Creates a VPC with the specified CIDR blocks. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
You can optionally request an IPv6 CIDR block for the VPC. You can request an Amazon-provided IPv6 CIDR block from Amazon's pool of IPv6 addresses or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP).
By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.
You can specify the instance tenancy value for the VPC when you create it. You can't change this value for the VPC after you create it. For more information, see Dedicated Instances in the Amazon EC2 User Guide.
" }, + "CreateVpcBlockPublicAccessExclusion":{ + "name":"CreateVpcBlockPublicAccessExclusion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateVpcBlockPublicAccessExclusionRequest"}, + "output":{"shape":"CreateVpcBlockPublicAccessExclusionResult"}, + "documentation":"Create a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, "CreateVpcEndpoint":{ "name":"CreateVpcEndpoint", "http":{ @@ -2091,6 +2101,16 @@ "input":{"shape":"DeleteVpcRequest"}, "documentation":"Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete all security groups associated with the VPC (except the default one), delete all route tables associated with the VPC (except the default one), and so on. When you delete the VPC, it deletes the default security group, network ACL, and route table for the VPC.
If you created a flow log for the VPC that you are deleting, note that flow logs for deleted VPCs are eventually automatically removed.
" }, + "DeleteVpcBlockPublicAccessExclusion":{ + "name":"DeleteVpcBlockPublicAccessExclusion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteVpcBlockPublicAccessExclusionRequest"}, + "output":{"shape":"DeleteVpcBlockPublicAccessExclusionResult"}, + "documentation":"Delete a VPC Block Public Access (BPA) exclusion. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, "DeleteVpcEndpointConnectionNotifications":{ "name":"DeleteVpcEndpointConnectionNotifications", "http":{ @@ -3667,6 +3687,26 @@ "output":{"shape":"DescribeVpcAttributeResult"}, "documentation":"Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.
" }, + "DescribeVpcBlockPublicAccessExclusions":{ + "name":"DescribeVpcBlockPublicAccessExclusions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpcBlockPublicAccessExclusionsRequest"}, + "output":{"shape":"DescribeVpcBlockPublicAccessExclusionsResult"}, + "documentation":"Describe VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, + "DescribeVpcBlockPublicAccessOptions":{ + "name":"DescribeVpcBlockPublicAccessOptions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DescribeVpcBlockPublicAccessOptionsRequest"}, + "output":{"shape":"DescribeVpcBlockPublicAccessOptionsResult"}, + "documentation":"Describe VPC Block Public Access (BPA) options. VPC Block public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, "DescribeVpcClassicLink":{ "name":"DescribeVpcClassicLink", "http":{ @@ -5510,6 +5550,26 @@ "input":{"shape":"ModifyVpcAttributeRequest"}, "documentation":"Modifies the specified attribute of the specified VPC.
" }, + "ModifyVpcBlockPublicAccessExclusion":{ + "name":"ModifyVpcBlockPublicAccessExclusion", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyVpcBlockPublicAccessExclusionRequest"}, + "output":{"shape":"ModifyVpcBlockPublicAccessExclusionResult"}, + "documentation":"Modify VPC Block Public Access (BPA) exclusions. A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on.
" + }, + "ModifyVpcBlockPublicAccessOptions":{ + "name":"ModifyVpcBlockPublicAccessOptions", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ModifyVpcBlockPublicAccessOptionsRequest"}, + "output":{"shape":"ModifyVpcBlockPublicAccessOptionsResult"}, + "documentation":"Modify VPC Block Public Access (BPA) options. VPC Block public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, "ModifyVpcEndpoint":{ "name":"ModifyVpcEndpoint", "http":{ @@ -9716,6 +9776,25 @@ "locationName":"BlockDeviceMapping" } }, + "BlockPublicAccessMode":{ + "type":"string", + "enum":[ + "off", + "block-bidirectional", + "block-ingress" + ] + }, + "BlockPublicAccessStates":{ + "type":"structure", + "members":{ + "InternetGatewayBlockMode":{ + "shape":"BlockPublicAccessMode", + "documentation":"The mode of VPC BPA.
bidirectional-access-allowed: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
bidirectional-access-blocked: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
ingress-access-blocked: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
The state of VPC Block Public Access (BPA).
" + }, "Boolean":{"type":"boolean"}, "BootModeType":{ "type":"string", @@ -16414,6 +16493,43 @@ } } }, + "CreateVpcBlockPublicAccessExclusionRequest":{ + "type":"structure", + "required":["InternetGatewayExclusionMode"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
A subnet ID.
" + }, + "VpcId":{ + "shape":"VpcId", + "documentation":"A VPC ID.
" + }, + "InternetGatewayExclusionMode":{ + "shape":"InternetGatewayExclusionMode", + "documentation":"The exclusion mode for internet gateway traffic.
bidirectional-access-allowed: Allow all internet traffic to and from the excluded VPCs and subnets.
egress-access-allowed: Allow outbound internet traffic from the excluded VPCs and subnets. Block inbound internet traffic to the excluded VPCs and subnets. Only applies when VPC Block Public Access is set to Bidirectional.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Details about an exclusion.
", + "locationName":"vpcBlockPublicAccessExclusion" + } + } + }, "CreateVpcEndpointConnectionNotificationRequest":{ "type":"structure", "required":[ @@ -18880,6 +18996,30 @@ } } }, + "DeleteVpcBlockPublicAccessExclusionRequest":{ + "type":"structure", + "required":["ExclusionId"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of the exclusion.
" + } + } + }, + "DeleteVpcBlockPublicAccessExclusionResult":{ + "type":"structure", + "members":{ + "VpcBlockPublicAccessExclusion":{ + "shape":"VpcBlockPublicAccessExclusion", + "documentation":"Details about an exclusion.
", + "locationName":"vpcBlockPublicAccessExclusion" + } + } + }, "DeleteVpcEndpointConnectionNotificationsRequest":{ "type":"structure", "required":["ConnectionNotificationIds"], @@ -19866,7 +20006,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"The filters.
group-id - The ID of a VPC security group that's associated with the instance.
instance-id - The ID of the instance.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC to which the instance is linked.
The filters.
group-id - The ID of a VPC security group that's associated with the instance.
instance-id - The ID of the instance.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC to which the instance is linked.
The filters.
dhcp-options-id - The ID of a DHCP options set.
key - The key for one of the options (for example, domain-name).
value - The value for one of the options.
owner-id - The ID of the Amazon Web Services account that owns the DHCP options set.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
dhcp-options-id - The ID of a DHCP options set.
key - The key for one of the options (for example, domain-name).
value - The value for one of the options.
owner-id - The ID of the Amazon Web Services account that owns the DHCP options set.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
attachment.state - The current state of the attachment between the gateway and the VPC (available). Present only if a VPC is attached.
attachment.vpc-id - The ID of an attached VPC.
internet-gateway-id - The ID of the Internet gateway.
owner-id - The ID of the Amazon Web Services account that owns the internet gateway.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
attachment.state - The current state of the attachment between the gateway and the VPC (available). Present only if a VPC is attached.
attachment.vpc-id - The ID of an attached VPC.
internet-gateway-id - The ID of the Internet gateway.
owner-id - The ID of the Amazon Web Services account that owns the internet gateway.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
nat-gateway-id - The ID of the NAT gateway.
state - The state of the NAT gateway (pending | failed | available | deleting | deleted).
subnet-id - The ID of the subnet in which the NAT gateway resides.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC in which the NAT gateway resides.
The filters.
nat-gateway-id - The ID of the NAT gateway.
state - The state of the NAT gateway (pending | failed | available | deleting | deleted).
subnet-id - The ID of the subnet in which the NAT gateway resides.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC in which the NAT gateway resides.
The filters.
association.association-id - The ID of an association ID for the ACL.
association.network-acl-id - The ID of the network ACL involved in the association.
association.subnet-id - The ID of the subnet involved in the association.
default - Indicates whether the ACL is the default network ACL for the VPC.
entry.cidr - The IPv4 CIDR range specified in the entry.
entry.icmp.code - The ICMP code specified in the entry, if any.
entry.icmp.type - The ICMP type specified in the entry, if any.
entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.
entry.port-range.from - The start of the port range specified in the entry.
entry.port-range.to - The end of the port range specified in the entry.
entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a protocol number).
entry.rule-action - Allows or denies the matching traffic (allow | deny).
entry.egress - A Boolean that indicates the type of rule. Specify true for egress rules, or false for ingress rules.
entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.
network-acl-id - The ID of the network ACL.
owner-id - The ID of the Amazon Web Services account that owns the network ACL.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the network ACL.
The filters.
association.association-id - The ID of an association ID for the ACL.
association.network-acl-id - The ID of the network ACL involved in the association.
association.subnet-id - The ID of the subnet involved in the association.
default - Indicates whether the ACL is the default network ACL for the VPC.
entry.cidr - The IPv4 CIDR range specified in the entry.
entry.icmp.code - The ICMP code specified in the entry, if any.
entry.icmp.type - The ICMP type specified in the entry, if any.
entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.
entry.port-range.from - The start of the port range specified in the entry.
entry.port-range.to - The end of the port range specified in the entry.
entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a protocol number).
entry.rule-action - Allows or denies the matching traffic (allow | deny).
entry.egress - A Boolean that indicates the type of rule. Specify true for egress rules, or false for ingress rules.
entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.
network-acl-id - The ID of the network ACL.
owner-id - The ID of the Amazon Web Services account that owns the network ACL.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the network ACL.
The filters.
association.gateway-id - The ID of the gateway involved in the association.
association.route-table-association-id - The ID of an association ID for the route table.
association.route-table-id - The ID of the route table involved in the association.
association.subnet-id - The ID of the subnet involved in the association.
association.main - Indicates whether the route table is the main route table for the VPC (true | false). Route tables that do not have an association ID are not returned in the response.
owner-id - The ID of the Amazon Web Services account that owns the route table.
route-table-id - The ID of the route table.
route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.
route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Services service specified in a route in the table.
route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.
route.gateway-id - The ID of a gateway specified in a route in the table.
route.instance-id - The ID of an instance specified in a route in the table.
route.nat-gateway-id - The ID of a NAT gateway.
route.transit-gateway-id - The ID of a transit gateway.
route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when the route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.
route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, the specified NAT instance has been terminated, and so on).
route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the route table.
