From 7d909cfa34a5531392af8e83e52fa6f4b653a368 Mon Sep 17 00:00:00 2001 From: Erik Price Date: Thu, 28 Jan 2016 11:41:06 -0800 Subject: [PATCH 01/10] Fix docstring typo --- botocore/validate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/botocore/validate.py b/botocore/validate.py index ceec4e5609..8fe0896e2e 100644 --- a/botocore/validate.py +++ b/botocore/validate.py @@ -34,7 +34,7 @@ def validate_parameters(params, shape): :param params: The user provided input parameters. - :type shape: botoore.model.Shape + :type shape: botocore.model.Shape :param shape: The schema which the input parameters should adhere to. From 3c781d16e3085cbb03980a2b330776067c1220fb Mon Sep 17 00:00:00 2001 From: Kyle Knapp Date: Thu, 28 Jan 2016 12:18:38 -0800 Subject: [PATCH 02/10] Revert "Fix docstring typo" --- botocore/validate.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/botocore/validate.py b/botocore/validate.py index 8fe0896e2e..ceec4e5609 100644 --- a/botocore/validate.py +++ b/botocore/validate.py @@ -34,7 +34,7 @@ def validate_parameters(params, shape): :param params: The user provided input parameters. - :type shape: botocore.model.Shape + :type shape: botoore.model.Shape :param shape: The schema which the input parameters should adhere to. From 57c5ba9a92aa8dad55637226b5708f63090f29e8 Mon Sep 17 00:00:00 2001 From: James Saryerwinnie Date: Thu, 14 Jan 2016 14:05:37 -0800 Subject: [PATCH 03/10] Parse xml attributes in XML responses This fixes an issue where the "Type" field was not being populated from S3 responses such as ``get_object_acl``. --- botocore/parsers.py | 9 +++ tests/unit/protocols/output/rest-xml.json | 68 +++++++++++++++++++ .../xml/responses/s3-get-bucket-acl.json | 5 +- .../xml/responses/s3-get-bucket-logging.json | 5 +- 4 files changed, 83 insertions(+), 4 deletions(-) diff --git a/botocore/parsers.py b/botocore/parsers.py index d646d0d53d..67efe60019 100644 --- a/botocore/parsers.py +++ b/botocore/parsers.py @@ -293,6 +293,15 @@ def _handle_structure(self, shape, node): if member_node is not None: parsed[member_name] = self._parse_shape( member_shape, member_node) + elif member_shape.serialization.get('xmlAttribute'): + attribs = {} + location_name = member_shape.serialization['name'] + for key, value in node.attrib.items(): + new_key = self._namespace_re.sub( + location_name.split(':')[0] + ':', key) + attribs[new_key] = value + if location_name in attribs: + parsed[member_name] = attribs[location_name] return parsed def _member_key_name(self, shape, member_name): diff --git a/tests/unit/protocols/output/rest-xml.json b/tests/unit/protocols/output/rest-xml.json index 4d4f892a47..9413174ebf 100644 --- a/tests/unit/protocols/output/rest-xml.json +++ b/tests/unit/protocols/output/rest-xml.json @@ -716,5 +716,73 @@ } } ] + }, + { + "description": "Parse XML Attributes", + "metadata": { + "protocol": "rest-xml" + }, + "shapes": { + "OutputShape": { + "type": "structure", + "members": { + "Grants": { + "shape": "Grants", + "locationName": "AccessControlList" + } + } + }, + "Grants": { + "type": "list", + "member": { + "shape": "Grant" + } + }, + "Grant": { + "type": "structure", + "members": { + "Grantee": {"shape": "Grantee"} + } + }, + "Grantee": { + "type": "structure", + "members": { + "DisplayName": {"shape": "String"}, + "ID": {"shape": "String"}, + "Type": { + "shape": "String", + "locationName": "xsi:type", + "xmlAttribute": true + } + } + }, + "String": {"type": "string"} + }, + "cases": [ + { + "given": { + "output": { + "shape": "OutputShape" + }, + "name": "OperationName" + }, + "result": { + "Grants": [ + { + "Grantee": { + "DisplayName": "name", + "ID": "id", + "Type": "CanonicalUser" + } + } + ] + }, + "response": { + "status_code": 200, + "headers": {}, + "body": "id name" + } + } + ] } ] diff --git a/tests/unit/response_parsing/xml/responses/s3-get-bucket-acl.json b/tests/unit/response_parsing/xml/responses/s3-get-bucket-acl.json index d559140b4f..03007a6028 100644 --- a/tests/unit/response_parsing/xml/responses/s3-get-bucket-acl.json +++ b/tests/unit/response_parsing/xml/responses/s3-get-bucket-acl.json @@ -7,10 +7,11 @@ { "Grantee": { "DisplayName": "CustomersName@amazon.com", - "ID": "75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a" + "ID": "75aa57f09aa0c8caeab4f8c24e99d10f8e7faeebf76c078efc7c6caea54ba06a", + "Type": "CanonicalUser" }, "Permission": "FULL_CONTROL" } ], "ResponseMetadata": {} -} \ No newline at end of file +} diff --git a/tests/unit/response_parsing/xml/responses/s3-get-bucket-logging.json b/tests/unit/response_parsing/xml/responses/s3-get-bucket-logging.json index 8cff41a5ab..0c3262d377 100644 --- a/tests/unit/response_parsing/xml/responses/s3-get-bucket-logging.json +++ b/tests/unit/response_parsing/xml/responses/s3-get-bucket-logging.json @@ -5,11 +5,12 @@ "TargetGrants": [ { "Grantee": { - "EmailAddress": "user@company.com" + "EmailAddress": "user@company.com", + "Type": "AmazonCustomerByEmail" }, "Permission": "READ" } ] }, "ResponseMetadata": {} -} \ No newline at end of file +} From e92477fc6c2d5069bc41cca1388359f1e2693bcd Mon Sep 17 00:00:00 2001 From: kyleknap Date: Mon, 25 Jan 2016 17:33:34 -0800 Subject: [PATCH 04/10] Add paginators for ssm --- .../data/ssm/2014-11-06/paginators-1.json | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 botocore/data/ssm/2014-11-06/paginators-1.json diff --git a/botocore/data/ssm/2014-11-06/paginators-1.json b/botocore/data/ssm/2014-11-06/paginators-1.json new file mode 100644 index 0000000000..1abbbeb063 --- /dev/null +++ b/botocore/data/ssm/2014-11-06/paginators-1.json @@ -0,0 +1,28 @@ +{ + "pagination": { + "ListAssociations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Associations" + }, + "ListCommandInvocations": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "CommandInvocations" + }, + "ListCommands": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "Commands" + }, + "ListDocuments": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "DocumentIdentifiers" + } + } +} From 9eb2bc3ecadfbf60cbee3af595f2ef19d9619d09 Mon Sep 17 00:00:00 2001 From: kyleknap Date: Thu, 28 Jan 2016 14:05:40 -0800 Subject: [PATCH 05/10] Update travis config to fail pr's to master --- .travis.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.travis.yml b/.travis.yml index afe4bc0a08..6762075962 100644 --- a/.travis.yml +++ b/.travis.yml @@ -6,6 +6,11 @@ python: - "3.4" - "3.5" sudo: false +before_install: + - if [ "$TRAVIS_PULL_REQUEST" ] && [ "$TRAVIS_BRANCH" == "master" ]; then + echo "No pull requests can be sent to the master branch" 1>&2; + exit 1; + fi install: - python scripts/ci/install script: python scripts/ci/run-tests From 6e74abaa59192382d248761136bf75f4c2c71332 Mon Sep 17 00:00:00 2001 From: kyleknap Date: Thu, 28 Jan 2016 14:31:02 -0800 Subject: [PATCH 06/10] Update waf model --- botocore/data/waf/2015-08-24/service-2.json | 1341 ++++++++----------- 1 file changed, 549 insertions(+), 792 deletions(-) diff --git a/botocore/data/waf/2015-08-24/service-2.json b/botocore/data/waf/2015-08-24/service-2.json index 24e109f947..301d58c0fc 100644 --- a/botocore/data/waf/2015-08-24/service-2.json +++ b/botocore/data/waf/2015-08-24/service-2.json @@ -4,13 +4,12 @@ "apiVersion":"2015-08-24", "endpointPrefix":"waf", "jsonVersion":"1.1", + "protocol":"json", "serviceAbbreviation":"WAF", "serviceFullName":"AWS WAF", "signatureVersion":"v4", - "targetPrefix":"AWSWAF_20150824", - "protocol":"json" + "targetPrefix":"AWSWAF_20150824" }, - "documentation":"

This is the AWS WAF API Reference. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.

", "operations":{ "CreateByteMatchSet":{ "name":"CreateByteMatchSet", @@ -21,37 +20,12 @@ "input":{"shape":"CreateByteMatchSetRequest"}, "output":{"shape":"CreateByteMatchSetResponse"}, "errors":[ - { - "shape":"WAFDisallowedNameException", - "exception":true, - "documentation":"

The name specified is invalid.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Creates a ByteMatchSet. You then use UpdateByteMatchSet to identify the part of a web request that you want AWS WAF to inspect, such as the values of the User-Agent header or the query string. For example, you can create a ByteMatchSet that matches any requests with User-Agent headers that contain the string BadBot. You can then configure AWS WAF to reject those requests.

To create and configure a ByteMatchSet, perform the following steps:

  1. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateByteMatchSet request.
  2. Submit a CreateByteMatchSet request.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateByteMatchSet request.
  4. Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, @@ -64,37 +38,12 @@ "input":{"shape":"CreateIPSetRequest"}, "output":{"shape":"CreateIPSetResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFDisallowedNameException", - "exception":true, - "documentation":"

The name specified is invalid.

" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Creates an IPSet, which you use to specify which web requests you want to allow or block based on the IP addresses that the requests originate from. For example, if you're receiving a lot of requests from one or more individual IP addresses or one or more ranges of IP addresses and you want to block the requests, you can create an IPSet that contains those IP addresses and then configure AWS WAF to block the requests.

To create and configure an IPSet, perform the following steps:

  1. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateIPSet request.
  2. Submit a CreateIPSet request.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet request.
  4. Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, @@ -107,34 +56,31 @@ "input":{"shape":"CreateRuleRequest"}, "output":{"shape":"CreateRuleResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFDisallowedNameException", - "exception":true, - "documentation":"

The name specified is invalid.

" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFLimitsExceededException"} ], - "documentation":"

Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to block. If you add more than one predicate to a Rule, a request must match all of the specifications to be allowed or blocked. For example, suppose you add the following to a Rule:

  • An IPSet that matches the IP address 192.0.2.44/32
  • A ByteMatchSet that matches BadBot in the User-Agent header

You then add the Rule to a WebACL and specify that you want to blocks requests that satisfy the Rule. For a request to be blocked, it must come from the IP address 192.0.2.44 and the User-Agent header in the request must contain the value BadBot.

To create and configure a Rule, perform the following steps:

  1. Create and update the predicates that you want to include in the Rule. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateRule request.
  3. Submit a CreateRule request.
  4. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateRule request.
  5. Submit an UpdateRule request to specify the predicates that you want to include in the Rule.
  6. Create and update a WebACL that contains the Rule. For more information, see CreateWebACL.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" + "documentation":"

Creates a Rule, which contains the IPSet objects, ByteMatchSet objects, and other predicates that identify the requests that you want to block. If you add more than one predicate to a Rule, a request must match all of the specifications to be allowed or blocked. For example, suppose you add the following to a Rule:

  • An IPSet that matches the IP address 192.0.2.44/32
  • A ByteMatchSet that matches BadBot in the User-Agent header

You then add the Rule to a WebACL and specify that you want to blocks requests that satisfy the Rule. For a request to be blocked, it must come from the IP address 192.0.2.44 and the User-Agent header in the request must contain the value BadBot.

To create and configure a Rule, perform the following steps:

  1. Create and update the predicates that you want to include in the Rule. For more information, see CreateByteMatchSet, CreateIPSet, and CreateSqlInjectionMatchSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateRule request.
  3. Submit a CreateRule request.
  4. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateRule request.
  5. Submit an UpdateRule request to specify the predicates that you want to include in the Rule.
  6. Create and update a WebACL that contains the Rule. For more information, see CreateWebACL.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" + }, + "CreateSizeConstraintSet":{ + "name":"CreateSizeConstraintSet", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"CreateSizeConstraintSetRequest"}, + "output":{"shape":"CreateSizeConstraintSetResponse"}, + "errors":[ + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFLimitsExceededException"} + ], + "documentation":"

Creates a SizeConstraintSet. You then use UpdateSizeConstraintSet to identify the part of a web request that you want AWS WAF to check for length, such as the length of the User-Agent header or the length of the query string. For example, you can create a SizeConstraintSet that matches any requests that have a query string that is longer than 100 bytes. You can then configure AWS WAF to reject those requests.

To create and configure a SizeConstraintSet, perform the following steps:

  1. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateSizeConstraintSet request.
  2. Submit a CreateSizeConstraintSet request.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateSizeConstraintSet request.
  4. Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, "CreateSqlInjectionMatchSet":{ "name":"CreateSqlInjectionMatchSet", @@ -142,46 +88,15 @@ "method":"POST", "requestUri":"/" }, - "input":{ - "shape":"CreateSqlInjectionMatchSetRequest", - "documentation":"

A request to create a SqlInjectionMatchSet.

" - }, - "output":{ - "shape":"CreateSqlInjectionMatchSetResponse", - "documentation":"

The response to a CreateSqlInjectionMatchSet request.

" - }, + "input":{"shape":"CreateSqlInjectionMatchSetRequest"}, + "output":{"shape":"CreateSqlInjectionMatchSetResponse"}, "errors":[ - { - "shape":"WAFDisallowedNameException", - "exception":true, - "documentation":"

The name specified is invalid.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Creates a SqlInjectionMatchSet, which you use to allow, block, or count requests that contain snippets of SQL code in a specified part of web requests. AWS WAF searches for character sequences that are likely to be malicious strings.

To create and configure a SqlInjectionMatchSet, perform the following steps:

  1. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateSqlInjectionMatchSet request.
  2. Submit a CreateSqlInjectionMatchSet request.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateSqlInjectionMatchSet request.
  4. Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests in which you want to allow, block, or count malicious SQL code.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, @@ -194,37 +109,12 @@ "input":{"shape":"CreateWebACLRequest"}, "output":{"shape":"CreateWebACLResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFDisallowedNameException", - "exception":true, - "documentation":"

The name specified is invalid.

" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFDisallowedNameException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Creates a WebACL, which contains the Rules that identify the CloudFront web requests that you want to allow, block, or count. AWS WAF evaluates Rules in order based on the value of Priority for each Rule.

You also specify a default action, either ALLOW or BLOCK. If a web request doesn't match any of the Rules in a WebACL, AWS WAF responds to the request with the default action.

To create and configure a WebACL, perform the following steps:

  1. Create and update the ByteMatchSet objects and other predicates that you want to include in Rules. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet.
  2. Create and update the Rules that you want to include in the WebACL. For more information, see CreateRule and UpdateRule.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a CreateWebACL request.
  4. Submit a CreateWebACL request.
  5. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateWebACL request.
  6. Submit an UpdateWebACL request to specify the Rules that you want to include in the WebACL, to specify the default action, and to associate the WebACL with a CloudFront distribution.

For more information about how to use the AWS WAF API, see the AWS WAF Developer Guide.

" }, @@ -237,37 +127,12 @@ "input":{"shape":"DeleteByteMatchSetRequest"}, "output":{"shape":"DeleteByteMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFNonEmptyEntityException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFNonEmptyEntityException"} ], "documentation":"

Permanently deletes a ByteMatchSet. You can't delete a ByteMatchSet if it's still used in any Rules or if it still includes any ByteMatchTuple objects (any filters).

If you just want to remove a ByteMatchSet from a Rule, use UpdateRule.

To permanently delete a ByteMatchSet, perform the following steps:

  1. Update the ByteMatchSet to remove filters, if any. For more information, see UpdateByteMatchSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteByteMatchSet request.
  3. Submit a DeleteByteMatchSet request.
" }, @@ -280,37 +145,12 @@ "input":{"shape":"DeleteIPSetRequest"}, "output":{"shape":"DeleteIPSetResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFNonEmptyEntityException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFNonEmptyEntityException"} ], "documentation":"

Permanently deletes an IPSet. You can't delete an IPSet if it's still used in any Rules or if it still includes any IP addresses.

If you just want to remove an IPSet from a Rule, use UpdateRule.

To permanently delete an IPSet from AWS WAF, perform the following steps:

  1. Update the IPSet to remove IP address ranges, if any. For more information, see UpdateIPSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteIPSet request.
  3. Submit a DeleteIPSet request.
" }, @@ -323,86 +163,48 @@ "input":{"shape":"DeleteRuleRequest"}, "output":{"shape":"DeleteRuleResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFNonEmptyEntityException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFNonEmptyEntityException"} ], "documentation":"

Permanently deletes a Rule. You can't delete a Rule if it's still used in any WebACL objects or if it still includes any predicates, such as ByteMatchSet objects.

If you just want to remove a Rule from a WebACL, use UpdateWebACL.

To permanently delete a Rule from AWS WAF, perform the following steps:

  1. Update the Rule to remove predicates, if any. For more information, see UpdateRule.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteRule request.
  3. Submit a DeleteRule request.
" }, + "DeleteSizeConstraintSet":{ + "name":"DeleteSizeConstraintSet", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"DeleteSizeConstraintSetRequest"}, + "output":{"shape":"DeleteSizeConstraintSetResponse"}, + "errors":[ + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFNonEmptyEntityException"} + ], + "documentation":"

Permanently deletes a SizeConstraintSet. You can't delete a SizeConstraintSet if it's still used in any Rules or if it still includes any SizeConstraint objects (any filters).

If you just want to remove a SizeConstraintSet from a Rule, use UpdateRule.

To permanently delete a SizeConstraintSet, perform the following steps:

  1. Update the SizeConstraintSet to remove filters, if any. For more information, see UpdateSizeConstraintSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteSizeConstraintSet request.
  3. Submit a DeleteSizeConstraintSet request.
" + }, "DeleteSqlInjectionMatchSet":{ "name":"DeleteSqlInjectionMatchSet", "http":{ "method":"POST", "requestUri":"/" }, - "input":{ - "shape":"DeleteSqlInjectionMatchSetRequest", - "documentation":"

A request to delete a SqlInjectionMatchSet from AWS WAF.

" - }, - "output":{ - "shape":"DeleteSqlInjectionMatchSetResponse", - "documentation":"

The response to a request to delete a SqlInjectionMatchSet from AWS WAF.

" - }, + "input":{"shape":"DeleteSqlInjectionMatchSetRequest"}, + "output":{"shape":"DeleteSqlInjectionMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFNonEmptyEntityException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFNonEmptyEntityException"} ], "documentation":"

Permanently deletes a SqlInjectionMatchSet. You can't delete a SqlInjectionMatchSet if it's still used in any Rules or if it still contains any SqlInjectionMatchTuple objects.

If you just want to remove a SqlInjectionMatchSet from a Rule, use UpdateRule.

To permanently delete a SqlInjectionMatchSet from AWS WAF, perform the following steps:

  1. Update the SqlInjectionMatchSet to remove filters, if any. For more information, see UpdateSqlInjectionMatchSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteSqlInjectionMatchSet request.
  3. Submit a DeleteSqlInjectionMatchSet request.
" }, @@ -415,37 +217,12 @@ "input":{"shape":"DeleteWebACLRequest"}, "output":{"shape":"DeleteWebACLResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFNonEmptyEntityException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFNonEmptyEntityException"} ], "documentation":"

Permanently deletes a WebACL. You can't delete a WebACL if it still contains any Rules.

