From d387a6e205beb21f82aa341c1d37c1f4d12e4359 Mon Sep 17 00:00:00 2001 From: Elysa Hall Date: Mon, 30 Dec 2024 17:47:01 +0000 Subject: [PATCH] Examples for apigateway, ssm, verifiedpermissions --- .../create-domain-name-access-association.rst | 19 ++++ .../apigateway/create-domain-name.rst | 90 +++++++++++++++++- .../delete-domain-name-access-association.rst | 10 ++ .../get-domain-name-access-associations.rst | 42 +++++++++ .../examples/apigateway/get-domain-name.rst | 49 ++++++++-- .../examples/apigateway/get-domain-names.rst | 94 ++++++++++++++++--- .../reject-domain-name-access-association.rst | 11 +++ .../ssm/deregister-managed-instance.rst | 6 +- .../create-policy-template.rst | 6 +- 9 files changed, 296 insertions(+), 31 deletions(-) create mode 100644 awscli/examples/apigateway/create-domain-name-access-association.rst create mode 100644 awscli/examples/apigateway/delete-domain-name-access-association.rst create mode 100644 awscli/examples/apigateway/get-domain-name-access-associations.rst create mode 100644 awscli/examples/apigateway/reject-domain-name-access-association.rst diff --git a/awscli/examples/apigateway/create-domain-name-access-association.rst b/awscli/examples/apigateway/create-domain-name-access-association.rst new file mode 100644 index 000000000000..6f09062431a7 --- /dev/null +++ b/awscli/examples/apigateway/create-domain-name-access-association.rst @@ -0,0 +1,19 @@ +**To create a domain name access association** + +The following ``create-domain-name-access-association`` example creates a domain name access association between a private custom domain name and VPC endpoint. :: + + aws apigateway create-domain-name-access-association \ + --domain-name-arn arn:aws:apigateway:us-west-2:111122223333:/domainnames/my.private.domain.tld+abcd1234 \ + --access-association-source vpce-abcd1234efg \ + --access-association-source-type VPCE + +Output:: + + { + "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg + "accessAssociationSource": "vpce-abcd1234efg", + "accessAssociationSourceType": "VPCE", + "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234" + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/apigateway/create-domain-name.rst b/awscli/examples/apigateway/create-domain-name.rst index 96f62d02f541..9970cbf30c25 100644 --- a/awscli/examples/apigateway/create-domain-name.rst +++ b/awscli/examples/apigateway/create-domain-name.rst @@ -1,5 +1,89 @@ -**To create the custom domain name** +**Example 1: To create a public custom domain name** -Command:: +The following ``create-domain-name`` example creates a public custom domain name. :: - aws apigateway create-domain-name --domain-name 'my.domain.tld' --certificate-name 'my.domain.tld cert' --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3' + aws apigateway create-domain-name \ + --domain-name 'my.domain.tld' \ + --certificate-name 'my.domain.tld cert'\ + --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3' + +Output:: + + { + "domainName": "my.domain.tld", + "certificateName": "my.domain.tld cert", + "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", + "certificateUploadDate": "2024-10-08T11:29:49-07:00", + "distributionDomainName": "abcd1234.cloudfront.net", + "distributionHostedZoneId": "Z2FDTNDATAQYW2", + "endpointConfiguration": { + "types": [ + "EDGE" + ] + }, + "domainNameStatus": "AVAILABLE", + "securityPolicy": "TLS_1_2" + } + +For more information, see `Custom domain name for public REST APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. + +**Example 2: To create a private custom domain name** + +The following ``create-domain-name`` example creates a private custom domain name. :: + + aws apigateway create-domain-name \ + --domain-name 'my.private.domain.tld' \ + --certificate-name 'my.domain.tld cert' \ + --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3' \ + --endpoint-configuration '{"types": ["PRIVATE"]}' \ + --security-policy 'TLS_1_2' \ + --policy file://policy.json + +Contents of ``policy.json``:: + + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": "*", + "Action": "execute-api:Invoke", + "Resource": [ + "execute-api:/*" + ] + }, + { + "Effect": "Deny", + "Principal": "*", + "Action": "execute-api:Invoke", + "Resource": [ + "execute-api:/*" + ], + "Condition" : { + "StringNotEquals": { + "aws:SourceVpce": "vpce-abcd1234efg" + } + } + } + ] + } + +Output:: + + { + "domainName": "my.private.domain.tld", + "domainNameId": "abcd1234", + "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234", + "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", + "certificateUploadDate": "2024-09-10T10:31:20-07:00", + "endpointConfiguration": { + "types": [ + "PRIVATE" + ] + }, + "domainNameStatus": "AVAILABLE", + "securityPolicy": "TLS_1_2", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpc\":\"vpc-1a2b3c4d\"}}}]}" + } + +For more information, see `Custom