2866,89 @@ "StreamViewType":{"shape":"NonEmptyString"} } }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails":{ + "type":"structure", + "members":{ + "DirectoryId":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails":{ + "type":"structure", + "members":{ + "Type":{"shape":"NonEmptyString"}, + "ActiveDirectory":{"shape":"AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails"}, + "MutualAuthentication":{"shape":"AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails"}, + "FederatedAuthentication":{"shape":"AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails"} + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails":{ + "type":"structure", + "members":{ + "SamlProviderArn":{"shape":"NonEmptyString"}, + "SelfServiceSamlProviderArn":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsList":{ + "type":"list", + "member":{"shape":"AwsEc2ClientVpnEndpointAuthenticationOptionsDetails"} + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails":{ + "type":"structure", + "members":{ + "ClientRootCertificateChain":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointClientConnectOptionsDetails":{ + "type":"structure", + "members":{ + "Enabled":{"shape":"Boolean"}, + "LambdaFunctionArn":{"shape":"NonEmptyString"}, + "Status":{"shape":"AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails"} + } + }, + "AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails":{ + "type":"structure", + "members":{ + "Code":{"shape":"NonEmptyString"}, + "Message":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails":{ + "type":"structure", + "members":{ + "Enabled":{"shape":"Boolean"}, + "BannerText":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointConnectionLogOptionsDetails":{ + "type":"structure", + "members":{ + "Enabled":{"shape":"Boolean"}, + "CloudwatchLogGroup":{"shape":"NonEmptyString"}, + "CloudwatchLogStream":{"shape":"NonEmptyString"} + } + }, + "AwsEc2ClientVpnEndpointDetails":{ + "type":"structure", + "members":{ + "ClientVpnEndpointId":{"shape":"NonEmptyString"}, + "Description":{"shape":"NonEmptyString"}, + "ClientCidrBlock":{"shape":"NonEmptyString"}, + "DnsServer":{"shape":"StringList"}, + "SplitTunnel":{"shape":"Boolean"}, + "TransportProtocol":{"shape":"NonEmptyString"}, + "VpnPort":{"shape":"Integer"}, + "ServerCertificateArn":{"shape":"NonEmptyString"}, + "AuthenticationOptions":{"shape":"AwsEc2ClientVpnEndpointAuthenticationOptionsList"}, + "ConnectionLogOptions":{"shape":"AwsEc2ClientVpnEndpointConnectionLogOptionsDetails"}, + "SecurityGroupIdSet":{"shape":"StringList"}, + "VpcId":{"shape":"NonEmptyString"}, + "SelfServicePortalUrl":{"shape":"NonEmptyString"}, + "ClientConnectOptions":{"shape":"AwsEc2ClientVpnEndpointClientConnectOptionsDetails"}, + "SessionTimeoutHours":{"shape":"Integer"}, + "ClientLoginBannerOptions":{"shape":"AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails"} + } + }, "AwsEc2EipDetails":{ "type":"structure", "members":{ @@ -5232,7 +5318,8 @@ "CurrentVersion":{"shape":"NonEmptyString"}, "NumberOfBrokerNodes":{"shape":"Integer"}, "ClusterName":{"shape":"NonEmptyString"}, - "ClientAuthentication":{"shape":"AwsMskClusterClusterInfoClientAuthenticationDetails"} + "ClientAuthentication":{"shape":"AwsMskClusterClusterInfoClientAuthenticationDetails"}, + "EnhancedMonitoring":{"shape":"NonEmptyString"} } }, "AwsMskClusterClusterInfoEncryptionInfoDetails":{ @@ -6077,6 +6164,25 @@ "CloudWatchLogsLogGroupArn":{"shape":"CloudWatchLogsLogGroupArnConfigDetails"} } }, + "AwsS3AccessPointDetails":{ + "type":"structure", + "members":{ + "AccessPointArn":{"shape":"NonEmptyString"}, + "Alias":{"shape":"NonEmptyString"}, + "Bucket":{"shape":"NonEmptyString"}, + "BucketAccountId":{"shape":"NonEmptyString"}, + "Name":{"shape":"NonEmptyString"}, + "NetworkOrigin":{"shape":"NonEmptyString"}, + "PublicAccessBlockConfiguration":{"shape":"AwsS3AccountPublicAccessBlockDetails"}, + "VpcConfiguration":{"shape":"AwsS3AccessPointVpcConfigurationDetails"} + } + }, + "AwsS3AccessPointVpcConfigurationDetails":{ + "type":"structure", + "members":{ + "VpcId":{"shape":"NonEmptyString"} + } + }, "AwsS3AccountPublicAccessBlockDetails":{ "type":"structure", "members":{ @@ -6204,7 +6310,8 @@ "BucketWebsiteConfiguration":{"shape":"AwsS3BucketWebsiteConfiguration"}, "BucketNotificationConfiguration":{"shape":"AwsS3BucketNotificationConfiguration"}, "BucketVersioningConfiguration":{"shape":"AwsS3BucketBucketVersioningConfiguration"}, - "ObjectLockConfiguration":{"shape":"AwsS3BucketObjectLockConfiguration"} + "ObjectLockConfiguration":{"shape":"AwsS3BucketObjectLockConfiguration"}, + "Name":{"shape":"NonEmptyString"} } }, "AwsS3BucketLoggingConfiguration":{ @@ -9484,7 +9591,9 @@ "AwsDmsReplicationTask":{"shape":"AwsDmsReplicationTaskDetails"}, "AwsDmsReplicationInstance":{"shape":"AwsDmsReplicationInstanceDetails"}, "AwsRoute53HostedZone":{"shape":"AwsRoute53HostedZoneDetails"}, - "AwsMskCluster":{"shape":"AwsMskClusterDetails"} + "AwsMskCluster":{"shape":"AwsMskClusterDetails"}, + "AwsS3AccessPoint":{"shape":"AwsS3AccessPointDetails"}, + "AwsEc2ClientVpnEndpoint":{"shape":"AwsEc2ClientVpnEndpointDetails"} } }, "ResourceInUseException":{ diff --git a/models/apis/securityhub/2018-10-26/docs-2.json b/models/apis/securityhub/2018-10-26/docs-2.json index bf597225779..275c5e967d7 100644 --- a/models/apis/securityhub/2018-10-26/docs-2.json +++ b/models/apis/securityhub/2018-10-26/docs-2.json @@ -1215,6 +1215,66 @@ "AwsDynamoDbTableDetails$StreamSpecification": "The current DynamoDB Streams configuration for the table.
" } }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails": { + "base": "Provides details about an Active Directory that’s used to authenticate an Client VPN endpoint.
", + "refs": { + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails$ActiveDirectory": "Information about the Active Directory, if applicable. With Active Directory authentication, clients are authenticated against existing Active Directory groups.
" + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails": { + "base": "Information about the authentication method used by the Client VPN endpoint.
", + "refs": { + "AwsEc2ClientVpnEndpointAuthenticationOptionsList$member": null + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails": { + "base": "Describes the IAM SAML identity providers used for federated authentication.
", + "refs": { + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails$FederatedAuthentication": "Information about the IAM SAML identity provider, if applicable.
" + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsList": { + "base": null, + "refs": { + "AwsEc2ClientVpnEndpointDetails$AuthenticationOptions": "Information about the authentication method used by the Client VPN endpoint.
" + } + }, + "AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails": { + "base": "Information about the client certificate used for authentication.
", + "refs": { + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails$MutualAuthentication": "Information about the authentication certificates, if applicable.
" + } + }, + "AwsEc2ClientVpnEndpointClientConnectOptionsDetails": { + "base": "The options for managing connection authorization for new client connections.
", + "refs": { + "AwsEc2ClientVpnEndpointDetails$ClientConnectOptions": "The options for managing connection authorization for new client connections.
" + } + }, + "AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails": { + "base": "Describes the status of the Client VPN endpoint attribute.
", + "refs": { + "AwsEc2ClientVpnEndpointClientConnectOptionsDetails$Status": "The status of any updates to the client connect options.