The filters.
association.gateway-id - The ID of the gateway involved in the association.
association.route-table-association-id - The ID of an association ID for the route table.
association.route-table-id - The ID of the route table involved in the association.
association.subnet-id - The ID of the subnet involved in the association.
association.main - Indicates whether the route table is the main route table for the VPC (true | false). Route tables that do not have an association ID are not returned in the response.
owner-id - The ID of the Amazon Web Services account that owns the route table.
route-table-id - The ID of the route table.
route.destination-cidr-block - The IPv4 CIDR range specified in a route in the table.
route.destination-ipv6-cidr-block - The IPv6 CIDR range specified in a route in the route table.
route.destination-prefix-list-id - The ID (prefix) of the Amazon Web Services service specified in a route in the table.
route.egress-only-internet-gateway-id - The ID of an egress-only Internet gateway specified in a route in the route table.
route.gateway-id - The ID of a gateway specified in a route in the table.
route.instance-id - The ID of an instance specified in a route in the table.
route.nat-gateway-id - The ID of a NAT gateway.
route.transit-gateway-id - The ID of a transit gateway.
route.origin - Describes how the route was created. CreateRouteTable indicates that the route was automatically created when the route table was created; CreateRoute indicates that the route was manually added to the route table; EnableVgwRoutePropagation indicates that the route was propagated by route propagation.
route.state - The state of a route in the route table (active | blackhole). The blackhole state indicates that the route's target isn't available (for example, the specified gateway isn't attached to the VPC, the specified NAT instance has been terminated, and so on).
route.vpc-peering-connection-id - The ID of a VPC peering connection specified in a route in the table.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the route table.
The filters.
availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.
availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.
available-ip-address-count - The number of IPv4 addresses in the subnet that are available.
cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.
customer-owned-ipv4-pool - The customer-owned IPv4 address pool associated with the subnet.
default-for-az - Indicates whether this is the default subnet for the Availability Zone (true | false). You can also use defaultForAz as the filter name.
enable-dns64 - Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
enable-lni-at-device-index - Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1).
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.
ipv6-native - Indicates whether this is an IPv6 only subnet (true | false).
map-customer-owned-ip-on-launch - Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.
map-public-ip-on-launch - Indicates whether instances launched in this subnet receive a public IPv4 address.
outpost-arn - The Amazon Resource Name (ARN) of the Outpost.
owner-id - The ID of the Amazon Web Services account that owns the subnet.
private-dns-name-options-on-launch.hostname-type - The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).
private-dns-name-options-on-launch.enable-resource-name-dns-a-record - Indicates whether to respond to DNS queries for instance hostnames with DNS A records.
private-dns-name-options-on-launch.enable-resource-name-dns-aaaa-record - Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.
state - The state of the subnet (pending | available).
subnet-arn - The Amazon Resource Name (ARN) of the subnet.
subnet-id - The ID of the subnet.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the subnet.
The filters.
availability-zone - The Availability Zone for the subnet. You can also use availabilityZone as the filter name.
availability-zone-id - The ID of the Availability Zone for the subnet. You can also use availabilityZoneId as the filter name.
available-ip-address-count - The number of IPv4 addresses in the subnet that are available.
cidr-block - The IPv4 CIDR block of the subnet. The CIDR block you specify must exactly match the subnet's CIDR block for information to be returned for the subnet. You can also use cidr or cidrBlock as the filter names.
customer-owned-ipv4-pool - The customer-owned IPv4 address pool associated with the subnet.
default-for-az - Indicates whether this is the default subnet for the Availability Zone (true | false). You can also use defaultForAz as the filter name.
enable-dns64 - Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
enable-lni-at-device-index - Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1).
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.association-id - An association ID for an IPv6 CIDR block associated with the subnet.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the subnet.
ipv6-native - Indicates whether this is an IPv6 only subnet (true | false).
map-customer-owned-ip-on-launch - Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.
map-public-ip-on-launch - Indicates whether instances launched in this subnet receive a public IPv4 address.
outpost-arn - The Amazon Resource Name (ARN) of the Outpost.
owner-id - The ID of the Amazon Web Services account that owns the subnet.
private-dns-name-options-on-launch.hostname-type - The type of hostname to assign to instances in the subnet at launch. For IPv4-only and dual-stack (IPv4 and IPv6) subnets, an instance DNS name can be based on the instance IPv4 address (ip-name) or the instance ID (resource-name). For IPv6 only subnets, an instance DNS name must be based on the instance ID (resource-name).
private-dns-name-options-on-launch.enable-resource-name-dns-a-record - Indicates whether to respond to DNS queries for instance hostnames with DNS A records.
private-dns-name-options-on-launch.enable-resource-name-dns-aaaa-record - Indicates whether to respond to DNS queries for instance hostnames with DNS AAAA records.
state - The state of the subnet (pending | available).
subnet-arn - The Amazon Resource Name (ARN) of the subnet.
subnet-id - The ID of the subnet.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the subnet.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Filters for the request:
resource-arn - The Amazon Resource Name (ARN) of a exclusion.
internet-gateway-exclusion-mode - The mode of a VPC BPA exclusion. Possible values: bidirectional-access-allowed | egress-access-allowed.
state - The state of VPC BPA. Possible values: create-in-progress | create-complete | update-in-progress | update-complete | delete-in-progress | deleted-complete | disable-in-progress | disable-complete
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
tag-value: The value of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific value, regardless of the tag key.
IDs of exclusions.
", + "locationName":"ExclusionId" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
" + }, + "MaxResults":{ + "shape":"DescribeVpcBlockPublicAccessExclusionsMaxResults", + "documentation":"The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
" + } + } + }, + "DescribeVpcBlockPublicAccessExclusionsResult":{ + "type":"structure", + "members":{ + "VpcBlockPublicAccessExclusions":{ + "shape":"VpcBlockPublicAccessExclusionList", + "documentation":"Details related to the exclusions.
", + "locationName":"vpcBlockPublicAccessExclusionSet" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token to include in another request to get the next page of items. This value is null when there are no more items to return.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
Details related to the options.
", + "locationName":"vpcBlockPublicAccessOptions" + } + } + }, "DescribeVpcClassicLinkDnsSupportMaxResults":{ "type":"integer", "max":255, @@ -25801,7 +26007,7 @@ }, "Filters":{ "shape":"FilterList", - "documentation":"The filters.
is-classic-link-enabled - Whether the VPC is enabled for ClassicLink (true | false).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
is-classic-link-enabled - Whether the VPC is enabled for ClassicLink (true | false).
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
The filters.
accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC.
accepter-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the accepter VPC.
accepter-vpc-info.vpc-id - The ID of the accepter VPC.
expiration-time - The expiration date and time for the VPC peering connection.
requester-vpc-info.cidr-block - The IPv4 CIDR block of the requester's VPC.
requester-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the requester VPC.
requester-vpc-info.vpc-id - The ID of the requester VPC.
status-code - The status of the VPC peering connection (pending-acceptance | failed | expired | provisioning | active | deleting | deleted | rejected).
status-message - A message that provides more information about the status of the VPC peering connection, if applicable.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-peering-connection-id - The ID of the VPC peering connection.
The filters.
accepter-vpc-info.cidr-block - The IPv4 CIDR block of the accepter VPC.
accepter-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the accepter VPC.
accepter-vpc-info.vpc-id - The ID of the accepter VPC.
expiration-time - The expiration date and time for the VPC peering connection.
requester-vpc-info.cidr-block - The IPv4 CIDR block of the requester's VPC.
requester-vpc-info.owner-id - The ID of the Amazon Web Services account that owns the requester VPC.
requester-vpc-info.vpc-id - The ID of the requester VPC.
status-code - The status of the VPC peering connection (pending-acceptance | failed | expired | provisioning | active | deleting | deleted | rejected).
status-message - A message that provides more information about the status of the VPC peering connection, if applicable.
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-peering-connection-id - The ID of the VPC peering connection.
The filters.
cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).
cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.
cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.
cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.
dhcp-options-id - The ID of a set of DHCP options.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.
is-default - Indicates whether the VPC is the default VPC.
owner-id - The ID of the Amazon Web Services account that owns the VPC.
state - The state of the VPC (pending | available).
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC.
The filters.
cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).
cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.
cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.
cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.
dhcp-options-id - The ID of a set of DHCP options.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.
is-default - Indicates whether the VPC is the default VPC.
owner-id - The ID of the Amazon Web Services account that owns the VPC.
state - The state of the VPC (pending | available).
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC.
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The ID of an exclusion.
" + }, + "InternetGatewayExclusionMode":{ + "shape":"InternetGatewayExclusionMode", + "documentation":"The exclusion mode for internet gateway traffic.
bidirectional-access-allowed: Allow all internet traffic to and from the excluded VPCs and subnets.
egress-access-allowed: Allow outbound internet traffic from the excluded VPCs and subnets. Block inbound internet traffic to the excluded VPCs and subnets. Only applies when VPC Block Public Access is set to Bidirectional.
Details related to the exclusion.
", + "locationName":"vpcBlockPublicAccessExclusion" + } + } + }, + "ModifyVpcBlockPublicAccessOptionsRequest":{ + "type":"structure", + "required":["InternetGatewayBlockMode"], + "members":{ + "DryRun":{ + "shape":"Boolean", + "documentation":"Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
The mode of VPC BPA.
bidirectional-access-allowed: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
bidirectional-access-blocked: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
ingress-access-blocked: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
Details related to the VPC Block Public Access (BPA) options.
", + "locationName":"vpcBlockPublicAccessOptions" + } + } + }, "ModifyVpcEndpointConnectionNotificationRequest":{ "type":"structure", "required":["ConnectionNotificationId"], @@ -56611,6 +56887,11 @@ "documentation":"The type of hostnames to assign to instances in the subnet at launch. An instance hostname is based on the IPv4 address or ID of the instance.
", "locationName":"privateDnsNameOptionsOnLaunch" }, + "BlockPublicAccessStates":{ + "shape":"BlockPublicAccessStates", + "documentation":"The state of VPC Block Public Access (BPA).
", + "locationName":"blockPublicAccessStates" + }, "SubnetId":{ "shape":"String", "documentation":"The ID of the subnet.
", @@ -61642,6 +61923,11 @@ "documentation":"Any tags assigned to the VPC.
", "locationName":"tagSet" }, + "BlockPublicAccessStates":{ + "shape":"BlockPublicAccessStates", + "documentation":"The state of VPC Block Public Access (BPA).
", + "locationName":"blockPublicAccessStates" + }, "VpcId":{ "shape":"String", "documentation":"The ID of the VPC.
", @@ -61696,6 +61982,131 @@ "enableNetworkAddressUsageMetrics" ] }, + "VpcBlockPublicAccessExclusion":{ + "type":"structure", + "members":{ + "ExclusionId":{ + "shape":"VpcBlockPublicAccessExclusionId", + "documentation":"The ID of the exclusion.