To delete a WebACL, perform the following steps:

  1. Update the WebACL to remove Rules, if any. For more information, see UpdateWebACL.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of a DeleteWebACL request.
  3. Submit a DeleteWebACL request.
" }, @@ -458,22 +235,9 @@ "input":{"shape":"GetByteMatchSetRequest"}, "output":{"shape":"GetByteMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} ], "documentation":"

Returns the ByteMatchSet specified by ByteMatchSetId.

" }, @@ -486,12 +250,7 @@ "input":{"shape":"GetChangeTokenRequest"}, "output":{"shape":"GetChangeTokenResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - } + {"shape":"WAFInternalErrorException"} ], "documentation":"

When you want to create, update, or delete AWS WAF objects, get a change token and include the change token in the create, update, or delete request. Change tokens ensure that your application doesn't submit conflicting requests to AWS WAF.

Each create, update, or delete request must use a unique change token. If your application submits a GetChangeToken request and then submits a second GetChangeToken request before submitting a create, update, or delete request, the second GetChangeToken request returns the same value as the first GetChangeToken request.

When you use a change token in a create, update, or delete request, the status of the change token changes to PENDING, which indicates that AWS WAF is propagating the change to all AWS WAF servers. Use GetChangeTokenStatus to determine the status of your change token.

" }, @@ -504,19 +263,10 @@ "input":{"shape":"GetChangeTokenStatusRequest"}, "output":{"shape":"GetChangeTokenStatusResponse"}, "errors":[ - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - } + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFInternalErrorException"} ], - "documentation":"

Returns the status of a ChangeToken that you got by calling GetChangeToken. ChangeTokenStatus is one of the following values:

  • PROVISIONED: You requested the change token by calling GetChangeToken, but you haven't used it yet in a call to create, update, or delete an AWS WAF object.
  • PENDING: AWS WAF is propagating the create, update, or delete request to all AWS WAF servers.
  • IN_SYNC: Propagation is complete.
" + "documentation":"

Returns the status of a ChangeToken that you got by calling GetChangeToken. ChangeTokenStatus is one of the following values:

  • PROVISIONED: You requested the change token by calling GetChangeToken, but you haven't used it yet in a call to create, update, or delete an AWS WAF object.
  • PENDING: AWS WAF is propagating the create, update, or delete request to all AWS WAF servers.
  • IN_SYNC: Propagation is complete.
" }, "GetIPSet":{ "name":"GetIPSet", @@ -527,22 +277,9 @@ "input":{"shape":"GetIPSetRequest"}, "output":{"shape":"GetIPSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} ], "documentation":"

Returns the IPSet that is specified by IPSetId.

" }, @@ -555,22 +292,9 @@ "input":{"shape":"GetRuleRequest"}, "output":{"shape":"GetRuleResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} ], "documentation":"

Returns the Rule that is specified by the RuleId that you included in the GetRule request.

" }, @@ -583,45 +307,38 @@ "input":{"shape":"GetSampledRequestsRequest"}, "output":{"shape":"GetSampledRequestsResponse"}, "errors":[ - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFInternalErrorException"} ], "documentation":"

Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 100 requests, and you can specify any time range in the previous three hours.

GetSampledRequests returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, GetSampledRequests returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.

" }, + "GetSizeConstraintSet":{ + "name":"GetSizeConstraintSet", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"GetSizeConstraintSetRequest"}, + "output":{"shape":"GetSizeConstraintSetResponse"}, + "errors":[ + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} + ], + "documentation":"

Returns the SizeConstraintSet specified by SizeConstraintSetId.

" + }, "GetSqlInjectionMatchSet":{ "name":"GetSqlInjectionMatchSet", "http":{ "method":"POST", "requestUri":"/" }, - "input":{ - "shape":"GetSqlInjectionMatchSetRequest", - "documentation":"

A request to get a SqlInjectionMatchSet.

" - }, - "output":{ - "shape":"GetSqlInjectionMatchSetResponse", - "documentation":"

The response to a GetSqlInjectionMatchSet request.

" - }, + "input":{"shape":"GetSqlInjectionMatchSetRequest"}, + "output":{"shape":"GetSqlInjectionMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} ], "documentation":"

Returns the SqlInjectionMatchSet that is specified by SqlInjectionMatchSetId.

" }, @@ -634,22 +351,9 @@ "input":{"shape":"GetWebACLRequest"}, "output":{"shape":"GetWebACLResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFNonexistentItemException"} ], "documentation":"

Returns the WebACL that is specified by WebACLId.

" }, @@ -662,17 +366,8 @@ "input":{"shape":"ListByteMatchSetsRequest"}, "output":{"shape":"ListByteMatchSetsResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} ], "documentation":"

Returns an array of ByteMatchSetSummary objects.

" }, @@ -685,17 +380,8 @@ "input":{"shape":"ListIPSetsRequest"}, "output":{"shape":"ListIPSetsResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} ], "documentation":"

Returns an array of IPSetSummary objects in the response.

" }, @@ -708,46 +394,36 @@ "input":{"shape":"ListRulesRequest"}, "output":{"shape":"ListRulesResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} ], "documentation":"

Returns an array of RuleSummary objects.

" }, + "ListSizeConstraintSets":{ + "name":"ListSizeConstraintSets", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"ListSizeConstraintSetsRequest"}, + "output":{"shape":"ListSizeConstraintSetsResponse"}, + "errors":[ + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} + ], + "documentation":"

Returns an array of SizeConstraintSetSummary objects.

" + }, "ListSqlInjectionMatchSets":{ "name":"ListSqlInjectionMatchSets", "http":{ "method":"POST", "requestUri":"/" }, - "input":{ - "shape":"ListSqlInjectionMatchSetsRequest", - "documentation":"

A request to list the SqlInjectionMatchSet objects created by the current AWS account.

" - }, - "output":{ - "shape":"ListSqlInjectionMatchSetsResponse", - "documentation":"

The response to a ListSqlInjectionMatchSets request.

" - }, + "input":{"shape":"ListSqlInjectionMatchSetsRequest"}, + "output":{"shape":"ListSqlInjectionMatchSetsResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} ], "documentation":"

Returns an array of SqlInjectionMatchSet objects.

" }, @@ -760,17 +436,8 @@ "input":{"shape":"ListWebACLsRequest"}, "output":{"shape":"ListWebACLsResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"} ], "documentation":"

Returns an array of WebACLSummary objects in the response.

" }, @@ -783,47 +450,14 @@ "input":{"shape":"UpdateByteMatchSetRequest"}, "output":{"shape":"UpdateByteMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidOperationException", - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFNonexistentContainerException", - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Inserts or deletes ByteMatchTuple objects (filters) in a ByteMatchSet. For each ByteMatchTuple object, you specify the following values:

  • Whether to insert or delete the object from the array. If you want to change a ByteMatchSetUpdate object, you delete the existing object and add a new one.
  • The part of a web request that you want AWS WAF to inspect, such as a query string or the value of the User-Agent header.
  • The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to look for. For more information, including how you specify the values for the AWS WAF API and the AWS CLI or SDKs, see TargetString in the ByteMatchTuple data type.
  • Where to look, such as at the beginning or the end of a query string.
  • Whether to perform any conversions on the request, such as converting it to lowercase, before inspecting it for the specified string.

For example, you can add a ByteMatchSetUpdate object that matches web requests in which User-Agent headers contain the string BadBot. You can then configure AWS WAF to block those requests.

To create and configure a ByteMatchSet, perform the following steps:

  1. Create a ByteMatchSet. For more information, see CreateByteMatchSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateByteMatchSet request.
  3. Submit an UpdateByteMatchSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, @@ -836,52 +470,15 @@ "input":{"shape":"UpdateIPSetRequest"}, "output":{"shape":"UpdateIPSetResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidOperationException", - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFNonexistentContainerException", - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Inserts or deletes IPSetDescriptor objects in an IPSet. For each IPSetDescriptor object, you specify the following values:

  • Whether to insert or delete the object from the array. If you want to change an IPSetDescriptor object, you delete the existing object and add a new one.
  • The IP address version, IPv4.
  • The IP address in CIDR notation, for example, 192.0.2.0/24 (for the range of IP addresses from 192.0.2.0 to 192.0.2.255) or 192.0.2.44/32 (for the individual IP address 192.0.2.44).

AWS WAF supports /8, /16, /24, and /32 IP address ranges. For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

You use an IPSet to specify which web requests you want to allow or block based on the IP addresses that the requests originated from. For example, if you're receiving a lot of requests from one or a small number of IP addresses and you want to block the requests, you can create an IPSet that specifies those IP addresses, and then configure AWS WAF to block the requests.

To create and configure an IPSet, perform the following steps:

  1. Submit a CreateIPSet request.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet request.
  3. Submit an UpdateIPSet request to specify the IP addresses that you want AWS WAF to watch for.

When you update an IPSet, you specify the IP addresses that you want to add and/or the IP addresses that you want to delete. If you want to change an IP address, you delete the existing IP address and add the new one.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, @@ -894,54 +491,38 @@ "input":{"shape":"UpdateRuleRequest"}, "output":{"shape":"UpdateRuleResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidOperationException", - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFNonexistentContainerException", - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } - ], - "documentation":"

Inserts or deletes Predicate objects in a Rule. Each Predicate object identifies a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests that you want to allow, block, or count. If you add more than one predicate to a Rule, a request must match all of the specifications to be allowed, blocked, or counted. For example, suppose you add the following to a Rule:

  • A ByteMatchSet that matches the value BadBot in the User-Agent header
  • An IPSet that matches the IP address 192.0.2.44

You then add the Rule to a WebACL and specify that you want to block requests that satisfy the Rule. For a request to be blocked, the User-Agent header in the request must contain the value BadBot and the request must originate from the IP address 192.0.2.44.

To create and configure a Rule, perform the following steps:

  1. Create and update the predicates that you want to include in the Rule.
  2. Create the Rule. See CreateRule.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateRule request.
  4. Submit an UpdateRule request to add predicates to the Rule.
  5. Create and update a WebACL that contains the Rule. See CreateWebACL.

If you want to replace one ByteMatchSet or IPSet with another, you delete the existing one and add the new one.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFLimitsExceededException"} + ], + "documentation":"

Inserts or deletes Predicate objects in a Rule. Each Predicate object identifies a predicate, such as a ByteMatchSet or an IPSet, that specifies the web requests that you want to allow, block, or count. If you add more than one predicate to a Rule, a request must match all of the specifications to be allowed, blocked, or counted. For example, suppose you add the following to a Rule:

  • A ByteMatchSet that matches the value BadBot in the User-Agent header
  • An IPSet that matches the IP address 192.0.2.44

You then add the Rule to a WebACL and specify that you want to block requests that satisfy the Rule. For a request to be blocked, the User-Agent header in the request must contain the value BadBot and the request must originate from the IP address 192.0.2.44.

To create and configure a Rule, perform the following steps:

  1. Create and update the predicates that you want to include in the Rule.
  2. Create the Rule. See CreateRule.
  3. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateRule request.
  4. Submit an UpdateRule request to add predicates to the Rule.
  5. Create and update a WebACL that contains the Rule. See CreateWebACL.

If you want to replace one ByteMatchSet or IPSet with another, you delete the existing one and add the new one.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" + }, + "UpdateSizeConstraintSet":{ + "name":"UpdateSizeConstraintSet", + "http":{ + "method":"POST", + "requestUri":"/" + }, + "input":{"shape":"UpdateSizeConstraintSetRequest"}, + "output":{"shape":"UpdateSizeConstraintSetResponse"}, + "errors":[ + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFLimitsExceededException"} + ], + "documentation":"

Inserts or deletes SizeConstraint objects (filters) in a SizeConstraintSet. For each SizeConstraint object, you specify the following values:

  • Whether to insert or delete the object from the array. If you want to change a SizeConstraintSetUpdate object, you delete the existing object and add a new one.
  • The part of a web request that you want AWS WAF to evaluate, such as the length of a query string or the length of the User-Agent header.
  • Whether to perform any transformations on the request, such as converting it to lowercase, before checking its length. Note that transformations of the request body are not supported because the AWS resource forwards only the first 8192 bytes of your request to AWS WAF.
  • A ComparisonOperator used for evaluating the selected part of the request against the specified Size, such as equals, greater than, less than, and so on.
  • The length, in bytes, that you want AWS WAF to watch for in selected part of the request. The length is computed after applying the transformation.

For example, you can add a SizeConstraintSetUpdate object that matches web requests in which the length of the User-Agent header is greater than 100 bytes. You can then configure AWS WAF to block those requests.

To create and configure a SizeConstraintSet, perform the following steps:

  1. Create a SizeConstraintSet. For more information, see CreateSizeConstraintSet.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateSizeConstraintSet request.
  3. Submit an UpdateSizeConstraintSet request to specify the part of the request that you want AWS WAF to inspect (for example, the header or the URI) and the value that you want AWS WAF to watch for.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, "UpdateSqlInjectionMatchSet":{ "name":"UpdateSqlInjectionMatchSet", @@ -949,58 +530,19 @@ "method":"POST", "requestUri":"/" }, - "input":{ - "shape":"UpdateSqlInjectionMatchSetRequest", - "documentation":"

A request to update a SqlInjectionMatchSet.

" - }, - "output":{ - "shape":"UpdateSqlInjectionMatchSetResponse", - "documentation":"

The response to an UpdateSqlInjectionMatchSets request.

" - }, + "input":{"shape":"UpdateSqlInjectionMatchSetRequest"}, + "output":{"shape":"UpdateSqlInjectionMatchSetResponse"}, "errors":[ - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidOperationException", - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFNonexistentContainerException", - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } - ], - "documentation":"

Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. For each SqlInjectionMatchTuple object, you specify the following values:

  • Action: Whether to insert the object into or delete the object from the array. To change a SqlInjectionMatchTuple, you delete the existing object and add a new one.
  • FieldToMatch: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.
  • TextTransformation: Which text transformation, if any, to perform on the web request before inspecting the request for snippets of malicious SQL code.

You use SqlInjectionMatchSet objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain snippets of SQL code in the query string and you want to block the requests, you can create a SqlInjectionMatchSet with the applicable settings, and then configure AWS WAF to block the requests.

To create and configure a SqlInjectionMatchSet, perform the following steps:

  1. Submit a CreateSqlInjectionMatchSet request.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet request.
  3. Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests that you want AWS WAF to inspect for snippets of SQL code.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFStaleDataException"}, + {"shape":"WAFLimitsExceededException"} + ], + "documentation":"

Inserts or deletes SqlInjectionMatchTuple objects (filters) in a SqlInjectionMatchSet. For each SqlInjectionMatchTuple object, you specify the following values:

  • Action: Whether to insert the object into or delete the object from the array. To change a SqlInjectionMatchTuple, you delete the existing object and add a new one.
  • FieldToMatch: The part of web requests that you want AWS WAF to inspect and, if you want AWS WAF to inspect a header, the name of the header.
  • TextTransformation: Which text transformation, if any, to perform on the web request before inspecting the request for snippets of malicious SQL code.

You use SqlInjectionMatchSet objects to specify which CloudFront requests you want to allow, block, or count. For example, if you're receiving requests that contain snippets of SQL code in the query string and you want to block the requests, you can create a SqlInjectionMatchSet with the applicable settings, and then configure AWS WAF to block the requests.

To create and configure a SqlInjectionMatchSet, perform the following steps:

  1. Submit a CreateSqlInjectionMatchSet request.
  2. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateIPSet request.
  3. Submit an UpdateSqlInjectionMatchSet request to specify the parts of web requests that you want AWS WAF to inspect for snippets of SQL code.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" }, "UpdateWebACL":{ "name":"UpdateWebACL", @@ -1011,52 +553,15 @@ "input":{"shape":"UpdateWebACLRequest"}, "output":{"shape":"UpdateWebACLResponse"}, "errors":[ - { - "shape":"WAFStaleDataException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" - }, - { - "shape":"WAFInternalErrorException", - "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" - }, - { - "shape":"WAFInvalidAccountException", - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" - }, - { - "shape":"WAFInvalidOperationException", - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" - }, - { - "shape":"WAFInvalidParameterException", - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" - }, - { - "shape":"WAFNonexistentContainerException", - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" - }, - { - "shape":"WAFNonexistentItemException", - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" - }, - { - "shape":"WAFReferencedItemException", - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" - }, - { - "shape":"WAFLimitsExceededException", - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" - } + {"shape":"WAFStaleDataException"}, + {"shape":"WAFInternalErrorException"}, + {"shape":"WAFInvalidAccountException"}, + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFInvalidParameterException"}, + {"shape":"WAFNonexistentContainerException"}, + {"shape":"WAFNonexistentItemException"}, + {"shape":"WAFReferencedItemException"}, + {"shape":"WAFLimitsExceededException"} ], "documentation":"

Inserts or deletes ActivatedRule objects in a WebACL. Each Rule identifies web requests that you want to allow, block, or count. When you update a WebACL, you specify the following values:

  • A default action for the WebACL, either ALLOW or BLOCK. AWS WAF performs the default action if a request doesn't match the criteria in any of the Rules in a WebACL.
  • The Rules that you want to add and/or delete. If you want to replace one Rule with another, you delete the existing Rule and add the new one.
  • For each Rule, whether you want AWS WAF to allow requests, block requests, or count requests that match the conditions in the Rule.
  • The order in which you want AWS WAF to evaluate the Rules in a WebACL. If you add more than one Rule to a WebACL, AWS WAF evaluates each request against the Rules in order based on the value of Priority. (The Rule that has the lowest value for Priority is evaluated first.) When a web request matches all of the predicates (such as ByteMatchSets and IPSets) in a Rule, AWS WAF immediately takes the corresponding action, allow or block, and doesn't evaluate the request against the remaining Rules in the WebACL, if any.
  • The CloudFront distribution that you want to associate with the WebACL.

To create and configure a WebACL, perform the following steps:

  1. Create and update the predicates that you want to include in Rules. For more information, see CreateByteMatchSet, UpdateByteMatchSet, CreateIPSet, UpdateIPSet, CreateSqlInjectionMatchSet, and UpdateSqlInjectionMatchSet.
  2. Create and update the Rules that you want to include in the WebACL. For more information, see CreateRule and UpdateRule.
  3. Create a WebACL. See CreateWebACL.
  4. Use GetChangeToken to get the change token that you provide in the ChangeToken parameter of an UpdateWebACL request.
  5. Submit an UpdateWebACL request to specify the Rules that you want to include in the WebACL, to specify the default action, and to associate the WebACL with a CloudFront distribution.

For more information about how to use the AWS WAF API to allow or block HTTP requests, see the AWS WAF Developer Guide.

" } @@ -1081,7 +586,7 @@ }, "Action":{ "shape":"WafAction", - "documentation":"

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule. Valid values for Action include the following:

  • ALLOW: CloudFront responds with the requested object.
  • BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
  • COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.
" + "documentation":"

Specifies the action that CloudFront or AWS WAF takes when a web request matches the conditions in the Rule. Valid values for Action include the following:

  • ALLOW: CloudFront responds with the requested object.
  • BLOCK: CloudFront responds with an HTTP 403 (Forbidden) status code.
  • COUNT: AWS WAF increments a counter of requests that match the conditions in the rule and then continues to inspect the web request based on the remaining rules in the web ACL.
" } }, "documentation":"

The ActivatedRule object in an UpdateWebACL request specifies a Rule that you want to insert or delete, the priority of the Rule in the WebACL, and the action that you want AWS WAF to take when a web request matches the Rule (ALLOW, BLOCK, or COUNT).

To specify whether to insert or delete a Rule, use the Action parameter in the WebACLUpdate data type.

