diff --git a/VERSION b/VERSION index d2bc1d0df76..89989d0bbed 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.11.301 \ No newline at end of file +1.11.302 \ No newline at end of file diff --git a/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/AllSheetsFilterScopeConfiguration.h b/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/AllSheetsFilterScopeConfiguration.h index 7949f2c647b..6b40dee1fae 100644 --- a/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/AllSheetsFilterScopeConfiguration.h +++ b/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/AllSheetsFilterScopeConfiguration.h @@ -22,10 +22,12 @@ namespace Model { /** - *
The configuration for applying a filter to all sheets. You can apply this - * filter to all visuals on every sheet.
This is a union type structure. For - * this structure to be valid, only one of the attributes can be - * defined.
AllSheets
option is the
+ * chosen value for the FilterScopeConfiguration
parameter. This
+ * structure applies the filter to all visuals on all sheets of an Analysis,
+ * Dashboard, or Template. This is a union type structure. For this + * structure to be valid, only one of the attributes can be defined.
The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline const Aws::String& GetIAMIdentityCenterInstanceArn() const{ return m_iAMIdentityCenterInstanceArn; } + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline bool IAMIdentityCenterInstanceArnHasBeenSet() const { return m_iAMIdentityCenterInstanceArnHasBeenSet; } + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline void SetIAMIdentityCenterInstanceArn(const Aws::String& value) { m_iAMIdentityCenterInstanceArnHasBeenSet = true; m_iAMIdentityCenterInstanceArn = value; } + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline void SetIAMIdentityCenterInstanceArn(Aws::String&& value) { m_iAMIdentityCenterInstanceArnHasBeenSet = true; m_iAMIdentityCenterInstanceArn = std::move(value); } + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline void SetIAMIdentityCenterInstanceArn(const char* value) { m_iAMIdentityCenterInstanceArnHasBeenSet = true; m_iAMIdentityCenterInstanceArn.assign(value); } + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline CreateAccountSubscriptionRequest& WithIAMIdentityCenterInstanceArn(const Aws::String& value) { SetIAMIdentityCenterInstanceArn(value); return *this;} + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline CreateAccountSubscriptionRequest& WithIAMIdentityCenterInstanceArn(Aws::String&& value) { SetIAMIdentityCenterInstanceArn(std::move(value)); return *this;} + + /** + *The Amazon Resource Name (ARN) for the IAM Identity Center instance.
+ */ + inline CreateAccountSubscriptionRequest& WithIAMIdentityCenterInstanceArn(const char* value) { SetIAMIdentityCenterInstanceArn(value); return *this;} + private: Edition m_edition; @@ -1169,6 +1210,9 @@ namespace Model Aws::String m_contactNumber; bool m_contactNumberHasBeenSet = false; + + Aws::String m_iAMIdentityCenterInstanceArn; + bool m_iAMIdentityCenterInstanceArnHasBeenSet = false; }; } // namespace Model diff --git a/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/FilterScopeConfiguration.h b/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/FilterScopeConfiguration.h index 69553e13d68..9cca1feb339 100644 --- a/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/FilterScopeConfiguration.h +++ b/generated/src/aws-cpp-sdk-quicksight/include/aws/quicksight/model/FilterScopeConfiguration.h @@ -72,32 +72,50 @@ namespace Model /** - *The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The configuration for applying a filter to all sheets.
+ *The configuration that applies a filter to all sheets. When you choose
+ * AllSheets
as the value for a FilterScopeConfiguration
,
+ * this filter is applied to all visuals of all sheets in an Analysis, Dashboard,
+ * or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline const Aws::String& GetName() const{ return m_name; }
@@ -50,9 +51,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline bool NameHasBeenSet() const { return m_nameHasBeenSet; }
@@ -60,9 +62,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline void SetName(const Aws::String& value) { m_nameHasBeenSet = true; m_name = value; }
@@ -70,9 +73,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline void SetName(Aws::String&& value) { m_nameHasBeenSet = true; m_name = std::move(value); }
@@ -80,9 +84,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline void SetName(const char* value) { m_nameHasBeenSet = true; m_name.assign(value); }
@@ -90,9 +95,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline CreateGroupRequest& WithName(const Aws::String& value) { SetName(value); return *this;}
@@ -100,9 +106,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline CreateGroupRequest& WithName(Aws::String&& value) { SetName(std::move(value)); return *this;}
@@ -110,9 +117,10 @@ namespace Model
* The name of the group, which is the identifier of the group in other
* operations. You can't change the name of a resource group after you create it. A
* resource group name can consist of letters, numbers, hyphens, periods, and
- * underscores. The name cannot start with AWS
or aws
;
- * these are reserved. A resource group name must be unique within each Amazon Web
- * Services Region in your Amazon Web Services account.
AWS
, aws
, or
+ * any other possible capitalization; these are reserved. A resource group name
+ * must be unique within each Amazon Web Services Region in your Amazon Web
+ * Services account.
*/
inline CreateGroupRequest& WithName(const char* value) { SetName(value); return *this;}
diff --git a/generated/src/aws-cpp-sdk-resource-groups/include/aws/resource-groups/model/ListGroupResourcesResult.h b/generated/src/aws-cpp-sdk-resource-groups/include/aws/resource-groups/model/ListGroupResourcesResult.h
index b6b382c2fe6..84b25ec206a 100644
--- a/generated/src/aws-cpp-sdk-resource-groups/include/aws/resource-groups/model/ListGroupResourcesResult.h
+++ b/generated/src/aws-cpp-sdk-resource-groups/include/aws/resource-groups/model/ListGroupResourcesResult.h
@@ -143,58 +143,72 @@ namespace Model
/**
- * A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures. Possible
- * values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
- * and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
. Possible values for ErrorCode
+ * are CLOUDFORMATION_STACK_INACTIVE
,
+ * CLOUDFORMATION_STACK_NOT_EXISTING
,
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and
+ * RESOURCE_TYPE_NOT_SUPPORTED
.
