diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f0920fa34c..ccfc4ce8a17 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,15 @@
+Release v1.53.21 (2024-06-11)
+===
+
+### Service Client Updates
+* `service/accessanalyzer`: Updates service API, documentation, paginators, and examples
+* `service/guardduty`: Updates service API and documentation
+ * Added API support for GuardDuty Malware Protection for S3.
+* `service/networkmanager`: Updates service API and documentation
+* `service/pca-connector-scep`: Adds new service
+* `service/sagemaker`: Updates service API and documentation
+ * Introduced Scope and AuthenticationRequestExtraParams to SageMaker Workforce OIDC configuration; this allows customers to modify these options for their private Workforce IdP integration. Model Registry Cross-account model package groups are discoverable.
+
Release v1.53.20 (2024-06-10)
===
diff --git a/aws/endpoints/defaults.go b/aws/endpoints/defaults.go
index 3448358f39b..cbcc7bb7111 100644
--- a/aws/endpoints/defaults.go
+++ b/aws/endpoints/defaults.go
@@ -4913,6 +4913,14 @@ var awsPartition = partition{
Region: "eu-west-3",
},
},
+ endpointKey{
+ Region: "bedrock-fips-ca-central-1",
+ }: endpoint{
+ Hostname: "bedrock-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
endpointKey{
Region: "bedrock-fips-us-east-1",
}: endpoint{
@@ -5001,6 +5009,14 @@ var awsPartition = partition{
Region: "eu-west-3",
},
},
+ endpointKey{
+ Region: "bedrock-runtime-fips-ca-central-1",
+ }: endpoint{
+ Hostname: "bedrock-runtime-fips.ca-central-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "ca-central-1",
+ },
+ },
endpointKey{
Region: "bedrock-runtime-fips-us-east-1",
}: endpoint{
@@ -39203,6 +39219,22 @@ var awsusgovPartition = partition{
},
"bedrock": service{
Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "bedrock-fips-us-gov-west-1",
+ }: endpoint{
+ Hostname: "bedrock-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
+ endpointKey{
+ Region: "bedrock-runtime-fips-us-gov-west-1",
+ }: endpoint{
+ Hostname: "bedrock-runtime-fips.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ },
endpointKey{
Region: "bedrock-runtime-us-gov-west-1",
}: endpoint{
@@ -43788,6 +43820,46 @@ var awsusgovPartition = partition{
},
},
},
+ "securitylake": service{
+ Endpoints: serviceEndpoints{
+ endpointKey{
+ Region: "us-gov-east-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-gov-east-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake.us-gov-east-1.amazonaws.com",
+ },
+ endpointKey{
+ Region: "us-gov-east-1-fips",
+ }: endpoint{
+ Hostname: "securitylake.us-gov-east-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-east-1",
+ },
+ Deprecated: boxedTrue,
+ },
+ endpointKey{
+ Region: "us-gov-west-1",
+ }: endpoint{},
+ endpointKey{
+ Region: "us-gov-west-1",
+ Variant: fipsVariant,
+ }: endpoint{
+ Hostname: "securitylake.us-gov-west-1.amazonaws.com",
+ },
+ endpointKey{
+ Region: "us-gov-west-1-fips",
+ }: endpoint{
+ Hostname: "securitylake.us-gov-west-1.amazonaws.com",
+ CredentialScope: credentialScope{
+ Region: "us-gov-west-1",
+ },
+ Deprecated: boxedTrue,
+ },
+ },
+ },
"serverlessrepo": service{
Defaults: endpointDefaults{
defaultKey{}: endpoint{
diff --git a/aws/version.go b/aws/version.go
index 28238536bf8..5b49d92862e 100644
--- a/aws/version.go
+++ b/aws/version.go
@@ -5,4 +5,4 @@ package aws
const SDKName = "aws-sdk-go"
// SDKVersion is the version of this SDK
-const SDKVersion = "1.53.20"
+const SDKVersion = "1.53.21"
diff --git a/models/apis/accessanalyzer/2019-11-01/api-2.json b/models/apis/accessanalyzer/2019-11-01/api-2.json
index d7b430c81a5..c193e4d58f0 100644
--- a/models/apis/accessanalyzer/2019-11-01/api-2.json
+++ b/models/apis/accessanalyzer/2019-11-01/api-2.json
@@ -3,8 +3,8 @@
"metadata":{
"apiVersion":"2019-11-01",
"endpointPrefix":"access-analyzer",
- "jsonVersion":"1.1",
"protocol":"rest-json",
+ "protocols":["rest-json"],
"serviceFullName":"Access Analyzer",
"serviceId":"AccessAnalyzer",
"signatureVersion":"v4",
@@ -82,6 +82,24 @@
{"shape":"AccessDeniedException"}
]
},
+ "CheckNoPublicAccess":{
+ "name":"CheckNoPublicAccess",
+ "http":{
+ "method":"POST",
+ "requestUri":"/policy/check-no-public-access",
+ "responseCode":200
+ },
+ "input":{"shape":"CheckNoPublicAccessRequest"},
+ "output":{"shape":"CheckNoPublicAccessResponse"},
+ "errors":[
+ {"shape":"ValidationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"InvalidParameterException"},
+ {"shape":"UnprocessableEntityException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
"CreateAccessPreview":{
"name":"CreateAccessPreview",
"http":{
@@ -174,6 +192,21 @@
],
"idempotent":true
},
+ "GenerateFindingRecommendation":{
+ "name":"GenerateFindingRecommendation",
+ "http":{
+ "method":"POST",
+ "requestUri":"/recommendation/{id}",
+ "responseCode":200
+ },
+ "input":{"shape":"GenerateFindingRecommendationRequest"},
+ "errors":[
+ {"shape":"ValidationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
"GetAccessPreview":{
"name":"GetAccessPreview",
"http":{
@@ -259,6 +292,23 @@
{"shape":"AccessDeniedException"}
]
},
+ "GetFindingRecommendation":{
+ "name":"GetFindingRecommendation",
+ "http":{
+ "method":"GET",
+ "requestUri":"/recommendation/{id}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetFindingRecommendationRequest"},
+ "output":{"shape":"GetFindingRecommendationResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"ValidationException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
"GetFindingV2":{
"name":"GetFindingV2",
"http":{
@@ -568,9 +618,9 @@
"shapes":{
"Access":{
"type":"structure",
- "required":["actions"],
"members":{
- "actions":{"shape":"AccessActionsList"}
+ "actions":{"shape":"AccessActionsList"},
+ "resources":{"shape":"AccessResourcesList"}
}
},
"AccessActionsList":{
@@ -590,6 +640,29 @@
"RESOURCE_POLICY"
]
},
+ "AccessCheckResourceType":{
+ "type":"string",
+ "enum":[
+ "AWS::DynamoDB::Table",
+ "AWS::DynamoDB::Stream",
+ "AWS::EFS::FileSystem",
+ "AWS::OpenSearchService::Domain",
+ "AWS::Kinesis::Stream",
+ "AWS::Kinesis::StreamConsumer",
+ "AWS::KMS::Key",
+ "AWS::Lambda::Function",
+ "AWS::S3::Bucket",
+ "AWS::S3::AccessPoint",
+ "AWS::S3Express::DirectoryBucket",
+ "AWS::S3::Glacier",
+ "AWS::S3Outposts::Bucket",
+ "AWS::S3Outposts::AccessPoint",
+ "AWS::SecretsManager::Secret",
+ "AWS::SNS::Topic",
+ "AWS::SQS::Queue",
+ "AWS::IAM::AssumeRolePolicyDocument"
+ ]
+ },
"AccessDeniedException":{
"type":"structure",
"required":["message"],
@@ -704,6 +777,12 @@
"type":"list",
"member":{"shape":"AccessPreviewSummary"}
},
+ "AccessResourcesList":{
+ "type":"list",
+ "member":{"shape":"Resource"},
+ "max":100,
+ "min":0
+ },
"AclCanonicalId":{"type":"string"},
"AclGrantee":{
"type":"structure",
@@ -933,6 +1012,32 @@
"FAIL"
]
},
+ "CheckNoPublicAccessRequest":{
+ "type":"structure",
+ "required":[
+ "policyDocument",
+ "resourceType"
+ ],
+ "members":{
+ "policyDocument":{"shape":"AccessCheckPolicyDocument"},
+ "resourceType":{"shape":"AccessCheckResourceType"}
+ }
+ },
+ "CheckNoPublicAccessResponse":{
+ "type":"structure",
+ "members":{
+ "result":{"shape":"CheckNoPublicAccessResult"},
+ "message":{"shape":"String"},
+ "reasons":{"shape":"ReasonSummaryList"}
+ }
+ },
+ "CheckNoPublicAccessResult":{
+ "type":"string",
+ "enum":[
+ "PASS",
+ "FAIL"
+ ]
+ },
"CloudTrailArn":{
"type":"string",
"pattern":"arn:[^:]*:cloudtrail:[^:]*:[^:]*:trail/.{1,576}"
@@ -1365,6 +1470,30 @@
"type":"list",
"member":{"shape":"FindingSummaryV2"}
},
+ "GenerateFindingRecommendationRequest":{
+ "type":"structure",
+ "required":[
+ "analyzerArn",
+ "id"
+ ],
+ "members":{
+ "analyzerArn":{
+ "shape":"AnalyzerArn",
+ "location":"querystring",
+ "locationName":"analyzerArn"
+ },
+ "id":{
+ "shape":"GenerateFindingRecommendationRequestIdString",
+ "location":"uri",
+ "locationName":"id"
+ }
+ }
+ },
+ "GenerateFindingRecommendationRequestIdString":{
+ "type":"string",
+ "max":2048,
+ "min":1
+ },
"GeneratedPolicy":{
"type":"structure",
"required":["policy"],
@@ -1488,6 +1617,65 @@
"archiveRule":{"shape":"ArchiveRuleSummary"}
}
},
+ "GetFindingRecommendationRequest":{
+ "type":"structure",
+ "required":[
+ "analyzerArn",
+ "id"
+ ],
+ "members":{
+ "analyzerArn":{
+ "shape":"AnalyzerArn",
+ "location":"querystring",
+ "locationName":"analyzerArn"
+ },
+ "id":{
+ "shape":"GetFindingRecommendationRequestIdString",
+ "location":"uri",
+ "locationName":"id"
+ },
+ "maxResults":{
+ "shape":"GetFindingRecommendationRequestMaxResultsInteger",
+ "location":"querystring",
+ "locationName":"maxResults"
+ },
+ "nextToken":{
+ "shape":"Token",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "GetFindingRecommendationRequestIdString":{
+ "type":"string",
+ "max":2048,
+ "min":1
+ },
+ "GetFindingRecommendationRequestMaxResultsInteger":{
+ "type":"integer",
+ "box":true,
+ "max":1000,
+ "min":1
+ },
+ "GetFindingRecommendationResponse":{
+ "type":"structure",
+ "required":[
+ "startedAt",
+ "resourceArn",
+ "recommendationType",
+ "status"
+ ],
+ "members":{
+ "startedAt":{"shape":"Timestamp"},
+ "completedAt":{"shape":"Timestamp"},
+ "nextToken":{"shape":"Token"},
+ "error":{"shape":"RecommendationError"},
+ "resourceArn":{"shape":"ResourceArn"},
+ "recommendedSteps":{"shape":"RecommendedStepList"},
+ "recommendationType":{"shape":"RecommendationType"},
+ "status":{"shape":"Status"}
+ }
+ },
"GetFindingRequest":{
"type":"structure",
"required":[
@@ -2193,10 +2381,48 @@
"type":"list",
"member":{"shape":"ReasonSummary"}
},
+ "RecommendationError":{
+ "type":"structure",
+ "required":[
+ "code",
+ "message"
+ ],
+ "members":{
+ "code":{"shape":"String"},
+ "message":{"shape":"String"}
+ }
+ },
+ "RecommendationType":{
+ "type":"string",
+ "enum":["UnusedPermissionRecommendation"]
+ },
+ "RecommendedRemediationAction":{
+ "type":"string",
+ "enum":[
+ "CREATE_POLICY",
+ "DETACH_POLICY"
+ ]
+ },
+ "RecommendedStep":{
+ "type":"structure",
+ "members":{
+ "unusedPermissionsRecommendedStep":{"shape":"UnusedPermissionsRecommendedStep"}
+ },
+ "union":true
+ },
+ "RecommendedStepList":{
+ "type":"list",
+ "member":{"shape":"RecommendedStep"}
+ },
"RegionList":{
"type":"list",
"member":{"shape":"String"}
},
+ "Resource":{
+ "type":"string",
+ "max":2048,
+ "min":0
+ },
"ResourceArn":{
"type":"string",
"pattern":"arn:[^:]*:[^:]*:[^:]*:[^:]*:.*"
@@ -2399,6 +2625,14 @@
"resourceOwnerAccount":{"shape":"String"}
}
},
+ "Status":{
+ "type":"string",
+ "enum":[
+ "SUCCEEDED",
+ "FAILED",
+ "IN_PROGRESS"
+ ]
+ },
"StatusReason":{
"type":"structure",
"required":["code"],
@@ -2589,6 +2823,16 @@
"lastAccessed":{"shape":"Timestamp"}
}
},
+ "UnusedPermissionsRecommendedStep":{
+ "type":"structure",
+ "required":["recommendedAction"],
+ "members":{
+ "policyUpdatedAt":{"shape":"Timestamp"},
+ "recommendedAction":{"shape":"RecommendedRemediationAction"},
+ "recommendedPolicy":{"shape":"String"},
+ "existingPolicyId":{"shape":"String"}
+ }
+ },
"UpdateArchiveRuleRequest":{
"type":"structure",
"required":[
@@ -2741,7 +2985,8 @@
"unknownOperation",
"cannotParse",
"fieldValidationFailed",
- "other"
+ "other",
+ "notSupported"
]
},
"ValueList":{
diff --git a/models/apis/accessanalyzer/2019-11-01/docs-2.json b/models/apis/accessanalyzer/2019-11-01/docs-2.json
index 25e1e04f19a..4c7ed1181f5 100644
--- a/models/apis/accessanalyzer/2019-11-01/docs-2.json
+++ b/models/apis/accessanalyzer/2019-11-01/docs-2.json
@@ -6,16 +6,19 @@
"CancelPolicyGeneration": "Cancels the requested policy generation.
",
"CheckAccessNotGranted": "Checks whether the specified access isn't allowed by a policy.
",
"CheckNoNewAccess": "Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.
",
+ "CheckNoPublicAccess": "Checks whether a resource policy can grant public access to the specified resource type.
",
"CreateAccessPreview": "Creates an access preview that allows you to preview IAM Access Analyzer findings for your resource before deploying resource permissions.
",
"CreateAnalyzer": "Creates an analyzer for your account.
",
"CreateArchiveRule": "Creates an archive rule for the specified analyzer. Archive rules automatically archive new findings that meet the criteria you define when you create the rule.
To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
",
"DeleteAnalyzer": "Deletes the specified analyzer. When you delete an analyzer, IAM Access Analyzer is disabled for the account or organization in the current or specific Region. All findings that were generated by the analyzer are deleted. You cannot undo this action.
",
"DeleteArchiveRule": "Deletes the specified archive rule.
",
+ "GenerateFindingRecommendation": "Creates a recommendation for an unused permissions finding.
",
"GetAccessPreview": "Retrieves information about an access preview for the specified analyzer.
",
"GetAnalyzedResource": "Retrieves information about a resource that was analyzed.
",
"GetAnalyzer": "Retrieves information about the specified analyzer.
",
"GetArchiveRule": "Retrieves information about an archive rule.
To learn about filter keys that you can use to create an archive rule, see IAM Access Analyzer filter keys in the IAM User Guide.
",
"GetFinding": "Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
",
+ "GetFindingRecommendation": "Retrieves information about a finding recommendation for the specified analyzer.
",
"GetFindingV2": "Retrieves information about the specified finding. GetFinding and GetFindingV2 both use access-analyzer:GetFinding in the Action element of an IAM policy statement. You must have permission to perform the access-analyzer:GetFinding action.
",
"GetGeneratedPolicy": "Retrieves the policy that was generated using StartPolicyGeneration.
",
"ListAccessPreviewFindings": "Retrieves a list of access preview findings generated by the specified access preview.
",
@@ -37,7 +40,7 @@
},
"shapes": {
"Access": {
- "base": "Contains information about actions that define permissions to check against a policy.
",
+ "base": "Contains information about actions and resources that define permissions to check against a policy.
",
"refs": {
"CheckAccessNotGrantedRequestAccessList$member": null
}
@@ -53,7 +56,8 @@
"refs": {
"CheckAccessNotGrantedRequest$policyDocument": "The JSON policy document to use as the content for the policy.
",
"CheckNoNewAccessRequest$newPolicyDocument": "The JSON policy document to use as the content for the updated policy.
",
- "CheckNoNewAccessRequest$existingPolicyDocument": "The JSON policy document to use as the content for the existing policy.
"
+ "CheckNoNewAccessRequest$existingPolicyDocument": "The JSON policy document to use as the content for the existing policy.
",
+ "CheckNoPublicAccessRequest$policyDocument": "The JSON policy document to evaluate for public access.
"
}
},
"AccessCheckPolicyType": {
@@ -63,6 +67,12 @@
"CheckNoNewAccessRequest$policyType": "The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
"
}
},
+ "AccessCheckResourceType": {
+ "base": null,
+ "refs": {
+ "CheckNoPublicAccessRequest$resourceType": "The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for the resource type.
For resource types not supported as valid values, IAM Access Analyzer will return an error.
"
+ }
+ },
"AccessDeniedException": {
"base": "You do not have sufficient access to perform this action.
",
"refs": {
@@ -146,6 +156,12 @@
"ListAccessPreviewsResponse$accessPreviews": "A list of access previews retrieved for the analyzer.
"
}
},
+ "AccessResourcesList": {
+ "base": null,
+ "refs": {
+ "Access$resources": "A list of resources for the access permissions. Any strings that can be used as a resource in an IAM policy can be used in the list of resources to check.
"
+ }
+ },
"AclCanonicalId": {
"base": null,
"refs": {
@@ -213,8 +229,10 @@
"ApplyArchiveRuleRequest$analyzerArn": "The Amazon resource name (ARN) of the analyzer.
",
"CreateAccessPreviewRequest$analyzerArn": "The ARN of the account analyzer used to generate the access preview. You can only create an access preview for analyzers with an Account type and Active status.
",
"CreateAnalyzerResponse$arn": "The ARN of the analyzer that was created by the request.
",
+ "GenerateFindingRecommendationRequest$analyzerArn": "The ARN of the analyzer used to generate the finding recommendation.
",
"GetAccessPreviewRequest$analyzerArn": "The ARN of the analyzer used to generate the access preview.
",
"GetAnalyzedResourceRequest$analyzerArn": "The ARN of the analyzer to retrieve information from.
",
+ "GetFindingRecommendationRequest$analyzerArn": "The ARN of the analyzer used to generate the finding recommendation.
",
"GetFindingRequest$analyzerArn": "The ARN of the analyzer that generated the finding.
",
"GetFindingV2Request$analyzerArn": "The ARN of the analyzer that generated the finding.
",
"ListAccessPreviewFindingsRequest$analyzerArn": "The ARN of the analyzer used to generate the access.
",
@@ -306,7 +324,7 @@
"CheckAccessNotGrantedRequestAccessList": {
"base": null,
"refs": {
- "CheckAccessNotGrantedRequest$access": "An access object containing the permissions that shouldn't be granted by the specified policy.
"
+ "CheckAccessNotGrantedRequest$access": "An access object containing the permissions that shouldn't be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on all resources in the policy. If only resources are specified, then IAM Access Analyzer checks which actions have access to the specified resources. If both actions and resources are specified, then IAM Access Analyzer checks which of the specified actions have access to the specified resources.
"
}
},
"CheckAccessNotGrantedResponse": {
@@ -336,6 +354,22 @@
"CheckNoNewAccessResponse$result": "The result of the check for new access. If the result is PASS, no new access is allowed by the updated policy. If the result is FAIL, the updated policy might allow new access.
"
}
},
+ "CheckNoPublicAccessRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CheckNoPublicAccessResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CheckNoPublicAccessResult": {
+ "base": null,
+ "refs": {
+ "CheckNoPublicAccessResponse$result": "The result of the check for public access to the specified resource type. If the result is PASS, the policy doesn't allow public access to the specified resource type. If the result is FAIL, the policy might allow public access to the specified resource type.
"
+ }
+ },
"CloudTrailArn": {
"base": null,
"refs": {
@@ -650,6 +684,17 @@
"ListFindingsV2Response$findings": "A list of findings retrieved from the analyzer that match the filter criteria specified, if any.
"
}
},
+ "GenerateFindingRecommendationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GenerateFindingRecommendationRequestIdString": {
+ "base": null,
+ "refs": {
+ "GenerateFindingRecommendationRequest$id": "The unique ID for the finding recommendation.
"
+ }
+ },
"GeneratedPolicy": {
"base": "Contains the text for the generated policy.
",
"refs": {
@@ -714,6 +759,28 @@
"refs": {
}
},
+ "GetFindingRecommendationRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetFindingRecommendationRequestIdString": {
+ "base": null,
+ "refs": {
+ "GetFindingRecommendationRequest$id": "The unique ID for the finding recommendation.
"
+ }
+ },
+ "GetFindingRecommendationRequestMaxResultsInteger": {
+ "base": null,
+ "refs": {
+ "GetFindingRecommendationRequest$maxResults": "The maximum number of results to return in the response.
"
+ }
+ },
+ "GetFindingRecommendationResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"GetFindingRequest": {
"base": "Retrieves a finding.
",
"refs": {
@@ -1254,7 +1321,38 @@
"base": null,
"refs": {
"CheckAccessNotGrantedResponse$reasons": "A description of the reasoning of the result.
",
- "CheckNoNewAccessResponse$reasons": "A description of the reasoning of the result.
"
+ "CheckNoNewAccessResponse$reasons": "A description of the reasoning of the result.
",
+ "CheckNoPublicAccessResponse$reasons": "A list of reasons why the specified resource policy grants public access for the resource type.
"
+ }
+ },
+ "RecommendationError": {
+ "base": "Contains information about the reason that the retrieval of a recommendation for a finding failed.
",
+ "refs": {
+ "GetFindingRecommendationResponse$error": "Detailed information about the reason that the retrieval of a recommendation for the finding failed.
"
+ }
+ },
+ "RecommendationType": {
+ "base": null,
+ "refs": {
+ "GetFindingRecommendationResponse$recommendationType": "The type of recommendation for the finding.
"
+ }
+ },
+ "RecommendedRemediationAction": {
+ "base": null,
+ "refs": {
+ "UnusedPermissionsRecommendedStep$recommendedAction": "A recommendation of whether to create or detach a policy for an unused permissions finding.
"
+ }
+ },
+ "RecommendedStep": {
+ "base": "Contains information about a recommended step for an unused access analyzer finding.
",
+ "refs": {
+ "RecommendedStepList$member": null
+ }
+ },
+ "RecommendedStepList": {
+ "base": null,
+ "refs": {
+ "GetFindingRecommendationResponse$recommendedSteps": "A group of recommended steps for the finding.
"
}
},
"RegionList": {
@@ -1264,12 +1362,19 @@
"TrailProperties$regions": "A list of regions to get CloudTrail data from and analyze to generate a policy.
"
}
},
+ "Resource": {
+ "base": null,
+ "refs": {
+ "AccessResourcesList$member": null
+ }
+ },
"ResourceArn": {
"base": null,
"refs": {
"AnalyzedResource$resourceArn": "The ARN of the resource that was analyzed.
",
"AnalyzedResourceSummary$resourceArn": "The ARN of the analyzed resource.
",
"GetAnalyzedResourceRequest$resourceArn": "The ARN of the resource to retrieve information about.
",
+ "GetFindingRecommendationResponse$resourceArn": "The ARN of the resource of the finding.
",
"StartResourceScanRequest$resourceArn": "The ARN of the resource to scan.
",
"UpdateFindingsRequest$resourceArn": "The ARN of the resource identified in the finding.
"
}
@@ -1440,6 +1545,12 @@
"refs": {
}
},
+ "Status": {
+ "base": null,
+ "refs": {
+ "GetFindingRecommendationResponse$status": "The status of the retrieval of the finding recommendation.
"
+ }
+ },
"StatusReason": {
"base": "Provides more details about the current status of the analyzer. For example, if the creation for the analyzer fails, a Failed status is returned. For an analyzer with organization as the type, this failure can be due to an issue with creating the service-linked roles required in the member accounts of the Amazon Web Services organization.
",
"refs": {
@@ -1461,6 +1572,7 @@
"ApplyArchiveRuleRequest$clientToken": "A client token.
",
"CheckAccessNotGrantedResponse$message": "The message indicating whether the specified access is allowed.
",
"CheckNoNewAccessResponse$message": "The message indicating whether the updated policy allows new access.
",
+ "CheckNoPublicAccessResponse$message": "The message indicating whether the specified policy allows public access to resources.
",
"ConditionKeyMap$key": null,
"ConditionKeyMap$value": null,
"ConflictException$message": null,
@@ -1497,6 +1609,8 @@
"PrincipalMap$value": null,
"ReasonSummary$description": "A description of the reasoning of a result of checking for access.
",
"ReasonSummary$statementId": "The identifier for the reason statement.
",
+ "RecommendationError$code": "The error code for a failed retrieval of a recommendation for a finding.
",
+ "RecommendationError$message": "The error message for a failed retrieval of a recommendation for a finding.
",
"RegionList$member": null,
"ResourceNotFoundException$message": null,
"ResourceNotFoundException$resourceId": "The ID of the resource.
",
@@ -1518,6 +1632,8 @@
"UnusedAction$action": "The action for which the unused access finding was generated.
",
"UnusedIamUserAccessKeyDetails$accessKeyId": "The ID of the access key for which the unused access finding was generated.
",
"UnusedPermissionDetails$serviceNamespace": "The namespace of the Amazon Web Services service that contains the unused actions.
",
+ "UnusedPermissionsRecommendedStep$recommendedPolicy": "If the recommended action for the unused permissions finding is to replace the existing policy, the contents of the recommended policy to replace the policy specified in the existingPolicyId field.
",
+ "UnusedPermissionsRecommendedStep$existingPolicyId": "If the recommended action for the unused permissions finding is to detach a policy, the ID of an existing policy to be detached.
",
"UpdateArchiveRuleRequest$clientToken": "A client token.
",
"UpdateFindingsRequest$clientToken": "A client token.
",
"ValidatePolicyFinding$findingDetails": "A localized message that explains the finding and provides guidance on how to address it.
",
@@ -1589,6 +1705,8 @@
"FindingSummaryV2$analyzedAt": "The time at which the resource-based policy or IAM entity that generated the finding was analyzed.
",
"FindingSummaryV2$createdAt": "The time at which the finding was created.
",
"FindingSummaryV2$updatedAt": "The time at which the finding was most recently updated.
",
+ "GetFindingRecommendationResponse$startedAt": "The time at which the retrieval of the finding recommendation was started.
",
+ "GetFindingRecommendationResponse$completedAt": "The time at which the retrieval of the finding recommendation was completed.
",
"GetFindingV2Response$analyzedAt": "The time at which the resource-based policy or IAM entity that generated the finding was analyzed.
",
"GetFindingV2Response$createdAt": "The time at which the finding was created.
",
"GetFindingV2Response$updatedAt": "The time at which the finding was updated.
",
@@ -1600,12 +1718,15 @@
"UnusedIamRoleDetails$lastAccessed": "The time at which the role was last accessed.
",
"UnusedIamUserAccessKeyDetails$lastAccessed": "The time at which the access key was last accessed.
",
"UnusedIamUserPasswordDetails$lastAccessed": "The time at which the password was last accessed.
",
- "UnusedPermissionDetails$lastAccessed": "The time at which the permission last accessed.
"
+ "UnusedPermissionDetails$lastAccessed": "The time at which the permission was last accessed.
",
+ "UnusedPermissionsRecommendedStep$policyUpdatedAt": "The time at which the existing policy for the unused permissions finding was last updated.
"
}
},
"Token": {
"base": null,
"refs": {
+ "GetFindingRecommendationRequest$nextToken": "A token used for pagination of results returned.
",
+ "GetFindingRecommendationResponse$nextToken": "A token used for pagination of results returned.
",
"GetFindingV2Request$nextToken": "A token used for pagination of results returned.
",
"GetFindingV2Response$nextToken": "A token used for pagination of results returned.
",
"ListAccessPreviewFindingsRequest$nextToken": "A token used for pagination of results returned.
",
@@ -1717,6 +1838,12 @@
"FindingDetails$unusedPermissionDetails": "The details for an unused access analyzer finding with an unused permission finding type.
"
}
},
+ "UnusedPermissionsRecommendedStep": {
+ "base": "Contains information about the action to take for a policy in an unused permissions finding.
",
+ "refs": {
+ "RecommendedStep$unusedPermissionsRecommendedStep": "A recommended step for an unused permissions finding.
"
+ }
+ },
"UpdateArchiveRuleRequest": {
"base": "Updates the specified archive rule.
",
"refs": {
diff --git a/models/apis/accessanalyzer/2019-11-01/examples-1.json b/models/apis/accessanalyzer/2019-11-01/examples-1.json
index 0ea7e3b0bbe..82cdf153d1f 100644
--- a/models/apis/accessanalyzer/2019-11-01/examples-1.json
+++ b/models/apis/accessanalyzer/2019-11-01/examples-1.json
@@ -1,5 +1,201 @@
{
"version": "1.0",
"examples": {
+ "CheckAccessNotGranted": [
+ {
+ "input": {
+ "access": [
+ {
+ "actions": [
+ "s3:PutObject"
+ ]
+ }
+ ],
+ "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}",
+ "policyType": "RESOURCE_POLICY"
+ },
+ "output": {
+ "message": "The policy document does not grant access to perform the listed actions or resources.",
+ "result": "PASS"
+ },
+ "id": "example-1",
+ "title": "Passing check. Restrictive identity policy."
+ },
+ {
+ "input": {
+ "access": [
+ {
+ "resources": [
+ "arn:aws:s3:::sensitive-bucket/*"
+ ]
+ }
+ ],
+ "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}",
+ "policyType": "RESOURCE_POLICY"
+ },
+ "output": {
+ "message": "The policy document does not grant access to perform the listed actions or resources.",
+ "result": "PASS"
+ },
+ "id": "example-2",
+ "title": "Passing check. Restrictive S3 Bucket resource policy."
+ },
+ {
+ "input": {
+ "access": [
+ {
+ "resources": [
+ "arn:aws:s3:::my-bucket/*"
+ ]
+ }
+ ],
+ "policyDocument": "{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}",
+ "policyType": "RESOURCE_POLICY"
+ },
+ "output": {
+ "message": "The policy document grants access to perform one or more of the listed actions or resources.",
+ "reasons": [
+ {
+ "description": "One or more of the listed actions or resources in the statement with sid: AllowJohnDoe.",
+ "statementId": "AllowJohnDoe",
+ "statementIndex": 0
+ }
+ ],
+ "result": "FAIL"
+ },
+ "id": "example-3",
+ "title": "Failing check. Permissive S3 Bucket resource policy."
+ }
+ ],
+ "CheckNoPublicAccess": [
+ {
+ "input": {
+ "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:user/JohnDoe\"},\"Action\":[\"s3:GetObject\"]}]}",
+ "resourceType": "AWS::S3::Bucket"
+ },
+ "output": {
+ "message": "The resource policy does not grant public access for the given resource type.",
+ "result": "PASS"
+ },
+ "id": "example-1",
+ "title": "Passing check. S3 Bucket policy without public access."
+ },
+ {
+ "input": {
+ "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"]}]}",
+ "resourceType": "AWS::S3::Bucket"
+ },
+ "output": {
+ "message": "The resource policy grants public access for the given resource type.",
+ "reasons": [
+ {
+ "description": "Public access granted in the following statement with sid: Bob.",
+ "statementId": "Bob",
+ "statementIndex": 0
+ }
+ ],
+ "result": "FAIL"
+ },
+ "id": "example-2",
+ "title": "Failing check. S3 Bucket policy with public access."
+ }
+ ],
+ "GenerateFindingRecommendation": [
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "finding-id"
+ },
+ "output": {
+ },
+ "id": "example-1",
+ "title": "Successfully started generating finding recommendation"
+ },
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "!"
+ },
+ "id": "example-2",
+ "title": "Failed field validation for id value"
+ }
+ ],
+ "GetFindingRecommendation": [
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "finding-id",
+ "maxResults": 3,
+ "nextToken": "token"
+ },
+ "output": {
+ "completedAt": "2000-01-01T00:00:01Z",
+ "recommendationType": "UnusedPermissionRecommendation",
+ "recommendedSteps": [
+ {
+ "unusedPermissionsRecommendedStep": {
+ "existingPolicyId": "policy-id",
+ "recommendedAction": "DETACH_POLICY"
+ }
+ },
+ {
+ "unusedPermissionsRecommendedStep": {
+ "existingPolicyId": "policy-id",
+ "recommendedAction": "CREATE_POLICY",
+ "recommendedPolicy": "policy-content"
+ }
+ }
+ ],
+ "resourceArn": "arn:aws:iam::111122223333:role/test",
+ "startedAt": "2000-01-01T00:00:00Z",
+ "status": "SUCCEEDED"
+ },
+ "id": "example-1",
+ "title": "Successfully fetched finding recommendation"
+ },
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "finding-id",
+ "maxResults": 3
+ },
+ "output": {
+ "recommendationType": "UnusedPermissionRecommendation",
+ "resourceArn": "arn:aws:iam::111122223333:role/test",
+ "startedAt": "2000-01-01T00:00:00Z",
+ "status": "IN_PROGRESS"
+ },
+ "id": "example-2",
+ "title": "In progress finding recommendation"
+ },
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "finding-id",
+ "maxResults": 3
+ },
+ "output": {
+ "completedAt": "2000-01-01T00:00:01Z",
+ "error": {
+ "code": "SERVICE_ERROR",
+ "message": "Service error. Please try again."
+ },
+ "recommendationType": "UnusedPermissionRecommendation",
+ "resourceArn": "arn:aws:iam::111122223333:role/test",
+ "startedAt": "2000-01-01T00:00:00Z",
+ "status": "FAILED"
+ },
+ "id": "example-3",
+ "title": "Failed finding recommendation"
+ },
+ {
+ "input": {
+ "analyzerArn": "arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a",
+ "id": "!"