" @@ -1172,15 +677,15 @@ }, "TargetString":{ "shape":"ByteMatchTargetString", - "documentation":"

The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch. The maximum length of the value is 50 bytes.

Valid values depend on the values that you specified for FieldToMatch:

  • HEADER: The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch, for example, the value of the User-Agent or Referer header.
  • METHOD: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ? character.
  • URI: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, /images/daily-ad.jpg.

If TargetString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

If you're using the AWS WAF API

Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes.

For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64 encoding and include the resulting value, QmFkQm90, in the value of TargetString.

If you're using the AWS CLI or one of the AWS SDKs

The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.

" + "documentation":"

The value that you want AWS WAF to search for. AWS WAF searches for the specified string in the part of web requests that you specified in FieldToMatch. The maximum length of the value is 50 bytes.

Valid values depend on the values that you specified for FieldToMatch:

  • HEADER: The value that you want AWS WAF to search for in the request header that you specified in FieldToMatch, for example, the value of the User-Agent or Referer header.
  • METHOD: The HTTP method, which indicates the type of operation specified in the request. CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: The value that you want AWS WAF to search for in the query string, which is the part of a URL that appears after a ? character.
  • URI: The value that you want AWS WAF to search for in the part of a URL that identifies a resource, for example, /images/daily-ad.jpg.
  • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.

If TargetString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.

If you're using the AWS WAF API

Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes.

For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64 encoding and include the resulting value, QmFkQm90, in the value of TargetString.

If you're using the AWS CLI or one of the AWS SDKs

The value that you want AWS WAF to search for. The SDK automatically base64 encodes the value.

" }, "TextTransformation":{ "shape":"TextTransformation", - "documentation":"

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on TargetString before inspecting a request for a match.

CMD_LINE

When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \\ \" ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \\f, formfeed, decimal 12
  • \\t, tab, decimal 9
  • \\n, newline, decimal 10
  • \\r, carriage return, decimal 13
  • \\v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with \"
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a \"less than\" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

" + "documentation":"

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on TargetString before inspecting a request for a match.

CMD_LINE

When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \\ \" ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \\f, formfeed, decimal 12
  • \\t, tab, decimal 9
  • \\n, newline, decimal 10
  • \\r, carriage return, decimal 13
  • \\v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with \"
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a \"less than\" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

" }, "PositionalConstraint":{ "shape":"PositionalConstraint", - "documentation":"

Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following:

CONTAINS

The specified part of the web request must include the value of TargetString, but the location doesn't matter.

CONTAINS_WORD

The specified part of the web request must include the value of TargetString, and TargetString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, which means one of the following:

  • TargetString exactly matches the value of the specified part of the web request, such as the value of a header.
  • TargetString is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot;.
  • TargetString is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example, ;BadBot.
  • TargetString is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example, -BadBot;.

EXACTLY

The value of the specified part of the web request must exactly match the value of TargetString.

STARTS_WITH

The value of TargetString must appear at the beginning of the specified part of the web request.

ENDS_WITH

The value of TargetString must appear at the end of the specified part of the web request.

" + "documentation":"

Within the portion of a web request that you want to search (for example, in the query string, if any), specify where you want AWS WAF to search. Valid values include the following:

CONTAINS

The specified part of the web request must include the value of TargetString, but the location doesn't matter.

CONTAINS_WORD

The specified part of the web request must include the value of TargetString, and TargetString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, TargetString must be a word, which means one of the following:

  • TargetString exactly matches the value of the specified part of the web request, such as the value of a header.
  • TargetString is at the beginning of the specified part of the web request and is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot;.
  • TargetString is at the end of the specified part of the web request and is preceded by a character other than an alphanumeric character or underscore (_), for example, ;BadBot.
  • TargetString is in the middle of the specified part of the web request and is preceded and followed by characters other than alphanumeric characters or underscore (_), for example, -BadBot;.

EXACTLY

The value of the specified part of the web request must exactly match the value of TargetString.

STARTS_WITH

The value of TargetString must appear at the beginning of the specified part of the web request.

ENDS_WITH

The value of TargetString must appear at the end of the specified part of the web request.

" } }, "documentation":"

The bytes (typically a string that corresponds with ASCII characters) that you want AWS WAF to search for in web requests, the location in requests that you want AWS WAF to search, and other settings.

" @@ -1205,6 +710,17 @@ "INSYNC" ] }, + "ComparisonOperator":{ + "type":"string", + "enum":[ + "EQ", + "NE", + "LE", + "LT", + "GE", + "GT" + ] + }, "Country":{"type":"string"}, "CreateByteMatchSetRequest":{ "type":"structure", @@ -1301,6 +817,36 @@ } } }, + "CreateSizeConstraintSetRequest":{ + "type":"structure", + "required":[ + "Name", + "ChangeToken" + ], + "members":{ + "Name":{ + "shape":"ResourceName", + "documentation":"

A friendly name or description of the SizeConstraintSet. You can't change Name after you create a SizeConstraintSet.

" + }, + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The value returned by the most recent call to GetChangeToken.

" + } + } + }, + "CreateSizeConstraintSetResponse":{ + "type":"structure", + "members":{ + "SizeConstraintSet":{ + "shape":"SizeConstraintSet", + "documentation":"

A SizeConstraintSet that contains no SizeConstraint objects.

" + }, + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The ChangeToken that you used to submit the CreateSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

" + } + } + }, "CreateSqlInjectionMatchSetRequest":{ "type":"structure", "required":[ @@ -1451,6 +997,32 @@ } } }, + "DeleteSizeConstraintSetRequest":{ + "type":"structure", + "required":[ + "SizeConstraintSetId", + "ChangeToken" + ], + "members":{ + "SizeConstraintSetId":{ + "shape":"ResourceId", + "documentation":"

The SizeConstraintSetId of the SizeConstraintSet that you want to delete. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

" + }, + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The value returned by the most recent call to GetChangeToken.

" + } + } + }, + "DeleteSizeConstraintSetResponse":{ + "type":"structure", + "members":{ + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The ChangeToken that you used to submit the DeleteSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

" + } + } + }, "DeleteSqlInjectionMatchSetRequest":{ "type":"structure", "required":[ @@ -1511,7 +1083,7 @@ "members":{ "Type":{ "shape":"MatchFieldType", - "documentation":"

The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

  • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.
  • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.
  • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
" + "documentation":"

The part of the web request that you want AWS WAF to search for a specified string. Parts of a request that you can search include the following:

  • HEADER: A specified request header, for example, the value of the User-Agent or Referer header. If you choose HEADER for the type, specify the name of the header in Data.
  • METHOD: The HTTP method, which indicated the type of operation that the request is asking the origin to perform. Amazon CloudFront supports the following methods: DELETE, GET, HEAD, OPTIONS, PATCH, POST, and PUT.
  • QUERY_STRING: A query string, which is the part of a URL that appears after a ? character, if any.
  • URI: The part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
  • BODY: The part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. The request body immediately follows the request headers. Note that only the first 8192 bytes of the request body are forwarded to AWS WAF for inspection. To allow or block requests based on the length of the body, you can create a size constraint set. For more information, see CreateSizeConstraintSet.
" }, "Data":{ "shape":"MatchFieldData", @@ -1535,7 +1107,7 @@ "members":{ "ByteMatchSet":{ "shape":"ByteMatchSet", - "documentation":"

Information about the ByteMatchSet that you specified in the GetByteMatchSet request. For more information, see the following topics:

  • ByteMatchSet: Contains ByteMatchSetId, ByteMatchTuples, and Name
  • ByteMatchTuples: Contains an array of ByteMatchTuple objects. Each ByteMatchTuple object contains FieldToMatch, PositionalConstraint, TargetString, and TextTransformation
  • FieldToMatch: Contains Data and Type
" + "documentation":"

Information about the ByteMatchSet that you specified in the GetByteMatchSet request. For more information, see the following topics:

  • ByteMatchSet: Contains ByteMatchSetId, ByteMatchTuples, and Name
  • ByteMatchTuples: Contains an array of ByteMatchTuple objects. Each ByteMatchTuple object contains FieldToMatch, PositionalConstraint, TargetString, and TextTransformation
  • FieldToMatch: Contains Data and Type
" } } }, @@ -1587,7 +1159,7 @@ "members":{ "IPSet":{ "shape":"IPSet", - "documentation":"

Information about the IPSet that you specified in the GetIPSet request. For more information, see the following topics:

  • IPSet: Contains IPSetDescriptors, IPSetId, and Name
  • IPSetDescriptors: Contains an array of IPSetDescriptor objects. Each IPSetDescriptor object contains Type and Value
" + "documentation":"

Information about the IPSet that you specified in the GetIPSet request. For more information, see the following topics:

  • IPSet: Contains IPSetDescriptors, IPSetId, and Name
  • IPSetDescriptors: Contains an array of IPSetDescriptor objects. Each IPSetDescriptor object contains Type and Value
" } } }, @@ -1606,7 +1178,7 @@ "members":{ "Rule":{ "shape":"Rule", - "documentation":"

Information about the Rule that you specified in the GetRule request. For more information, see the following topics:

  • Rule: Contains MetricName, Name, an array of Predicate objects, and RuleId
  • Predicate: Each Predicate object contains DataId, Negated, and Type
" + "documentation":"

Information about the Rule that you specified in the GetRule request. For more information, see the following topics:

  • Rule: Contains MetricName, Name, an array of Predicate objects, and RuleId
  • Predicate: Each Predicate object contains DataId, Negated, and Type
" } } }, @@ -1625,7 +1197,7 @@ }, "RuleId":{ "shape":"ResourceId", - "documentation":"

RuleId is one of two values:

  • The RuleId of the Rule for which you want GetSampledRequests to return a sample of requests.
  • Default_Action, which causes GetSampledRequests to return a sample of the requests that didn't match any of the rules in the specified WebACL.
" + "documentation":"

RuleId is one of two values:

  • The RuleId of the Rule for which you want GetSampledRequests to return a sample of requests.
  • Default_Action, which causes GetSampledRequests to return a sample of the requests that didn't match any of the rules in the specified WebACL.
" }, "TimeWindow":{ "shape":"TimeWindow", @@ -1654,6 +1226,25 @@ } } }, + "GetSizeConstraintSetRequest":{ + "type":"structure", + "required":["SizeConstraintSetId"], + "members":{ + "SizeConstraintSetId":{ + "shape":"ResourceId", + "documentation":"

The SizeConstraintSetId of the SizeConstraintSet that you want to get. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

" + } + } + }, + "GetSizeConstraintSetResponse":{ + "type":"structure", + "members":{ + "SizeConstraintSet":{ + "shape":"SizeConstraintSet", + "documentation":"

Information about the SizeConstraintSet that you specified in the GetSizeConstraintSet request. For more information, see the following topics:

" + } + } + }, "GetSqlInjectionMatchSetRequest":{ "type":"structure", "required":["SqlInjectionMatchSetId"], @@ -1670,7 +1261,7 @@ "members":{ "SqlInjectionMatchSet":{ "shape":"SqlInjectionMatchSet", - "documentation":"

Information about the SqlInjectionMatchSet that you specified in the GetSqlInjectionMatchSet request. For more information, see the following topics:

" + "documentation":"

Information about the SqlInjectionMatchSet that you specified in the GetSqlInjectionMatchSet request. For more information, see the following topics:

" } }, "documentation":"

The response to a GetSqlInjectionMatchSet request.

" @@ -1690,7 +1281,7 @@ "members":{ "WebACL":{ "shape":"WebACL", - "documentation":"

Information about the WebACL that you specified in the GetWebACL request. For more information, see the following topics:

  • WebACL: Contains DefaultAction, MetricName, Name, an array of Rule objects, and WebACLId
  • DefaultAction (Data type is WafAction): Contains Type
  • Rules: Contains an array of ActivatedRule objects, which contain Action, Priority, and RuleId
  • Action: Contains Type
" + "documentation":"

Information about the WebACL that you specified in the GetWebACL request. For more information, see the following topics:

  • WebACL: Contains DefaultAction, MetricName, Name, an array of Rule objects, and WebACLId
  • DefaultAction (Data type is WafAction): Contains Type
  • Rules: Contains an array of ActivatedRule objects, which contain Action, Priority, and RuleId
  • Action: Contains Type
" } } }, @@ -1718,7 +1309,7 @@ "members":{ "ClientIP":{ "shape":"IPString", - "documentation":"

The IP address that the request originated from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

  • c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request
  • x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request
" + "documentation":"

The IP address that the request originated from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

  • c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request
  • x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request
" }, "Country":{ "shape":"Country", @@ -1763,7 +1354,7 @@ }, "IPSetDescriptors":{ "shape":"IPSetDescriptors", - "documentation":"

The IP address type (IPV4) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

  • c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request
  • x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request
" + "documentation":"

The IP address type (IPV4) and the IP address range (in CIDR notation) that web requests originate from. If the WebACL is associated with a CloudFront distribution, this is the value of one of the following fields in CloudFront access logs:

  • c-ip, if the viewer did not use an HTTP proxy or a load balancer to send the request
  • x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer to send the request
" } }, "documentation":"

Contains one or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. To specify an individual IP address, you specify the four-part IP address followed by a /32, for example, 192.0.2.0/31. To block a range of IP addresses, you can specify a /24, a /16, or a /8 CIDR. For more information about CIDR notation, perform an Internet search on cidr notation.

" @@ -1896,8 +1487,8 @@ }, "ListMaxItems":{ "type":"long", - "min":1, - "max":100 + "max":100, + "min":1 }, "ListRulesRequest":{ "type":"structure", @@ -1926,6 +1517,33 @@ } } }, + "ListSizeConstraintSetsRequest":{ + "type":"structure", + "required":["Limit"], + "members":{ + "NextMarker":{ + "shape":"NextMarker", + "documentation":"

If you specify a value for Limit and you have more SizeConstraintSets than the value of Limit, AWS WAF returns a NextMarker value in the response that allows you to list another group of SizeConstraintSets. For the second and subsequent ListSizeConstraintSets requests, specify the value of NextMarker from the previous response to get information about another batch of SizeConstraintSets.

" + }, + "Limit":{ + "shape":"PaginationLimit", + "documentation":"

Specifies the number of SizeConstraintSet objects that you want AWS WAF to return for this request. If you have more SizeConstraintSets objects than the number you specify for Limit, the response includes a NextMarker value that you can use to get another batch of SizeConstraintSet objects.

" + } + } + }, + "ListSizeConstraintSetsResponse":{ + "type":"structure", + "members":{ + "NextMarker":{ + "shape":"NextMarker", + "documentation":"

If you have more SizeConstraintSet objects than the number that you specified for Limit in the request, the response includes a NextMarker value. To list more SizeConstraintSet objects, submit another ListSizeConstraintSets request, and specify the NextMarker value from the response in the NextMarker value in the next request.

" + }, + "SizeConstraintSets":{ + "shape":"SizeConstraintSetSummaries", + "documentation":"

An array of SizeConstraintSetSummary objects.

" + } + } + }, "ListSqlInjectionMatchSetsRequest":{ "type":"structure", "required":["Limit"], @@ -1989,7 +1607,8 @@ "URI", "QUERY_STRING", "HEADER", - "METHOD" + "METHOD", + "BODY" ] }, "MetricName":{"type":"string"}, @@ -2000,8 +1619,8 @@ }, "PaginationLimit":{ "type":"integer", - "min":1, - "max":100 + "max":100, + "min":1 }, "ParameterExceptionField":{ "type":"string", @@ -2013,13 +1632,21 @@ "BYTE_MATCH_FIELD_TYPE", "SQL_INJECTION_MATCH_FIELD_TYPE", "BYTE_MATCH_TEXT_TRANSFORMATION", - "BYTE_MATCH_POSITIONAL_CONSTRAINT" + "BYTE_MATCH_POSITIONAL_CONSTRAINT", + "SIZE_CONSTRAINT_COMPARISON_OPERATOR" ] }, "ParameterExceptionParameter":{ "type":"string", "min":1 }, + "ParameterExceptionReason":{ + "type":"string", + "enum":[ + "INVALID_OPTION", + "ILLEGAL_COMBINATION" + ] + }, "PopulationSize":{"type":"long"}, "PositionalConstraint":{ "type":"string", @@ -2048,19 +1675,19 @@ "documentation":"

The type of predicate in a Rule, such as ByteMatchSet or IPSet.

" }, "DataId":{ - "shape":"PredicateDataId", + "shape":"ResourceId", "documentation":"

A unique identifier for a predicate in a Rule, such as ByteMatchSetId or IPSetId. The ID is returned by the corresponding Create or List command.

" } }, "documentation":"

Specifies the ByteMatchSet, IPSet, and SqlInjectionMatchSet objects that you want to add to a Rule and, for each object, indicates whether you want to negate the settings, for example, requests that do NOT originate from the IP address 192.0.2.44.

" }, - "PredicateDataId":{"type":"string"}, "PredicateType":{ "type":"string", "enum":[ "IPMatch", "ByteMatch", - "SqlInjectionMatch" + "SqlInjectionMatch", + "SizeConstraint" ] }, "Predicates":{ @@ -2069,13 +1696,13 @@ }, "ResourceId":{ "type":"string", - "min":1, - "max":128 + "max":128, + "min":1 }, "ResourceName":{ "type":"string", - "min":1, - "max":128 + "max":128, + "min":1 }, "Rule":{ "type":"structure", @@ -2098,7 +1725,7 @@ "documentation":"

The Predicates object contains one Predicate element for each ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to include in a Rule.

" } }, - "documentation":"

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:

  • An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44
  • A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot.

" + "documentation":"

A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet objects that identify the web requests that you want to allow, block, or count. For example, you might create a Rule that includes the following predicates:

  • An IPSet that causes AWS WAF to search for web requests that originate from the IP address 192.0.2.44
  • A ByteMatchSet that causes AWS WAF to search for web requests for which the value of the User-Agent header is BadBot.

To match the settings in this Rule, a request must originate from 192.0.2.44 AND include a User-Agent header for which the value is BadBot.

" }, "RulePriority":{"type":"integer"}, "RuleSummaries":{ @@ -2179,6 +1806,105 @@ "type":"list", "member":{"shape":"SampledHTTPRequest"} }, + "Size":{ + "type":"long", + "min":0 + }, + "SizeConstraint":{ + "type":"structure", + "required":[ + "FieldToMatch", + "TextTransformation", + "ComparisonOperator", + "Size" + ], + "members":{ + "FieldToMatch":{"shape":"FieldToMatch"}, + "TextTransformation":{ + "shape":"TextTransformation", + "documentation":"

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting a request for a match.

Note that if you choose BODY for the value of Type, you must choose NONE for TextTransformation because CloudFront forwards only the first 8192 bytes for inspection.

NONE

Specify NONE if you don't want to perform any text transformations.

CMD_LINE

When you're concerned that attackers are injecting an operating system command line command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \\ \" ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \\f, formfeed, decimal 12
  • \\t, tab, decimal 9
  • \\n, newline, decimal 10
  • \\r, carriage return, decimal 13
  • \\v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with \"
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a \"less than\" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

" + }, + "ComparisonOperator":{ + "shape":"ComparisonOperator", + "documentation":"

The type of comparison you want AWS WAF to perform. AWS WAF uses this in combination with the provided Size and FieldToMatch to build an expression in the form of \"Size ComparisonOperator size in bytes of FieldToMatch\". If that expression is true, the SizeConstraint is considered to match.

EQ: Used to test if the Size is equal to the size of the FieldToMatch

NE: Used to test if the Size is not equal to the size of the FieldToMatch

LE: Used to test if the Size is less than or equal to the size of the FieldToMatch

LT: Used to test if the Size is strictly less than the size of the FieldToMatch

GE: Used to test if the Size is greater than or equal to the size of the FieldToMatch

GT: Used to test if the Size is strictly greater than the size of the FieldToMatch

" + }, + "Size":{ + "shape":"Size", + "documentation":"

The size in bytes that you want AWS WAF to compare against the size of the specified FieldToMatch. AWS WAF uses this in combination with ComparisonOperator and FieldToMatch to build an expression in the form of \"Size ComparisonOperator size in bytes of FieldToMatch\". If that expression is true, the SizeConstraint is considered to match.