domain name for public REST APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/apigateway/delete-domain-name-access-association.rst b/awscli/examples/apigateway/delete-domain-name-access-association.rst new file mode 100644 index 000000000000..a958eff6dd5b --- /dev/null +++ b/awscli/examples/apigateway/delete-domain-name-access-association.rst @@ -0,0 +1,10 @@ +**To delete a domain name access association** + +The following ``delete-domain-name-access-association`` example deletes a domain name access association between a private custom domain name and VPC endpoint. :: + + aws apigateway delete-domain-name-access-association \ + --domain-name-access-association-arn arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg + +This command produces no output. + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/apigateway/get-domain-name-access-associations.rst b/awscli/examples/apigateway/get-domain-name-access-associations.rst new file mode 100644 index 000000000000..a0954fc9f7e8 --- /dev/null +++ b/awscli/examples/apigateway/get-domain-name-access-associations.rst @@ -0,0 +1,42 @@ +**Example 1: To list all domain name access associations** + +The following ``get-domain-name-access-associations`` example lists all domain name access associations. :: + + aws apigateway get-domain-name-access-associations + +Output:: + + { + "items": [ + { + "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg + "accessAssociationSource": "vpce-abcd1234efg", + "accessAssociationSourceType": "VPCE", + "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234" + } + ] + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. + +**Example 2: To list all domain name access associations owned by this AWS account** + +The following ``get-domain-name-access-associations`` example lists all the domain name access associations owned by the current AWS account. :: + + aws apigateway get-domain-name-access-associations \ + --resource-owner SELF + +Output:: + + { + "items": [ + { + "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg + "accessAssociationSource": "vpce-abcd1234efg", + "accessAssociationSourceType": "VPCE", + "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234" + } + ] + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/apigateway/get-domain-name.rst b/awscli/examples/apigateway/get-domain-name.rst index ac87fd04f646..0a53f006c23a 100644 --- a/awscli/examples/apigateway/get-domain-name.rst +++ b/awscli/examples/apigateway/get-domain-name.rst @@ -1,14 +1,45 @@ -**To get information about a custom domain name** +**Example 1: To get information about a public custom domain name** -Command:: +The following ``get-domain-name`` example gets information about a public custom domain name. :: - aws apigateway get-domain-name --domain-name api.domain.tld + aws apigateway get-domain-name \ + --domain-name api.domain.tld Output:: - { - "domainName": "api.domain.tld", - "distributionDomainName": "d1a2f3a4c5o6d.cloudfront.net", - "certificateName": "uploadedCertificate", - "certificateUploadDate": 1462565487 - } + { + "domainName": "api.domain.tld", + "distributionDomainName": "d1a2f3a4c5o6d.cloudfront.net", + "certificateName": "uploadedCertificate", + "certificateUploadDate": 1462565487 + } + +For more information, see `Custom domain name for public REST APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. + +**Example 2: To get information about a private custom domain name** + +The following ``get-domain-name`` example gets information about a private custom domain name. :: + + aws apigateway get-domain-name \ + --domain-name api.private.domain.tld \ + --domain-name-id abcd1234 + +Output:: + + { + "domainName": "my.private.domain.tld", + "domainNameId": "abcd1234", + "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234", + "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", + "certificateUploadDate": "2024-09-10T10:31:20-07:00", + "endpointConfiguration": { + "types": [ + "PRIVATE" + ] + }, + "domainNameStatus": "AVAILABLE", + "securityPolicy": "TLS_1_2", + "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpc\":\"vpc-1a2b3c4d\"}}}]}" + } + +For more information, see `Custom domain name for public REST APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/apigateway/get-domain-names.rst b/awscli/examples/apigateway/get-domain-names.rst index b3d2b4a33e2f..fe6444fe6820 100644 --- a/awscli/examples/apigateway/get-domain-names.rst +++ b/awscli/examples/apigateway/get-domain-names.rst @@ -1,18 +1,86 @@ -**To get a list of custom domain names** +**Example 1: To get a list of custom domain names** -Command:: +The following ``get-domain-names`` command gets a list of domain names. :: - aws apigateway get-domain-names + aws apigateway get-domain-names Output:: - { - "items": [ - { - "distributionDomainName": "d9511k3l09bkd.cloudfront.net", - "certificateUploadDate": 