+ },
+ "id": "example-4",
+ "title": "Failed field validation for id value"
+ }
+ ]
}
}
diff --git a/models/apis/accessanalyzer/2019-11-01/paginators-1.json b/models/apis/accessanalyzer/2019-11-01/paginators-1.json
index 39c52df61be..c5faf4268d1 100644
--- a/models/apis/accessanalyzer/2019-11-01/paginators-1.json
+++ b/models/apis/accessanalyzer/2019-11-01/paginators-1.json
@@ -1,5 +1,11 @@
{
"pagination": {
+ "GetFindingRecommendation": {
+ "input_token": "nextToken",
+ "output_token": "nextToken",
+ "limit_key": "maxResults",
+ "result_key": "recommendedSteps"
+ },
"GetFindingV2": {
"input_token": "nextToken",
"output_token": "nextToken",
diff --git a/models/apis/guardduty/2017-11-28/api-2.json b/models/apis/guardduty/2017-11-28/api-2.json
index d7dc937ac21..5b3a8254e5b 100644
--- a/models/apis/guardduty/2017-11-28/api-2.json
+++ b/models/apis/guardduty/2017-11-28/api-2.json
@@ -5,11 +5,13 @@
"endpointPrefix":"guardduty",
"jsonVersion":"1.1",
"protocol":"rest-json",
+ "protocols":["rest-json"],
"serviceFullName":"Amazon GuardDuty",
"serviceId":"GuardDuty",
"signatureVersion":"v4",
"signingName":"guardduty",
- "uid":"guardduty-2017-11-28"
+ "uid":"guardduty-2017-11-28",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"AcceptAdministratorInvitation":{
@@ -98,6 +100,22 @@
{"shape":"InternalServerErrorException"}
]
},
+ "CreateMalwareProtectionPlan":{
+ "name":"CreateMalwareProtectionPlan",
+ "http":{
+ "method":"POST",
+ "requestUri":"/malware-protection-plan",
+ "responseCode":200
+ },
+ "input":{"shape":"CreateMalwareProtectionPlanRequest"},
+ "output":{"shape":"CreateMalwareProtectionPlanResponse"},
+ "errors":[
+ {"shape":"BadRequestException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ConflictException"},
+ {"shape":"InternalServerErrorException"}
+ ]
+ },
"CreateMembers":{
"name":"CreateMembers",
"http":{
@@ -224,6 +242,21 @@
{"shape":"InternalServerErrorException"}
]
},
+ "DeleteMalwareProtectionPlan":{
+ "name":"DeleteMalwareProtectionPlan",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/malware-protection-plan/{malwareProtectionPlanId}",
+ "responseCode":200
+ },
+ "input":{"shape":"DeleteMalwareProtectionPlanRequest"},
+ "errors":[
+ {"shape":"BadRequestException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"InternalServerErrorException"},
+ {"shape":"ResourceNotFoundException"}
+ ]
+ },
"DeleteMembers":{
"name":"DeleteMembers",
"http":{
@@ -492,6 +525,22 @@
{"shape":"InternalServerErrorException"}
]
},
+ "GetMalwareProtectionPlan":{
+ "name":"GetMalwareProtectionPlan",
+ "http":{
+ "method":"GET",
+ "requestUri":"/malware-protection-plan/{malwareProtectionPlanId}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetMalwareProtectionPlanRequest"},
+ "output":{"shape":"GetMalwareProtectionPlanResponse"},
+ "errors":[
+ {"shape":"BadRequestException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"InternalServerErrorException"},
+ {"shape":"ResourceNotFoundException"}
+ ]
+ },
"GetMalwareScanSettings":{
"name":"GetMalwareScanSettings",
"http":{
@@ -703,6 +752,21 @@
{"shape":"InternalServerErrorException"}
]
},
+ "ListMalwareProtectionPlans":{
+ "name":"ListMalwareProtectionPlans",
+ "http":{
+ "method":"GET",
+ "requestUri":"/malware-protection-plan",
+ "responseCode":200
+ },
+ "input":{"shape":"ListMalwareProtectionPlansRequest"},
+ "output":{"shape":"ListMalwareProtectionPlansResponse"},
+ "errors":[
+ {"shape":"BadRequestException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"InternalServerErrorException"}
+ ]
+ },
"ListMembers":{
"name":"ListMembers",
"http":{
@@ -917,6 +981,21 @@
{"shape":"InternalServerErrorException"}
]
},
+ "UpdateMalwareProtectionPlan":{
+ "name":"UpdateMalwareProtectionPlan",
+ "http":{
+ "method":"PATCH",
+ "requestUri":"/malware-protection-plan/{malwareProtectionPlanId}",
+ "responseCode":200
+ },
+ "input":{"shape":"UpdateMalwareProtectionPlanRequest"},
+ "errors":[
+ {"shape":"BadRequestException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerErrorException"}
+ ]
+ },
"UpdateMalwareScanSettings":{
"name":"UpdateMalwareScanSettings",
"http":{
@@ -2055,6 +2134,45 @@
}
}
},
+ "CreateMalwareProtectionPlanRequest":{
+ "type":"structure",
+ "required":[
+ "Role",
+ "ProtectedResource"
+ ],
+ "members":{
+ "ClientToken":{
+ "shape":"ClientToken",
+ "idempotencyToken":true,
+ "locationName":"clientToken"
+ },
+ "Role":{
+ "shape":"String",
+ "locationName":"role"
+ },
+ "ProtectedResource":{
+ "shape":"CreateProtectedResource",
+ "locationName":"protectedResource"
+ },
+ "Actions":{
+ "shape":"MalwareProtectionPlanActions",
+ "locationName":"actions"
+ },
+ "Tags":{
+ "shape":"TagMap",
+ "locationName":"tags"
+ }
+ }
+ },
+ "CreateMalwareProtectionPlanResponse":{
+ "type":"structure",
+ "members":{
+ "MalwareProtectionPlanId":{
+ "shape":"String",
+ "locationName":"malwareProtectionPlanId"
+ }
+ }
+ },
"CreateMembersRequest":{
"type":"structure",
"required":[
@@ -2083,6 +2201,15 @@
}
}
},
+ "CreateProtectedResource":{
+ "type":"structure",
+ "members":{
+ "S3Bucket":{
+ "shape":"CreateS3BucketResource",
+ "locationName":"s3Bucket"
+ }
+ }
+ },
"CreatePublishingDestinationRequest":{
"type":"structure",
"required":[
@@ -2121,6 +2248,19 @@
}
}
},
+ "CreateS3BucketResource":{
+ "type":"structure",
+ "members":{
+ "BucketName":{
+ "shape":"String",
+ "locationName":"bucketName"
+ },
+ "ObjectPrefixes":{
+ "shape":"MalwareProtectionPlanObjectPrefixesList",
+ "locationName":"objectPrefixes"
+ }
+ }
+ },
"CreateSampleFindingsRequest":{
"type":"structure",
"required":["DetectorId"],
@@ -2451,6 +2591,17 @@
}
}
},
+ "DeleteMalwareProtectionPlanRequest":{
+ "type":"structure",
+ "required":["MalwareProtectionPlanId"],
+ "members":{
+ "MalwareProtectionPlanId":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"malwareProtectionPlanId"
+ }
+ }
+ },
"DeleteMembersRequest":{
"type":"structure",
"required":[
@@ -3786,6 +3937,54 @@
}
}
},
+ "GetMalwareProtectionPlanRequest":{
+ "type":"structure",
+ "required":["MalwareProtectionPlanId"],
+ "members":{
+ "MalwareProtectionPlanId":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"malwareProtectionPlanId"
+ }
+ }
+ },
+ "GetMalwareProtectionPlanResponse":{
+ "type":"structure",
+ "members":{
+ "Arn":{
+ "shape":"String",
+ "locationName":"arn"
+ },
+ "Role":{
+ "shape":"String",
+ "locationName":"role"
+ },
+ "ProtectedResource":{
+ "shape":"CreateProtectedResource",
+ "locationName":"protectedResource"
+ },
+ "Actions":{
+ "shape":"MalwareProtectionPlanActions",
+ "locationName":"actions"
+ },
+ "CreatedAt":{
+ "shape":"Timestamp",
+ "locationName":"createdAt"
+ },
+ "Status":{
+ "shape":"MalwareProtectionPlanStatus",
+ "locationName":"status"
+ },
+ "StatusReasons":{
+ "shape":"MalwareProtectionPlanStatusReasonsList",
+ "locationName":"statusReasons"
+ },
+ "Tags":{
+ "shape":"TagMap",
+ "locationName":"tags"
+ }
+ }
+ },
"GetMalwareScanSettingsRequest":{
"type":"structure",
"required":["DetectorId"],
@@ -4288,6 +4487,23 @@
"max":50,
"min":0
},
+ "ItemPath":{
+ "type":"structure",
+ "members":{
+ "NestedItemPath":{
+ "shape":"String",
+ "locationName":"nestedItemPath"
+ },
+ "Hash":{
+ "shape":"String",
+ "locationName":"hash"
+ }
+ }
+ },
+ "ItemPaths":{
+ "type":"list",
+ "member":{"shape":"ItemPath"}
+ },
"KubernetesApiCallAction":{
"type":"structure",
"members":{
@@ -4827,6 +5043,29 @@
}
}
},
+ "ListMalwareProtectionPlansRequest":{
+ "type":"structure",
+ "members":{
+ "NextToken":{
+ "shape":"String",
+ "location":"querystring",
+ "locationName":"nextToken"
+ }
+ }
+ },
+ "ListMalwareProtectionPlansResponse":{
+ "type":"structure",
+ "members":{
+ "MalwareProtectionPlans":{
+ "shape":"MalwareProtectionPlansSummary",
+ "locationName":"malwareProtectionPlans"
+ },
+ "NextToken":{
+ "shape":"String",
+ "locationName":"nextToken"
+ }
+ }
+ },
"ListMembersRequest":{
"type":"structure",
"required":["DetectorId"],
@@ -5073,6 +5312,86 @@
}
}
},
+ "MalwareProtectionPlanActions":{
+ "type":"structure",
+ "members":{
+ "Tagging":{
+ "shape":"MalwareProtectionPlanTaggingAction",
+ "locationName":"tagging"
+ }
+ }
+ },
+ "MalwareProtectionPlanObjectPrefixesList":{
+ "type":"list",
+ "member":{"shape":"String"},
+ "max":5,
+ "min":0
+ },
+ "MalwareProtectionPlanStatus":{
+ "type":"string",
+ "enum":[
+ "ACTIVE",
+ "WARNING",
+ "ERROR"
+ ]
+ },
+ "MalwareProtectionPlanStatusReason":{
+ "type":"structure",
+ "members":{
+ "Code":{
+ "shape":"String",
+ "locationName":"code"
+ },
+ "Message":{
+ "shape":"String",
+ "locationName":"message"
+ }
+ }
+ },
+ "MalwareProtectionPlanStatusReasonsList":{
+ "type":"list",
+ "member":{"shape":"MalwareProtectionPlanStatusReason"},
+ "max":50,
+ "min":0
+ },
+ "MalwareProtectionPlanSummary":{
+ "type":"structure",
+ "members":{
+ "MalwareProtectionPlanId":{
+ "shape":"String",
+ "locationName":"malwareProtectionPlanId"
+ }
+ }
+ },
+ "MalwareProtectionPlanTaggingAction":{
+ "type":"structure",
+ "members":{
+ "Status":{
+ "shape":"MalwareProtectionPlanTaggingActionStatus",
+ "locationName":"status"
+ }
+ }
+ },
+ "MalwareProtectionPlanTaggingActionStatus":{
+ "type":"string",
+ "enum":[
+ "ENABLED",
+ "DISABLED"
+ ]
+ },
+ "MalwareProtectionPlansSummary":{
+ "type":"list",
+ "member":{"shape":"MalwareProtectionPlanSummary"}
+ },
+ "MalwareScanDetails":{
+ "type":"structure",
+ "members":{
+ "Threats":{
+ "shape":"Threats",
+ "locationName":"threats"
+ }
+ }
+ },
"ManagementType":{
"type":"string",
"enum":[
@@ -6122,6 +6441,21 @@
"type":"list",
"member":{"shape":"String"}
},
+ "ResourceNotFoundException":{
+ "type":"structure",
+ "members":{
+ "Message":{
+ "shape":"String",
+ "locationName":"message"
+ },
+ "Type":{
+ "shape":"String",
+ "locationName":"__type"
+ }
+ },
+ "error":{"httpStatusCode":404},
+ "exception":true
+ },
"ResourceType":{
"type":"string",
"enum":[
@@ -6282,6 +6616,10 @@
"PublicAccess":{
"shape":"PublicAccess",
"locationName":"publicAccess"
+ },
+ "S3ObjectDetails":{
+ "shape":"S3ObjectDetails",
+ "locationName":"s3ObjectDetails"
}
}
},
@@ -6309,6 +6647,35 @@
}
}
},
+ "S3ObjectDetail":{
+ "type":"structure",
+ "members":{
+ "ObjectArn":{
+ "shape":"String",
+ "locationName":"objectArn"
+ },
+ "Key":{
+ "shape":"String",
+ "locationName":"key"
+ },
+ "ETag":{
+ "shape":"String",
+ "locationName":"eTag"
+ },
+ "Hash":{
+ "shape":"String",
+ "locationName":"hash"
+ },
+ "VersionId":{
+ "shape":"String",
+ "locationName":"versionId"
+ }
+ }
+ },
+ "S3ObjectDetails":{
+ "type":"list",
+ "member":{"shape":"S3ObjectDetail"}
+ },
"Scan":{
"type":"structure",
"members":{
@@ -6654,6 +7021,10 @@
"Detection":{
"shape":"Detection",
"locationName":"detection"
+ },
+ "MalwareScanDetails":{
+ "shape":"MalwareScanDetails",
+ "locationName":"malwareScanDetails"
}
}
},
@@ -6838,6 +7209,23 @@
"type":"list",
"member":{"shape":"Tag"}
},
+ "Threat":{
+ "type":"structure",
+ "members":{
+ "Name":{
+ "shape":"String",
+ "locationName":"name"
+ },
+ "Source":{
+ "shape":"String",
+ "locationName":"source"
+ },
+ "ItemPaths":{
+ "shape":"ItemPaths",
+ "locationName":"itemPaths"
+ }
+ }
+ },
"ThreatDetectedByName":{
"type":"structure",
"members":{
@@ -6917,6 +7305,10 @@
"type":"list",
"member":{"shape":"String"}
},
+ "Threats":{
+ "type":"list",
+ "member":{"shape":"Threat"}
+ },
"ThreatsDetectedItemCount":{
"type":"structure",
"members":{
@@ -7179,6 +7571,29 @@
"members":{
}
},
+ "UpdateMalwareProtectionPlanRequest":{
+ "type":"structure",
+ "required":["MalwareProtectionPlanId"],
+ "members":{
+ "MalwareProtectionPlanId":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"malwareProtectionPlanId"
+ },
+ "Role":{
+ "shape":"String",
+ "locationName":"role"
+ },
+ "Actions":{
+ "shape":"MalwareProtectionPlanActions",
+ "locationName":"actions"
+ },
+ "ProtectedResource":{
+ "shape":"UpdateProtectedResource",
+ "locationName":"protectedResource"
+ }
+ }
+ },
"UpdateMalwareScanSettingsRequest":{
"type":"structure",
"required":["DetectorId"],
@@ -7277,6 +7692,15 @@
"members":{
}
},
+ "UpdateProtectedResource":{
+ "type":"structure",
+ "members":{
+ "S3Bucket":{
+ "shape":"UpdateS3BucketResource",
+ "locationName":"s3Bucket"
+ }
+ }
+ },
"UpdatePublishingDestinationRequest":{
"type":"structure",
"required":[
@@ -7305,6 +7729,15 @@
"members":{
}
},
+ "UpdateS3BucketResource":{
+ "type":"structure",
+ "members":{
+ "ObjectPrefixes":{
+ "shape":"MalwareProtectionPlanObjectPrefixesList",
+ "locationName":"objectPrefixes"
+ }
+ }
+ },
"UpdateThreatIntelSetRequest":{
"type":"structure",
"required":[
diff --git a/models/apis/guardduty/2017-11-28/docs-2.json b/models/apis/guardduty/2017-11-28/docs-2.json
index c8f0fbd8c30..1d96e74a3d7 100644
--- a/models/apis/guardduty/2017-11-28/docs-2.json
+++ b/models/apis/guardduty/2017-11-28/docs-2.json
@@ -8,6 +8,7 @@
"CreateDetector": "Creates a single GuardDuty detector. A detector is a resource that represents the GuardDuty service. To start using GuardDuty, you must create a detector in each Region where you enable the service. You can have only one detector per account per Region. All data sources are enabled in a new detector by default.
-
When you don't specify any features, with an exception to RUNTIME_MONITORING, all the optional features are enabled by default.
-
When you specify some of the features, any feature that is not specified in the API call gets enabled by default, with an exception to RUNTIME_MONITORING.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
"CreateFilter": "Creates a filter using the specified finding criteria. The maximum number of saved filters per Amazon Web Services account per Region is 100. For more information, see Quotas for GuardDuty.
",
"CreateIPSet": "Creates a new IPSet, which is called a trusted IP list in the console user interface. An IPSet is a list of IP addresses that are trusted for secure communication with Amazon Web Services infrastructure and applications. GuardDuty doesn't generate findings for IP addresses that are included in IPSets. Only users from the administrator account can use this operation.
",
+ "CreateMalwareProtectionPlan": "Creates a new Malware Protection plan for the protected resource.
When you create a Malware Protection plan, the Amazon Web Services service terms for GuardDuty Malware Protection apply. For more information, see Amazon Web Services service terms for GuardDuty Malware Protection.
",
"CreateMembers": "Creates member accounts of the current Amazon Web Services account by specifying a list of Amazon Web Services account IDs. This step is a prerequisite for managing the associated member accounts either by invitation or through an organization.
As a delegated administrator, using CreateMembers will enable GuardDuty in the added member accounts, with the exception of the organization delegated administrator account. A delegated administrator must enable GuardDuty prior to being added as a member.
When you use CreateMembers as an Organizations delegated administrator, GuardDuty applies your organization's auto-enable settings to the member accounts in this request, irrespective of the accounts being new or existing members. For more information about the existing auto-enable settings for your organization, see DescribeOrganizationConfiguration.
If you disassociate a member account that was added by invitation, the member account details obtained from this API, including the associated email addresses, will be retained. This is done so that the delegated administrator can invoke the InviteMembers API without the need to invoke the CreateMembers API again. To remove the details associated with a member account, the delegated administrator must invoke the DeleteMembers API.
When the member accounts added through Organizations are later disassociated, you (administrator) can't invite them by calling the InviteMembers API. You can create an association with these member accounts again only by calling the CreateMembers API.
",
"CreatePublishingDestination": "Creates a publishing destination to export findings to. The resource to export findings to must exist before you use this operation.
",
"CreateSampleFindings": "Generates sample findings of types specified by the list of finding types. If 'NULL' is specified for findingTypes, the API generates sample findings of all supported finding types.
",
@@ -17,6 +18,7 @@
"DeleteFilter": "Deletes the filter specified by the filter name.
",
"DeleteIPSet": "Deletes the IPSet specified by the ipSetId. IPSets are called trusted IP lists in the console user interface.
",
"DeleteInvitations": "Deletes invitations sent to the current member account by Amazon Web Services accounts specified by their account IDs.
",
+ "DeleteMalwareProtectionPlan": "Deletes the Malware Protection plan ID associated with the Malware Protection plan resource. Use this API only when you no longer want to protect the resource associated with this Malware Protection plan ID.
",
"DeleteMembers": "Deletes GuardDuty member accounts (to the current GuardDuty administrator account) specified by the account IDs.
With autoEnableOrganizationMembers configuration for your organization set to ALL, you'll receive an error if you attempt to disable GuardDuty for a member account in your organization.
",
"DeletePublishingDestination": "Deletes the publishing definition with the specified destinationId.
",
"DeleteThreatIntelSet": "Deletes the ThreatIntelSet specified by the ThreatIntelSet ID.
",
@@ -36,6 +38,7 @@
"GetFindingsStatistics": "Lists Amazon GuardDuty findings statistics for the specified detector ID.
There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.
",
"GetIPSet": "Retrieves the IPSet specified by the ipSetId.
",
"GetInvitationsCount": "Returns the count of all GuardDuty membership invitations that were sent to the current member account except the currently accepted invitation.
",
+ "GetMalwareProtectionPlan": "Retrieves the Malware Protection plan details associated with a Malware Protection plan ID.
",
"GetMalwareScanSettings": "Returns the details of the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
"GetMasterAccount": "Provides the details for the GuardDuty administrator account associated with the current GuardDuty member account.
",
"GetMemberDetectors": "Describes which data sources are enabled for the member account's detector.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
@@ -51,6 +54,7 @@
"ListFindings": "Lists GuardDuty findings for the specified detector ID.
There might be regional differences because some flags might not be available in all the Regions where GuardDuty is currently supported. For more information, see Regions and endpoints.
",
"ListIPSets": "Lists the IPSets of the GuardDuty service specified by the detector ID. If you use this operation from a member account, the IPSets returned are the IPSets from the associated administrator account.
",
"ListInvitations": "Lists all GuardDuty membership invitations that were sent to the current Amazon Web Services account.
",
+ "ListMalwareProtectionPlans": "Lists the Malware Protection plan IDs associated with the protected resources in your Amazon Web Services account.
",
"ListMembers": "Lists details about all member accounts for the current GuardDuty administrator account.
",
"ListOrganizationAdminAccounts": "Lists the accounts designated as GuardDuty delegated administrators. Only the organization's management account can run this API operation.
",
"ListPublishingDestinations": "Returns a list of publishing destinations associated with the specified detectorId.
",
@@ -66,6 +70,7 @@
"UpdateFilter": "Updates the filter specified by the filter name.
",
"UpdateFindingsFeedback": "Marks the specified GuardDuty findings as useful or not useful.
",
"UpdateIPSet": "Updates the IPSet specified by the IPSet ID.
",
+ "UpdateMalwareProtectionPlan": "Updates an existing Malware Protection plan resource.
",
"UpdateMalwareScanSettings": "Updates the malware scan settings.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
"UpdateMemberDetectors": "Contains information on member accounts to be updated.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
"UpdateOrganizationConfiguration": "Configures the delegated administrator account with the provided values. You must provide a value for either autoEnableOrganizationMembers or autoEnable, but not both.
Specifying both EKS Runtime Monitoring (EKS_RUNTIME_MONITORING) and Runtime Monitoring (RUNTIME_MONITORING) will cause an error. You can add only one of these two features because Runtime Monitoring already includes the threat detection for Amazon EKS resources. For more information, see Runtime Monitoring.
There might be regional differences because some data sources might not be available in all the Amazon Web Services Regions where GuardDuty is presently supported. For more information, see Regions and endpoints.
",
@@ -374,6 +379,7 @@
"CreateDetectorRequest$ClientToken": "The idempotency token for the create request.
",
"CreateFilterRequest$ClientToken": "The idempotency token for the create request.
",
"CreateIPSetRequest$ClientToken": "The idempotency token for the create request.
",
+ "CreateMalwareProtectionPlanRequest$ClientToken": "The idempotency token for the create request.
",
"CreatePublishingDestinationRequest$ClientToken": "The idempotency token for the request.
",
"CreateThreatIntelSetRequest$ClientToken": "The idempotency token for the create request.
"
}
@@ -573,6 +579,16 @@
"refs": {
}
},
+ "CreateMalwareProtectionPlanRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateMalwareProtectionPlanResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"CreateMembersRequest": {
"base": null,
"refs": {
@@ -583,6 +599,13 @@
"refs": {
}
},
+ "CreateProtectedResource": {
+ "base": "Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
",
+ "refs": {
+ "CreateMalwareProtectionPlanRequest$ProtectedResource": "Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
",
+ "GetMalwareProtectionPlanResponse$ProtectedResource": "Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
"
+ }
+ },
"CreatePublishingDestinationRequest": {
"base": null,
"refs": {
@@ -593,6 +616,12 @@
"refs": {
}
},
+ "CreateS3BucketResource": {
+ "base": "Information about the protected S3 bucket resource.
",
+ "refs": {
+ "CreateProtectedResource$S3Bucket": "Information about the protected S3 bucket resource.
"
+ }
+ },
"CreateSampleFindingsRequest": {
"base": null,
"refs": {
@@ -743,6 +772,11 @@
"refs": {
}
},
+ "DeleteMalwareProtectionPlanRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
"DeleteMembersRequest": {
"base": null,
"refs": {
@@ -1412,6 +1446,16 @@
"refs": {
}
},
+ "GetMalwareProtectionPlanRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetMalwareProtectionPlanResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"GetMalwareScanSettingsRequest": {
"base": null,
"refs": {
@@ -1529,7 +1573,7 @@
"InstanceArn": {
"base": null,
"refs": {
- "ResourceDetails$InstanceArn": "InstanceArn that was scanned in the scan entry.
"
+ "ResourceDetails$InstanceArn": "Instance ARN that was scanned in the scan entry.
"
}
},
"InstanceDetails": {
@@ -1648,6 +1692,18 @@
"FargateDetails$Issues": "Runtime coverage issues identified for the resource running on Amazon Web Services Fargate.
"
}
},
+ "ItemPath": {
+ "base": "Information about the nested item path and hash of the protected resource.
",
+ "refs": {
+ "ItemPaths$member": null
+ }
+ },
+ "ItemPaths": {
+ "base": null,
+ "refs": {
+ "Threat$ItemPaths": "Information about the nested item path and hash of the protected resource.
"
+ }
+ },
"KubernetesApiCallAction": {
"base": "Information about the Kubernetes API call action described in this finding.
",
"refs": {
@@ -1798,6 +1854,16 @@
"refs": {
}
},
+ "ListMalwareProtectionPlansRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListMalwareProtectionPlansResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
"ListMembersRequest": {
"base": null,
"refs": {
@@ -1927,6 +1993,69 @@
"DataSourcesFreeTrial$MalwareProtection": "Describes whether Malware Protection is enabled as a data source.
"
}
},
+ "MalwareProtectionPlanActions": {
+ "base": "Information about whether the tags will be added to the S3 object after scanning.
",
+ "refs": {
+ "CreateMalwareProtectionPlanRequest$Actions": "Information about whether the tags will be added to the S3 object after scanning.
",
+ "GetMalwareProtectionPlanResponse$Actions": "Information about whether the tags will be added to the S3 object after scanning.
",
+ "UpdateMalwareProtectionPlanRequest$Actions": "Information about whether the tags will be added to the S3 object after scanning.
"
+ }
+ },
+ "MalwareProtectionPlanObjectPrefixesList": {
+ "base": null,
+ "refs": {
+ "CreateS3BucketResource$ObjectPrefixes": "Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes.
",
+ "UpdateS3BucketResource$ObjectPrefixes": "Information about the specified object prefixes. The S3 object will be scanned only if it belongs to any of the specified object prefixes.
"
+ }
+ },
+ "MalwareProtectionPlanStatus": {
+ "base": null,
+ "refs": {
+ "GetMalwareProtectionPlanResponse$Status": "Malware Protection plan status.
"
+ }
+ },
+ "MalwareProtectionPlanStatusReason": {
+ "base": "Information about the issue code and message associated to the status of your Malware Protection plan.
",
+ "refs": {
+ "MalwareProtectionPlanStatusReasonsList$member": null
+ }
+ },
+ "MalwareProtectionPlanStatusReasonsList": {
+ "base": null,
+ "refs": {
+ "GetMalwareProtectionPlanResponse$StatusReasons": "Information about the issue code and message associated to the status of your Malware Protection plan.
"
+ }
+ },
+ "MalwareProtectionPlanSummary": {
+ "base": "Information about the Malware Protection plan resource.
",
+ "refs": {
+ "MalwareProtectionPlansSummary$member": null
+ }
+ },
+ "MalwareProtectionPlanTaggingAction": {
+ "base": "Information about adding tags to the scanned S3 object after the scan result.
",
+ "refs": {
+ "MalwareProtectionPlanActions$Tagging": "Indicates whether the scanned S3 object will have tags about the scan result.
"
+ }
+ },
+ "MalwareProtectionPlanTaggingActionStatus": {
+ "base": null,
+ "refs": {
+ "MalwareProtectionPlanTaggingAction$Status": "Indicates whether or not the tags will added.
"
+ }
+ },
+ "MalwareProtectionPlansSummary": {
+ "base": null,
+ "refs": {
+ "ListMalwareProtectionPlansResponse$MalwareProtectionPlans": "A list of unique identifiers associated with each Malware Protection plan.
"
+ }
+ },
+ "MalwareScanDetails": {
+ "base": "Information about the malware scan that generated a GuardDuty finding.
",
+ "refs": {
+ "Service$MalwareScanDetails": "Returns details from the malware scan that generated a GuardDuty finding.
"
+ }
+ },
"ManagementType": {
"base": null,
"refs": {
@@ -2476,6 +2605,11 @@
"UsageCriteria$Resources": "The resources to aggregate usage statistics from. Only accepts exact resource names.
"
}
},
+ "ResourceNotFoundException": {
+ "base": "The requested resource can't be found.
",
+ "refs": {
+ }
+ },
"ResourceType": {
"base": null,
"refs": {
@@ -2519,6 +2653,18 @@
"DataSourceConfigurationsResult$S3Logs": "An object that contains information on the status of S3 Data event logs as a data source.
"
}
},
+ "S3ObjectDetail": {
+ "base": "Information about the S3 object that was scanned
",
+ "refs": {
+ "S3ObjectDetails$member": null
+ }
+ },
+ "S3ObjectDetails": {
+ "base": null,
+ "refs": {
+ "S3BucketDetail$S3ObjectDetails": "Information about the S3 object that was scanned.
"
+ }
+ },
"Scan": {
"base": "Contains information about a malware scan.
",
"refs": {
@@ -2782,13 +2928,17 @@
"CoverageResource$ResourceId": "The unique ID of the resource.
",
"CoverageResource$Issue": "Represents the reason why a coverage status was UNHEALTHY for the EKS cluster.
",
"CreateIPSetResponse$IpSetId": "The ID of the IPSet resource.
",
+ "CreateMalwareProtectionPlanRequest$Role": "IAM role with permissions required to scan and add tags to the associated protected resource.
",
+ "CreateMalwareProtectionPlanResponse$MalwareProtectionPlanId": "A unique identifier associated with the Malware Protection plan resource.
",
"CreatePublishingDestinationResponse$DestinationId": "The ID of the publishing destination that is created.
",
+ "CreateS3BucketResource$BucketName": "Name of the S3 bucket.
",
"CreateThreatIntelSetResponse$ThreatIntelSetId": "The ID of the ThreatIntelSet resource.
",
"Criterion$key": null,
"DefaultServerSideEncryption$EncryptionType": "The type of encryption used for objects within the S3 bucket.
",
"DefaultServerSideEncryption$KmsMasterKeyArn": "The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.
",
"DeleteFilterRequest$FilterName": "The name of the filter that you want to delete.
",
"DeleteIPSetRequest$IpSetId": "The unique ID of the IPSet to delete.
",
+ "DeleteMalwareProtectionPlanRequest$MalwareProtectionPlanId": "A unique identifier associated with Malware Protection plan resource.
",
"DeletePublishingDestinationRequest$DestinationId": "The ID of the publishing destination to delete.
",
"DeleteThreatIntelSetRequest$ThreatIntelSetId": "The unique ID of the threatIntelSet that you want to delete.
",
"DescribeMalwareScansRequest$NextToken": "You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
",
@@ -2839,6 +2989,9 @@
"GetDetectorResponse$UpdatedAt": "The last-updated timestamp for the detector.
",
"GetFilterRequest$FilterName": "The name of the filter you want to get.
",
"GetIPSetRequest$IpSetId": "The unique ID of the IPSet to retrieve.
",
+ "GetMalwareProtectionPlanRequest$MalwareProtectionPlanId": "A unique identifier associated with Malware Protection plan resource.
",
+ "GetMalwareProtectionPlanResponse$Arn": "Amazon Resource Name (ARN) of the protected resource.
",
+ "GetMalwareProtectionPlanResponse$Role": "IAM role that includes the permissions required to scan and add tags to the associated protected resource.
",
"GetThreatIntelSetRequest$ThreatIntelSetId": "The unique ID of the threatIntelSet that you want to get.
",
"GetUsageStatisticsRequest$Unit": "The currency unit you would like to view your usage statistics in. Current valid values are USD.
",
"GetUsageStatisticsRequest$NextToken": "A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.
",
@@ -2868,6 +3021,8 @@
"IpSetIds$member": null,
"Ipv6Addresses$member": null,
"Issues$member": null,
+ "ItemPath$NestedItemPath": "The nested item path where the infected file was found.
",
+ "ItemPath$Hash": "The hash value of the infected resource.
",
"KubernetesApiCallAction$RequestUri": "The Kubernetes API request URI.
",
"KubernetesApiCallAction$Verb": "The Kubernetes API request HTTP verb.
",
"KubernetesApiCallAction$UserAgent": "The user agent of the caller of the Kubernetes API.
",
@@ -2916,6 +3071,8 @@
"ListIPSetsResponse$NextToken": "The pagination parameter to be used on the next list operation to retrieve more items.
",
"ListInvitationsRequest$NextToken": "You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
",
"ListInvitationsResponse$NextToken": "The pagination parameter to be used on the next list operation to retrieve more items.
",
+ "ListMalwareProtectionPlansRequest$NextToken": "You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
",
+ "ListMalwareProtectionPlansResponse$NextToken": "You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
",
"ListMembersRequest$NextToken": "You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.
",
"ListMembersRequest$OnlyAssociated": "Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated). Member accounts must have been previously associated with the GuardDuty administrator account using Create Members .
",
"ListMembersResponse$NextToken": "The pagination parameter to be used on the next list operation to retrieve more items.
",
@@ -2929,6 +3086,10 @@
"LoginAttribute$User": "Indicates the user name which attempted to log in.
",
"LoginAttribute$Application": "Indicates the application name used to attempt log in.
",
"MalwareProtectionConfigurationResult$ServiceRole": "The GuardDuty Malware Protection service role.
",
+ "MalwareProtectionPlanObjectPrefixesList$member": null,
+ "MalwareProtectionPlanStatusReason$Code": "Issue code.
",
+ "MalwareProtectionPlanStatusReason$Message": "Issue message that specifies the reason. For information about potential troubleshooting steps, see Troubleshooting Malware Protection for S3 status issues in the GuardDuty User Guide.
",
+ "MalwareProtectionPlanSummary$MalwareProtectionPlanId": "A unique identifier associated with Malware Protection plan.
",
"Master$InvitationId": "The value used to validate the administrator account to the member account.
",
"Master$RelationshipStatus": "The status of the relationship between the administrator and member accounts.
",
"Master$InvitedAt": "The timestamp when the invitation was sent.
",
@@ -2979,6 +3140,8 @@
"RemotePortDetails$PortName": "The port name of the remote connection.
",
"Resource$ResourceType": "The type of Amazon Web Services resource.
",
"ResourceList$member": null,
+ "ResourceNotFoundException$Message": "The error message.
",
+ "ResourceNotFoundException$Type": "The error type.
",
"RuntimeContext$ScriptPath": "The path to the script that was executed.
",
"RuntimeContext$LibraryPath": "The path to the new library that was loaded.
",
"RuntimeContext$LdPreloadValue": "The value of the LD_PRELOAD environment variable.
",
@@ -3001,8 +3164,13 @@
"S3BucketDetail$Arn": "The Amazon Resource Name (ARN) of the S3 bucket.
",
"S3BucketDetail$Name": "The name of the S3 bucket.
",
"S3BucketDetail$Type": "Describes whether the bucket is a source or destination bucket.
",
+ "S3ObjectDetail$ObjectArn": "Amazon Resource Name (ARN) of the S3 object.
",
+ "S3ObjectDetail$Key": "Key of the S3 object.
",
+ "S3ObjectDetail$ETag": "The entity tag is a hash of the S3 object. The ETag reflects changes only to the contents of an object, and not its metadata.
",
+ "S3ObjectDetail$Hash": "Hash of the threat detected in this finding.
",
+ "S3ObjectDetail$VersionId": "Version ID of the object.
",
"ScanFilePath$FilePath": "The file path of the infected file.
",
- "ScanFilePath$VolumeArn": "EBS volume Arn details of the infected file.
",
+ "ScanFilePath$VolumeArn": "EBS volume ARN details of the infected file.
",
"ScanFilePath$Hash": "The hash value of the infected file.
",
"ScanFilePath$FileName": "File name of the infected file.
",
"ScanThreatName$Name": "The name of the identified threat.
",
@@ -3024,6 +3192,8 @@
"SubnetIds$member": null,
"Tag$Key": "The EC2 instance tag key.
",
"Tag$Value": "The EC2 instance tag value.
",
+ "Threat$Name": "Name of the detected threat that caused GuardDuty to generate this finding.
",
+ "Threat$Source": "Source of the threat that generated this finding.
",
"ThreatIntelSetIds$member": null,
"ThreatIntelligenceDetail$ThreatListName": "The name of the threat intelligence list that triggered the finding.
",
"ThreatIntelligenceDetail$ThreatFileSha256": "SHA256 of the file that generated the finding.
",
@@ -3034,16 +3204,18 @@
"UpdateFilterRequest$FilterName": "The name of the filter.
",
"UpdateFindingsFeedbackRequest$Comments": "Additional feedback about the GuardDuty findings.
",
"UpdateIPSetRequest$IpSetId": "The unique ID that specifies the IPSet that you want to update.
",
+ "UpdateMalwareProtectionPlanRequest$MalwareProtectionPlanId": "A unique identifier associated with the Malware Protection plan.
",
+ "UpdateMalwareProtectionPlanRequest$Role": "IAM role with permissions required to scan and add tags to the associated protected resource.
",
"UpdatePublishingDestinationRequest$DestinationId": "The ID of the publishing destination to update.
",
"UpdateThreatIntelSetRequest$ThreatIntelSetId": "The unique ID that specifies the ThreatIntelSet that you want to update.
",
"UsageResourceResult$Resource": "The Amazon Web Services resource that generated usage.
",
"Volume$Name": "Volume name.
",
- "VolumeDetail$VolumeArn": "EBS volume Arn information.
",
+ "VolumeDetail$VolumeArn": "EBS volume ARN information.
",
"VolumeDetail$VolumeType": "The EBS volume type.
",
"VolumeDetail$DeviceName": "The device name for the EBS volume.
",
"VolumeDetail$EncryptionType": "EBS volume encryption type.
",
- "VolumeDetail$SnapshotArn": "Snapshot Arn of the EBS volume.
",
- "VolumeDetail$KmsKeyArn": "KMS key Arn used to encrypt the EBS volume.
",
+ "VolumeDetail$SnapshotArn": "Snapshot ARN of the EBS volume.
",
+ "VolumeDetail$KmsKeyArn": "KMS key ARN used to encrypt the EBS volume.
",
"VolumeMount$Name": "Volume mount name.
",
"VolumeMount$MountPath": "Volume mount path.
",
"VpcConfig$VpcId": "The identifier of the Amazon Virtual Private Cloud.
"
@@ -3081,10 +3253,12 @@
"CreateDetectorRequest$Tags": "The tags to be added to a new detector resource.
",
"CreateFilterRequest$Tags": "The tags to be added to a new filter resource.
",
"CreateIPSetRequest$Tags": "The tags to be added to a new IP set resource.
",
+ "CreateMalwareProtectionPlanRequest$Tags": "Tags added to the Malware Protection plan resource.
",
"CreateThreatIntelSetRequest$Tags": "The tags to be added to a new threat list resource.
",
"GetDetectorResponse$Tags": "The tags of the detector resource.
",
"GetFilterResponse$Tags": "The tags of the filter resource.
",
"GetIPSetResponse$Tags": "The tags of the IPSet resource.
",
+ "GetMalwareProtectionPlanResponse$Tags": "Tags added to the Malware Protection plan resource.
",
"GetThreatIntelSetResponse$Tags": "The tags of the threat list resource.
",
"ListTagsForResourceResponse$Tags": "The tags associated with the resource.
",
"TagResourceRequest$Tags": "The tags to be added to a resource.
"
@@ -3119,6 +3293,12 @@
"S3BucketDetail$Tags": "All tags attached to the S3 bucket
"
}
},
+ "Threat": {
+ "base": "Information about the detected threats associated with the generated finding.
",
+ "refs": {
+ "Threats$member": null
+ }
+ },
"ThreatDetectedByName": {
"base": "Contains details about identified threats organized by threat name.
",
"refs": {
@@ -3162,6 +3342,12 @@
"ThreatIntelligenceDetail$ThreatNames": "A list of names of the threats in the threat intelligence list that triggered the finding.
"
}
},
+ "Threats": {
+ "base": null,
+ "refs": {
+ "MalwareScanDetails$Threats": "Information about the detected threats associated with the generated GuardDuty finding.
"
+ }
+ },
"ThreatsDetectedItemCount": {
"base": "Contains total number of infected files.
",
"refs": {
@@ -3179,6 +3365,7 @@
"EcsTaskDetails$TaskCreatedAt": "The Unix timestamp for the time when the task was created.
",
"EcsTaskDetails$StartedAt": "The Unix timestamp for the time when the task started.
",
"EksClusterDetails$CreatedAt": "The timestamp when the EKS cluster was created.
",
+ "GetMalwareProtectionPlanResponse$CreatedAt": "The timestamp when the Malware Protection plan resource was created.
",
"LambdaDetails$LastModifiedAt": "The timestamp when the Lambda function was last modified. This field is in the UTC date string format (2023-03-22T19:37:20.168Z).
",
"LineageObject$StartTime": "The time when the process started. This is in UTC format.
",
"MemberAdditionalConfigurationResult$UpdatedAt": "The timestamp at which the additional configuration was set for the member account. This is in UTC format.
",
@@ -3296,6 +3483,11 @@
"refs": {
}
},
+ "UpdateMalwareProtectionPlanRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
"UpdateMalwareScanSettingsRequest": {
"base": null,
"refs": {
@@ -3326,6 +3518,12 @@
"refs": {
}
},
+ "UpdateProtectedResource": {
+ "base": "Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
",
+ "refs": {
+ "UpdateMalwareProtectionPlanRequest$ProtectedResource": "Information about the protected resource that is associated with the created Malware Protection plan. Presently, S3Bucket is the only supported protected resource.
"
+ }
+ },
"UpdatePublishingDestinationRequest": {
"base": null,
"refs": {
@@ -3336,6 +3534,12 @@
"refs": {
}
},
+ "UpdateS3BucketResource": {
+ "base": "Information about the protected S3 bucket resource.
",
+ "refs": {
+ "UpdateProtectedResource$S3Bucket": "Information about the protected S3 bucket resource.
"
+ }
+ },
"UpdateThreatIntelSetRequest": {
"base": null,
"refs": {
diff --git a/models/apis/networkmanager/2019-07-05/api-2.json b/models/apis/networkmanager/2019-07-05/api-2.json
index 57b11d5af6a..6d4e7a120f2 100644
--- a/models/apis/networkmanager/2019-07-05/api-2.json
+++ b/models/apis/networkmanager/2019-07-05/api-2.json
@@ -5,12 +5,14 @@
"endpointPrefix":"networkmanager",
"jsonVersion":"1.1",
"protocol":"rest-json",
+ "protocols":["rest-json"],
"serviceAbbreviation":"NetworkManager",
"serviceFullName":"AWS Network Manager",
"serviceId":"NetworkManager",
"signatureVersion":"v4",
"signingName":"networkmanager",
- "uid":"networkmanager-2019-07-05"
+ "uid":"networkmanager-2019-07-05",
+ "auth":["aws.auth#sigv4"]
},
"operations":{
"AcceptAttachment":{
@@ -1594,8 +1596,10 @@
"ResourceArn":{"shape":"ResourceArn"},
"AttachmentPolicyRuleNumber":{"shape":"Integer"},
"SegmentName":{"shape":"ConstrainedString"},
+ "NetworkFunctionGroupName":{"shape":"NetworkFunctionGroupName"},
"Tags":{"shape":"TagList"},
"ProposedSegmentChange":{"shape":"ProposedSegmentChange"},
+ "ProposedNetworkFunctionGroupChange":{"shape":"ProposedNetworkFunctionGroupChange"},
"CreatedAt":{"shape":"DateTime"},
"UpdatedAt":{"shape":"DateTime"}
}
@@ -1679,6 +1683,7 @@
"type":"string",
"enum":[
"CORE_NETWORK_SEGMENT",
+ "NETWORK_FUNCTION_GROUP",
"CORE_NETWORK_EDGE",
"ATTACHMENT_MAPPING",
"ATTACHMENT_ROUTE_PROPAGATION",
@@ -1907,6 +1912,7 @@
"CreatedAt":{"shape":"DateTime"},
"State":{"shape":"CoreNetworkState"},
"Segments":{"shape":"CoreNetworkSegmentList"},
+ "NetworkFunctionGroups":{"shape":"CoreNetworkNetworkFunctionGroupList"},
"Edges":{"shape":"CoreNetworkEdgeList"},
"Tags":{"shape":"TagList"}
}
@@ -1948,6 +1954,7 @@
"members":{
"EdgeLocation":{"shape":"ExternalRegionCode"},
"SegmentName":{"shape":"ConstrainedString"},
+ "NetworkFunctionGroupName":{"shape":"ConstrainedString"},
"AttachmentId":{"shape":"AttachmentId"},
"Cidr":{"shape":"ConstrainedString"}
}
@@ -1960,12 +1967,14 @@
"type":"structure",
"members":{
"SegmentName":{"shape":"ConstrainedString"},
+ "NetworkFunctionGroupName":{"shape":"ConstrainedString"},
"EdgeLocations":{"shape":"ExternalRegionCodeList"},
"Asn":{"shape":"Long"},
"Cidr":{"shape":"ConstrainedString"},
"DestinationIdentifier":{"shape":"ConstrainedString"},
"InsideCidrBlocks":{"shape":"ConstrainedStringList"},
- "SharedSegments":{"shape":"ConstrainedStringList"}
+ "SharedSegments":{"shape":"ConstrainedStringList"},
+ "ServiceInsertionActions":{"shape":"ServiceInsertionActionList"}
}
},
"CoreNetworkEdge":{
@@ -1986,6 +1995,26 @@
"min":0,
"pattern":"^core-network-([0-9a-f]{8,17})$"
},
+ "CoreNetworkNetworkFunctionGroup":{
+ "type":"structure",
+ "members":{
+ "Name":{"shape":"ConstrainedString"},
+ "EdgeLocations":{"shape":"ExternalRegionCodeList"},
+ "Segments":{"shape":"ServiceInsertionSegments"}
+ }
+ },
+ "CoreNetworkNetworkFunctionGroupIdentifier":{
+ "type":"structure",
+ "members":{
+ "CoreNetworkId":{"shape":"CoreNetworkId"},
+ "NetworkFunctionGroupName":{"shape":"ConstrainedString"},
+ "EdgeLocation":{"shape":"ExternalRegionCode"}
+ }
+ },
+ "CoreNetworkNetworkFunctionGroupList":{
+ "type":"list",
+ "member":{"shape":"CoreNetworkNetworkFunctionGroup"}
+ },
"CoreNetworkPolicy":{
"type":"structure",
"members":{
@@ -2843,6 +2872,21 @@
"TransitGatewayConnectPeerAssociation":{"shape":"TransitGatewayConnectPeerAssociation"}
}
},
+ "EdgeOverride":{
+ "type":"structure",
+ "members":{
+ "EdgeSets":{"shape":"EdgeSetList"},
+ "UseEdge":{"shape":"ConstrainedString"}
+ }
+ },
+ "EdgeSet":{
+ "type":"list",
+ "member":{"shape":"ConstrainedString"}
+ },
+ "EdgeSetList":{
+ "type":"list",
+ "member":{"shape":"EdgeSet"}
+ },
"ExceptionContextKey":{"type":"string"},
"ExceptionContextMap":{
"type":"map",
@@ -4082,6 +4126,20 @@
"max":500,
"min":1
},
+ "NetworkFunctionGroup":{
+ "type":"structure",
+ "members":{
+ "Name":{"shape":"ConstrainedString"}
+ }
+ },
+ "NetworkFunctionGroupList":{
+ "type":"list",
+ "member":{"shape":"NetworkFunctionGroup"}
+ },
+ "NetworkFunctionGroupName":{
+ "type":"string",
+ "pattern":"[\\s\\S]*"
+ },
"NetworkResource":{
"type":"structure",
"members":{
@@ -4145,6 +4203,7 @@
"CoreNetworkAttachmentId":{"shape":"AttachmentId"},
"TransitGatewayAttachmentId":{"shape":"TransitGatewayAttachmentId"},
"SegmentName":{"shape":"ConstrainedString"},
+ "NetworkFunctionGroupName":{"shape":"ConstrainedString"},
"EdgeLocation":{"shape":"ExternalRegionCode"},
"ResourceType":{"shape":"ConstrainedString"},
"ResourceId":{"shape":"ConstrainedString"}
@@ -4252,6 +4311,14 @@
"type":"string",
"enum":["TRANSIT_GATEWAY"]
},
+ "ProposedNetworkFunctionGroupChange":{
+ "type":"structure",
+ "members":{
+ "Tags":{"shape":"TagList"},
+ "AttachmentPolicyRuleNumber":{"shape":"Integer"},
+ "NetworkFunctionGroupName":{"shape":"ConstrainedString"}
+ }
+ },
"ProposedSegmentChange":{
"type":"structure",
"members":{
@@ -4525,14 +4592,16 @@
"type":"structure",
"members":{
"TransitGatewayRouteTableArn":{"shape":"TransitGatewayRouteTableArn"},
- "CoreNetworkSegmentEdge":{"shape":"CoreNetworkSegmentEdgeIdentifier"}
+ "CoreNetworkSegmentEdge":{"shape":"CoreNetworkSegmentEdgeIdentifier"},
+ "CoreNetworkNetworkFunctionGroup":{"shape":"CoreNetworkNetworkFunctionGroupIdentifier"}
}
},
"RouteTableType":{
"type":"string",
"enum":[
"TRANSIT_GATEWAY_ROUTE_TABLE",
- "CORE_NETWORK_SEGMENT"
+ "CORE_NETWORK_SEGMENT",
+ "NETWORK_FUNCTION_GROUP"
]
},
"RouteType":{
@@ -4551,12 +4620,46 @@
"max":50,
"min":0
},
+ "SegmentActionServiceInsertion":{
+ "type":"string",
+ "enum":[
+ "send-via",
+ "send-to"
+ ]
+ },
+ "SendViaMode":{
+ "type":"string",
+ "enum":[
+ "dual-hop",
+ "single-hop"
+ ]
+ },
"ServerSideString":{
"type":"string",
"max":10000000,
"min":0,
"pattern":"[\\s\\S]*"
},
+ "ServiceInsertionAction":{
+ "type":"structure",
+ "members":{
+ "Action":{"shape":"SegmentActionServiceInsertion"},
+ "Mode":{"shape":"SendViaMode"},
+ "WhenSentTo":{"shape":"WhenSentTo"},
+ "Via":{"shape":"Via"}
+ }
+ },
+ "ServiceInsertionActionList":{
+ "type":"list",
+ "member":{"shape":"ServiceInsertionAction"}
+ },
+ "ServiceInsertionSegments":{
+ "type":"structure",
+ "members":{
+ "SendVia":{"shape":"ConstrainedStringList"},
+ "SendTo":{"shape":"ConstrainedStringList"}
+ }
+ },
"ServiceQuotaExceededException":{
"type":"structure",
"required":[
@@ -5111,6 +5214,13 @@
"Other"
]
},
+ "Via":{
+ "type":"structure",
+ "members":{
+ "NetworkFunctionGroups":{"shape":"NetworkFunctionGroupList"},
+ "WithEdgeOverrides":{"shape":"WithEdgeOverridesList"}
+ }
+ },
"VpcArn":{
"type":"string",
"max":500,
@@ -5137,6 +5247,20 @@
"max":500,
"min":0,
"pattern":"^arn:[^:]{1,63}:ec2:[^:]{0,63}:[^:]{0,63}:vpn-connection\\/vpn-[0-9a-f]{8,17}$"
+ },
+ "WhenSentTo":{
+ "type":"structure",
+ "members":{
+ "WhenSentToSegmentsList":{"shape":"WhenSentToSegmentsList"}
+ }
+ },
+ "WhenSentToSegmentsList":{
+ "type":"list",
+ "member":{"shape":"ConstrainedString"}
+ },
+ "WithEdgeOverridesList":{
+ "type":"list",
+ "member":{"shape":"EdgeOverride"}
}
}
}
diff --git a/models/apis/networkmanager/2019-07-05/docs-2.json b/models/apis/networkmanager/2019-07-05/docs-2.json
index 5cbf6dc2d92..1a51d338b17 100644
--- a/models/apis/networkmanager/2019-07-05/docs-2.json
+++ b/models/apis/networkmanager/2019-07-05/docs-2.json
@@ -256,7 +256,7 @@
"BgpOptions": {
"base": "Describes the BGP options.