Valid values for size are 0 - 21474836480 bytes (0 - 20 GB).

If you specify URI for the value of Type, the / in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

" + } + }, + "documentation":"

Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size, ComparisonOperator, and FieldToMatch to build an expression in the form of \"Size ComparisonOperator size in bytes of FieldToMatch\". If that expression is true, the SizeConstraint is considered to match.

" + }, + "SizeConstraintSet":{ + "type":"structure", + "required":[ + "SizeConstraintSetId", + "SizeConstraints" + ], + "members":{ + "SizeConstraintSetId":{ + "shape":"ResourceId", + "documentation":"

A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet), update a SizeConstraintSet (see UpdateSizeConstraintSet, insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet).

SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

" + }, + "Name":{ + "shape":"ResourceName", + "documentation":"

The name, if any, of the SizeConstraintSet.

" + }, + "SizeConstraints":{ + "shape":"SizeConstraints", + "documentation":"

Specifies the parts of web requests that you want to inspect the size of.

" + } + }, + "documentation":"

A complex type that contains SizeConstraint objects, which specify the parts of web requests that you want AWS WAF to inspect the size of. If a SizeConstraintSet contains more than one SizeConstraint object, a request only needs to match one constraint to be considered a match.

" + }, + "SizeConstraintSetSummaries":{ + "type":"list", + "member":{"shape":"SizeConstraintSetSummary"} + }, + "SizeConstraintSetSummary":{ + "type":"structure", + "required":[ + "SizeConstraintSetId", + "Name" + ], + "members":{ + "SizeConstraintSetId":{ + "shape":"ResourceId", + "documentation":"

A unique identifier for a SizeConstraintSet. You use SizeConstraintSetId to get information about a SizeConstraintSet (see GetSizeConstraintSet), update a SizeConstraintSet (see UpdateSizeConstraintSet, insert a SizeConstraintSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SizeConstraintSet from AWS WAF (see DeleteSizeConstraintSet).

SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

" + }, + "Name":{ + "shape":"ResourceName", + "documentation":"

The name of the SizeConstraintSet, if any.

" + } + }, + "documentation":"

The Id and Name of a SizeConstraintSet.

" + }, + "SizeConstraintSetUpdate":{ + "type":"structure", + "required":[ + "Action", + "SizeConstraint" + ], + "members":{ + "Action":{ + "shape":"ChangeAction", + "documentation":"

Specify INSERT to add a SizeConstraintSetUpdate to a SizeConstraintSet. Use DELETE to remove a SizeConstraintSetUpdate from a SizeConstraintSet.

" + }, + "SizeConstraint":{ + "shape":"SizeConstraint", + "documentation":"

Specifies a constraint on the size of a part of the web request. AWS WAF uses the Size, ComparisonOperator, and FieldToMatch to build an expression in the form of \"Size ComparisonOperator size in bytes of FieldToMatch\". If that expression is true, the SizeConstraint is considered to match.

" + } + }, + "documentation":"

Specifies the part of a web request that you want to inspect the size of and indicates whether you want to add the specification to a SizeConstraintSet or delete it from a SizeConstraintSet.

" + }, + "SizeConstraintSetUpdates":{ + "type":"list", + "member":{"shape":"SizeConstraintSetUpdate"} + }, + "SizeConstraints":{ + "type":"list", + "member":{"shape":"SizeConstraint"} + }, "SqlInjectionMatchSet":{ "type":"structure", "required":[ @@ -2188,7 +1914,7 @@ "members":{ "SqlInjectionMatchSetId":{ "shape":"ResourceId", - "documentation":"

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet, insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteByteMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

" + "documentation":"

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet, insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

" }, "Name":{ "shape":"ResourceName", @@ -2214,7 +1940,7 @@ "members":{ "SqlInjectionMatchSetId":{ "shape":"ResourceId", - "documentation":"

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet, insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteByteMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

" + "documentation":"

A unique identifier for a SqlInjectionMatchSet. You use SqlInjectionMatchSetId to get information about a SqlInjectionMatchSet (see GetSqlInjectionMatchSet), update a SqlInjectionMatchSet (see UpdateSqlInjectionMatchSet, insert a SqlInjectionMatchSet into a Rule or delete one from a Rule (see UpdateRule), and delete a SqlInjectionMatchSet from AWS WAF (see DeleteSqlInjectionMatchSet).

SqlInjectionMatchSetId is returned by CreateSqlInjectionMatchSet and by ListSqlInjectionMatchSets.

" }, "Name":{ "shape":"ResourceName", @@ -2255,7 +1981,7 @@ "FieldToMatch":{"shape":"FieldToMatch"}, "TextTransformation":{ "shape":"TextTransformation", - "documentation":"

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on TargetString before inspecting a request for a match.

CMD_LINE

When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \\ \" ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \\f, formfeed, decimal 12
  • \\t, tab, decimal 9
  • \\n, newline, decimal 10
  • \\r, carriage return, decimal 13
  • \\v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with \"
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a \"less than\" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

" + "documentation":"

Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass AWS WAF. If you specify a transformation, AWS WAF performs the transformation on FieldToMatch before inspecting a request for a match.

CMD_LINE

When you're concerned that attackers are injecting an operating system commandline command and using unusual formatting to disguise some or all of the command, use this option to perform the following transformations:

  • Delete the following characters: \\ \" ' ^
  • Delete spaces before the following characters: / (
  • Replace the following characters with a space: , ;
  • Replace multiple spaces with one space
  • Convert uppercase letters (A-Z) to lowercase (a-z)

COMPRESS_WHITE_SPACE

Use this option to replace the following characters with a space character (decimal 32):

  • \\f, formfeed, decimal 12
  • \\t, tab, decimal 9
  • \\n, newline, decimal 10
  • \\r, carriage return, decimal 13
  • \\v, vertical tab, decimal 11
  • non-breaking space, decimal 160

COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.

HTML_ENTITY_DECODE

Use this option to replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs the following operations:

  • Replaces (ampersand)quot; with \"
  • Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
  • Replaces (ampersand)lt; with a \"less than\" symbol
  • Replaces (ampersand)gt; with >
  • Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
  • Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters

LOWERCASE

Use this option to convert uppercase letters (A-Z) to lowercase (a-z).

URL_DECODE

Use this option to decode a URL-encoded value.

NONE

Specify NONE if you don't want to perform any text transformations.

" } }, "documentation":"

Specifies the part of a web request that you want AWS WAF to inspect for snippets of malicious SQL code and, if you want AWS WAF to inspect a header, the name of the header.

" @@ -2313,7 +2039,7 @@ }, "Updates":{ "shape":"ByteMatchSetUpdates", - "documentation":"

An array of ByteMatchSetUpdate objects that you want to insert into or delete from a ByteMatchSet. For more information, see the applicable data types:

" + "documentation":"

An array of ByteMatchSetUpdate objects that you want to insert into or delete from a ByteMatchSet. For more information, see the applicable data types:

" } } }, @@ -2344,7 +2070,7 @@ }, "Updates":{ "shape":"IPSetUpdates", - "documentation":"

An array of IPSetUpdate objects that you want to insert into or delete from an IPSet. For more information, see the applicable data types:

" + "documentation":"

An array of IPSetUpdate objects that you want to insert into or delete from an IPSet. For more information, see the applicable data types:

" } } }, @@ -2375,7 +2101,7 @@ }, "Updates":{ "shape":"RuleUpdates", - "documentation":"

An array of RuleUpdate objects that you want to insert into or delete from a Rule. For more information, see the applicable data types:

" + "documentation":"

An array of RuleUpdate objects that you want to insert into or delete from a Rule. For more information, see the applicable data types:

" } } }, @@ -2388,6 +2114,37 @@ } } }, + "UpdateSizeConstraintSetRequest":{ + "type":"structure", + "required":[ + "SizeConstraintSetId", + "ChangeToken", + "Updates" + ], + "members":{ + "SizeConstraintSetId":{ + "shape":"ResourceId", + "documentation":"

The SizeConstraintSetId of the SizeConstraintSet that you want to update. SizeConstraintSetId is returned by CreateSizeConstraintSet and by ListSizeConstraintSets.

" + }, + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The value returned by the most recent call to GetChangeToken.

" + }, + "Updates":{ + "shape":"SizeConstraintSetUpdates", + "documentation":"

An array of SizeConstraintSetUpdate objects that you want to insert into or delete from a SizeConstraintSet. For more information, see the applicable data types:

" + } + } + }, + "UpdateSizeConstraintSetResponse":{ + "type":"structure", + "members":{ + "ChangeToken":{ + "shape":"ChangeToken", + "documentation":"

The ChangeToken that you used to submit the UpdateSizeConstraintSet request. You can also use this value to query the status of the request. For more information, see GetChangeTokenStatus.

" + } + } + }, "UpdateSqlInjectionMatchSetRequest":{ "type":"structure", "required":[ @@ -2406,7 +2163,7 @@ }, "Updates":{ "shape":"SqlInjectionMatchSetUpdates", - "documentation":"

An array of SqlInjectionMatchSetUpdate objects that you want to insert into or delete from a SqlInjectionMatchSet. For more information, see the applicable data types:

" + "documentation":"

An array of SqlInjectionMatchSetUpdate objects that you want to insert into or delete from a SqlInjectionMatchSet. For more information, see the applicable data types:

" } }, "documentation":"

A request to update a SqlInjectionMatchSet.

" @@ -2438,7 +2195,7 @@ }, "Updates":{ "shape":"WebACLUpdates", - "documentation":"

An array of updates to make to the WebACL.

An array of WebACLUpdate objects that you want to insert into or delete from a WebACL. For more information, see the applicable data types:

" + "documentation":"

An array of updates to make to the WebACL.

An array of WebACLUpdate objects that you want to insert into or delete from a WebACL. For more information, see the applicable data types:

" }, "DefaultAction":{"shape":"WafAction"} } @@ -2457,89 +2214,90 @@ "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The name specified is invalid.

" + "documentation":"

The name specified is invalid.

", + "exception":true }, "WAFInternalErrorException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, + "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

", "exception":true, - "fault":true, - "documentation":"

The operation failed because of a system problem, even though the request was valid. Retry your request.

" + "fault":true }, "WAFInvalidAccountException":{ "type":"structure", "members":{ }, - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

" + "documentation":"

The operation failed because you tried to create, update, or delete an object by using an invalid account identifier.

", + "exception":true }, "WAFInvalidOperationException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
" + "documentation":"

The operation failed because there was nothing to do. For example:

  • You tried to remove a Rule from a WebACL, but the Rule isn't in the specified WebACL.
  • You tried to remove an IP address from an IPSet, but the IP address isn't in the specified IPSet.
  • You tried to remove a ByteMatchTuple from a ByteMatchSet, but the ByteMatchTuple isn't in the specified WebACL.
  • You tried to add a Rule to a WebACL, but the Rule already exists in the specified WebACL.
  • You tried to add an IP address to an IPSet, but the IP address already exists in the specified IPSet.
  • You tried to add a ByteMatchTuple to a ByteMatchSet, but the ByteMatchTuple already exists in the specified WebACL.
", + "exception":true }, "WAFInvalidParameterException":{ "type":"structure", "members":{ "field":{"shape":"ParameterExceptionField"}, - "parameter":{"shape":"ParameterExceptionParameter"} + "parameter":{"shape":"ParameterExceptionParameter"}, + "reason":{"shape":"ParameterExceptionReason"} }, - "exception":true, - "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
" + "documentation":"

The operation failed because AWS WAF didn't recognize a parameter in the request. For example:

  • You specified an invalid parameter name.
  • You specified an invalid value.
  • You tried to update an object (ByteMatchSet, IPSet, Rule, or WebACL) using an action other than INSERT or DELETE.
  • You tried to create a WebACL with a DefaultAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a WebACL with a WafAction Type other than ALLOW, BLOCK, or COUNT.
  • You tried to update a ByteMatchSet with a FieldToMatch Type other than HEADER, QUERY_STRING, or URI.
  • You tried to update a ByteMatchSet with a Field of HEADER but no value for Data.
", + "exception":true }, "WAFLimitsExceededException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

" + "documentation":"

The operation exceeds a resource limit, for example, the maximum number of WebACL objects that you can create for an AWS account. For more information, see Limits in the AWS WAF Developer Guide.

", + "exception":true }, "WAFNonEmptyEntityException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
" + "documentation":"

The operation failed because you tried to delete an object that isn't empty. For example:

  • You tried to delete a WebACL that still contains one or more Rule objects.
  • You tried to delete a Rule that still contains one or more ByteMatchSet objects or other predicates.
  • You tried to delete a ByteMatchSet that contains one or more ByteMatchTuple objects.
  • You tried to delete an IPSet that references one or more IP addresses.
", + "exception":true }, "WAFNonexistentContainerException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
" + "documentation":"

The operation failed because you tried to add an object to or delete an object from another object that doesn't exist. For example:

  • You tried to add a Rule to or delete a Rule from a WebACL that doesn't exist.
  • You tried to add a ByteMatchSet to or delete a ByteMatchSet from a Rule that doesn't exist.
  • You tried to add an IP address to or delete an IP address from an IPSet that doesn't exist.
  • You tried to add a ByteMatchTuple to or delete a ByteMatchTuple from a ByteMatchSet that doesn't exist.
", + "exception":true }, "WAFNonexistentItemException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because the referenced object doesn't exist.

" + "documentation":"

The operation failed because the referenced object doesn't exist.

", + "exception":true }, "WAFReferencedItemException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

" + "documentation":"

The operation failed because you tried to delete an object that is still in use. For example:

  • You tried to delete a ByteMatchSet that is still referenced by a Rule.
  • You tried to delete a Rule that is still referenced by a WebACL.

", + "exception":true }, "WAFStaleDataException":{ "type":"structure", "members":{ "message":{"shape":"errorMessage"} }, - "exception":true, - "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

" + "documentation":"

The operation failed because you tried to create, update, or delete an object by using a change token that has already been used.

", + "exception":true }, "WafAction":{ "type":"structure", @@ -2547,7 +2305,7 @@ "members":{ "Type":{ "shape":"WafActionType", - "documentation":"

Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

  • ALLOW: AWS WAF allows requests
  • BLOCK: AWS WAF blocks requests
  • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.
" + "documentation":"

Specifies how you want AWS WAF to respond to requests that match the settings in a Rule. Valid settings include the following:

  • ALLOW: AWS WAF allows requests
  • BLOCK: AWS WAF blocks requests
  • COUNT: AWS WAF increments a counter of the requests that match all of the conditions in the rule. AWS WAF then continues to inspect the web request based on the remaining rules in the web ACL. You can't specify COUNT for the default action for a WebACL.
" } }, "documentation":"

For the action that is associated with a rule in a WebACL, specifies the action that you want AWS WAF to perform when a web request matches all of the conditions in a rule. For the default action in a WebACL, specifies the action that you want AWS WAF to take when a web request doesn't match all of the conditions in any of the rules in a WebACL.

" @@ -2631,6 +2389,5 @@ }, "errorMessage":{"type":"string"} }, - "examples":{ - } + "documentation":"

This is the AWS WAF API Reference. This guide is for developers who need detailed information about the AWS WAF API actions, data types, and errors. For detailed information about AWS WAF features and an overview of how to use the AWS WAF API, see the AWS WAF Developer Guide.

" } From 355b6e5d6ca0624b87e3fa8480209d7f4920e932 Mon Sep 17 00:00:00 2001 From: kyleknap Date: Thu, 28 Jan 2016 14:31:28 -0800 Subject: [PATCH 07/10] Update ssm model --- botocore/data/ssm/2014-11-06/service-2.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/botocore/data/ssm/2014-11-06/service-2.json b/botocore/data/ssm/2014-11-06/service-2.json index e0dc4996b7..04da6eb1bc 100644 --- a/botocore/data/ssm/2014-11-06/service-2.json +++ b/botocore/data/ssm/2014-11-06/service-2.json @@ -1119,9 +1119,7 @@ }, "InstanceId":{ "type":"string", - "max":10, - "min":10, - "pattern":"^(?=.{10}$)(i-(\\w){8})" + "pattern":"(^i-(\\w{8}|\\w{17})$)|(^op-\\w{17}$)" }, "InstanceIdList":{ "type":"list", From fc1e3ce42c883df6650020dd53989a2a79e05c5d Mon Sep 17 00:00:00 2001 From: AWS Date: Thu, 28 Jan 2016 22:38:22 +0000 Subject: [PATCH 08/10] Bumping version to 1.3.23 --- botocore/__init__.py | 2 +- docs/source/conf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/botocore/__init__.py b/botocore/__init__.py index 5b73c3b5c3..510473603d 100644 --- a/botocore/__init__.py +++ b/botocore/__init__.py @@ -16,7 +16,7 @@ import re import logging -__version__ = '1.3.22' +__version__ = '1.3.23' class NullHandler(logging.Handler): diff --git a/docs/source/conf.py b/docs/source/conf.py index efd5deebab..a00ad81e89 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -54,7 +54,7 @@ # The short X.Y version. version = '1.3.' # The full version, including alpha/beta/rc tags. -release = '1.3.22' +release = '1.3.23' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages. From 084f21f17efefef7f6c784e8f729145373039b6f Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Tue, 29 Aug 2023 18:11:55 +0000 Subject: [PATCH 09/10] Update to latest models --- .../api-change-cognitoidp-52136.json | 5 + .../next-release/api-change-fsx-89285.json | 5 + .../next-release/api-change-omics-99043.json | 5 + .../next-release/api-change-sesv2-79893.json | 5 + .../2016-04-18/endpoint-rule-set-1.json | 344 +++++----- .../cognito-idp/2016-04-18/service-2.json | 60 +- botocore/data/fsx/2018-03-01/service-2.json | 50 +- botocore/data/omics/2022-11-28/service-2.json | 23 +- .../sesv2/2019-09-27/endpoint-rule-set-1.json | 344 +++++----- botocore/data/sesv2/2019-09-27/service-2.json | 645 +++++++++++++++++- 10 files changed, 1047 insertions(+), 439 deletions(-) create mode 100644 .changes/next-release/api-change-cognitoidp-52136.json create mode 100644 .changes/next-release/api-change-fsx-89285.json create mode 100644 .changes/next-release/api-change-omics-99043.json create mode 100644 .changes/next-release/api-change-sesv2-79893.json diff --git a/.changes/next-release/api-change-cognitoidp-52136.json b/.changes/next-release/api-change-cognitoidp-52136.json new file mode 100644 index 0000000000..213b6b9d95 --- /dev/null +++ b/.changes/next-release/api-change-cognitoidp-52136.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``cognito-idp``", + "description": "Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name." +} diff --git a/.changes/next-release/api-change-fsx-89285.json b/.changes/next-release/api-change-fsx-89285.json new file mode 100644 index 0000000000..74b04415b9 --- /dev/null +++ b/.changes/next-release/api-change-fsx-89285.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``fsx``", + "description": "Documentation updates for project quotas." +} diff --git a/.changes/next-release/api-change-omics-99043.json b/.changes/next-release/api-change-omics-99043.json new file mode 100644 index 0000000000..6a45d5ac7d --- /dev/null +++ b/.changes/next-release/api-change-omics-99043.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``omics``", + "description": "Add RetentionMode support for Runs." +} diff --git a/.changes/next-release/api-change-sesv2-79893.json b/.changes/next-release/api-change-sesv2-79893.json new file mode 100644 index 0000000000..52ccfb37aa --- /dev/null +++ b/.changes/next-release/api-change-sesv2-79893.json @@ -0,0 +1,5 @@ +{ + "type": "api-change", + "category": "``sesv2``", + "description": "Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights." +} diff --git a/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json b/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json index e6566d99ff..0f514686ef 100644 --- a/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json +++ b/botocore/data/cognito-idp/2016-04-18/endpoint-rule-set-1.json @@ -58,52 +58,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -111,13 +115,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -127,224 +140,175 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://cognito-idp-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://cognito-idp-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://cognito-idp-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsFIPS" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://cognito-idp-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://cognito-idp.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://cognito-idp.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://cognito-idp.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://cognito-idp.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/botocore/data/cognito-idp/2016-04-18/service-2.json b/botocore/data/cognito-idp/2016-04-18/service-2.json index e2356443cd..2a7f59f924 100644 --- a/botocore/data/cognito-idp/2016-04-18/service-2.json +++ b/botocore/data/cognito-idp/2016-04-18/service-2.json @@ -534,7 +534,7 @@ {"shape":"InvalidEmailRoleAccessPolicyException"}, {"shape":"InvalidSmsRoleTrustRelationshipException"} ], - "documentation":"

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" + "documentation":"

This action might generate an SMS text message. Starting June 1, 2021, US telecom carriers require you to register an origination phone number before you can send SMS messages to US phone numbers. If you use SMS text messages in Amazon Cognito, you must register a phone number with Amazon Pinpoint. Amazon Cognito uses the registered number automatically. Otherwise, Amazon Cognito users who must receive SMS messages might not be able to sign up, activate their accounts, or sign in.