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
Filters, formatted as GroupFilter objects, that you want to apply to a
* ListGroups
operation.
resource-type
- * - Filter the results to include only those of the specified resource types.
- * Specify up to five resource types in the format
- * AWS::ServiceCode::ResourceType
. For example,
- * AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those
+ * - Filter the results to include only those resource groups that have the
+ * specified resource type in their ResourceTypeFilter
. For example,
+ * AWS::EC2::Instance
would return any resource group with a
+ * ResourceTypeFilter
that includes
+ * AWS::EC2::Instance
.
+ * configuration-type
- Filter the results to include only those
* groups that have the specified configuration types attached. The current
* supported values are:
+ * AWS::AppRegistry::Application
+ * AWS::AppRegistry::ApplicationResourceGroups
+ * AWS::CloudFormation::Stack
* AWS::EC2::CapacityReservationPool
- * AWS::EC2::HostManagement
AWS::EC2::HostManagement
+ * AWS::NetworkFirewall::RuleGroup
A two-part error structure that can occur in ListGroupResources
- * or SearchResources
operations on CloudFront stack-based queries.
- * The error occurs if the CloudFront stack on which the query is based either does
- * not exist, or has a status that renders the stack inactive. A
- * QueryError
occurrence does not necessarily mean that Resource
- * Groups could not complete the operation, but the resulting group might have no
- * member resources.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A message that explains the ErrorCode
value. Messages might
- * state that the specified CloudFront stack does not exist (or no longer exists).
- * For CLOUDFORMATION_STACK_INACTIVE
, the message typically states
- * that the CloudFront stack has a status that is not (or no longer) active, such
- * as CREATE_FAILED
.
A message that explains the ErrorCode
.
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
A list of QueryError
objects. Each error is an object that
- * contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
+ *
A list of QueryError
objects. Each error contains an
+ * ErrorCode
and Message
.
Possible values for
+ * ErrorCode
:
* CLOUDFORMATION_STACK_INACTIVE
- * CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_NOT_EXISTING
+ * CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
Makes a series of decisions about multiple authorization requests for one + * token. The principal in this request comes from an external identity source in + * the form of an identity or access token, formatted as a JSON web token (JWT). The + * information in the parameters can also define additional context that Verified + * Permissions can include in the evaluations.
The request is evaluated
+ * against all policies in the specified policy store that match the entities that
+ * you provide in the entities declaration and in the token. The result of the
+ * decisions is a series of Allow
or Deny
responses,
+ * along with the IDs of the policies that produced each decision.
The
+ * entities
of a BatchIsAuthorizedWithToken
API request
+ * can contain up to 100 resources and up to 99 user groups. The
+ * requests
of a BatchIsAuthorizedWithToken
API request
+ * can contain up to 30 requests.
The
+ * BatchIsAuthorizedWithToken
operation doesn't have its own IAM
+ * permission. To authorize this operation for Amazon Web Services principals,
+ * include the permission verifiedpermissions:IsAuthorizedWithToken
in
+ * their IAM policies.
Creates a reference to an Amazon Cognito user pool as an external identity * provider (IdP).
After you create an identity source, you can use the
@@ -611,19 +653,12 @@ namespace VerifiedPermissions
* Permissions can include in the evaluation. The request is evaluated against all
* matching policies in the specified policy store. The result of the decision is
* either Allow
or Deny
, along with a list of the
- * policies that resulted in the decision.
If you specify the
- * identityToken
parameter, then this operation derives the principal
- * from that token. You must not also include that principal in the
- * entities
parameter or the operation fails and reports a conflict
- * between the two entity sources.
If you provide only an
- * accessToken
, then you can include the entity as part of the
- * entities
parameter to provide additional attributes.
At this time, Verified Permissions accepts tokens from only - * Amazon Cognito.
Verified Permissions validates each token that is - * specified in a request by checking its expiration date and its signature.
- *If you delete a Amazon Cognito user pool or user, tokens from - * that deleted pool or that deleted user continue to be usable until they - * expire.
At this time, Verified + * Permissions accepts tokens from only Amazon Cognito.
Verified Permissions + * validates each token that is specified in a request by checking its expiration + * date and its signature.
If you delete a Amazon Cognito user + * pool or user, tokens from that deleted pool or that deleted user continue to be + * usable until they expire.
An authorization request that you include in a
+ * BatchIsAuthorizedWithToken
API request.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the requested action to be authorized. For example,
+ * PhotoFlash::ReadPhoto
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies the resource that you want an authorization decision for. For
+ * example, PhotoFlash::Photo
.
Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline const ContextDefinition& GetContext() const{ return m_context; } + + /** + *Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline bool ContextHasBeenSet() const { return m_contextHasBeenSet; } + + /** + *Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline void SetContext(const ContextDefinition& value) { m_contextHasBeenSet = true; m_context = value; } + + /** + *Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline void SetContext(ContextDefinition&& value) { m_contextHasBeenSet = true; m_context = std::move(value); } + + /** + *Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline BatchIsAuthorizedWithTokenInputItem& WithContext(const ContextDefinition& value) { SetContext(value); return *this;} + + /** + *Specifies additional context that can be used to make more granular + * authorization decisions.