" + } + }, + "AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails": { + "base": "Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.
", + "refs": { + "AwsEc2ClientVpnEndpointDetails$ClientLoginBannerOptions": "Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.
" + } + }, + "AwsEc2ClientVpnEndpointConnectionLogOptionsDetails": { + "base": "Information about the client connection logging options for the Client VPN endpoint.
", + "refs": { + "AwsEc2ClientVpnEndpointDetails$ConnectionLogOptions": "Information about the client connection logging options for the Client VPN endpoint.
" + } + }, + "AwsEc2ClientVpnEndpointDetails": { + "base": "Describes an Client VPN endpoint. A Client VPN endpoint is the resource that you create and configure to enable and manage client VPN sessions. It's the termination point for all client VPN sessions.
", + "refs": { + "ResourceDetails$AwsEc2ClientVpnEndpoint": "Provides details about an Client VPN endpoint. A Client VPN endpoint is the resource that you create and configure to enable and manage client VPN sessions. It's the termination point for all client VPN sessions.
" + } + }, "AwsEc2EipDetails": { "base": "Information about an Elastic IP address.
", "refs": { @@ -3019,7 +3079,7 @@ } }, "AwsMskClusterClusterInfoDetails": { - "base": "Provide details about an Amazon MSK cluster.
", + "base": "Provide details about an Amazon Managed Streaming for Apache Kafka (Amazon MSK) cluster.
", "refs": { "AwsMskClusterDetails$ClusterInfo": "Provides information about a cluster.
" } @@ -3571,9 +3631,22 @@ "AwsRoute53HostedZoneDetails$QueryLoggingConfig": " An array that contains one QueryLoggingConfig element for each DNS query logging configuration that is associated with the current Amazon Web Services account.
Returns configuration information about the specified Amazon S3 access point. S3 access points are named network endpoints that are attached to buckets that you can use to perform S3 object operations.
", + "refs": { + "ResourceDetails$AwsS3AccessPoint": "Provides details about an Amazon Simple Storage Service (Amazon S3) access point. S3 access points are named network endpoints that are attached to S3 buckets that you can use to perform S3 object operations.
" + } + }, + "AwsS3AccessPointVpcConfigurationDetails": { + "base": "The virtual private cloud (VPC) configuration for an Amazon S3 access point.
", + "refs": { + "AwsS3AccessPointDetails$VpcConfiguration": "Contains the virtual private cloud (VPC) configuration for the specified access point.
" + } + }, "AwsS3AccountPublicAccessBlockDetails": { "base": "provides information about the Amazon S3 Public Access Block configuration for accounts.
", "refs": { + "AwsS3AccessPointDetails$PublicAccessBlockConfiguration": null, "AwsS3BucketDetails$PublicAccessBlockConfiguration": "Provides information about the Amazon S3 Public Access Block configuration for the S3 bucket.
", "ResourceDetails$AwsS3AccountPublicAccessBlock": "Details about the Amazon S3 Public Access Block configuration for an account.
" } @@ -3581,7 +3654,7 @@ "AwsS3BucketBucketLifecycleConfigurationDetails": { "base": "The lifecycle configuration for the objects in the S3 bucket.
", "refs": { - "AwsS3BucketDetails$BucketLifecycleConfiguration": "The lifecycle configuration for objects in the S3 bucket.
" + "AwsS3BucketDetails$BucketLifecycleConfiguration": "The lifecycle configuration for objects in the specified bucket.
" } }, "AwsS3BucketBucketLifecycleConfigurationRulesAbortIncompleteMultipartUploadDetails": { @@ -3669,7 +3742,7 @@ } }, "AwsS3BucketDetails": { - "base": "The details of an Amazon S3 bucket.
", + "base": "The details of an Amazon Simple Storage Service (Amazon S3) bucket.
", "refs": { "ResourceDetails$AwsS3Bucket": "Details about an S3 bucket related to a finding.
" } @@ -3737,7 +3810,7 @@ "AwsS3BucketObjectLockConfiguration": { "base": "The container element for S3 Object Lock configuration parameters. In Amazon S3, Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely.
", "refs": { - "AwsS3BucketDetails$ObjectLockConfiguration": "Specifies which rule Amazon S3 applies by default to every new object placed in the specified bucket.
" + "AwsS3BucketDetails$ObjectLockConfiguration": "Specifies which rule Amazon S3 applies by default to every new object placed in the bucket.
" } }, "AwsS3BucketObjectLockConfigurationRuleDefaultRetentionDetails": { @@ -4429,9 +4502,14 @@ "AwsDmsReplicationInstanceDetails$AutoMinorVersionUpgrade": "Indicates whether minor engine upgrades are applied automatically to the replication instance during the maintenance window.
", "AwsDmsReplicationInstanceDetails$MultiAZ": " Specifies whether the replication instance is deployed across multiple Availability Zones (AZs). You can't set the AvailabilityZone parameter if the MultiAZ parameter is set to true.
Specifies the accessibility options for the replication instance. A value of true represents an instance with a public IP address. A value of false represents an instance with a private IP address. The default value is true.
Indicates whether deletion protection is to be enabled (true) or disabled (false) on the table.
", "AwsDynamoDbTableGlobalSecondaryIndex$Backfilling": "Whether the index is currently backfilling.
", "AwsDynamoDbTableRestoreSummary$RestoreInProgress": "Whether a restore is currently in progress.
", "AwsDynamoDbTableStreamSpecification$StreamEnabled": "Indicates whether DynamoDB Streams is enabled on the table.
", + "AwsEc2ClientVpnEndpointClientConnectOptionsDetails$Enabled": "Indicates whether client connect options are enabled.
", + "AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails$Enabled": "Current state of text banner feature.
", + "AwsEc2ClientVpnEndpointConnectionLogOptionsDetails$Enabled": "Indicates whether client connection logging is enabled for the Client VPN endpoint.
", + "AwsEc2ClientVpnEndpointDetails$SplitTunnel": "Indicates whether split-tunnel is enabled in the Client VPN endpoint.
", "AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails$DeleteOnTermination": "Indicates whether the EBS volume is deleted on instance termination.
", "AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails$Encrypted": "Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you're creating a volume from a snapshot, you can't specify an encryption value.
", "AwsEc2LaunchTemplateDataDetails$DisableApiStop": "Indicates whether to enable the instance for stop protection. For more information, see Enable stop protection in the Amazon EC2 User Guide.
", @@ -5575,6 +5653,8 @@ "AwsDynamoDbTableProvisionedThroughput$ReadCapacityUnits": "The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException.
The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException.
The read capacity units for the replica.
", + "AwsEc2ClientVpnEndpointDetails$VpnPort": "The port number for the Client VPN endpoint.
", + "AwsEc2ClientVpnEndpointDetails$SessionTimeoutHours": "The maximum VPN session duration time in hours.
", "AwsEc2InstanceMetadataOptions$HttpPutResponseHopLimit": "The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.
", "AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails$Iops": "The number of I/O operations per second (IOPS).
", "AwsEc2LaunchTemplateDataBlockDeviceMappingSetEbsDetails$Throughput": "The throughput to provision for a gp3 volume, with a maximum of 1,000 MiB/s.
", @@ -6613,6 +6693,24 @@ "AwsDynamoDbTableSseDescription$SseType": "The type of server-side encryption.
", "AwsDynamoDbTableSseDescription$KmsMasterKeyArn": "The ARN of the KMS key that is used for the KMS encryption.
", "AwsDynamoDbTableStreamSpecification$StreamViewType": "Determines the information that is written to the table.
", + "AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails$DirectoryId": "The ID of the Active Directory used for authentication.
", + "AwsEc2ClientVpnEndpointAuthenticationOptionsDetails$Type": "The authentication type used.
", + "AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails$SamlProviderArn": "The Amazon Resource Name (ARN) of the IAM SAML identity provider.
", + "AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails$SelfServiceSamlProviderArn": "The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.
", + "AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails$ClientRootCertificateChain": "The Amazon Resource Name (ARN) of the client certificate.