If you have never used SMS text messages with Amazon Cognito or any other Amazon Web Service, Amazon Simple Notification Service might place your account in the SMS sandbox. In sandbox mode , you can send messages only to verified phone numbers. After you test your app while in the sandbox environment, you can move out of the sandbox and into production. For more information, see SMS message settings for Amazon Cognito user pools in the Amazon Cognito Developer Guide.

Updates the specified user's attributes, including developer attributes, as an administrator. Works on any user. To delete an attribute from your user, submit the attribute in your API request with a blank value.

For custom attributes, you must prepend the custom: prefix to the attribute name.

In addition to updating user attributes, this API can also be used to mark phone and email as verified.

Amazon Cognito evaluates Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you must use IAM credentials to authorize requests, and you must grant yourself the corresponding IAM permission in a policy.

Learn more

" }, "AdminUserGlobalSignOut":{ "name":"AdminUserGlobalSignOut", @@ -571,7 +571,8 @@ {"shape":"SoftwareTokenMFANotFoundException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.

After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Begins setup of time-based one-time password (TOTP) multi-factor authentication (MFA) for a user, with a unique private key that Amazon Cognito generates and returns in the API response. You can authorize an AssociateSoftwareToken request with either the user's access token, or a session string from a challenge response that you received from Amazon Cognito.

Amazon Cognito disassociates an existing software token when you verify the new token in a VerifySoftwareToken API request. If you don't verify the software token and your user pool doesn't require MFA, the user can then authenticate with user name and password credentials alone. If your user pool requires TOTP MFA, Amazon Cognito generates an MFA_SETUP or SOFTWARE_TOKEN_SETUP challenge each time your user signs. Complete setup with AssociateSoftwareToken and VerifySoftwareToken.

After you set up software token MFA for your user, Amazon Cognito generates a SOFTWARE_TOKEN_MFA challenge when they authenticate. Respond to this challenge with your user's TOTP.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "ChangePassword":{ "name":"ChangePassword", @@ -620,7 +621,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Confirms tracking of the device. This API call is the call that begins device tracking.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Confirms tracking of the device. This API call is the call that begins device tracking.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "ConfirmForgotPassword":{ "name":"ConfirmForgotPassword", @@ -1094,7 +1096,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Forgets the specified device.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Forgets the specified device.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "ForgotPassword":{ "name":"ForgotPassword", @@ -1161,7 +1164,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Gets the device.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Gets the device.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "GetGroup":{ "name":"GetGroup", @@ -1333,7 +1337,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Signs out a user from all devices. GlobalSignOut invalidates all identity, access and refresh tokens that Amazon Cognito has issued to a user. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the 1-hour cookie validity period.

Your app isn't aware that a user's access token is revoked unless it attempts to authorize a user pools API request with an access token that contains the scope aws.cognito.signin.user.admin. Your app might otherwise accept access tokens until they expire.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Signs out a user from all devices. GlobalSignOut invalidates all identity, access and refresh tokens that Amazon Cognito has issued to a user. A user can still use a hosted UI cookie to retrieve new tokens for the duration of the 1-hour cookie validity period.

Your app isn't aware that a user's access token is revoked unless it attempts to authorize a user pools API request with an access token that contains the scope aws.cognito.signin.user.admin. Your app might otherwise accept access tokens until they expire.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "InitiateAuth":{ "name":"InitiateAuth", @@ -1383,7 +1388,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Lists the sign-in devices that Amazon Cognito has registered to the current user.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Lists the sign-in devices that Amazon Cognito has registered to the current user.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "ListGroups":{ "name":"ListGroups", @@ -1616,7 +1622,8 @@ {"shape":"UnsupportedTokenTypeException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Revokes all of the access tokens generated by, and at the same time as, the specified refresh token. After a token is revoked, you can't use the revoked token to access Amazon Cognito user APIs, or to authorize access to your resource server.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "SetLogDeliveryConfiguration":{ "name":"SetLogDeliveryConfiguration", @@ -1690,7 +1697,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Set the user's multi-factor authentication (MFA) method preference, including which MFA factors are activated and if any are preferred. Only one factor can be set as preferred. The preferred MFA factor will be used to authenticate a user if multiple factors are activated. If multiple options are activated and no preference is set, a challenge to choose an MFA option will be returned during sign-in. If an MFA type is activated for a user, the user will be prompted for MFA during all sign-in attempts unless device tracking is turned on and the device has been trusted. If you want MFA to be applied selectively based on the assessed risk level of sign-in attempts, deactivate MFA for users and turn on Adaptive Authentication for the user pool.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "SetUserPoolMfaConfig":{ "name":"SetUserPoolMfaConfig", @@ -1847,7 +1855,8 @@ {"shape":"UserPoolAddOnNotEnabledException"}, {"shape":"InternalErrorException"} ], - "documentation":"

Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Provides the feedback for an authentication event, whether it was from a valid user or not. This feedback is used for improving the risk evaluation decision for the user pool as part of Amazon Cognito advanced security.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "UpdateDeviceStatus":{ "name":"UpdateDeviceStatus", @@ -1869,7 +1878,8 @@ {"shape":"InternalErrorException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Updates the device status.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Updates the device status.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "UpdateGroup":{ "name":"UpdateGroup", @@ -2040,7 +2050,8 @@ {"shape":"CodeMismatchException"}, {"shape":"ForbiddenException"} ], - "documentation":"

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

" + "documentation":"

Use this API to register a user's entered time-based one-time password (TOTP) code and mark the user's software token MFA status as \"verified\" if successful. The request takes an access token or a session string, but not both.

Amazon Cognito doesn't evaluate Identity and Access Management (IAM) policies in requests for this API operation. For this operation, you can't use IAM credentials to authorize requests, and you can't grant IAM permissions in policies. For more information about authorization models in Amazon Cognito, see Using the Amazon Cognito native and OIDC APIs.

", + "authtype":"none" }, "VerifyUserAttribute":{ "name":"VerifyUserAttribute", @@ -3394,7 +3405,8 @@ "ChallengeResponsesType":{ "type":"map", "key":{"shape":"StringType"}, - "value":{"shape":"StringType"} + "value":{"shape":"StringType"}, + "sensitive":true }, "ChangePasswordRequest":{ "type":"structure", @@ -3464,7 +3476,7 @@ "members":{ "LogGroupArn":{ "shape":"ArnType", - "documentation":"

The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user pool sends logs. The log group must not be encrypted with Key Management Service and must be in the same Amazon Web Services account as your user pool.

" + "documentation":"

The Amazon Resource Name (arn) of a CloudWatch Logs log group where your user pool sends logs. The log group must not be encrypted with Key Management Service and must be in the same Amazon Web Services account as your user pool.

To send logs to log groups with a resource policy of a size greater than 5120 characters, configure a log group with a path that starts with /aws/vendedlogs. For more information, see Enabling logging from certain Amazon Web Services services.

" } }, "documentation":"

The CloudWatch logging destination of a user pool detailed activity logging configuration.

" @@ -3788,7 +3800,7 @@ "documentation":"

The user pool ID.

" }, "ProviderName":{ - "shape":"ProviderNameTypeV1", + "shape":"ProviderNameTypeV2", "documentation":"

The IdP name.

" }, "ProviderType":{ @@ -6189,6 +6201,7 @@ }, "PaginationKey":{ "type":"string", + "max":131072, "min":1, "pattern":"[\\S]+" }, @@ -6317,13 +6330,13 @@ "type":"string", "max":32, "min":1, - "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}]+" + "pattern":"[\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}\\p{Z}]+" }, - "ProviderNameTypeV1":{ + "ProviderNameTypeV2":{ "type":"string", "max":32, - "min":3, - "pattern":"[^_][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_]+" + "min":1, + "pattern":"[^_\\p{Z}][\\p{L}\\p{M}\\p{S}\\p{N}\\p{P}][^_\\p{Z}]+" }, "ProviderUserIdentifierType":{ "type":"structure", @@ -6793,7 +6806,8 @@ "SessionType":{ "type":"string", "max":2048, - "min":20 + "min":20, + "sensitive":true }, "SetLogDeliveryConfigurationRequest":{ "type":"structure", @@ -7100,7 +7114,8 @@ "type":"string", "max":6, "min":6, - "pattern":"[0-9]+" + "pattern":"[0-9]+", + "sensitive":true }, "SoftwareTokenMfaConfigType":{ "type":"structure", @@ -7875,7 +7890,8 @@ "documentation":"

Encoded device-fingerprint details that your app collected with the Amazon Cognito context data collection library. For more information, see Adding user device and session data to API requests.

" } }, - "documentation":"

Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

" + "documentation":"

Contextual data, such as the user's device fingerprint, IP address, or location, used for evaluating the risk of an unexpected event by Amazon Cognito advanced security.

", + "sensitive":true }, "UserFilterType":{ "type":"string", diff --git a/botocore/data/fsx/2018-03-01/service-2.json b/botocore/data/fsx/2018-03-01/service-2.json index 131e139cb3..18d5f518af 100644 --- a/botocore/data/fsx/2018-03-01/service-2.json +++ b/botocore/data/fsx/2018-03-01/service-2.json @@ -107,7 +107,7 @@ {"shape":"ServiceLimitExceeded"}, {"shape":"InternalServerError"} ], - "documentation":"

Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.

Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

CreateDataRepositoryAssociation isn't supported on Amazon File Cache resources. To create a DRA on Amazon File Cache, use the CreateFileCache operation.

", + "documentation":"

Creates an Amazon FSx for Lustre data repository association (DRA). A data repository association is a link between a directory on the file system and an Amazon S3 bucket or prefix. You can have a maximum of 8 data repository associations on a file system. Data repository associations are supported on all FSx for Lustre 2.12 and 2.15 file systems, excluding scratch_1 deployment type.

Each data repository association must have a unique Amazon FSx file system directory and a unique S3 bucket or prefix associated with it. You can configure a data repository association for automatic import only, for automatic export only, or for both. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

CreateDataRepositoryAssociation isn't supported on Amazon File Cache resources. To create a DRA on Amazon File Cache, use the CreateFileCache operation.

", "idempotent":true }, "CreateDataRepositoryTask":{ @@ -127,7 +127,7 @@ {"shape":"InternalServerError"}, {"shape":"DataRepositoryTaskExecuting"} ], - "documentation":"

Creates an Amazon FSx for Lustre data repository task. A CreateDataRepositoryTask operation will fail if a data repository is not linked to the FSx file system.

You use import and export data repository tasks to perform bulk operations between your FSx for Lustre file system and its linked data repositories. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to a linked data repository.

You use release data repository tasks to release data from your file system for files that are archived to S3. The metadata of released files remains on the file system so users or applications can still access released files by reading the files again, which will restore data from Amazon S3 to the FSx for Lustre file system.

To learn more about data repository tasks, see Data Repository Tasks. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", + "documentation":"

Creates an Amazon FSx for Lustre data repository task. A CreateDataRepositoryTask operation will fail if a data repository is not linked to the FSx file system.

You use import and export data repository tasks to perform bulk operations between your FSx for Lustre file system and its linked data repositories. An example of a data repository task is exporting any data and metadata changes, including POSIX metadata, to files, directories, and symbolic links (symlinks) from your FSx file system to a linked data repository.

You use release data repository tasks to release data from your file system for files that are exported to S3. The metadata of released files remains on the file system so users or applications can still access released files by reading the files again, which will restore data from Amazon S3 to the FSx for Lustre file system.

To learn more about data repository tasks, see Data Repository Tasks. To learn more about linking a data repository to your file system, see Linking your file system to an S3 bucket.

", "idempotent":true }, "CreateFileCache":{ @@ -304,7 +304,7 @@ {"shape":"ServiceLimitExceeded"}, {"shape":"InternalServerError"} ], - "documentation":"

Deletes a data repository association on an Amazon FSx for Lustre file system. Deleting the data repository association unlinks the file system from the Amazon S3 bucket. When deleting a data repository association, you have the option of deleting the data in the file system that corresponds to the data repository association. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.

", + "documentation":"

Deletes a data repository association on an Amazon FSx for Lustre file system. Deleting the data repository association unlinks the file system from the Amazon S3 bucket. When deleting a data repository association, you have the option of deleting the data in the file system that corresponds to the data repository association. Data repository associations are supported on all FSx for Lustre 2.12 and 2.15 file systems, excluding scratch_1 deployment type.

", "idempotent":true }, "DeleteFileCache":{ @@ -340,7 +340,7 @@ {"shape":"ServiceLimitExceeded"}, {"shape":"InternalServerError"} ], - "documentation":"

Deletes a file system. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups and snapshots are also deleted.

To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and storage virtual machines (SVMs) on the file system. Then provide a FileSystemId value to the DeleFileSystem operation.

By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup isn't subject to the file system's retention policy, and must be manually deleted.

The DeleteFileSystem operation returns while the file system has the DELETING status. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the DescribeFileSystems operation returns a FileSystemNotFound error.

If a data repository task is in a PENDING or EXECUTING state, deleting an Amazon FSx for Lustre file system will fail with an HTTP status code 400 (Bad Request).

The data in a deleted file system is also deleted and can't be recovered by any means.

", + "documentation":"

Deletes a file system. After deletion, the file system no longer exists, and its data is gone. Any existing automatic backups and snapshots are also deleted.

To delete an Amazon FSx for NetApp ONTAP file system, first delete all the volumes and storage virtual machines (SVMs) on the file system. Then provide a FileSystemId value to the DeleFileSystem operation.

By default, when you delete an Amazon FSx for Windows File Server file system, a final backup is created upon deletion. This final backup isn't subject to the file system's retention policy, and must be manually deleted.

To delete an Amazon FSx for Lustre file system, first unmount it from every connected Amazon EC2 instance, then provide a FileSystemId value to the DeleFileSystem operation. By default, Amazon FSx will not take a final backup when the DeleteFileSystem operation is invoked. On file systems not linked to an Amazon S3 bucket, set SkipFinalBackup to false to take a final backup of the file system you are deleting. Backups cannot be enabled on S3-linked file systems. To ensure all of your data is written back to S3 before deleting your file system, you can either monitor for the AgeOfOldestQueuedMessage metric to be zero (if using automatic export) or you can run an export data repository task. If you have automatic export enabled and want to use an export data repository task, you have to disable automatic export before executing the export data repository task.

The DeleteFileSystem operation returns while the file system has the DELETING status. You can check the file system deletion status by calling the DescribeFileSystems operation, which returns a list of file systems in your account. If you pass the file system ID for a deleted file system, the DescribeFileSystems operation returns a FileSystemNotFound error.

If a data repository task is in a PENDING or EXECUTING state, deleting an Amazon FSx for Lustre file system will fail with an HTTP status code 400 (Bad Request).

The data in a deleted file system is also deleted and can't be recovered by any means.

", "idempotent":true }, "DeleteSnapshot":{ @@ -424,7 +424,7 @@ {"shape":"InvalidDataRepositoryType"}, {"shape":"InternalServerError"} ], - "documentation":"

Returns the description of specific Amazon FSx for Lustre or Amazon File Cache data repository associations, if one or more AssociationIds values are provided in the request, or if filters are used in the request. Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.

You can use filters to narrow the response to include just data repository associations for specific file systems (use the file-system-id filter with the ID of the file system) or caches (use the file-cache-id filter with the ID of the cache), or data repository associations for a specific repository type (use the data-repository-type filter with a value of S3 or NFS). If you don't use filters, the response returns all data repository associations owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.

When retrieving all data repository associations, you can paginate the response by using the optional MaxResults parameter to limit the number of data repository associations returned in a response. If more data repository associations remain, a NextToken value is returned in the response. In this case, send a later request with the NextToken request parameter set to the value of NextToken from the last response.

", + "documentation":"

Returns the description of specific Amazon FSx for Lustre or Amazon File Cache data repository associations, if one or more AssociationIds values are provided in the request, or if filters are used in the request. Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and 2,15 file systems, excluding scratch_1 deployment type.

You can use filters to narrow the response to include just data repository associations for specific file systems (use the file-system-id filter with the ID of the file system) or caches (use the file-cache-id filter with the ID of the cache), or data repository associations for a specific repository type (use the data-repository-type filter with a value of S3 or NFS). If you don't use filters, the response returns all data repository associations owned by your Amazon Web Services account in the Amazon Web Services Region of the endpoint that you're calling.

When retrieving all data repository associations, you can paginate the response by using the optional MaxResults parameter to limit the number of data repository associations returned in a response. If more data repository associations remain, a NextToken value is returned in the response. In this case, send a later request with the NextToken request parameter set to the value of NextToken from the last response.

", "idempotent":true }, "DescribeDataRepositoryTasks":{ @@ -651,7 +651,7 @@ {"shape":"ServiceLimitExceeded"}, {"shape":"InternalServerError"} ], - "documentation":"

Updates the configuration of an existing data repository association on an Amazon FSx for Lustre file system. Data repository associations are supported on all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.

", + "documentation":"

Updates the configuration of an existing data repository association on an Amazon FSx for Lustre file system. Data repository associations are supported on all FSx for Lustre 2.12 and 2.15 file systems, excluding scratch_1 deployment type.

", "idempotent":true }, "UpdateFileCache":{ @@ -692,7 +692,7 @@ {"shape":"MissingFileSystemConfiguration"}, {"shape":"ServiceLimitExceeded"} ], - "documentation":"

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For FSx for Windows File Server file systems, you can update the following properties:

  • AuditLogConfiguration

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • SelfManagedActiveDirectoryConfiguration

  • StorageCapacity

  • StorageType

  • ThroughputCapacity

  • DiskIopsConfiguration

  • WeeklyMaintenanceStartTime

For FSx for Lustre file systems, you can update the following properties:

  • AutoImportPolicy

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • DataCompressionType

  • LogConfiguration

  • LustreRootSquashConfiguration

  • StorageCapacity

  • WeeklyMaintenanceStartTime

For FSx for ONTAP file systems, you can update the following properties:

  • AddRouteTableIds

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • DiskIopsConfiguration

  • FsxAdminPassword

  • RemoveRouteTableIds

  • StorageCapacity

  • ThroughputCapacity

  • WeeklyMaintenanceStartTime

For FSx for OpenZFS file systems, you can update the following properties:

  • AutomaticBackupRetentionDays

  • CopyTagsToBackups

  • CopyTagsToVolumes

  • DailyAutomaticBackupStartTime

  • DiskIopsConfiguration

  • StorageCapacity

  • ThroughputCapacity

  • WeeklyMaintenanceStartTime

" + "documentation":"

Use this operation to update the configuration of an existing Amazon FSx file system. You can update multiple properties in a single request.