+ */ + inline BatchIsAuthorizedWithTokenInputItem& WithContext(ContextDefinition&& value) { SetContext(std::move(value)); return *this;} + + private: + + ActionIdentifier m_action; + bool m_actionHasBeenSet = false; + + EntityIdentifier m_resource; + bool m_resourceHasBeenSet = false; + + ContextDefinition m_context; + bool m_contextHasBeenSet = false; + }; + +} // namespace Model +} // namespace VerifiedPermissions +} // namespace Aws diff --git a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/BatchIsAuthorizedWithTokenOutputItem.h b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/BatchIsAuthorizedWithTokenOutputItem.h new file mode 100644 index 00000000000..7cb4ce27994 --- /dev/null +++ b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/BatchIsAuthorizedWithTokenOutputItem.h @@ -0,0 +1,268 @@ +/** + * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. + * SPDX-License-Identifier: Apache-2.0. + */ + +#pragma once +#includeThe decision, based on policy evaluation, from an individual authorization
+ * request in a BatchIsAuthorizedWithToken
API request.
The authorization request that initiated the decision.
+ */ + inline const BatchIsAuthorizedWithTokenInputItem& GetRequest() const{ return m_request; } + + /** + *The authorization request that initiated the decision.
+ */ + inline bool RequestHasBeenSet() const { return m_requestHasBeenSet; } + + /** + *The authorization request that initiated the decision.
+ */ + inline void SetRequest(const BatchIsAuthorizedWithTokenInputItem& value) { m_requestHasBeenSet = true; m_request = value; } + + /** + *The authorization request that initiated the decision.
+ */ + inline void SetRequest(BatchIsAuthorizedWithTokenInputItem&& value) { m_requestHasBeenSet = true; m_request = std::move(value); } + + /** + *The authorization request that initiated the decision.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithRequest(const BatchIsAuthorizedWithTokenInputItem& value) { SetRequest(value); return *this;} + + /** + *The authorization request that initiated the decision.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithRequest(BatchIsAuthorizedWithTokenInputItem&& value) { SetRequest(std::move(value)); return *this;} + + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline const Decision& GetDecision() const{ return m_decision; } + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline bool DecisionHasBeenSet() const { return m_decisionHasBeenSet; } + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline void SetDecision(const Decision& value) { m_decisionHasBeenSet = true; m_decision = value; } + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline void SetDecision(Decision&& value) { m_decisionHasBeenSet = true; m_decision = std::move(value); } + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithDecision(const Decision& value) { SetDecision(value); return *this;} + + /** + *An authorization decision that indicates if the authorization request should + * be allowed or denied.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithDecision(Decision&& value) { SetDecision(std::move(value)); return *this;} + + + /** + *The list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline const Aws::VectorThe list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline bool DeterminingPoliciesHasBeenSet() const { return m_determiningPoliciesHasBeenSet; } + + /** + *The list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline void SetDeterminingPolicies(const Aws::VectorThe list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline void SetDeterminingPolicies(Aws::VectorThe list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithDeterminingPolicies(const Aws::VectorThe list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithDeterminingPolicies(Aws::VectorThe list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& AddDeterminingPolicies(const DeterminingPolicyItem& value) { m_determiningPoliciesHasBeenSet = true; m_determiningPolicies.push_back(value); return *this; } + + /** + *The list of determining policies used to make the authorization decision. For + * example, if there are two matching policies, where one is a forbid and the other + * is a permit, then the forbid policy will be the determining policy. In the case + * of multiple matching permit policies then there would be multiple determining + * policies. In the case that no policies match, and hence the response is DENY, + * there would be no determining policies.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& AddDeterminingPolicies(DeterminingPolicyItem&& value) { m_determiningPoliciesHasBeenSet = true; m_determiningPolicies.push_back(std::move(value)); return *this; } + + + /** + *Errors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline const Aws::VectorErrors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline bool ErrorsHasBeenSet() const { return m_errorsHasBeenSet; } + + /** + *Errors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline void SetErrors(const Aws::VectorErrors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline void SetErrors(Aws::VectorErrors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithErrors(const Aws::VectorErrors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& WithErrors(Aws::VectorErrors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& AddErrors(const EvaluationErrorItem& value) { m_errorsHasBeenSet = true; m_errors.push_back(value); return *this; } + + /** + *Errors that occurred while making an authorization decision. For example, a + * policy might reference an entity or attribute that doesn't exist in the + * request.
+ */ + inline BatchIsAuthorizedWithTokenOutputItem& AddErrors(EvaluationErrorItem&& value) { m_errorsHasBeenSet = true; m_errors.push_back(std::move(value)); return *this; } + + private: + + BatchIsAuthorizedWithTokenInputItem m_request; + bool m_requestHasBeenSet = false; + + Decision m_decision; + bool m_decisionHasBeenSet = false; + + Aws::VectorSpecifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline const Aws::String& GetPolicyStoreId() const{ return m_policyStoreId; } + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline bool PolicyStoreIdHasBeenSet() const { return m_policyStoreIdHasBeenSet; } + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline void SetPolicyStoreId(const Aws::String& value) { m_policyStoreIdHasBeenSet = true; m_policyStoreId = value; } + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline void SetPolicyStoreId(Aws::String&& value) { m_policyStoreIdHasBeenSet = true; m_policyStoreId = std::move(value); } + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline void SetPolicyStoreId(const char* value) { m_policyStoreIdHasBeenSet = true; m_policyStoreId.assign(value); } + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline BatchIsAuthorizedWithTokenRequest& WithPolicyStoreId(const Aws::String& value) { SetPolicyStoreId(value); return *this;} + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline BatchIsAuthorizedWithTokenRequest& WithPolicyStoreId(Aws::String&& value) { SetPolicyStoreId(std::move(value)); return *this;} + + /** + *Specifies the ID of the policy store. Policies in this policy store will be + * used to make an authorization decision for the input.