", + "AwsEc2ClientVpnEndpointClientConnectOptionsDetails$LambdaFunctionArn": "The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.
", + "AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails$Code": "The status code.
", + "AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails$Message": "The status message.
", + "AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails$BannerText": "Customizable text that will be displayed in a banner on Amazon Web Services provided clients when a VPN session is established.
", + "AwsEc2ClientVpnEndpointConnectionLogOptionsDetails$CloudwatchLogGroup": "The name of the Amazon CloudWatch Logs log group to which connection logging data is published.
", + "AwsEc2ClientVpnEndpointConnectionLogOptionsDetails$CloudwatchLogStream": "The name of the Amazon CloudWatch Logs log stream to which connection logging data is published.
", + "AwsEc2ClientVpnEndpointDetails$ClientVpnEndpointId": "The ID of the Client VPN endpoint.
", + "AwsEc2ClientVpnEndpointDetails$Description": "A brief description of the endpoint.
", + "AwsEc2ClientVpnEndpointDetails$ClientCidrBlock": "The IPv4 address range, in CIDR notation, from which client IP addresses are assigned.
", + "AwsEc2ClientVpnEndpointDetails$TransportProtocol": "The transport protocol used by the Client VPN endpoint.
", + "AwsEc2ClientVpnEndpointDetails$ServerCertificateArn": "The Amazon Resource Name (ARN) of the server certificate.
", + "AwsEc2ClientVpnEndpointDetails$VpcId": "The ID of the VPC.
", + "AwsEc2ClientVpnEndpointDetails$SelfServicePortalUrl": "The URL of the self-service portal.
", "AwsEc2EipDetails$InstanceId": "The identifier of the EC2 instance.
", "AwsEc2EipDetails$PublicIp": "A public IP address that is associated with the EC2 instance.
", "AwsEc2EipDetails$AllocationId": "The identifier that Amazon Web Services assigns to represent the allocation of the Elastic IP address for use with Amazon VPC.
", @@ -7107,8 +7205,9 @@ "AwsLambdaLayerVersionDetails$CreatedDate": "Indicates when the version was created.
Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.
The name of the volume to mount. Must be a volume name referenced in the name parameter of task definition volume.
The path on the container to mount the host volume at.
", - "AwsMskClusterClusterInfoDetails$CurrentVersion": "The current version of the MSK cluster.
", + "AwsMskClusterClusterInfoDetails$CurrentVersion": "The current version of the cluster.
", "AwsMskClusterClusterInfoDetails$ClusterName": "The name of the cluster.
", + "AwsMskClusterClusterInfoDetails$EnhancedMonitoring": "Specifies the level of monitoring for the cluster.
", "AwsMskClusterClusterInfoEncryptionInfoEncryptionAtRestDetails$DataVolumeKMSKeyId": "The Amazon Resource Name (ARN) of the KMS key for encrypting data at rest. If you don't specify a KMS key, MSK creates one for you and uses it.
", "AwsMskClusterClusterInfoEncryptionInfoEncryptionInTransitDetails$ClientBroker": "Indicates the encryption setting for data in transit between clients and brokers.
", "AwsNetworkFirewallFirewallDetails$Description": "A description of the firewall.
", @@ -7353,6 +7452,13 @@ "AwsRoute53HostedZoneObjectDetails$Name": "The name of the domain. For public hosted zones, this is the name that you have registered with your DNS registrar.
", "AwsRoute53HostedZoneVpcDetails$Id": "The identifier of an Amazon VPC.
", "AwsRoute53HostedZoneVpcDetails$Region": "The Amazon Web Services Region that an Amazon VPC was created in.
", + "AwsS3AccessPointDetails$AccessPointArn": "The Amazon Resource Name (ARN) of the access point.
", + "AwsS3AccessPointDetails$Alias": "The name or alias of the access point.
", + "AwsS3AccessPointDetails$Bucket": "The name of the S3 bucket associated with the specified access point.
", + "AwsS3AccessPointDetails$BucketAccountId": "The Amazon Web Services account ID associated with the S3 bucket associated with this access point.
", + "AwsS3AccessPointDetails$Name": "The name of the specified access point.
", + "AwsS3AccessPointDetails$NetworkOrigin": "Indicates whether this access point allows access from the public internet.
", + "AwsS3AccessPointVpcConfigurationDetails$VpcId": "If this field is specified, this access point will only allow connections from the specified VPC ID.
", "AwsS3BucketBucketLifecycleConfigurationRulesDetails$ExpirationDate": "The date when objects are moved or deleted.
Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.
The unique identifier of the rule.
", "AwsS3BucketBucketLifecycleConfigurationRulesDetails$Prefix": "A prefix that identifies one or more objects that the rule applies to.
", @@ -7374,6 +7480,7 @@ "AwsS3BucketDetails$OwnerAccountId": "The Amazon Web Services account identifier of the account that owns the S3 bucket.
", "AwsS3BucketDetails$CreatedAt": "Indicates when the S3 bucket was created.
Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces, and date and time should be separated by T. For example, 2020-03-22T13:22:13.933Z.
The access control list for the S3 bucket.
", + "AwsS3BucketDetails$Name": "The name of the bucket.
", "AwsS3BucketLoggingConfiguration$DestinationBucketName": "The name of the S3 bucket where log files for the S3 bucket are stored.
", "AwsS3BucketLoggingConfiguration$LogFilePrefix": "The prefix added to log files for the S3 bucket.
", "AwsS3BucketNotificationConfigurationDetail$Destination": "The ARN of the Lambda function, Amazon SQS queue, or Amazon SNS topic that generates the notification.
", @@ -7557,7 +7664,7 @@ "ConfigurationPolicyAssociationSummary$AssociationStatusMessage": " The explanation for a FAILED value for AssociationStatus.
The Amazon Resource Name (ARN) of the configuration policy.
", "ConfigurationPolicySummary$Id": "The universally unique identifier (UUID) of the configuration policy.
", - "ConfigurationPolicySummary$Name": "The name of the configuration policy.
", + "ConfigurationPolicySummary$Name": " The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.
The description of the configuration policy.
", "ContainerDetails$ContainerRuntime": "The runtime of the container.
", "ContainerDetails$Name": "The name of the container related to a finding.
", @@ -7573,7 +7680,7 @@ "CreateAutomationRuleRequest$RuleName": "The name of the rule.
", "CreateAutomationRuleRequest$Description": "A description of the rule.
", "CreateAutomationRuleResponse$RuleArn": "The Amazon Resource Name (ARN) of the automation rule that you created.
", - "CreateConfigurationPolicyRequest$Name": "The name of the configuration policy.
", + "CreateConfigurationPolicyRequest$Name": " The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.
The description of the configuration policy.
", "CreateConfigurationPolicyResponse$Arn": "The Amazon Resource Name (ARN) of the configuration policy.
", "CreateConfigurationPolicyResponse$Id": "The universally unique identifier (UUID) of the configuration policy.
", @@ -7882,7 +7989,7 @@ "UpdateAutomationRulesRequestItem$Description": "A description of the rule.
", "UpdateAutomationRulesRequestItem$RuleName": "The name of the rule.
", "UpdateConfigurationPolicyRequest$Identifier": "The Amazon Resource Name (ARN) or universally unique identifier (UUID) of the configuration policy.
", - "UpdateConfigurationPolicyRequest$Name": "The name of the configuration policy.
", + "UpdateConfigurationPolicyRequest$Name": " The name of the configuration policy. Alphanumeric characters and the following ASCII characters are permitted: -, ., !, *, /.
The description of the configuration policy.
", "UpdateConfigurationPolicyRequest$UpdatedReason": "The reason for updating the configuration policy.
", "UpdateConfigurationPolicyResponse$Arn": "The ARN of the configuration policy.
", @@ -8104,7 +8211,7 @@ "ParameterValueType": { "base": null, "refs": { - "ParameterConfiguration$ValueType": "Identifies whether a control parameter uses a custom user-defined value or the Security Hub default value.