For FSx for Windows File Server file systems, you can update the following properties:

  • AuditLogConfiguration

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • SelfManagedActiveDirectoryConfiguration

  • StorageCapacity

  • StorageType

  • ThroughputCapacity

  • DiskIopsConfiguration

  • WeeklyMaintenanceStartTime

For FSx for Lustre file systems, you can update the following properties:

  • AutoImportPolicy

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • DataCompressionType

  • LogConfiguration

  • LustreRootSquashConfiguration

  • StorageCapacity

  • WeeklyMaintenanceStartTime

For FSx for ONTAP file systems, you can update the following properties:

  • AddRouteTableIds

  • AutomaticBackupRetentionDays

  • DailyAutomaticBackupStartTime

  • DiskIopsConfiguration

  • FsxAdminPassword

  • RemoveRouteTableIds

  • StorageCapacity

  • ThroughputCapacity

  • WeeklyMaintenanceStartTime

For FSx for OpenZFS file systems, you can update the following properties:

  • AddRouteTableIds

  • AutomaticBackupRetentionDays

  • CopyTagsToBackups

  • CopyTagsToVolumes

  • DailyAutomaticBackupStartTime

  • DiskIopsConfiguration

  • RemoveRouteTableIds

  • StorageCapacity

  • ThroughputCapacity

  • WeeklyMaintenanceStartTime

" }, "UpdateSnapshot":{ "name":"UpdateSnapshot", @@ -1355,11 +1355,11 @@ "members":{ "Type":{ "shape":"DataRepositoryTaskType", - "documentation":"

Specifies the type of data repository task to create.

  • EXPORT_TO_REPOSITORY tasks export from your Amazon FSx for Lustre file system to a linked data repository.

  • IMPORT_METADATA_FROM_REPOSITORY tasks import metadata changes from a linked S3 bucket to your Amazon FSx for Lustre file system.

  • RELEASE_DATA_FROM_FILESYSTEM tasks release files in your Amazon FSx for Lustre file system that are archived and that meet your specified release criteria.

  • AUTO_RELEASE_DATA tasks automatically release files from an Amazon File Cache resource.

" + "documentation":"

Specifies the type of data repository task to create.

  • EXPORT_TO_REPOSITORY tasks export from your Amazon FSx for Lustre file system to a linked data repository.

  • IMPORT_METADATA_FROM_REPOSITORY tasks import metadata changes from a linked S3 bucket to your Amazon FSx for Lustre file system.

  • RELEASE_DATA_FROM_FILESYSTEM tasks release files in your Amazon FSx for Lustre file system that have been exported to a linked S3 bucket and that meet your specified release criteria.

  • AUTO_RELEASE_DATA tasks automatically release files from an Amazon File Cache resource.

" }, "Paths":{ "shape":"DataRepositoryTaskPaths", - "documentation":"

A list of paths for the data repository task to use when the task is processed. If a path that you provide isn't valid, the task fails. If you don't provide paths, the default behavior is to export all files to S3 (for export tasks), import all files from S3 (for import tasks), or release all archived files that meet the last accessed time criteria (for release tasks).

  • For export tasks, the list contains paths on the FSx for Lustre file system from which the files are exported to the Amazon S3 bucket. The default path is the file system root directory. The paths you provide need to be relative to the mount point of the file system. If the mount point is /mnt/fsx and /mnt/fsx/path1 is a directory or file on the file system you want to export, then the path to provide is path1.

  • For import tasks, the list contains paths in the Amazon S3 bucket from which POSIX metadata changes are imported to the FSx for Lustre file system. The path can be an S3 bucket or prefix in the format s3://myBucket/myPrefix (where myPrefix is optional).

  • For release tasks, the list contains directory or file paths on the FSx for Lustre file system from which to release archived files. If a directory is specified, files within the directory are released. If a file path is specified, only that file is released. To release all archived files in the file system, specify a forward slash (/) as the path.

    A file must also meet the last accessed time criteria specified in for the file to be released.
" + "documentation":"

A list of paths for the data repository task to use when the task is processed. If a path that you provide isn't valid, the task fails. If you don't provide paths, the default behavior is to export all files to S3 (for export tasks), import all files from S3 (for import tasks), or release all exported files that meet the last accessed time criteria (for release tasks).

  • For export tasks, the list contains paths on the FSx for Lustre file system from which the files are exported to the Amazon S3 bucket. The default path is the file system root directory. The paths you provide need to be relative to the mount point of the file system. If the mount point is /mnt/fsx and /mnt/fsx/path1 is a directory or file on the file system you want to export, then the path to provide is path1.

  • For import tasks, the list contains paths in the Amazon S3 bucket from which POSIX metadata changes are imported to the FSx for Lustre file system. The path can be an S3 bucket or prefix in the format s3://myBucket/myPrefix (where myPrefix is optional).

  • For release tasks, the list contains directory or file paths on the FSx for Lustre file system from which to release exported files. If a directory is specified, files within the directory are released. If a file path is specified, only that file is released. To release all exported files in the file system, specify a forward slash (/) as the path.

    A file must also meet the last accessed time criteria specified in for the file to be released.
" }, "FileSystemId":{"shape":"FileSystemId"}, "Report":{ @@ -1515,7 +1515,7 @@ "KmsKeyId":{"shape":"KmsKeyId"}, "FileSystemTypeVersion":{ "shape":"FileSystemTypeVersion", - "documentation":"

Sets the version for the Amazon FSx for Lustre file system that you're creating from a backup. Valid values are 2.10 and 2.12.

You don't need to specify FileSystemTypeVersion because it will be applied using the backup's FileSystemTypeVersion setting. If you choose to specify FileSystemTypeVersion when creating from backup, the value must match the backup's FileSystemTypeVersion setting.

" + "documentation":"

Sets the version for the Amazon FSx for Lustre file system that you're creating from a backup. Valid values are 2.10, 2.12, and 2.15.

You don't need to specify FileSystemTypeVersion because it will be applied using the backup's FileSystemTypeVersion setting. If you choose to specify FileSystemTypeVersion when creating from backup, the value must match the backup's FileSystemTypeVersion setting.

" }, "OpenZFSConfiguration":{ "shape":"CreateFileSystemOpenZFSConfiguration", @@ -1628,7 +1628,7 @@ }, "RouteTableIds":{ "shape":"RouteTableIds", - "documentation":"

(Multi-AZ only) Specifies the virtual private cloud (VPC) route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.

" + "documentation":"

(Multi-AZ only) Specifies the route tables in which Amazon FSx creates the rules for routing traffic to the correct file server. You should specify all virtual private cloud (VPC) route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.

" }, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", @@ -1657,11 +1657,11 @@ "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "DeploymentType":{ "shape":"OpenZFSDeploymentType", - "documentation":"

Specifies the file system deployment type. Single AZ deployment types are configured for redundancy within a single Availability Zone in an Amazon Web Services Region . Valid values are the following:

  • MULTI_AZ_1- Creates file systems with high availability that are configured for Multi-AZ redundancy to tolerate temporary unavailability in Availability Zones (AZs). Multi_AZ_1 is available in the following Amazon Web Services Regions:

  • SINGLE_AZ_1- (Default) Creates file systems with throughput capacities of 64 - 4,096 MB/s. Single_AZ_1 is available in all Amazon Web Services Regions where Amazon FSx for OpenZFS is available.

  • SINGLE_AZ_2- Creates file systems with throughput capacities of 160 - 10,240 MB/s using an NVMe L2ARC cache. Single_AZ_2 is available only in the US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland) Amazon Web Services Regions.

For more information, see: Deployment type availability and File system performance in the Amazon FSx for OpenZFS User Guide.

" + "documentation":"

Specifies the file system deployment type. Single AZ deployment types are configured for redundancy within a single Availability Zone in an Amazon Web Services Region . Valid values are the following:

  • MULTI_AZ_1- Creates file systems with high availability that are configured for Multi-AZ redundancy to tolerate temporary unavailability in Availability Zones (AZs). Multi_AZ_1 is available only in the US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Europe (Ireland) Amazon Web Services Regions.

  • SINGLE_AZ_1- Creates file systems with throughput capacities of 64 - 4,096 MB/s. Single_AZ_1 is available in all Amazon Web Services Regions where Amazon FSx for OpenZFS is available.

  • SINGLE_AZ_2- Creates file systems with throughput capacities of 160 - 10,240 MB/s using an NVMe L2ARC cache. Single_AZ_2 is available only in the US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Singapore), Asia Pacific (Tokyo), and Europe (Ireland) Amazon Web Services Regions.

For more information, see Deployment type availability and File system performance in the Amazon FSx for OpenZFS User Guide.

" }, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", - "documentation":"

Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MBps). Valid values depend on the DeploymentType you choose, as follows:

  • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MBps.

  • For SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps.

You pay for additional throughput capacity that you provision.

" + "documentation":"

Specifies the throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second (MBps). Valid values depend on the DeploymentType you choose, as follows:

  • For MULTI_AZ_1 and SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps.

  • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MBps.

You pay for additional throughput capacity that you provision.

" }, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}, @@ -1679,7 +1679,7 @@ }, "RouteTableIds":{ "shape":"RouteTableIds", - "documentation":"

(Multi-AZ only) Specifies the virtual private cloud (VPC) route tables in which your file system's endpoints will be created. You should specify all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.

" + "documentation":"

(Multi-AZ only) Specifies the route tables in which Amazon FSx creates the rules for routing traffic to the correct file server. You should specify all virtual private cloud (VPC) route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table.

" } }, "documentation":"

The Amazon FSx for OpenZFS configuration properties for the file system that you are creating.

" @@ -1730,7 +1730,7 @@ "OntapConfiguration":{"shape":"CreateFileSystemOntapConfiguration"}, "FileSystemTypeVersion":{ "shape":"FileSystemTypeVersion", - "documentation":"

(Optional) For FSx for Lustre file systems, sets the Lustre version for the file system that you're creating. Valid values are 2.10 and 2.12:

  • 2.10 is supported by the Scratch and Persistent_1 Lustre deployment types.

  • 2.12 is supported by all Lustre deployment types. 2.12 is required when setting FSx for Lustre DeploymentType to PERSISTENT_2.

Default value = 2.10, except when DeploymentType is set to PERSISTENT_2, then the default is 2.12.

If you set FileSystemTypeVersion to 2.10 for a PERSISTENT_2 Lustre deployment type, the CreateFileSystem operation fails.

" + "documentation":"

(Optional) For FSx for Lustre file systems, sets the Lustre version for the file system that you're creating. Valid values are 2.10, 2.12m and 2.15:

  • 2.10 is supported by the Scratch and Persistent_1 Lustre deployment types.

  • 2.12 and 2.15 are supported by all Lustre deployment types. 2.12 or 2.15 is required when setting FSx for Lustre DeploymentType to PERSISTENT_2.

Default value = 2.10, except when DeploymentType is set to PERSISTENT_2, then the default is 2.12.

If you set FileSystemTypeVersion to 2.10 for a PERSISTENT_2 Lustre deployment type, the CreateFileSystem operation fails.

" }, "OpenZFSConfiguration":{ "shape":"CreateFileSystemOpenZFSConfiguration", @@ -2173,7 +2173,7 @@ "documentation":"

The configuration for an NFS data repository linked to an Amazon File Cache resource with a data repository association.

" } }, - "documentation":"

The configuration of a data repository association that links an Amazon FSx for Lustre file system to an Amazon S3 bucket or an Amazon File Cache resource to an Amazon S3 bucket or an NFS file system. The data repository association configuration object is returned in the response of the following operations:

  • CreateDataRepositoryAssociation

  • UpdateDataRepositoryAssociation

  • DescribeDataRepositoryAssociations

Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and newer file systems, excluding scratch_1 deployment type.

" + "documentation":"

The configuration of a data repository association that links an Amazon FSx for Lustre file system to an Amazon S3 bucket or an Amazon File Cache resource to an Amazon S3 bucket or an NFS file system. The data repository association configuration object is returned in the response of the following operations:

  • CreateDataRepositoryAssociation

  • UpdateDataRepositoryAssociation

  • DescribeDataRepositoryAssociations

Data repository associations are supported on Amazon File Cache resources and all FSx for Lustre 2.12 and 2.15 file systems, excluding scratch_1 deployment type.

" }, "DataRepositoryAssociationId":{ "type":"string", @@ -2263,7 +2263,7 @@ }, "Type":{ "shape":"DataRepositoryTaskType", - "documentation":"

The type of data repository task.

  • EXPORT_TO_REPOSITORY tasks export from your Amazon FSx for Lustre file system to a linked data repository.

  • IMPORT_METADATA_FROM_REPOSITORY tasks import metadata changes from a linked S3 bucket to your Amazon FSx for Lustre file system.

  • RELEASE_DATA_FROM_FILESYSTEM tasks release files in your Amazon FSx for Lustre file system that are archived and that meet your specified release criteria.

  • AUTO_RELEASE_DATA tasks automatically release files from an Amazon File Cache resource.

" + "documentation":"

The type of data repository task.

  • EXPORT_TO_REPOSITORY tasks export from your Amazon FSx for Lustre file system to a linked data repository.

  • IMPORT_METADATA_FROM_REPOSITORY tasks import metadata changes from a linked S3 bucket to your Amazon FSx for Lustre file system.

  • RELEASE_DATA_FROM_FILESYSTEM tasks release files in your Amazon FSx for Lustre file system that have been exported to a linked S3 bucket and that meet your specified release criteria.

  • AUTO_RELEASE_DATA tasks automatically release files from an Amazon File Cache resource.

" }, "CreationTime":{"shape":"CreationTime"}, "StartTime":{ @@ -2306,7 +2306,7 @@ "documentation":"

The configuration that specifies the last accessed time criteria for files that will be released from an Amazon FSx for Lustre file system.

" } }, - "documentation":"

A description of the data repository task.

  • You use import and export data repository tasks to perform bulk transfer operations between an Amazon FSx for Lustre file system and a linked data repository.

  • You use release data repository tasks to release archived files from your Amazon FSx for Lustre file system.

  • An Amazon File Cache resource uses a task to automatically release files from the cache.

To learn more about data repository tasks, see Data Repository Tasks.

" + "documentation":"

A description of the data repository task.

  • You use import and export data repository tasks to perform bulk transfer operations between an Amazon FSx for Lustre file system and a linked data repository.

  • You use release data repository tasks to release have been exported to a linked S3 bucketed files from your Amazon FSx for Lustre file system.

  • An Amazon File Cache resource uses a task to automatically release files from the cache.

To learn more about data repository tasks, see Data Repository Tasks.

" }, "DataRepositoryTaskEnded":{ "type":"structure", @@ -3146,10 +3146,10 @@ }, "Value":{ "shape":"Value", - "documentation":"

An integer that represents the minimum amount of time (in days) since a file was last accessed in the file system. Only archived files with a MAX(atime, ctime, mtime) timestamp that is more than this amount of time in the past (relative to the task create time) will be released. The default of Value is 0. This is a required parameter.

If an archived file meets the last accessed time criteria, its file or directory path must also be specified in the Paths parameter of the operation in order for the file to be released.

" + "documentation":"

An integer that represents the minimum amount of time (in days) since a file was last accessed in the file system. Only exported files with a MAX(atime, ctime, mtime) timestamp that is more than this amount of time in the past (relative to the task create time) will be released. The default of Value is 0. This is a required parameter.

If an exported file meets the last accessed time criteria, its file or directory path must also be specified in the Paths parameter of the operation in order for the file to be released.

" } }, - "documentation":"

Defines the minimum amount of time since last access for a file to be eligible for release. Only archived files that were last accessed or modified before this point-in-time are eligible to be released from the Amazon FSx for Lustre file system.

" + "documentation":"

Defines the minimum amount of time since last access for a file to be eligible for release. Only files that have been exported to S3 and that were last accessed or modified before this point-in-time are eligible to be released from the Amazon FSx for Lustre file system.

" }, "EndTime":{"type":"timestamp"}, "ErrorMessage":{ @@ -3487,7 +3487,7 @@ }, "FileSystemTypeVersion":{ "shape":"FileSystemTypeVersion", - "documentation":"

The Lustre version of the Amazon FSx for Lustre file system, either 2.10 or 2.12.

" + "documentation":"

The Lustre version of the Amazon FSx for Lustre file system, which is 2.10, 2.12, or 2.15.

" }, "OpenZFSConfiguration":{ "shape":"OpenZFSFileSystemConfiguration", @@ -3903,7 +3903,7 @@ "DataRepositoryConfiguration":{"shape":"DataRepositoryConfiguration"}, "DeploymentType":{ "shape":"LustreDeploymentType", - "documentation":"

The deployment type of the FSx for Lustre file system. Scratch deployment type is designed for temporary storage and shorter-term processing of data.

SCRATCH_1 and SCRATCH_2 deployment types are best suited for when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

The PERSISTENT_1 and PERSISTENT_2 deployment type is used for longer-term storage and workloads and encryption of data in transit. PERSISTENT_2 is built on Lustre v2.12 and offers higher PerUnitStorageThroughput (up to 1000 MB/s/TiB) along with a lower minimum storage capacity requirement (600 GiB). To learn more about FSx for Lustre deployment types, see FSx for Lustre deployment options.

The default is SCRATCH_1.

" + "documentation":"

The deployment type of the FSx for Lustre file system. Scratch deployment type is designed for temporary storage and shorter-term processing of data.

SCRATCH_1 and SCRATCH_2 deployment types are best suited for when you need temporary storage and shorter-term processing of data. The SCRATCH_2 deployment type provides in-transit encryption of data and higher burst throughput capacity than SCRATCH_1.

The PERSISTENT_1 and PERSISTENT_2 deployment type is used for longer-term storage and workloads and encryption of data in transit. PERSISTENT_2 offers higher PerUnitStorageThroughput (up to 1000 MB/s/TiB) along with a lower minimum storage capacity requirement (600 GiB). To learn more about FSx for Lustre deployment types, see FSx for Lustre deployment options.

The default is SCRATCH_1.

" }, "PerUnitStorageThroughput":{ "shape":"PerUnitStorageThroughput", @@ -4539,10 +4539,10 @@ "members":{ "DurationSinceLastAccess":{ "shape":"DurationSinceLastAccess", - "documentation":"

Defines the point-in-time since an archived file was last accessed, in order for that file to be eligible for release. Only files that were last accessed before this point-in-time are eligible to be released from the file system.

" + "documentation":"

Defines the point-in-time since an exported file was last accessed, in order for that file to be eligible for release. Only files that were last accessed before this point-in-time are eligible to be released from the file system.

" } }, - "documentation":"

The configuration that specifies a minimum amount of time since last access for an archived file to be eligible for release from an Amazon FSx for Lustre file system. Only files that were last accessed before this point-in-time can be released. For example, if you specify a last accessed time criteria of 9 days, only files that were last accessed 9.00001 or more days ago can be released.

Only file data that has been archived can be released. Files that have not yet been archived, such as new or changed files that have not been exported, are not eligible for release. When files are released, their metadata stays on the file system, so they can still be accessed later. Users and applications can access a released file by reading the file again, which restores data from Amazon S3 to the FSx for Lustre file system.

If a file meets the last accessed time criteria, its file or directory path must also be specified with the Paths parameter of the operation in order for the file to be released.