+ */ + inline BatchIsAuthorizedWithTokenRequest& WithPolicyStoreId(const char* value) { SetPolicyStoreId(value); return *this;} + + + /** + *Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an identity (ID) token for the principal that you want to authorize
+ * in each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an ID token. Verified Permissions returns an error if the token_use
+ * claim in the submitted token isn't id
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies an access token for the principal that you want to authorize in
+ * each request. This token is provided to you by the identity provider (IdP)
+ * associated with the specified identity source. You must specify either an
+ * accessToken
, an identityToken
, or both.
Must be
+ * an access token. Verified Permissions returns an error if the
+ * token_use
claim in the submitted token isn't
+ * access
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified + * Permissions can examine when evaluating the policies.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal
+ * attributes from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
An array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline const Aws::VectorAn array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline bool RequestsHasBeenSet() const { return m_requestsHasBeenSet; } + + /** + *An array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline void SetRequests(const Aws::VectorAn array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline void SetRequests(Aws::VectorAn array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline BatchIsAuthorizedWithTokenRequest& WithRequests(const Aws::VectorAn array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline BatchIsAuthorizedWithTokenRequest& WithRequests(Aws::VectorAn array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline BatchIsAuthorizedWithTokenRequest& AddRequests(const BatchIsAuthorizedWithTokenInputItem& value) { m_requestsHasBeenSet = true; m_requests.push_back(value); return *this; } + + /** + *An array of up to 30 requests that you want Verified Permissions to + * evaluate.
+ */ + inline BatchIsAuthorizedWithTokenRequest& AddRequests(BatchIsAuthorizedWithTokenInputItem&& value) { m_requestsHasBeenSet = true; m_requests.push_back(std::move(value)); return *this; } + + private: + + Aws::String m_policyStoreId; + bool m_policyStoreIdHasBeenSet = false; + + Aws::String m_identityToken; + bool m_identityTokenHasBeenSet = false; + + Aws::String m_accessToken; + bool m_accessTokenHasBeenSet = false; + + EntitiesDefinition m_entities; + bool m_entitiesHasBeenSet = false; + + Aws::VectorThe identifier of the principal in the ID or access token.
+ */ + inline const EntityIdentifier& GetPrincipal() const{ return m_principal; } + + /** + *The identifier of the principal in the ID or access token.
+ */ + inline void SetPrincipal(const EntityIdentifier& value) { m_principal = value; } + + /** + *The identifier of the principal in the ID or access token.
+ */ + inline void SetPrincipal(EntityIdentifier&& value) { m_principal = std::move(value); } + + /** + *The identifier of the principal in the ID or access token.
+ */ + inline BatchIsAuthorizedWithTokenResult& WithPrincipal(const EntityIdentifier& value) { SetPrincipal(value); return *this;} + + /** + *The identifier of the principal in the ID or access token.
+ */ + inline BatchIsAuthorizedWithTokenResult& WithPrincipal(EntityIdentifier&& value) { SetPrincipal(std::move(value)); return *this;} + + + /** + *A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
A series of Allow
or Deny
decisions for each
+ * request, and the policies that produced them.
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
This data type is part of a A list of user groups and entities from an Amazon Cognito user pool identity + * source.
This data type is part of a CognitoUserPoolConfiguration * structure and is a request parameter in CreateIdentitySource.
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
This data type is part of an A list of user groups and entities from an Amazon Cognito user pool identity + * source.
This data type is part of an CognitoUserPoolConfigurationDetail * structure and is a response parameter to GetIdentitySource.
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
This data type is part of an A list of user groups and entities from an Amazon Cognito user pool identity + * source.
This data type is part of an CognitoUserPoolConfigurationItem * structure and is a response parameter to ListIdentitySources.
Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- * ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
- * "MyCorp::Group"}}
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline const CognitoGroupConfiguration& GetGroupConfiguration() const{ return m_groupConfiguration; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline bool GroupConfigurationHasBeenSet() const { return m_groupConfigurationHasBeenSet; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(const CognitoGroupConfiguration& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = value; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(CognitoGroupConfiguration&& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = std::move(value); } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfiguration& WithGroupConfiguration(const CognitoGroupConfiguration& value) { SetGroupConfiguration(value); return *this;} /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfiguration& WithGroupConfiguration(CognitoGroupConfiguration&& value) { SetGroupConfiguration(std::move(value)); return *this;} diff --git a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationDetail.h b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationDetail.h index f8764ba0842..ac0f33e7974 100644 --- a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationDetail.h +++ b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationDetail.h @@ -33,8 +33,7 @@ namespace Model * structure that is part of the response to GetIdentitySource. *Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- * ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
- * "MyCorp::Group"}}
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline const CognitoGroupConfigurationDetail& GetGroupConfiguration() const{ return m_groupConfiguration; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline bool GroupConfigurationHasBeenSet() const { return m_groupConfigurationHasBeenSet; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(const CognitoGroupConfigurationDetail& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = value; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(CognitoGroupConfigurationDetail&& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = std::move(value); } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfigurationDetail& WithGroupConfiguration(const CognitoGroupConfigurationDetail& value) { SetGroupConfiguration(value); return *this;} /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfigurationDetail& WithGroupConfiguration(CognitoGroupConfigurationDetail&& value) { SetGroupConfiguration(std::move(value)); return *this;} diff --git a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationItem.h b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationItem.h index 5a7f9a09dcc..3503c18ce98 100644 --- a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationItem.h +++ b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/CognitoUserPoolConfigurationItem.h @@ -33,8 +33,7 @@ namespace Model * structure that is part of the response to ListIdentitySources. *Example:"CognitoUserPoolConfiguration":{"UserPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","ClientIds":
- * ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
- * "MyCorp::Group"}}
The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline const CognitoGroupConfigurationItem& GetGroupConfiguration() const{ return m_groupConfiguration; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline bool GroupConfigurationHasBeenSet() const { return m_groupConfigurationHasBeenSet; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(const CognitoGroupConfigurationItem& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = value; } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline void SetGroupConfiguration(CognitoGroupConfigurationItem&& value) { m_groupConfigurationHasBeenSet = true; m_groupConfiguration = std::move(value); } /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfigurationItem& WithGroupConfiguration(const CognitoGroupConfigurationItem& value) { SetGroupConfiguration(value); return *this;} /** - *The type of entity that a policy store maps to groups from an Amazon Cognito - * user pool identity source.
+ *The configuration of the user groups from an Amazon Cognito user pool + * identity source.
*/ inline CognitoUserPoolConfigurationItem& WithGroupConfiguration(CognitoGroupConfigurationItem&& value) { SetGroupConfiguration(std::move(value)); return *this;} diff --git a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/Configuration.h b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/Configuration.h index 0f83b451706..6e1a26b9d40 100644 --- a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/Configuration.h +++ b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/Configuration.h @@ -26,10 +26,9 @@ namespace Model /** *Contains configuration information used when creating a new identity * source.
At this time, the only valid member of this structure is a - * Amazon Cognito user pool configuration.
Specifies a
- * userPoolArn
, a groupConfiguration
, and a
- * ClientId
.
This data type is used as a request
- * parameter for the You must specify a
+ * This data type is used as a request parameter for the CreateIdentitySource
* operation.userPoolArn
, and optionally, a ClientId
.See Also:
AWS
diff --git a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/ConfigurationDetail.h b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/ConfigurationDetail.h
index 429910cd6c1..3b047fa3bd1 100644
--- a/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/ConfigurationDetail.h
+++ b/generated/src/aws-cpp-sdk-verifiedpermissions/include/aws/verifiedpermissions/model/ConfigurationDetail.h
@@ -45,9 +45,8 @@ namespace Model
* Permissions can use as a source of authenticated identities as entities. It
* specifies the Amazon
- * Resource Name (ARN) of a Amazon Cognito user pool, the policy store entity
- * that you want to assign to user groups, and one or more application client
- * IDs.
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Example: + * Resource Name (ARN) of a Amazon Cognito user pool and one or more + * application client IDs.
Example:
* "configuration":{"cognitoUserPoolConfiguration":{"userPoolArn":"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5","clientIds":
* ["a1b2c3d4e5f6g7h8i9j0kalbmc"],"groupConfiguration": {"groupEntityType":
* "MyCorp::Group"}}}
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
Specifies the list of resources and their associated attributes that Verified - * Permissions can examine when evaluating the policies.
You can - * include only resource and action entities in this parameter; you can't include - * principals.
The IsAuthorizedWithToken
operation
- * takes principal attributes from only the
- * identityToken
or accessToken
passed to the
- * operation.
For action entities, you can include only their
- * Identifier
and EntityType
.
You + * can't include principals in this parameter, only resource and action entities. + * This parameter can't include any entities of a type that matches the user or + * group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes
+ * from only the identityToken
or
+ * accessToken
passed to the operation.
For action
+ * entities, you can include only their Identifier
and
+ * EntityType
.
The user group entities from an Amazon Cognito user pool identity + *
A list of user groups and entities from an Amazon Cognito user pool identity * source.
The configuration for applying a filter to all sheets. You can apply this filter to all visuals on every sheet.
This is a union type structure. For this structure to be valid, only one of the attributes can be defined.
" + "documentation":"An empty object that represents that the AllSheets
option is the chosen value for the FilterScopeConfiguration
parameter. This structure applies the filter to all visuals on all sheets of an Analysis, Dashboard, or Template.
This is a union type structure. For this structure to be valid, only one of the attributes can be defined.
" }, "AmazonElasticsearchParameters":{ "type":"structure", @@ -7227,6 +7227,10 @@ "ContactNumber":{ "shape":"String", "documentation":"A 10-digit phone number for the author of the Amazon QuickSight account to use for future communications. This field is required if ENTERPPRISE_AND_Q
is the selected edition of the new Amazon QuickSight account.
The Amazon Resource Name (ARN) for the IAM Identity Center instance.
" } } }, @@ -15413,7 +15417,7 @@ }, "AllSheets":{ "shape":"AllSheetsFilterScopeConfiguration", - "documentation":"The configuration for applying a filter to all sheets.