", + "locationName":"exclusionId" + }, + "InternetGatewayExclusionMode":{ + "shape":"InternetGatewayExclusionMode", + "documentation":"The exclusion mode for internet gateway traffic.
bidirectional-access-allowed: Allow all internet traffic to and from the excluded VPCs and subnets.
egress-access-allowed: Allow outbound internet traffic from the excluded VPCs and subnets. Block inbound internet traffic to the excluded VPCs and subnets. Only applies when VPC Block Public Access is set to Bidirectional.
The ARN of the exclusion.
", + "locationName":"resourceArn" + }, + "State":{ + "shape":"VpcBlockPublicAccessExclusionState", + "documentation":"The state of the exclusion.
", + "locationName":"state" + }, + "Reason":{ + "shape":"String", + "documentation":"The reason for the current exclusion state.
", + "locationName":"reason" + }, + "CreationTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"When the exclusion was created.
", + "locationName":"creationTimestamp" + }, + "LastUpdateTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"When the exclusion was last updated.
", + "locationName":"lastUpdateTimestamp" + }, + "DeletionTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"When the exclusion was deleted.
", + "locationName":"deletionTimestamp" + }, + "Tags":{ + "shape":"TagList", + "documentation":" tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
A VPC BPA exclusion is a mode that can be applied to a single VPC or subnet that exempts it from the account’s BPA mode and will allow bidirectional or egress-only access. You can create BPA exclusions for VPCs and subnets even when BPA is not enabled on the account to ensure that there is no traffic disruption to the exclusions when VPC BPA is turned on. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, + "VpcBlockPublicAccessExclusionId":{"type":"string"}, + "VpcBlockPublicAccessExclusionIdList":{ + "type":"list", + "member":{ + "shape":"VpcBlockPublicAccessExclusionId", + "locationName":"item" + } + }, + "VpcBlockPublicAccessExclusionList":{ + "type":"list", + "member":{ + "shape":"VpcBlockPublicAccessExclusion", + "locationName":"item" + } + }, + "VpcBlockPublicAccessExclusionState":{ + "type":"string", + "enum":[ + "create-in-progress", + "create-complete", + "create-failed", + "update-in-progress", + "update-complete", + "update-failed", + "delete-in-progress", + "delete-complete", + "disable-in-progress", + "disable-complete" + ] + }, + "VpcBlockPublicAccessOptions":{ + "type":"structure", + "members":{ + "AwsAccountId":{ + "shape":"String", + "documentation":"An Amazon Web Services account ID.
", + "locationName":"awsAccountId" + }, + "AwsRegion":{ + "shape":"String", + "documentation":"An Amazon Web Services Region.
", + "locationName":"awsRegion" + }, + "State":{ + "shape":"VpcBlockPublicAccessState", + "documentation":"The current state of VPC BPA.
", + "locationName":"state" + }, + "InternetGatewayBlockMode":{ + "shape":"InternetGatewayBlockMode", + "documentation":"The current mode of VPC BPA.
bidirectional-access-allowed: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
bidirectional-access-blocked: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
ingress-access-blocked: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
The reason for the current state.
", + "locationName":"reason" + }, + "LastUpdateTimestamp":{ + "shape":"MillisecondDateTime", + "documentation":"The last time the VPC BPA mode was updated.
", + "locationName":"lastUpdateTimestamp" + } + }, + "documentation":"VPC Block public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.
" + }, + "VpcBlockPublicAccessState":{ + "type":"string", + "enum":[ + "default-state", + "update-in-progress", + "update-complete" + ] + }, "VpcCidrAssociationId":{"type":"string"}, "VpcCidrBlockAssociation":{ "type":"structure", diff --git a/botocore/data/ecs/2014-11-13/service-2.json b/botocore/data/ecs/2014-11-13/service-2.json index 411a7ee3f0..f4a14ae092 100644 --- a/botocore/data/ecs/2014-11-13/service-2.json +++ b/botocore/data/ecs/2014-11-13/service-2.json @@ -1699,6 +1699,10 @@ "shape":"BoxedInteger", "documentation":"Time duration (in seconds) to wait before the container is forcefully killed if it doesn't exit normally on its own.
For tasks using the Fargate launch type, the task or service requires the following platforms:
Linux platform version 1.3.0 or later.
Windows platform version 1.0.0 or later.
For tasks that use the Fargate launch type, the max stop timeout value is 120 seconds and if the parameter is not specified, the default value of 30 seconds is used.
For tasks that use the EC2 launch type, if the stopTimeout parameter isn't specified, the value set for the Amazon ECS container agent configuration variable ECS_CONTAINER_STOP_TIMEOUT is used. If neither the stopTimeout parameter or the ECS_CONTAINER_STOP_TIMEOUT agent configuration variable are set, then the default values of 30 seconds for Linux containers and 30 seconds on Windows containers are used. Your container instances require at least version 1.26.0 of the container agent to use a container stop timeout value. However, we recommend using the latest container agent version. For information about checking your agent version and updating to the latest version, see Updating the Amazon ECS Container Agent in the Amazon Elastic Container Service Developer Guide. If you're using an Amazon ECS-optimized Linux AMI, your instance needs at least version 1.26.0-1 of the ecs-init package. If your container instances are launched from version 20190301 or later, then they contain the required versions of the container agent and ecs-init. For more information, see Amazon ECS-optimized Linux AMI in the Amazon Elastic Container Service Developer Guide.
The valid values for Fargate are 2-120 seconds.
" }, + "versionConsistency":{ + "shape":"VersionConsistency", + "documentation":"Specifies whether Amazon ECS will resolve the container image tag provided in the container definition to an image digest. By default, the value is enabled. If you set the value for a container as disabled, Amazon ECS will not resolve the provided container image tag to a digest and will use the original image URI specified in the container definition for deployment. For more information about container image resolution, see Container image resolution in the Amazon ECS Developer Guide.
The hostname to use for your container. This parameter maps to Hostname in the docker container create command and the --hostname option to docker run.
The hostname parameter is not supported if you're using the awsvpc network mode.
Creates a new, empty file system. The operation requires a creation token in the request that Amazon EFS uses to ensure idempotent creation (calling the operation with same creation token has no effect). If a file system does not currently exist that is owned by the caller's Amazon Web Services account with the specified creation token, this operation does the following:
Creates a new, empty file system. The file system will have an Amazon EFS assigned ID, and an initial lifecycle state creating.
Returns with the description of the created file system.
Otherwise, this operation returns a FileSystemAlreadyExists error with the ID of the existing file system.
For basic use cases, you can use a randomly generated UUID for the creation token.
The idempotent operation allows you to retry a CreateFileSystem call without risk of creating an extra file system. This can happen when an initial call fails in a way that leaves it uncertain whether or not a file system was actually created. An example might be that a transport level timeout occurred or your connection was reset. As long as you use the same creation token, if the initial call had succeeded in creating a file system, the client can learn of its existence from the FileSystemAlreadyExists error.
For more information, see Creating a file system in the Amazon EFS User Guide.
The CreateFileSystem call returns while the file system's lifecycle state is still creating. You can check the file system creation status by calling the DescribeFileSystems operation, which among other things returns the file system state.
This operation accepts an optional PerformanceMode parameter that you choose for your file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO mode is a previous generation performance type that is designed for highly parallelized workloads that can tolerate higher latencies than the General Purpose mode. Max I/O mode is not supported for One Zone file systems or file systems that use Elastic throughput.
Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.
The performance mode can't be changed after the file system has been created. For more information, see Amazon EFS performance modes.
You can set the throughput mode for the file system using the ThroughputMode parameter.
After the file system is fully created, Amazon EFS sets its lifecycle state to available, at which point you can create one or more mount targets for the file system in your VPC. For more information, see CreateMountTarget. You mount your Amazon EFS file system on an EC2 instances in your VPC by using the mount target. For more information, see Amazon EFS: How it Works.
This operation requires permissions for the elasticfilesystem:CreateFileSystem action.
File systems can be tagged on creation. If tags are specified in the creation action, IAM performs additional authorization on the elasticfilesystem:TagResource action to verify if users have permissions to create tags. Therefore, you must grant explicit permissions to use the elasticfilesystem:TagResource action. For more information, see Granting permissions to tag resources during creation.
Creates a new, empty file system. The operation requires a creation token in the request that Amazon EFS uses to ensure idempotent creation (calling the operation with same creation token has no effect). If a file system does not currently exist that is owned by the caller's Amazon Web Services account with the specified creation token, this operation does the following:
Creates a new, empty file system. The file system will have an Amazon EFS assigned ID, and an initial lifecycle state creating.
Returns with the description of the created file system.
Otherwise, this operation returns a FileSystemAlreadyExists error with the ID of the existing file system.
For basic use cases, you can use a randomly generated UUID for the creation token.
The idempotent operation allows you to retry a CreateFileSystem call without risk of creating an extra file system. This can happen when an initial call fails in a way that leaves it uncertain whether or not a file system was actually created. An example might be that a transport level timeout occurred or your connection was reset. As long as you use the same creation token, if the initial call had succeeded in creating a file system, the client can learn of its existence from the FileSystemAlreadyExists error.
For more information, see Creating a file system in the Amazon EFS User Guide.
The CreateFileSystem call returns while the file system's lifecycle state is still creating. You can check the file system creation status by calling the DescribeFileSystems operation, which among other things returns the file system state.
This operation accepts an optional PerformanceMode parameter that you choose for your file system. We recommend generalPurpose PerformanceMode for all file systems. The maxIO mode is a previous generation performance type that is designed for highly parallelized workloads that can tolerate higher latencies than the generalPurpose mode. MaxIO mode is not supported for One Zone file systems or file systems that use Elastic throughput.
The PerformanceMode can't be changed after the file system has been created. For more information, see Amazon EFS performance modes.
You can set the throughput mode for the file system using the ThroughputMode parameter.
After the file system is fully created, Amazon EFS sets its lifecycle state to available, at which point you can create one or more mount targets for the file system in your VPC. For more information, see CreateMountTarget. You mount your Amazon EFS file system on an EC2 instances in your VPC by using the mount target. For more information, see Amazon EFS: How it Works.
This operation requires permissions for the elasticfilesystem:CreateFileSystem action.
File systems can be tagged on creation. If tags are specified in the creation action, IAM performs additional authorization on the elasticfilesystem:TagResource action to verify if users have permissions to create tags. Therefore, you must grant explicit permissions to use the elasticfilesystem:TagResource action. For more information, see Granting permissions to tag resources during creation.