" + "documentation":"

The configuration that specifies a minimum amount of time since last access for an exported file to be eligible for release from an Amazon FSx for Lustre file system. Only files that were last accessed before this point-in-time can be released. For example, if you specify a last accessed time criteria of 9 days, only files that were last accessed 9.00001 or more days ago can be released.

Only file data that has been exported to S3 can be released. Files that have not yet been exported to S3, such as new or changed files that have not been exported, are not eligible for release. When files are released, their metadata stays on the file system, so they can still be accessed later. Users and applications can access a released file by reading the file again, which restores data from Amazon S3 to the FSx for Lustre file system.

If a file meets the last accessed time criteria, its file or directory path must also be specified with the Paths parameter of the operation in order for the file to be released.

" }, "ReleaseFileSystemNfsV3LocksRequest":{ "type":"structure", @@ -5568,7 +5568,7 @@ "DailyAutomaticBackupStartTime":{"shape":"DailyTime"}, "ThroughputCapacity":{ "shape":"MegabytesPerSecond", - "documentation":"

The throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second
 (MB/s). Valid values depend on the DeploymentType you choose, as follows:

  • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

  • For SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MB/s.

" + "documentation":"

The throughput of an Amazon FSx for OpenZFS file system, measured in megabytes per second
 (MB/s). Valid values depend on the DeploymentType you choose, as follows:

  • For MULTI_AZ_1 and SINGLE_AZ_2, valid values are 160, 320, 640, 1280, 2560, 3840, 5120, 7680, or 10240 MBps.

  • For SINGLE_AZ_1, valid values are 64, 128, 256, 512, 1024, 2048, 3072, or 4096 MB/s.

" }, "WeeklyMaintenanceStartTime":{"shape":"WeeklyTime"}, "DiskIopsConfiguration":{"shape":"DiskIopsConfiguration"}, diff --git a/botocore/data/omics/2022-11-28/service-2.json b/botocore/data/omics/2022-11-28/service-2.json index 1c60667127..ce387de2ec 100644 --- a/botocore/data/omics/2022-11-28/service-2.json +++ b/botocore/data/omics/2022-11-28/service-2.json @@ -1596,7 +1596,7 @@ {"shape":"AccessDeniedException"}, {"shape":"RequestTimeoutException"} ], - "documentation":"

Starts a run.

", + "documentation":"

Starts a workflow run. To duplicate a run, specify the run's ID and a role ARN. The remaining parameters are copied from the previous run.

The total number of runs in your account is subject to a quota per Region. To avoid needing to delete runs manually, you can set the retention mode to REMOVE. Runs with this setting are deleted automatically when the run quoata is exceeded.

", "authtype":"v4", "endpoint":{"hostPrefix":"workflows-"} }, @@ -4520,6 +4520,10 @@ "accelerators":{ "shape":"Accelerators", "documentation":"

The computational accelerator used to run the workflow.

" + }, + "retentionMode":{ + "shape":"RunRetentionMode", + "documentation":"

The run's retention mode.

" } } }, @@ -7324,6 +7328,15 @@ "key":{"shape":"RunResourceDigestKey"}, "value":{"shape":"RunResourceDigest"} }, + "RunRetentionMode":{ + "type":"string", + "enum":[ + "RETAIN", + "REMOVE" + ], + "max":64, + "min":1 + }, "RunRoleArn":{ "type":"string", "max":128, @@ -8024,11 +8037,11 @@ }, "workflowType":{ "shape":"WorkflowType", - "documentation":"

The run's workflows type.

" + "documentation":"

The run's workflow type.

" }, "runId":{ "shape":"RunId", - "documentation":"

The run's ID.

" + "documentation":"

The ID of a run to duplicate.

" }, "roleArn":{ "shape":"RunRoleArn", @@ -8070,6 +8083,10 @@ "shape":"RunRequestId", "documentation":"

To ensure that requests don't run multiple times, specify a unique ID for each request.

", "idempotencyToken":true + }, + "retentionMode":{ + "shape":"RunRetentionMode", + "documentation":"

The retention mode for the run.

" } } }, diff --git a/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json b/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json index 1d567c5f97..900cfc973e 100644 --- a/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json +++ b/botocore/data/sesv2/2019-09-27/endpoint-rule-set-1.json @@ -58,52 +58,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -111,13 +115,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -127,224 +140,175 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://email-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://email-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://email-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsFIPS" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://email-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://email.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://email.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://email.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://email.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] } \ No newline at end of file diff --git a/botocore/data/sesv2/2019-09-27/service-2.json b/botocore/data/sesv2/2019-09-27/service-2.json index 668c5a618a..ee62c7b3fd 100644 --- a/botocore/data/sesv2/2019-09-27/service-2.json +++ b/botocore/data/sesv2/2019-09-27/service-2.json @@ -29,6 +29,21 @@ ], "documentation":"

Retrieves batches of metric data collected based on your sending activity.

You can execute this operation no more than 16 times per second, and with at most 160 queries from the batches per second (cumulative).

" }, + "CancelExportJob":{ + "name":"CancelExportJob", + "http":{ + "method":"PUT", + "requestUri":"/v2/email/export-jobs/{JobId}/cancel" + }, + "input":{"shape":"CancelExportJobRequest"}, + "output":{"shape":"CancelExportJobResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

Cancels an export job.

" + }, "CreateConfigurationSet":{ "name":"CreateConfigurationSet", "http":{ @@ -202,6 +217,22 @@ ], "documentation":"

Creates an email template. Email templates enable you to send personalized email to one or more destinations in a single API operation. For more information, see the Amazon SES Developer Guide.

You can execute this operation no more than once per second.

" }, + "CreateExportJob":{ + "name":"CreateExportJob", + "http":{ + "method":"POST", + "requestUri":"/v2/email/export-jobs" + }, + "input":{"shape":"CreateExportJobRequest"}, + "output":{"shape":"CreateExportJobResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"NotFoundException"}, + {"shape":"LimitExceededException"} + ], + "documentation":"

Creates an export job for a data source and destination.

You can execute this operation no more than once per second.

" + }, "CreateImportJob":{ "name":"CreateImportJob", "http":{ @@ -625,6 +656,21 @@ ], "documentation":"

Displays the template object (which includes the subject line, HTML part and text part) for the template you specify.

You can execute this operation no more than once per second.

" }, + "GetExportJob":{ + "name":"GetExportJob", + "http":{ + "method":"GET", + "requestUri":"/v2/email/export-jobs/{JobId}" + }, + "input":{"shape":"GetExportJobRequest"}, + "output":{"shape":"GetExportJobResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"} + ], + "documentation":"

Provides information about an export job.

" + }, "GetImportJob":{ "name":"GetImportJob", "http":{ @@ -640,6 +686,21 @@ ], "documentation":"

Provides information about an import job.

" }, + "GetMessageInsights":{ + "name":"GetMessageInsights", + "http":{ + "method":"GET", + "requestUri":"/v2/email/insights/{MessageId}/" + }, + "input":{"shape":"GetMessageInsightsRequest"}, + "output":{"shape":"GetMessageInsightsResponse"}, + "errors":[ + {"shape":"NotFoundException"}, + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

Provides information about a specific message, including the from address, the subject, the recipient address, email tags, as well as events associated with the message.

You can execute this operation no more than once per second.

" + }, "GetSuppressedDestination":{ "name":"GetSuppressedDestination", "http":{ @@ -784,6 +845,20 @@ ], "documentation":"

Lists the email templates present in your Amazon SES account in the current Amazon Web Services Region.

You can execute this operation no more than once per second.

" }, + "ListExportJobs":{ + "name":"ListExportJobs", + "http":{ + "method":"POST", + "requestUri":"/v2/email/list-export-jobs" + }, + "input":{"shape":"ListExportJobsRequest"}, + "output":{"shape":"ListExportJobsResponse"}, + "errors":[ + {"shape":"TooManyRequestsException"}, + {"shape":"BadRequestException"} + ], + "documentation":"

Lists all of the export jobs.

" + }, "ListImportJobs":{ "name":"ListImportJobs", "http":{ @@ -1556,6 +1631,33 @@ }, "documentation":"

Represents the body of the email message.

" }, + "Bounce":{ + "type":"structure", + "members":{ + "BounceType":{ + "shape":"BounceType", + "documentation":"

The type of the bounce, as determined by SES. Can be one of UNDETERMINED, TRANSIENT, or PERMANENT

" + }, + "BounceSubType":{ + "shape":"BounceSubType", + "documentation":"

The subtype of the bounce, as determined by SES.

" + }, + "DiagnosticCode":{ + "shape":"DiagnosticCode", + "documentation":"

The status code issued by the reporting Message Transfer Authority (MTA). This field only appears if a delivery status notification (DSN) was attached to the bounce and the Diagnostic-Code was provided in the DSN.

" + } + }, + "documentation":"

Information about a Bounce event.

" + }, + "BounceSubType":{"type":"string"}, + "BounceType":{ + "type":"string", + "enum":[ + "UNDETERMINED", + "TRANSIENT", + "PERMANENT" + ] + }, "BulkEmailContent":{ "type":"structure", "members":{ @@ -1632,6 +1734,25 @@ ] }, "CampaignId":{"type":"string"}, + "CancelExportJobRequest":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

The export job ID.

", + "location":"uri", + "locationName":"JobId" + } + }, + "documentation":"

Represents a request to cancel an export job using the export job ID.

" + }, + "CancelExportJobResponse":{ + "type":"structure", + "members":{ + }, + "documentation":"

An HTTP 200 response if the request succeeds, or an error message if the request fails.

" + }, "CaseId":{"type":"string"}, "Charset":{"type":"string"}, "CloudWatchDestination":{ @@ -1672,6 +1793,22 @@ "type":"list", "member":{"shape":"CloudWatchDimensionConfiguration"} }, + "Complaint":{ + "type":"structure", + "members":{ + "ComplaintSubType":{ + "shape":"ComplaintSubType", + "documentation":"

Can either be null or OnAccountSuppressionList. If the value is OnAccountSuppressionList, SES accepted the message, but didn't attempt to send it because it was on the account-level suppression list.

" + }, + "ComplaintFeedbackType":{ + "shape":"ComplaintFeedbackType", + "documentation":"

The value of the Feedback-Type field from the feedback report received from the ISP.

" + } + }, + "documentation":"

Information about a Complaint event.

" + }, + "ComplaintFeedbackType":{"type":"string"}, + "ComplaintSubType":{"type":"string"}, "ConcurrentModificationException":{ "type":"structure", "members":{ @@ -2133,6 +2270,34 @@ }, "documentation":"

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

" }, + "CreateExportJobRequest":{ + "type":"structure", + "required":[ + "ExportDataSource", + "ExportDestination" + ], + "members":{ + "ExportDataSource":{ + "shape":"ExportDataSource", + "documentation":"

The data source for the export job.

" + }, + "ExportDestination":{ + "shape":"ExportDestination", + "documentation":"

The destination for the export job.

" + } + }, + "documentation":"

Represents a request to create an export job from a data source to a data destination.

" + }, + "CreateExportJobResponse":{ + "type":"structure", + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

A string that represents the export job ID.

" + } + }, + "documentation":"

An HTTP 200 response if the request succeeds, or an error message if the request fails.

" + }, "CreateImportJobRequest":{ "type":"structure", "required":[ @@ -2240,7 +2405,7 @@ }, "DataFormat":{ "type":"string", - "documentation":"

The data format of the import job's data source.

", + "documentation":"

The data format of a file, can be one of the following:

  • CSV – A comma-separated values file.

  • JSON – A JSON file.

", "enum":[ "CSV", "JSON" @@ -2568,6 +2733,18 @@ "type":"string", "documentation":"

The subject line for an email that you submitted in a predictive inbox placement test.

" }, + "DeliveryEventType":{ + "type":"string", + "documentation":"

The type of delivery events:

  • SEND - The send request was successful and SES will attempt to deliver the message to the recipient’s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)

  • DELIVERY - SES successfully delivered the email to the recipient's mail server. Excludes deliveries to the mailbox simulator and emails addressed to more than one recipient.

  • TRANSIENT_BOUNCE - Feedback received for delivery failures excluding issues with non-existent mailboxes. Excludes bounces from the mailbox simulator, and those from emails addressed to more than one recipient.

  • PERMANENT_BOUNCE - Feedback received for emails sent to non-existent mailboxes. Excludes bounces from the mailbox simulator, those originating from your account-level suppression list (if enabled), and those from emails addressed to more than one recipient.

  • UNDETERMINED_BOUNCE - SES was unable to determine the bounce reason.

  • COMPLAINT - Complaint received for the email. This excludes complaints from the mailbox simulator, those originating from your account-level suppression list (if enabled), and those from emails addressed to more than one recipient.

", + "enum":[ + "SEND", + "DELIVERY", + "TRANSIENT_BOUNCE", + "PERMANENT_BOUNCE", + "UNDETERMINED_BOUNCE", + "COMPLAINT" + ] + }, "DeliveryOptions":{ "type":"structure", "members":{ @@ -2601,6 +2778,7 @@ }, "documentation":"

An object that describes the recipients for an email.

Amazon SES does not support the SMTPUTF8 extension, as described in RFC6531. For this reason, the local part of a destination email address (the part of the email address that precedes the @ sign) may only contain 7-bit ASCII characters. If the domain part of an address (the part after the @ sign) contains non-ASCII characters, they must be encoded using Punycode, as described in RFC3492.

" }, + "DiagnosticCode":{"type":"string"}, "DimensionName":{ "type":"string", "documentation":"

The name of an Amazon CloudWatch dimension associated with an email sending metric. The name has to meet the following criteria:

  • It can only contain ASCII letters (a-z, A-Z), numbers (0-9), underscores (_), or dashes (-).

  • It can contain no more than 256 characters.

" @@ -2826,6 +3004,11 @@ "member":{"shape":"DomainIspPlacement"} }, "EmailAddress":{"type":"string"}, + "EmailAddressFilterList":{ + "type":"list", + "member":{"shape":"InsightsEmailAddress"}, + "max":5 + }, "EmailAddressList":{ "type":"list", "member":{"shape":"EmailAddress"} @@ -2848,6 +3031,39 @@ }, "documentation":"

An object that defines the entire content of the email, including the message headers and the body content. You can create a simple email message, in which you specify the subject and the text and HTML versions of the message body. You can also create raw messages, in which you specify a complete MIME-formatted message. Raw messages can include attachments and custom headers.

" }, + "EmailInsights":{ + "type":"structure", + "members":{ + "Destination":{ + "shape":"InsightsEmailAddress", + "documentation":"

The recipient of the email.

" + }, + "Isp":{ + "shape":"Isp", + "documentation":"

The recipient's ISP (e.g., Gmail, Yahoo, etc.).

" + }, + "Events":{ + "shape":"InsightsEvents", + "documentation":"

A list of events associated with the sent email.

" + } + }, + "documentation":"

An email's insights contain metadata and delivery information about a specific email.

" + }, + "EmailInsightsList":{ + "type":"list", + "member":{"shape":"EmailInsights"} + }, + "EmailSubject":{ + "type":"string", + "max":998, + "min":1, + "sensitive":true + }, + "EmailSubjectFilterList":{ + "type":"list", + "member":{"shape":"EmailSubject"}, + "max":1 + }, "EmailTemplateContent":{ "type":"structure", "members":{ @@ -2909,6 +3125,14 @@ }, "Enabled":{"type":"boolean"}, "EnabledWrapper":{"type":"boolean"}, + "EngagementEventType":{ + "type":"string", + "documentation":"

The type of delivery events:

  • OPEN - Open event for emails including open trackers. Excludes opens for emails addressed to more than one recipient.

  • CLICK - Click event for emails including wrapped links. Excludes clicks for emails addressed to more than one recipient.

", + "enum":[ + "OPEN", + "CLICK" + ] + }, "ErrorMessage":{"type":"string"}, "Esp":{"type":"string"}, "Esps":{ @@ -2991,6 +3215,20 @@ "type":"list", "member":{"shape":"EventDestination"} }, + "EventDetails":{ + "type":"structure", + "members":{ + "Bounce":{ + "shape":"Bounce", + "documentation":"

Information about a Bounce event.

" + }, + "Complaint":{ + "shape":"Complaint", + "documentation":"

Information about a Complaint event.

" + } + }, + "documentation":"

Contains a Bounce object if the event type is BOUNCE. Contains a Complaint object if the event type is COMPLAINT.

" + }, "EventType":{ "type":"string", "documentation":"

An email sending event type. For example, email sends, opens, and bounces are all email events.

", @@ -3011,6 +3249,110 @@ "type":"list", "member":{"shape":"EventType"} }, + "ExportDataSource":{ + "type":"structure", + "members":{ + "MetricsDataSource":{"shape":"MetricsDataSource"}, + "MessageInsightsDataSource":{"shape":"MessageInsightsDataSource"} + }, + "documentation":"

An object that contains details about the data source of the export job. It can only contain one of MetricsDataSource or MessageInsightsDataSource object.

" + }, + "ExportDestination":{ + "type":"structure", + "required":["DataFormat"], + "members":{ + "DataFormat":{ + "shape":"DataFormat", + "documentation":"

The data format of the final export job file, can be one of the following:

  • CSV - A comma-separated values file.

  • JSON - A Json file.

" + }, + "S3Url":{ + "shape":"S3Url", + "documentation":"

An Amazon S3 pre-signed URL that points to the generated export file.

" + } + }, + "documentation":"

An object that contains details about the destination of the export job.

" + }, + "ExportDimensionValue":{ + "type":"list", + "member":{"shape":"MetricDimensionValue"}, + "max":10, + "min":1 + }, + "ExportDimensions":{ + "type":"map", + "key":{"shape":"MetricDimensionName"}, + "value":{"shape":"ExportDimensionValue"}, + "max":3, + "min":1 + }, + "ExportJobSummary":{ + "type":"structure", + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

The export job ID.

" + }, + "ExportSourceType":{ + "shape":"ExportSourceType", + "documentation":"

The source type of the export job.

" + }, + "JobStatus":{ + "shape":"JobStatus", + "documentation":"

The status of the export job.

" + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the export job was created.

" + }, + "CompletedTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the export job was completed.

" + } + }, + "documentation":"

A summary of the export job.

" + }, + "ExportJobSummaryList":{ + "type":"list", + "member":{"shape":"ExportJobSummary"}, + "documentation":"

A list of the export job summaries.

" + }, + "ExportMetric":{ + "type":"structure", + "members":{ + "Name":{"shape":"Metric"}, + "Aggregation":{"shape":"MetricAggregation"} + }, + "documentation":"

An object that contains a mapping between a Metric and MetricAggregation.

" + }, + "ExportMetrics":{ + "type":"list", + "member":{"shape":"ExportMetric"}, + "max":10, + "min":1 + }, + "ExportSourceType":{ + "type":"string", + "documentation":"

The type of data source of an export, can be one of the following:

  • METRICS_DATA - The metrics export.

  • MESSAGE_INSIGHTS - The Message Insights export.

", + "enum":[ + "METRICS_DATA", + "MESSAGE_INSIGHTS" + ] + }, + "ExportStatistics":{ + "type":"structure", + "members":{ + "ProcessedRecordsCount":{ + "shape":"ProcessedRecordsCount", + "documentation":"

The number of records that were processed to generate the final export file.

" + }, + "ExportedRecordsCount":{ + "shape":"ExportedRecordsCount", + "documentation":"

The number of records that were exported to the final export file.

This value might not be available for all export source types

" + } + }, + "documentation":"

Statistics about the execution of an export job.

" + }, + "ExportedRecordsCount":{"type":"integer"}, "FailedRecordsCount":{"type":"integer"}, "FailedRecordsS3Url":{"type":"string"}, "FailureInfo":{ @@ -3018,14 +3360,14 @@ "members":{ "FailedRecordsS3Url":{ "shape":"FailedRecordsS3Url", - "documentation":"

An Amazon S3 presigned URL that contains all the failed records and related information.