" + "documentation":"The configuration that applies a filter to all sheets. When you choose AllSheets
as the value for a FilterScopeConfiguration
, this filter is applied to all visuals of all sheets in an Analysis, Dashboard, or Template. The AllSheetsFilterScopeConfiguration
is chosen.
The scope configuration for a FilterGroup
.
This is a union type structure. For this structure to be valid, only one of the attributes can be defined.
" diff --git a/tools/code-generation/api-descriptions/resource-groups-2017-11-27.normal.json b/tools/code-generation/api-descriptions/resource-groups-2017-11-27.normal.json index bd4e81ccc3e..62ecc5a9404 100644 --- a/tools/code-generation/api-descriptions/resource-groups-2017-11-27.normal.json +++ b/tools/code-generation/api-descriptions/resource-groups-2017-11-27.normal.json @@ -368,7 +368,7 @@ "members":{ "Name":{ "shape":"GroupName", - "documentation":"The name of the group, which is the identifier of the group in other operations. You can't change the name of a resource group after you create it. A resource group name can consist of letters, numbers, hyphens, periods, and underscores. The name cannot start with AWS
or aws
; these are reserved. A resource group name must be unique within each Amazon Web Services Region in your Amazon Web Services account.
The name of the group, which is the identifier of the group in other operations. You can't change the name of a resource group after you create it. A resource group name can consist of letters, numbers, hyphens, periods, and underscores. The name cannot start with AWS
, aws
, or any other possible capitalization; these are reserved. A resource group name must be unique within each Amazon Web Services Region in your Amazon Web Services account.
A list of QueryError
objects. Each error is an object that contains ErrorCode
and Message
structures. Possible values for ErrorCode
are CLOUDFORMATION_STACK_INACTIVE
and CLOUDFORMATION_STACK_NOT_EXISTING
.
A list of QueryError
objects. Each error contains an ErrorCode
and Message
. Possible values for ErrorCode are CLOUDFORMATION_STACK_INACTIVE
, CLOUDFORMATION_STACK_NOT_EXISTING
, CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
and RESOURCE_TYPE_NOT_SUPPORTED
.
Filters, formatted as GroupFilter objects, that you want to apply to a ListGroups
operation.
resource-type
- Filter the results to include only those of the specified resource types. Specify up to five resource types in the format AWS::ServiceCode::ResourceType
. For example, AWS::EC2::Instance
, or AWS::S3::Bucket
.
configuration-type
- Filter the results to include only those groups that have the specified configuration types attached. The current supported values are:
AWS::EC2::CapacityReservationPool
AWS::EC2::HostManagement
Filters, formatted as GroupFilter objects, that you want to apply to a ListGroups
operation.
resource-type
- Filter the results to include only those resource groups that have the specified resource type in their ResourceTypeFilter
. For example, AWS::EC2::Instance
would return any resource group with a ResourceTypeFilter
that includes AWS::EC2::Instance
.
configuration-type
- Filter the results to include only those groups that have the specified configuration types attached. The current supported values are:
AWS::AppRegistry::Application
AWS::AppRegistry::ApplicationResourceGroups
AWS::CloudFormation::Stack
AWS::EC2::CapacityReservationPool
AWS::EC2::HostManagement
AWS::NetworkFirewall::RuleGroup
A message that explains the ErrorCode
value. Messages might state that the specified CloudFront stack does not exist (or no longer exists). For CLOUDFORMATION_STACK_INACTIVE
, the message typically states that the CloudFront stack has a status that is not (or no longer) active, such as CREATE_FAILED
.
A message that explains the ErrorCode
.
A two-part error structure that can occur in ListGroupResources
or SearchResources
operations on CloudFront stack-based queries. The error occurs if the CloudFront stack on which the query is based either does not exist, or has a status that renders the stack inactive. A QueryError
occurrence does not necessarily mean that Resource Groups could not complete the operation, but the resulting group might have no member resources.
A two-part error structure that can occur in ListGroupResources
or SearchResources
.
A list of QueryError
objects. Each error is an object that contains ErrorCode
and Message
structures.
Possible values for ErrorCode
:
CLOUDFORMATION_STACK_INACTIVE
CLOUDFORMATION_STACK_NOT_EXISTING
A list of QueryError
objects. Each error contains an ErrorCode
and Message
.
Possible values for ErrorCode
:
CLOUDFORMATION_STACK_INACTIVE
CLOUDFORMATION_STACK_NOT_EXISTING
CLOUDFORMATION_STACK_UNASSUMABLE_ROLE
Makes a series of decisions about multiple authorization requests for one principal or resource. Each request contains the equivalent content of an IsAuthorized
request: principal, action, resource, and context. Either the principal
or the resource
parameter must be identical across all requests. For example, Verified Permissions won't evaluate a pair of requests where bob
views photo1
and alice
views photo2
. Authorization of bob
to view photo1
and photo2
, or bob
and alice
to view photo1
, are valid batches.
The request is evaluated against all policies in the specified policy store that match the entities that you declare. The result of the decisions is a series of Allow
or Deny
responses, along with the IDs of the policies that produced each decision.
The entities
of a BatchIsAuthorized
API request can contain up to 100 principals and up to 100 resources. The requests
of a BatchIsAuthorized
API request can contain up to 30 requests.
The BatchIsAuthorized
operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorized
in their IAM policies.
Makes a series of decisions about multiple authorization requests for one token. The principal in this request comes from an external identity source in the form of an identity or access token, formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluations.
The request is evaluated against all policies in the specified policy store that match the entities that you provide in the entities declaration and in the token. The result of the decisions is a series of Allow
or Deny
responses, along with the IDs of the policies that produced each decision.