" + "ParameterConfiguration$ValueType": "Identifies whether a control parameter uses a custom user-defined value or subscribes to the default Security Hub behavior.
When ValueType is set equal to DEFAULT, the default behavior can be a specific Security Hub default value, or the default behavior can be to ignore a specific parameter. When ValueType is set equal to DEFAULT, Security Hub ignores user-provided input for the Value field.
When ValueType is set equal to CUSTOM, the Value field can't be empty.
One or more domain names (subject alternative names) included in the certificate. This list contains the domain names that are bound to the public key that is contained in the certificate.
The subject alternative names include the canonical domain name (CN) of the certificate and additional domain names that can be used to connect to the website.
", "AwsCertificateManagerCertificateDomainValidationOption$ValidationEmails": "A list of email addresses that Certificate Manager uses to send domain validation emails.
", "AwsDynamoDbTableProjection$NonKeyAttributes": "The nonkey attributes that are projected into the index. For each attribute, provide the attribute name.
", + "AwsEc2ClientVpnEndpointDetails$DnsServer": "Information about the DNS servers to be used for DNS resolution.
", + "AwsEc2ClientVpnEndpointDetails$SecurityGroupIdSet": "The IDs of the security groups for the target network.
", "AwsEc2InstanceDetails$IpV4Addresses": "The IPv4 addresses associated with the instance.
", "AwsEc2InstanceDetails$IpV6Addresses": "The IPv6 addresses associated with the instance.
", "AwsElbLoadBalancerBackendServerDescription$PolicyNames": "The names of the policies that are enabled for the EC2 instance.
", diff --git a/service/neptune/api.go b/service/neptune/api.go index 0e7ba7b0184..bba8f265be2 100644 --- a/service/neptune/api.go +++ b/service/neptune/api.go @@ -5280,6 +5280,9 @@ func (c *Neptune) ModifyDBClusterRequest(input *ModifyDBClusterInput) (req *requ // - ErrCodeDBClusterAlreadyExistsFault "DBClusterAlreadyExistsFault" // User already has a DB cluster with the given identifier. // +// - ErrCodeStorageTypeNotSupportedFault "StorageTypeNotSupported" +// StorageType specified cannot be associated with the DB Instance. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/neptune-2014-10-31/ModifyDBCluster func (c *Neptune) ModifyDBCluster(input *ModifyDBClusterInput) (*ModifyDBClusterOutput, error) { req, out := c.ModifyDBClusterRequest(input) @@ -7758,6 +7761,9 @@ func (s *CharacterSet) SetCharacterSetName(v string) *CharacterSet { // // The EnableLogTypes and DisableLogTypes arrays determine which logs will be // exported (or not exported) to CloudWatch Logs. +// +// Valid log types are: audit (to publish audit logs) and slowquery (to publish +// slow-query logs). See Publishing Neptune logs to Amazon CloudWatch logs (https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html). type CloudwatchLogsExportConfiguration struct { _ struct{} `type:"structure"` @@ -7828,6 +7834,9 @@ type ClusterPendingModifiedValues struct { // This PendingCloudwatchLogsExports structure specifies pending changes to // which CloudWatch logs are enabled and which are disabled. PendingCloudwatchLogsExports *PendingCloudwatchLogsExports `type:"structure"` + + // The storage type for the DB cluster. + StorageType *string `type:"string"` } // String returns the string representation. @@ -7890,6 +7899,12 @@ func (s *ClusterPendingModifiedValues) SetPendingCloudwatchLogsExports(v *Pendin return s } +// SetStorageType sets the StorageType field's value. +func (s *ClusterPendingModifiedValues) SetStorageType(v string) *ClusterPendingModifiedValues { + s.StorageType = &v + return s +} + type CopyDBClusterParameterGroupInput struct { _ struct{} `type:"structure"` @@ -8666,8 +8681,10 @@ type CreateDBClusterInput struct { // DestinationRegion is used for presigning the request to a given region. DestinationRegion *string `type:"string"` - // The list of log types that need to be enabled for exporting to CloudWatch - // Logs. + // A list of the log types that this DB cluster should export to CloudWatch + // Logs. Valid log types are: audit (to publish audit logs) and slowquery (to + // publish slow-query logs). See Publishing Neptune logs to Amazon CloudWatch + // logs (https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html). EnableCloudwatchLogsExports []*string `type:"list"` // If set to true, enables Amazon Identity and Access Management (IAM) authentication @@ -8787,6 +8804,21 @@ type CreateDBClusterInput struct { // Specifies whether the DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage type to associate with the DB cluster. + // + // Valid Values: + // + // * standard | iopt1 + // + // Default: + // + // * standard + // + // When you create a Neptune cluster with the storage type set to iopt1, the + // storage type is returned in the response. The storage type isn't returned + // when you set it to standard. + StorageType *string `type:"string"` + // The tags to assign to the new DB cluster. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -8993,6 +9025,12 @@ func (s *CreateDBClusterInput) SetStorageEncrypted(v bool) *CreateDBClusterInput return s } +// SetStorageType sets the StorageType field's value. +func (s *CreateDBClusterInput) SetStorageType(v string) *CreateDBClusterInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *CreateDBClusterInput) SetTags(v []*Tag) *CreateDBClusterInput { s.Tags = v @@ -10529,8 +10567,10 @@ type DBCluster struct { // restore. EarliestRestorableTime *time.Time `type:"timestamp"` - // A list of log types that this DB cluster is configured to export to CloudWatch - // Logs. + // A list of the log types that this DB cluster is configured to export to CloudWatch + // Logs. Valid log types are: audit (to publish audit logs to CloudWatch) and + // slowquery (to publish slow-query logs to CloudWatch). See Publishing Neptune + // logs to Amazon CloudWatch logs (https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html). EnabledCloudwatchLogsExports []*string `type:"list"` // Specifies the connection endpoint for the primary instance of the DB cluster. @@ -10553,6 +10593,9 @@ type DBCluster struct { // database accounts is enabled, and otherwise false. IAMDatabaseAuthenticationEnabled *bool `type:"boolean"` + // The next time you can modify the DB cluster to use the iopt1 storage type. + IOOptimizedNextAllowedModificationTime *time.Time `type:"timestamp"` + // If StorageEncrypted is true, the Amazon KMS key identifier for the encrypted // DB cluster. KmsKeyId *string `type:"string"` @@ -10617,6 +10660,9 @@ type DBCluster struct { // Specifies whether the DB cluster is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage type associated with the DB cluster. + StorageType *string `type:"string"` + // Provides a list of VPC security groups that the DB cluster belongs to. VpcSecurityGroups []*VpcSecurityGroupMembership `locationNameList:"VpcSecurityGroupMembership" type:"list"` } @@ -10801,6 +10847,12 @@ func (s *DBCluster) SetIAMDatabaseAuthenticationEnabled(v bool) *DBCluster { return s } +// SetIOOptimizedNextAllowedModificationTime sets the IOOptimizedNextAllowedModificationTime field's value. +func (s *DBCluster) SetIOOptimizedNextAllowedModificationTime(v time.Time) *DBCluster { + s.IOOptimizedNextAllowedModificationTime = &v + return s +} + // SetKmsKeyId sets the KmsKeyId field's value. func (s *DBCluster) SetKmsKeyId(v string) *DBCluster { s.KmsKeyId = &v @@ -10891,6 +10943,12 @@ func (s *DBCluster) SetStorageEncrypted(v bool) *DBCluster { return s } +// SetStorageType sets the StorageType field's value. +func (s *DBCluster) SetStorageType(v string) *DBCluster { + s.StorageType = &v + return s +} + // SetVpcSecurityGroups sets the VpcSecurityGroups field's value. func (s *DBCluster) SetVpcSecurityGroups(v []*VpcSecurityGroupMembership) *DBCluster { s.VpcSecurityGroups = v @@ -11347,6 +11405,9 @@ type DBClusterSnapshot struct { // Specifies whether the DB cluster snapshot is encrypted. StorageEncrypted *bool `type:"boolean"` + // The storage type associated with the DB cluster snapshot. + StorageType *string `type:"string"` + // Provides the VPC ID associated with the DB cluster snapshot. VpcId *string `type:"string"` } @@ -11483,6 +11544,12 @@ func (s *DBClusterSnapshot) SetStorageEncrypted(v