Creates a replication configuration that replicates an existing EFS file system to a new, read-only file system. For more information, see Amazon EFS replication in the Amazon EFS User Guide. The replication configuration specifies the following:
Source file system – The EFS file system that you want replicated. The source file system cannot be a destination file system in an existing replication configuration.
Amazon Web Services Region – The Amazon Web Services Region in which the destination file system is created. Amazon EFS replication is available in all Amazon Web Services Regions in which EFS is available. The Region must be enabled. For more information, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference Reference Guide.
Destination file system configuration – The configuration of the destination file system to which the source file system will be replicated. There can only be one destination file system in a replication configuration.
Parameters for the replication configuration include:
File system ID – The ID of the destination file system for the replication. If no ID is provided, then EFS creates a new file system with the default settings. For existing file systems, the file system's replication overwrite protection must be disabled. For more information, see Replicating to an existing file system.
Availability Zone – If you want the destination file system to use One Zone storage, you must specify the Availability Zone to create the file system in. For more information, see EFS file system types in the Amazon EFS User Guide.
Encryption – All destination file systems are created with encryption at rest enabled. You can specify the Key Management Service (KMS) key that is used to encrypt the destination file system. If you don't specify a KMS key, your service-managed KMS key for Amazon EFS is used.
After the file system is created, you cannot change the KMS key.
After the file system is created, you cannot change the KMS key.
For new destination file systems, the following properties are set by default:
Performance mode - The destination file system's performance mode matches that of the source file system, unless the destination file system uses EFS One Zone storage. In that case, the General Purpose performance mode is used. The performance mode cannot be changed.
Throughput mode - The destination file system's throughput mode matches that of the source file system. After the file system is created, you can modify the throughput mode.
Lifecycle management – Lifecycle management is not enabled on the destination file system. After the destination file system is created, you can enable lifecycle management.
Automatic backups – Automatic daily backups are enabled on the destination file system. After the file system is created, you can change this setting.
For more information, see Amazon EFS replication in the Amazon EFS User Guide.
" + "documentation":"Creates a replication configuration to either a new or existing EFS file system. For more information, see Amazon EFS replication in the Amazon EFS User Guide. The replication configuration specifies the following:
Source file system – The EFS file system that you want to replicate.
Destination file system – The destination file system to which the source file system is replicated. There can only be one destination file system in a replication configuration.
A file system can be part of only one replication configuration.
The destination parameters for the replication configuration depend on whether you are replicating to a new file system or to an existing file system, and if you are replicating across Amazon Web Services accounts. See DestinationToCreate for more information.
This operation requires permissions for the elasticfilesystem:CreateReplicationConfiguration action. Additionally, other permissions are required depending on how you are replicating file systems. For more information, see Required permissions for replication in the Amazon EFS User Guide.
Deletes a file system, permanently severing access to its contents. Upon return, the file system no longer exists and you can't access any contents of the deleted file system.
You need to manually delete mount targets attached to a file system before you can delete an EFS file system. This step is performed for you when you use the Amazon Web Services console to delete a file system.
You cannot delete a file system that is part of an EFS Replication configuration. You need to delete the replication configuration first.
You can't delete a file system that is in use. That is, if the file system has any mount targets, you must first delete them. For more information, see DescribeMountTargets and DeleteMountTarget.
The DeleteFileSystem call returns while the file system state is still deleting. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass file system ID or creation token for the deleted file system, the DescribeFileSystems returns a 404 FileSystemNotFound error.
This operation requires permissions for the elasticfilesystem:DeleteFileSystem action.
Deletes a file system, permanently severing access to its contents. Upon return, the file system no longer exists and you can't access any contents of the deleted file system.
You need to manually delete mount targets attached to a file system before you can delete an EFS file system. This step is performed for you when you use the Amazon Web Services console to delete a file system.
You cannot delete a file system that is part of an EFS replication configuration. You need to delete the replication configuration first.
You can't delete a file system that is in use. That is, if the file system has any mount targets, you must first delete them. For more information, see DescribeMountTargets and DeleteMountTarget.
The DeleteFileSystem call returns while the file system state is still deleting. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass file system ID or creation token for the deleted file system, the DescribeFileSystems returns a 404 FileSystemNotFound error.
This operation requires permissions for the elasticfilesystem:DeleteFileSystem action.
Applies an Amazon EFS FileSystemPolicy to an Amazon EFS file system. A file system policy is an IAM resource-based policy and can contain multiple policy statements. A file system always has exactly one file system policy, which can be the default policy or an explicit policy set or updated using this API operation. EFS file system policies have a 20,000 character limit. When an explicit policy is set, it overrides the default policy. For more information about the default file system policy, see Default EFS File System Policy.
EFS file system policies have a 20,000 character limit.
This operation requires permissions for the elasticfilesystem:PutFileSystemPolicy action.
Applies an Amazon EFS FileSystemPolicy to an Amazon EFS file system. A file system policy is an IAM resource-based policy and can contain multiple policy statements. A file system always has exactly one file system policy, which can be the default policy or an explicit policy set or updated using this API operation. EFS file system policies have a 20,000 character limit. When an explicit policy is set, it overrides the default policy. For more information about the default file system policy, see Default EFS file system policy.
EFS file system policies have a 20,000 character limit.
This operation requires permissions for the elasticfilesystem:PutFileSystemPolicy action.
Use this action to manage storage for your file system. A LifecycleConfiguration consists of one or more LifecyclePolicy objects that define the following:
TransitionToIA – When to move files in the file system from primary storage (Standard storage class) into the Infrequent Access (IA) storage.
TransitionToArchive – When to move files in the file system from their current storage class (either IA or Standard storage) into the Archive storage.
File systems cannot transition into Archive storage before transitioning into IA storage. Therefore, TransitionToArchive must either not be set or must be later than TransitionToIA.
The Archive storage class is available only for file systems that use the Elastic Throughput mode and the General Purpose Performance mode.
TransitionToPrimaryStorageClass – Whether to move files in the file system back to primary storage (Standard storage class) after they are accessed in IA or Archive storage.
For more information, see Managing file system storage.
Each Amazon EFS file system supports one lifecycle configuration, which applies to all files in the file system. If a LifecycleConfiguration object already exists for the specified file system, a PutLifecycleConfiguration call modifies the existing configuration. A PutLifecycleConfiguration call with an empty LifecyclePolicies array in the request body deletes any existing LifecycleConfiguration. In the request, specify the following:
The ID for the file system for which you are enabling, disabling, or modifying Lifecycle management.
A LifecyclePolicies array of LifecyclePolicy objects that define when to move files to IA storage, to Archive storage, and back to primary storage.
Amazon EFS requires that each LifecyclePolicy object have only have a single transition, so the LifecyclePolicies array needs to be structured with separate LifecyclePolicy objects. See the example requests in the following section for more information.
This operation requires permissions for the elasticfilesystem:PutLifecycleConfiguration operation.
To apply a LifecycleConfiguration object to an encrypted file system, you need the same Key Management Service permissions as when you created the encrypted file system.
Use this action to manage storage for your file system. A LifecycleConfiguration consists of one or more LifecyclePolicy objects that define the following:
TransitionToIA – When to move files in the file system from primary storage (Standard storage class) into the Infrequent Access (IA) storage.
TransitionToArchive – When to move files in the file system from their current storage class (either IA or Standard storage) into the Archive storage.
File systems cannot transition into Archive storage before transitioning into IA storage. Therefore, TransitionToArchive must either not be set or must be later than TransitionToIA.
The Archive storage class is available only for file systems that use the Elastic throughput mode and the General Purpose performance mode.
TransitionToPrimaryStorageClass – Whether to move files in the file system back to primary storage (Standard storage class) after they are accessed in IA or Archive storage.
For more information, see Managing file system storage.
Each Amazon EFS file system supports one lifecycle configuration, which applies to all files in the file system. If a LifecycleConfiguration object already exists for the specified file system, a PutLifecycleConfiguration call modifies the existing configuration. A PutLifecycleConfiguration call with an empty LifecyclePolicies array in the request body deletes any existing LifecycleConfiguration. In the request, specify the following:
The ID for the file system for which you are enabling, disabling, or modifying lifecycle management.
A LifecyclePolicies array of LifecyclePolicy objects that define when to move files to IA storage, to Archive storage, and back to primary storage.
Amazon EFS requires that each LifecyclePolicy object have only have a single transition, so the LifecyclePolicies array needs to be structured with separate LifecyclePolicy objects. See the example requests in the following section for more information.
This operation requires permissions for the elasticfilesystem:PutLifecycleConfiguration operation.
To apply a LifecycleConfiguration object to an encrypted file system, you need the same Key Management Service permissions as when you created the encrypted file system.
The Performance mode of the file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The maxIO mode is not supported on One Zone file systems.
Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.
Default is generalPurpose.
The performance mode of the file system. We recommend generalPurpose performance mode for all file systems. File systems using the maxIO performance mode can scale to higher levels of aggregate throughput and operations per second with a tradeoff of slightly higher latencies for most file operations. The performance mode can't be changed after the file system has been created. The maxIO mode is not supported on One Zone file systems.
Due to the higher per-operation latencies with Max I/O, we recommend using General Purpose performance mode for all file systems.
Default is generalPurpose.
Used to create a One Zone file system. It specifies the Amazon Web Services Availability Zone in which to create the file system. Use the format us-east-1a to specify the Availability Zone. For more information about One Zone file systems, see Using EFS storage classes in the Amazon EFS User Guide.
One Zone file systems are not available in all Availability Zones in Amazon Web Services Regions where Amazon EFS is available.
For One Zone file systems, specify the Amazon Web Services Availability Zone in which to create the file system. Use the format us-east-1a to specify the Availability Zone. For more information about One Zone file systems, see EFS file system types in the Amazon EFS User Guide.
One Zone file systems are not available in all Availability Zones in Amazon Web Services Regions where Amazon EFS is available.
The ID of the source file system in the replication configuration.
", "location":"uri", "locationName":"SourceFileSystemId" + }, + "DeletionMode":{ + "shape":"DeletionMode", + "documentation":"When replicating across Amazon Web Services accounts or across Amazon Web Services Regions, Amazon EFS deletes the replication configuration from both the source and destination account or Region (ALL_CONFIGURATIONS) by default. If there's a configuration or permissions issue that prevents Amazon EFS from deleting the replication configuration from both sides, you can use the LOCAL_CONFIGURATION_ONLY mode to delete the replication configuration from only the local side (the account or Region from which the delete is performed).