",
"refs": {
- "CreateConnectPeerRequest$BgpOptions": "The Connect peer BGP options.
"
+ "CreateConnectPeerRequest$BgpOptions": "The Connect peer BGP options. This only applies only when the protocol is GRE.
"
}
},
"Boolean": {
@@ -486,10 +486,14 @@
"CoreNetworkChange$IdentifierPath": "Uniquely identifies the path for a change within the changeset. For example, the IdentifierPath for a core network segment change might be \"CORE_NETWORK_SEGMENT/us-east-1/devsegment\".
",
"CoreNetworkChangeEvent$IdentifierPath": "Uniquely identifies the path for a change within the changeset. For example, the IdentifierPath for a core network segment change might be \"CORE_NETWORK_SEGMENT/us-east-1/devsegment\".
",
"CoreNetworkChangeEventValues$SegmentName": "The segment name if the change event is associated with a segment.
",
+ "CoreNetworkChangeEventValues$NetworkFunctionGroupName": "The changed network function group name.
",
"CoreNetworkChangeEventValues$Cidr": "For a STATIC_ROUTE event, this is the IP address.
",
"CoreNetworkChangeValues$SegmentName": "The names of the segments in a core network.
",
+ "CoreNetworkChangeValues$NetworkFunctionGroupName": "The network function group name if the change event is associated with a network function group.
",
"CoreNetworkChangeValues$Cidr": "The IP addresses used for a core network.
",
"CoreNetworkChangeValues$DestinationIdentifier": "The ID of the destination.
",
+ "CoreNetworkNetworkFunctionGroup$Name": "The name of the network function group.
",
+ "CoreNetworkNetworkFunctionGroupIdentifier$NetworkFunctionGroupName": "The network function group name.
",
"CoreNetworkPolicy$Description": "The description of a core network policy.
",
"CoreNetworkPolicyVersion$Description": "The description of a core network policy version.
",
"CoreNetworkSegment$Name": "The name of a core network segment.
",
@@ -512,12 +516,14 @@
"Device$Vendor": "The device vendor.
",
"Device$Model": "The device model.
",
"Device$SerialNumber": "The device serial number.
",
+ "EdgeOverride$UseEdge": "The edge that should be used when overriding the current edge order.
",
+ "EdgeSet$member": null,
"GetLinksRequest$Type": "The link type.
",
"GetLinksRequest$Provider": "The link provider.
",
- "GetNetworkResourceCountsRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
connection
-
device
-
link
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
- "GetNetworkResourceRelationshipsRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
connection
-
device
-
link
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
- "GetNetworkResourcesRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
connection - The definition model is Connection.
-
device - The definition model is Device.
-
link - The definition model is Link.
-
site - The definition model is Site.
The following are the supported resource types for Amazon VPC:
",
- "GetNetworkTelemetryRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
connection
-
device
-
link
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
+ "GetNetworkResourceCountsRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
attachment
-
connect-peer
-
connection
-
core-network
-
device
-
link
-
peering
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
+ "GetNetworkResourceRelationshipsRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
attachment
-
connect-peer
-
connection
-
core-network
-
device
-
link
-
peering
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
+ "GetNetworkResourcesRequest$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
attachment
-
connect-peer
-
connection
-
core-network
-
device
-
link
-
peering
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
+ "GetNetworkTelemetryRequest$ResourceType": "The resource type. The following are the supported resource types:
",
"GetRouteAnalysisRequest$RouteAnalysisId": "The ID of the route analysis.
",
"GlobalNetwork$Description": "The description of the global network.
",
"Link$Description": "The description of the link.
",
@@ -526,7 +532,8 @@
"Location$Address": "The physical address.
",
"Location$Latitude": "The latitude.
",
"Location$Longitude": "The longitude.
",
- "NetworkResource$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
connection
-
device
-
link
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
+ "NetworkFunctionGroup$Name": "The name of the network function group.
",
+ "NetworkResource$ResourceType": "The resource type.
The following are the supported resource types for Direct Connect:
The following are the supported resource types for Network Manager:
-
attachment
-
connect-peer
-
connection
-
core-network
-
device
-
link
-
peering
-
site
The following are the supported resource types for Amazon VPC:
-
customer-gateway
-
transit-gateway
-
transit-gateway-attachment
-
transit-gateway-connect-peer
-
transit-gateway-route-table
-
vpn-connection
",
"NetworkResource$ResourceId": "The ID of the resource.
",
"NetworkResource$Definition": "Information about the resource, in JSON format. Network Manager gets this information by describing the resource using its Describe API call.
",
"NetworkResourceCount$ResourceType": "The resource type.
",
@@ -538,12 +545,14 @@
"NetworkRoute$DestinationCidrBlock": "A unique identifier for the route, such as a CIDR block.
",
"NetworkRoute$PrefixListId": "The ID of the prefix list.
",
"NetworkRouteDestination$SegmentName": "The name of the segment.
",
+ "NetworkRouteDestination$NetworkFunctionGroupName": "The network function group name associated with the destination.
",
"NetworkRouteDestination$ResourceType": "The resource type.
",
"NetworkRouteDestination$ResourceId": "The ID of the resource.
",
"NetworkTelemetry$ResourceType": "The resource type.
",
"NetworkTelemetry$ResourceId": "The ID of the resource.
",
"NetworkTelemetry$Address": "The address.
",
"PathComponent$DestinationCidrBlock": "The destination CIDR block in the route table.
",
+ "ProposedNetworkFunctionGroupChange$NetworkFunctionGroupName": "The proposed name change for the network function group name.
",
"ProposedSegmentChange$SegmentName": "The name of the segment to change.
",
"PutCoreNetworkPolicyRequest$Description": "a core network policy description.
",
"Relationship$From": "The ARN of the resource.
",
@@ -562,7 +571,8 @@
"UpdateLinkRequest$Description": "A description of the link.
Constraints: Maximum length of 256 characters.
",
"UpdateLinkRequest$Type": "The type of the link.
Constraints: Maximum length of 128 characters.
",
"UpdateLinkRequest$Provider": "The provider of the link.
Constraints: Maximum length of 128 characters.
",
- "UpdateSiteRequest$Description": "A description of your site.
Constraints: Maximum length of 256 characters.
"
+ "UpdateSiteRequest$Description": "A description of your site.
Constraints: Maximum length of 256 characters.
",
+ "WhenSentToSegmentsList$member": null
}
},
"ConstrainedStringList": {
@@ -578,7 +588,9 @@
"GetNetworkRoutesRequest$LongestPrefixMatches": "The most specific route that matches the traffic (longest prefix match).
",
"GetNetworkRoutesRequest$SubnetOfMatches": "The routes with a subnet that match the specified CIDR filter.
",
"GetNetworkRoutesRequest$SupernetOfMatches": "The routes with a CIDR that encompasses the CIDR filter. Example: If you specify 10.0.1.0/30, then the result returns 10.0.1.0/29.
",
- "GetNetworkRoutesRequest$PrefixListIds": "The IDs of the prefix lists.
"
+ "GetNetworkRoutesRequest$PrefixListIds": "The IDs of the prefix lists.
",
+ "ServiceInsertionSegments$SendVia": "The list of segments associated with the send-via action.
",
+ "ServiceInsertionSegments$SendTo": "The list of segments associated with the send-to action.
"
}
},
"CoreNetwork": {
@@ -655,6 +667,7 @@
"ConnectPeer$CoreNetworkId": "The ID of a core network.
",
"ConnectPeerSummary$CoreNetworkId": "The ID of a core network.
",
"CoreNetwork$CoreNetworkId": "The ID of a core network.
",
+ "CoreNetworkNetworkFunctionGroupIdentifier$CoreNetworkId": "The ID of the core network.
",
"CoreNetworkPolicy$CoreNetworkId": "The ID of a core network.
",
"CoreNetworkPolicyVersion$CoreNetworkId": "The ID of a core network.
",
"CoreNetworkSegmentEdgeIdentifier$CoreNetworkId": "The ID of a core network.
",
@@ -685,6 +698,24 @@
"UpdateCoreNetworkRequest$CoreNetworkId": "The ID of a core network.
"
}
},
+ "CoreNetworkNetworkFunctionGroup": {
+ "base": "Describes a network function group.
",
+ "refs": {
+ "CoreNetworkNetworkFunctionGroupList$member": null
+ }
+ },
+ "CoreNetworkNetworkFunctionGroupIdentifier": {
+ "base": "Describes a core network
",
+ "refs": {
+ "RouteTableIdentifier$CoreNetworkNetworkFunctionGroup": "The route table identifier associated with the network function group.
"
+ }
+ },
+ "CoreNetworkNetworkFunctionGroupList": {
+ "base": null,
+ "refs": {
+ "CoreNetwork$NetworkFunctionGroups": "The network function groups associated with a core network.
"
+ }
+ },
"CoreNetworkPolicy": {
"base": "Describes a core network policy. You can have only one LIVE Core Policy.
",
"refs": {
@@ -1183,6 +1214,24 @@
"refs": {
}
},
+ "EdgeOverride": {
+ "base": "Describes the edge that's used for the override.
",
+ "refs": {
+ "WithEdgeOverridesList$member": null
+ }
+ },
+ "EdgeSet": {
+ "base": null,
+ "refs": {
+ "EdgeSetList$member": null
+ }
+ },
+ "EdgeSetList": {
+ "base": null,
+ "refs": {
+ "EdgeOverride$EdgeSets": "The list of edge locations.
"
+ }
+ },
"ExceptionContextKey": {
"base": null,
"refs": {
@@ -1219,6 +1268,7 @@
"ConnectPeerSummary$EdgeLocation": "The Region where the edge is located.
",
"CoreNetworkChangeEventValues$EdgeLocation": "The edge location for the core network change event.
",
"CoreNetworkEdge$EdgeLocation": "The Region where a core network edge is located.
",
+ "CoreNetworkNetworkFunctionGroupIdentifier$EdgeLocation": "The location for the core network edge.
",
"CoreNetworkSegmentEdgeIdentifier$EdgeLocation": "The Region where the segment edge is located.
",
"CreateConnectAttachmentRequest$EdgeLocation": "The Region where the edge is located.
",
"ExternalRegionCodeList$member": null,
@@ -1237,6 +1287,7 @@
"base": null,
"refs": {
"CoreNetworkChangeValues$EdgeLocations": "The Regions where edges are located in a core network.
",
+ "CoreNetworkNetworkFunctionGroup$EdgeLocations": "The core network edge locations.
",
"CoreNetworkSegment$EdgeLocations": "The Regions where the edges are located.
"
}
},
@@ -1625,7 +1676,7 @@
"ConnectPeerBgpConfiguration$PeerAddress": "The address of a core network Connect peer.
",
"ConnectPeerConfiguration$CoreNetworkAddress": "The IP address of a core network.
",
"ConnectPeerConfiguration$PeerAddress": "The IP address of the Connect peer.
",
- "CreateConnectPeerRequest$CoreNetworkAddress": "A Connect peer core network address.
",
+ "CreateConnectPeerRequest$CoreNetworkAddress": "A Connect peer core network address. This only applies only when the protocol is GRE.
",
"CreateConnectPeerRequest$PeerAddress": "The Connect peer address.
",
"RouteAnalysisEndpointOptions$IpAddress": "The IP address.
",
"RouteAnalysisEndpointOptionsSpecification$IpAddress": "The IP address.
"
@@ -1646,6 +1697,7 @@
"GetCoreNetworkPolicyRequest$PolicyVersionId": "The ID of a core network policy version.
",
"NetworkResourceCount$Count": "The resource count.
",
"PathComponent$Sequence": "The sequence number in the path. The destination is 0.
",
+ "ProposedNetworkFunctionGroupChange$AttachmentPolicyRuleNumber": "The proposed new attachment policy rule number for the network function group.
",
"ProposedSegmentChange$AttachmentPolicyRuleNumber": "The rule number in the policy document that applies to this change.
",
"PutCoreNetworkPolicyRequest$LatestVersionId": "The ID of a core network policy.
",
"RestoreCoreNetworkPolicyVersionRequest$PolicyVersionId": "The ID of the policy version to restore.
"
@@ -1852,6 +1904,24 @@
"ListPeeringsRequest$MaxResults": "The maximum number of results to return.
"
}
},
+ "NetworkFunctionGroup": {
+ "base": "Describes a network function group for service insertion.
",
+ "refs": {
+ "NetworkFunctionGroupList$member": null
+ }
+ },
+ "NetworkFunctionGroupList": {
+ "base": null,
+ "refs": {
+ "Via$NetworkFunctionGroups": "The list of network function groups associated with the service insertion action.
"
+ }
+ },
+ "NetworkFunctionGroupName": {
+ "base": null,
+ "refs": {
+ "Attachment$NetworkFunctionGroupName": "The name of the network function group.
"
+ }
+ },
"NetworkResource": {
"base": "Describes a network resource.
",
"refs": {
@@ -2044,6 +2114,12 @@
"Peering$PeeringType": "The type of peering. This will be TRANSIT_GATEWAY.
"
}
},
+ "ProposedNetworkFunctionGroupChange": {
+ "base": "Describes proposed changes to a network function group.
",
+ "refs": {
+ "Attachment$ProposedNetworkFunctionGroupChange": "Describes a proposed change to a network function group associated with the attachment.
"
+ }
+ },
"ProposedSegmentChange": {
"base": "Describes a proposed segment change. In some cases, the segment change must first be evaluated and accepted.
",
"refs": {
@@ -2274,6 +2350,18 @@
"OrganizationStatus$SLRDeploymentStatus": "The status of the SLR deployment for the account. This will be either SUCCEEDED or IN_PROGRESS.
"
}
},
+ "SegmentActionServiceInsertion": {
+ "base": null,
+ "refs": {
+ "ServiceInsertionAction$Action": "The action the service insertion takes for traffic. send-via sends east-west traffic between attachments. send-to sends north-south traffic to the security appliance, and then from that to either the Internet or to an on-premesis location.
"
+ }
+ },
+ "SendViaMode": {
+ "base": null,
+ "refs": {
+ "ServiceInsertionAction$Mode": "Describes the mode packets take for the send-via action. This is not used when the action is send-to. dual-hop packets traverse attachments in both the source to the destination core network edges. This mode requires that an inspection attachment must be present in all Regions of the service insertion-enabled segments. For single-hop, packets traverse a single intermediate inserted attachment. You can use EdgeOverride to specify a specific edge to use.
"
+ }
+ },
"ServerSideString": {
"base": null,
"refs": {
@@ -2300,6 +2388,24 @@
"ValidationExceptionField$Message": "The message for the field.
"
}
},
+ "ServiceInsertionAction": {
+ "base": "Describes the action that the service insertion will take for any segments associated with it.
",
+ "refs": {
+ "ServiceInsertionActionList$member": null
+ }
+ },
+ "ServiceInsertionActionList": {
+ "base": null,
+ "refs": {
+ "CoreNetworkChangeValues$ServiceInsertionActions": "Describes the service insertion action.
"
+ }
+ },
+ "ServiceInsertionSegments": {
+ "base": "Describes the segments associated with the service insertion action.
",
+ "refs": {
+ "CoreNetworkNetworkFunctionGroup$Segments": "The segments associated with the network function group.
"
+ }
+ },
"ServiceQuotaExceededException": {
"base": "A service limit was exceeded.
",
"refs": {
@@ -2385,9 +2491,9 @@
"base": null,
"refs": {
"AWSLocation$SubnetArn": "The Amazon Resource Name (ARN) of the subnet that the device is located in.
",
- "ConnectPeer$SubnetArn": "The subnet ARN for the Connect peer.
",
+ "ConnectPeer$SubnetArn": "The subnet ARN for the Connect peer. This only applies only when the protocol is NO_ENCAP.
",
"ConnectPeerSummary$SubnetArn": "The subnet ARN for the Connect peer summary.
",
- "CreateConnectPeerRequest$SubnetArn": "The subnet ARN for the Connect peer.
",
+ "CreateConnectPeerRequest$SubnetArn": "The subnet ARN for the Connect peer. This only applies only when the protocol is NO_ENCAP.
",
"SubnetArnList$member": null
}
},
@@ -2446,6 +2552,7 @@
"ListTagsForResourceResponse$TagList": "The list of tags.
",
"NetworkResource$Tags": "The tags.
",
"Peering$Tags": "The list of key-value tags associated with the peering.
",
+ "ProposedNetworkFunctionGroupChange$Tags": "The list of proposed changes to the key-value tags associated with the network function group.
",
"ProposedSegmentChange$Tags": "The list of key-value tags that changed for the segment.
",
"Site$Tags": "The tags for the site.
",
"TagResourceRequest$Tags": "The tags to apply to the specified resource.
"
@@ -2712,6 +2819,12 @@
"ValidationException$Reason": "The reason for the error.
"
}
},
+ "Via": {
+ "base": "The list of network function groups and edge overrides for the service insertion action. Used for both the send-to and send-via actions.
",
+ "refs": {
+ "ServiceInsertionAction$Via": "The list of network function groups and any edge overrides for the chosen service insertion action. Used for both send-to or send-via.
"
+ }
+ },
"VpcArn": {
"base": null,
"refs": {
@@ -2740,6 +2853,24 @@
"CreateSiteToSiteVpnAttachmentRequest$VpnConnectionArn": "The ARN identifying the VPN attachment.
",
"SiteToSiteVpnAttachment$VpnConnectionArn": "The ARN of the site-to-site VPN attachment.
"
}
+ },
+ "WhenSentTo": {
+ "base": "Displays a list of the destination segments. Used only when the service insertion action is send-to.
",
+ "refs": {
+ "ServiceInsertionAction$WhenSentTo": "The list of destination segments if the service insertion action is send-via.
"
+ }
+ },
+ "WhenSentToSegmentsList": {
+ "base": null,
+ "refs": {
+ "WhenSentTo$WhenSentToSegmentsList": "The list of destination segments when the service insertion action is send-to.
"
+ }
+ },
+ "WithEdgeOverridesList": {
+ "base": null,
+ "refs": {
+ "Via$WithEdgeOverrides": "Describes any edge overrides. An edge override is a specific edge to be used for traffic.
"
+ }
}
}
}
diff --git a/models/apis/pca-connector-scep/2018-05-10/api-2.json b/models/apis/pca-connector-scep/2018-05-10/api-2.json
new file mode 100644
index 00000000000..15d651db8cb
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/api-2.json
@@ -0,0 +1,747 @@
+{
+ "version":"2.0",
+ "metadata":{
+ "apiVersion":"2018-05-10",
+ "endpointPrefix":"pca-connector-scep",
+ "protocol":"rest-json",
+ "protocols":["rest-json"],
+ "serviceFullName":"Private CA Connector for SCEP",
+ "serviceId":"Pca Connector Scep",
+ "signatureVersion":"v4",
+ "signingName":"pca-connector-scep",
+ "uid":"pca-connector-scep-2018-05-10"
+ },
+ "operations":{
+ "CreateChallenge":{
+ "name":"CreateChallenge",
+ "http":{
+ "method":"POST",
+ "requestUri":"/challenges",
+ "responseCode":202
+ },
+ "input":{"shape":"CreateChallengeRequest"},
+ "output":{"shape":"CreateChallengeResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"BadRequestException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ConflictException"},
+ {"shape":"ServiceQuotaExceededException"}
+ ]
+ },
+ "CreateConnector":{
+ "name":"CreateConnector",
+ "http":{
+ "method":"POST",
+ "requestUri":"/connectors",
+ "responseCode":202
+ },
+ "input":{"shape":"CreateConnectorRequest"},
+ "output":{"shape":"CreateConnectorResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ConflictException"},
+ {"shape":"ServiceQuotaExceededException"}
+ ]
+ },
+ "DeleteChallenge":{
+ "name":"DeleteChallenge",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/challenges/{ChallengeArn}",
+ "responseCode":202
+ },
+ "input":{"shape":"DeleteChallengeRequest"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ConflictException"}
+ ],
+ "idempotent":true
+ },
+ "DeleteConnector":{
+ "name":"DeleteConnector",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/connectors/{ConnectorArn}",
+ "responseCode":202
+ },
+ "input":{"shape":"DeleteConnectorRequest"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ConflictException"}
+ ],
+ "idempotent":true
+ },
+ "GetChallengeMetadata":{
+ "name":"GetChallengeMetadata",
+ "http":{
+ "method":"GET",
+ "requestUri":"/challengeMetadata/{ChallengeArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetChallengeMetadataRequest"},
+ "output":{"shape":"GetChallengeMetadataResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "GetChallengePassword":{
+ "name":"GetChallengePassword",
+ "http":{
+ "method":"GET",
+ "requestUri":"/challengePasswords/{ChallengeArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetChallengePasswordRequest"},
+ "output":{"shape":"GetChallengePasswordResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "GetConnector":{
+ "name":"GetConnector",
+ "http":{
+ "method":"GET",
+ "requestUri":"/connectors/{ConnectorArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"GetConnectorRequest"},
+ "output":{"shape":"GetConnectorResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "ListChallengeMetadata":{
+ "name":"ListChallengeMetadata",
+ "http":{
+ "method":"GET",
+ "requestUri":"/challengeMetadata",
+ "responseCode":200
+ },
+ "input":{"shape":"ListChallengeMetadataRequest"},
+ "output":{"shape":"ListChallengeMetadataResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "ListConnectors":{
+ "name":"ListConnectors",
+ "http":{
+ "method":"GET",
+ "requestUri":"/connectors",
+ "responseCode":200
+ },
+ "input":{"shape":"ListConnectorsRequest"},
+ "output":{"shape":"ListConnectorsResponse"},
+ "errors":[
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "ListTagsForResource":{
+ "name":"ListTagsForResource",
+ "http":{
+ "method":"GET",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":200
+ },
+ "input":{"shape":"ListTagsForResourceRequest"},
+ "output":{"shape":"ListTagsForResourceResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "TagResource":{
+ "name":"TagResource",
+ "http":{
+ "method":"POST",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":204
+ },
+ "input":{"shape":"TagResourceRequest"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ]
+ },
+ "UntagResource":{
+ "name":"UntagResource",
+ "http":{
+ "method":"DELETE",
+ "requestUri":"/tags/{ResourceArn}",
+ "responseCode":204
+ },
+ "input":{"shape":"UntagResourceRequest"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ValidationException"},
+ {"shape":"ThrottlingException"},
+ {"shape":"AccessDeniedException"}
+ ],
+ "idempotent":true
+ }
+ },
+ "shapes":{
+ "AccessDeniedException":{
+ "type":"structure",
+ "required":["Message"],
+ "members":{
+ "Message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":403,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "AzureApplicationId":{
+ "type":"string",
+ "max":100,
+ "min":15,
+ "pattern":"[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}-[a-zA-Z0-9]{2,15}"
+ },
+ "AzureDomain":{
+ "type":"string",
+ "max":256,
+ "min":1,
+ "pattern":"[a-zA-Z0-9._-]+"
+ },
+ "BadRequestException":{
+ "type":"structure",
+ "required":["Message"],
+ "members":{
+ "Message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "CertificateAuthorityArn":{
+ "type":"string",
+ "max":200,
+ "min":5,
+ "pattern":"arn:aws(-[a-z]+)*:acm-pca:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:certificate-authority\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}"
+ },
+ "Challenge":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"ChallengeArn"},
+ "ConnectorArn":{"shape":"ConnectorArn"},
+ "CreatedAt":{"shape":"Timestamp"},
+ "UpdatedAt":{"shape":"Timestamp"},
+ "Password":{"shape":"SensitiveString"}
+ }
+ },
+ "ChallengeArn":{
+ "type":"string",
+ "max":200,
+ "min":5,
+ "pattern":"arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}\\/challenge\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}"
+ },
+ "ChallengeMetadata":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"ChallengeArn"},
+ "ConnectorArn":{"shape":"ConnectorArn"},
+ "CreatedAt":{"shape":"Timestamp"},
+ "UpdatedAt":{"shape":"Timestamp"}
+ }
+ },
+ "ChallengeMetadataList":{
+ "type":"list",
+ "member":{"shape":"ChallengeMetadataSummary"}
+ },
+ "ChallengeMetadataSummary":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"ChallengeArn"},
+ "ConnectorArn":{"shape":"ConnectorArn"},
+ "CreatedAt":{"shape":"Timestamp"},
+ "UpdatedAt":{"shape":"Timestamp"}
+ }
+ },
+ "ClientToken":{
+ "type":"string",
+ "max":64,
+ "min":1,
+ "pattern":"[!-~]+"
+ },
+ "ConflictException":{
+ "type":"structure",
+ "required":[
+ "Message",
+ "ResourceId",
+ "ResourceType"
+ ],
+ "members":{
+ "Message":{"shape":"String"},
+ "ResourceId":{"shape":"String"},
+ "ResourceType":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":409,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "Connector":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"ConnectorArn"},
+ "CertificateAuthorityArn":{"shape":"CertificateAuthorityArn"},
+ "Type":{"shape":"ConnectorType"},
+ "MobileDeviceManagement":{"shape":"MobileDeviceManagement"},
+ "OpenIdConfiguration":{"shape":"OpenIdConfiguration"},
+ "Status":{"shape":"ConnectorStatus"},
+ "StatusReason":{"shape":"ConnectorStatusReason"},
+ "Endpoint":{"shape":"String"},
+ "CreatedAt":{"shape":"Timestamp"},
+ "UpdatedAt":{"shape":"Timestamp"}
+ }
+ },
+ "ConnectorArn":{
+ "type":"string",
+ "max":200,
+ "min":5,
+ "pattern":"arn:aws(-[a-z]+)*:pca-connector-scep:[a-z]+(-[a-z]+)+-[1-9]\\d*:\\d{12}:connector\\/[0-9a-f]{8}(-[0-9a-f]{4}){3}-[0-9a-f]{12}"
+ },
+ "ConnectorList":{
+ "type":"list",
+ "member":{"shape":"ConnectorSummary"}
+ },
+ "ConnectorStatus":{
+ "type":"string",
+ "enum":[
+ "CREATING",
+ "ACTIVE",
+ "DELETING",
+ "FAILED"
+ ]
+ },
+ "ConnectorStatusReason":{
+ "type":"string",
+ "enum":[
+ "INTERNAL_FAILURE",
+ "PRIVATECA_ACCESS_DENIED",
+ "PRIVATECA_INVALID_STATE",
+ "PRIVATECA_RESOURCE_NOT_FOUND"
+ ]
+ },
+ "ConnectorSummary":{
+ "type":"structure",
+ "members":{
+ "Arn":{"shape":"ConnectorArn"},
+ "CertificateAuthorityArn":{"shape":"CertificateAuthorityArn"},
+ "Type":{"shape":"ConnectorType"},
+ "MobileDeviceManagement":{"shape":"MobileDeviceManagement"},
+ "OpenIdConfiguration":{"shape":"OpenIdConfiguration"},
+ "Status":{"shape":"ConnectorStatus"},
+ "StatusReason":{"shape":"ConnectorStatusReason"},
+ "Endpoint":{"shape":"String"},
+ "CreatedAt":{"shape":"Timestamp"},
+ "UpdatedAt":{"shape":"Timestamp"}
+ }
+ },
+ "ConnectorType":{
+ "type":"string",
+ "enum":[
+ "GENERAL_PURPOSE",
+ "INTUNE"
+ ]
+ },
+ "CreateChallengeRequest":{
+ "type":"structure",
+ "required":["ConnectorArn"],
+ "members":{
+ "ConnectorArn":{"shape":"ConnectorArn"},
+ "ClientToken":{
+ "shape":"ClientToken",
+ "idempotencyToken":true
+ },
+ "Tags":{"shape":"Tags"}
+ }
+ },
+ "CreateChallengeResponse":{
+ "type":"structure",
+ "members":{
+ "Challenge":{"shape":"Challenge"}
+ }
+ },
+ "CreateConnectorRequest":{
+ "type":"structure",
+ "required":["CertificateAuthorityArn"],
+ "members":{
+ "CertificateAuthorityArn":{"shape":"CertificateAuthorityArn"},
+ "MobileDeviceManagement":{"shape":"MobileDeviceManagement"},
+ "ClientToken":{
+ "shape":"ClientToken",
+ "idempotencyToken":true
+ },
+ "Tags":{"shape":"Tags"}
+ }
+ },
+ "CreateConnectorResponse":{
+ "type":"structure",
+ "members":{
+ "ConnectorArn":{"shape":"ConnectorArn"}
+ }
+ },
+ "DeleteChallengeRequest":{
+ "type":"structure",
+ "required":["ChallengeArn"],
+ "members":{
+ "ChallengeArn":{
+ "shape":"ChallengeArn",
+ "location":"uri",
+ "locationName":"ChallengeArn"
+ }
+ }
+ },
+ "DeleteConnectorRequest":{
+ "type":"structure",
+ "required":["ConnectorArn"],
+ "members":{
+ "ConnectorArn":{
+ "shape":"ConnectorArn",
+ "location":"uri",
+ "locationName":"ConnectorArn"
+ }
+ }
+ },
+ "GetChallengeMetadataRequest":{
+ "type":"structure",
+ "required":["ChallengeArn"],
+ "members":{
+ "ChallengeArn":{
+ "shape":"ChallengeArn",
+ "location":"uri",
+ "locationName":"ChallengeArn"
+ }
+ }
+ },
+ "GetChallengeMetadataResponse":{
+ "type":"structure",
+ "members":{
+ "ChallengeMetadata":{"shape":"ChallengeMetadata"}
+ }
+ },
+ "GetChallengePasswordRequest":{
+ "type":"structure",
+ "required":["ChallengeArn"],
+ "members":{
+ "ChallengeArn":{
+ "shape":"ChallengeArn",
+ "location":"uri",
+ "locationName":"ChallengeArn"
+ }
+ }
+ },
+ "GetChallengePasswordResponse":{
+ "type":"structure",
+ "members":{
+ "Password":{"shape":"SensitiveString"}
+ }
+ },
+ "GetConnectorRequest":{
+ "type":"structure",
+ "required":["ConnectorArn"],
+ "members":{
+ "ConnectorArn":{
+ "shape":"ConnectorArn",
+ "location":"uri",
+ "locationName":"ConnectorArn"
+ }
+ }
+ },
+ "GetConnectorResponse":{
+ "type":"structure",
+ "members":{
+ "Connector":{"shape":"Connector"}
+ }
+ },
+ "InternalServerException":{
+ "type":"structure",
+ "required":["Message"],
+ "members":{
+ "Message":{"shape":"String"}
+ },
+ "error":{"httpStatusCode":500},
+ "exception":true,
+ "fault":true,
+ "retryable":{"throttling":false}
+ },
+ "IntuneConfiguration":{
+ "type":"structure",
+ "required":[
+ "AzureApplicationId",
+ "Domain"
+ ],
+ "members":{
+ "AzureApplicationId":{"shape":"AzureApplicationId"},
+ "Domain":{"shape":"AzureDomain"}
+ }
+ },
+ "ListChallengeMetadataRequest":{
+ "type":"structure",
+ "required":["ConnectorArn"],
+ "members":{
+ "MaxResults":{
+ "shape":"MaxResults",
+ "location":"querystring",
+ "locationName":"MaxResults"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "location":"querystring",
+ "locationName":"NextToken"
+ },
+ "ConnectorArn":{
+ "shape":"ConnectorArn",
+ "location":"querystring",
+ "locationName":"ConnectorArn"
+ }
+ }
+ },
+ "ListChallengeMetadataResponse":{
+ "type":"structure",
+ "members":{
+ "Challenges":{"shape":"ChallengeMetadataList"},
+ "NextToken":{"shape":"NextToken"}
+ }
+ },
+ "ListConnectorsRequest":{
+ "type":"structure",
+ "members":{
+ "MaxResults":{
+ "shape":"MaxResults",
+ "location":"querystring",
+ "locationName":"MaxResults"
+ },
+ "NextToken":{
+ "shape":"NextToken",
+ "location":"querystring",
+ "locationName":"NextToken"
+ }
+ }
+ },
+ "ListConnectorsResponse":{
+ "type":"structure",
+ "members":{
+ "Connectors":{"shape":"ConnectorList"},
+ "NextToken":{"shape":"NextToken"}
+ }
+ },
+ "ListTagsForResourceRequest":{
+ "type":"structure",
+ "required":["ResourceArn"],
+ "members":{
+ "ResourceArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ }
+ }
+ },
+ "ListTagsForResourceResponse":{
+ "type":"structure",
+ "members":{
+ "Tags":{"shape":"Tags"}
+ }
+ },
+ "MaxResults":{
+ "type":"integer",
+ "box":true,
+ "max":1000,
+ "min":1
+ },
+ "MobileDeviceManagement":{
+ "type":"structure",
+ "members":{
+ "Intune":{"shape":"IntuneConfiguration"}
+ },
+ "union":true
+ },
+ "NextToken":{
+ "type":"string",
+ "max":1000,
+ "min":1,
+ "pattern":"(?:[A-Za-z0-9_-]{4})*(?:[A-Za-z0-9_-]{2}==|[A-Za-z0-9_-]{3}=)?"
+ },
+ "OpenIdConfiguration":{
+ "type":"structure",
+ "members":{
+ "Issuer":{"shape":"String"},
+ "Subject":{"shape":"String"},
+ "Audience":{"shape":"String"}
+ }
+ },
+ "ResourceNotFoundException":{
+ "type":"structure",
+ "required":[
+ "Message",
+ "ResourceId",
+ "ResourceType"
+ ],
+ "members":{
+ "Message":{"shape":"String"},
+ "ResourceId":{"shape":"String"},
+ "ResourceType":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":404,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "SensitiveString":{
+ "type":"string",
+ "sensitive":true
+ },
+ "ServiceQuotaExceededException":{
+ "type":"structure",
+ "required":[
+ "Message",
+ "ResourceType",
+ "ServiceCode",
+ "QuotaCode"
+ ],
+ "members":{
+ "Message":{"shape":"String"},
+ "ResourceType":{"shape":"String"},
+ "ServiceCode":{"shape":"String"},
+ "QuotaCode":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":402,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "String":{"type":"string"},
+ "TagKeyList":{
+ "type":"list",
+ "member":{"shape":"String"}
+ },
+ "TagResourceRequest":{
+ "type":"structure",
+ "required":[
+ "ResourceArn",
+ "Tags"
+ ],
+ "members":{
+ "ResourceArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ },
+ "Tags":{"shape":"Tags"}
+ }
+ },
+ "Tags":{
+ "type":"map",
+ "key":{"shape":"String"},
+ "value":{"shape":"String"}
+ },
+ "ThrottlingException":{
+ "type":"structure",
+ "required":["Message"],
+ "members":{
+ "Message":{"shape":"String"}
+ },
+ "error":{
+ "httpStatusCode":429,
+ "senderFault":true
+ },
+ "exception":true,
+ "retryable":{"throttling":true}
+ },
+ "Timestamp":{"type":"timestamp"},
+ "UntagResourceRequest":{
+ "type":"structure",
+ "required":[
+ "ResourceArn",
+ "TagKeys"
+ ],
+ "members":{
+ "ResourceArn":{
+ "shape":"String",
+ "location":"uri",
+ "locationName":"ResourceArn"
+ },
+ "TagKeys":{
+ "shape":"TagKeyList",
+ "location":"querystring",
+ "locationName":"tagKeys"
+ }
+ }
+ },
+ "ValidationException":{
+ "type":"structure",
+ "required":["Message"],
+ "members":{
+ "Message":{"shape":"String"},
+ "Reason":{"shape":"ValidationExceptionReason"}
+ },
+ "error":{
+ "httpStatusCode":400,
+ "senderFault":true
+ },
+ "exception":true
+ },
+ "ValidationExceptionReason":{
+ "type":"string",
+ "enum":[
+ "CA_CERT_VALIDITY_TOO_SHORT",
+ "INVALID_CA_USAGE_MODE",
+ "INVALID_CONNECTOR_TYPE",
+ "INVALID_STATE",
+ "NO_CLIENT_TOKEN",
+ "UNKNOWN_OPERATION",
+ "OTHER"
+ ]
+ }
+ }
+}
diff --git a/models/apis/pca-connector-scep/2018-05-10/docs-2.json b/models/apis/pca-connector-scep/2018-05-10/docs-2.json
new file mode 100644
index 00000000000..57d3a0488c2
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/docs-2.json
@@ -0,0 +1,387 @@
+{
+ "version": "2.0",
+ "service": " Connector for SCEP (Preview) is in preview release for Amazon Web Services Private Certificate Authority and is subject to change.
Connector for SCEP (Preview) creates a connector between Amazon Web Services Private CA and your SCEP-enabled clients and devices. For more information, see Connector for SCEP in the Amazon Web Services Private CA User Guide.
",
+ "operations": {
+ "CreateChallenge": "For general-purpose connectors. Creates a challenge password for the specified connector. The SCEP protocol uses a challenge password to authenticate a request before issuing a certificate from a certificate authority (CA). Your SCEP clients include the challenge password as part of their certificate request to Connector for SCEP. To retrieve the connector Amazon Resource Names (ARNs) for the connectors in your account, call ListConnectors.
To create additional challenge passwords for the connector, call CreateChallenge again. We recommend frequently rotating your challenge passwords.
",
+ "CreateConnector": "Creates a SCEP connector. A SCEP connector links Amazon Web Services Private Certificate Authority to your SCEP-compatible devices and mobile device management (MDM) systems. Before you create a connector, you must complete a set of prerequisites, including creation of a private certificate authority (CA) to use with this connector. For more information, see Connector for SCEP prerequisites.
",
+ "DeleteChallenge": "Deletes the specified Challenge.
",
+ "DeleteConnector": "Deletes the specified Connector. This operation also deletes any challenges associated with the connector.
",
+ "GetChallengeMetadata": "Retrieves the metadata for the specified Challenge.
",
+ "GetChallengePassword": "Retrieves the challenge password for the specified Challenge.
",
+ "GetConnector": "Retrieves details about the specified Connector. Calling this action returns important details about the connector, such as the public SCEP URL where your clients can request certificates.
",
+ "ListChallengeMetadata": "Retrieves the challenge metadata for the specified ARN.
",
+ "ListConnectors": "Lists the connectors belonging to your Amazon Web Services account.
",
+ "ListTagsForResource": "Retrieves the tags associated with the specified resource. Tags are key-value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
",
+ "TagResource": "Adds one or more tags to your resource.
",
+ "UntagResource": "Removes one or more tags from your resource.
"
+ },
+ "shapes": {
+ "AccessDeniedException": {
+ "base": "You can receive this error if you attempt to perform an operation and you don't have the required permissions. This can be caused by insufficient permissions in policies attached to your Amazon Web Services Identity and Access Management (IAM) principal. It can also happen because of restrictions in place from an Amazon Web Services Organizations service control policy (SCP) that affects your Amazon Web Services account.
",
+ "refs": {
+ }
+ },
+ "AzureApplicationId": {
+ "base": null,
+ "refs": {
+ "IntuneConfiguration$AzureApplicationId": "The directory (tenant) ID from your Microsoft Entra ID app registration.
"
+ }
+ },
+ "AzureDomain": {
+ "base": null,
+ "refs": {
+ "IntuneConfiguration$Domain": "The primary domain from your Microsoft Entra ID app registration.
"
+ }
+ },
+ "BadRequestException": {
+ "base": "The request is malformed or contains an error such as an invalid parameter value or a missing required parameter.
",
+ "refs": {
+ }
+ },
+ "CertificateAuthorityArn": {
+ "base": null,
+ "refs": {
+ "Connector$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the certificate authority associated with the connector.
",
+ "ConnectorSummary$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the connector's associated certificate authority.
",
+ "CreateConnectorRequest$CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate Authority certificate authority to use with this connector. Due to security vulnerabilities present in the SCEP protocol, we recommend using a private CA that's dedicated for use with the connector.