bool) *DBClusterSnapshot { return s } +// SetStorageType sets the StorageType field's value. +func (s *DBClusterSnapshot) SetStorageType(v string) *DBClusterSnapshot { + s.StorageType = &v + return s +} + // SetVpcId sets the VpcId field's value. func (s *DBClusterSnapshot) SetVpcId(v string) *DBClusterSnapshot { s.VpcId = &v @@ -17460,7 +17527,8 @@ type ModifyDBClusterInput struct { BackupRetentionPeriod *int64 `type:"integer"` // The configuration setting for the log types to be enabled for export to CloudWatch - // Logs for a specific DB cluster. + // Logs for a specific DB cluster. See Using the CLI to publish Neptune audit + // logs to CloudWatch Logs (https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html#cloudwatch-logs-cli). CloudwatchLogsExportConfiguration *CloudwatchLogsExportConfiguration `type:"structure"` // If set to true, tags are copied to any snapshot of the DB cluster that is @@ -17580,6 +17648,17 @@ type ModifyDBClusterInput struct { // in the Amazon Neptune User Guide. ServerlessV2ScalingConfiguration *ServerlessV2ScalingConfiguration `type:"structure"` + // The storage type to associate with the DB cluster. + // + // Valid Values: + // + // * standard | iopt1 + // + // Default: + // + // * standard + StorageType *string `type:"string"` + // A list of VPC security groups that the DB cluster will belong to. VpcSecurityGroupIds []*string `locationNameList:"VpcSecurityGroupId" type:"list"` } @@ -17723,6 +17802,12 @@ func (s *ModifyDBClusterInput) SetServerlessV2ScalingConfiguration(v *Serverless return s } +// SetStorageType sets the StorageType field's value. +func (s *ModifyDBClusterInput) SetStorageType(v string) *ModifyDBClusterInput { + s.StorageType = &v + return s +} + // SetVpcSecurityGroupIds sets the VpcSecurityGroupIds field's value. func (s *ModifyDBClusterInput) SetVpcSecurityGroupIds(v []*string) *ModifyDBClusterInput { s.VpcSecurityGroupIds = v @@ -19346,6 +19431,9 @@ func (s *Parameter) SetSource(v string) *Parameter { // A list of the log types whose configuration is still pending. In other words, // these log types are in the process of being activated or deactivated. +// +// Valid log types are: audit (to publish audit logs) and slowquery (to publish +// slow-query logs). See Publishing Neptune logs to Amazon CloudWatch logs (https://docs.aws.amazon.com/neptune/latest/userguide/cloudwatch-logs.html). type PendingCloudwatchLogsExports struct { _ struct{} `type:"structure"` @@ -20604,6 +20692,13 @@ type RestoreDBClusterFromSnapshotInput struct { // SnapshotIdentifier is a required field SnapshotIdentifier *string `type:"string" required:"true"` + // Specifies the storage type to be associated with the DB cluster. + // + // Valid values: standard, iopt1 + // + // Default: standard + StorageType *string `type:"string"` + // The tags to be assigned to the restored DB cluster. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -20744,6 +20839,12 @@ func (s *RestoreDBClusterFromSnapshotInput) SetSnapshotIdentifier(v string) *Res return s } +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterFromSnapshotInput) SetStorageType(v string) *RestoreDBClusterFromSnapshotInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterFromSnapshotInput) SetTags(v []*Tag) *RestoreDBClusterFromSnapshotInput { s.Tags = v @@ -20915,6 +21016,13 @@ type RestoreDBClusterToPointInTimeInput struct { // SourceDBClusterIdentifier is a required field SourceDBClusterIdentifier *string `type:"string" required:"true"` + // Specifies the storage type to be associated with the DB cluster. + // + // Valid values: standard, iopt1 + // + // Default: standard + StorageType *string `type:"string"` + // The tags to be applied to the restored DB cluster. Tags []*Tag `locationNameList:"Tag" type:"list"` @@ -21042,6 +21150,12 @@ func (s *RestoreDBClusterToPointInTimeInput) SetSourceDBClusterIdentifier(v stri return s } +// SetStorageType sets the StorageType field's value. +func (s *RestoreDBClusterToPointInTimeInput) SetStorageType(v string) *RestoreDBClusterToPointInTimeInput { + s.StorageType = &v + return s +} + // SetTags sets the Tags field's value. func (s *RestoreDBClusterToPointInTimeInput) SetTags(v []*Tag) *RestoreDBClusterToPointInTimeInput { s.Tags = v diff --git a/service/pinpoint/api.go b/service/pinpoint/api.go index dd00f338887..9c8c5a2e8a8 100644 --- a/service/pinpoint/api.go +++ b/service/pinpoint/api.go @@ -15588,7 +15588,7 @@ type CampaignLimits struct { // The maximum number of messages that a campaign can send each second. For // an application, this value specifies the default limit for the number of - // messages that campaigns can send each second. The minimum value is 50. The + // messages that campaigns can send each second. The minimum value is 1. The // maximum value is 20,000. MessagesPerSecond *int64 `type:"integer"` diff --git a/service/securityhub/api.go b/service/securityhub/api.go index 01178187326..25a4b3128e8 100644 --- a/service/securityhub/api.go +++ b/service/securityhub/api.go @@ -8567,6 +8567,14 @@ func (c *SecurityHub) UpdateSecurityControlRequest(input *UpdateSecurityControlI // - AccessDeniedException // You don't have permission to perform the action specified in the request. // +// - ResourceNotFoundException +// The request was rejected because we can't find the specified resource. +// +// - ResourceInUseException +// The request was rejected because it conflicts with the resource's availability. +// For example, you tried to update a security control that's currently in the +// UPDATING state. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/securityhub-2018-10-26/UpdateSecurityControl func (c *SecurityHub) UpdateSecurityControl(input *UpdateSecurityControlInput) (*UpdateSecurityControlOutput, error) { req, out := c.UpdateSecurityControlRequest(input) @@ -18340,6 +18348,10 @@ type AwsDynamoDbTableDetails struct { // 2020-03-22T13:22:13.933Z. CreationDateTime *string `type:"string"` + // Indicates whether deletion protection is to be enabled (true) or disabled + // (false) on the table. + DeletionProtectionEnabled *bool `type:"boolean"` + // List of global secondary indexes for the table. GlobalSecondaryIndexes []*AwsDynamoDbTableGlobalSecondaryIndex `type:"list"` @@ -18439,6 +18451,12 @@ func (s *AwsDynamoDbTableDetails) SetCreationDateTime(v string) *AwsDynamoDbTabl return s } +// SetDeletionProtectionEnabled sets the DeletionProtectionEnabled field's value. +func (s *AwsDynamoDbTableDetails) SetDeletionProtectionEnabled(v bool) *AwsDynamoDbTableDetails { + s.DeletionProtectionEnabled = &v + return s +} + // SetGlobalSecondaryIndexes sets the GlobalSecondaryIndexes field's value. func (s *AwsDynamoDbTableDetails) SetGlobalSecondaryIndexes(v []*AwsDynamoDbTableGlobalSecondaryIndex) *AwsDynamoDbTableDetails { s.GlobalSecondaryIndexes = v @@ -19214,6 +19232,535 @@ func (s *AwsDynamoDbTableStreamSpecification) SetStreamViewType(v string) *AwsDy return s } +// Provides details about an Active Directory that’s used to authenticate +// an Client VPN endpoint. +type AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails struct { + _ struct{} `type:"structure"` + + // The ID of the Active Directory used for authentication. + DirectoryId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails) GoString() string { + return s.String() +} + +// SetDirectoryId sets the DirectoryId field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails) SetDirectoryId(v string) *AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails { + s.DirectoryId = &v + return s +} + +// Information about the authentication method used by the Client VPN endpoint. +type AwsEc2ClientVpnEndpointAuthenticationOptionsDetails struct { + _ struct{} `type:"structure"` + + // Information about the Active Directory, if applicable. With Active Directory + // authentication, clients are authenticated against existing Active Directory + // groups. + ActiveDirectory *AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails `type:"structure"` + + // Information about the IAM SAML identity provider, if applicable. + FederatedAuthentication *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails `type:"structure"` + + // Information about the authentication certificates, if applicable. + MutualAuthentication *AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails `type:"structure"` + + // The authentication