Only use the LOCAL_CONFIGURATION_ONLY mode in the case that Amazon EFS is unable to delete the replication configuration in both the source and destination account or Region. Deleting the local configuration leaves the configuration in the other account or Region unrecoverable.
Additionally, do not use this mode for same-account, same-region replication as doing so results in a BadRequest exception error.
You can retrieve the replication configuration for a specific file system by providing its file system ID.
", + "documentation":"You can retrieve the replication configuration for a specific file system by providing its file system ID. For cross-account,cross-region replication, an account can only describe the replication configuration for a file system in its own Region.
", "location":"querystring", "locationName":"FileSystemId" }, @@ -1310,7 +1323,7 @@ "members":{ "Status":{ "shape":"ReplicationStatus", - "documentation":"Describes the status of the destination EFS file system.
The Paused state occurs as a result of opting out of the source or destination Region after the replication configuration was created. To resume replication for the file system, you need to again opt in to the Amazon Web Services Region. For more information, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference Guide.
The Error state occurs when either the source or the destination file system (or both) is in a failed state and is unrecoverable. For more information, see Monitoring replication status in the Amazon EFS User Guide. You must delete the replication configuration, and then restore the most recent backup of the failed file system (either the source or the destination) to a new file system.
Describes the status of the replication configuration. For more information about replication status, see Viewing replication details in the Amazon EFS User Guide.
" }, "FileSystemId":{ "shape":"FileSystemId", @@ -1323,6 +1336,18 @@ "LastReplicatedTimestamp":{ "shape":"Timestamp", "documentation":"The time when the most recent sync was successfully completed on the destination file system. Any changes to data on the source file system that occurred before this time have been successfully replicated to the destination file system. Any changes that occurred after this time might not be fully replicated.
" + }, + "OwnerId":{ + "shape":"AwsAccountId", + "documentation":"ID of the Amazon Web Services account in which the destination file system resides.
" + }, + "StatusMessage":{ + "shape":"StatusMessage", + "documentation":"Message that provides details about the PAUSED or ERRROR state of the replication destination configuration. For more information about replication status messages, see Viewing replication details in the Amazon EFS User Guide.
Amazon Resource Name (ARN) of the IAM role in the source account that allows Amazon EFS to perform replication on its behalf. This is optional for same-account replication and required for cross-account replication.
" } }, "documentation":"Describes the destination file system in the replication configuration.
" @@ -1332,7 +1357,7 @@ "members":{ "Region":{ "shape":"RegionName", - "documentation":"To create a file system that uses Regional storage, specify the Amazon Web Services Region in which to create the destination file system.
" + "documentation":"To create a file system that uses Regional storage, specify the Amazon Web Services Region in which to create the destination file system. The Region must be enabled for the Amazon Web Services account that owns the source file system. For more information, see Managing Amazon Web Services Regions in the Amazon Web Services General Reference Reference Guide.
" }, "AvailabilityZoneName":{ "shape":"AvailabilityZoneName", @@ -1340,14 +1365,18 @@ }, "KmsKeyId":{ "shape":"KmsKeyId", - "documentation":"Specify the Key Management Service (KMS) key that you want to use to encrypt the destination file system. If you do not specify a KMS key, Amazon EFS uses your default KMS key for Amazon EFS, /aws/elasticfilesystem. This ID can be in one of the following formats:
Key ID - The unique identifier of the key, for example 1234abcd-12ab-34cd-56ef-1234567890ab.
ARN - The Amazon Resource Name (ARN) for the key, for example arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias - A previously created display name for a key, for example alias/projectKey1.
Key alias ARN - The ARN for a key alias, for example arn:aws:kms:us-west-2:444455556666:alias/projectKey1.
Specify the Key Management Service (KMS) key that you want to use to encrypt the destination file system. If you do not specify a KMS key, Amazon EFS uses your default KMS key for Amazon EFS, /aws/elasticfilesystem. This ID can be in one of the following formats:
Key ID - The unique identifier of the key, for example 1234abcd-12ab-34cd-56ef-1234567890ab.
ARN - The ARN for the key, for example arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab.
Key alias - A previously created display name for a key, for example alias/projectKey1.
Key alias ARN - The ARN for a key alias, for example arn:aws:kms:us-west-2:444455556666:alias/projectKey1.
The ID of the file system to use for the destination. The file system's replication overwrite replication must be disabled. If you do not provide an ID, then EFS creates a new file system for the replication destination.
" + "documentation":"The ID or ARN of the file system to use for the destination. For cross-account replication, this must be an ARN. The file system's replication overwrite replication must be disabled. If no ID or ARN is specified, then a new file system is created.
" + }, + "RoleArn":{ + "shape":"RoleArn", + "documentation":"Amazon Resource Name (ARN) of the IAM role in the source account that allows Amazon EFS to perform replication on its behalf. This is optional for same-account replication and required for cross-account replication.
" } }, - "documentation":"Describes the new or existing destination file system for the replication configuration.
" + "documentation":"Describes the new or existing destination file system for the replication configuration.
If you want to replicate to a new file system, do not specify the File System ID for the destination file system. Amazon EFS creates a new, empty file system. For One Zone storage, specify the Availability Zone to create the file system in. To use an Key Management Service key other than the default KMS key, then specify it. For more information, see Configuring replication to new Amazon EFS file system in the Amazon EFS User Guide.
After the file system is created, you cannot change the KMS key or the performance mode.
If you want to replicate to an existing file system that's in the same account as the source file system, then you need to provide the ID or Amazon Resource Name (ARN) of the file system to which to replicate. The file system's replication overwrite protection must be disabled. For more information, see Replicating to an existing file system in the Amazon EFS User Guide.
If you are replicating the file system to a file system that's in a different account than the source file system (cross-account replication), you need to provide the ARN for the file system and the IAM role that allows Amazon EFS to perform replication on the destination account. The file system's replication overwrite protection must be disabled. For more information, see Replicating across Amazon Web Services accounts in the Amazon EFS User Guide.
The Performance mode of the file system.
" + "documentation":"The performance mode of the file system.
" }, "Encrypted":{ "shape":"Encrypted", @@ -1691,10 +1720,10 @@ }, "TransitionToArchive":{ "shape":"TransitionToArchiveRules", - "documentation":"The number of days after files were last accessed in primary storage (the Standard storage class) files at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don't count as file access events.
" + "documentation":"The number of days after files were last accessed in primary storage (the Standard storage class) at which to move them to Archive storage. Metadata operations such as listing the contents of a directory don't count as file access events.
" } }, - "documentation":"Describes a policy used by Lifecycle management that specifies when to transition files into and out of storage classes. For more information, see Managing file system storage.
When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration API action, Amazon EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies must be structured as an array of LifecyclePolicy objects, one object for each transition. For more information, see the request examples in PutLifecycleConfiguration.
Describes a policy used by lifecycle management that specifies when to transition files into and out of storage classes. For more information, see Managing file system storage.
When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration API action, Amazon EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies must be structured as an array of LifecyclePolicy objects, one object for each transition. For more information, see the request examples in PutLifecycleConfiguration.
The FileSystemPolicy that you're creating. Accepts a JSON formatted policy definition. EFS file system policies have a 20,000 character limit. To find out more about the elements that make up a file system policy, see EFS Resource-based Policies.
The FileSystemPolicy that you're creating. Accepts a JSON formatted policy definition. EFS file system policies have a 20,000 character limit. To find out more about the elements that make up a file system policy, see Resource-based policies within Amazon EFS.
An array of LifecyclePolicy objects that define the file system's LifecycleConfiguration object. A LifecycleConfiguration object informs EFS Lifecycle management of the following:
TransitionToIA – When to move files in the file system from primary storage (Standard storage class) into the Infrequent Access (IA) storage.
TransitionToArchive – When to move files in the file system from their current storage class (either IA or Standard storage) into the Archive storage.
File systems cannot transition into Archive storage before transitioning into IA storage. Therefore, TransitionToArchive must either not be set or must be later than TransitionToIA.
The Archive storage class is available only for file systems that use the Elastic Throughput mode and the General Purpose Performance mode.
TransitionToPrimaryStorageClass – Whether to move files in the file system back to primary storage (Standard storage class) after they are accessed in IA or Archive storage.
When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration API action, Amazon EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies must be structured as an array of LifecyclePolicy objects, one object for each storage transition. See the example requests in the following section for more information.
An array of LifecyclePolicy objects that define the file system's LifecycleConfiguration object. A LifecycleConfiguration object informs lifecycle management of the following:
TransitionToIA – When to move files in the file system from primary storage (Standard storage class) into the Infrequent Access (IA) storage.
TransitionToArchive – When to move files in the file system from their current storage class (either IA or Standard storage) into the Archive storage.
File systems cannot transition into Archive storage before transitioning into IA storage. Therefore, TransitionToArchive must either not be set or must be later than TransitionToIA.
The Archive storage class is available only for file systems that use the Elastic throughput mode and the General Purpose performance mode.
TransitionToPrimaryStorageClass – Whether to move files in the file system back to primary storage (Standard storage class) after they are accessed in IA or Archive storage.
When using the put-lifecycle-configuration CLI command or the PutLifecycleConfiguration API action, Amazon EFS requires that each LifecyclePolicy object have only a single transition. This means that in a request body, LifecyclePolicies must be structured as an array of LifecyclePolicy objects, one object for each storage transition. See the example requests in the following section for more information.
An array of destination objects. Only one destination object is supported.
" + }, + "SourceFileSystemOwnerId":{ + "shape":"AwsAccountId", + "documentation":"ID of the Amazon Web Services account in which the source file system resides.
" } }, "documentation":"Describes the replication configuration for a specific file system.
" @@ -2155,6 +2188,11 @@ "member":{"shape":"Resource"}, "documentation":"EFS resources to which a preference applies to." }, + "RoleArn":{ + "type":"string", + "max":2048, + "pattern":"arn:(aws[a-zA-Z-]*)?:iam::\\d{12}:role/?[a-zA-Z_0-9+=,.@\\-_/]+" + }, "RootDirectory":{ "type":"structure", "members":{ @@ -2167,7 +2205,7 @@ "documentation":"(Optional) Specifies the POSIX IDs and permissions to apply to the access point's RootDirectory. If the RootDirectory > Path specified does not exist, EFS creates the root directory using the CreationInfo settings when a client connects to an access point. When specifying the CreationInfo, you must provide values for all properties.
If you do not provide CreationInfo and the specified RootDirectory > Path does not exist, attempts to mount the file system using the access point will fail.