The entities
of a BatchIsAuthorizedWithToken
API request can contain up to 100 resources and up to 99 user groups. The requests
of a BatchIsAuthorizedWithToken
API request can contain up to 30 requests.
The BatchIsAuthorizedWithToken
operation doesn't have its own IAM permission. To authorize this operation for Amazon Web Services principals, include the permission verifiedpermissions:IsAuthorizedWithToken
in their IAM policies.
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow
or Deny
, along with a list of the policies that resulted in the decision.
If you specify the identityToken
parameter, then this operation derives the principal from that token. You must not also include that principal in the entities
parameter or the operation fails and reports a conflict between the two entity sources.
If you provide only an accessToken
, then you can include the entity as part of the entities
parameter to provide additional attributes.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
Makes an authorization decision about a service request described in the parameters. The principal in this request comes from an external identity source in the form of an identity token formatted as a JSON web token (JWT). The information in the parameters can also define additional context that Verified Permissions can include in the evaluation. The request is evaluated against all matching policies in the specified policy store. The result of the decision is either Allow
or Deny
, along with a list of the policies that resulted in the decision.
At this time, Verified Permissions accepts tokens from only Amazon Cognito.
Verified Permissions validates each token that is specified in a request by checking its expiration date and its signature.
If you delete a Amazon Cognito user pool or user, tokens from that deleted pool or that deleted user continue to be usable until they expire.
Specifies the ID of the policy store. Policies in this policy store will be used to make an authorization decision for the input.
" + }, + "identityToken":{ + "shape":"Token", + "documentation":"Specifies an identity (ID) token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken
, an identityToken
, or both.
Must be an ID token. Verified Permissions returns an error if the token_use
claim in the submitted token isn't id
.
Specifies an access token for the principal that you want to authorize in each request. This token is provided to you by the identity provider (IdP) associated with the specified identity source. You must specify either an accessToken
, an identityToken
, or both.
Must be an access token. Verified Permissions returns an error if the token_use
claim in the submitted token isn't access
.
Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.
You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.
The BatchIsAuthorizedWithToken
operation takes principal attributes from only the identityToken
or accessToken
passed to the operation.
For action entities, you can include only their Identifier
and EntityType
.
An array of up to 30 requests that you want Verified Permissions to evaluate.
" + } + } + }, + "BatchIsAuthorizedWithTokenInputItem":{ + "type":"structure", + "members":{ + "action":{ + "shape":"ActionIdentifier", + "documentation":"Specifies the requested action to be authorized. For example, PhotoFlash::ReadPhoto
.
Specifies the resource that you want an authorization decision for. For example, PhotoFlash::Photo
.
Specifies additional context that can be used to make more granular authorization decisions.
" + } + }, + "documentation":"An authorization request that you include in a BatchIsAuthorizedWithToken
API request.
The identifier of the principal in the ID or access token.
" + }, + "results":{ + "shape":"BatchIsAuthorizedWithTokenOutputList", + "documentation":"A series of Allow
or Deny
decisions for each request, and the policies that produced them.
The authorization request that initiated the decision.
" + }, + "decision":{ + "shape":"Decision", + "documentation":"An authorization decision that indicates if the authorization request should be allowed or denied.
" + }, + "determiningPolicies":{ + "shape":"DeterminingPolicyList", + "documentation":"The list of determining policies used to make the authorization decision. For example, if there are two matching policies, where one is a forbid and the other is a permit, then the forbid policy will be the determining policy. In the case of multiple matching permit policies then there would be multiple determining policies. In the case that no policies match, and hence the response is DENY, there would be no determining policies.
" + }, + "errors":{ + "shape":"EvaluationErrorList", + "documentation":"Errors that occurred while making an authorization decision. For example, a policy might reference an entity or attribute that doesn't exist in the request.
" + } + }, + "documentation":"The decision, based on policy evaluation, from an individual authorization request in a BatchIsAuthorizedWithToken
API request.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup
.
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of a CognitoUserPoolConfiguration structure and is a request parameter in CreateIdentitySource.
" + "documentation":"A list of user groups and entities from an Amazon Cognito user pool identity source.
This data type is part of a CognitoUserPoolConfiguration structure and is a request parameter in CreateIdentitySource.
" }, "CognitoGroupConfigurationDetail":{ "type":"structure", @@ -671,7 +786,7 @@ "documentation":"The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup
.
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationDetail structure and is a response parameter to GetIdentitySource.
" + "documentation":"A list of user groups and entities from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationDetail structure and is a response parameter to GetIdentitySource.
" }, "CognitoGroupConfigurationItem":{ "type":"structure", @@ -681,7 +796,7 @@ "documentation":"The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup
.
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationItem structure and is a response parameter to ListIdentitySources.
" + "documentation":"A list of user groups and entities from an Amazon Cognito user pool identity source.
This data type is part of an CognitoUserPoolConfigurationItem structure and is a response parameter to ListIdentitySources.
" }, "CognitoUserPoolConfiguration":{ "type":"structure", @@ -697,10 +812,10 @@ }, "groupConfiguration":{ "shape":"CognitoGroupConfiguration", - "documentation":"The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
" + "documentation":"The configuration of the user groups from an Amazon Cognito user pool identity source.
" } }, - "documentation":"The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an Configuration structure that is used as a parameter to CreateIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an Configuration structure that is used as a parameter to CreateIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
" + "documentation":"The configuration of the user groups from an Amazon Cognito user pool identity source.