type used. + Type *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) GoString() string { + return s.String() +} + +// SetActiveDirectory sets the ActiveDirectory field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) SetActiveDirectory(v *AwsEc2ClientVpnEndpointAuthenticationOptionsActiveDirectoryDetails) *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails { + s.ActiveDirectory = v + return s +} + +// SetFederatedAuthentication sets the FederatedAuthentication field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) SetFederatedAuthentication(v *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails) *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails { + s.FederatedAuthentication = v + return s +} + +// SetMutualAuthentication sets the MutualAuthentication field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) SetMutualAuthentication(v *AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails) *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails { + s.MutualAuthentication = v + return s +} + +// SetType sets the Type field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) SetType(v string) *AwsEc2ClientVpnEndpointAuthenticationOptionsDetails { + s.Type = &v + return s +} + +// Describes the IAM SAML identity providers used for federated authentication. +type AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the IAM SAML identity provider. + SamlProviderArn *string `type:"string"` + + // The Amazon Resource Name (ARN) of the IAM SAML identity provider for the + // self-service portal. + SelfServiceSamlProviderArn *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails) GoString() string { + return s.String() +} + +// SetSamlProviderArn sets the SamlProviderArn field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails) SetSamlProviderArn(v string) *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails { + s.SamlProviderArn = &v + return s +} + +// SetSelfServiceSamlProviderArn sets the SelfServiceSamlProviderArn field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails) SetSelfServiceSamlProviderArn(v string) *AwsEc2ClientVpnEndpointAuthenticationOptionsFederatedAuthenticationDetails { + s.SelfServiceSamlProviderArn = &v + return s +} + +// Information about the client certificate used for authentication. +type AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the client certificate. + ClientRootCertificateChain *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails) GoString() string { + return s.String() +} + +// SetClientRootCertificateChain sets the ClientRootCertificateChain field's value. +func (s *AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails) SetClientRootCertificateChain(v string) *AwsEc2ClientVpnEndpointAuthenticationOptionsMutualAuthenticationDetails { + s.ClientRootCertificateChain = &v + return s +} + +// The options for managing connection authorization for new client connections. +type AwsEc2ClientVpnEndpointClientConnectOptionsDetails struct { + _ struct{} `type:"structure"` + + // Indicates whether client connect options are enabled. + Enabled *bool `type:"boolean"` + + // The Amazon Resource Name (ARN) of the Lambda function used for connection + // authorization. + LambdaFunctionArn *string `type:"string"` + + // The status of any updates to the client connect options. + Status *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientConnectOptionsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientConnectOptionsDetails) GoString() string { + return s.String() +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsEc2ClientVpnEndpointClientConnectOptionsDetails) SetEnabled(v bool) *AwsEc2ClientVpnEndpointClientConnectOptionsDetails { + s.Enabled = &v + return s +} + +// SetLambdaFunctionArn sets the LambdaFunctionArn field's value. +func (s *AwsEc2ClientVpnEndpointClientConnectOptionsDetails) SetLambdaFunctionArn(v string) *AwsEc2ClientVpnEndpointClientConnectOptionsDetails { + s.LambdaFunctionArn = &v + return s +} + +// SetStatus sets the Status field's value. +func (s *AwsEc2ClientVpnEndpointClientConnectOptionsDetails) SetStatus(v *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails) *AwsEc2ClientVpnEndpointClientConnectOptionsDetails { + s.Status = v + return s +} + +// Describes the status of the Client VPN endpoint attribute. +type AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails struct { + _ struct{} `type:"structure"` + + // The status code. + Code *string `type:"string"` + + // The status message. + Message *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails) GoString() string { + return s.String() +} + +// SetCode sets the Code field's value. +func (s *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails) SetCode(v string) *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails { + s.Code = &v + return s +} + +// SetMessage sets the Message field's value. +func (s *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails) SetMessage(v string) *AwsEc2ClientVpnEndpointClientConnectOptionsStatusDetails { + s.Message = &v + return s +} + +// Options for enabling a customizable text banner that will be displayed on +// Amazon Web Services provided clients when a VPN session is established. +type AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails struct { + _ struct{} `type:"structure"` + + // Customizable text that will be displayed in a banner on Amazon Web Services + // provided clients when a VPN session is established. + BannerText *string `type:"string"` + + // Current state of text banner feature. + Enabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails) GoString() string { + return s.String() +} + +// SetBannerText sets the BannerText field's value. +func (s *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails) SetBannerText(v string) *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails { + s.BannerText = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails) SetEnabled(v bool) *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails { + s.Enabled = &v + return s +} + +// Information about the client connection logging options for the Client VPN +// endpoint. +type AwsEc2ClientVpnEndpointConnectionLogOptionsDetails struct { + _ struct{} `type:"structure"` + + // The name of the Amazon CloudWatch Logs log group to which connection logging + // data is published. + CloudwatchLogGroup *string `type:"string"` + + // The name of the Amazon CloudWatch Logs log stream to which connection logging + // data is published. + CloudwatchLogStream *string `type:"string"` + + // Indicates whether client connection logging is enabled for the Client VPN + // endpoint. + Enabled *bool `type:"boolean"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) GoString() string { + return s.String() +} + +// SetCloudwatchLogGroup sets the CloudwatchLogGroup field's value. +func (s *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) SetCloudwatchLogGroup(v string) *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails { + s.CloudwatchLogGroup = &v + return s +} + +// SetCloudwatchLogStream sets the CloudwatchLogStream field's value. +func (s *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) SetCloudwatchLogStream(v string) *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails { + s.CloudwatchLogStream = &v + return s +} + +// SetEnabled sets the Enabled field's value. +func (s *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) SetEnabled(v bool) *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails { + s.Enabled = &v + return s +} + +// Describes an Client VPN endpoint. A Client VPN endpoint is the resource that +// you create and configure to enable and manage client VPN sessions. It's the +// termination point for all client VPN sessions. +type AwsEc2ClientVpnEndpointDetails struct { + _ struct{} `type:"structure"` + + // Information about the authentication method used by the Client VPN endpoint. + AuthenticationOptions []*AwsEc2ClientVpnEndpointAuthenticationOptionsDetails `type:"list"` + + // The IPv4 address range, in CIDR notation, from which client IP addresses + // are assigned. + ClientCidrBlock *string `type:"string"` + + // The options for managing connection authorization for new client connections. + ClientConnectOptions *AwsEc2ClientVpnEndpointClientConnectOptionsDetails `type:"structure"` + + // Options for enabling a