Specifies the directory on the Amazon EFS file system that the access point provides access to. The access point exposes the specified file system path as the root directory of your file system to applications using the access point. NFS clients using the access point can only access data in the access point's RootDirectory and it's subdirectories.
Specifies the directory on the Amazon EFS file system that the access point provides access to. The access point exposes the specified file system path as the root directory of your file system to applications using the access point. NFS clients using the access point can only access data in the access point's RootDirectory and its subdirectories.
The status of the file system's replication overwrite protection.
ENABLED – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ENABLED by default.
DISABLED – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.
REPLICATING – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.
If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled, the file system becomes writeable.
" + "documentation":"The status of the file system's replication overwrite protection.
ENABLED – The file system cannot be used as the destination file system in a replication configuration. The file system is writeable. Replication overwrite protection is ENABLED by default.
DISABLED – The file system can be used as the destination file system in a replication configuration. The file system is read-only and can only be modified by EFS replication.
REPLICATING – The file system is being used as the destination file system in a replication configuration. The file system is read-only and is only modified only by EFS replication.
If the replication configuration is deleted, the file system's replication overwrite protection is re-enabled and the file system becomes writeable.
" } } }, diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index 02b08efd46..0d53406cc0 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -5063,6 +5063,7 @@ }, "connect-campaigns" : { "endpoints" : { + "af-south-1" : { }, "ap-southeast-2" : { }, "ca-central-1" : { }, "eu-central-1" : { }, diff --git a/botocore/data/glue/2017-03-31/service-2.json b/botocore/data/glue/2017-03-31/service-2.json index 88431bb37c..00520d3c76 100644 --- a/botocore/data/glue/2017-03-31/service-2.json +++ b/botocore/data/glue/2017-03-31/service-2.json @@ -747,7 +747,7 @@ {"shape":"InternalServiceException"}, {"shape":"ThrottlingException"} ], - "documentation":"Creates a new table optimizer for a specific function. compaction is the only currently supported optimizer type.
Creates a new table optimizer for a specific function.
" }, "CreateTrigger":{ "name":"CreateTrigger", @@ -8585,7 +8585,7 @@ }, "Type":{ "shape":"TableOptimizerType", - "documentation":"The type of table optimizer. Currently, the only valid value is compaction.
The type of table optimizer.
" }, "TableOptimizerConfiguration":{ "shape":"TableOptimizerConfiguration", @@ -16566,7 +16566,7 @@ }, "Type":{ "shape":"TableOptimizerType", - "documentation":"The type of table optimizer. Currently, the only valid value is compaction.
The type of table optimizer.
" }, "MaxResults":{ "shape":"MaxListTableOptimizerRunsTokenResults", @@ -22077,6 +22077,10 @@ "shape":"NullableBoolean", "documentation":"Whether table optimization is enabled.
" }, + "vpcConfiguration":{ + "shape":"TableOptimizerVpcConfiguration", + "documentation":"A TableOptimizerVpcConfiguration object representing the VPC configuration for a table optimizer.
This configuration is necessary to perform optimization on tables that are in a customer VPC.
" + }, "retentionConfiguration":{ "shape":"RetentionConfiguration", "documentation":"The configuration for a snapshot retention optimizer.
" @@ -22150,6 +22154,17 @@ "orphan_file_deletion" ] }, + "TableOptimizerVpcConfiguration":{ + "type":"structure", + "members":{ + "glueConnectionName":{ + "shape":"glueConnectionNameString", + "documentation":"The name of the Glue connection used for the VPC for the table optimizer.
" + } + }, + "documentation":"An object that describes the VPC configuration for a table optimizer.
This configuration is necessary to perform optimization on tables that are in a customer VPC.
", + "union":true + }, "TablePrefix":{ "type":"string", "max":128, @@ -23751,7 +23766,7 @@ }, "Type":{ "shape":"TableOptimizerType", - "documentation":"The type of table optimizer. Currently, the only valid value is compaction.
The type of table optimizer.
" }, "TableOptimizerConfiguration":{ "shape":"TableOptimizerConfiguration", @@ -24522,6 +24537,10 @@ "double":{"type":"double"}, "dpuCounts":{"type":"integer"}, "dpuDurationInHour":{"type":"double"}, + "glueConnectionNameString":{ + "type":"string", + "min":1 + }, "metricCounts":{"type":"long"}, "tableNameString":{ "type":"string", diff --git a/botocore/data/keyspaces/2022-02-10/service-2.json b/botocore/data/keyspaces/2022-02-10/service-2.json index 864cd36198..8c2f872b88 100644 --- a/botocore/data/keyspaces/2022-02-10/service-2.json +++ b/botocore/data/keyspaces/2022-02-10/service-2.json @@ -66,7 +66,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":" The CreateType operation creates a new user-defined type in the specified keyspace.
For more information, see User-defined types (UDTs) in the Amazon Keyspaces Developer Guide.
" + "documentation":" The CreateType operation creates a new user-defined type in the specified keyspace.
To configure the required permissions, see Permissions to create a UDT in the Amazon Keyspaces Developer Guide.
For more information, see User-defined types (UDTs) in the Amazon Keyspaces Developer Guide.
" }, "DeleteKeyspace":{ "name":"DeleteKeyspace", @@ -120,7 +120,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":" The DeleteType operation deletes a user-defined type (UDT). You can only delete a type that is not used in a table or another UDT.
The DeleteType operation deletes a user-defined type (UDT). You can only delete a type that is not used in a table or another UDT.
To configure the required permissions, see Permissions to delete a UDT in the Amazon Keyspaces Developer Guide.
" }, "GetKeyspace":{ "name":"GetKeyspace", @@ -137,7 +137,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Returns the name and the Amazon Resource Name (ARN) of the specified table.
" + "documentation":"Returns the name of the specified keyspace, the Amazon Resource Name (ARN), the replication strategy, the Amazon Web Services Regions of a multi-Region keyspace, and the status of newly added Regions after an UpdateKeyspace operation.
The GetType operation returns information about the type, for example the field definitions, the timestamp when the type was last modified, the level of nesting, the status, and details about if the type is used in other types and tables.
To read keyspace metadata using GetType, the IAM principal needs Select action permissions for the system keyspace.
The GetType operation returns information about the type, for example the field definitions, the timestamp when the type was last modified, the level of nesting, the status, and details about if the type is used in other types and tables.
To read keyspace metadata using GetType, the IAM principal needs Select action permissions for the system keyspace. To configure the required permissions, see Permissions to view a UDT in the Amazon Keyspaces Developer Guide.
The ListTypes operation returns a list of types for a specified keyspace.
To read keyspace metadata using ListTypes, the IAM principal needs Select action permissions for the system keyspace.
The ListTypes operation returns a list of types for a specified keyspace.
To read keyspace metadata using ListTypes, the IAM principal needs Select action permissions for the system keyspace. To configure the required permissions, see Permissions to view a UDT in the Amazon Keyspaces Developer Guide.
Removes the association of tags from a Amazon Keyspaces resource.
" }, + "UpdateKeyspace":{ + "name":"UpdateKeyspace", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateKeyspaceRequest"}, + "output":{"shape":"UpdateKeyspaceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ServiceQuotaExceededException"}, + {"shape":"InternalServerException"}, + {"shape":"ConflictException"}, + {"shape":"AccessDeniedException"}, + {"shape":"ResourceNotFoundException"} + ], + "documentation":"Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace. The new replica Region is applied to all tables in the keyspace. For more information, see Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.
To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps for all tables in the keyspace. For more information, see Client-side timestamps in Amazon Keyspaces in the Amazon Keyspaces Developer Guide.
" + }, "UpdateTable":{ "name":"UpdateTable", "http":{ @@ -827,6 +845,10 @@ "replicationRegions":{ "shape":"RegionList", "documentation":" If the replicationStrategy of the keyspace is MULTI_REGION, a list of replication Regions is returned.
A list of all Regions the keyspace is replicated in after the update keyspace operation and their status.
" } } }, @@ -1042,6 +1064,15 @@ "min":1, "pattern":"[a-zA-Z0-9][a-zA-Z0-9_]{0,47}" }, + "KeyspaceStatus":{ + "type":"string", + "enum":[ + "ACTIVE", + "CREATING", + "UPDATING", + "DELETING" + ] + }, "KeyspaceSummary":{ "type":"structure", "required":[ @@ -1323,6 +1354,34 @@ "member":{"shape":"ReplicaSpecificationSummary"}, "min":0 }, + "ReplicationGroupStatus":{ + "type":"structure", + "required":[ + "region", + "keyspaceStatus" + ], + "members":{ + "region":{ + "shape":"region", + "documentation":"The name of the Region that was added to the keyspace.
" + }, + "keyspaceStatus":{ + "shape":"KeyspaceStatus", + "documentation":"The status of the keyspace.
" + }, + "tablesReplicationProgress":{ + "shape":"TablesReplicationProgress", + "documentation":" This shows the replication progress of tables in the keyspace. The value is expressed as a percentage of the newly replicated tables with status Active compared to the total number of tables in the keyspace.
This shows the summary status of the keyspace after a new Amazon Web Services Region was added.
" + }, + "ReplicationGroupStatusList":{ + "type":"list", + "member":{"shape":"ReplicationGroupStatus"}, + "max":6, + "min":2 + }, "ReplicationSpecification":{ "type":"structure", "required":["replicationStrategy"], @@ -1347,7 +1406,7 @@ }, "resourceArn":{ "shape":"ARN", - "documentation":"The unique identifier in the format of Amazon Resource Name (ARN) for the resource could't be found.
" + "documentation":"The unique identifier in the format of Amazon Resource Name (ARN) for the resource couldn’t be found.
" } }, "documentation":"The operation tried to access a keyspace, table, or type that doesn't exist. The resource might not be specified correctly, or its status might not be ACTIVE.
The name of the keyspace.
" + }, + "replicationSpecification":{"shape":"ReplicationSpecification"}, + "clientSideTimestamps":{"shape":"ClientSideTimestamps"} + } + }, + "UpdateKeyspaceResponse":{ + "type":"structure", + "required":["resourceArn"], + "members":{ + "resourceArn":{ + "shape":"ARN", + "documentation":"The unique identifier of the keyspace in the format of an Amazon Resource Name (ARN).