" + "documentation":"

An Amazon S3 pre-signed URL that contains all the failed records and related information.

" }, "ErrorMessage":{ "shape":"ErrorMessage", - "documentation":"

A message about why the import job failed.

" + "documentation":"

A message about why the job failed.

" } }, - "documentation":"

An object that contains the failure details about an import job.

" + "documentation":"

An object that contains the failure details about a job.

" }, "FailureRedirectionURL":{ "type":"string", @@ -3665,6 +4007,61 @@ }, "documentation":"

The following element is returned by the service.

" }, + "GetExportJobRequest":{ + "type":"structure", + "required":["JobId"], + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

The export job ID.

", + "location":"uri", + "locationName":"JobId" + } + }, + "documentation":"

Represents a request to retrieve information about an export job using the export job ID.

" + }, + "GetExportJobResponse":{ + "type":"structure", + "members":{ + "JobId":{ + "shape":"JobId", + "documentation":"

The export job ID.

" + }, + "ExportSourceType":{ + "shape":"ExportSourceType", + "documentation":"

The type of source of the export job.

" + }, + "JobStatus":{ + "shape":"JobStatus", + "documentation":"

The status of the export job.

" + }, + "ExportDestination":{ + "shape":"ExportDestination", + "documentation":"

The destination of the export job.

" + }, + "ExportDataSource":{ + "shape":"ExportDataSource", + "documentation":"

The data source of the export job.

" + }, + "CreatedTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the export job was created.

" + }, + "CompletedTimestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp of when the export job was completed.

" + }, + "FailureInfo":{ + "shape":"FailureInfo", + "documentation":"

The failure details about an export job.

" + }, + "Statistics":{ + "shape":"ExportStatistics", + "documentation":"

The statistics about the export job.

" + } + }, + "documentation":"

An HTTP 200 response if the request succeeds, or an error message if the request fails.

" + }, "GetImportJobRequest":{ "type":"structure", "required":["JobId"], @@ -3720,6 +4117,45 @@ }, "documentation":"

An HTTP 200 response if the request succeeds, or an error message if the request fails.

" }, + "GetMessageInsightsRequest":{ + "type":"structure", + "required":["MessageId"], + "members":{ + "MessageId":{ + "shape":"OutboundMessageId", + "documentation":"

A MessageId is a unique identifier for a message, and is returned when sending emails through Amazon SES.

", + "location":"uri", + "locationName":"MessageId" + } + }, + "documentation":"

A request to return information about a message.

" + }, + "GetMessageInsightsResponse":{ + "type":"structure", + "members":{ + "MessageId":{ + "shape":"OutboundMessageId", + "documentation":"

A unique identifier for the message.

" + }, + "FromEmailAddress":{ + "shape":"InsightsEmailAddress", + "documentation":"

The from address used to send the message.

" + }, + "Subject":{ + "shape":"EmailSubject", + "documentation":"

The subject line of the message.

" + }, + "EmailTags":{ + "shape":"MessageTagList", + "documentation":"

A list of tags, in the form of name/value pairs, that were applied to the email you sent, along with Amazon SES Auto-Tags.

" + }, + "Insights":{ + "shape":"EmailInsightsList", + "documentation":"

A set of insights associated with the message.

" + } + }, + "documentation":"

Information about a message.

" + }, "GetSuppressedDestinationRequest":{ "type":"structure", "required":["EmailAddress"], @@ -3883,6 +4319,34 @@ }, "documentation":"

An object that contains information about the inbox placement data settings for a verified domain that’s associated with your Amazon Web Services account. This data is available only if you enabled the Deliverability dashboard for the domain.

" }, + "InsightsEmailAddress":{ + "type":"string", + "max":320, + "min":1, + "sensitive":true + }, + "InsightsEvent":{ + "type":"structure", + "members":{ + "Timestamp":{ + "shape":"Timestamp", + "documentation":"

The timestamp of the event.

" + }, + "Type":{ + "shape":"EventType", + "documentation":"

The type of event:

  • SEND - The send request was successful and SES will attempt to deliver the message to the recipient’s mail server. (If account-level or global suppression is being used, SES will still count it as a send, but delivery is suppressed.)

  • DELIVERY - SES successfully delivered the email to the recipient's mail server. Excludes deliveries to the mailbox simulator, and those from emails addressed to more than one recipient.

  • BOUNCE - Feedback received for delivery failures. Additional details about the bounce are provided in the Details object. Excludes bounces from the mailbox simulator, and those from emails addressed to more than one recipient.

  • COMPLAINT - Complaint received for the email. Additional details about the complaint are provided in the Details object. This excludes complaints from the mailbox simulator, those originating from your account-level suppression list (if enabled), and those from emails addressed to more than one recipient.

  • OPEN - Open event for emails including open trackers. Excludes opens for emails addressed to more than one recipient.

  • CLICK - Click event for emails including wrapped links. Excludes clicks for emails addressed to more than one recipient.

" + }, + "Details":{ + "shape":"EventDetails", + "documentation":"

Details about bounce or complaint events.

" + } + }, + "documentation":"

An object containing details about a specific event.

" + }, + "InsightsEvents":{ + "type":"list", + "member":{"shape":"InsightsEvent"} + }, "InternalServiceErrorException":{ "type":"structure", "members":{ @@ -3908,6 +4372,12 @@ "type":"list", "member":{"shape":"Ip"} }, + "Isp":{"type":"string"}, + "IspFilterList":{ + "type":"list", + "member":{"shape":"Isp"}, + "max":5 + }, "IspName":{ "type":"string", "documentation":"

The name of an email provider.

" @@ -3936,17 +4406,18 @@ }, "JobId":{ "type":"string", - "documentation":"

A string that represents the import job ID.

", + "documentation":"

A string that represents a job ID.

", "min":1 }, "JobStatus":{ "type":"string", - "documentation":"

The status of the import job.

", + "documentation":"

The status of a job.

  • CREATED – Job has just been created.

  • PROCESSING – Job is processing.

  • ERROR – An error occurred during processing.

  • COMPLETED – Job has completed processing successfully.

", "enum":[ "CREATED", "PROCESSING", "COMPLETED", - "FAILED" + "FAILED", + "CANCELLED" ] }, "KinesisFirehoseDestination":{ @@ -3967,6 +4438,16 @@ }, "documentation":"

An object that defines an Amazon Kinesis Data Firehose destination for email events. You can use Amazon Kinesis Data Firehose to stream data to other services, such as Amazon S3 and Amazon Redshift.

" }, + "LastDeliveryEventList":{ + "type":"list", + "member":{"shape":"DeliveryEventType"}, + "max":5 + }, + "LastEngagementEventList":{ + "type":"list", + "member":{"shape":"EngagementEventType"}, + "max":2 + }, "LastFreshStart":{ "type":"timestamp", "documentation":"

The date and time (in Unix time) when the reputation metrics were last given a fresh start. When your account is given a fresh start, your reputation metrics are calculated starting from the date of the fresh start.

" @@ -4313,6 +4794,42 @@ }, "documentation":"

The following elements are returned by the service.

" }, + "ListExportJobsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"NextToken", + "documentation":"

The pagination token returned from a previous call to ListExportJobs to indicate the position in the list of export jobs.

" + }, + "PageSize":{ + "shape":"MaxItems", + "documentation":"

Maximum number of export jobs to return at once. Use this parameter to paginate results. If additional export jobs exist beyond the specified limit, the NextToken element is sent in the response. Use the NextToken value in subsequent calls to ListExportJobs to retrieve additional export jobs.

" + }, + "ExportSourceType":{ + "shape":"ExportSourceType", + "documentation":"

A value used to list export jobs that have a certain ExportSourceType.

" + }, + "JobStatus":{ + "shape":"JobStatus", + "documentation":"

A value used to list export jobs that have a certain JobStatus.

" + } + }, + "documentation":"

Represents a request to list all export jobs with filters.

" + }, + "ListExportJobsResponse":{ + "type":"structure", + "members":{ + "ExportJobs":{ + "shape":"ExportJobSummaryList", + "documentation":"

A list of the export job summaries.

" + }, + "NextToken":{ + "shape":"NextToken", + "documentation":"

A string token indicating that there might be additional export jobs available to be listed. Use this token to a subsequent call to ListExportJobs with the same parameters to retrieve the next page of export jobs.

" + } + }, + "documentation":"

An HTTP 200 response if the request succeeds, or an error message if the request fails.

" + }, "ListImportJobsRequest":{ "type":"structure", "members":{ @@ -4582,6 +5099,71 @@ "documentation":"

The body of an email message.

" }, "MessageData":{"type":"string"}, + "MessageInsightsDataSource":{ + "type":"structure", + "required":[ + "StartDate", + "EndDate" + ], + "members":{ + "StartDate":{ + "shape":"Timestamp", + "documentation":"

Represents the start date for the export interval as a timestamp. The start date is inclusive.

" + }, + "EndDate":{ + "shape":"Timestamp", + "documentation":"

Represents the end date for the export interval as a timestamp. The end date is inclusive.

" + }, + "Include":{ + "shape":"MessageInsightsFilters", + "documentation":"

Filters for results to be included in the export file.

" + }, + "Exclude":{ + "shape":"MessageInsightsFilters", + "documentation":"

Filters for results to be excluded from the export file.

" + }, + "MaxResults":{ + "shape":"MessageInsightsExportMaxResults", + "documentation":"

The maximum number of results.

" + } + }, + "documentation":"

An object that contains filters applied when performing the Message Insights export.

" + }, + "MessageInsightsExportMaxResults":{ + "type":"integer", + "max":10000, + "min":1 + }, + "MessageInsightsFilters":{ + "type":"structure", + "members":{ + "FromEmailAddress":{ + "shape":"EmailAddressFilterList", + "documentation":"

The from address used to send the message.

" + }, + "Destination":{ + "shape":"EmailAddressFilterList", + "documentation":"

The recipient's email address.

" + }, + "Subject":{ + "shape":"EmailSubjectFilterList", + "documentation":"

The subject line of the message.

" + }, + "Isp":{ + "shape":"IspFilterList", + "documentation":"

The recipient's ISP (e.g., Gmail, Yahoo, etc.).

" + }, + "LastDeliveryEvent":{ + "shape":"LastDeliveryEventList", + "documentation":"

The last delivery-related event for the email, where the ordering is as follows: SEND < BOUNCE < DELIVERY < COMPLAINT.

" + }, + "LastEngagementEvent":{ + "shape":"LastEngagementEventList", + "documentation":"

The last engagement-related event for the email, where the ordering is as follows: OPEN < CLICK.

Engagement events are only available if Engagement tracking is enabled.

" + } + }, + "documentation":"

An object containing Message Insights filters.

If you specify multiple filters, the filters are joined by AND.

If you specify multiple values for a filter, the values are joined by OR. Filter values are case-sensitive.

FromEmailAddress, Destination, and Subject filters support partial match. A partial match is performed by using the * wildcard character placed at the beginning (suffix match), the end (prefix match) or both ends of the string (contains match). In order to match the literal characters * or \\, they must be escaped using the \\ character. If no wildcard character is present, an exact match is performed.

" + }, "MessageRejected":{ "type":"structure", "members":{ @@ -4623,6 +5205,7 @@ }, "Metric":{ "type":"string", + "documentation":"

The metric to export, can be one of the following:

  • SEND - Emails sent eligible for tracking in the VDM dashboard. This excludes emails sent to the mailbox simulator and emails addressed to more than one recipient.

  • COMPLAINT - Complaints received for your account. This excludes complaints from the mailbox simulator, those originating from your account-level suppression list (if enabled), and those for emails addressed to more than one recipient

  • PERMANENT_BOUNCE - Permanent bounces - i.e., feedback received for emails sent to non-existent mailboxes. Excludes bounces from the mailbox simulator, those originating from your account-level suppression list (if enabled), and those for emails addressed to more than one recipient.

  • TRANSIENT_BOUNCE - Transient bounces - i.e., feedback received for delivery failures excluding issues with non-existent mailboxes. Excludes bounces from the mailbox simulator, and those for emails addressed to more than one recipient.

  • OPEN - Unique open events for emails including open trackers. Excludes opens for emails addressed to more than one recipient.

  • CLICK - Unique click events for emails including wrapped links. Excludes clicks for emails addressed to more than one recipient.

  • DELIVERY - Successful deliveries for email sending attempts. Excludes deliveries to the mailbox simulator and for emails addressed to more than one recipient.

  • DELIVERY_OPEN - Successful deliveries for email sending attempts. Excludes deliveries to the mailbox simulator, for emails addressed to more than one recipient, and emails without open trackers.

  • DELIVERY_CLICK - Successful deliveries for email sending attempts. Excludes deliveries to the mailbox simulator, for emails addressed to more than one recipient, and emails without click trackers.

  • DELIVERY_COMPLAINT - Successful deliveries for email sending attempts. Excludes deliveries to the mailbox simulator, for emails addressed to more than one recipient, and emails addressed to recipients hosted by ISPs with which Amazon SES does not have a feedback loop agreement.

", "enum":[ "SEND", "COMPLAINT", @@ -4636,6 +5219,14 @@ "DELIVERY_COMPLAINT" ] }, + "MetricAggregation":{ + "type":"string", + "documentation":"

The aggregation to apply to a metric, can be one of the following:

  • VOLUME - The volume of events for this metric.

  • RATE - The rate for this metric relative to the SEND metric volume.

", + "enum":[ + "RATE", + "VOLUME" + ] + }, "MetricDataError":{ "type":"structure", "members":{ @@ -4689,7 +5280,10 @@ "ISP" ] }, - "MetricDimensionValue":{"type":"string"}, + "MetricDimensionValue":{ + "type":"string", + "documentation":"

A list of values associated with the MetricDimensionName to filter metrics by. Can either be * as a wildcard for all values or a list of up to 10 specific values. If one Dimension has the * value, other dimensions can only contain one value.

" + }, "MetricNamespace":{ "type":"string", "enum":["VDM"] @@ -4698,6 +5292,39 @@ "type":"list", "member":{"shape":"Counter"} }, + "MetricsDataSource":{ + "type":"structure", + "required":[ + "Dimensions", + "Namespace", + "Metrics", + "StartDate", + "EndDate" + ], + "members":{ + "Dimensions":{ + "shape":"ExportDimensions", + "documentation":"

An object that contains a mapping between a MetricDimensionName and MetricDimensionValue to filter metrics by. Must contain a least 1 dimension but no more than 3 unique ones.

" + }, + "Namespace":{ + "shape":"MetricNamespace", + "documentation":"

The metrics namespace - e.g., VDM.

" + }, + "Metrics":{ + "shape":"ExportMetrics", + "documentation":"

A list of ExportMetric objects to export.

" + }, + "StartDate":{ + "shape":"Timestamp", + "documentation":"

Represents the start date for the export interval as a timestamp.

" + }, + "EndDate":{ + "shape":"Timestamp", + "documentation":"

Represents the end date for the export interval as a timestamp.

" + } + }, + "documentation":"

An object that contains details about the data source for the metrics export.

" + }, "NextToken":{"type":"string"}, "NotFoundException":{ "type":"structure", @@ -5465,7 +6092,7 @@ }, "S3Url":{ "type":"string", - "documentation":"

An Amazon S3 URL in the format s3://<bucket_name>/<object>.

", + "documentation":"

An Amazon S3 URL in the format s3://<bucket_name>/<object> or a pre-signed URL.

", "pattern":"^s3:\\/\\/([^\\/]+)\\/(.*?([^\\/]+)\\/?)$" }, "ScalingMode":{ From deda9d3c09e1097c100dcbf0dc20e10c409b9016 Mon Sep 17 00:00:00 2001 From: aws-sdk-python-automation Date: Tue, 29 Aug 2023 18:12:04 +0000 Subject: [PATCH 10/10] Bumping version to 1.31.37 --- .changes/1.31.37.json | 22 +++++++++++++++++++ .../api-change-cognitoidp-52136.json | 5 ----- .../next-release/api-change-fsx-89285.json | 5 ----- .../next-release/api-change-omics-99043.json | 5 ----- .../next-release/api-change-sesv2-79893.json | 5 ----- CHANGELOG.rst | 9 ++++++++ botocore/__init__.py | 2 +- docs/source/conf.py | 2 +- 8 files changed, 33 insertions(+), 22 deletions(-) create mode 100644 .changes/1.31.37.json delete mode 100644 .changes/next-release/api-change-cognitoidp-52136.json delete mode 100644 .changes/next-release/api-change-fsx-89285.json delete mode 100644 .changes/next-release/api-change-omics-99043.json delete mode 100644 .changes/next-release/api-change-sesv2-79893.json diff --git a/.changes/1.31.37.json b/.changes/1.31.37.json new file mode 100644 index 0000000000..137fb2026f --- /dev/null +++ b/.changes/1.31.37.json @@ -0,0 +1,22 @@ +[ + { + "category": "``cognito-idp``", + "description": "Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name.", + "type": "api-change" + }, + { + "category": "``fsx``", + "description": "Documentation updates for project quotas.", + "type": "api-change" + }, + { + "category": "``omics``", + "description": "Add RetentionMode support for Runs.", + "type": "api-change" + }, + { + "category": "``sesv2``", + "description": "Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights.", + "type": "api-change" + } +] \ No newline at end of file diff --git a/.changes/next-release/api-change-cognitoidp-52136.json b/.changes/next-release/api-change-cognitoidp-52136.json deleted file mode 100644 index 213b6b9d95..0000000000 --- a/.changes/next-release/api-change-cognitoidp-52136.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``cognito-idp``", - "description": "Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name." -} diff --git a/.changes/next-release/api-change-fsx-89285.json b/.changes/next-release/api-change-fsx-89285.json deleted file mode 100644 index 74b04415b9..0000000000 --- a/.changes/next-release/api-change-fsx-89285.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``fsx``", - "description": "Documentation updates for project quotas." -} diff --git a/.changes/next-release/api-change-omics-99043.json b/.changes/next-release/api-change-omics-99043.json deleted file mode 100644 index 6a45d5ac7d..0000000000 --- a/.changes/next-release/api-change-omics-99043.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``omics``", - "description": "Add RetentionMode support for Runs." -} diff --git a/.changes/next-release/api-change-sesv2-79893.json b/.changes/next-release/api-change-sesv2-79893.json deleted file mode 100644 index 52ccfb37aa..0000000000 --- a/.changes/next-release/api-change-sesv2-79893.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "type": "api-change", - "category": "``sesv2``", - "description": "Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights." -} diff --git a/CHANGELOG.rst b/CHANGELOG.rst index efd0dcc65f..a77af80a6d 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -2,6 +2,15 @@ CHANGELOG ========= +1.31.37 +======= + +* api-change:``cognito-idp``: Added API example requests and responses for several operations. Fixed the validation regex for user pools Identity Provider name. +* api-change:``fsx``: Documentation updates for project quotas. +* api-change:``omics``: Add RetentionMode support for Runs. +* api-change:``sesv2``: Adds support for the new Export and Message Insights features: create, get, list and cancel export jobs; get message insights. + + 1.31.36 ======= diff --git a/botocore/__init__.py b/botocore/__init__.py index 66523bda60..5e869a1fa5 100644 --- a/botocore/__init__.py +++ b/botocore/__init__.py @@ -16,7 +16,7 @@ import os import re -__version__ = '1.31.36' +__version__ = '1.31.37' class NullHandler(logging.Handler): diff --git a/docs/source/conf.py b/docs/source/conf.py index 1e87cc20ea..55dd82fbb5 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -59,7 +59,7 @@ # The short X.Y version. version = '1.31.' # The full version, including alpha/beta/rc tags. -release = '1.31.36' +release = '1.31.37' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.