1452812505, - "certificateName": "my_custom_domain-certificate", - "domainName": "subdomain.domain.tld" - } - ] - } + { + "items": [ + { + "distributionDomainName": "d9511k3l09bkd.cloudfront.net", + "certificateUploadDate": 1452812505, + "certificateName": "my_custom_domain-certificate", + "domainName": "subdomain.domain.tld" + } + ] + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. + +**Example 2: To get a list of custom domain names owned by this AWS account** + +The following ``get-domain-names`` command gets a list of domain names owned by this AWS account. :: + + aws apigateway get-domain-names \ + --resource-owner SELF + +Output:: + + { + "items": [ + { + "domainName": "my.domain.tld", + "domainNameArn": "arn:aws:apigateway:us-east-1::/domainnames/my.private.domain.tld", + "certificateUploadDate": "2024-08-15T17:02:55-07:00", + "regionalDomainName": "d-abcd1234.execute-api.us-east-1.amazonaws.com", + "regionalHostedZoneId": "Z1UJRXOUMOOFQ8", + "regionalCertificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", + "endpointConfiguration": { + "types": [ + "REGIONAL" + ] + }, + "domainNameStatus": "AVAILABLE", + "securityPolicy": "TLS_1_2" + }, + { + "domainName": "my.private.domain.tld", + "domainNameId": "abcd1234", + "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234", + "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3", + "certificateUploadDate": "2024-11-26T11:44:40-08:00", + "endpointConfiguration": { + "types": [ + "PRIVATE" + ] + }, + "domainNameStatus": "AVAILABLE", + "securityPolicy": "TLS_1_2" + } + ] + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. + +**Example 3: To get a list of custom domain names owned by other AWS accounts that you can create a domain name access association with.** + +The following ``get-domain-names`` command gets a list of domain names owned by other AWS accounts that you have access to create a domain name access association with. :: + + aws apigateway get-domain-names \ + --resource-owner OTHER_ACCOUNTS + +Output:: + + { + "items": [ + { + "domainName": "my.private.domain.tld", + "domainNameId": "abcd1234", + "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234" + } + ] + } + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. \ No newline at end of file diff --git a/awscli/examples/apigateway/reject-domain-name-access-association.rst b/awscli/examples/apigateway/reject-domain-name-access-association.rst new file mode 100644 index 000000000000..2c8b3f983ea8 --- /dev/null +++ b/awscli/examples/apigateway/reject-domain-name-access-association.rst @@ -0,0 +1,11 @@ +**To reject a domain name access association** + +The following ``reject-domain-name-access-association`` example rejects a domain name access association between a private custom domain name and VPC endpoint. :: + + aws apigateway reject-domain-name-access-association \ + --domain-name-access-association-arn arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg \ + --domain-name-arn arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234 + +This command produces no output. + +For more information, see `Custom domain names for private APIs in API Gateway `__ in the *Amazon API Gateway Developer Guide*. diff --git a/awscli/examples/ssm/deregister-managed-instance.rst b/awscli/examples/ssm/deregister-managed-instance.rst index 209565502950..b91fa53b461c 100644 --- a/awscli/examples/ssm/deregister-managed-instance.rst +++ b/awscli/examples/ssm/deregister-managed-instance.rst @@ -2,9 +2,9 @@ The following ``deregister-managed-instance`` example deregisters the specified managed instance. :: - aws ssm deregister-managed-instance - --instance-id "mi-08ab247cdfEXAMPLE" + aws ssm deregister-managed-instance \ + --instance-id 'mi-08ab247cdfEXAMPLE' This command produces no output. -For more information, see `Deregistering Managed Instances in a Hybrid Environment `__ in the *AWS Systems Manager User Guide*. +For more information, see `Deregistering managed nodes in a hybrid and multicloud environment `__ in the *AWS Systems Manager User Guide*. diff --git a/awscli/examples/verifiedpermissions/create-policy-template.rst b/awscli/examples/verifiedpermissions/create-policy-template.rst index c4b2edda76c2..f5a6584e59d5 100644 --- a/awscli/examples/verifiedpermissions/create-policy-template.rst +++ b/awscli/examples/verifiedpermissions/create-policy-template.rst @@ -1,12 +1,12 @@ -**Example 1: To create a policy template** +**To create a policy template** The following ``create-policy-template`` example creates a policy template with a statement that contains a placeholder for the principal. :: aws verifiedpermissions create-policy-template \ - --definition file://template1.txt \ + --statement file://template1.txt \ --policy-store-id PSEXAMPLEabcdefg111111 -Contents of file ``template1.txt``:: +Contents of ``template1.txt``:: permit( principal in ?principal,