" + } + } + }, "UpdateTableRequest":{ "type":"structure", "required":[ diff --git a/botocore/data/mwaa/2020-07-01/service-2.json b/botocore/data/mwaa/2020-07-01/service-2.json index 44e6ded25b..f8919ba056 100644 --- a/botocore/data/mwaa/2020-07-01/service-2.json +++ b/botocore/data/mwaa/2020-07-01/service-2.json @@ -365,7 +365,7 @@ }, "EnvironmentClass":{ "shape":"EnvironmentClass", - "documentation":"The environment class type. Valid values: mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The number of Apache Airflow schedulers to run in your environment. Valid values:
v2 - Accepts between 2 to 5. Defaults to 2.
v1 - Accepts 1.
The number of Apache Airflow schedulers to run in your environment. Valid values:
v2 - For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
v1 - Accepts 1.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
This section contains the Amazon Managed Workflows for Apache Airflow (Amazon MWAA) API reference documentation to create an environment. For more information, see Get started with Amazon Managed Workflows for Apache Airflow.
" @@ -598,7 +598,7 @@ }, "EnvironmentClass":{ "shape":"EnvironmentClass", - "documentation":"The environment class type. Valid values: mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
Describes an Amazon Managed Workflows for Apache Airflow (MWAA) environment.
" @@ -956,7 +956,7 @@ "MaxWebservers":{ "type":"integer", "box":true, - "min":2 + "min":1 }, "MaxWorkers":{ "type":"integer", @@ -1008,7 +1008,7 @@ "MinWebservers":{ "type":"integer", "box":true, - "min":2 + "min":1 }, "MinWorkers":{ "type":"integer", @@ -1417,7 +1417,7 @@ }, "EnvironmentClass":{ "shape":"EnvironmentClass", - "documentation":"The environment class type. Valid values: mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The environment class type. Valid values: mw1.micro, mw1.small, mw1.medium, mw1.large, mw1.xlarge, and mw1.2xlarge. For more information, see Amazon MWAA environment class.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The minimum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. As the transaction-per-second rate, and the network load, decrease, Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: Accepts between 2 and 5. Defaults to 2.
The maximum number of web servers that you want to run in your environment. Amazon MWAA scales the number of Apache Airflow web servers up to the number you specify for MaxWebservers when you interact with your Apache Airflow environment using Apache Airflow REST API, or the Apache Airflow CLI. For example, in scenarios where your workload requires network calls to the Apache Airflow REST API with a high transaction-per-second (TPS) rate, Amazon MWAA will increase the number of web servers up to the number set in MaxWebserers. As TPS rates decrease Amazon MWAA disposes of the additional web servers, and scales down to the number set in MinxWebserers.
Valid values: For environments larger than mw1.micro, accepts values from 2 to 5. Defaults to 2 for all environment sizes except mw1.micro, which defaults to 1.
Deletes tax registration for multiple accounts in batch. This can be used to delete tax registrations for up to five accounts in one batch.
This API operation can't be used to delete your tax registration in Brazil. Use the Payment preferences page in the Billing and Cost Management console instead.
Get the active tax exemptions for a given list of accounts.
" + }, "BatchPutTaxRegistration":{ "name":"BatchPutTaxRegistration", "http":{ @@ -80,6 +96,38 @@ ], "documentation":"Deletes tax registration for a single account.
This API operation can't be used to delete your tax registration in Brazil. Use the Payment preferences page in the Billing and Cost Management console instead.
Get supported tax exemption types.
" + }, + "GetTaxInheritance":{ + "name":"GetTaxInheritance", + "http":{ + "method":"POST", + "requestUri":"/GetTaxInheritance", + "responseCode":200 + }, + "input":{"shape":"GetTaxInheritanceRequest"}, + "output":{"shape":"GetTaxInheritanceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"The get account tax inheritance status.
" + }, "GetTaxRegistration":{ "name":"GetTaxRegistration", "http":{ @@ -127,6 +175,22 @@ ], "documentation":"Retrieves supplemental tax registrations for a single account.
" }, + "ListTaxExemptions":{ + "name":"ListTaxExemptions", + "http":{ + "method":"POST", + "requestUri":"/ListTaxExemptions", + "responseCode":200 + }, + "input":{"shape":"ListTaxExemptionsRequest"}, + "output":{"shape":"ListTaxExemptionsResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Retrieves the tax exemption of accounts listed in a consolidated billing family.
" + }, "ListTaxRegistrations":{ "name":"ListTaxRegistrations", "http":{ @@ -159,6 +223,42 @@ ], "documentation":"Stores supplemental tax registration for a single account.
" }, + "PutTaxExemption":{ + "name":"PutTaxExemption", + "http":{ + "method":"POST", + "requestUri":"/PutTaxExemption", + "responseCode":200 + }, + "input":{"shape":"PutTaxExemptionRequest"}, + "output":{"shape":"PutTaxExemptionResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"AccessDeniedException"}, + {"shape":"CaseCreationLimitExceededException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"AttachmentUploadException"}, + {"shape":"InternalServerException"} + ], + "documentation":"Adds the tax exemption for a single account or all accounts listed in a consolidated billing family.
" + }, + "PutTaxInheritance":{ + "name":"PutTaxInheritance", + "http":{ + "method":"POST", + "requestUri":"/PutTaxInheritance", + "responseCode":200 + }, + "input":{"shape":"PutTaxInheritanceRequest"}, + "output":{"shape":"PutTaxInheritanceResponse"}, + "errors":[ + {"shape":"ValidationException"}, + {"shape":"ConflictException"}, + {"shape":"ResourceNotFoundException"}, + {"shape":"InternalServerException"} + ], + "documentation":"The updated tax inheritance status.
" + }, "PutTaxRegistration":{ "name":"PutTaxRegistration", "http":{ @@ -177,6 +277,19 @@ } }, "shapes":{ + "AccessDeniedException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"The access is denied for the Amazon Web Services Support API.
", + "error":{ + "httpStatusCode":401, + "senderFault":true + }, + "exception":true + }, "AccountDetails":{ "type":"structure", "members":{ @@ -451,6 +564,38 @@ "ContactAddress" ] }, + "AttachmentUploadException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"Failed to upload the tax exemption document to Amazon Web Services Support case.
", + "error":{ + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, + "Authorities":{ + "type":"list", + "member":{"shape":"Authority"} + }, + "Authority":{ + "type":"structure", + "required":["country"], + "members":{ + "country":{ + "shape":"CountryCode", + "documentation":"The country code for the country that the address is in.
" + }, + "state":{ + "shape":"State", + "documentation":"The state that the address is located.
" + } + }, + "documentation":"The address domain associate with the tax information.
" + }, "BatchDeleteTaxRegistrationError":{ "type":"structure", "required":[ @@ -497,6 +642,29 @@ } } }, + "BatchGetTaxExemptionsRequest":{ + "type":"structure", + "required":["accountIds"], + "members":{ + "accountIds":{ + "shape":"AccountIds", + "documentation":"List of unique account identifiers.
" + } + } + }, + "BatchGetTaxExemptionsResponse":{ + "type":"structure", + "members":{ + "failedAccounts":{ + "shape":"AccountIds", + "documentation":"The list of accounts that failed to get tax exemptions.
" + }, + "taxExemptionDetailsMap":{ + "shape":"TaxExemptionDetailsMap", + "documentation":"The tax exemption details map of accountId and tax exemption details.
" + } + } + }, "BatchPutTaxRegistrationError":{ "type":"structure", "required":[ @@ -618,6 +786,19 @@ "type":"string", "pattern":"^([0-9]{6}-[0-9]{1})$" }, + "CaseCreationLimitExceededException":{ + "type":"structure", + "required":["message"], + "members":{ + "message":{"shape":"ErrorMessage"} + }, + "documentation":"You've exceeded the Amazon Web Services Support case creation limit for your account.
", + "error":{ + "httpStatusCode":413, + "senderFault":true + }, + "exception":true + }, "CcmCode":{ "type":"string", "max":1024, @@ -722,12 +903,27 @@ }, "documentation":"The location of the Amazon S3 bucket that you specify to download your tax documents to.
" }, + "DisplayName":{ + "type":"string", + "max":50, + "min":0, + "pattern":"^[\\s\\S]*$" + }, "District":{ "type":"string", "max":50, "min":1, "pattern":"^(?!\\s*$)[\\s\\S]+$" }, + "EntityExemptionAccountStatus":{ + "type":"string", + "enum":[ + "None", + "Valid", + "Expired", + "Pending" + ] + }, "ErrorCode":{ "type":"string", "max":50, @@ -752,10 +948,44 @@ }, "documentation":"Additional tax information associated with your TRN in Estonia.
" }, + "ExemptionCertificate":{ + "type":"structure", + "required":[ + "documentFile", + "documentName" + ], + "members":{ + "documentFile":{ + "shape":"ExemptionFileBlob", + "documentation":"The exemption certificate file content.
" + }, + "documentName":{ + "shape":"ExemptionDocumentName", + "documentation":"The exemption certificate file name.
" + } + }, + "documentation":"The exemption certificate.
" + }, + "ExemptionDocumentName":{ + "type":"string", + "max":128, + "min":0, + "pattern":"^([A-Za-z0-9-_.]+).(pdf|jpg|png)$" + }, + "ExemptionFileBlob":{ + "type":"blob", + "max":4194304, + "min":1 + }, "FieldName":{ "type":"string", "pattern":"^(?!\\s*$)[\\s\\S]+$" }, + "FileBlob":{ + "type":"blob", + "max":5242880, + "min":1 + }, "GenericString":{ "type":"string", "max":200, @@ -773,12 +1003,37 @@ }, "documentation":"Additional tax information associated with your TRN in Georgia.
" }, + "GetTaxExemptionTypesRequest":{ + "type":"structure", + "members":{ + } + }, + "GetTaxExemptionTypesResponse":{ + "type":"structure", + "members":{ + "taxExemptionTypes":{ + "shape":"TaxExemptionTypes", + "documentation":"The supported types of tax exemptions.
" + } + } + }, + "GetTaxInheritanceRequest":{ + "type":"structure", + "members":{ + } + }, + "GetTaxInheritanceResponse":{ + "type":"structure", + "members":{ + "heritageStatus":{ + "shape":"HeritageStatus", + "documentation":"The tax inheritance status.
" + } + } + }, "GetTaxRegistrationDocumentRequest":{ "type":"structure", - "required":[ - "destinationS3Location", - "taxDocumentMetadata" - ], + "required":["taxDocumentMetadata"], "members":{ "destinationS3Location":{ "shape":"DestinationS3Location", @@ -796,6 +1051,10 @@ "destinationFilePath":{ "shape":"DestinationFilePath", "documentation":"The file path of the Amazon S3 bucket where you want to download your tax document to.