To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities using the Amazon Web Services Private CA API.
"
+ }
+ },
+ "Challenge": {
+ "base": "For Connector for SCEP for general-purpose. An object containing information about the specified connector's SCEP challenge passwords.
",
+ "refs": {
+ "CreateChallengeResponse$Challenge": "Returns the challenge details for the specified connector.
"
+ }
+ },
+ "ChallengeArn": {
+ "base": null,
+ "refs": {
+ "Challenge$Arn": "The Amazon Resource Name (ARN) of the challenge.
",
+ "ChallengeMetadata$Arn": "The Amazon Resource Name (ARN) of the challenge.
",
+ "ChallengeMetadataSummary$Arn": "The Amazon Resource Name (ARN) of the challenge.
",
+ "DeleteChallengeRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge password to delete.
",
+ "GetChallengeMetadataRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge.
",
+ "GetChallengePasswordRequest$ChallengeArn": "The Amazon Resource Name (ARN) of the challenge.
"
+ }
+ },
+ "ChallengeMetadata": {
+ "base": "Contains details about the connector's challenge.
",
+ "refs": {
+ "GetChallengeMetadataResponse$ChallengeMetadata": "The metadata for the challenge.
"
+ }
+ },
+ "ChallengeMetadataList": {
+ "base": null,
+ "refs": {
+ "ListChallengeMetadataResponse$Challenges": "The challenge metadata for the challenges belonging to your Amazon Web Services account.
"
+ }
+ },
+ "ChallengeMetadataSummary": {
+ "base": "Details about the specified challenge, returned by the GetChallengeMetadata action.
",
+ "refs": {
+ "ChallengeMetadataList$member": null
+ }
+ },
+ "ClientToken": {
+ "base": null,
+ "refs": {
+ "CreateChallengeRequest$ClientToken": "Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.
",
+ "CreateConnectorRequest$ClientToken": "Custom string that can be used to distinguish between calls to the CreateChallenge action. Client tokens for CreateChallenge time out after five minutes. Therefore, if you call CreateChallenge multiple times with the same client token within five minutes, Connector for SCEP recognizes that you are requesting only one challenge and will only respond with one. If you change the client token for each call, Connector for SCEP recognizes that you are requesting multiple challenge passwords.
"
+ }
+ },
+ "ConflictException": {
+ "base": "This request can't be completed for one of the following reasons because the requested resource was being concurrently modified by another request.
",
+ "refs": {
+ }
+ },
+ "Connector": {
+ "base": "Connector for SCEP is a service that links Amazon Web Services Private Certificate Authority to your SCEP-enabled devices. The connector brokers the exchange of certificates from Amazon Web Services Private CA to your SCEP-enabled devices and mobile device management systems. The connector is a complex type that contains the connector's configuration settings.
",
+ "refs": {
+ "GetConnectorResponse$Connector": "The properties of the connector.
"
+ }
+ },
+ "ConnectorArn": {
+ "base": null,
+ "refs": {
+ "Challenge$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
",
+ "ChallengeMetadata$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
",
+ "ChallengeMetadataSummary$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
",
+ "Connector$Arn": "The Amazon Resource Name (ARN) of the connector.
",
+ "ConnectorSummary$Arn": "The Amazon Resource Name (ARN) of the connector.
",
+ "CreateChallengeRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector that you want to create a challenge for.
",
+ "CreateConnectorResponse$ConnectorArn": "Returns the Amazon Resource Name (ARN) of the connector.
",
+ "DeleteConnectorRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector to delete.
",
+ "GetConnectorRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
",
+ "ListChallengeMetadataRequest$ConnectorArn": "The Amazon Resource Name (ARN) of the connector.
"
+ }
+ },
+ "ConnectorList": {
+ "base": null,
+ "refs": {
+ "ListConnectorsResponse$Connectors": "The connectors belonging to your Amazon Web Services account.
"
+ }
+ },
+ "ConnectorStatus": {
+ "base": null,
+ "refs": {
+ "Connector$Status": "The connector's status.
",
+ "ConnectorSummary$Status": "The connector's status. Status can be creating, active, deleting, or failed.
"
+ }
+ },
+ "ConnectorStatusReason": {
+ "base": null,
+ "refs": {
+ "Connector$StatusReason": "Information about why connector creation failed, if status is FAILED.
",
+ "ConnectorSummary$StatusReason": "Information about why connector creation failed, if status is FAILED.
"
+ }
+ },
+ "ConnectorSummary": {
+ "base": "Lists the Amazon Web Services Private CA SCEP connectors belonging to your Amazon Web Services account.
",
+ "refs": {
+ "ConnectorList$member": null
+ }
+ },
+ "ConnectorType": {
+ "base": null,
+ "refs": {
+ "Connector$Type": "The connector type.
",
+ "ConnectorSummary$Type": "The connector type.
"
+ }
+ },
+ "CreateChallengeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateChallengeResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateConnectorRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "CreateConnectorResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteChallengeRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "DeleteConnectorRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetChallengeMetadataRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetChallengeMetadataResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetChallengePasswordRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetChallengePasswordResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetConnectorRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "GetConnectorResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "InternalServerException": {
+ "base": "The request processing has failed because of an unknown error, exception or failure with an internal server.
",
+ "refs": {
+ }
+ },
+ "IntuneConfiguration": {
+ "base": "Contains configuration details for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
When you use Connector for SCEP for Microsoft Intune, certain functionalities are enabled by accessing Microsoft Intune through the Microsoft API. Your use of the Connector for SCEP and accompanying Amazon Web Services services doesn't remove your need to have a valid license for your use of the Microsoft Intune service. You should also review the Microsoft IntuneĀ® App Protection Policies.
",
+ "refs": {
+ "MobileDeviceManagement$Intune": "Configuration settings for use with Microsoft Intune. For information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
"
+ }
+ },
+ "ListChallengeMetadataRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListChallengeMetadataResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListConnectorsRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListConnectorsResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ListTagsForResourceResponse": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "MaxResults": {
+ "base": null,
+ "refs": {
+ "ListChallengeMetadataRequest$MaxResults": "The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
",
+ "ListConnectorsRequest$MaxResults": "The maximum number of objects that you want Connector for SCEP to return for this request. If more objects are available, in the response, Connector for SCEP provides a NextToken value that you can use in a subsequent call to get the next batch of objects.
"
+ }
+ },
+ "MobileDeviceManagement": {
+ "base": "If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.
",
+ "refs": {
+ "Connector$MobileDeviceManagement": "Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure MobileDeviceManagement, then the connector is for general-purpose use and this object is empty.
",
+ "ConnectorSummary$MobileDeviceManagement": "Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure MobileDeviceManagement, then the connector is for general-purpose use and this object is empty.
",
+ "CreateConnectorRequest$MobileDeviceManagement": "If you don't supply a value, by default Connector for SCEP creates a connector for general-purpose use. A general-purpose connector is designed to work with clients or endpoints that support the SCEP protocol, except Connector for SCEP for Microsoft Intune. With connectors for general-purpose use, you manage SCEP challenge passwords using Connector for SCEP. For information about considerations and limitations with using Connector for SCEP, see Considerations and Limitations.
If you provide an IntuneConfiguration, Connector for SCEP creates a connector for use with Microsoft Intune, and you manage the challenge passwords using Microsoft Intune. For more information, see Using Connector for SCEP for Microsoft Intune.
"
+ }
+ },
+ "NextToken": {
+ "base": null,
+ "refs": {
+ "ListChallengeMetadataRequest$NextToken": "When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
",
+ "ListChallengeMetadataResponse$NextToken": "When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
",
+ "ListConnectorsRequest$NextToken": "When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
",
+ "ListConnectorsResponse$NextToken": "When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Connector for SCEP returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.
"
+ }
+ },
+ "OpenIdConfiguration": {
+ "base": "Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
",
+ "refs": {
+ "Connector$OpenIdConfiguration": "Contains OpenID Connect (OIDC) parameters for use with Connector for SCEP for Microsoft Intune. For more information about using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune.
",
+ "ConnectorSummary$OpenIdConfiguration": "Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune.
"
+ }
+ },
+ "ResourceNotFoundException": {
+ "base": "The operation tried to access a nonexistent resource. The resource might be incorrectly specified, or it might have a status other than ACTIVE.
",
+ "refs": {
+ }
+ },
+ "SensitiveString": {
+ "base": null,
+ "refs": {
+ "Challenge$Password": "The SCEP challenge password, in UUID format.
",
+ "GetChallengePasswordResponse$Password": "The SCEP challenge password.
"
+ }
+ },
+ "ServiceQuotaExceededException": {
+ "base": "The request would cause a service quota to be exceeded.
",
+ "refs": {
+ }
+ },
+ "String": {
+ "base": null,
+ "refs": {
+ "AccessDeniedException$Message": null,
+ "BadRequestException$Message": null,
+ "ConflictException$Message": null,
+ "ConflictException$ResourceId": "The identifier of the Amazon Web Services resource.
",
+ "ConflictException$ResourceType": "The resource type, which can be either Connector or Challenge.
",
+ "Connector$Endpoint": "The connector's HTTPS public SCEP URL.
",
+ "ConnectorSummary$Endpoint": "The connector's HTTPS public SCEP URL.
",
+ "InternalServerException$Message": null,
+ "ListTagsForResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
",
+ "OpenIdConfiguration$Issuer": "The issuer value to copy into your Microsoft Entra app registration's OIDC.
",
+ "OpenIdConfiguration$Subject": "The subject value to copy into your Microsoft Entra app registration's OIDC.
",
+ "OpenIdConfiguration$Audience": "The audience value to copy into your Microsoft Entra app registration's OIDC.
",
+ "ResourceNotFoundException$Message": null,
+ "ResourceNotFoundException$ResourceId": "The identifier of the Amazon Web Services resource.
",
+ "ResourceNotFoundException$ResourceType": "The resource type, which can be either Connector or Challenge.
",
+ "ServiceQuotaExceededException$Message": null,
+ "ServiceQuotaExceededException$ResourceType": "The resource type, which can be either Connector or Challenge.
",
+ "ServiceQuotaExceededException$ServiceCode": "Identifies the originating service.
",
+ "ServiceQuotaExceededException$QuotaCode": "The quota identifier.
",
+ "TagKeyList$member": null,
+ "TagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
",
+ "Tags$key": null,
+ "Tags$value": null,
+ "ThrottlingException$Message": null,
+ "UntagResourceRequest$ResourceArn": "The Amazon Resource Name (ARN) of the resource.
",
+ "ValidationException$Message": null
+ }
+ },
+ "TagKeyList": {
+ "base": null,
+ "refs": {
+ "UntagResourceRequest$TagKeys": "Specifies a list of tag keys that you want to remove from the specified resources.
"
+ }
+ },
+ "TagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "Tags": {
+ "base": null,
+ "refs": {
+ "CreateChallengeRequest$Tags": "The key-value pairs to associate with the resource.
",
+ "CreateConnectorRequest$Tags": "The key-value pairs to associate with the resource.
",
+ "ListTagsForResourceResponse$Tags": "The key-value pairs to associate with the resource.
",
+ "TagResourceRequest$Tags": "The key-value pairs to associate with the resource.
"
+ }
+ },
+ "ThrottlingException": {
+ "base": "The limit on the number of requests per second was exceeded.
",
+ "refs": {
+ }
+ },
+ "Timestamp": {
+ "base": null,
+ "refs": {
+ "Challenge$CreatedAt": "The date and time that the challenge was created.
",
+ "Challenge$UpdatedAt": "The date and time that the challenge was updated.
",
+ "ChallengeMetadata$CreatedAt": "The date and time that the connector was created.
",
+ "ChallengeMetadata$UpdatedAt": "The date and time that the connector was updated.
",
+ "ChallengeMetadataSummary$CreatedAt": "The date and time that the challenge was created.
",
+ "ChallengeMetadataSummary$UpdatedAt": "The date and time that the challenge was updated.
",
+ "Connector$CreatedAt": "The date and time that the connector was created.
",
+ "Connector$UpdatedAt": "The date and time that the connector was updated.
",
+ "ConnectorSummary$CreatedAt": "The date and time that the challenge was created.
",
+ "ConnectorSummary$UpdatedAt": "The date and time that the challenge was updated.
"
+ }
+ },
+ "UntagResourceRequest": {
+ "base": null,
+ "refs": {
+ }
+ },
+ "ValidationException": {
+ "base": "An input validation error occurred. For example, invalid characters in a name tag, or an invalid pagination token.
",
+ "refs": {
+ }
+ },
+ "ValidationExceptionReason": {
+ "base": null,
+ "refs": {
+ "ValidationException$Reason": "The reason for the validation error, if available. The service doesn't return a reason for every validation exception.
"
+ }
+ }
+ }
+}
diff --git a/models/apis/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json b/models/apis/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json
new file mode 100644
index 00000000000..bf010937df5
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/endpoint-rule-set-1.json
@@ -0,0 +1,350 @@
+{
+ "version": "1.0",
+ "parameters": {
+ "Region": {
+ "builtIn": "AWS::Region",
+ "required": false,
+ "documentation": "The AWS region used to dispatch the request.",
+ "type": "String"
+ },
+ "UseDualStack": {
+ "builtIn": "AWS::UseDualStack",
+ "required": true,
+ "default": false,
+ "documentation": "When true, use the dual-stack endpoint. If the configured endpoint does not support dual-stack, dispatching the request MAY return an error.",
+ "type": "Boolean"
+ },
+ "UseFIPS": {
+ "builtIn": "AWS::UseFIPS",
+ "required": true,
+ "default": false,
+ "documentation": "When true, send this request to the FIPS-compliant regional endpoint. If the configured endpoint does not have a FIPS compliant endpoint, dispatching the request will return an error.",
+ "type": "Boolean"
+ },
+ "Endpoint": {
+ "builtIn": "SDK::Endpoint",
+ "required": false,
+ "documentation": "Override the endpoint used to send this request",
+ "type": "String"
+ }
+ },
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Endpoint"
+ }
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported",
+ "type": "error"
+ },
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": {
+ "ref": "Endpoint"
+ },
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "isSet",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "aws.partition",
+ "argv": [
+ {
+ "ref": "Region"
+ }
+ ],
+ "assign": "PartitionResult"
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ }
+ ]
+ },
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseFIPS"
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsFIPS"
+ ]
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "FIPS is enabled but this partition does not support FIPS",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ {
+ "ref": "UseDualStack"
+ },
+ true
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [
+ {
+ "fn": "booleanEquals",
+ "argv": [
+ true,
+ {
+ "fn": "getAttr",
+ "argv": [
+ {
+ "ref": "PartitionResult"
+ },
+ "supportsDualStack"
+ ]
+ }
+ ]
+ }
+ ],
+ "rules": [
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://pca-connector-scep.{Region}.{PartitionResult#dualStackDnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "DualStack is enabled but this partition does not support DualStack",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "rules": [
+ {
+ "conditions": [],
+ "endpoint": {
+ "url": "https://pca-connector-scep.{Region}.{PartitionResult#dnsSuffix}",
+ "properties": {},
+ "headers": {}
+ },
+ "type": "endpoint"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ }
+ ],
+ "type": "tree"
+ },
+ {
+ "conditions": [],
+ "error": "Invalid Configuration: Missing Region",
+ "type": "error"
+ }
+ ],
+ "type": "tree"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/models/apis/pca-connector-scep/2018-05-10/endpoint-tests-1.json b/models/apis/pca-connector-scep/2018-05-10/endpoint-tests-1.json
new file mode 100644
index 00000000000..27f0552329a
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/endpoint-tests-1.json
@@ -0,0 +1,314 @@
+{
+ "testCases": [
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-east-1.api.aws"
+ }
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "Region": "cn-north-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "Region": "cn-north-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.cn-north-1.api.amazonwebservices.com.cn"
+ }
+ },
+ "params": {
+ "Region": "cn-north-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region cn-north-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.cn-north-1.amazonaws.com.cn"
+ }
+ },
+ "params": {
+ "Region": "cn-north-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "Region": "us-gov-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "Region": "us-gov-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-gov-east-1.api.aws"
+ }
+ },
+ "params": {
+ "Region": "us-gov-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-gov-east-1.amazonaws.com"
+ }
+ },
+ "params": {
+ "Region": "us-gov-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-iso-east-1.c2s.ic.gov"
+ }
+ },
+ "params": {
+ "Region": "us-iso-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+ "expect": {
+ "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep-fips.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+ "expect": {
+ "error": "DualStack is enabled but this partition does not support DualStack"
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true
+ }
+ },
+ {
+ "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://pca-connector-scep.us-isob-east-1.sc2s.sgov.gov"
+ }
+ },
+ "params": {
+ "Region": "us-isob-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false
+ }
+ },
+ {
+ "documentation": "For custom endpoint with region set and fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": false,
+ "UseDualStack": false,
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with region not set and fips disabled and dualstack disabled",
+ "expect": {
+ "endpoint": {
+ "url": "https://example.com"
+ }
+ },
+ "params": {
+ "UseFIPS": false,
+ "UseDualStack": false,
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips enabled and dualstack disabled",
+ "expect": {
+ "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": true,
+ "UseDualStack": false,
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "For custom endpoint with fips disabled and dualstack enabled",
+ "expect": {
+ "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
+ },
+ "params": {
+ "Region": "us-east-1",
+ "UseFIPS": false,
+ "UseDualStack": true,
+ "Endpoint": "https://example.com"
+ }
+ },
+ {
+ "documentation": "Missing region",
+ "expect": {
+ "error": "Invalid Configuration: Missing Region"
+ }
+ }
+ ],
+ "version": "1.0"
+}
\ No newline at end of file
diff --git a/models/apis/pca-connector-scep/2018-05-10/examples-1.json b/models/apis/pca-connector-scep/2018-05-10/examples-1.json
new file mode 100644
index 00000000000..0ea7e3b0bbe
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/examples-1.json
@@ -0,0 +1,5 @@
+{
+ "version": "1.0",
+ "examples": {
+ }
+}
diff --git a/models/apis/pca-connector-scep/2018-05-10/paginators-1.json b/models/apis/pca-connector-scep/2018-05-10/paginators-1.json
new file mode 100644
index 00000000000..7a913db5296
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/paginators-1.json
@@ -0,0 +1,16 @@
+{
+ "pagination": {
+ "ListChallengeMetadata": {
+ "input_token": "NextToken",
+ "output_token": "NextToken",
+ "limit_key": "MaxResults",
+ "result_key": "Challenges"
+ },
+ "ListConnectors": {
+ "input_token": "NextToken",
+ "output_token": "NextToken",
+ "limit_key": "MaxResults",
+ "result_key": "Connectors"
+ }
+ }
+}
diff --git a/models/apis/pca-connector-scep/2018-05-10/smoke.json b/models/apis/pca-connector-scep/2018-05-10/smoke.json
new file mode 100644
index 00000000000..a9756813e4a
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/smoke.json
@@ -0,0 +1,6 @@
+{
+ "version": 1,
+ "defaultRegion": "us-west-2",
+ "testCases": [
+ ]
+}
diff --git a/models/apis/pca-connector-scep/2018-05-10/waiters-2.json b/models/apis/pca-connector-scep/2018-05-10/waiters-2.json
new file mode 100644
index 00000000000..13f60ee66be
--- /dev/null
+++ b/models/apis/pca-connector-scep/2018-05-10/waiters-2.json
@@ -0,0 +1,5 @@
+{
+ "version": 2,
+ "waiters": {
+ }
+}
diff --git a/models/apis/sagemaker/2017-07-24/api-2.json b/models/apis/sagemaker/2017-07-24/api-2.json
index 12305419ab3..43e2f5b3e16 100644
--- a/models/apis/sagemaker/2017-07-24/api-2.json
+++ b/models/apis/sagemaker/2017-07-24/api-2.json
@@ -4444,6 +4444,22 @@
"IAM"
]
},
+ "AuthenticationRequestExtraParams":{
+ "type":"map",
+ "key":{"shape":"AuthenticationRequestExtraParamsKey"},
+ "value":{"shape":"AuthenticationRequestExtraParamsValue"},
+ "max":10
+ },
+ "AuthenticationRequestExtraParamsKey":{
+ "type":"string",
+ "max":512,
+ "pattern":".*"
+ },
+ "AuthenticationRequestExtraParamsValue":{
+ "type":"string",
+ "max":512,
+ "pattern":".*"
+ },
"AutoGenerateEndpointName":{"type":"boolean"},
"AutoMLAlgorithm":{
"type":"string",
@@ -15171,7 +15187,8 @@
"NameContains":{"shape":"NameContains"},
"NextToken":{"shape":"NextToken"},
"SortBy":{"shape":"ModelPackageGroupSortBy"},
- "SortOrder":{"shape":"SortOrder"}
+ "SortOrder":{"shape":"SortOrder"},
+ "CrossAccountFilterOption":{"shape":"CrossAccountFilterOption"}
}
},
"ListModelPackageGroupsOutput":{
@@ -17765,7 +17782,9 @@
"TokenEndpoint":{"shape":"OidcEndpoint"},
"UserInfoEndpoint":{"shape":"OidcEndpoint"},
"LogoutEndpoint":{"shape":"OidcEndpoint"},
- "JwksUri":{"shape":"OidcEndpoint"}
+ "JwksUri":{"shape":"OidcEndpoint"},
+ "Scope":{"shape":"Scope"},
+ "AuthenticationRequestExtraParams":{"shape":"AuthenticationRequestExtraParams"}
}
},
"OidcConfigForResponse":{
@@ -17777,7 +17796,9 @@
"TokenEndpoint":{"shape":"OidcEndpoint"},
"UserInfoEndpoint":{"shape":"OidcEndpoint"},
"LogoutEndpoint":{"shape":"OidcEndpoint"},
- "JwksUri":{"shape":"OidcEndpoint"}
+ "JwksUri":{"shape":"OidcEndpoint"},
+ "Scope":{"shape":"Scope"},
+ "AuthenticationRequestExtraParams":{"shape":"AuthenticationRequestExtraParams"}
}
},
"OidcEndpoint":{
@@ -20146,6 +20167,11 @@
"Stopped"
]
},
+ "Scope":{
+ "type":"string",
+ "max":1024,
+ "pattern":"^[!#-\\[\\]-~]+( [!#-\\[\\]-~]+)*$"
+ },
"SearchExpression":{
"type":"structure",
"members":{
diff --git a/models/apis/sagemaker/2017-07-24/docs-2.json b/models/apis/sagemaker/2017-07-24/docs-2.json
index 915cb2da2e3..4de981d343b 100644
--- a/models/apis/sagemaker/2017-07-24/docs-2.json
+++ b/models/apis/sagemaker/2017-07-24/docs-2.json
@@ -955,6 +955,25 @@
"DescribeDomainResponse$AuthMode": "The domain's authentication mode.
"
}
},
+ "AuthenticationRequestExtraParams": {
+ "base": null,
+ "refs": {
+ "OidcConfig$AuthenticationRequestExtraParams": "A string to string map of identifiers specific to the custom identity provider (IdP) being used.
",
+ "OidcConfigForResponse$AuthenticationRequestExtraParams": "A string to string map of identifiers specific to the custom identity provider (IdP) being used.
"
+ }
+ },
+ "AuthenticationRequestExtraParamsKey": {
+ "base": null,
+ "refs": {
+ "AuthenticationRequestExtraParams$key": null
+ }
+ },
+ "AuthenticationRequestExtraParamsValue": {
+ "base": null,
+ "refs": {
+ "AuthenticationRequestExtraParams$value": null
+ }
+ },
"AutoGenerateEndpointName": {
"base": null,
"refs": {
@@ -3214,6 +3233,7 @@
"CrossAccountFilterOption": {
"base": null,
"refs": {
+ "ListModelPackageGroupsInput$CrossAccountFilterOption": "A filter that returns either model groups shared with you or model groups in your own account. When the value is CrossAccount, the results show the resources made discoverable to you from other accounts. When the value is SameAccount or null, the results show resources from your account. The default is SameAccount.
",
"SearchRequest$CrossAccountFilterOption": " A cross account filter option. When the value is \"CrossAccount\" the search results will only include resources made discoverable to you from other accounts. When the value is \"SameAccount\" or null the search results will only include resources from your account. Default is null. For more information on searching for resources made discoverable to your account, see Search discoverable resources in the SageMaker Developer Guide. The maximum number of ResourceCatalogs viewable is 1000.
"
}
},
@@ -13304,6 +13324,13 @@
"MonitoringScheduleSummary$MonitoringScheduleStatus": "The status of the monitoring schedule.
"
}
},
+ "Scope": {
+ "base": null,
+ "refs": {
+ "OidcConfig$Scope": "An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
",
+ "OidcConfigForResponse$Scope": "An array of string identifiers used to refer to the specific pieces of user data or claims that the client application wants to access.
"
+ }
+ },
"SearchExpression": {
"base": "A multi-expression that searches for the specified resource or resources in a search. All resource objects that satisfy the expression's condition are included in the search results. You must specify at least one subexpression, filter, or nested filter. A SearchExpression can contain up to twenty elements.
A SearchExpression contains the following components:
-
A list of Filter objects. Each filter defines a simple Boolean expression comprised of a resource property name, Boolean operator, and value.
-
A list of NestedFilter objects. Each nested filter defines a list of Boolean expressions using a list of resource properties. A nested filter is satisfied if a single object in the list satisfies all Boolean expressions.
-
A list of SearchExpression objects. A search expression object can be nested in a list of search expression objects.
-
A Boolean operator: And or Or.
",
"refs": {
diff --git a/models/endpoints/endpoints.json b/models/endpoints/endpoints.json
index 6829e1310d5..65eae6ad12a 100644
--- a/models/endpoints/endpoints.json
+++ b/models/endpoints/endpoints.json
@@ -2712,6 +2712,12 @@
},
"hostname" : "bedrock.eu-west-3.amazonaws.com"
},
+ "bedrock-fips-ca-central-1" : {
+ "credentialScope" : {
+ "region" : "ca-central-1"
+ },
+ "hostname" : "bedrock-fips.ca-central-1.amazonaws.com"
+ },
"bedrock-fips-us-east-1" : {
"credentialScope" : {
"region" : "us-east-1"
@@ -2778,6 +2784,12 @@
},
"hostname" : "bedrock-runtime.eu-west-3.amazonaws.com"
},
+ "bedrock-runtime-fips-ca-central-1" : {
+ "credentialScope" : {
+ "region" : "ca-central-1"
+ },
+ "hostname" : "bedrock-runtime-fips.ca-central-1.amazonaws.com"
+ },
"bedrock-runtime-fips-us-east-1" : {
"credentialScope" : {
"region" : "us-east-1"
@@ -23171,6 +23183,18 @@
},
"bedrock" : {
"endpoints" : {
+ "bedrock-fips-us-gov-west-1" : {
+ "credentialScope" : {
+ "region" : "us-gov-west-1"
+ },
+ "hostname" : "bedrock-fips.us-gov-west-1.amazonaws.com"
+ },
+ "bedrock-runtime-fips-us-gov-west-1" : {
+ "credentialScope" : {
+ "region" : "us-gov-west-1"
+ },
+ "hostname" : "bedrock-runtime-fips.us-gov-west-1.amazonaws.com"
+ },
"bedrock-runtime-us-gov-west-1" : {
"credentialScope" : {
"region" : "us-gov-west-1"
@@ -26497,6 +26521,36 @@
}
}
},
+ "securitylake" : {
+ "endpoints" : {
+ "us-gov-east-1" : {
+ "variants" : [ {
+ "hostname" : "securitylake.us-gov-east-1.amazonaws.com",
+ "tags" : [ "fips" ]
+ } ]
+ },
+ "us-gov-east-1-fips" : {
+ "credentialScope" : {
+ "region" : "us-gov-east-1"
+ },
+ "deprecated" : true,
+ "hostname" : "securitylake.us-gov-east-1.amazonaws.com"
+ },
+ "us-gov-west-1" : {
+ "variants" : [ {
+ "hostname" : "securitylake.us-gov-west-1.amazonaws.com",
+ "tags" : [ "fips" ]
+ } ]
+ },
+ "us-gov-west-1-fips" : {
+ "credentialScope" : {
+ "region" : "us-gov-west-1"
+ },
+ "deprecated" : true,
+ "hostname" : "securitylake.us-gov-west-1.amazonaws.com"
+ }
+ }
+ },
"serverlessrepo" : {
"defaults" : {
"protocols" : [ "https" ]
diff --git a/service/accessanalyzer/accessanalyzeriface/interface.go b/service/accessanalyzer/accessanalyzeriface/interface.go
index ccb77083565..0c4c5115a81 100644
--- a/service/accessanalyzer/accessanalyzeriface/interface.go
+++ b/service/accessanalyzer/accessanalyzeriface/interface.go
@@ -76,6 +76,10 @@ type AccessAnalyzerAPI interface {
CheckNoNewAccessWithContext(aws.Context, *accessanalyzer.CheckNoNewAccessInput, ...request.Option) (*accessanalyzer.CheckNoNewAccessOutput, error)
CheckNoNewAccessRequest(*accessanalyzer.CheckNoNewAccessInput) (*request.Request, *accessanalyzer.CheckNoNewAccessOutput)
+ CheckNoPublicAccess(*accessanalyzer.CheckNoPublicAccessInput) (*accessanalyzer.CheckNoPublicAccessOutput, error)
+ CheckNoPublicAccessWithContext(aws.Context, *accessanalyzer.CheckNoPublicAccessInput, ...request.Option) (*accessanalyzer.CheckNoPublicAccessOutput, error)
+ CheckNoPublicAccessRequest(*accessanalyzer.CheckNoPublicAccessInput) (*request.Request, *accessanalyzer.CheckNoPublicAccessOutput)
+
CreateAccessPreview(*accessanalyzer.CreateAccessPreviewInput) (*accessanalyzer.CreateAccessPreviewOutput, error)
CreateAccessPreviewWithContext(aws.Context, *accessanalyzer.CreateAccessPreviewInput, ...request.Option) (*accessanalyzer.CreateAccessPreviewOutput, error)
CreateAccessPreviewRequest(*accessanalyzer.CreateAccessPreviewInput) (*request.Request, *accessanalyzer.CreateAccessPreviewOutput)
@@ -96,6 +100,10 @@ type AccessAnalyzerAPI interface {
DeleteArchiveRuleWithContext(aws.Context, *accessanalyzer.DeleteArchiveRuleInput, ...request.Option) (*accessanalyzer.DeleteArchiveRuleOutput, error)
DeleteArchiveRuleRequest(*accessanalyzer.DeleteArchiveRuleInput) (*request.Request, *accessanalyzer.DeleteArchiveRuleOutput)
+ GenerateFindingRecommendation(*accessanalyzer.GenerateFindingRecommendationInput) (*accessanalyzer.GenerateFindingRecommendationOutput, error)
+ GenerateFindingRecommendationWithContext(aws.Context, *accessanalyzer.GenerateFindingRecommendationInput, ...request.Option) (*accessanalyzer.GenerateFindingRecommendationOutput, error)
+ GenerateFindingRecommendationRequest(*accessanalyzer.GenerateFindingRecommendationInput) (*request.Request, *accessanalyzer.GenerateFindingRecommendationOutput)
+
GetAccessPreview(*accessanalyzer.GetAccessPreviewInput) (*accessanalyzer.GetAccessPreviewOutput, error)
GetAccessPreviewWithContext(aws.Context, *accessanalyzer.GetAccessPreviewInput, ...request.Option) (*accessanalyzer.GetAccessPreviewOutput, error)
GetAccessPreviewRequest(*accessanalyzer.GetAccessPreviewInput) (*request.Request, *accessanalyzer.GetAccessPreviewOutput)
@@ -116,6 +124,13 @@ type AccessAnalyzerAPI interface {
GetFindingWithContext(aws.Context, *accessanalyzer.GetFindingInput, ...request.Option) (*accessanalyzer.GetFindingOutput, error)
GetFindingRequest(*accessanalyzer.GetFindingInput) (*request.Request, *accessanalyzer.GetFindingOutput)
+ GetFindingRecommendation(*accessanalyzer.GetFindingRecommendationInput) (*accessanalyzer.GetFindingRecommendationOutput, error)
+ GetFindingRecommendationWithContext(aws.Context, *accessanalyzer.GetFindingRecommendationInput, ...request.Option) (*accessanalyzer.GetFindingRecommendationOutput, error)
+ GetFindingRecommendationRequest(*accessanalyzer.GetFindingRecommendationInput) (*request.Request, *accessanalyzer.GetFindingRecommendationOutput)
+
+ GetFindingRecommendationPages(*accessanalyzer.GetFindingRecommendationInput, func(*accessanalyzer.GetFindingRecommendationOutput, bool) bool) error
+ GetFindingRecommendationPagesWithContext(aws.Context, *accessanalyzer.GetFindingRecommendationInput, func(*accessanalyzer.GetFindingRecommendationOutput, bool) bool, ...request.Option) error
+
GetFindingV2(*accessanalyzer.GetFindingV2Input) (*accessanalyzer.GetFindingV2Output, error)
GetFindingV2WithContext(aws.Context, *accessanalyzer.GetFindingV2Input, ...request.Option) (*accessanalyzer.GetFindingV2Output, error)
GetFindingV2Request(*accessanalyzer.GetFindingV2Input) (*request.Request, *accessanalyzer.GetFindingV2Output)
diff --git a/service/accessanalyzer/api.go b/service/accessanalyzer/api.go
index 336a655b3f0..8671a8dac0f 100644
--- a/service/accessanalyzer/api.go
+++ b/service/accessanalyzer/api.go
@@ -390,6 +390,101 @@ func (c *AccessAnalyzer) CheckNoNewAccessWithContext(ctx aws.Context, input *Che
return out, req.Send()
}
+const opCheckNoPublicAccess = "CheckNoPublicAccess"
+
+// CheckNoPublicAccessRequest generates a "aws/request.Request" representing the
+// client's request for the CheckNoPublicAccess operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CheckNoPublicAccess for more information on using the CheckNoPublicAccess
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CheckNoPublicAccessRequest method.
+// req, resp := client.CheckNoPublicAccessRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccess
+func (c *AccessAnalyzer) CheckNoPublicAccessRequest(input *CheckNoPublicAccessInput) (req *request.Request, output *CheckNoPublicAccessOutput) {
+ op := &request.Operation{
+ Name: opCheckNoPublicAccess,
+ HTTPMethod: "POST",
+ HTTPPath: "/policy/check-no-public-access",
+ }
+
+ if input == nil {
+ input = &CheckNoPublicAccessInput{}
+ }
+
+ output = &CheckNoPublicAccessOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CheckNoPublicAccess API operation for Access Analyzer.
+//
+// Checks whether a resource policy can grant public access to the specified
+// resource type.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Access Analyzer's
+// API operation CheckNoPublicAccess for usage and error information.
+//
+// Returned Error Types:
+//
+// - ValidationException
+// Validation exception error.
+//
+// - InternalServerException
+// Internal server error.
+//
+// - InvalidParameterException
+// The specified parameter is invalid.
+//
+// - UnprocessableEntityException
+// The specified entity could not be processed.
+//
+// - ThrottlingException
+// Throttling limit exceeded error.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/CheckNoPublicAccess
+func (c *AccessAnalyzer) CheckNoPublicAccess(input *CheckNoPublicAccessInput) (*CheckNoPublicAccessOutput, error) {
+ req, out := c.CheckNoPublicAccessRequest(input)
+ return out, req.Send()
+}
+
+// CheckNoPublicAccessWithContext is the same as CheckNoPublicAccess with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CheckNoPublicAccess for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AccessAnalyzer) CheckNoPublicAccessWithContext(ctx aws.Context, input *CheckNoPublicAccessInput, opts ...request.Option) (*CheckNoPublicAccessOutput, error) {
+ req, out := c.CheckNoPublicAccessRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opCreateAccessPreview = "CreateAccessPreview"
// CreateAccessPreviewRequest generates a "aws/request.Request" representing the
@@ -873,6 +968,95 @@ func (c *AccessAnalyzer) DeleteArchiveRuleWithContext(ctx aws.Context, input *De
return out, req.Send()
}
+const opGenerateFindingRecommendation = "GenerateFindingRecommendation"
+
+// GenerateFindingRecommendationRequest generates a "aws/request.Request" representing the
+// client's request for the GenerateFindingRecommendation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GenerateFindingRecommendation for more information on using the GenerateFindingRecommendation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GenerateFindingRecommendationRequest method.
+// req, resp := client.GenerateFindingRecommendationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GenerateFindingRecommendation
+func (c *AccessAnalyzer) GenerateFindingRecommendationRequest(input *GenerateFindingRecommendationInput) (req *request.Request, output *GenerateFindingRecommendationOutput) {
+ op := &request.Operation{
+ Name: opGenerateFindingRecommendation,
+ HTTPMethod: "POST",
+ HTTPPath: "/recommendation/{id}",
+ }
+
+ if input == nil {
+ input = &GenerateFindingRecommendationInput{}
+ }
+
+ output = &GenerateFindingRecommendationOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// GenerateFindingRecommendation API operation for Access Analyzer.
+//
+// Creates a recommendation for an unused permissions finding.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Access Analyzer's
+// API operation GenerateFindingRecommendation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ValidationException
+// Validation exception error.
+//
+// - InternalServerException
+// Internal server error.
+//
+// - ThrottlingException
+// Throttling limit exceeded error.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GenerateFindingRecommendation
+func (c *AccessAnalyzer) GenerateFindingRecommendation(input *GenerateFindingRecommendationInput) (*GenerateFindingRecommendationOutput, error) {
+ req, out := c.GenerateFindingRecommendationRequest(input)
+ return out, req.Send()
+}
+
+// GenerateFindingRecommendationWithContext is the same as GenerateFindingRecommendation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GenerateFindingRecommendation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AccessAnalyzer) GenerateFindingRecommendationWithContext(ctx aws.Context, input *GenerateFindingRecommendationInput, opts ...request.Option) (*GenerateFindingRecommendationOutput, error) {
+ req, out := c.GenerateFindingRecommendationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetAccessPreview = "GetAccessPreview"
// GetAccessPreviewRequest generates a "aws/request.Request" representing the
@@ -1335,6 +1519,154 @@ func (c *AccessAnalyzer) GetFindingWithContext(ctx aws.Context, input *GetFindin
return out, req.Send()
}
+const opGetFindingRecommendation = "GetFindingRecommendation"
+
+// GetFindingRecommendationRequest generates a "aws/request.Request" representing the
+// client's request for the GetFindingRecommendation operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetFindingRecommendation for more information on using the GetFindingRecommendation
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetFindingRecommendationRequest method.
+// req, resp := client.GetFindingRecommendationRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendation
+func (c *AccessAnalyzer) GetFindingRecommendationRequest(input *GetFindingRecommendationInput) (req *request.Request, output *GetFindingRecommendationOutput) {
+ op := &request.Operation{
+ Name: opGetFindingRecommendation,
+ HTTPMethod: "GET",
+ HTTPPath: "/recommendation/{id}",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"nextToken"},
+ OutputTokens: []string{"nextToken"},
+ LimitToken: "maxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &GetFindingRecommendationInput{}
+ }
+
+ output = &GetFindingRecommendationOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetFindingRecommendation API operation for Access Analyzer.
+//
+// Retrieves information about a finding recommendation for the specified analyzer.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Access Analyzer's
+// API operation GetFindingRecommendation for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The specified resource could not be found.
+//
+// - ValidationException
+// Validation exception error.
+//
+// - InternalServerException
+// Internal server error.
+//
+// - ThrottlingException
+// Throttling limit exceeded error.
+//
+// - AccessDeniedException
+// You do not have sufficient access to perform this action.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFindingRecommendation
+func (c *AccessAnalyzer) GetFindingRecommendation(input *GetFindingRecommendationInput) (*GetFindingRecommendationOutput, error) {
+ req, out := c.GetFindingRecommendationRequest(input)
+ return out, req.Send()
+}
+
+// GetFindingRecommendationWithContext is the same as GetFindingRecommendation with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetFindingRecommendation for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AccessAnalyzer) GetFindingRecommendationWithContext(ctx aws.Context, input *GetFindingRecommendationInput, opts ...request.Option) (*GetFindingRecommendationOutput, error) {
+ req, out := c.GetFindingRecommendationRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// GetFindingRecommendationPages iterates over the pages of a GetFindingRecommendation operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See GetFindingRecommendation method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a GetFindingRecommendation operation.
+// pageNum := 0
+// err := client.GetFindingRecommendationPages(params,
+// func(page *accessanalyzer.GetFindingRecommendationOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *AccessAnalyzer) GetFindingRecommendationPages(input *GetFindingRecommendationInput, fn func(*GetFindingRecommendationOutput, bool) bool) error {
+ return c.GetFindingRecommendationPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// GetFindingRecommendationPagesWithContext same as GetFindingRecommendationPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *AccessAnalyzer) GetFindingRecommendationPagesWithContext(ctx aws.Context, input *GetFindingRecommendationInput, fn func(*GetFindingRecommendationOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *GetFindingRecommendationInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.GetFindingRecommendationRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*GetFindingRecommendationOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
const opGetFindingV2 = "GetFindingV2"
// GetFindingV2Request generates a "aws/request.Request" representing the
@@ -3562,16 +3894,18 @@ func (c *AccessAnalyzer) ValidatePolicyPagesWithContext(ctx aws.Context, input *
return p.Err()
}
-// Contains information about actions that define permissions to check against
-// a policy.
+// Contains information about actions and resources that define permissions
+// to check against a policy.
type Access struct {
_ struct{} `type:"structure"`
// A list of actions for the access permissions. Any strings that can be used
// as an action in an IAM policy can be used in the list of actions to check.
- //
- // Actions is a required field
- Actions []*string `locationName:"actions" type:"list" required:"true"`
+ Actions []*string `locationName:"actions" type:"list"`
+
+ // A list of resources for the access permissions. Any strings that can be used
+ // as a resource in an IAM policy can be used in the list of resources to check.
+ Resources []*string `locationName:"resources" type:"list"`
}
// String returns the string representation.
@@ -3592,25 +3926,18 @@ func (s Access) GoString() string {
return s.String()
}
-// Validate inspects the fields of the type to determine if they are valid.