customizable text banner that will be displayed on + // Amazon Web Services provided clients when a VPN session is established. + ClientLoginBannerOptions *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails `type:"structure"` + + // The ID of the Client VPN endpoint. + ClientVpnEndpointId *string `type:"string"` + + // Information about the client connection logging options for the Client VPN + // endpoint. + ConnectionLogOptions *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails `type:"structure"` + + // A brief description of the endpoint. + Description *string `type:"string"` + + // Information about the DNS servers to be used for DNS resolution. + DnsServer []*string `type:"list"` + + // The IDs of the security groups for the target network. + SecurityGroupIdSet []*string `type:"list"` + + // The URL of the self-service portal. + SelfServicePortalUrl *string `type:"string"` + + // The Amazon Resource Name (ARN) of the server certificate. + ServerCertificateArn *string `type:"string"` + + // The maximum VPN session duration time in hours. + SessionTimeoutHours *int64 `type:"integer"` + + // Indicates whether split-tunnel is enabled in the Client VPN endpoint. + SplitTunnel *bool `type:"boolean"` + + // The transport protocol used by the Client VPN endpoint. + TransportProtocol *string `type:"string"` + + // The ID of the VPC. + VpcId *string `type:"string"` + + // The port number for the Client VPN endpoint. + VpnPort *int64 `type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsEc2ClientVpnEndpointDetails) GoString() string { + return s.String() +} + +// SetAuthenticationOptions sets the AuthenticationOptions field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetAuthenticationOptions(v []*AwsEc2ClientVpnEndpointAuthenticationOptionsDetails) *AwsEc2ClientVpnEndpointDetails { + s.AuthenticationOptions = v + return s +} + +// SetClientCidrBlock sets the ClientCidrBlock field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetClientCidrBlock(v string) *AwsEc2ClientVpnEndpointDetails { + s.ClientCidrBlock = &v + return s +} + +// SetClientConnectOptions sets the ClientConnectOptions field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetClientConnectOptions(v *AwsEc2ClientVpnEndpointClientConnectOptionsDetails) *AwsEc2ClientVpnEndpointDetails { + s.ClientConnectOptions = v + return s +} + +// SetClientLoginBannerOptions sets the ClientLoginBannerOptions field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetClientLoginBannerOptions(v *AwsEc2ClientVpnEndpointClientLoginBannerOptionsDetails) *AwsEc2ClientVpnEndpointDetails { + s.ClientLoginBannerOptions = v + return s +} + +// SetClientVpnEndpointId sets the ClientVpnEndpointId field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetClientVpnEndpointId(v string) *AwsEc2ClientVpnEndpointDetails { + s.ClientVpnEndpointId = &v + return s +} + +// SetConnectionLogOptions sets the ConnectionLogOptions field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetConnectionLogOptions(v *AwsEc2ClientVpnEndpointConnectionLogOptionsDetails) *AwsEc2ClientVpnEndpointDetails { + s.ConnectionLogOptions = v + return s +} + +// SetDescription sets the Description field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetDescription(v string) *AwsEc2ClientVpnEndpointDetails { + s.Description = &v + return s +} + +// SetDnsServer sets the DnsServer field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetDnsServer(v []*string) *AwsEc2ClientVpnEndpointDetails { + s.DnsServer = v + return s +} + +// SetSecurityGroupIdSet sets the SecurityGroupIdSet field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetSecurityGroupIdSet(v []*string) *AwsEc2ClientVpnEndpointDetails { + s.SecurityGroupIdSet = v + return s +} + +// SetSelfServicePortalUrl sets the SelfServicePortalUrl field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetSelfServicePortalUrl(v string) *AwsEc2ClientVpnEndpointDetails { + s.SelfServicePortalUrl = &v + return s +} + +// SetServerCertificateArn sets the ServerCertificateArn field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetServerCertificateArn(v string) *AwsEc2ClientVpnEndpointDetails { + s.ServerCertificateArn = &v + return s +} + +// SetSessionTimeoutHours sets the SessionTimeoutHours field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetSessionTimeoutHours(v int64) *AwsEc2ClientVpnEndpointDetails { + s.SessionTimeoutHours = &v + return s +} + +// SetSplitTunnel sets the SplitTunnel field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetSplitTunnel(v bool) *AwsEc2ClientVpnEndpointDetails { + s.SplitTunnel = &v + return s +} + +// SetTransportProtocol sets the TransportProtocol field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetTransportProtocol(v string) *AwsEc2ClientVpnEndpointDetails { + s.TransportProtocol = &v + return s +} + +// SetVpcId sets the VpcId field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetVpcId(v string) *AwsEc2ClientVpnEndpointDetails { + s.VpcId = &v + return s +} + +// SetVpnPort sets the VpnPort field's value. +func (s *AwsEc2ClientVpnEndpointDetails) SetVpnPort(v int64) *AwsEc2ClientVpnEndpointDetails { + s.VpnPort = &v + return s +} + // Information about an Elastic IP address. type AwsEc2EipDetails struct { _ struct{} `type:"structure"` @@ -33790,7 +34337,8 @@ func (s *AwsMskClusterClusterInfoClientAuthenticationUnauthenticatedDetails) Set return s } -// Provide details about an Amazon MSK cluster. +// Provide details about an Amazon Managed Streaming for Apache Kafka (Amazon +// MSK) cluster. type AwsMskClusterClusterInfoDetails struct { _ struct{} `type:"structure"` @@ -33800,13 +34348,16 @@ type AwsMskClusterClusterInfoDetails struct { // The name of the cluster. ClusterName *string `type:"string"` - // The current version of the MSK cluster. + // The current version of the cluster. CurrentVersion *string `type:"string"` // Includes encryption-related information, such as the KMS key used for encrypting // data at rest and whether you want Amazon MSK to encrypt your data in transit. EncryptionInfo *AwsMskClusterClusterInfoEncryptionInfoDetails `type:"structure"` + // Specifies the level of monitoring for the cluster. + EnhancedMonitoring *string `type:"string"` + // The number of broker nodes in the cluster. NumberOfBrokerNodes *int64 `type:"integer"` } @@ -33853,6 +34404,12 @@ func (s *AwsMskClusterClusterInfoDetails) SetEncryptionInfo(v *AwsMskClusterClus return s } +// SetEnhancedMonitoring sets the EnhancedMonitoring field's value. +func (s *AwsMskClusterClusterInfoDetails) SetEnhancedMonitoring(v string) *AwsMskClusterClusterInfoDetails { + s.EnhancedMonitoring = &v + return s +} + // SetNumberOfBrokerNodes sets the NumberOfBrokerNodes field's value. func (s *AwsMskClusterClusterInfoDetails) SetNumberOfBrokerNodes(v int64) *AwsMskClusterClusterInfoDetails { s.NumberOfBrokerNodes = &v @@ -39534,6 +40091,139 @@ func (s *AwsRoute53QueryLoggingConfigDetails) SetCloudWatchLogsLogGroupArn(v *Cl return s } +// Returns configuration information about the specified Amazon S3 access point. +// S3 access points are named network endpoints that are attached to buckets +// that you can use to perform S3 object operations. +type AwsS3AccessPointDetails struct { + _ struct{} `type:"structure"` + + // The Amazon Resource Name (ARN) of the access point. + AccessPointArn *string `type:"string"` + + // The name or alias of the access point. + Alias *string `type:"string"` + + // The name of the S3 bucket associated with the specified access point. + Bucket *string `type:"string"` + + // The Amazon Web Services account ID associated with the S3 bucket associated + // with this access point. + BucketAccountId *string `type:"string"` + + // The name of the specified access point. + Name *string `type:"string"` + + // Indicates whether this access point allows access from the public internet. + NetworkOrigin *string `type:"string"` + + // provides information about the Amazon S3 Public Access Block configuration + // for accounts. + PublicAccessBlockConfiguration *AwsS3AccountPublicAccessBlockDetails `type:"structure"` + + // Contains the virtual private cloud (VPC) configuration for the specified + // access point. + VpcConfiguration *AwsS3AccessPointVpcConfigurationDetails `type:"structure"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3AccessPointDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3AccessPointDetails) GoString() string { + return s.String() +} + +// SetAccessPointArn sets the AccessPointArn field's value. +func (s *AwsS3AccessPointDetails) SetAccessPointArn(v string) *AwsS3AccessPointDetails { + s.AccessPointArn = &v + return s +} + +// SetAlias sets the Alias field's value. +func (s *AwsS3AccessPointDetails) SetAlias(v string) *AwsS3AccessPointDetails { + s.Alias = &v + return s +} + +// SetBucket sets the Bucket field's value. +func (s *AwsS3AccessPointDetails) SetBucket(v string) *AwsS3AccessPointDetails { + s.Bucket = &v + return s +} + +// SetBucketAccountId sets the BucketAccountId field's value. +func (s *AwsS3AccessPointDetails) SetBucketAccountId(v string) *AwsS3AccessPointDetails { + s.BucketAccountId = &v + return s +} + +// SetName sets the Name field's value. +func (s *AwsS3AccessPointDetails) SetName(v string) *AwsS3AccessPointDetails { + s.Name = &v + return s +} + +// SetNetworkOrigin sets the NetworkOrigin field's value. +func (s *AwsS3AccessPointDetails) SetNetworkOrigin(v string) *AwsS3AccessPointDetails { + s.NetworkOrigin = &v + return s +} + +// SetPublicAccessBlockConfiguration sets the PublicAccessBlockConfiguration field's value. +func (s *AwsS3AccessPointDetails) SetPublicAccessBlockConfiguration(v *AwsS3AccountPublicAccessBlockDetails) *AwsS3AccessPointDetails { + s.PublicAccessBlockConfiguration = v + return s +} + +// SetVpcConfiguration sets the VpcConfiguration field's value. +func (s *AwsS3AccessPointDetails) SetVpcConfiguration(v *AwsS3AccessPointVpcConfigurationDetails) *AwsS3AccessPointDetails { + s.VpcConfiguration = v + return s +} + +// The virtual private cloud (VPC) configuration for an Amazon S3 access point. +type AwsS3AccessPointVpcConfigurationDetails struct { + _ struct{} `type:"structure"` + + // If this field is specified, this access point will only allow connections + // from the specified VPC ID. + VpcId *string `type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3AccessPointVpcConfigurationDetails) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s AwsS3AccessPointVpcConfigurationDetails) GoString() string { + return s.String() +} + +// SetVpcId sets the VpcId field's value. +func (s *AwsS3AccessPointVpcConfigurationDetails) SetVpcId(v string) *AwsS3AccessPointVpcConfigurationDetails { + s.VpcId = &v + return s +} + // provides information about the Amazon S3 Public Access Block configuration // for accounts. type AwsS3AccountPublicAccessBlockDetails struct { @@ -40179,14 +40869,14 @@ func (s *AwsS3BucketBucketVersioningConfiguration) SetStatus(v string) *AwsS3Buc return s } -// The details of an Amazon S3 bucket. +// The details of an Amazon Simple Storage Service (Amazon S3) bucket. type AwsS3BucketDetails struct { _ struct{} `type:"structure"` // The access control list for the S3 bucket. AccessControlList *string `type:"string"` - // The lifecycle configuration for objects in the S3 bucket. + // The lifecycle configuration for objects in the specified bucket. BucketLifecycleConfiguration *AwsS3BucketBucketLifecycleConfigurationDetails `type:"structure"` // The logging configuration for the S3 bucket. @@ -40209,8 +40899,11 @@ type AwsS3BucketDetails struct { // 2020-03-22T13:22:13.933Z. CreatedAt *string `type:"string"` + // The name of the bucket. + Name *string `type:"string"` + // Specifies which rule Amazon S3 applies by default to every new object placed - // in the specified bucket. + // in the bucket. ObjectLockConfiguration *AwsS3BucketObjectLockConfiguration `type:"structure"` // The Amazon Web Services account identifier of the account that owns the S3 @@ -40291,6 +40984,12 @@ func (s *AwsS3BucketDetails) SetCreatedAt(v string) *AwsS3BucketDetails { return s } +// SetName sets the Name field's value. +func (s *AwsS3BucketDetails) SetName(v string) *AwsS3BucketDetails { + s.Name = &v + return s +} + // SetObjectLockConfiguration sets the ObjectLockConfiguration field's value. func (s *AwsS3BucketDetails) SetObjectLockConfiguration(v *AwsS3BucketObjectLockConfiguration) *AwsS3BucketDetails { s.ObjectLockConfiguration = v @@ -48222,7 +48921,8 @@ type ConfigurationPolicySummary struct { // The universally unique identifier (UUID) of the configuration policy. Id *string `type:"string"` - // The name of the configuration policy. + // The name of the configuration policy. Alphanumeric characters and the following + // ASCII characters are permitted: -, ., !, *, /. Name *string `type:"string"` // Indicates whether the service that the configuration policy applies to is @@ -48739,7 +49439,8 @@ type CreateConfigurationPolicyInput struct { // The description of the configuration policy. Description *string `type:"string"` - // The name of the configuration policy. + // The name of the configuration policy. Alphanumeric characters and the following + // ASCII characters are permitted: -, ., !, *, /. // // Name is a required field Name *string `type:"string" required:"true"` @@ -56799,7 +57500,14 @@ type ParameterConfiguration struct { Value *ParameterValue `type:"structure"` // Identifies whether a control parameter uses a custom user-defined value or - // the Security Hub default value. + // subscribes to the default Security Hub behavior. + // + // When ValueType is set equal to DEFAULT, the default behavior can be a specific + // Security Hub default value, or the default behavior can be to ignore a specific + // parameter. When ValueType is set equal to DEFAULT, Security Hub ignores user-provided + // input for the Value field. + // + // When ValueType is set equal to CUSTOM, the Value field can't be empty. // // ValueType is a required field ValueType *string `type:"string" required:"true" enum:"ParameterValueType"` @@ -58156,6 +58864,11 @@ type ResourceDetails struct { // Details about a DynamoDB table. AwsDynamoDbTable *AwsDynamoDbTableDetails `type:"structure"` + // Provides details about an Client VPN endpoint. A Client VPN endpoint is the + // resource that you create and configure to enable and manage client VPN sessions. + // It's the termination point for all client VPN sessions. + AwsEc2ClientVpnEndpoint *AwsEc2ClientVpnEndpointDetails `type:"structure"` + // Details about an Elastic IP address. AwsEc2Eip *AwsEc2EipDetails `type:"structure"` @@ -58337,6 +59050,11 @@ type ResourceDetails struct { // name. AwsRoute53HostedZone *AwsRoute53HostedZoneDetails `type:"structure"` + // Provides details about an Amazon Simple Storage Service (Amazon S3) access + // point. S3 access points are named network endpoints that are attached to + // S3 buckets that you can use to perform S3 object operations. + AwsS3AccessPoint *AwsS3AccessPointDetails `type:"structure"` + // Details about the Amazon S3 Public Access Block configuration for an account. AwsS3AccountPublicAccessBlock *AwsS3AccountPublicAccessBlockDetails `type:"structure"` @@ -58580,6 +59298,12 @@ func (s *ResourceDetails) SetAwsDynamoDbTable(v *AwsDynamoDbTableDetails) *Resou return s } +// SetAwsEc2ClientVpnEndpoint sets the AwsEc2ClientVpnEndpoint field's value. +func (s *ResourceDetails) SetAwsEc2ClientVpnEndpoint(v *AwsEc2ClientVpnEndpointDetails) *ResourceDetails { + s.AwsEc2ClientVpnEndpoint = v + return s +} + // SetAwsEc2Eip sets the AwsEc2Eip field's value. func (s *ResourceDetails) SetAwsEc2Eip(v *AwsEc2EipDetails) *ResourceDetails { s.AwsEc2Eip = v @@ -58898,6 +59622,12 @@ func (s *ResourceDetails) SetAwsRoute53HostedZone(v *AwsRoute53HostedZoneDetails return s } +// SetAwsS3AccessPoint sets the AwsS3AccessPoint field's value. +func (s *ResourceDetails) SetAwsS3AccessPoint(v *AwsS3AccessPointDetails) *ResourceDetails { + s.AwsS3AccessPoint = v + return s +} + // SetAwsS3AccountPublicAccessBlock sets the AwsS3AccountPublicAccessBlock field's value. func (s *ResourceDetails) SetAwsS3AccountPublicAccessBlock(v *AwsS3AccountPublicAccessBlockDetails) *ResourceDetails { s.AwsS3AccountPublicAccessBlock = v @@ -63579,7 +64309,8 @@ type UpdateConfigurationPolicyInput struct { // Identifier is a required field Identifier *string `location:"uri" locationName:"Identifier" type:"string" required:"true"` - // The name of the configuration policy. + // The name of the configuration policy. Alphanumeric characters and the following + // ASCII characters are permitted: -, ., !, *, /. Name *string `type:"string"` // The reason for updating the configuration policy.