" + }, + "presignedS3Url":{ + "shape":"Url", + "documentation":"The Amazon S3 presigned URL of the tax registration document.
" } } }, @@ -817,6 +1076,13 @@ } } }, + "HeritageStatus":{ + "type":"string", + "enum":[ + "OptIn", + "OptOut" + ] + }, "IndiaAdditionalInfo":{ "type":"structure", "members":{ @@ -999,6 +1265,32 @@ } } }, + "ListTaxExemptionsRequest":{ + "type":"structure", + "members":{ + "maxResults":{ + "shape":"MaxResults", + "documentation":"The number of results you want in one response.
" + }, + "nextToken":{ + "shape":"PaginationTokenString", + "documentation":"The token to retrieve the next set of results.
" + } + } + }, + "ListTaxExemptionsResponse":{ + "type":"structure", + "members":{ + "nextToken":{ + "shape":"PaginationTokenString", + "documentation":"The token to retrieve the next set of results.
" + }, + "taxExemptionDetailsMap":{ + "shape":"TaxExemptionDetailsMap", + "documentation":"The tax exemption details map of accountId and tax exemption details.
The list of unique account identifiers.
" + }, + "authority":{"shape":"Authority"}, + "exemptionCertificate":{"shape":"ExemptionCertificate"}, + "exemptionType":{ + "shape":"GenericString", + "documentation":"The exemption type.
" + } + } + }, + "PutTaxExemptionResponse":{ + "type":"structure", + "members":{ + "caseId":{ + "shape":"GenericString", + "documentation":"The customer support case ID.
" + } + } + }, + "PutTaxInheritanceRequest":{ + "type":"structure", + "members":{ + "heritageStatus":{ + "shape":"HeritageStatus", + "documentation":"The tax inheritance status.
" + } + } + }, + "PutTaxInheritanceResponse":{ + "type":"structure", + "members":{ + } + }, "PutTaxRegistrationRequest":{ "type":"structure", "required":["taxRegistrationEntry"], @@ -1155,7 +1491,7 @@ }, "RegistrationId":{ "type":"string", - "max":20, + "max":200, "min":1, "pattern":"^(?!\\s*$)[\\s\\S]+$" }, @@ -1423,6 +1759,93 @@ "type":"string", "pattern":"^[\\s\\S]*$" }, + "TaxExemption":{ + "type":"structure", + "required":[ + "authority", + "taxExemptionType" + ], + "members":{ + "authority":{ + "shape":"Authority", + "documentation":"The address domain associate with tax exemption.
" + }, + "effectiveDate":{ + "shape":"Timestamp", + "documentation":"The tax exemption effective date.
" + }, + "expirationDate":{ + "shape":"Timestamp", + "documentation":"The tax exemption expiration date.
" + }, + "status":{ + "shape":"EntityExemptionAccountStatus", + "documentation":"The tax exemption status.
" + }, + "systemEffectiveDate":{ + "shape":"Timestamp", + "documentation":"The tax exemption recording time in the TaxSettings system.
The tax exemption type.
" + } + }, + "documentation":"The tax exemption.
" + }, + "TaxExemptionDetails":{ + "type":"structure", + "members":{ + "heritageObtainedDetails":{ + "shape":"Boolean", + "documentation":"The indicator if the tax exemption is inherited from the consolidated billing family management account.
" + }, + "heritageObtainedParentEntity":{ + "shape":"GenericString", + "documentation":"The consolidated billing family management account the tax exemption inherited from.
" + }, + "heritageObtainedReason":{ + "shape":"GenericString", + "documentation":"The reason of the heritage inheritance.
" + }, + "taxExemptions":{ + "shape":"TaxExemptions", + "documentation":"Tax exemptions.
" + } + }, + "documentation":"The tax exemption details.
" + }, + "TaxExemptionDetailsMap":{ + "type":"map", + "key":{"shape":"AccountId"}, + "value":{"shape":"TaxExemptionDetails"} + }, + "TaxExemptionType":{ + "type":"structure", + "members":{ + "applicableJurisdictions":{ + "shape":"Authorities", + "documentation":"The tax exemption's applicable jurisdictions.
" + }, + "description":{ + "shape":"GenericString", + "documentation":"The tax exemption's type description.
" + }, + "displayName":{ + "shape":"DisplayName", + "documentation":"The tax exemption's type display name.
" + } + }, + "documentation":"The tax exemption type.
" + }, + "TaxExemptionTypes":{ + "type":"list", + "member":{"shape":"TaxExemptionType"} + }, + "TaxExemptions":{ + "type":"list", + "member":{"shape":"TaxExemption"} + }, "TaxInformationNumber":{ "type":"string", "pattern":"^[A-Z]{1,2}[0-9]{1,11}$" @@ -1495,10 +1918,31 @@ "documentation":"Your TRN information.
", "sensitive":true }, + "TaxRegistrationDocFile":{ + "type":"structure", + "required":[ + "fileContent", + "fileName" + ], + "members":{ + "fileContent":{ + "shape":"FileBlob", + "documentation":"The tax registration document content.
" + }, + "fileName":{ + "shape":"TaxDocumentName", + "documentation":"The tax registration document name.
" + } + }, + "documentation":"The tax registration document.
" + }, "TaxRegistrationDocument":{ "type":"structure", - "required":["s3Location"], "members":{ + "file":{ + "shape":"TaxRegistrationDocFile", + "documentation":"The tax registration document.
" + }, "s3Location":{ "shape":"SourceS3Location", "documentation":"The Amazon S3 location where your tax registration document is stored.
" @@ -1633,6 +2077,7 @@ "documentation":"Your TRN information with jurisdiction details. This doesn't contain the full legal address associated with the TRN information.
", "sensitive":true }, + "Timestamp":{"type":"timestamp"}, "TurkeyAdditionalInfo":{ "type":"structure", "members":{ @@ -1673,6 +2118,12 @@ "Individual" ] }, + "Url":{ + "type":"string", + "max":200, + "min":1, + "pattern":"^https.*\\S.*$" + }, "ValidationException":{ "type":"structure", "required":[ diff --git a/botocore/data/workspaces/2015-04-08/service-2.json b/botocore/data/workspaces/2015-04-08/service-2.json index 2186dca274..7b23663543 100644 --- a/botocore/data/workspaces/2015-04-08/service-2.json +++ b/botocore/data/workspaces/2015-04-08/service-2.json @@ -293,7 +293,7 @@ {"shape":"ResourceLimitExceededException"}, {"shape":"InvalidParameterValuesException"} ], - "documentation":"Creates one or more WorkSpaces.
This operation is asynchronous and returns before the WorkSpaces are created.
The MANUAL running mode value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see Amazon WorkSpaces Core.
You don't need to specify the PCOIP protocol for Linux bundles because DCV (formerly WSP) is the default protocol for those bundles.
User-decoupled WorkSpaces are only supported by Amazon WorkSpaces Core.
Review your running mode to ensure you are using one that is optimal for your needs and budget. For more information on switching running modes, see Can I switch between hourly and monthly billing?
Creates one or more WorkSpaces.
This operation is asynchronous and returns before the WorkSpaces are created.
The MANUAL running mode value is only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use this value. For more information, see Amazon WorkSpaces Core.
You don't need to specify the PCOIP protocol for Linux bundles because WSP is the default protocol for those bundles.
User-decoupled WorkSpaces are only supported by Amazon WorkSpaces Core.
Review your running mode to ensure you are using one that is optimal for your needs and budget. For more information on switching running modes, see Can I switch between hourly and monthly billing?
The ingestion process to be used when importing the image, depending on which protocol you want to use for your BYOL Workspace image, either PCoIP, DCV, or bring your own protocol (BYOP). To use WSP, specify a value that ends in _DCV. To use PCoIP, specify a value that does not end in _DCV. To use BYOP, specify a value that ends in _BYOP.
For non-GPU-enabled bundles (bundles other than Graphics or GraphicsPro), specify BYOL_REGULAR, BYOL_REGULAR_DCV, or BYOL_REGULAR_BYOP, depending on the protocol.
The BYOL_REGULAR_BYOP and BYOL_GRAPHICS_G4DN_BYOP values are only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use these values. For more information, see Amazon WorkSpaces Core.
The ingestion process to be used when importing the image, depending on which protocol you want to use for your BYOL Workspace image, either PCoIP, WorkSpaces Streaming Protocol (WSP), or bring your own protocol (BYOP). To use WSP, specify a value that ends in _WSP. To use PCoIP, specify a value that does not end in _WSP. To use BYOP, specify a value that ends in _BYOP.
For non-GPU-enabled bundles (bundles other than Graphics or GraphicsPro), specify BYOL_REGULAR, BYOL_REGULAR_WSP, or BYOL_REGULAR_BYOP, depending on the protocol.
The BYOL_REGULAR_BYOP and BYOL_GRAPHICS_G4DN_BYOP values are only supported by Amazon WorkSpaces Core. Contact your account team to be allow-listed to use these values. For more information, see Amazon WorkSpaces Core.
If specified, the version of Microsoft Office to subscribe to. Valid only for Windows 10 and 11 BYOL images. For more information about subscribing to Office for BYOL images, see Bring Your Own Windows Desktop Licenses.
Although this parameter is an array, only one item is allowed at this time.
During the image import process, non-GPU DCV (formerly WSP) WorkSpaces with Windows 11 support only Microsoft_Office_2019. GPU DCV (formerly WSP) WorkSpaces with Windows 11 do not support Office installation.
If specified, the version of Microsoft Office to subscribe to. Valid only for Windows 10 and 11 BYOL images. For more information about subscribing to Office for BYOL images, see Bring Your Own Windows Desktop Licenses.
Although this parameter is an array, only one item is allowed at this time.
During the image import process, non-GPU WSP WorkSpaces with Windows 11 support only Microsoft_Office_2019. GPU WSP WorkSpaces with Windows 11 do not support Office installation.
The protocol. For more information, see Protocols for Amazon WorkSpaces.
Only available for WorkSpaces created with PCoIP bundles.
The Protocols property is case sensitive. Ensure you use PCOIP or DCV (formerly WSP).
Unavailable for Windows 7 WorkSpaces and WorkSpaces using GPU-based bundles (Graphics, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn).
The protocol. For more information, see Protocols for Amazon WorkSpaces.
Only available for WorkSpaces created with PCoIP bundles.
The Protocols property is case sensitive. Ensure you use PCOIP or WSP.
Unavailable for Windows 7 WorkSpaces and WorkSpaces using GPU-based bundles (Graphics, GraphicsPro, Graphics.g4dn, and GraphicsPro.g4dn).