-func (s *Access) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "Access"}
- if s.Actions == nil {
- invalidParams.Add(request.NewErrParamRequired("Actions"))
- }
-
- if invalidParams.Len() > 0 {
- return invalidParams
- }
- return nil
-}
-
// SetActions sets the Actions field's value.
func (s *Access) SetActions(v []*string) *Access {
s.Actions = v
return s
}
+// SetResources sets the Resources field's value.
+func (s *Access) SetResources(v []*string) *Access {
+ s.Resources = v
+ return s
+}
+
// You do not have sufficient access to perform this action.
type AccessDeniedException struct {
_ struct{} `type:"structure"`
@@ -4737,7 +5064,12 @@ type CheckAccessNotGrantedInput struct {
_ struct{} `type:"structure"`
// An access object containing the permissions that shouldn't be granted by
- // the specified policy.
+ // the specified policy. If only actions are specified, IAM Access Analyzer
+ // checks for access of the actions on all resources in the policy. If only
+ // resources are specified, then IAM Access Analyzer checks which actions have
+ // access to the specified resources. If both actions and resources are specified,
+ // then IAM Access Analyzer checks which of the specified actions have access
+ // to the specified resources.
//
// Access is a required field
Access []*Access `locationName:"access" type:"list" required:"true"`
@@ -4794,16 +5126,6 @@ func (s *CheckAccessNotGrantedInput) Validate() error {
if s.PolicyType == nil {
invalidParams.Add(request.NewErrParamRequired("PolicyType"))
}
- if s.Access != nil {
- for i, v := range s.Access {
- if v == nil {
- continue
- }
- if err := v.Validate(); err != nil {
- invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Access", i), err.(request.ErrInvalidParams))
- }
- }
- }
if invalidParams.Len() > 0 {
return invalidParams
@@ -5021,6 +5343,129 @@ func (s *CheckNoNewAccessOutput) SetResult(v string) *CheckNoNewAccessOutput {
return s
}
+type CheckNoPublicAccessInput struct {
+ _ struct{} `type:"structure"`
+
+ // The JSON policy document to evaluate for public access.
+ //
+ // PolicyDocument is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by CheckNoPublicAccessInput's
+ // String and GoString methods.
+ //
+ // PolicyDocument is a required field
+ PolicyDocument *string `locationName:"policyDocument" type:"string" required:"true" sensitive:"true"`
+
+ // The type of resource to evaluate for public access. For example, to check
+ // for public access to Amazon S3 buckets, you can choose AWS::S3::Bucket for
+ // the resource type.
+ //
+ // For resource types not supported as valid values, IAM Access Analyzer will
+ // return an error.
+ //
+ // ResourceType is a required field
+ ResourceType *string `locationName:"resourceType" type:"string" required:"true" enum:"AccessCheckResourceType"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CheckNoPublicAccessInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CheckNoPublicAccessInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CheckNoPublicAccessInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CheckNoPublicAccessInput"}
+ if s.PolicyDocument == nil {
+ invalidParams.Add(request.NewErrParamRequired("PolicyDocument"))
+ }
+ if s.ResourceType == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceType"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetPolicyDocument sets the PolicyDocument field's value.
+func (s *CheckNoPublicAccessInput) SetPolicyDocument(v string) *CheckNoPublicAccessInput {
+ s.PolicyDocument = &v
+ return s
+}
+
+// SetResourceType sets the ResourceType field's value.
+func (s *CheckNoPublicAccessInput) SetResourceType(v string) *CheckNoPublicAccessInput {
+ s.ResourceType = &v
+ return s
+}
+
+type CheckNoPublicAccessOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The message indicating whether the specified policy allows public access
+ // to resources.
+ Message *string `locationName:"message" type:"string"`
+
+ // A list of reasons why the specified resource policy grants public access
+ // for the resource type.
+ Reasons []*ReasonSummary `locationName:"reasons" type:"list"`
+
+ // The result of the check for public access to the specified resource type.
+ // If the result is PASS, the policy doesn't allow public access to the specified
+ // resource type. If the result is FAIL, the policy might allow public access
+ // to the specified resource type.
+ Result *string `locationName:"result" type:"string" enum:"CheckNoPublicAccessResult"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CheckNoPublicAccessOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CheckNoPublicAccessOutput) GoString() string {
+ return s.String()
+}
+
+// SetMessage sets the Message field's value.
+func (s *CheckNoPublicAccessOutput) SetMessage(v string) *CheckNoPublicAccessOutput {
+ s.Message = &v
+ return s
+}
+
+// SetReasons sets the Reasons field's value.
+func (s *CheckNoPublicAccessOutput) SetReasons(v []*ReasonSummary) *CheckNoPublicAccessOutput {
+ s.Reasons = v
+ return s
+}
+
+// SetResult sets the Result field's value.
+func (s *CheckNoPublicAccessOutput) SetResult(v string) *CheckNoPublicAccessOutput {
+ s.Result = &v
+ return s
+}
+
// Contains information about CloudTrail access.
type CloudTrailDetails struct {
_ struct{} `type:"structure"`
@@ -7046,6 +7491,92 @@ func (s *FindingSummaryV2) SetUpdatedAt(v time.Time) *FindingSummaryV2 {
return s
}
+type GenerateFindingRecommendationInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
+ // used to generate the finding recommendation.
+ //
+ // AnalyzerArn is a required field
+ AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"`
+
+ // The unique ID for the finding recommendation.
+ //
+ // Id is a required field
+ Id *string `location:"uri" locationName:"id" min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GenerateFindingRecommendationInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GenerateFindingRecommendationInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GenerateFindingRecommendationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GenerateFindingRecommendationInput"}
+ if s.AnalyzerArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("AnalyzerArn"))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAnalyzerArn sets the AnalyzerArn field's value.
+func (s *GenerateFindingRecommendationInput) SetAnalyzerArn(v string) *GenerateFindingRecommendationInput {
+ s.AnalyzerArn = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *GenerateFindingRecommendationInput) SetId(v string) *GenerateFindingRecommendationInput {
+ s.Id = &v
+ return s
+}
+
+type GenerateFindingRecommendationOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GenerateFindingRecommendationOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GenerateFindingRecommendationOutput) GoString() string {
+ return s.String()
+}
+
// Contains the text for the generated policy.
type GeneratedPolicy struct {
_ struct{} `type:"structure"`
@@ -7526,13 +8057,110 @@ func (s *GetArchiveRuleInput) SetRuleName(v string) *GetArchiveRuleInput {
}
// The response to the request.
-type GetArchiveRuleOutput struct {
+type GetArchiveRuleOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Contains information about an archive rule.
+ //
+ // ArchiveRule is a required field
+ ArchiveRule *ArchiveRuleSummary `locationName:"archiveRule" type:"structure" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetArchiveRuleOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetArchiveRuleOutput) GoString() string {
+ return s.String()
+}
+
+// SetArchiveRule sets the ArchiveRule field's value.
+func (s *GetArchiveRuleOutput) SetArchiveRule(v *ArchiveRuleSummary) *GetArchiveRuleOutput {
+ s.ArchiveRule = v
+ return s
+}
+
+// Retrieves a finding.
+type GetFindingInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
+ // that generated the finding.
+ //
+ // AnalyzerArn is a required field
+ AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"`
+
+ // The ID of the finding to retrieve.
+ //
+ // Id is a required field
+ Id *string `location:"uri" locationName:"id" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFindingInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetFindingInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetFindingInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetFindingInput"}
+ if s.AnalyzerArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("AnalyzerArn"))
+ }
+ if s.Id == nil {
+ invalidParams.Add(request.NewErrParamRequired("Id"))
+ }
+ if s.Id != nil && len(*s.Id) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Id", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAnalyzerArn sets the AnalyzerArn field's value.
+func (s *GetFindingInput) SetAnalyzerArn(v string) *GetFindingInput {
+ s.AnalyzerArn = &v
+ return s
+}
+
+// SetId sets the Id field's value.
+func (s *GetFindingInput) SetId(v string) *GetFindingInput {
+ s.Id = &v
+ return s
+}
+
+// The response to the request.
+type GetFindingOutput struct {
_ struct{} `type:"structure"`
- // Contains information about an archive rule.
- //
- // ArchiveRule is a required field
- ArchiveRule *ArchiveRuleSummary `locationName:"archiveRule" type:"structure" required:"true"`
+ // A finding object that contains finding details.
+ Finding *Finding `locationName:"finding" type:"structure"`
}
// String returns the string representation.
@@ -7540,7 +8168,7 @@ type GetArchiveRuleOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetArchiveRuleOutput) String() string {
+func (s GetFindingOutput) String() string {
return awsutil.Prettify(s)
}
@@ -7549,30 +8177,35 @@ func (s GetArchiveRuleOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetArchiveRuleOutput) GoString() string {
+func (s GetFindingOutput) GoString() string {
return s.String()
}
-// SetArchiveRule sets the ArchiveRule field's value.
-func (s *GetArchiveRuleOutput) SetArchiveRule(v *ArchiveRuleSummary) *GetArchiveRuleOutput {
- s.ArchiveRule = v
+// SetFinding sets the Finding field's value.
+func (s *GetFindingOutput) SetFinding(v *Finding) *GetFindingOutput {
+ s.Finding = v
return s
}
-// Retrieves a finding.
-type GetFindingInput struct {
+type GetFindingRecommendationInput struct {
_ struct{} `type:"structure" nopayload:"true"`
// The ARN of the analyzer (https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-getting-started.html#permission-resources)
- // that generated the finding.
+ // used to generate the finding recommendation.
//
// AnalyzerArn is a required field
AnalyzerArn *string `location:"querystring" locationName:"analyzerArn" type:"string" required:"true"`
- // The ID of the finding to retrieve.
+ // The unique ID for the finding recommendation.
//
// Id is a required field
- Id *string `location:"uri" locationName:"id" type:"string" required:"true"`
+ Id *string `location:"uri" locationName:"id" min:"1" type:"string" required:"true"`
+
+ // The maximum number of results to return in the response.
+ MaxResults *int64 `location:"querystring" locationName:"maxResults" min:"1" type:"integer"`
+
+ // A token used for pagination of results returned.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
}
// String returns the string representation.
@@ -7580,7 +8213,7 @@ type GetFindingInput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetFindingInput) String() string {
+func (s GetFindingRecommendationInput) String() string {
return awsutil.Prettify(s)
}
@@ -7589,13 +8222,13 @@ func (s GetFindingInput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetFindingInput) GoString() string {
+func (s GetFindingRecommendationInput) GoString() string {
return s.String()
}
// Validate inspects the fields of the type to determine if they are valid.
-func (s *GetFindingInput) Validate() error {
- invalidParams := request.ErrInvalidParams{Context: "GetFindingInput"}
+func (s *GetFindingRecommendationInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetFindingRecommendationInput"}
if s.AnalyzerArn == nil {
invalidParams.Add(request.NewErrParamRequired("AnalyzerArn"))
}
@@ -7605,6 +8238,9 @@ func (s *GetFindingInput) Validate() error {
if s.Id != nil && len(*s.Id) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Id", 1))
}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
if invalidParams.Len() > 0 {
return invalidParams
@@ -7613,23 +8249,64 @@ func (s *GetFindingInput) Validate() error {
}
// SetAnalyzerArn sets the AnalyzerArn field's value.
-func (s *GetFindingInput) SetAnalyzerArn(v string) *GetFindingInput {
+func (s *GetFindingRecommendationInput) SetAnalyzerArn(v string) *GetFindingRecommendationInput {
s.AnalyzerArn = &v
return s
}
// SetId sets the Id field's value.
-func (s *GetFindingInput) SetId(v string) *GetFindingInput {
+func (s *GetFindingRecommendationInput) SetId(v string) *GetFindingRecommendationInput {
s.Id = &v
return s
}
-// The response to the request.
-type GetFindingOutput struct {
+// SetMaxResults sets the MaxResults field's value.
+func (s *GetFindingRecommendationInput) SetMaxResults(v int64) *GetFindingRecommendationInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *GetFindingRecommendationInput) SetNextToken(v string) *GetFindingRecommendationInput {
+ s.NextToken = &v
+ return s
+}
+
+type GetFindingRecommendationOutput struct {
_ struct{} `type:"structure"`
- // A finding object that contains finding details.
- Finding *Finding `locationName:"finding" type:"structure"`
+ // The time at which the retrieval of the finding recommendation was completed.
+ CompletedAt *time.Time `locationName:"completedAt" type:"timestamp" timestampFormat:"iso8601"`
+
+ // Detailed information about the reason that the retrieval of a recommendation
+ // for the finding failed.
+ Error *RecommendationError `locationName:"error" type:"structure"`
+
+ // A token used for pagination of results returned.
+ NextToken *string `locationName:"nextToken" type:"string"`
+
+ // The type of recommendation for the finding.
+ //
+ // RecommendationType is a required field
+ RecommendationType *string `locationName:"recommendationType" type:"string" required:"true" enum:"RecommendationType"`
+
+ // A group of recommended steps for the finding.
+ RecommendedSteps []*RecommendedStep `locationName:"recommendedSteps" type:"list"`
+
+ // The ARN of the resource of the finding.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `locationName:"resourceArn" type:"string" required:"true"`
+
+ // The time at which the retrieval of the finding recommendation was started.
+ //
+ // StartedAt is a required field
+ StartedAt *time.Time `locationName:"startedAt" type:"timestamp" timestampFormat:"iso8601" required:"true"`
+
+ // The status of the retrieval of the finding recommendation.
+ //
+ // Status is a required field
+ Status *string `locationName:"status" type:"string" required:"true" enum:"Status"`
}
// String returns the string representation.
@@ -7637,7 +8314,7 @@ type GetFindingOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetFindingOutput) String() string {
+func (s GetFindingRecommendationOutput) String() string {
return awsutil.Prettify(s)
}
@@ -7646,13 +8323,55 @@ func (s GetFindingOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s GetFindingOutput) GoString() string {
+func (s GetFindingRecommendationOutput) GoString() string {
return s.String()
}
-// SetFinding sets the Finding field's value.
-func (s *GetFindingOutput) SetFinding(v *Finding) *GetFindingOutput {
- s.Finding = v
+// SetCompletedAt sets the CompletedAt field's value.
+func (s *GetFindingRecommendationOutput) SetCompletedAt(v time.Time) *GetFindingRecommendationOutput {
+ s.CompletedAt = &v
+ return s
+}
+
+// SetError sets the Error field's value.
+func (s *GetFindingRecommendationOutput) SetError(v *RecommendationError) *GetFindingRecommendationOutput {
+ s.Error = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *GetFindingRecommendationOutput) SetNextToken(v string) *GetFindingRecommendationOutput {
+ s.NextToken = &v
+ return s
+}
+
+// SetRecommendationType sets the RecommendationType field's value.
+func (s *GetFindingRecommendationOutput) SetRecommendationType(v string) *GetFindingRecommendationOutput {
+ s.RecommendationType = &v
+ return s
+}
+
+// SetRecommendedSteps sets the RecommendedSteps field's value.
+func (s *GetFindingRecommendationOutput) SetRecommendedSteps(v []*RecommendedStep) *GetFindingRecommendationOutput {
+ s.RecommendedSteps = v
+ return s
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *GetFindingRecommendationOutput) SetResourceArn(v string) *GetFindingRecommendationOutput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetStartedAt sets the StartedAt field's value.
+func (s *GetFindingRecommendationOutput) SetStartedAt(v time.Time) *GetFindingRecommendationOutput {
+ s.StartedAt = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *GetFindingRecommendationOutput) SetStatus(v string) *GetFindingRecommendationOutput {
+ s.Status = &v
return s
}
@@ -10274,6 +10993,85 @@ func (s *ReasonSummary) SetStatementIndex(v int64) *ReasonSummary {
return s
}
+// Contains information about the reason that the retrieval of a recommendation
+// for a finding failed.
+type RecommendationError struct {
+ _ struct{} `type:"structure"`
+
+ // The error code for a failed retrieval of a recommendation for a finding.
+ //
+ // Code is a required field
+ Code *string `locationName:"code" type:"string" required:"true"`
+
+ // The error message for a failed retrieval of a recommendation for a finding.
+ //
+ // Message is a required field
+ Message *string `locationName:"message" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecommendationError) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecommendationError) GoString() string {
+ return s.String()
+}
+
+// SetCode sets the Code field's value.
+func (s *RecommendationError) SetCode(v string) *RecommendationError {
+ s.Code = &v
+ return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *RecommendationError) SetMessage(v string) *RecommendationError {
+ s.Message = &v
+ return s
+}
+
+// Contains information about a recommended step for an unused access analyzer
+// finding.
+type RecommendedStep struct {
+ _ struct{} `type:"structure"`
+
+ // A recommended step for an unused permissions finding.
+ UnusedPermissionsRecommendedStep *UnusedPermissionsRecommendedStep `locationName:"unusedPermissionsRecommendedStep" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecommendedStep) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s RecommendedStep) GoString() string {
+ return s.String()
+}
+
+// SetUnusedPermissionsRecommendedStep sets the UnusedPermissionsRecommendedStep field's value.
+func (s *RecommendedStep) SetUnusedPermissionsRecommendedStep(v *UnusedPermissionsRecommendedStep) *RecommendedStep {
+ s.UnusedPermissionsRecommendedStep = v
+ return s
+}
+
// The specified resource could not be found.
type ResourceNotFoundException struct {
_ struct{} `type:"structure"`
@@ -11945,7 +12743,7 @@ type UnusedPermissionDetails struct {
// A list of unused actions for which the unused access finding was generated.
Actions []*UnusedAction `locationName:"actions" type:"list"`
- // The time at which the permission last accessed.
+ // The time at which the permission was last accessed.
LastAccessed *time.Time `locationName:"lastAccessed" type:"timestamp" timestampFormat:"iso8601"`
// The namespace of the Amazon Web Services service that contains the unused
@@ -11991,6 +12789,73 @@ func (s *UnusedPermissionDetails) SetServiceNamespace(v string) *UnusedPermissio
return s
}
+// Contains information about the action to take for a policy in an unused permissions
+// finding.
+type UnusedPermissionsRecommendedStep struct {
+ _ struct{} `type:"structure"`
+
+ // If the recommended action for the unused permissions finding is to detach
+ // a policy, the ID of an existing policy to be detached.
+ ExistingPolicyId *string `locationName:"existingPolicyId" type:"string"`
+
+ // The time at which the existing policy for the unused permissions finding
+ // was last updated.
+ PolicyUpdatedAt *time.Time `locationName:"policyUpdatedAt" type:"timestamp" timestampFormat:"iso8601"`
+
+ // A recommendation of whether to create or detach a policy for an unused permissions
+ // finding.
+ //
+ // RecommendedAction is a required field
+ RecommendedAction *string `locationName:"recommendedAction" type:"string" required:"true" enum:"RecommendedRemediationAction"`
+
+ // If the recommended action for the unused permissions finding is to replace
+ // the existing policy, the contents of the recommended policy to replace the
+ // policy specified in the existingPolicyId field.
+ RecommendedPolicy *string `locationName:"recommendedPolicy" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnusedPermissionsRecommendedStep) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UnusedPermissionsRecommendedStep) GoString() string {
+ return s.String()
+}
+
+// SetExistingPolicyId sets the ExistingPolicyId field's value.
+func (s *UnusedPermissionsRecommendedStep) SetExistingPolicyId(v string) *UnusedPermissionsRecommendedStep {
+ s.ExistingPolicyId = &v
+ return s
+}
+
+// SetPolicyUpdatedAt sets the PolicyUpdatedAt field's value.
+func (s *UnusedPermissionsRecommendedStep) SetPolicyUpdatedAt(v time.Time) *UnusedPermissionsRecommendedStep {
+ s.PolicyUpdatedAt = &v
+ return s
+}
+
+// SetRecommendedAction sets the RecommendedAction field's value.
+func (s *UnusedPermissionsRecommendedStep) SetRecommendedAction(v string) *UnusedPermissionsRecommendedStep {
+ s.RecommendedAction = &v
+ return s
+}
+
+// SetRecommendedPolicy sets the RecommendedPolicy field's value.
+func (s *UnusedPermissionsRecommendedStep) SetRecommendedPolicy(v string) *UnusedPermissionsRecommendedStep {
+ s.RecommendedPolicy = &v
+ return s
+}
+
// Updates the specified archive rule.
type UpdateArchiveRuleInput struct {
_ struct{} `type:"structure"`
@@ -12660,6 +13525,86 @@ func AccessCheckPolicyType_Values() []string {
}
}
+const (
+ // AccessCheckResourceTypeAwsDynamoDbTable is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsDynamoDbTable = "AWS::DynamoDB::Table"
+
+ // AccessCheckResourceTypeAwsDynamoDbStream is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsDynamoDbStream = "AWS::DynamoDB::Stream"
+
+ // AccessCheckResourceTypeAwsEfsFileSystem is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsEfsFileSystem = "AWS::EFS::FileSystem"
+
+ // AccessCheckResourceTypeAwsOpenSearchServiceDomain is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsOpenSearchServiceDomain = "AWS::OpenSearchService::Domain"
+
+ // AccessCheckResourceTypeAwsKinesisStream is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsKinesisStream = "AWS::Kinesis::Stream"
+
+ // AccessCheckResourceTypeAwsKinesisStreamConsumer is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsKinesisStreamConsumer = "AWS::Kinesis::StreamConsumer"
+
+ // AccessCheckResourceTypeAwsKmsKey is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsKmsKey = "AWS::KMS::Key"
+
+ // AccessCheckResourceTypeAwsLambdaFunction is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsLambdaFunction = "AWS::Lambda::Function"
+
+ // AccessCheckResourceTypeAwsS3Bucket is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3Bucket = "AWS::S3::Bucket"
+
+ // AccessCheckResourceTypeAwsS3AccessPoint is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3AccessPoint = "AWS::S3::AccessPoint"
+
+ // AccessCheckResourceTypeAwsS3expressDirectoryBucket is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3expressDirectoryBucket = "AWS::S3Express::DirectoryBucket"
+
+ // AccessCheckResourceTypeAwsS3Glacier is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3Glacier = "AWS::S3::Glacier"
+
+ // AccessCheckResourceTypeAwsS3outpostsBucket is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3outpostsBucket = "AWS::S3Outposts::Bucket"
+
+ // AccessCheckResourceTypeAwsS3outpostsAccessPoint is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsS3outpostsAccessPoint = "AWS::S3Outposts::AccessPoint"
+
+ // AccessCheckResourceTypeAwsSecretsManagerSecret is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsSecretsManagerSecret = "AWS::SecretsManager::Secret"
+
+ // AccessCheckResourceTypeAwsSnsTopic is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsSnsTopic = "AWS::SNS::Topic"
+
+ // AccessCheckResourceTypeAwsSqsQueue is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsSqsQueue = "AWS::SQS::Queue"
+
+ // AccessCheckResourceTypeAwsIamAssumeRolePolicyDocument is a AccessCheckResourceType enum value
+ AccessCheckResourceTypeAwsIamAssumeRolePolicyDocument = "AWS::IAM::AssumeRolePolicyDocument"
+)
+
+// AccessCheckResourceType_Values returns all elements of the AccessCheckResourceType enum
+func AccessCheckResourceType_Values() []string {
+ return []string{
+ AccessCheckResourceTypeAwsDynamoDbTable,
+ AccessCheckResourceTypeAwsDynamoDbStream,
+ AccessCheckResourceTypeAwsEfsFileSystem,
+ AccessCheckResourceTypeAwsOpenSearchServiceDomain,
+ AccessCheckResourceTypeAwsKinesisStream,
+ AccessCheckResourceTypeAwsKinesisStreamConsumer,
+ AccessCheckResourceTypeAwsKmsKey,
+ AccessCheckResourceTypeAwsLambdaFunction,
+ AccessCheckResourceTypeAwsS3Bucket,
+ AccessCheckResourceTypeAwsS3AccessPoint,
+ AccessCheckResourceTypeAwsS3expressDirectoryBucket,
+ AccessCheckResourceTypeAwsS3Glacier,
+ AccessCheckResourceTypeAwsS3outpostsBucket,
+ AccessCheckResourceTypeAwsS3outpostsAccessPoint,
+ AccessCheckResourceTypeAwsSecretsManagerSecret,
+ AccessCheckResourceTypeAwsSnsTopic,
+ AccessCheckResourceTypeAwsSqsQueue,
+ AccessCheckResourceTypeAwsIamAssumeRolePolicyDocument,
+ }
+}
+
const (
// AccessPreviewStatusCompleted is a AccessPreviewStatus enum value
AccessPreviewStatusCompleted = "COMPLETED"
@@ -12780,6 +13725,22 @@ func CheckNoNewAccessResult_Values() []string {
}
}
+const (
+ // CheckNoPublicAccessResultPass is a CheckNoPublicAccessResult enum value
+ CheckNoPublicAccessResultPass = "PASS"
+
+ // CheckNoPublicAccessResultFail is a CheckNoPublicAccessResult enum value
+ CheckNoPublicAccessResultFail = "FAIL"
+)
+
+// CheckNoPublicAccessResult_Values returns all elements of the CheckNoPublicAccessResult enum
+func CheckNoPublicAccessResult_Values() []string {
+ return []string{
+ CheckNoPublicAccessResultPass,
+ CheckNoPublicAccessResultFail,
+ }
+}
+
const (
// FindingChangeTypeChanged is a FindingChangeType enum value
FindingChangeTypeChanged = "CHANGED"
@@ -13108,6 +14069,34 @@ func ReasonCode_Values() []string {
}
}
+const (
+ // RecommendationTypeUnusedPermissionRecommendation is a RecommendationType enum value
+ RecommendationTypeUnusedPermissionRecommendation = "UnusedPermissionRecommendation"
+)
+
+// RecommendationType_Values returns all elements of the RecommendationType enum
+func RecommendationType_Values() []string {
+ return []string{
+ RecommendationTypeUnusedPermissionRecommendation,
+ }
+}
+
+const (
+ // RecommendedRemediationActionCreatePolicy is a RecommendedRemediationAction enum value
+ RecommendedRemediationActionCreatePolicy = "CREATE_POLICY"
+
+ // RecommendedRemediationActionDetachPolicy is a RecommendedRemediationAction enum value
+ RecommendedRemediationActionDetachPolicy = "DETACH_POLICY"
+)
+
+// RecommendedRemediationAction_Values returns all elements of the RecommendedRemediationAction enum
+func RecommendedRemediationAction_Values() []string {
+ return []string{
+ RecommendedRemediationActionCreatePolicy,
+ RecommendedRemediationActionDetachPolicy,
+ }
+}
+
const (
// ResourceTypeAwsS3Bucket is a ResourceType enum value
ResourceTypeAwsS3Bucket = "AWS::S3::Bucket"
@@ -13180,6 +14169,26 @@ func ResourceType_Values() []string {
}
}
+const (
+ // StatusSucceeded is a Status enum value
+ StatusSucceeded = "SUCCEEDED"
+
+ // StatusFailed is a Status enum value
+ StatusFailed = "FAILED"
+
+ // StatusInProgress is a Status enum value
+ StatusInProgress = "IN_PROGRESS"
+)
+
+// Status_Values returns all elements of the Status enum
+func Status_Values() []string {
+ return []string{
+ StatusSucceeded,
+ StatusFailed,
+ StatusInProgress,
+ }
+}
+
const (
// TypeAccount is a Type enum value
TypeAccount = "ACCOUNT"
@@ -13272,6 +14281,9 @@ const (
// ValidationExceptionReasonOther is a ValidationExceptionReason enum value
ValidationExceptionReasonOther = "other"
+
+ // ValidationExceptionReasonNotSupported is a ValidationExceptionReason enum value
+ ValidationExceptionReasonNotSupported = "notSupported"
)
// ValidationExceptionReason_Values returns all elements of the ValidationExceptionReason enum
@@ -13281,5 +14293,6 @@ func ValidationExceptionReason_Values() []string {
ValidationExceptionReasonCannotParse,
ValidationExceptionReasonFieldValidationFailed,
ValidationExceptionReasonOther,
+ ValidationExceptionReasonNotSupported,
}
}
diff --git a/service/accessanalyzer/examples_test.go b/service/accessanalyzer/examples_test.go
new file mode 100644
index 00000000000..c64b133c8a4
--- /dev/null
+++ b/service/accessanalyzer/examples_test.go
@@ -0,0 +1,475 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package accessanalyzer_test
+
+import (
+ "fmt"
+ "strings"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awserr"
+ "github.com/aws/aws-sdk-go/aws/session"
+ "github.com/aws/aws-sdk-go/service/accessanalyzer"
+)
+
+var _ time.Duration
+var _ strings.Reader
+var _ aws.Config
+
+func parseTime(layout, value string) *time.Time {
+ t, err := time.Parse(layout, value)
+ if err != nil {
+ panic(err)
+ }
+ return &t
+}
+
+// Passing check. Restrictive identity policy.
+//
+
+func ExampleAccessAnalyzer_CheckAccessNotGranted_shared00() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.CheckAccessNotGrantedInput{
+ Access: []*accessanalyzer.Access{
+ {
+ Actions: []*string{
+ aws.String("s3:PutObject"),
+ },
+ },
+ },
+ PolicyDocument: aws.String("{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:GetObject\",\"Resource\":\"*\"}]}"),
+ PolicyType: aws.String("RESOURCE_POLICY"),
+ }
+
+ result, err := svc.CheckAccessNotGranted(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeInvalidParameterException:
+ fmt.Println(accessanalyzer.ErrCodeInvalidParameterException, aerr.Error())
+ case accessanalyzer.ErrCodeUnprocessableEntityException:
+ fmt.Println(accessanalyzer.ErrCodeUnprocessableEntityException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Passing check. Restrictive S3 Bucket resource policy.
+//
+
+func ExampleAccessAnalyzer_CheckAccessNotGranted_shared01() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.CheckAccessNotGrantedInput{
+ Access: []*accessanalyzer.Access{
+ {
+ Resources: []*string{
+ aws.String("arn:aws:s3:::sensitive-bucket/*"),
+ },
+ },
+ },
+ PolicyDocument: aws.String("{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::non-sensitive-bucket/*\"}]}"),
+ PolicyType: aws.String("RESOURCE_POLICY"),
+ }
+
+ result, err := svc.CheckAccessNotGranted(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeInvalidParameterException:
+ fmt.Println(accessanalyzer.ErrCodeInvalidParameterException, aerr.Error())
+ case accessanalyzer.ErrCodeUnprocessableEntityException:
+ fmt.Println(accessanalyzer.ErrCodeUnprocessableEntityException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Failing check. Permissive S3 Bucket resource policy.
+//
+
+func ExampleAccessAnalyzer_CheckAccessNotGranted_shared02() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.CheckAccessNotGrantedInput{
+ Access: []*accessanalyzer.Access{
+ {
+ Resources: []*string{
+ aws.String("arn:aws:s3:::my-bucket/*"),
+ },
+ },
+ },
+ PolicyDocument: aws.String("{\"Version\":\"2012-10-17\",\"Id\":\"123\",\"Statement\":[{\"Sid\":\"AllowJohnDoe\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:user/JohnDoe\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::my-bucket/*\"}]}"),
+ PolicyType: aws.String("RESOURCE_POLICY"),
+ }
+
+ result, err := svc.CheckAccessNotGranted(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeInvalidParameterException:
+ fmt.Println(accessanalyzer.ErrCodeInvalidParameterException, aerr.Error())
+ case accessanalyzer.ErrCodeUnprocessableEntityException:
+ fmt.Println(accessanalyzer.ErrCodeUnprocessableEntityException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Passing check. S3 Bucket policy without public access.
+//
+
+func ExampleAccessAnalyzer_CheckNoPublicAccess_shared00() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.CheckNoPublicAccessInput{
+ PolicyDocument: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:user/JohnDoe\"},\"Action\":[\"s3:GetObject\"]}]}"),
+ ResourceType: aws.String("AWS::S3::Bucket"),
+ }
+
+ result, err := svc.CheckNoPublicAccess(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeInvalidParameterException:
+ fmt.Println(accessanalyzer.ErrCodeInvalidParameterException, aerr.Error())
+ case accessanalyzer.ErrCodeUnprocessableEntityException:
+ fmt.Println(accessanalyzer.ErrCodeUnprocessableEntityException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Failing check. S3 Bucket policy with public access.
+//
+
+func ExampleAccessAnalyzer_CheckNoPublicAccess_shared01() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.CheckNoPublicAccessInput{
+ PolicyDocument: aws.String("{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Bob\",\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"]}]}"),
+ ResourceType: aws.String("AWS::S3::Bucket"),
+ }
+
+ result, err := svc.CheckNoPublicAccess(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeInvalidParameterException:
+ fmt.Println(accessanalyzer.ErrCodeInvalidParameterException, aerr.Error())
+ case accessanalyzer.ErrCodeUnprocessableEntityException:
+ fmt.Println(accessanalyzer.ErrCodeUnprocessableEntityException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Successfully started generating finding recommendation
+//
+
+func ExampleAccessAnalyzer_GenerateFindingRecommendation_shared00() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GenerateFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("finding-id"),
+ }
+
+ result, err := svc.GenerateFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Failed field validation for id value
+//
+
+func ExampleAccessAnalyzer_GenerateFindingRecommendation_shared01() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GenerateFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("!"),
+ }
+
+ result, err := svc.GenerateFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Successfully fetched finding recommendation
+//
+
+func ExampleAccessAnalyzer_GetFindingRecommendation_shared00() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GetFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("finding-id"),
+ MaxResults: aws.Int64(3),
+ NextToken: aws.String("token"),
+ }
+
+ result, err := svc.GetFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeResourceNotFoundException:
+ fmt.Println(accessanalyzer.ErrCodeResourceNotFoundException, aerr.Error())
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// In progress finding recommendation
+//
+
+func ExampleAccessAnalyzer_GetFindingRecommendation_shared01() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GetFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("finding-id"),
+ MaxResults: aws.Int64(3),
+ }
+
+ result, err := svc.GetFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeResourceNotFoundException:
+ fmt.Println(accessanalyzer.ErrCodeResourceNotFoundException, aerr.Error())
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Failed finding recommendation
+//
+
+func ExampleAccessAnalyzer_GetFindingRecommendation_shared02() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GetFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("finding-id"),
+ MaxResults: aws.Int64(3),
+ }
+
+ result, err := svc.GetFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeResourceNotFoundException:
+ fmt.Println(accessanalyzer.ErrCodeResourceNotFoundException, aerr.Error())
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
+
+// Failed field validation for id value
+//
+
+func ExampleAccessAnalyzer_GetFindingRecommendation_shared03() {
+ svc := accessanalyzer.New(session.New())
+ input := &accessanalyzer.GetFindingRecommendationInput{
+ AnalyzerArn: aws.String("arn:aws:access-analyzer:us-east-1:111122223333:analyzer/a"),
+ Id: aws.String("!"),
+ }
+
+ result, err := svc.GetFindingRecommendation(input)
+ if err != nil {
+ if aerr, ok := err.(awserr.Error); ok {
+ switch aerr.Code() {
+ case accessanalyzer.ErrCodeResourceNotFoundException:
+ fmt.Println(accessanalyzer.ErrCodeResourceNotFoundException, aerr.Error())
+ case accessanalyzer.ErrCodeValidationException:
+ fmt.Println(accessanalyzer.ErrCodeValidationException, aerr.Error())
+ case accessanalyzer.ErrCodeInternalServerException:
+ fmt.Println(accessanalyzer.ErrCodeInternalServerException, aerr.Error())
+ case accessanalyzer.ErrCodeThrottlingException:
+ fmt.Println(accessanalyzer.ErrCodeThrottlingException, aerr.Error())
+ case accessanalyzer.ErrCodeAccessDeniedException:
+ fmt.Println(accessanalyzer.ErrCodeAccessDeniedException, aerr.Error())
+ default:
+ fmt.Println(aerr.Error())
+ }
+ } else {
+ // Print the error, cast err to awserr.Error to get the Code and
+ // Message from an error.
+ fmt.Println(err.Error())
+ }
+ return
+ }
+
+ fmt.Println(result)
+}
diff --git a/service/guardduty/api.go b/service/guardduty/api.go
index 787a803a49a..13e5dbb1724 100644
--- a/service/guardduty/api.go
+++ b/service/guardduty/api.go
@@ -547,6 +547,98 @@ func (c *GuardDuty) CreateIPSetWithContext(ctx aws.Context, input *CreateIPSetIn
return out, req.Send()
}
+const opCreateMalwareProtectionPlan = "CreateMalwareProtectionPlan"
+
+// CreateMalwareProtectionPlanRequest generates a "aws/request.Request" representing the
+// client's request for the CreateMalwareProtectionPlan operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateMalwareProtectionPlan for more information on using the CreateMalwareProtectionPlan
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateMalwareProtectionPlanRequest method.
+// req, resp := client.CreateMalwareProtectionPlanRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateMalwareProtectionPlan
+func (c *GuardDuty) CreateMalwareProtectionPlanRequest(input *CreateMalwareProtectionPlanInput) (req *request.Request, output *CreateMalwareProtectionPlanOutput) {
+ op := &request.Operation{
+ Name: opCreateMalwareProtectionPlan,
+ HTTPMethod: "POST",
+ HTTPPath: "/malware-protection-plan",
+ }
+
+ if input == nil {
+ input = &CreateMalwareProtectionPlanInput{}
+ }
+
+ output = &CreateMalwareProtectionPlanOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateMalwareProtectionPlan API operation for Amazon GuardDuty.
+//
+// Creates a new Malware Protection plan for the protected resource.
+//
+// When you create a Malware Protection plan, the Amazon Web Services service
+// terms for GuardDuty Malware Protection apply. For more information, see Amazon
+// Web Services service terms for GuardDuty Malware Protection (http://aws.amazon.com/service-terms/#87._Amazon_GuardDuty).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation CreateMalwareProtectionPlan for usage and error information.
+//
+// Returned Error Types:
+//
+// - BadRequestException
+// A bad request exception object.
+//
+// - AccessDeniedException
+// An access denied exception object.
+//
+// - ConflictException
+// A request conflict exception object.
+//
+// - InternalServerErrorException
+// An internal server error exception object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/CreateMalwareProtectionPlan
+func (c *GuardDuty) CreateMalwareProtectionPlan(input *CreateMalwareProtectionPlanInput) (*CreateMalwareProtectionPlanOutput, error) {
+ req, out := c.CreateMalwareProtectionPlanRequest(input)
+ return out, req.Send()
+}
+
+// CreateMalwareProtectionPlanWithContext is the same as CreateMalwareProtectionPlan with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateMalwareProtectionPlan for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) CreateMalwareProtectionPlanWithContext(ctx aws.Context, input *CreateMalwareProtectionPlanInput, opts ...request.Option) (*CreateMalwareProtectionPlanOutput, error) {
+ req, out := c.CreateMalwareProtectionPlanRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opCreateMembers = "CreateMembers"
// CreateMembersRequest generates a "aws/request.Request" representing the
@@ -1325,6 +1417,97 @@ func (c *GuardDuty) DeleteInvitationsWithContext(ctx aws.Context, input *DeleteI
return out, req.Send()
}
+const opDeleteMalwareProtectionPlan = "DeleteMalwareProtectionPlan"
+
+// DeleteMalwareProtectionPlanRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteMalwareProtectionPlan operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteMalwareProtectionPlan for more information on using the DeleteMalwareProtectionPlan
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteMalwareProtectionPlanRequest method.
+// req, resp := client.DeleteMalwareProtectionPlanRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteMalwareProtectionPlan
+func (c *GuardDuty) DeleteMalwareProtectionPlanRequest(input *DeleteMalwareProtectionPlanInput) (req *request.Request, output *DeleteMalwareProtectionPlanOutput) {
+ op := &request.Operation{
+ Name: opDeleteMalwareProtectionPlan,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/malware-protection-plan/{malwareProtectionPlanId}",
+ }
+
+ if input == nil {
+ input = &DeleteMalwareProtectionPlanInput{}
+ }
+
+ output = &DeleteMalwareProtectionPlanOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteMalwareProtectionPlan API operation for Amazon GuardDuty.
+//
+// Deletes the Malware Protection plan ID associated with the Malware Protection
+// plan resource. Use this API only when you no longer want to protect the resource
+// associated with this Malware Protection plan ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation DeleteMalwareProtectionPlan for usage and error information.
+//
+// Returned Error Types:
+//
+// - BadRequestException
+// A bad request exception object.
+//
+// - AccessDeniedException
+// An access denied exception object.
+//
+// - InternalServerErrorException
+// An internal server error exception object.
+//
+// - ResourceNotFoundException
+// The requested resource can't be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/DeleteMalwareProtectionPlan
+func (c *GuardDuty) DeleteMalwareProtectionPlan(input *DeleteMalwareProtectionPlanInput) (*DeleteMalwareProtectionPlanOutput, error) {
+ req, out := c.DeleteMalwareProtectionPlanRequest(input)
+ return out, req.Send()
+}
+
+// DeleteMalwareProtectionPlanWithContext is the same as DeleteMalwareProtectionPlan with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteMalwareProtectionPlan for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) DeleteMalwareProtectionPlanWithContext(ctx aws.Context, input *DeleteMalwareProtectionPlanInput, opts ...request.Option) (*DeleteMalwareProtectionPlanOutput, error) {
+ req, out := c.DeleteMalwareProtectionPlanRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opDeleteMembers = "DeleteMembers"
// DeleteMembersRequest generates a "aws/request.Request" representing the
@@ -3100,6 +3283,95 @@ func (c *GuardDuty) GetInvitationsCountWithContext(ctx aws.Context, input *GetIn
return out, req.Send()
}
+const opGetMalwareProtectionPlan = "GetMalwareProtectionPlan"
+
+// GetMalwareProtectionPlanRequest generates a "aws/request.Request" representing the
+// client's request for the GetMalwareProtectionPlan operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetMalwareProtectionPlan for more information on using the GetMalwareProtectionPlan
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetMalwareProtectionPlanRequest method.
+// req, resp := client.GetMalwareProtectionPlanRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareProtectionPlan
+func (c *GuardDuty) GetMalwareProtectionPlanRequest(input *GetMalwareProtectionPlanInput) (req *request.Request, output *GetMalwareProtectionPlanOutput) {
+ op := &request.Operation{
+ Name: opGetMalwareProtectionPlan,
+ HTTPMethod: "GET",
+ HTTPPath: "/malware-protection-plan/{malwareProtectionPlanId}",
+ }
+
+ if input == nil {
+ input = &GetMalwareProtectionPlanInput{}
+ }
+
+ output = &GetMalwareProtectionPlanOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetMalwareProtectionPlan API operation for Amazon GuardDuty.