" } }, - "documentation":"The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an ConfigurationDetail structure that is part of the response to GetIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of an ConfigurationDetail structure that is part of the response to GetIdentitySource.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}
The type of entity that a policy store maps to groups from an Amazon Cognito user pool identity source.
" + "documentation":"The configuration of the user groups from an Amazon Cognito user pool identity source.
" } }, - "documentation":"The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of the ConfigurationItem structure that is part of the response to ListIdentitySources.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}
The configuration for an identity source that represents a connection to an Amazon Cognito user pool used as an identity provider for Verified Permissions.
This data type is used as a field that is part of the ConfigurationItem structure that is part of the response to ListIdentitySources.
Example:\"CognitoUserPoolConfiguration\":{\"UserPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"ClientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"]}
Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration information used when creating a new identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
Specifies a userPoolArn
, a groupConfiguration
, and a ClientId
.
This data type is used as a request parameter for the CreateIdentitySource operation.
", + "documentation":"Contains configuration information used when creating a new identity source.
At this time, the only valid member of this structure is a Amazon Cognito user pool configuration.
You must specify a userPoolArn
, and optionally, a ClientId
.
This data type is used as a request parameter for the CreateIdentitySource operation.
", "union":true }, "ConfigurationDetail":{ @@ -772,7 +887,7 @@ "members":{ "cognitoUserPoolConfiguration":{ "shape":"CognitoUserPoolConfigurationDetail", - "documentation":"Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration information about an identity source.
This data type is a response parameter to the GetIdentitySource operation.
", @@ -783,7 +898,7 @@ "members":{ "cognitoUserPoolConfiguration":{ "shape":"CognitoUserPoolConfigurationItem", - "documentation":"Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool, the policy store entity that you want to assign to user groups, and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration details of a Amazon Cognito user pool that Verified Permissions can use as a source of authenticated identities as entities. It specifies the Amazon Resource Name (ARN) of a Amazon Cognito user pool and one or more application client IDs.
Example: \"configuration\":{\"cognitoUserPoolConfiguration\":{\"userPoolArn\":\"arn:aws:cognito-idp:us-east-1:123456789012:userpool/us-east-1_1a2b3c4d5\",\"clientIds\": [\"a1b2c3d4e5f6g7h8i9j0kalbmc\"],\"groupConfiguration\": {\"groupEntityType\": \"MyCorp::Group\"}}}
Contains configuration information about an identity source.
This data type is a response parameter to the ListIdentitySources operation.
", @@ -1746,7 +1861,7 @@ }, "entities":{ "shape":"EntitiesDefinition", - "documentation":"Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.
You can include only resource and action entities in this parameter; you can't include principals.
The IsAuthorizedWithToken
operation takes principal attributes from only the identityToken
or accessToken
passed to the operation.
For action entities, you can include only their Identifier
and EntityType
.
Specifies the list of resources and their associated attributes that Verified Permissions can examine when evaluating the policies.
You can't include principals in this parameter, only resource and action entities. This parameter can't include any entities of a type that matches the user or group entity types that you defined in your identity source.
The IsAuthorizedWithToken
operation takes principal attributes from only the identityToken
or accessToken
passed to the operation.
For action entities, you can include only their Identifier
and EntityType
.
The name of the schema entity type that's mapped to the user pool group. Defaults to AWS::CognitoGroup
.
The user group entities from an Amazon Cognito user pool identity source.
" + "documentation":"A list of user groups and entities from an Amazon Cognito user pool identity source.
" }, "UpdateCognitoUserPoolConfiguration":{ "type":"structure", diff --git a/tools/code-generation/endpoints/resource-groups-2017-11-27.endpoint-rule-set.json b/tools/code-generation/endpoints/resource-groups-2017-11-27.endpoint-rule-set.json index bc91afc6cdc..4f188f4a0e7 100644 --- a/tools/code-generation/endpoints/resource-groups-2017-11-27.endpoint-rule-set.json +++ b/tools/code-generation/endpoints/resource-groups-2017-11-27.endpoint-rule-set.json @@ -40,7 +40,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -83,7 +82,8 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -96,7 +96,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -110,7 +109,6 @@ "assign": "PartitionResult" } ], - "type": "tree", "rules": [ { "conditions": [ @@ -133,7 +131,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -168,7 +165,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -179,14 +175,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS and DualStack are enabled, but this partition does not support one or both", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -200,14 +198,12 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ - true, { "fn": "getAttr", "argv": [ @@ -216,18 +212,17 @@ }, "supportsFIPS" ] - } + }, + true ] } ], - "type": "tree", "rules": [ { "conditions": [ { "fn": "stringEquals", "argv": [ - "aws-us-gov", { "fn": "getAttr", "argv": [ @@ -236,7 +231,8 @@ }, "name" ] - } + }, + "aws-us-gov" ] } ], @@ -256,14 +252,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "FIPS is enabled but this partition does not support FIPS", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [ @@ -277,7 +275,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [ @@ -297,7 +294,6 @@ ] } ], - "type": "tree", "rules": [ { "conditions": [], @@ -308,14 +304,16 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" }, { "conditions": [], "error": "DualStack is enabled but this partition does not support DualStack", "type": "error" } - ] + ], + "type": "tree" }, { "conditions": [], @@ -326,9 +324,11 @@ }, "type": "endpoint" } - ] + ], + "type": "tree" } - ] + ], + "type": "tree" }, { "conditions": [],