+//
+// Retrieves the Malware Protection plan details associated with a Malware Protection
+// plan ID.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation GetMalwareProtectionPlan for usage and error information.
+//
+// Returned Error Types:
+//
+// - BadRequestException
+// A bad request exception object.
+//
+// - AccessDeniedException
+// An access denied exception object.
+//
+// - InternalServerErrorException
+// An internal server error exception object.
+//
+// - ResourceNotFoundException
+// The requested resource can't be found.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/GetMalwareProtectionPlan
+func (c *GuardDuty) GetMalwareProtectionPlan(input *GetMalwareProtectionPlanInput) (*GetMalwareProtectionPlanOutput, error) {
+ req, out := c.GetMalwareProtectionPlanRequest(input)
+ return out, req.Send()
+}
+
+// GetMalwareProtectionPlanWithContext is the same as GetMalwareProtectionPlan with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetMalwareProtectionPlan for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) GetMalwareProtectionPlanWithContext(ctx aws.Context, input *GetMalwareProtectionPlanInput, opts ...request.Option) (*GetMalwareProtectionPlanOutput, error) {
+ req, out := c.GetMalwareProtectionPlanRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opGetMalwareScanSettings = "GetMalwareScanSettings"
// GetMalwareScanSettingsRequest generates a "aws/request.Request" representing the
@@ -4807,6 +5079,92 @@ func (c *GuardDuty) ListInvitationsPagesWithContext(ctx aws.Context, input *List
return p.Err()
}
+const opListMalwareProtectionPlans = "ListMalwareProtectionPlans"
+
+// ListMalwareProtectionPlansRequest generates a "aws/request.Request" representing the
+// client's request for the ListMalwareProtectionPlans operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListMalwareProtectionPlans for more information on using the ListMalwareProtectionPlans
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListMalwareProtectionPlansRequest method.
+// req, resp := client.ListMalwareProtectionPlansRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMalwareProtectionPlans
+func (c *GuardDuty) ListMalwareProtectionPlansRequest(input *ListMalwareProtectionPlansInput) (req *request.Request, output *ListMalwareProtectionPlansOutput) {
+ op := &request.Operation{
+ Name: opListMalwareProtectionPlans,
+ HTTPMethod: "GET",
+ HTTPPath: "/malware-protection-plan",
+ }
+
+ if input == nil {
+ input = &ListMalwareProtectionPlansInput{}
+ }
+
+ output = &ListMalwareProtectionPlansOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListMalwareProtectionPlans API operation for Amazon GuardDuty.
+//
+// Lists the Malware Protection plan IDs associated with the protected resources
+// in your Amazon Web Services account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation ListMalwareProtectionPlans for usage and error information.
+//
+// Returned Error Types:
+//
+// - BadRequestException
+// A bad request exception object.
+//
+// - AccessDeniedException
+// An access denied exception object.
+//
+// - InternalServerErrorException
+// An internal server error exception object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/ListMalwareProtectionPlans
+func (c *GuardDuty) ListMalwareProtectionPlans(input *ListMalwareProtectionPlansInput) (*ListMalwareProtectionPlansOutput, error) {
+ req, out := c.ListMalwareProtectionPlansRequest(input)
+ return out, req.Send()
+}
+
+// ListMalwareProtectionPlansWithContext is the same as ListMalwareProtectionPlans with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListMalwareProtectionPlans for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) ListMalwareProtectionPlansWithContext(ctx aws.Context, input *ListMalwareProtectionPlansInput, opts ...request.Option) (*ListMalwareProtectionPlansOutput, error) {
+ req, out := c.ListMalwareProtectionPlansRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opListMembers = "ListMembers"
// ListMembersRequest generates a "aws/request.Request" representing the
@@ -6313,6 +6671,95 @@ func (c *GuardDuty) UpdateIPSetWithContext(ctx aws.Context, input *UpdateIPSetIn
return out, req.Send()
}
+const opUpdateMalwareProtectionPlan = "UpdateMalwareProtectionPlan"
+
+// UpdateMalwareProtectionPlanRequest generates a "aws/request.Request" representing the
+// client's request for the UpdateMalwareProtectionPlan operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UpdateMalwareProtectionPlan for more information on using the UpdateMalwareProtectionPlan
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UpdateMalwareProtectionPlanRequest method.
+// req, resp := client.UpdateMalwareProtectionPlanRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareProtectionPlan
+func (c *GuardDuty) UpdateMalwareProtectionPlanRequest(input *UpdateMalwareProtectionPlanInput) (req *request.Request, output *UpdateMalwareProtectionPlanOutput) {
+ op := &request.Operation{
+ Name: opUpdateMalwareProtectionPlan,
+ HTTPMethod: "PATCH",
+ HTTPPath: "/malware-protection-plan/{malwareProtectionPlanId}",
+ }
+
+ if input == nil {
+ input = &UpdateMalwareProtectionPlanInput{}
+ }
+
+ output = &UpdateMalwareProtectionPlanOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UpdateMalwareProtectionPlan API operation for Amazon GuardDuty.
+//
+// Updates an existing Malware Protection plan resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Amazon GuardDuty's
+// API operation UpdateMalwareProtectionPlan for usage and error information.
+//
+// Returned Error Types:
+//
+// - BadRequestException
+// A bad request exception object.
+//
+// - AccessDeniedException
+// An access denied exception object.
+//
+// - ResourceNotFoundException
+// The requested resource can't be found.
+//
+// - InternalServerErrorException
+// An internal server error exception object.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/guardduty-2017-11-28/UpdateMalwareProtectionPlan
+func (c *GuardDuty) UpdateMalwareProtectionPlan(input *UpdateMalwareProtectionPlanInput) (*UpdateMalwareProtectionPlanOutput, error) {
+ req, out := c.UpdateMalwareProtectionPlanRequest(input)
+ return out, req.Send()
+}
+
+// UpdateMalwareProtectionPlanWithContext is the same as UpdateMalwareProtectionPlan with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UpdateMalwareProtectionPlan for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *GuardDuty) UpdateMalwareProtectionPlanWithContext(ctx aws.Context, input *UpdateMalwareProtectionPlanInput, opts ...request.Option) (*UpdateMalwareProtectionPlanOutput, error) {
+ req, out := c.UpdateMalwareProtectionPlanRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
const opUpdateMalwareScanSettings = "UpdateMalwareScanSettings"
// UpdateMalwareScanSettingsRequest generates a "aws/request.Request" representing the
@@ -9732,8 +10179,146 @@ func (s *CreateIPSetInput) Validate() error {
if s.Name == nil {
invalidParams.Add(request.NewErrParamRequired("Name"))
}
- if s.Name != nil && len(*s.Name) < 1 {
- invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+ if s.Name != nil && len(*s.Name) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Name", 1))
+ }
+ if s.Tags != nil && len(s.Tags) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetActivate sets the Activate field's value.
+func (s *CreateIPSetInput) SetActivate(v bool) *CreateIPSetInput {
+ s.Activate = &v
+ return s
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateIPSetInput) SetClientToken(v string) *CreateIPSetInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetDetectorId sets the DetectorId field's value.
+func (s *CreateIPSetInput) SetDetectorId(v string) *CreateIPSetInput {
+ s.DetectorId = &v
+ return s
+}
+
+// SetFormat sets the Format field's value.
+func (s *CreateIPSetInput) SetFormat(v string) *CreateIPSetInput {
+ s.Format = &v
+ return s
+}
+
+// SetLocation sets the Location field's value.
+func (s *CreateIPSetInput) SetLocation(v string) *CreateIPSetInput {
+ s.Location = &v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CreateIPSetInput) SetName(v string) *CreateIPSetInput {
+ s.Name = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateIPSetInput) SetTags(v map[string]*string) *CreateIPSetInput {
+ s.Tags = v
+ return s
+}
+
+type CreateIPSetOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The ID of the IPSet resource.
+ //
+ // IpSetId is a required field
+ IpSetId *string `locationName:"ipSetId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateIPSetOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateIPSetOutput) GoString() string {
+ return s.String()
+}
+
+// SetIpSetId sets the IpSetId field's value.
+func (s *CreateIPSetOutput) SetIpSetId(v string) *CreateIPSetOutput {
+ s.IpSetId = &v
+ return s
+}
+
+type CreateMalwareProtectionPlanInput struct {
+ _ struct{} `type:"structure"`
+
+ // Information about whether the tags will be added to the S3 object after scanning.
+ Actions *MalwareProtectionPlanActions `locationName:"actions" type:"structure"`
+
+ // The idempotency token for the create request.
+ ClientToken *string `locationName:"clientToken" type:"string" idempotencyToken:"true"`
+
+ // Information about the protected resource that is associated with the created
+ // Malware Protection plan. Presently, S3Bucket is the only supported protected
+ // resource.
+ //
+ // ProtectedResource is a required field
+ ProtectedResource *CreateProtectedResource `locationName:"protectedResource" type:"structure" required:"true"`
+
+ // IAM role with permissions required to scan and add tags to the associated
+ // protected resource.
+ //
+ // Role is a required field
+ Role *string `locationName:"role" type:"string" required:"true"`
+
+ // Tags added to the Malware Protection plan resource.
+ Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMalwareProtectionPlanInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateMalwareProtectionPlanInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateMalwareProtectionPlanInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateMalwareProtectionPlanInput"}
+ if s.ProtectedResource == nil {
+ invalidParams.Add(request.NewErrParamRequired("ProtectedResource"))
+ }
+ if s.Role == nil {
+ invalidParams.Add(request.NewErrParamRequired("Role"))
}
if s.Tags != nil && len(s.Tags) < 1 {
invalidParams.Add(request.NewErrParamMinLen("Tags", 1))
@@ -9745,55 +10330,41 @@ func (s *CreateIPSetInput) Validate() error {
return nil
}
-// SetActivate sets the Activate field's value.
-func (s *CreateIPSetInput) SetActivate(v bool) *CreateIPSetInput {
- s.Activate = &v
+// SetActions sets the Actions field's value.
+func (s *CreateMalwareProtectionPlanInput) SetActions(v *MalwareProtectionPlanActions) *CreateMalwareProtectionPlanInput {
+ s.Actions = v
return s
}
// SetClientToken sets the ClientToken field's value.
-func (s *CreateIPSetInput) SetClientToken(v string) *CreateIPSetInput {
+func (s *CreateMalwareProtectionPlanInput) SetClientToken(v string) *CreateMalwareProtectionPlanInput {
s.ClientToken = &v
return s
}
-// SetDetectorId sets the DetectorId field's value.
-func (s *CreateIPSetInput) SetDetectorId(v string) *CreateIPSetInput {
- s.DetectorId = &v
- return s
-}
-
-// SetFormat sets the Format field's value.
-func (s *CreateIPSetInput) SetFormat(v string) *CreateIPSetInput {
- s.Format = &v
- return s
-}
-
-// SetLocation sets the Location field's value.
-func (s *CreateIPSetInput) SetLocation(v string) *CreateIPSetInput {
- s.Location = &v
+// SetProtectedResource sets the ProtectedResource field's value.
+func (s *CreateMalwareProtectionPlanInput) SetProtectedResource(v *CreateProtectedResource) *CreateMalwareProtectionPlanInput {
+ s.ProtectedResource = v
return s
}
-// SetName sets the Name field's value.
-func (s *CreateIPSetInput) SetName(v string) *CreateIPSetInput {
- s.Name = &v
+// SetRole sets the Role field's value.
+func (s *CreateMalwareProtectionPlanInput) SetRole(v string) *CreateMalwareProtectionPlanInput {
+ s.Role = &v
return s
}
// SetTags sets the Tags field's value.
-func (s *CreateIPSetInput) SetTags(v map[string]*string) *CreateIPSetInput {
+func (s *CreateMalwareProtectionPlanInput) SetTags(v map[string]*string) *CreateMalwareProtectionPlanInput {
s.Tags = v
return s
}
-type CreateIPSetOutput struct {
+type CreateMalwareProtectionPlanOutput struct {
_ struct{} `type:"structure"`
- // The ID of the IPSet resource.
- //
- // IpSetId is a required field
- IpSetId *string `locationName:"ipSetId" type:"string" required:"true"`
+ // A unique identifier associated with the Malware Protection plan resource.
+ MalwareProtectionPlanId *string `locationName:"malwareProtectionPlanId" type:"string"`
}
// String returns the string representation.
@@ -9801,7 +10372,7 @@ type CreateIPSetOutput struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateIPSetOutput) String() string {
+func (s CreateMalwareProtectionPlanOutput) String() string {
return awsutil.Prettify(s)
}
@@ -9810,13 +10381,13 @@ func (s CreateIPSetOutput) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s CreateIPSetOutput) GoString() string {
+func (s CreateMalwareProtectionPlanOutput) GoString() string {
return s.String()
}
-// SetIpSetId sets the IpSetId field's value.
-func (s *CreateIPSetOutput) SetIpSetId(v string) *CreateIPSetOutput {
- s.IpSetId = &v
+// SetMalwareProtectionPlanId sets the MalwareProtectionPlanId field's value.
+func (s *CreateMalwareProtectionPlanOutput) SetMalwareProtectionPlanId(v string) *CreateMalwareProtectionPlanOutput {
+ s.MalwareProtectionPlanId = &v
return s
}
@@ -9932,6 +10503,40 @@ func (s *CreateMembersOutput) SetUnprocessedAccounts(v []*UnprocessedAccount) *C
return s
}
+// Information about the protected resource that is associated with the created
+// Malware Protection plan. Presently, S3Bucket is the only supported protected
+// resource.
+type CreateProtectedResource struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the protected S3 bucket resource.
+ S3Bucket *CreateS3BucketResource `locationName:"s3Bucket" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateProtectedResource) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateProtectedResource) GoString() string {
+ return s.String()
+}
+
+// SetS3Bucket sets the S3Bucket field's value.
+func (s *CreateProtectedResource) SetS3Bucket(v *CreateS3BucketResource) *CreateProtectedResource {
+ s.S3Bucket = v
+ return s
+}
+
type CreatePublishingDestinationInput struct {
_ struct{} `type:"structure"`
@@ -10056,6 +10661,48 @@ func (s *CreatePublishingDestinationOutput) SetDestinationId(v string) *CreatePu
return s
}
+// Information about the protected S3 bucket resource.
+type CreateS3BucketResource struct {
+ _ struct{} `type:"structure"`
+
+ // Name of the S3 bucket.
+ BucketName *string `locationName:"bucketName" type:"string"`
+
+ // Information about the specified object prefixes. The S3 object will be scanned
+ // only if it belongs to any of the specified object prefixes.
+ ObjectPrefixes []*string `locationName:"objectPrefixes" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateS3BucketResource) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateS3BucketResource) GoString() string {
+ return s.String()
+}
+
+// SetBucketName sets the BucketName field's value.
+func (s *CreateS3BucketResource) SetBucketName(v string) *CreateS3BucketResource {
+ s.BucketName = &v
+ return s
+}
+
+// SetObjectPrefixes sets the ObjectPrefixes field's value.
+func (s *CreateS3BucketResource) SetObjectPrefixes(v []*string) *CreateS3BucketResource {
+ s.ObjectPrefixes = v
+ return s
+}
+
type CreateSampleFindingsInput struct {
_ struct{} `type:"structure"`
@@ -11071,6 +11718,77 @@ func (s *DeleteInvitationsOutput) SetUnprocessedAccounts(v []*UnprocessedAccount
return s
}
+type DeleteMalwareProtectionPlanInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // A unique identifier associated with Malware Protection plan resource.
+ //
+ // MalwareProtectionPlanId is a required field
+ MalwareProtectionPlanId *string `location:"uri" locationName:"malwareProtectionPlanId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMalwareProtectionPlanInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMalwareProtectionPlanInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteMalwareProtectionPlanInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteMalwareProtectionPlanInput"}
+ if s.MalwareProtectionPlanId == nil {
+ invalidParams.Add(request.NewErrParamRequired("MalwareProtectionPlanId"))
+ }
+ if s.MalwareProtectionPlanId != nil && len(*s.MalwareProtectionPlanId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("MalwareProtectionPlanId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMalwareProtectionPlanId sets the MalwareProtectionPlanId field's value.
+func (s *DeleteMalwareProtectionPlanInput) SetMalwareProtectionPlanId(v string) *DeleteMalwareProtectionPlanInput {
+ s.MalwareProtectionPlanId = &v
+ return s
+}
+
+type DeleteMalwareProtectionPlanOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMalwareProtectionPlanOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteMalwareProtectionPlanOutput) GoString() string {
+ return s.String()
+}
+
type DeleteMembersInput struct {
_ struct{} `type:"structure"`
@@ -14617,6 +15335,153 @@ func (s *GetInvitationsCountOutput) SetInvitationsCount(v int64) *GetInvitations
return s
}
+type GetMalwareProtectionPlanInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // A unique identifier associated with Malware Protection plan resource.
+ //
+ // MalwareProtectionPlanId is a required field
+ MalwareProtectionPlanId *string `location:"uri" locationName:"malwareProtectionPlanId" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetMalwareProtectionPlanInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetMalwareProtectionPlanInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetMalwareProtectionPlanInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetMalwareProtectionPlanInput"}
+ if s.MalwareProtectionPlanId == nil {
+ invalidParams.Add(request.NewErrParamRequired("MalwareProtectionPlanId"))
+ }
+ if s.MalwareProtectionPlanId != nil && len(*s.MalwareProtectionPlanId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("MalwareProtectionPlanId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMalwareProtectionPlanId sets the MalwareProtectionPlanId field's value.
+func (s *GetMalwareProtectionPlanInput) SetMalwareProtectionPlanId(v string) *GetMalwareProtectionPlanInput {
+ s.MalwareProtectionPlanId = &v
+ return s
+}
+
+type GetMalwareProtectionPlanOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Information about whether the tags will be added to the S3 object after scanning.
+ Actions *MalwareProtectionPlanActions `locationName:"actions" type:"structure"`
+
+ // Amazon Resource Name (ARN) of the protected resource.
+ Arn *string `locationName:"arn" type:"string"`
+
+ // The timestamp when the Malware Protection plan resource was created.
+ CreatedAt *time.Time `locationName:"createdAt" type:"timestamp"`
+
+ // Information about the protected resource that is associated with the created
+ // Malware Protection plan. Presently, S3Bucket is the only supported protected
+ // resource.
+ ProtectedResource *CreateProtectedResource `locationName:"protectedResource" type:"structure"`
+
+ // IAM role that includes the permissions required to scan and add tags to the
+ // associated protected resource.
+ Role *string `locationName:"role" type:"string"`
+
+ // Malware Protection plan status.
+ Status *string `locationName:"status" type:"string" enum:"MalwareProtectionPlanStatus"`
+
+ // Information about the issue code and message associated to the status of
+ // your Malware Protection plan.
+ StatusReasons []*MalwareProtectionPlanStatusReason `locationName:"statusReasons" type:"list"`
+
+ // Tags added to the Malware Protection plan resource.
+ Tags map[string]*string `locationName:"tags" min:"1" type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetMalwareProtectionPlanOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetMalwareProtectionPlanOutput) GoString() string {
+ return s.String()
+}
+
+// SetActions sets the Actions field's value.
+func (s *GetMalwareProtectionPlanOutput) SetActions(v *MalwareProtectionPlanActions) *GetMalwareProtectionPlanOutput {
+ s.Actions = v
+ return s
+}
+
+// SetArn sets the Arn field's value.
+func (s *GetMalwareProtectionPlanOutput) SetArn(v string) *GetMalwareProtectionPlanOutput {
+ s.Arn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *GetMalwareProtectionPlanOutput) SetCreatedAt(v time.Time) *GetMalwareProtectionPlanOutput {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetProtectedResource sets the ProtectedResource field's value.
+func (s *GetMalwareProtectionPlanOutput) SetProtectedResource(v *CreateProtectedResource) *GetMalwareProtectionPlanOutput {
+ s.ProtectedResource = v
+ return s
+}
+
+// SetRole sets the Role field's value.
+func (s *GetMalwareProtectionPlanOutput) SetRole(v string) *GetMalwareProtectionPlanOutput {
+ s.Role = &v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *GetMalwareProtectionPlanOutput) SetStatus(v string) *GetMalwareProtectionPlanOutput {
+ s.Status = &v
+ return s
+}
+
+// SetStatusReasons sets the StatusReasons field's value.
+func (s *GetMalwareProtectionPlanOutput) SetStatusReasons(v []*MalwareProtectionPlanStatusReason) *GetMalwareProtectionPlanOutput {
+ s.StatusReasons = v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *GetMalwareProtectionPlanOutput) SetTags(v map[string]*string) *GetMalwareProtectionPlanOutput {
+ s.Tags = v
+ return s
+}
+
type GetMalwareScanSettingsInput struct {
_ struct{} `type:"structure" nopayload:"true"`
@@ -16027,6 +16892,47 @@ func (s *InviteMembersOutput) SetUnprocessedAccounts(v []*UnprocessedAccount) *I
return s
}
+// Information about the nested item path and hash of the protected resource.
+type ItemPath struct {
+ _ struct{} `type:"structure"`
+
+ // The hash value of the infected resource.
+ Hash *string `locationName:"hash" type:"string"`
+
+ // The nested item path where the infected file was found.
+ NestedItemPath *string `locationName:"nestedItemPath" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ItemPath) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ItemPath) GoString() string {
+ return s.String()
+}
+
+// SetHash sets the Hash field's value.
+func (s *ItemPath) SetHash(v string) *ItemPath {
+ s.Hash = &v
+ return s
+}
+
+// SetNestedItemPath sets the NestedItemPath field's value.
+func (s *ItemPath) SetNestedItemPath(v string) *ItemPath {
+ s.NestedItemPath = &v
+ return s
+}
+
// Information about the Kubernetes API call action described in this finding.
type KubernetesApiCallAction struct {
_ struct{} `type:"structure"`
@@ -17772,6 +18678,83 @@ func (s *ListInvitationsOutput) SetNextToken(v string) *ListInvitationsOutput {
return s
}
+type ListMalwareProtectionPlansInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // You can use this parameter when paginating results. Set the value of this
+ // parameter to null on your first call to the list action. For subsequent calls
+ // to the action, fill nextToken in the request with the value of NextToken
+ // from the previous response to continue listing data.
+ NextToken *string `location:"querystring" locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMalwareProtectionPlansInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMalwareProtectionPlansInput) GoString() string {
+ return s.String()
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListMalwareProtectionPlansInput) SetNextToken(v string) *ListMalwareProtectionPlansInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListMalwareProtectionPlansOutput struct {
+ _ struct{} `type:"structure"`
+
+ // A list of unique identifiers associated with each Malware Protection plan.
+ MalwareProtectionPlans []*MalwareProtectionPlanSummary `locationName:"malwareProtectionPlans" type:"list"`
+
+ // You can use this parameter when paginating results. Set the value of this
+ // parameter to null on your first call to the list action. For subsequent calls
+ // to the action, fill nextToken in the request with the value of NextToken
+ // from the previous response to continue listing data.
+ NextToken *string `locationName:"nextToken" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMalwareProtectionPlansOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListMalwareProtectionPlansOutput) GoString() string {
+ return s.String()
+}
+
+// SetMalwareProtectionPlans sets the MalwareProtectionPlans field's value.
+func (s *ListMalwareProtectionPlansOutput) SetMalwareProtectionPlans(v []*MalwareProtectionPlanSummary) *ListMalwareProtectionPlansOutput {
+ s.MalwareProtectionPlans = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListMalwareProtectionPlansOutput) SetNextToken(v string) *ListMalwareProtectionPlansOutput {
+ s.NextToken = &v
+ return s
+}
+
type ListMembersInput struct {
_ struct{} `type:"structure" nopayload:"true"`
@@ -18575,6 +19558,180 @@ func (s *MalwareProtectionDataSourceFreeTrial) SetScanEc2InstanceWithFindings(v
return s
}
+// Information about whether the tags will be added to the S3 object after scanning.
+type MalwareProtectionPlanActions struct {
+ _ struct{} `type:"structure"`
+
+ // Indicates whether the scanned S3 object will have tags about the scan result.
+ Tagging *MalwareProtectionPlanTaggingAction `locationName:"tagging" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanActions) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanActions) GoString() string {
+ return s.String()
+}
+
+// SetTagging sets the Tagging field's value.
+func (s *MalwareProtectionPlanActions) SetTagging(v *MalwareProtectionPlanTaggingAction) *MalwareProtectionPlanActions {
+ s.Tagging = v
+ return s
+}
+
+// Information about the issue code and message associated to the status of
+// your Malware Protection plan.
+type MalwareProtectionPlanStatusReason struct {
+ _ struct{} `type:"structure"`
+
+ // Issue code.
+ Code *string `locationName:"code" type:"string"`
+
+ // Issue message that specifies the reason. For information about potential
+ // troubleshooting steps, see Troubleshooting Malware Protection for S3 status
+ // issues (https://docs.aws.amazon.com/guardduty/latest/ug/troubleshoot-s3-malware-protection-status-errors.html)
+ // in the GuardDuty User Guide.
+ Message *string `locationName:"message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanStatusReason) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanStatusReason) GoString() string {
+ return s.String()
+}
+
+// SetCode sets the Code field's value.
+func (s *MalwareProtectionPlanStatusReason) SetCode(v string) *MalwareProtectionPlanStatusReason {
+ s.Code = &v
+ return s
+}
+
+// SetMessage sets the Message field's value.
+func (s *MalwareProtectionPlanStatusReason) SetMessage(v string) *MalwareProtectionPlanStatusReason {
+ s.Message = &v
+ return s
+}
+
+// Information about the Malware Protection plan resource.
+type MalwareProtectionPlanSummary struct {
+ _ struct{} `type:"structure"`
+
+ // A unique identifier associated with Malware Protection plan.
+ MalwareProtectionPlanId *string `locationName:"malwareProtectionPlanId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanSummary) GoString() string {
+ return s.String()
+}
+
+// SetMalwareProtectionPlanId sets the MalwareProtectionPlanId field's value.
+func (s *MalwareProtectionPlanSummary) SetMalwareProtectionPlanId(v string) *MalwareProtectionPlanSummary {
+ s.MalwareProtectionPlanId = &v
+ return s
+}
+
+// Information about adding tags to the scanned S3 object after the scan result.
+type MalwareProtectionPlanTaggingAction struct {
+ _ struct{} `type:"structure"`
+
+ // Indicates whether or not the tags will added.
+ Status *string `locationName:"status" type:"string" enum:"MalwareProtectionPlanTaggingActionStatus"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanTaggingAction) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareProtectionPlanTaggingAction) GoString() string {
+ return s.String()
+}
+
+// SetStatus sets the Status field's value.
+func (s *MalwareProtectionPlanTaggingAction) SetStatus(v string) *MalwareProtectionPlanTaggingAction {
+ s.Status = &v
+ return s
+}
+
+// Information about the malware scan that generated a GuardDuty finding.
+type MalwareScanDetails struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the detected threats associated with the generated GuardDuty
+ // finding.
+ Threats []*Threat `locationName:"threats" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareScanDetails) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MalwareScanDetails) GoString() string {
+ return s.String()
+}
+
+// SetThreats sets the Threats field's value.
+func (s *MalwareScanDetails) SetThreats(v []*Threat) *MalwareScanDetails {
+ s.Threats = v
+ return s
+}
+
// Contains information about the administrator account and invitation.
type Master struct {
_ struct{} `type:"structure"`
@@ -21272,8 +22429,44 @@ func (s *Resource) SetS3BucketDetails(v []*S3BucketDetail) *Resource {
type ResourceDetails struct {
_ struct{} `type:"structure"`
- // InstanceArn that was scanned in the scan entry.
- InstanceArn *string `locationName:"instanceArn" type:"string"`
+ // Instance ARN that was scanned in the scan entry.
+ InstanceArn *string `locationName:"instanceArn" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceDetails) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceDetails) GoString() string {
+ return s.String()
+}
+
+// SetInstanceArn sets the InstanceArn field's value.
+func (s *ResourceDetails) SetInstanceArn(v string) *ResourceDetails {
+ s.InstanceArn = &v
+ return s
+}
+
+// The requested resource can't be found.
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ // The error message.
+ Message_ *string `locationName:"message" type:"string"`
+
+ // The error type.
+ Type *string `locationName:"__type" type:"string"`
}
// String returns the string representation.
@@ -21281,7 +22474,7 @@ type ResourceDetails struct {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ResourceDetails) String() string {
+func (s ResourceNotFoundException) String() string {
return awsutil.Prettify(s)
}
@@ -21290,14 +22483,46 @@ func (s ResourceDetails) String() string {
// API parameter values that are decorated as "sensitive" in the API will not
// be included in the string output. The member name will be present, but the
// value will be replaced with "sensitive".
-func (s ResourceDetails) GoString() string {
+func (s ResourceNotFoundException) GoString() string {
return s.String()
}
-// SetInstanceArn sets the InstanceArn field's value.
-func (s *ResourceDetails) SetInstanceArn(v string) *ResourceDetails {
- s.InstanceArn = &v
- return s
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
}
// Additional information about the suspicious activity.
@@ -21620,6 +22845,9 @@ type S3BucketDetail struct {
// Describes the public access policies that apply to the S3 bucket.
PublicAccess *PublicAccess `locationName:"publicAccess" type:"structure"`
+ // Information about the S3 object that was scanned.
+ S3ObjectDetails []*S3ObjectDetail `locationName:"s3ObjectDetails" type:"list"`
+
// All tags attached to the S3 bucket
Tags []*Tag `locationName:"tags" type:"list"`
@@ -21681,6 +22909,12 @@ func (s *S3BucketDetail) SetPublicAccess(v *PublicAccess) *S3BucketDetail {
return s
}
+// SetS3ObjectDetails sets the S3ObjectDetails field's value.
+func (s *S3BucketDetail) SetS3ObjectDetails(v []*S3ObjectDetail) *S3BucketDetail {
+ s.S3ObjectDetails = v
+ return s
+}
+
// SetTags sets the Tags field's value.
func (s *S3BucketDetail) SetTags(v []*Tag) *S3BucketDetail {
s.Tags = v
@@ -21775,6 +23009,75 @@ func (s *S3LogsConfigurationResult) SetStatus(v string) *S3LogsConfigurationResu
return s
}
+// Information about the S3 object that was scanned
+type S3ObjectDetail struct {
+ _ struct{} `type:"structure"`
+
+ // The entity tag is a hash of the S3 object. The ETag reflects changes only
+ // to the contents of an object, and not its metadata.
+ ETag *string `locationName:"eTag" type:"string"`
+
+ // Hash of the threat detected in this finding.
+ Hash *string `locationName:"hash" type:"string"`
+
+ // Key of the S3 object.
+ Key *string `locationName:"key" type:"string"`
+
+ // Amazon Resource Name (ARN) of the S3 object.
+ ObjectArn *string `locationName:"objectArn" type:"string"`
+
+ // Version ID of the object.
+ VersionId *string `locationName:"versionId" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3ObjectDetail) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s S3ObjectDetail) GoString() string {
+ return s.String()
+}
+
+// SetETag sets the ETag field's value.
+func (s *S3ObjectDetail) SetETag(v string) *S3ObjectDetail {
+ s.ETag = &v
+ return s
+}
+
+// SetHash sets the Hash field's value.
+func (s *S3ObjectDetail) SetHash(v string) *S3ObjectDetail {
+ s.Hash = &v
+ return s
+}
+
+// SetKey sets the Key field's value.
+func (s *S3ObjectDetail) SetKey(v string) *S3ObjectDetail {
+ s.Key = &v
+ return s
+}
+
+// SetObjectArn sets the ObjectArn field's value.
+func (s *S3ObjectDetail) SetObjectArn(v string) *S3ObjectDetail {
+ s.ObjectArn = &v
+ return s
+}
+
+// SetVersionId sets the VersionId field's value.
+func (s *S3ObjectDetail) SetVersionId(v string) *S3ObjectDetail {
+ s.VersionId = &v
+ return s
+}
+
// Contains information about a malware scan.
type Scan struct {
_ struct{} `type:"structure"`
@@ -22192,7 +23495,7 @@ type ScanFilePath struct {
// The hash value of the infected file.
Hash *string `locationName:"hash" type:"string"`
- // EBS volume Arn details of the infected file.
+ // EBS volume ARN details of the infected file.
VolumeArn *string `locationName:"volumeArn" type:"string"`
}
@@ -22576,6 +23879,9 @@ type Service struct {
// The name of the feature that generated a finding.
FeatureName *string `locationName:"featureName" type:"string"`
+ // Returns details from the malware scan that generated a GuardDuty finding.
+ MalwareScanDetails *MalwareScanDetails `locationName:"malwareScanDetails" type:"structure"`
+
// The resource role information for this finding.
ResourceRole *string `locationName:"resourceRole" type:"string"`
@@ -22675,6 +23981,12 @@ func (s *Service) SetFeatureName(v string) *Service {
return s
}
+// SetMalwareScanDetails sets the MalwareScanDetails field's value.
+func (s *Service) SetMalwareScanDetails(v *MalwareScanDetails) *Service {
+ s.MalwareScanDetails = v
+ return s
+}
+
// SetResourceRole sets the ResourceRole field's value.
func (s *Service) SetResourceRole(v string) *Service {
s.ResourceRole = &v
@@ -23193,6 +24505,56 @@ func (s TagResourceOutput) GoString() string {
return s.String()
}
+// Information about the detected threats associated with the generated finding.
+type Threat struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the nested item path and hash of the protected resource.
+ ItemPaths []*ItemPath `locationName:"itemPaths" type:"list"`
+
+ // Name of the detected threat that caused GuardDuty to generate this finding.
+ Name *string `locationName:"name" type:"string"`
+
+ // Source of the threat that generated this finding.
+ Source *string `locationName:"source" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Threat) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Threat) GoString() string {
+ return s.String()
+}
+
+// SetItemPaths sets the ItemPaths field's value.
+func (s *Threat) SetItemPaths(v []*ItemPath) *Threat {
+ s.ItemPaths = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *Threat) SetName(v string) *Threat {
+ s.Name = &v
+ return s
+}
+
+// SetSource sets the Source field's value.
+func (s *Threat) SetSource(v string) *Threat {
+ s.Source = &v
+ return s
+}
+
// Contains details about identified threats organized by threat name.
type ThreatDetectedByName struct {
_ struct{} `type:"structure"`
@@ -24167,6 +25529,107 @@ func (s UpdateIPSetOutput) GoString() string {
return s.String()
}
+type UpdateMalwareProtectionPlanInput struct {
+ _ struct{} `type:"structure"`
+
+ // Information about whether the tags will be added to the S3 object after scanning.
+ Actions *MalwareProtectionPlanActions `locationName:"actions" type:"structure"`
+
+ // A unique identifier associated with the Malware Protection plan.
+ //
+ // MalwareProtectionPlanId is a required field
+ MalwareProtectionPlanId *string `location:"uri" locationName:"malwareProtectionPlanId" type:"string" required:"true"`
+
+ // Information about the protected resource that is associated with the created
+ // Malware Protection plan. Presently, S3Bucket is the only supported protected
+ // resource.
+ ProtectedResource *UpdateProtectedResource `locationName:"protectedResource" type:"structure"`
+
+ // IAM role with permissions required to scan and add tags to the associated
+ // protected resource.
+ Role *string `locationName:"role" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateMalwareProtectionPlanInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateMalwareProtectionPlanInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UpdateMalwareProtectionPlanInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UpdateMalwareProtectionPlanInput"}
+ if s.MalwareProtectionPlanId == nil {
+ invalidParams.Add(request.NewErrParamRequired("MalwareProtectionPlanId"))
+ }
+ if s.MalwareProtectionPlanId != nil && len(*s.MalwareProtectionPlanId) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("MalwareProtectionPlanId", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetActions sets the Actions field's value.
+func (s *UpdateMalwareProtectionPlanInput) SetActions(v *MalwareProtectionPlanActions) *UpdateMalwareProtectionPlanInput {
+ s.Actions = v
+ return s
+}
+
+// SetMalwareProtectionPlanId sets the MalwareProtectionPlanId field's value.
+func (s *UpdateMalwareProtectionPlanInput) SetMalwareProtectionPlanId(v string) *UpdateMalwareProtectionPlanInput {
+ s.MalwareProtectionPlanId = &v
+ return s
+}
+
+// SetProtectedResource sets the ProtectedResource field's value.
+func (s *UpdateMalwareProtectionPlanInput) SetProtectedResource(v *UpdateProtectedResource) *UpdateMalwareProtectionPlanInput {
+ s.ProtectedResource = v
+ return s
+}
+
+// SetRole sets the Role field's value.
+func (s *UpdateMalwareProtectionPlanInput) SetRole(v string) *UpdateMalwareProtectionPlanInput {
+ s.Role = &v
+ return s
+}
+
+type UpdateMalwareProtectionPlanOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateMalwareProtectionPlanOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateMalwareProtectionPlanOutput) GoString() string {
+ return s.String()
+}
+
type UpdateMalwareScanSettingsInput struct {
_ struct{} `type:"structure"`
@@ -24531,6 +25994,40 @@ func (s UpdateOrganizationConfigurationOutput) GoString() string {
return s.String()
}
+// Information about the protected resource that is associated with the created
+// Malware Protection plan. Presently, S3Bucket is the only supported protected
+// resource.
+type UpdateProtectedResource struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the protected S3 bucket resource.
+ S3Bucket *UpdateS3BucketResource `locationName:"s3Bucket" type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateProtectedResource) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateProtectedResource) GoString() string {
+ return s.String()
+}
+
+// SetS3Bucket sets the S3Bucket field's value.
+func (s *UpdateProtectedResource) SetS3Bucket(v *UpdateS3BucketResource) *UpdateProtectedResource {
+ s.S3Bucket = v
+ return s
+}
+
type UpdatePublishingDestinationInput struct {
_ struct{} `type:"structure"`
@@ -24629,6 +26126,39 @@ func (s UpdatePublishingDestinationOutput) GoString() string {
return s.String()
}
+// Information about the protected S3 bucket resource.
+type UpdateS3BucketResource struct {
+ _ struct{} `type:"structure"`
+
+ // Information about the specified object prefixes. The S3 object will be scanned
+ // only if it belongs to any of the specified object prefixes.
+ ObjectPrefixes []*string `locationName:"objectPrefixes" type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateS3BucketResource) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UpdateS3BucketResource) GoString() string {
+ return s.String()
+}
+
+// SetObjectPrefixes sets the ObjectPrefixes field's value.
+func (s *UpdateS3BucketResource) SetObjectPrefixes(v []*string) *UpdateS3BucketResource {
+ s.ObjectPrefixes = v
+ return s
+}
+
type UpdateThreatIntelSetInput struct {
_ struct{} `type:"structure"`
@@ -25211,13 +26741,13 @@ type VolumeDetail struct {
// EBS volume encryption type.
EncryptionType *string `locationName:"encryptionType" type:"string"`
- // KMS key Arn used to encrypt the EBS volume.
+ // KMS key ARN used to encrypt the EBS volume.
KmsKeyArn *string `locationName:"kmsKeyArn" type:"string"`
- // Snapshot Arn of the EBS volume.
+ // Snapshot ARN of the EBS volume.
SnapshotArn *string `locationName:"snapshotArn" type:"string"`
- // EBS volume Arn information.
+ // EBS volume ARN information.
VolumeArn *string `locationName:"volumeArn" type:"string"`
// EBS volume size in GB.
@@ -25975,6 +27505,42 @@ func IpSetStatus_Values() []string {
}
}
+const (
+ // MalwareProtectionPlanStatusActive is a MalwareProtectionPlanStatus enum value
+ MalwareProtectionPlanStatusActive = "ACTIVE"
+
+ // MalwareProtectionPlanStatusWarning is a MalwareProtectionPlanStatus enum value
+ MalwareProtectionPlanStatusWarning = "WARNING"
+
+ // MalwareProtectionPlanStatusError is a MalwareProtectionPlanStatus enum value
+ MalwareProtectionPlanStatusError = "ERROR"
+)
+
+// MalwareProtectionPlanStatus_Values returns all elements of the MalwareProtectionPlanStatus enum
+func MalwareProtectionPlanStatus_Values() []string {
+ return []string{
+ MalwareProtectionPlanStatusActive,
+ MalwareProtectionPlanStatusWarning,
+ MalwareProtectionPlanStatusError,
+ }
+}
+
+const (
+ // MalwareProtectionPlanTaggingActionStatusEnabled is a MalwareProtectionPlanTaggingActionStatus enum value
+ MalwareProtectionPlanTaggingActionStatusEnabled = "ENABLED"
+
+ // MalwareProtectionPlanTaggingActionStatusDisabled is a MalwareProtectionPlanTaggingActionStatus enum value
+ MalwareProtectionPlanTaggingActionStatusDisabled = "DISABLED"
+)
+
+// MalwareProtectionPlanTaggingActionStatus_Values returns all elements of the MalwareProtectionPlanTaggingActionStatus enum
+func MalwareProtectionPlanTaggingActionStatus_Values() []string {
+ return []string{
+ MalwareProtectionPlanTaggingActionStatusEnabled,
+ MalwareProtectionPlanTaggingActionStatusDisabled,
+ }
+}
+
const (
// ManagementTypeAutoManaged is a ManagementType enum value
ManagementTypeAutoManaged = "AUTO_MANAGED"
diff --git a/service/guardduty/errors.go b/service/guardduty/errors.go
index 673fc506cac..49f293cae3a 100644
--- a/service/guardduty/errors.go
+++ b/service/guardduty/errors.go
@@ -31,6 +31,12 @@ const (
//
// An internal server error exception object.
ErrCodeInternalServerErrorException = "InternalServerErrorException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ //
+ // The requested resource can't be found.
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
)
var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
@@ -38,4 +44,5 @@ var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
"BadRequestException": newErrorBadRequestException,
"ConflictException": newErrorConflictException,
"InternalServerErrorException": newErrorInternalServerErrorException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
}
diff --git a/service/guardduty/guarddutyiface/interface.go b/service/guardduty/guarddutyiface/interface.go
index cd842f27fce..5b2929a9085 100644
--- a/service/guardduty/guarddutyiface/interface.go
+++ b/service/guardduty/guarddutyiface/interface.go
@@ -84,6 +84,10 @@ type GuardDutyAPI interface {
CreateIPSetWithContext(aws.Context, *guardduty.CreateIPSetInput, ...request.Option) (*guardduty.CreateIPSetOutput, error)
CreateIPSetRequest(*guardduty.CreateIPSetInput) (*request.Request, *guardduty.CreateIPSetOutput)
+ CreateMalwareProtectionPlan(*guardduty.CreateMalwareProtectionPlanInput) (*guardduty.CreateMalwareProtectionPlanOutput, error)
+ CreateMalwareProtectionPlanWithContext(aws.Context, *guardduty.CreateMalwareProtectionPlanInput, ...request.Option) (*guardduty.CreateMalwareProtectionPlanOutput, error)
+ CreateMalwareProtectionPlanRequest(*guardduty.CreateMalwareProtectionPlanInput) (*request.Request, *guardduty.CreateMalwareProtectionPlanOutput)
+
CreateMembers(*guardduty.CreateMembersInput) (*guardduty.CreateMembersOutput, error)
CreateMembersWithContext(aws.Context, *guardduty.CreateMembersInput, ...request.Option) (*guardduty.CreateMembersOutput, error)
CreateMembersRequest(*guardduty.CreateMembersInput) (*request.Request, *guardduty.CreateMembersOutput)
@@ -120,6 +124,10 @@ type GuardDutyAPI interface {
DeleteInvitationsWithContext(aws.Context, *guardduty.DeleteInvitationsInput, ...request.Option) (*guardduty.DeleteInvitationsOutput, error)
DeleteInvitationsRequest(*guardduty.DeleteInvitationsInput) (*request.Request, *guardduty.DeleteInvitationsOutput)
+ DeleteMalwareProtectionPlan(*guardduty.DeleteMalwareProtectionPlanInput) (*guardduty.DeleteMalwareProtectionPlanOutput, error)
+ DeleteMalwareProtectionPlanWithContext(aws.Context, *guardduty.DeleteMalwareProtectionPlanInput, ...request.Option) (*guardduty.DeleteMalwareProtectionPlanOutput, error)
+ DeleteMalwareProtectionPlanRequest(*guardduty.DeleteMalwareProtectionPlanInput) (*request.Request, *guardduty.DeleteMalwareProtectionPlanOutput)
+
DeleteMembers(*guardduty.DeleteMembersInput) (*guardduty.DeleteMembersOutput, error)
DeleteMembersWithContext(aws.Context, *guardduty.DeleteMembersInput, ...request.Option) (*guardduty.DeleteMembersOutput, error)
DeleteMembersRequest(*guardduty.DeleteMembersInput) (*request.Request, *guardduty.DeleteMembersOutput)
@@ -202,6 +210,10 @@ type GuardDutyAPI interface {
GetInvitationsCountWithContext(aws.Context, *guardduty.GetInvitationsCountInput, ...request.Option) (*guardduty.GetInvitationsCountOutput, error)
GetInvitationsCountRequest(*guardduty.GetInvitationsCountInput) (*request.Request, *guardduty.GetInvitationsCountOutput)
+ GetMalwareProtectionPlan(*guardduty.GetMalwareProtectionPlanInput) (*guardduty.GetMalwareProtectionPlanOutput, error)
+ GetMalwareProtectionPlanWithContext(aws.Context, *guardduty.GetMalwareProtectionPlanInput, ...request.Option) (*guardduty.GetMalwareProtectionPlanOutput, error)
+ GetMalwareProtectionPlanRequest(*guardduty.GetMalwareProtectionPlanInput) (*request.Request, *guardduty.GetMalwareProtectionPlanOutput)
+
GetMalwareScanSettings(*guardduty.GetMalwareScanSettingsInput) (*guardduty.GetMalwareScanSettingsOutput, error)
GetMalwareScanSettingsWithContext(aws.Context, *guardduty.GetMalwareScanSettingsInput, ...request.Option) (*guardduty.GetMalwareScanSettingsOutput, error)
GetMalwareScanSettingsRequest(*guardduty.GetMalwareScanSettingsInput) (*request.Request, *guardduty.GetMalwareScanSettingsOutput)
@@ -283,6 +295,10 @@ type GuardDutyAPI interface {
ListInvitationsPages(*guardduty.ListInvitationsInput, func(*guardduty.ListInvitationsOutput, bool) bool) error
ListInvitationsPagesWithContext(aws.Context, *guardduty.ListInvitationsInput, func(*guardduty.ListInvitationsOutput, bool) bool, ...request.Option) error
+ ListMalwareProtectionPlans(*guardduty.ListMalwareProtectionPlansInput) (*guardduty.ListMalwareProtectionPlansOutput, error)
+ ListMalwareProtectionPlansWithContext(aws.Context, *guardduty.ListMalwareProtectionPlansInput, ...request.Option) (*guardduty.ListMalwareProtectionPlansOutput, error)
+ ListMalwareProtectionPlansRequest(*guardduty.ListMalwareProtectionPlansInput) (*request.Request, *guardduty.ListMalwareProtectionPlansOutput)
+
ListMembers(*guardduty.ListMembersInput) (*guardduty.ListMembersOutput, error)
ListMembersWithContext(aws.Context, *guardduty.ListMembersInput, ...request.Option) (*guardduty.ListMembersOutput, error)
ListMembersRequest(*guardduty.ListMembersInput) (*request.Request, *guardduty.ListMembersOutput)
@@ -355,6 +371,10 @@ type GuardDutyAPI interface {
UpdateIPSetWithContext(aws.Context, *guardduty.UpdateIPSetInput, ...request.Option) (*guardduty.UpdateIPSetOutput, error)
UpdateIPSetRequest(*guardduty.UpdateIPSetInput) (*request.Request, *guardduty.UpdateIPSetOutput)
+ UpdateMalwareProtectionPlan(*guardduty.UpdateMalwareProtectionPlanInput) (*guardduty.UpdateMalwareProtectionPlanOutput, error)
+ UpdateMalwareProtectionPlanWithContext(aws.Context, *guardduty.UpdateMalwareProtectionPlanInput, ...request.Option) (*guardduty.UpdateMalwareProtectionPlanOutput, error)
+ UpdateMalwareProtectionPlanRequest(*guardduty.UpdateMalwareProtectionPlanInput) (*request.Request, *guardduty.UpdateMalwareProtectionPlanOutput)
+
UpdateMalwareScanSettings(*guardduty.UpdateMalwareScanSettingsInput) (*guardduty.UpdateMalwareScanSettingsOutput, error)
UpdateMalwareScanSettingsWithContext(aws.Context, *guardduty.UpdateMalwareScanSettingsInput, ...request.Option) (*guardduty.UpdateMalwareScanSettingsOutput, error)
UpdateMalwareScanSettingsRequest(*guardduty.UpdateMalwareScanSettingsInput) (*request.Request, *guardduty.UpdateMalwareScanSettingsOutput)
diff --git a/service/networkmanager/api.go b/service/networkmanager/api.go
index 564d4dac6e7..28a9ecb7d13 100644
--- a/service/networkmanager/api.go
+++ b/service/networkmanager/api.go
@@ -9962,9 +9962,16 @@ type Attachment struct {
// The Region where the edge is located.
EdgeLocation *string `min:"1" type:"string"`
+ // The name of the network function group.
+ NetworkFunctionGroupName *string `type:"string"`
+
// The ID of the attachment account owner.
OwnerAccountId *string `min:"12" type:"string"`
+ // Describes a proposed change to a network function group associated with the
+ // attachment.
+ ProposedNetworkFunctionGroupChange *ProposedNetworkFunctionGroupChange `type:"structure"`
+
// The attachment to move from one segment to another.
ProposedSegmentChange *ProposedSegmentChange `type:"structure"`
@@ -10044,12 +10051,24 @@ func (s *Attachment) SetEdgeLocation(v string) *Attachment {
return s
}
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *Attachment) SetNetworkFunctionGroupName(v string) *Attachment {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
// SetOwnerAccountId sets the OwnerAccountId field's value.
func (s *Attachment) SetOwnerAccountId(v string) *Attachment {
s.OwnerAccountId = &v
return s
}
+// SetProposedNetworkFunctionGroupChange sets the ProposedNetworkFunctionGroupChange field's value.
+func (s *Attachment) SetProposedNetworkFunctionGroupChange(v *ProposedNetworkFunctionGroupChange) *Attachment {
+ s.ProposedNetworkFunctionGroupChange = v
+ return s
+}
+
// SetProposedSegmentChange sets the ProposedSegmentChange field's value.
func (s *Attachment) SetProposedSegmentChange(v *ProposedSegmentChange) *Attachment {
s.ProposedSegmentChange = v
@@ -10341,7 +10360,8 @@ type ConnectPeer struct {
// The state of the Connect peer.
State *string `type:"string" enum:"ConnectPeerState"`
- // The subnet ARN for the Connect peer.
+ // The subnet ARN for the Connect peer. This only applies only when the protocol
+ // is NO_ENCAP.
SubnetArn *string `type:"string"`
// The list of key-value tags associated with the Connect peer.
@@ -10904,6 +10924,9 @@ type CoreNetwork struct {
// The ID of the global network that your core network is a part of.
GlobalNetworkId *string `type:"string"`
+ // The network function groups associated with a core network.
+ NetworkFunctionGroups []*CoreNetworkNetworkFunctionGroup `type:"list"`
+
// The segments within a core network.
Segments []*CoreNetworkSegment `type:"list"`
@@ -10968,6 +10991,12 @@ func (s *CoreNetwork) SetGlobalNetworkId(v string) *CoreNetwork {
return s
}
+// SetNetworkFunctionGroups sets the NetworkFunctionGroups field's value.
+func (s *CoreNetwork) SetNetworkFunctionGroups(v []*CoreNetworkNetworkFunctionGroup) *CoreNetwork {
+ s.NetworkFunctionGroups = v
+ return s
+}
+
// SetSegments sets the Segments field's value.
func (s *CoreNetwork) SetSegments(v []*CoreNetworkSegment) *CoreNetwork {
s.Segments = v
@@ -11156,6 +11185,9 @@ type CoreNetworkChangeEventValues struct {
// The edge location for the core network change event.
EdgeLocation *string `min:"1" type:"string"`
+ // The changed network function group name.
+ NetworkFunctionGroupName *string `type:"string"`
+
// The segment name if the change event is associated with a segment.
SegmentName *string `type:"string"`
}
@@ -11196,6 +11228,12 @@ func (s *CoreNetworkChangeEventValues) SetEdgeLocation(v string) *CoreNetworkCha
return s
}
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *CoreNetworkChangeEventValues) SetNetworkFunctionGroupName(v string) *CoreNetworkChangeEventValues {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
// SetSegmentName sets the SegmentName field's value.
func (s *CoreNetworkChangeEventValues) SetSegmentName(v string) *CoreNetworkChangeEventValues {
s.SegmentName = &v
@@ -11221,9 +11259,16 @@ type CoreNetworkChangeValues struct {
// The inside IP addresses used for core network change values.
InsideCidrBlocks []*string `type:"list"`
+ // The network function group name if the change event is associated with a
+ // network function group.
+ NetworkFunctionGroupName *string `type:"string"`
+
// The names of the segments in a core network.
SegmentName *string `type:"string"`
+ // Describes the service insertion action.
+ ServiceInsertionActions []*ServiceInsertionAction `type:"list"`
+
// The shared segments for a core network change value.
SharedSegments []*string `type:"list"`
}
@@ -11276,12 +11321,24 @@ func (s *CoreNetworkChangeValues) SetInsideCidrBlocks(v []*string) *CoreNetworkC
return s
}
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *CoreNetworkChangeValues) SetNetworkFunctionGroupName(v string) *CoreNetworkChangeValues {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
// SetSegmentName sets the SegmentName field's value.
func (s *CoreNetworkChangeValues) SetSegmentName(v string) *CoreNetworkChangeValues {
s.SegmentName = &v
return s
}
+// SetServiceInsertionActions sets the ServiceInsertionActions field's value.
+func (s *CoreNetworkChangeValues) SetServiceInsertionActions(v []*ServiceInsertionAction) *CoreNetworkChangeValues {
+ s.ServiceInsertionActions = v
+ return s
+}
+
// SetSharedSegments sets the SharedSegments field's value.
func (s *CoreNetworkChangeValues) SetSharedSegments(v []*string) *CoreNetworkChangeValues {
s.SharedSegments = v
@@ -11338,6 +11395,119 @@ func (s *CoreNetworkEdge) SetInsideCidrBlocks(v []*string) *CoreNetworkEdge {
return s
}
+// Describes a network function group.
+type CoreNetworkNetworkFunctionGroup struct {
+ _ struct{} `type:"structure"`
+
+ // The core network edge locations.
+ EdgeLocations []*string `type:"list"`
+
+ // The name of the network function group.
+ Name *string `type:"string"`
+
+ // The segments associated with the network function group.
+ Segments *ServiceInsertionSegments `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CoreNetworkNetworkFunctionGroup) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CoreNetworkNetworkFunctionGroup) GoString() string {
+ return s.String()
+}
+
+// SetEdgeLocations sets the EdgeLocations field's value.
+func (s *CoreNetworkNetworkFunctionGroup) SetEdgeLocations(v []*string) *CoreNetworkNetworkFunctionGroup {
+ s.EdgeLocations = v
+ return s
+}
+
+// SetName sets the Name field's value.
+func (s *CoreNetworkNetworkFunctionGroup) SetName(v string) *CoreNetworkNetworkFunctionGroup {
+ s.Name = &v
+ return s
+}
+
+// SetSegments sets the Segments field's value.
+func (s *CoreNetworkNetworkFunctionGroup) SetSegments(v *ServiceInsertionSegments) *CoreNetworkNetworkFunctionGroup {
+ s.Segments = v
+ return s
+}
+
+// Describes a core network
+type CoreNetworkNetworkFunctionGroupIdentifier struct {
+ _ struct{} `type:"structure"`
+
+ // The ID of the core network.
+ CoreNetworkId *string `type:"string"`
+
+ // The location for the core network edge.
+ EdgeLocation *string `min:"1" type:"string"`
+
+ // The network function group name.
+ NetworkFunctionGroupName *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CoreNetworkNetworkFunctionGroupIdentifier) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CoreNetworkNetworkFunctionGroupIdentifier) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CoreNetworkNetworkFunctionGroupIdentifier) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CoreNetworkNetworkFunctionGroupIdentifier"}
+ if s.EdgeLocation != nil && len(*s.EdgeLocation) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("EdgeLocation", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCoreNetworkId sets the CoreNetworkId field's value.
+func (s *CoreNetworkNetworkFunctionGroupIdentifier) SetCoreNetworkId(v string) *CoreNetworkNetworkFunctionGroupIdentifier {
+ s.CoreNetworkId = &v
+ return s
+}
+
+// SetEdgeLocation sets the EdgeLocation field's value.
+func (s *CoreNetworkNetworkFunctionGroupIdentifier) SetEdgeLocation(v string) *CoreNetworkNetworkFunctionGroupIdentifier {
+ s.EdgeLocation = &v
+ return s
+}
+
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *CoreNetworkNetworkFunctionGroupIdentifier) SetNetworkFunctionGroupName(v string) *CoreNetworkNetworkFunctionGroupIdentifier {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
// Describes a core network policy. You can have only one LIVE Core Policy.
type CoreNetworkPolicy struct {
_ struct{} `type:"structure"`
@@ -11976,7 +12146,8 @@ func (s *CreateConnectAttachmentOutput) SetConnectAttachment(v *ConnectAttachmen
type CreateConnectPeerInput struct {
_ struct{} `type:"structure"`
- // The Connect peer BGP options.
+ // The Connect peer BGP options. This only applies only when the protocol is
+ // GRE.
BgpOptions *BgpOptions `type:"structure"`
// The client token associated with the request.
@@ -11987,7 +12158,8 @@ type CreateConnectPeerInput struct {
// ConnectAttachmentId is a required field
ConnectAttachmentId *string `type:"string" required:"true"`
- // A Connect peer core network address.
+ // A Connect peer core network address. This only applies only when the protocol
+ // is GRE.
CoreNetworkAddress *string `min:"1" type:"string"`
// The inside IP addresses used for BGP peering.
@@ -11998,7 +12170,8 @@ type CreateConnectPeerInput struct {
// PeerAddress is a required field
PeerAddress *string `min:"1" type:"string" required:"true"`
- // The subnet ARN for the Connect peer.
+ // The subnet ARN for the Connect peer. This only applies only when the protocol
+ // is NO_ENCAP.
SubnetArn *string `type:"string"`
// The tags associated with the peer request.
@@ -15136,6 +15309,47 @@ func (s *DisassociateTransitGatewayConnectPeerOutput) SetTransitGatewayConnectPe
return s
}
+// Describes the edge that's used for the override.
+type EdgeOverride struct {
+ _ struct{} `type:"structure"`
+
+ // The list of edge locations.
+ EdgeSets [][]*string `type:"list"`
+
+ // The edge that should be used when overriding the current edge order.
+ UseEdge *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EdgeOverride) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s EdgeOverride) GoString() string {
+ return s.String()
+}
+
+// SetEdgeSets sets the EdgeSets field's value.
+func (s *EdgeOverride) SetEdgeSets(v [][]*string) *EdgeOverride {
+ s.EdgeSets = v
+ return s
+}
+
+// SetUseEdge sets the UseEdge field's value.
+func (s *EdgeOverride) SetUseEdge(v string) *EdgeOverride {
+ s.UseEdge = &v
+ return s
+}
+
type ExecuteCoreNetworkChangeSetInput struct {
_ struct{} `type:"structure" nopayload:"true"`
@@ -16602,12 +16816,20 @@ type GetNetworkResourceCountsInput struct {
//
// The following are the supported resource types for Network Manager:
//
+ // * attachment
+ //
+ // * connect-peer
+ //
// * connection
//
+ // * core-network
+ //
// * device
//
// * link
//
+ // * peering
+ //
// * site
//
// The following are the supported resource types for Amazon VPC:
@@ -16768,12 +16990,20 @@ type GetNetworkResourceRelationshipsInput struct {
//
// The following are the supported resource types for Network Manager:
//
+ // * attachment
+ //
+ // * connect-peer
+ //
// * connection
//
+ // * core-network
+ //
// * device
//
// * link
//
+ // * peering
+ //
// * site
//
// The following are the supported resource types for Amazon VPC:
@@ -16962,38 +17192,43 @@ type GetNetworkResourcesInput struct {
//
// The following are the supported resource types for Direct Connect:
//
- // * dxcon - The definition model is Connection (https://docs.aws.amazon.com/directconnect/latest/APIReference/API_Connection.html).
+ // * dxcon
//
- // * dx-gateway - The definition model is DirectConnectGateway (https://docs.aws.amazon.com/directconnect/latest/APIReference/API_DirectConnectGateway.html).
+ // * dx-gateway
//
- // * dx-vif - The definition model is VirtualInterface (https://docs.aws.amazon.com/directconnect/latest/APIReference/API_VirtualInterface.html).
+ // * dx-vif
//
// The following are the supported resource types for Network Manager:
//
- // * connection - The definition model is Connection (https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Connection.html).
+ // * attachment
+ //
+ // * connect-peer
//
- // * device - The definition model is Device (https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Device.html).
+ // * connection
+ //
+ // * core-network
//
- // * link - The definition model is Link (https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Link.html).
+ // * device
//
- // * site - The definition model is Site (https://docs.aws.amazon.com/networkmanager/latest/APIReference/API_Site.html).
+ // * link
+ //
+ // * peering
+ //
+ // * site
//
// The following are the supported resource types for Amazon VPC:
//
- // * customer-gateway - The definition model is CustomerGateway (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CustomerGateway.html).
+ // * customer-gateway
//
- // * transit-gateway - The definition model is TransitGateway (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGateway.html).
+ // * transit-gateway
//
- // * transit-gateway-attachment - The definition model is TransitGatewayAttachment
- // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayAttachment.html).
+ // * transit-gateway-attachment
//
- // * transit-gateway-connect-peer - The definition model is TransitGatewayConnectPeer
- // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayConnectPeer.html).
+ // * transit-gateway-connect-peer
//
- // * transit-gateway-route-table - The definition model is TransitGatewayRouteTable
- // (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_TransitGatewayRouteTable.html).
+ // * transit-gateway-route-table
//
- // * vpn-connection - The definition model is VpnConnection (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_VpnConnection.html).
+ // * vpn-connection
ResourceType *string `location:"querystring" locationName:"resourceType" type:"string"`
}
@@ -17372,38 +17607,12 @@ type GetNetworkTelemetryInput struct {
// The ARN of the resource.
ResourceArn *string `location:"querystring" locationName:"resourceArn" type:"string"`
- // The resource type.
- //
- // The following are the supported resource types for Direct Connect:
- //
- // * dxcon
- //
- // * dx-gateway
- //
- // * dx-vif
- //
- // The following are the supported resource types for Network Manager:
- //
- // * connection
- //
- // * device
+ // The resource type. The following are the supported resource types:
//
- // * link
- //
- // * site
- //
- // The following are the supported resource types for Amazon VPC:
- //
- // * customer-gateway
- //
- // * transit-gateway
- //
- // * transit-gateway-attachment
+ // * connect-peer
//
// * transit-gateway-connect-peer
//
- // * transit-gateway-route-table
- //
// * vpn-connection
ResourceType *string `location:"querystring" locationName:"resourceType" type:"string"`
}
@@ -19528,6 +19737,38 @@ func (s *Location) SetLongitude(v string) *Location {
return s
}
+// Describes a network function group for service insertion.
+type NetworkFunctionGroup struct {
+ _ struct{} `type:"structure"`
+
+ // The name of the network function group.
+ Name *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NetworkFunctionGroup) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s NetworkFunctionGroup) GoString() string {
+ return s.String()
+}
+
+// SetName sets the Name field's value.
+func (s *NetworkFunctionGroup) SetName(v string) *NetworkFunctionGroup {
+ s.Name = &v
+ return s
+}
+
// Describes a network resource.
type NetworkResource struct {
_ struct{} `type:"structure"`
@@ -19572,12 +19813,20 @@ type NetworkResource struct {
//
// The following are the supported resource types for Network Manager:
//
+ // * attachment
+ //
+ // * connect-peer
+ //
// * connection
//
+ // * core-network
+ //
// * device
//
// * link
//
+ // * peering
+ //
// * site
//
// The following are the supported resource types for Amazon VPC:
@@ -19880,6 +20129,9 @@ type NetworkRouteDestination struct {
// The edge location for the network destination.
EdgeLocation *string `min:"1" type:"string"`
+ // The network function group name associated with the destination.
+ NetworkFunctionGroupName *string `type:"string"`
+
// The ID of the resource.
ResourceId *string `type:"string"`
@@ -19923,6 +20175,12 @@ func (s *NetworkRouteDestination) SetEdgeLocation(v string) *NetworkRouteDestina
return s
}
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *NetworkRouteDestination) SetNetworkFunctionGroupName(v string) *NetworkRouteDestination {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
// SetResourceId sets the ResourceId field's value.
func (s *NetworkRouteDestination) SetResourceId(v string) *NetworkRouteDestination {
s.ResourceId = &v
@@ -20277,6 +20535,57 @@ func (s *Peering) SetTags(v []*Tag) *Peering {
return s
}
+// Describes proposed changes to a network function group.
+type ProposedNetworkFunctionGroupChange struct {
+ _ struct{} `type:"structure"`
+
+ // The proposed new attachment policy rule number for the network function group.
+ AttachmentPolicyRuleNumber *int64 `type:"integer"`
+
+ // The proposed name change for the network function group name.
+ NetworkFunctionGroupName *string `type:"string"`
+
+ // The list of proposed changes to the key-value tags associated with the network
+ // function group.
+ Tags []*Tag `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProposedNetworkFunctionGroupChange) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ProposedNetworkFunctionGroupChange) GoString() string {
+ return s.String()
+}
+
+// SetAttachmentPolicyRuleNumber sets the AttachmentPolicyRuleNumber field's value.
+func (s *ProposedNetworkFunctionGroupChange) SetAttachmentPolicyRuleNumber(v int64) *ProposedNetworkFunctionGroupChange {
+ s.AttachmentPolicyRuleNumber = &v
+ return s
+}
+
+// SetNetworkFunctionGroupName sets the NetworkFunctionGroupName field's value.
+func (s *ProposedNetworkFunctionGroupChange) SetNetworkFunctionGroupName(v string) *ProposedNetworkFunctionGroupChange {
+ s.NetworkFunctionGroupName = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *ProposedNetworkFunctionGroupChange) SetTags(v []*Tag) *ProposedNetworkFunctionGroupChange {
+ s.Tags = v
+ return s
+}
+
// Describes a proposed segment change. In some cases, the segment change must
// first be evaluated and accepted.
type ProposedSegmentChange struct {
@@ -21270,6 +21579,9 @@ func (s *RouteAnalysisPath) SetPath(v []*PathComponent) *RouteAnalysisPath {
type RouteTableIdentifier struct {
_ struct{} `type:"structure"`
+ // The route table identifier associated with the network function group.
+ CoreNetworkNetworkFunctionGroup *CoreNetworkNetworkFunctionGroupIdentifier `type:"structure"`
+
// The segment edge in a core network.
CoreNetworkSegmentEdge *CoreNetworkSegmentEdgeIdentifier `type:"structure"`
@@ -21299,6 +21611,11 @@ func (s RouteTableIdentifier) GoString() string {
// Validate inspects the fields of the type to determine if they are valid.
func (s *RouteTableIdentifier) Validate() error {
invalidParams := request.ErrInvalidParams{Context: "RouteTableIdentifier"}
+ if s.CoreNetworkNetworkFunctionGroup != nil {
+ if err := s.CoreNetworkNetworkFunctionGroup.Validate(); err != nil {
+ invalidParams.AddNested("CoreNetworkNetworkFunctionGroup", err.(request.ErrInvalidParams))
+ }
+ }
if s.CoreNetworkSegmentEdge != nil {
if err := s.CoreNetworkSegmentEdge.Validate(); err != nil {
invalidParams.AddNested("CoreNetworkSegmentEdge", err.(request.ErrInvalidParams))
@@ -21311,6 +21628,12 @@ func (s *RouteTableIdentifier) Validate() error {
return nil
}
+// SetCoreNetworkNetworkFunctionGroup sets the CoreNetworkNetworkFunctionGroup field's value.
+func (s *RouteTableIdentifier) SetCoreNetworkNetworkFunctionGroup(v *CoreNetworkNetworkFunctionGroupIdentifier) *RouteTableIdentifier {
+ s.CoreNetworkNetworkFunctionGroup = v
+ return s
+}
+
// SetCoreNetworkSegmentEdge sets the CoreNetworkSegmentEdge field's value.
func (s *RouteTableIdentifier) SetCoreNetworkSegmentEdge(v *CoreNetworkSegmentEdgeIdentifier) *RouteTableIdentifier {
s.CoreNetworkSegmentEdge = v
@@ -21323,6 +21646,116 @@ func (s *RouteTableIdentifier) SetTransitGatewayRouteTableArn(v string) *RouteTa
return s
}
+// Describes the action that the service insertion will take for any segments
+// associated with it.
+type ServiceInsertionAction struct {
+ _ struct{} `type:"structure"`
+
+ // The action the service insertion takes for traffic. send-via sends east-west
+ // traffic between attachments. send-to sends north-south traffic to the security
+ // appliance, and then from that to either the Internet or to an on-premesis
+ // location.
+ Action *string `type:"string" enum:"SegmentActionServiceInsertion"`
+
+ // Describes the mode packets take for the send-via action. This is not used
+ // when the action is send-to. dual-hop packets traverse attachments in both
+ // the source to the destination core network edges. This mode requires that
+ // an inspection attachment must be present in all Regions of the service insertion-enabled
+ // segments. For single-hop, packets traverse a single intermediate inserted
+ // attachment. You can use EdgeOverride to specify a specific edge to use.
+ Mode *string `type:"string" enum:"SendViaMode"`
+
+ // The list of network function groups and any edge overrides for the chosen
+ // service insertion action. Used for both send-to or send-via.
+ Via *Via `type:"structure"`
+
+ // The list of destination segments if the service insertion action is send-via.
+ WhenSentTo *WhenSentTo `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceInsertionAction) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceInsertionAction) GoString() string {
+ return s.String()
+}
+
+// SetAction sets the Action field's value.
+func (s *ServiceInsertionAction) SetAction(v string) *ServiceInsertionAction {
+ s.Action = &v
+ return s
+}
+
+// SetMode sets the Mode field's value.
+func (s *ServiceInsertionAction) SetMode(v string) *ServiceInsertionAction {
+ s.Mode = &v
+ return s
+}
+
+// SetVia sets the Via field's value.
+func (s *ServiceInsertionAction) SetVia(v *Via) *ServiceInsertionAction {
+ s.Via = v
+ return s
+}
+
+// SetWhenSentTo sets the WhenSentTo field's value.
+func (s *ServiceInsertionAction) SetWhenSentTo(v *WhenSentTo) *ServiceInsertionAction {
+ s.WhenSentTo = v
+ return s
+}
+
+// Describes the segments associated with the service insertion action.
+type ServiceInsertionSegments struct {
+ _ struct{} `type:"structure"`
+
+ // The list of segments associated with the send-to action.
+ SendTo []*string `type:"list"`
+
+ // The list of segments associated with the send-via action.
+ SendVia []*string `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceInsertionSegments) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceInsertionSegments) GoString() string {
+ return s.String()
+}
+
+// SetSendTo sets the SendTo field's value.
+func (s *ServiceInsertionSegments) SetSendTo(v []*string) *ServiceInsertionSegments {
+ s.SendTo = v
+ return s
+}
+
+// SetSendVia sets the SendVia field's value.
+func (s *ServiceInsertionSegments) SetSendVia(v []*string) *ServiceInsertionSegments {
+ s.SendVia = v
+ return s
+}
+
// A service limit was exceeded.
type ServiceQuotaExceededException struct {
_ struct{} `type:"structure"`
@@ -23397,6 +23830,50 @@ func (s *ValidationExceptionField) SetName(v string) *ValidationExceptionField {
return s
}
+// The list of network function groups and edge overrides for the service insertion
+// action. Used for both the send-to and send-via actions.
+type Via struct {
+ _ struct{} `type:"structure"`
+
+ // The list of network function groups associated with the service insertion
+ // action.
+ NetworkFunctionGroups []*NetworkFunctionGroup `type:"list"`
+
+ // Describes any edge overrides. An edge override is a specific edge to be used
+ // for traffic.
+ WithEdgeOverrides []*EdgeOverride `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Via) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Via) GoString() string {
+ return s.String()
+}
+
+// SetNetworkFunctionGroups sets the NetworkFunctionGroups field's value.
+func (s *Via) SetNetworkFunctionGroups(v []*NetworkFunctionGroup) *Via {
+ s.NetworkFunctionGroups = v
+ return s
+}
+
+// SetWithEdgeOverrides sets the WithEdgeOverrides field's value.
+func (s *Via) SetWithEdgeOverrides(v []*EdgeOverride) *Via {
+ s.WithEdgeOverrides = v
+ return s
+}
+
// Describes a VPC attachment.
type VpcAttachment struct {
_ struct{} `type:"structure"`
@@ -23490,6 +23967,39 @@ func (s *VpcOptions) SetIpv6Support(v bool) *VpcOptions {
return s
}
+// Displays a list of the destination segments. Used only when the service insertion
+// action is send-to.
+type WhenSentTo struct {
+ _ struct{} `type:"structure"`
+
+ // The list of destination segments when the service insertion action is send-to.
+ WhenSentToSegmentsList []*string `type:"list"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WhenSentTo) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s WhenSentTo) GoString() string {
+ return s.String()
+}
+
+// SetWhenSentToSegmentsList sets the WhenSentToSegmentsList field's value.
+func (s *WhenSentTo) SetWhenSentToSegmentsList(v []*string) *WhenSentTo {
+ s.WhenSentToSegmentsList = v
+ return s
+}
+
const (
// AttachmentStateRejected is a AttachmentState enum value
AttachmentStateRejected = "REJECTED"
@@ -23638,6 +24148,9 @@ const (
// ChangeTypeCoreNetworkSegment is a ChangeType enum value
ChangeTypeCoreNetworkSegment = "CORE_NETWORK_SEGMENT"
+ // ChangeTypeNetworkFunctionGroup is a ChangeType enum value
+ ChangeTypeNetworkFunctionGroup = "NETWORK_FUNCTION_GROUP"
+
// ChangeTypeCoreNetworkEdge is a ChangeType enum value
ChangeTypeCoreNetworkEdge = "CORE_NETWORK_EDGE"
@@ -23667,6 +24180,7 @@ const (
func ChangeType_Values() []string {
return []string{
ChangeTypeCoreNetworkSegment,
+ ChangeTypeNetworkFunctionGroup,
ChangeTypeCoreNetworkEdge,
ChangeTypeAttachmentMapping,
ChangeTypeAttachmentRoutePropagation,
@@ -24088,6 +24602,9 @@ const (
// RouteTableTypeCoreNetworkSegment is a RouteTableType enum value
RouteTableTypeCoreNetworkSegment = "CORE_NETWORK_SEGMENT"
+
+ // RouteTableTypeNetworkFunctionGroup is a RouteTableType enum value
+ RouteTableTypeNetworkFunctionGroup = "NETWORK_FUNCTION_GROUP"
)
// RouteTableType_Values returns all elements of the RouteTableType enum
@@ -24095,6 +24612,7 @@ func RouteTableType_Values() []string {
return []string{
RouteTableTypeTransitGatewayRouteTable,
RouteTableTypeCoreNetworkSegment,
+ RouteTableTypeNetworkFunctionGroup,
}
}
@@ -24114,6 +24632,38 @@ func RouteType_Values() []string {
}
}
+const (
+ // SegmentActionServiceInsertionSendVia is a SegmentActionServiceInsertion enum value
+ SegmentActionServiceInsertionSendVia = "send-via"
+
+ // SegmentActionServiceInsertionSendTo is a SegmentActionServiceInsertion enum value
+ SegmentActionServiceInsertionSendTo = "send-to"
+)
+
+// SegmentActionServiceInsertion_Values returns all elements of the SegmentActionServiceInsertion enum
+func SegmentActionServiceInsertion_Values() []string {
+ return []string{
+ SegmentActionServiceInsertionSendVia,
+ SegmentActionServiceInsertionSendTo,
+ }
+}
+
+const (
+ // SendViaModeDualHop is a SendViaMode enum value
+ SendViaModeDualHop = "dual-hop"
+
+ // SendViaModeSingleHop is a SendViaMode enum value
+ SendViaModeSingleHop = "single-hop"
+)
+
+// SendViaMode_Values returns all elements of the SendViaMode enum
+func SendViaMode_Values() []string {
+ return []string{
+ SendViaModeDualHop,
+ SendViaModeSingleHop,
+ }
+}
+
const (
// SiteStatePending is a SiteState enum value
SiteStatePending = "PENDING"
diff --git a/service/pcaconnectorscep/api.go b/service/pcaconnectorscep/api.go
new file mode 100644
index 00000000000..c63c0edb77a
--- /dev/null
+++ b/service/pcaconnectorscep/api.go
@@ -0,0 +1,3758 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package pcaconnectorscep
+
+import (
+ "fmt"
+ "time"
+
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/awsutil"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+const opCreateChallenge = "CreateChallenge"
+
+// CreateChallengeRequest generates a "aws/request.Request" representing the
+// client's request for the CreateChallenge operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateChallenge for more information on using the CreateChallenge
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateChallengeRequest method.
+// req, resp := client.CreateChallengeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/CreateChallenge
+func (c *PcaConnectorScep) CreateChallengeRequest(input *CreateChallengeInput) (req *request.Request, output *CreateChallengeOutput) {
+ op := &request.Operation{
+ Name: opCreateChallenge,
+ HTTPMethod: "POST",
+ HTTPPath: "/challenges",
+ }
+
+ if input == nil {
+ input = &CreateChallengeInput{}
+ }
+
+ output = &CreateChallengeOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateChallenge API operation for Private CA Connector for SCEP.
+//
+// For general-purpose connectors. Creates a challenge password for the specified
+// connector. The SCEP protocol uses a challenge password to authenticate a
+// request before issuing a certificate from a certificate authority (CA). Your
+// SCEP clients include the challenge password as part of their certificate
+// request to Connector for SCEP. To retrieve the connector Amazon Resource
+// Names (ARNs) for the connectors in your account, call ListConnectors (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_ListConnectors.html).
+//
+// To create additional challenge passwords for the connector, call CreateChallenge
+// again. We recommend frequently rotating your challenge passwords.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation CreateChallenge for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - BadRequestException
+// The request is malformed or contains an error such as an invalid parameter
+// value or a missing required parameter.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// - ConflictException
+// This request can't be completed for one of the following reasons because
+// the requested resource was being concurrently modified by another request.
+//
+// - ServiceQuotaExceededException
+// The request would cause a service quota to be exceeded.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/CreateChallenge
+func (c *PcaConnectorScep) CreateChallenge(input *CreateChallengeInput) (*CreateChallengeOutput, error) {
+ req, out := c.CreateChallengeRequest(input)
+ return out, req.Send()
+}
+
+// CreateChallengeWithContext is the same as CreateChallenge with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateChallenge for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) CreateChallengeWithContext(ctx aws.Context, input *CreateChallengeInput, opts ...request.Option) (*CreateChallengeOutput, error) {
+ req, out := c.CreateChallengeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opCreateConnector = "CreateConnector"
+
+// CreateConnectorRequest generates a "aws/request.Request" representing the
+// client's request for the CreateConnector operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See CreateConnector for more information on using the CreateConnector
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the CreateConnectorRequest method.
+// req, resp := client.CreateConnectorRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/CreateConnector
+func (c *PcaConnectorScep) CreateConnectorRequest(input *CreateConnectorInput) (req *request.Request, output *CreateConnectorOutput) {
+ op := &request.Operation{
+ Name: opCreateConnector,
+ HTTPMethod: "POST",
+ HTTPPath: "/connectors",
+ }
+
+ if input == nil {
+ input = &CreateConnectorInput{}
+ }
+
+ output = &CreateConnectorOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// CreateConnector API operation for Private CA Connector for SCEP.
+//
+// Creates a SCEP connector. A SCEP connector links Amazon Web Services Private
+// Certificate Authority to your SCEP-compatible devices and mobile device management
+// (MDM) systems. Before you create a connector, you must complete a set of
+// prerequisites, including creation of a private certificate authority (CA)
+// to use with this connector. For more information, see Connector for SCEP
+// prerequisites (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-prerequisites.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation CreateConnector for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// - ConflictException
+// This request can't be completed for one of the following reasons because
+// the requested resource was being concurrently modified by another request.
+//
+// - ServiceQuotaExceededException
+// The request would cause a service quota to be exceeded.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/CreateConnector
+func (c *PcaConnectorScep) CreateConnector(input *CreateConnectorInput) (*CreateConnectorOutput, error) {
+ req, out := c.CreateConnectorRequest(input)
+ return out, req.Send()
+}
+
+// CreateConnectorWithContext is the same as CreateConnector with the addition of
+// the ability to pass a context and additional request options.
+//
+// See CreateConnector for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) CreateConnectorWithContext(ctx aws.Context, input *CreateConnectorInput, opts ...request.Option) (*CreateConnectorOutput, error) {
+ req, out := c.CreateConnectorRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteChallenge = "DeleteChallenge"
+
+// DeleteChallengeRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteChallenge operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteChallenge for more information on using the DeleteChallenge
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteChallengeRequest method.
+// req, resp := client.DeleteChallengeRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/DeleteChallenge
+func (c *PcaConnectorScep) DeleteChallengeRequest(input *DeleteChallengeInput) (req *request.Request, output *DeleteChallengeOutput) {
+ op := &request.Operation{
+ Name: opDeleteChallenge,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/challenges/{ChallengeArn}",
+ }
+
+ if input == nil {
+ input = &DeleteChallengeInput{}
+ }
+
+ output = &DeleteChallengeOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteChallenge API operation for Private CA Connector for SCEP.
+//
+// Deletes the specified Challenge (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_Challenge.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation DeleteChallenge for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// - ConflictException
+// This request can't be completed for one of the following reasons because
+// the requested resource was being concurrently modified by another request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/DeleteChallenge
+func (c *PcaConnectorScep) DeleteChallenge(input *DeleteChallengeInput) (*DeleteChallengeOutput, error) {
+ req, out := c.DeleteChallengeRequest(input)
+ return out, req.Send()
+}
+
+// DeleteChallengeWithContext is the same as DeleteChallenge with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteChallenge for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) DeleteChallengeWithContext(ctx aws.Context, input *DeleteChallengeInput, opts ...request.Option) (*DeleteChallengeOutput, error) {
+ req, out := c.DeleteChallengeRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opDeleteConnector = "DeleteConnector"
+
+// DeleteConnectorRequest generates a "aws/request.Request" representing the
+// client's request for the DeleteConnector operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See DeleteConnector for more information on using the DeleteConnector
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the DeleteConnectorRequest method.
+// req, resp := client.DeleteConnectorRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/DeleteConnector
+func (c *PcaConnectorScep) DeleteConnectorRequest(input *DeleteConnectorInput) (req *request.Request, output *DeleteConnectorOutput) {
+ op := &request.Operation{
+ Name: opDeleteConnector,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/connectors/{ConnectorArn}",
+ }
+
+ if input == nil {
+ input = &DeleteConnectorInput{}
+ }
+
+ output = &DeleteConnectorOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// DeleteConnector API operation for Private CA Connector for SCEP.
+//
+// Deletes the specified Connector (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_Connector.html).
+// This operation also deletes any challenges associated with the connector.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation DeleteConnector for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// - ConflictException
+// This request can't be completed for one of the following reasons because
+// the requested resource was being concurrently modified by another request.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/DeleteConnector
+func (c *PcaConnectorScep) DeleteConnector(input *DeleteConnectorInput) (*DeleteConnectorOutput, error) {
+ req, out := c.DeleteConnectorRequest(input)
+ return out, req.Send()
+}
+
+// DeleteConnectorWithContext is the same as DeleteConnector with the addition of
+// the ability to pass a context and additional request options.
+//
+// See DeleteConnector for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) DeleteConnectorWithContext(ctx aws.Context, input *DeleteConnectorInput, opts ...request.Option) (*DeleteConnectorOutput, error) {
+ req, out := c.DeleteConnectorRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetChallengeMetadata = "GetChallengeMetadata"
+
+// GetChallengeMetadataRequest generates a "aws/request.Request" representing the
+// client's request for the GetChallengeMetadata operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetChallengeMetadata for more information on using the GetChallengeMetadata
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetChallengeMetadataRequest method.
+// req, resp := client.GetChallengeMetadataRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetChallengeMetadata
+func (c *PcaConnectorScep) GetChallengeMetadataRequest(input *GetChallengeMetadataInput) (req *request.Request, output *GetChallengeMetadataOutput) {
+ op := &request.Operation{
+ Name: opGetChallengeMetadata,
+ HTTPMethod: "GET",
+ HTTPPath: "/challengeMetadata/{ChallengeArn}",
+ }
+
+ if input == nil {
+ input = &GetChallengeMetadataInput{}
+ }
+
+ output = &GetChallengeMetadataOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetChallengeMetadata API operation for Private CA Connector for SCEP.
+//
+// Retrieves the metadata for the specified Challenge (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_Challenge.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation GetChallengeMetadata for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetChallengeMetadata
+func (c *PcaConnectorScep) GetChallengeMetadata(input *GetChallengeMetadataInput) (*GetChallengeMetadataOutput, error) {
+ req, out := c.GetChallengeMetadataRequest(input)
+ return out, req.Send()
+}
+
+// GetChallengeMetadataWithContext is the same as GetChallengeMetadata with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetChallengeMetadata for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) GetChallengeMetadataWithContext(ctx aws.Context, input *GetChallengeMetadataInput, opts ...request.Option) (*GetChallengeMetadataOutput, error) {
+ req, out := c.GetChallengeMetadataRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetChallengePassword = "GetChallengePassword"
+
+// GetChallengePasswordRequest generates a "aws/request.Request" representing the
+// client's request for the GetChallengePassword operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetChallengePassword for more information on using the GetChallengePassword
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetChallengePasswordRequest method.
+// req, resp := client.GetChallengePasswordRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetChallengePassword
+func (c *PcaConnectorScep) GetChallengePasswordRequest(input *GetChallengePasswordInput) (req *request.Request, output *GetChallengePasswordOutput) {
+ op := &request.Operation{
+ Name: opGetChallengePassword,
+ HTTPMethod: "GET",
+ HTTPPath: "/challengePasswords/{ChallengeArn}",
+ }
+
+ if input == nil {
+ input = &GetChallengePasswordInput{}
+ }
+
+ output = &GetChallengePasswordOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetChallengePassword API operation for Private CA Connector for SCEP.
+//
+// Retrieves the challenge password for the specified Challenge (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_Challenge.html).
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation GetChallengePassword for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetChallengePassword
+func (c *PcaConnectorScep) GetChallengePassword(input *GetChallengePasswordInput) (*GetChallengePasswordOutput, error) {
+ req, out := c.GetChallengePasswordRequest(input)
+ return out, req.Send()
+}
+
+// GetChallengePasswordWithContext is the same as GetChallengePassword with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetChallengePassword for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) GetChallengePasswordWithContext(ctx aws.Context, input *GetChallengePasswordInput, opts ...request.Option) (*GetChallengePasswordOutput, error) {
+ req, out := c.GetChallengePasswordRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opGetConnector = "GetConnector"
+
+// GetConnectorRequest generates a "aws/request.Request" representing the
+// client's request for the GetConnector operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See GetConnector for more information on using the GetConnector
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the GetConnectorRequest method.
+// req, resp := client.GetConnectorRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetConnector
+func (c *PcaConnectorScep) GetConnectorRequest(input *GetConnectorInput) (req *request.Request, output *GetConnectorOutput) {
+ op := &request.Operation{
+ Name: opGetConnector,
+ HTTPMethod: "GET",
+ HTTPPath: "/connectors/{ConnectorArn}",
+ }
+
+ if input == nil {
+ input = &GetConnectorInput{}
+ }
+
+ output = &GetConnectorOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// GetConnector API operation for Private CA Connector for SCEP.
+//
+// Retrieves details about the specified Connector (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_Connector.html).
+// Calling this action returns important details about the connector, such as
+// the public SCEP URL where your clients can request certificates.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation GetConnector for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/GetConnector
+func (c *PcaConnectorScep) GetConnector(input *GetConnectorInput) (*GetConnectorOutput, error) {
+ req, out := c.GetConnectorRequest(input)
+ return out, req.Send()
+}
+
+// GetConnectorWithContext is the same as GetConnector with the addition of
+// the ability to pass a context and additional request options.
+//
+// See GetConnector for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) GetConnectorWithContext(ctx aws.Context, input *GetConnectorInput, opts ...request.Option) (*GetConnectorOutput, error) {
+ req, out := c.GetConnectorRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opListChallengeMetadata = "ListChallengeMetadata"
+
+// ListChallengeMetadataRequest generates a "aws/request.Request" representing the
+// client's request for the ListChallengeMetadata operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListChallengeMetadata for more information on using the ListChallengeMetadata
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListChallengeMetadataRequest method.
+// req, resp := client.ListChallengeMetadataRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListChallengeMetadata
+func (c *PcaConnectorScep) ListChallengeMetadataRequest(input *ListChallengeMetadataInput) (req *request.Request, output *ListChallengeMetadataOutput) {
+ op := &request.Operation{
+ Name: opListChallengeMetadata,
+ HTTPMethod: "GET",
+ HTTPPath: "/challengeMetadata",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"NextToken"},
+ OutputTokens: []string{"NextToken"},
+ LimitToken: "MaxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListChallengeMetadataInput{}
+ }
+
+ output = &ListChallengeMetadataOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListChallengeMetadata API operation for Private CA Connector for SCEP.
+//
+// Retrieves the challenge metadata for the specified ARN.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation ListChallengeMetadata for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListChallengeMetadata
+func (c *PcaConnectorScep) ListChallengeMetadata(input *ListChallengeMetadataInput) (*ListChallengeMetadataOutput, error) {
+ req, out := c.ListChallengeMetadataRequest(input)
+ return out, req.Send()
+}
+
+// ListChallengeMetadataWithContext is the same as ListChallengeMetadata with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListChallengeMetadata for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) ListChallengeMetadataWithContext(ctx aws.Context, input *ListChallengeMetadataInput, opts ...request.Option) (*ListChallengeMetadataOutput, error) {
+ req, out := c.ListChallengeMetadataRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListChallengeMetadataPages iterates over the pages of a ListChallengeMetadata operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListChallengeMetadata method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListChallengeMetadata operation.
+// pageNum := 0
+// err := client.ListChallengeMetadataPages(params,
+// func(page *pcaconnectorscep.ListChallengeMetadataOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *PcaConnectorScep) ListChallengeMetadataPages(input *ListChallengeMetadataInput, fn func(*ListChallengeMetadataOutput, bool) bool) error {
+ return c.ListChallengeMetadataPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListChallengeMetadataPagesWithContext same as ListChallengeMetadataPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) ListChallengeMetadataPagesWithContext(ctx aws.Context, input *ListChallengeMetadataInput, fn func(*ListChallengeMetadataOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListChallengeMetadataInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListChallengeMetadataRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListChallengeMetadataOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListConnectors = "ListConnectors"
+
+// ListConnectorsRequest generates a "aws/request.Request" representing the
+// client's request for the ListConnectors operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListConnectors for more information on using the ListConnectors
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListConnectorsRequest method.
+// req, resp := client.ListConnectorsRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListConnectors
+func (c *PcaConnectorScep) ListConnectorsRequest(input *ListConnectorsInput) (req *request.Request, output *ListConnectorsOutput) {
+ op := &request.Operation{
+ Name: opListConnectors,
+ HTTPMethod: "GET",
+ HTTPPath: "/connectors",
+ Paginator: &request.Paginator{
+ InputTokens: []string{"NextToken"},
+ OutputTokens: []string{"NextToken"},
+ LimitToken: "MaxResults",
+ TruncationToken: "",
+ },
+ }
+
+ if input == nil {
+ input = &ListConnectorsInput{}
+ }
+
+ output = &ListConnectorsOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListConnectors API operation for Private CA Connector for SCEP.
+//
+// Lists the connectors belonging to your Amazon Web Services account.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation ListConnectors for usage and error information.
+//
+// Returned Error Types:
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListConnectors
+func (c *PcaConnectorScep) ListConnectors(input *ListConnectorsInput) (*ListConnectorsOutput, error) {
+ req, out := c.ListConnectorsRequest(input)
+ return out, req.Send()
+}
+
+// ListConnectorsWithContext is the same as ListConnectors with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListConnectors for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) ListConnectorsWithContext(ctx aws.Context, input *ListConnectorsInput, opts ...request.Option) (*ListConnectorsOutput, error) {
+ req, out := c.ListConnectorsRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// ListConnectorsPages iterates over the pages of a ListConnectors operation,
+// calling the "fn" function with the response data for each page. To stop
+// iterating, return false from the fn function.
+//
+// See ListConnectors method for more information on how to use this operation.
+//
+// Note: This operation can generate multiple requests to a service.
+//
+// // Example iterating over at most 3 pages of a ListConnectors operation.
+// pageNum := 0
+// err := client.ListConnectorsPages(params,
+// func(page *pcaconnectorscep.ListConnectorsOutput, lastPage bool) bool {
+// pageNum++
+// fmt.Println(page)
+// return pageNum <= 3
+// })
+func (c *PcaConnectorScep) ListConnectorsPages(input *ListConnectorsInput, fn func(*ListConnectorsOutput, bool) bool) error {
+ return c.ListConnectorsPagesWithContext(aws.BackgroundContext(), input, fn)
+}
+
+// ListConnectorsPagesWithContext same as ListConnectorsPages except
+// it takes a Context and allows setting request options on the pages.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) ListConnectorsPagesWithContext(ctx aws.Context, input *ListConnectorsInput, fn func(*ListConnectorsOutput, bool) bool, opts ...request.Option) error {
+ p := request.Pagination{
+ NewRequest: func() (*request.Request, error) {
+ var inCpy *ListConnectorsInput
+ if input != nil {
+ tmp := *input
+ inCpy = &tmp
+ }
+ req, _ := c.ListConnectorsRequest(inCpy)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return req, nil
+ },
+ }
+
+ for p.Next() {
+ if !fn(p.Page().(*ListConnectorsOutput), !p.HasNextPage()) {
+ break
+ }
+ }
+
+ return p.Err()
+}
+
+const opListTagsForResource = "ListTagsForResource"
+
+// ListTagsForResourceRequest generates a "aws/request.Request" representing the
+// client's request for the ListTagsForResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See ListTagsForResource for more information on using the ListTagsForResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the ListTagsForResourceRequest method.
+// req, resp := client.ListTagsForResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListTagsForResource
+func (c *PcaConnectorScep) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req *request.Request, output *ListTagsForResourceOutput) {
+ op := &request.Operation{
+ Name: opListTagsForResource,
+ HTTPMethod: "GET",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &ListTagsForResourceInput{}
+ }
+
+ output = &ListTagsForResourceOutput{}
+ req = c.newRequest(op, input, output)
+ return
+}
+
+// ListTagsForResource API operation for Private CA Connector for SCEP.
+//
+// Retrieves the tags associated with the specified resource. Tags are key-value
+// pairs that you can use to categorize and manage your resources, for purposes
+// like billing. For example, you might set the tag key to "customer" and the
+// value to the customer name or ID. You can specify one or more tags to add
+// to each Amazon Web Services resource, up to 50 tags for a resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation ListTagsForResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/ListTagsForResource
+func (c *PcaConnectorScep) ListTagsForResource(input *ListTagsForResourceInput) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ return out, req.Send()
+}
+
+// ListTagsForResourceWithContext is the same as ListTagsForResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See ListTagsForResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) ListTagsForResourceWithContext(ctx aws.Context, input *ListTagsForResourceInput, opts ...request.Option) (*ListTagsForResourceOutput, error) {
+ req, out := c.ListTagsForResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opTagResource = "TagResource"
+
+// TagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the TagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See TagResource for more information on using the TagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the TagResourceRequest method.
+// req, resp := client.TagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/TagResource
+func (c *PcaConnectorScep) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) {
+ op := &request.Operation{
+ Name: opTagResource,
+ HTTPMethod: "POST",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &TagResourceInput{}
+ }
+
+ output = &TagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// TagResource API operation for Private CA Connector for SCEP.
+//
+// Adds one or more tags to your resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation TagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/TagResource
+func (c *PcaConnectorScep) TagResource(input *TagResourceInput) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ return out, req.Send()
+}
+
+// TagResourceWithContext is the same as TagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See TagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) {
+ req, out := c.TagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+const opUntagResource = "UntagResource"
+
+// UntagResourceRequest generates a "aws/request.Request" representing the
+// client's request for the UntagResource operation. The "output" return
+// value will be populated with the request's response once the request completes
+// successfully.
+//
+// Use "Send" method on the returned Request to send the API call to the service.
+// the "output" return value is not valid until after Send returns without error.
+//
+// See UntagResource for more information on using the UntagResource
+// API call, and error handling.
+//
+// This method is useful when you want to inject custom logic or configuration
+// into the SDK's request lifecycle. Such as custom headers, or retry logic.
+//
+// // Example sending a request using the UntagResourceRequest method.
+// req, resp := client.UntagResourceRequest(params)
+//
+// err := req.Send()
+// if err == nil { // resp is now filled
+// fmt.Println(resp)
+// }
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/UntagResource
+func (c *PcaConnectorScep) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) {
+ op := &request.Operation{
+ Name: opUntagResource,
+ HTTPMethod: "DELETE",
+ HTTPPath: "/tags/{ResourceArn}",
+ }
+
+ if input == nil {
+ input = &UntagResourceInput{}
+ }
+
+ output = &UntagResourceOutput{}
+ req = c.newRequest(op, input, output)
+ req.Handlers.Unmarshal.Swap(restjson.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler)
+ return
+}
+
+// UntagResource API operation for Private CA Connector for SCEP.
+//
+// Removes one or more tags from your resource.
+//
+// Returns awserr.Error for service API and SDK errors. Use runtime type assertions
+// with awserr.Error's Code and Message methods to get detailed information about
+// the error.
+//
+// See the AWS API reference guide for Private CA Connector for SCEP's
+// API operation UntagResource for usage and error information.
+//
+// Returned Error Types:
+//
+// - ResourceNotFoundException
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+//
+// - InternalServerException
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+//
+// - ValidationException
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+//
+// - ThrottlingException
+// The limit on the number of requests per second was exceeded.
+//
+// - AccessDeniedException
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+//
+// See also, https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10/UntagResource
+func (c *PcaConnectorScep) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ return out, req.Send()
+}
+
+// UntagResourceWithContext is the same as UntagResource with the addition of
+// the ability to pass a context and additional request options.
+//
+// See UntagResource for details on how to use this API operation.
+//
+// The context must be non-nil and will be used for request cancellation. If
+// the context is nil a panic will occur. In the future the SDK may create
+// sub-contexts for http.Requests. See https://golang.org/pkg/context/
+// for more information on using Contexts.
+func (c *PcaConnectorScep) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) {
+ req, out := c.UntagResourceRequest(input)
+ req.SetContext(ctx)
+ req.ApplyOptions(opts...)
+ return out, req.Send()
+}
+
+// You can receive this error if you attempt to perform an operation and you
+// don't have the required permissions. This can be caused by insufficient permissions
+// in policies attached to your Amazon Web Services Identity and Access Management
+// (IAM) principal. It can also happen because of restrictions in place from
+// an Amazon Web Services Organizations service control policy (SCP) that affects
+// your Amazon Web Services account.
+type AccessDeniedException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s AccessDeniedException) GoString() string {
+ return s.String()
+}
+
+func newErrorAccessDeniedException(v protocol.ResponseMetadata) error {
+ return &AccessDeniedException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *AccessDeniedException) Code() string {
+ return "AccessDeniedException"
+}
+
+// Message returns the exception's message.
+func (s *AccessDeniedException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *AccessDeniedException) OrigErr() error {
+ return nil
+}
+
+func (s *AccessDeniedException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *AccessDeniedException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *AccessDeniedException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request is malformed or contains an error such as an invalid parameter
+// value or a missing required parameter.
+type BadRequestException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BadRequestException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s BadRequestException) GoString() string {
+ return s.String()
+}
+
+func newErrorBadRequestException(v protocol.ResponseMetadata) error {
+ return &BadRequestException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *BadRequestException) Code() string {
+ return "BadRequestException"
+}
+
+// Message returns the exception's message.
+func (s *BadRequestException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *BadRequestException) OrigErr() error {
+ return nil
+}
+
+func (s *BadRequestException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *BadRequestException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *BadRequestException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// For Connector for SCEP for general-purpose. An object containing information
+// about the specified connector's SCEP challenge passwords.
+type Challenge struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the challenge.
+ Arn *string `min:"5" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ ConnectorArn *string `min:"5" type:"string"`
+
+ // The date and time that the challenge was created.
+ CreatedAt *time.Time `type:"timestamp"`
+
+ // The SCEP challenge password, in UUID format.
+ //
+ // Password is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by Challenge's
+ // String and GoString methods.
+ Password *string `type:"string" sensitive:"true"`
+
+ // The date and time that the challenge was updated.
+ UpdatedAt *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Challenge) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Challenge) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *Challenge) SetArn(v string) *Challenge {
+ s.Arn = &v
+ return s
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *Challenge) SetConnectorArn(v string) *Challenge {
+ s.ConnectorArn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *Challenge) SetCreatedAt(v time.Time) *Challenge {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetPassword sets the Password field's value.
+func (s *Challenge) SetPassword(v string) *Challenge {
+ s.Password = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *Challenge) SetUpdatedAt(v time.Time) *Challenge {
+ s.UpdatedAt = &v
+ return s
+}
+
+// Contains details about the connector's challenge.
+type ChallengeMetadata struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the challenge.
+ Arn *string `min:"5" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ ConnectorArn *string `min:"5" type:"string"`
+
+ // The date and time that the connector was created.
+ CreatedAt *time.Time `type:"timestamp"`
+
+ // The date and time that the connector was updated.
+ UpdatedAt *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ChallengeMetadata) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ChallengeMetadata) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *ChallengeMetadata) SetArn(v string) *ChallengeMetadata {
+ s.Arn = &v
+ return s
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *ChallengeMetadata) SetConnectorArn(v string) *ChallengeMetadata {
+ s.ConnectorArn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *ChallengeMetadata) SetCreatedAt(v time.Time) *ChallengeMetadata {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *ChallengeMetadata) SetUpdatedAt(v time.Time) *ChallengeMetadata {
+ s.UpdatedAt = &v
+ return s
+}
+
+// Details about the specified challenge, returned by the GetChallengeMetadata
+// (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_GetChallengeMetadata.html)
+// action.
+type ChallengeMetadataSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the challenge.
+ Arn *string `min:"5" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ ConnectorArn *string `min:"5" type:"string"`
+
+ // The date and time that the challenge was created.
+ CreatedAt *time.Time `type:"timestamp"`
+
+ // The date and time that the challenge was updated.
+ UpdatedAt *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ChallengeMetadataSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ChallengeMetadataSummary) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *ChallengeMetadataSummary) SetArn(v string) *ChallengeMetadataSummary {
+ s.Arn = &v
+ return s
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *ChallengeMetadataSummary) SetConnectorArn(v string) *ChallengeMetadataSummary {
+ s.ConnectorArn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *ChallengeMetadataSummary) SetCreatedAt(v time.Time) *ChallengeMetadataSummary {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *ChallengeMetadataSummary) SetUpdatedAt(v time.Time) *ChallengeMetadataSummary {
+ s.UpdatedAt = &v
+ return s
+}
+
+// This request can't be completed for one of the following reasons because
+// the requested resource was being concurrently modified by another request.
+type ConflictException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+
+ // The identifier of the Amazon Web Services resource.
+ //
+ // ResourceId is a required field
+ ResourceId *string `type:"string" required:"true"`
+
+ // The resource type, which can be either Connector or Challenge.
+ //
+ // ResourceType is a required field
+ ResourceType *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConflictException) GoString() string {
+ return s.String()
+}
+
+func newErrorConflictException(v protocol.ResponseMetadata) error {
+ return &ConflictException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ConflictException) Code() string {
+ return "ConflictException"
+}
+
+// Message returns the exception's message.
+func (s *ConflictException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ConflictException) OrigErr() error {
+ return nil
+}
+
+func (s *ConflictException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ConflictException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ConflictException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Connector for SCEP is a service that links Amazon Web Services Private Certificate
+// Authority to your SCEP-enabled devices. The connector brokers the exchange
+// of certificates from Amazon Web Services Private CA to your SCEP-enabled
+// devices and mobile device management systems. The connector is a complex
+// type that contains the connector's configuration settings.
+type Connector struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ Arn *string `min:"5" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the certificate authority associated with
+ // the connector.
+ CertificateAuthorityArn *string `min:"5" type:"string"`
+
+ // The date and time that the connector was created.
+ CreatedAt *time.Time `type:"timestamp"`
+
+ // The connector's HTTPS public SCEP URL.
+ Endpoint *string `type:"string"`
+
+ // Contains settings relevant to the mobile device management system that you
+ // chose for the connector. If you didn't configure MobileDeviceManagement,
+ // then the connector is for general-purpose use and this object is empty.
+ MobileDeviceManagement *MobileDeviceManagement `type:"structure"`
+
+ // Contains OpenID Connect (OIDC) parameters for use with Connector for SCEP
+ // for Microsoft Intune. For more information about using Connector for SCEP
+ // for Microsoft Intune, see Using Connector for SCEP for Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+ OpenIdConfiguration *OpenIdConfiguration `type:"structure"`
+
+ // The connector's status.
+ Status *string `type:"string" enum:"ConnectorStatus"`
+
+ // Information about why connector creation failed, if status is FAILED.
+ StatusReason *string `type:"string" enum:"ConnectorStatusReason"`
+
+ // The connector type.
+ Type *string `type:"string" enum:"ConnectorType"`
+
+ // The date and time that the connector was updated.
+ UpdatedAt *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Connector) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s Connector) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *Connector) SetArn(v string) *Connector {
+ s.Arn = &v
+ return s
+}
+
+// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value.
+func (s *Connector) SetCertificateAuthorityArn(v string) *Connector {
+ s.CertificateAuthorityArn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *Connector) SetCreatedAt(v time.Time) *Connector {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetEndpoint sets the Endpoint field's value.
+func (s *Connector) SetEndpoint(v string) *Connector {
+ s.Endpoint = &v
+ return s
+}
+
+// SetMobileDeviceManagement sets the MobileDeviceManagement field's value.
+func (s *Connector) SetMobileDeviceManagement(v *MobileDeviceManagement) *Connector {
+ s.MobileDeviceManagement = v
+ return s
+}
+
+// SetOpenIdConfiguration sets the OpenIdConfiguration field's value.
+func (s *Connector) SetOpenIdConfiguration(v *OpenIdConfiguration) *Connector {
+ s.OpenIdConfiguration = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *Connector) SetStatus(v string) *Connector {
+ s.Status = &v
+ return s
+}
+
+// SetStatusReason sets the StatusReason field's value.
+func (s *Connector) SetStatusReason(v string) *Connector {
+ s.StatusReason = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *Connector) SetType(v string) *Connector {
+ s.Type = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *Connector) SetUpdatedAt(v time.Time) *Connector {
+ s.UpdatedAt = &v
+ return s
+}
+
+// Lists the Amazon Web Services Private CA SCEP connectors belonging to your
+// Amazon Web Services account.
+type ConnectorSummary struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ Arn *string `min:"5" type:"string"`
+
+ // The Amazon Resource Name (ARN) of the connector's associated certificate
+ // authority.
+ CertificateAuthorityArn *string `min:"5" type:"string"`
+
+ // The date and time that the challenge was created.
+ CreatedAt *time.Time `type:"timestamp"`
+
+ // The connector's HTTPS public SCEP URL.
+ Endpoint *string `type:"string"`
+
+ // Contains settings relevant to the mobile device management system that you
+ // chose for the connector. If you didn't configure MobileDeviceManagement,
+ // then the connector is for general-purpose use and this object is empty.
+ MobileDeviceManagement *MobileDeviceManagement `type:"structure"`
+
+ // Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune.
+ OpenIdConfiguration *OpenIdConfiguration `type:"structure"`
+
+ // The connector's status. Status can be creating, active, deleting, or failed.
+ Status *string `type:"string" enum:"ConnectorStatus"`
+
+ // Information about why connector creation failed, if status is FAILED.
+ StatusReason *string `type:"string" enum:"ConnectorStatusReason"`
+
+ // The connector type.
+ Type *string `type:"string" enum:"ConnectorType"`
+
+ // The date and time that the challenge was updated.
+ UpdatedAt *time.Time `type:"timestamp"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConnectorSummary) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ConnectorSummary) GoString() string {
+ return s.String()
+}
+
+// SetArn sets the Arn field's value.
+func (s *ConnectorSummary) SetArn(v string) *ConnectorSummary {
+ s.Arn = &v
+ return s
+}
+
+// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value.
+func (s *ConnectorSummary) SetCertificateAuthorityArn(v string) *ConnectorSummary {
+ s.CertificateAuthorityArn = &v
+ return s
+}
+
+// SetCreatedAt sets the CreatedAt field's value.
+func (s *ConnectorSummary) SetCreatedAt(v time.Time) *ConnectorSummary {
+ s.CreatedAt = &v
+ return s
+}
+
+// SetEndpoint sets the Endpoint field's value.
+func (s *ConnectorSummary) SetEndpoint(v string) *ConnectorSummary {
+ s.Endpoint = &v
+ return s
+}
+
+// SetMobileDeviceManagement sets the MobileDeviceManagement field's value.
+func (s *ConnectorSummary) SetMobileDeviceManagement(v *MobileDeviceManagement) *ConnectorSummary {
+ s.MobileDeviceManagement = v
+ return s
+}
+
+// SetOpenIdConfiguration sets the OpenIdConfiguration field's value.
+func (s *ConnectorSummary) SetOpenIdConfiguration(v *OpenIdConfiguration) *ConnectorSummary {
+ s.OpenIdConfiguration = v
+ return s
+}
+
+// SetStatus sets the Status field's value.
+func (s *ConnectorSummary) SetStatus(v string) *ConnectorSummary {
+ s.Status = &v
+ return s
+}
+
+// SetStatusReason sets the StatusReason field's value.
+func (s *ConnectorSummary) SetStatusReason(v string) *ConnectorSummary {
+ s.StatusReason = &v
+ return s
+}
+
+// SetType sets the Type field's value.
+func (s *ConnectorSummary) SetType(v string) *ConnectorSummary {
+ s.Type = &v
+ return s
+}
+
+// SetUpdatedAt sets the UpdatedAt field's value.
+func (s *ConnectorSummary) SetUpdatedAt(v time.Time) *ConnectorSummary {
+ s.UpdatedAt = &v
+ return s
+}
+
+type CreateChallengeInput struct {
+ _ struct{} `type:"structure"`
+
+ // Custom string that can be used to distinguish between calls to the CreateChallenge
+ // (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_CreateChallenge.html)
+ // action. Client tokens for CreateChallenge time out after five minutes. Therefore,
+ // if you call CreateChallenge multiple times with the same client token within
+ // five minutes, Connector for SCEP recognizes that you are requesting only
+ // one challenge and will only respond with one. If you change the client token
+ // for each call, Connector for SCEP recognizes that you are requesting multiple
+ // challenge passwords.
+ ClientToken *string `min:"1" type:"string" idempotencyToken:"true"`
+
+ // The Amazon Resource Name (ARN) of the connector that you want to create a
+ // challenge for.
+ //
+ // ConnectorArn is a required field
+ ConnectorArn *string `min:"5" type:"string" required:"true"`
+
+ // The key-value pairs to associate with the resource.
+ Tags map[string]*string `type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateChallengeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateChallengeInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateChallengeInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateChallengeInput"}
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.ConnectorArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConnectorArn"))
+ }
+ if s.ConnectorArn != nil && len(*s.ConnectorArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ConnectorArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateChallengeInput) SetClientToken(v string) *CreateChallengeInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *CreateChallengeInput) SetConnectorArn(v string) *CreateChallengeInput {
+ s.ConnectorArn = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateChallengeInput) SetTags(v map[string]*string) *CreateChallengeInput {
+ s.Tags = v
+ return s
+}
+
+type CreateChallengeOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Returns the challenge details for the specified connector.
+ Challenge *Challenge `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateChallengeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateChallengeOutput) GoString() string {
+ return s.String()
+}
+
+// SetChallenge sets the Challenge field's value.
+func (s *CreateChallengeOutput) SetChallenge(v *Challenge) *CreateChallengeOutput {
+ s.Challenge = v
+ return s
+}
+
+type CreateConnectorInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the Amazon Web Services Private Certificate
+ // Authority certificate authority to use with this connector. Due to security
+ // vulnerabilities present in the SCEP protocol, we recommend using a private
+ // CA that's dedicated for use with the connector.
+ //
+ // To retrieve the private CAs associated with your account, you can call ListCertificateAuthorities
+ // (https://docs.aws.amazon.com/privateca/latest/APIReference/API_ListCertificateAuthorities.html)
+ // using the Amazon Web Services Private CA API.
+ //
+ // CertificateAuthorityArn is a required field
+ CertificateAuthorityArn *string `min:"5" type:"string" required:"true"`
+
+ // Custom string that can be used to distinguish between calls to the CreateChallenge
+ // (https://docs.aws.amazon.com/C4SCEP_API/pca-connector-scep/latest/APIReference/API_CreateChallenge.html)
+ // action. Client tokens for CreateChallenge time out after five minutes. Therefore,
+ // if you call CreateChallenge multiple times with the same client token within
+ // five minutes, Connector for SCEP recognizes that you are requesting only
+ // one challenge and will only respond with one. If you change the client token
+ // for each call, Connector for SCEP recognizes that you are requesting multiple
+ // challenge passwords.
+ ClientToken *string `min:"1" type:"string" idempotencyToken:"true"`
+
+ // If you don't supply a value, by default Connector for SCEP creates a connector
+ // for general-purpose use. A general-purpose connector is designed to work
+ // with clients or endpoints that support the SCEP protocol, except Connector
+ // for SCEP for Microsoft Intune. With connectors for general-purpose use, you
+ // manage SCEP challenge passwords using Connector for SCEP. For information
+ // about considerations and limitations with using Connector for SCEP, see Considerations
+ // and Limitations (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlc4scep-considerations-limitations.html).
+ //
+ // If you provide an IntuneConfiguration, Connector for SCEP creates a connector
+ // for use with Microsoft Intune, and you manage the challenge passwords using
+ // Microsoft Intune. For more information, see Using Connector for SCEP for
+ // Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+ MobileDeviceManagement *MobileDeviceManagement `type:"structure"`
+
+ // The key-value pairs to associate with the resource.
+ Tags map[string]*string `type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateConnectorInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateConnectorInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *CreateConnectorInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "CreateConnectorInput"}
+ if s.CertificateAuthorityArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("CertificateAuthorityArn"))
+ }
+ if s.CertificateAuthorityArn != nil && len(*s.CertificateAuthorityArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("CertificateAuthorityArn", 5))
+ }
+ if s.ClientToken != nil && len(*s.ClientToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ClientToken", 1))
+ }
+ if s.MobileDeviceManagement != nil {
+ if err := s.MobileDeviceManagement.Validate(); err != nil {
+ invalidParams.AddNested("MobileDeviceManagement", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetCertificateAuthorityArn sets the CertificateAuthorityArn field's value.
+func (s *CreateConnectorInput) SetCertificateAuthorityArn(v string) *CreateConnectorInput {
+ s.CertificateAuthorityArn = &v
+ return s
+}
+
+// SetClientToken sets the ClientToken field's value.
+func (s *CreateConnectorInput) SetClientToken(v string) *CreateConnectorInput {
+ s.ClientToken = &v
+ return s
+}
+
+// SetMobileDeviceManagement sets the MobileDeviceManagement field's value.
+func (s *CreateConnectorInput) SetMobileDeviceManagement(v *MobileDeviceManagement) *CreateConnectorInput {
+ s.MobileDeviceManagement = v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *CreateConnectorInput) SetTags(v map[string]*string) *CreateConnectorInput {
+ s.Tags = v
+ return s
+}
+
+type CreateConnectorOutput struct {
+ _ struct{} `type:"structure"`
+
+ // Returns the Amazon Resource Name (ARN) of the connector.
+ ConnectorArn *string `min:"5" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateConnectorOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s CreateConnectorOutput) GoString() string {
+ return s.String()
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *CreateConnectorOutput) SetConnectorArn(v string) *CreateConnectorOutput {
+ s.ConnectorArn = &v
+ return s
+}
+
+type DeleteChallengeInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the challenge password to delete.
+ //
+ // ChallengeArn is a required field
+ ChallengeArn *string `location:"uri" locationName:"ChallengeArn" min:"5" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteChallengeInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteChallengeInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteChallengeInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteChallengeInput"}
+ if s.ChallengeArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ChallengeArn"))
+ }
+ if s.ChallengeArn != nil && len(*s.ChallengeArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ChallengeArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetChallengeArn sets the ChallengeArn field's value.
+func (s *DeleteChallengeInput) SetChallengeArn(v string) *DeleteChallengeInput {
+ s.ChallengeArn = &v
+ return s
+}
+
+type DeleteChallengeOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteChallengeOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteChallengeOutput) GoString() string {
+ return s.String()
+}
+
+type DeleteConnectorInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the connector to delete.
+ //
+ // ConnectorArn is a required field
+ ConnectorArn *string `location:"uri" locationName:"ConnectorArn" min:"5" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteConnectorInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteConnectorInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *DeleteConnectorInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "DeleteConnectorInput"}
+ if s.ConnectorArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConnectorArn"))
+ }
+ if s.ConnectorArn != nil && len(*s.ConnectorArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ConnectorArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *DeleteConnectorInput) SetConnectorArn(v string) *DeleteConnectorInput {
+ s.ConnectorArn = &v
+ return s
+}
+
+type DeleteConnectorOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteConnectorOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s DeleteConnectorOutput) GoString() string {
+ return s.String()
+}
+
+type GetChallengeMetadataInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the challenge.
+ //
+ // ChallengeArn is a required field
+ ChallengeArn *string `location:"uri" locationName:"ChallengeArn" min:"5" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengeMetadataInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengeMetadataInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetChallengeMetadataInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetChallengeMetadataInput"}
+ if s.ChallengeArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ChallengeArn"))
+ }
+ if s.ChallengeArn != nil && len(*s.ChallengeArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ChallengeArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetChallengeArn sets the ChallengeArn field's value.
+func (s *GetChallengeMetadataInput) SetChallengeArn(v string) *GetChallengeMetadataInput {
+ s.ChallengeArn = &v
+ return s
+}
+
+type GetChallengeMetadataOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The metadata for the challenge.
+ ChallengeMetadata *ChallengeMetadata `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengeMetadataOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengeMetadataOutput) GoString() string {
+ return s.String()
+}
+
+// SetChallengeMetadata sets the ChallengeMetadata field's value.
+func (s *GetChallengeMetadataOutput) SetChallengeMetadata(v *ChallengeMetadata) *GetChallengeMetadataOutput {
+ s.ChallengeMetadata = v
+ return s
+}
+
+type GetChallengePasswordInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the challenge.
+ //
+ // ChallengeArn is a required field
+ ChallengeArn *string `location:"uri" locationName:"ChallengeArn" min:"5" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengePasswordInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengePasswordInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetChallengePasswordInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetChallengePasswordInput"}
+ if s.ChallengeArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ChallengeArn"))
+ }
+ if s.ChallengeArn != nil && len(*s.ChallengeArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ChallengeArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetChallengeArn sets the ChallengeArn field's value.
+func (s *GetChallengePasswordInput) SetChallengeArn(v string) *GetChallengePasswordInput {
+ s.ChallengeArn = &v
+ return s
+}
+
+type GetChallengePasswordOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The SCEP challenge password.
+ //
+ // Password is a sensitive parameter and its value will be
+ // replaced with "sensitive" in string returned by GetChallengePasswordOutput's
+ // String and GoString methods.
+ Password *string `type:"string" sensitive:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengePasswordOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetChallengePasswordOutput) GoString() string {
+ return s.String()
+}
+
+// SetPassword sets the Password field's value.
+func (s *GetChallengePasswordOutput) SetPassword(v string) *GetChallengePasswordOutput {
+ s.Password = &v
+ return s
+}
+
+type GetConnectorInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ //
+ // ConnectorArn is a required field
+ ConnectorArn *string `location:"uri" locationName:"ConnectorArn" min:"5" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetConnectorInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetConnectorInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *GetConnectorInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "GetConnectorInput"}
+ if s.ConnectorArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConnectorArn"))
+ }
+ if s.ConnectorArn != nil && len(*s.ConnectorArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ConnectorArn", 5))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *GetConnectorInput) SetConnectorArn(v string) *GetConnectorInput {
+ s.ConnectorArn = &v
+ return s
+}
+
+type GetConnectorOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The properties of the connector.
+ Connector *Connector `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetConnectorOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s GetConnectorOutput) GoString() string {
+ return s.String()
+}
+
+// SetConnector sets the Connector field's value.
+func (s *GetConnectorOutput) SetConnector(v *Connector) *GetConnectorOutput {
+ s.Connector = v
+ return s
+}
+
+// The request processing has failed because of an unknown error, exception
+// or failure with an internal server.
+type InternalServerException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s InternalServerException) GoString() string {
+ return s.String()
+}
+
+func newErrorInternalServerException(v protocol.ResponseMetadata) error {
+ return &InternalServerException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *InternalServerException) Code() string {
+ return "InternalServerException"
+}
+
+// Message returns the exception's message.
+func (s *InternalServerException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *InternalServerException) OrigErr() error {
+ return nil
+}
+
+func (s *InternalServerException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *InternalServerException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *InternalServerException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// Contains configuration details for use with Microsoft Intune. For information
+// about using Connector for SCEP for Microsoft Intune, see Using Connector
+// for SCEP for Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+//
+// When you use Connector for SCEP for Microsoft Intune, certain functionalities
+// are enabled by accessing Microsoft Intune through the Microsoft API. Your
+// use of the Connector for SCEP and accompanying Amazon Web Services services
+// doesn't remove your need to have a valid license for your use of the Microsoft
+// Intune service. You should also review the Microsoft IntuneĀ® App Protection
+// Policies (https://learn.microsoft.com/en-us/mem/intune/apps/app-protection-policy).
+type IntuneConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // The directory (tenant) ID from your Microsoft Entra ID app registration.
+ //
+ // AzureApplicationId is a required field
+ AzureApplicationId *string `min:"15" type:"string" required:"true"`
+
+ // The primary domain from your Microsoft Entra ID app registration.
+ //
+ // Domain is a required field
+ Domain *string `min:"1" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntuneConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s IntuneConfiguration) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *IntuneConfiguration) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "IntuneConfiguration"}
+ if s.AzureApplicationId == nil {
+ invalidParams.Add(request.NewErrParamRequired("AzureApplicationId"))
+ }
+ if s.AzureApplicationId != nil && len(*s.AzureApplicationId) < 15 {
+ invalidParams.Add(request.NewErrParamMinLen("AzureApplicationId", 15))
+ }
+ if s.Domain == nil {
+ invalidParams.Add(request.NewErrParamRequired("Domain"))
+ }
+ if s.Domain != nil && len(*s.Domain) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("Domain", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetAzureApplicationId sets the AzureApplicationId field's value.
+func (s *IntuneConfiguration) SetAzureApplicationId(v string) *IntuneConfiguration {
+ s.AzureApplicationId = &v
+ return s
+}
+
+// SetDomain sets the Domain field's value.
+func (s *IntuneConfiguration) SetDomain(v string) *IntuneConfiguration {
+ s.Domain = &v
+ return s
+}
+
+type ListChallengeMetadataInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the connector.
+ //
+ // ConnectorArn is a required field
+ ConnectorArn *string `location:"querystring" locationName:"ConnectorArn" min:"5" type:"string" required:"true"`
+
+ // The maximum number of objects that you want Connector for SCEP to return
+ // for this request. If more objects are available, in the response, Connector
+ // for SCEP provides a NextToken value that you can use in a subsequent call
+ // to get the next batch of objects.
+ MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"`
+
+ // When you request a list of objects with a MaxResults setting, if the number
+ // of objects that are still available for retrieval exceeds the maximum you
+ // requested, Connector for SCEP returns a NextToken value in the response.
+ // To retrieve the next batch of objects, use the token returned from the prior
+ // request in your next request.
+ NextToken *string `location:"querystring" locationName:"NextToken" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListChallengeMetadataInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListChallengeMetadataInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListChallengeMetadataInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListChallengeMetadataInput"}
+ if s.ConnectorArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ConnectorArn"))
+ }
+ if s.ConnectorArn != nil && len(*s.ConnectorArn) < 5 {
+ invalidParams.Add(request.NewErrParamMinLen("ConnectorArn", 5))
+ }
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.NextToken != nil && len(*s.NextToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetConnectorArn sets the ConnectorArn field's value.
+func (s *ListChallengeMetadataInput) SetConnectorArn(v string) *ListChallengeMetadataInput {
+ s.ConnectorArn = &v
+ return s
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListChallengeMetadataInput) SetMaxResults(v int64) *ListChallengeMetadataInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListChallengeMetadataInput) SetNextToken(v string) *ListChallengeMetadataInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListChallengeMetadataOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The challenge metadata for the challenges belonging to your Amazon Web Services
+ // account.
+ Challenges []*ChallengeMetadataSummary `type:"list"`
+
+ // When you request a list of objects with a MaxResults setting, if the number
+ // of objects that are still available for retrieval exceeds the maximum you
+ // requested, Connector for SCEP returns a NextToken value in the response.
+ // To retrieve the next batch of objects, use the token returned from the prior
+ // request in your next request.
+ NextToken *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListChallengeMetadataOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListChallengeMetadataOutput) GoString() string {
+ return s.String()
+}
+
+// SetChallenges sets the Challenges field's value.
+func (s *ListChallengeMetadataOutput) SetChallenges(v []*ChallengeMetadataSummary) *ListChallengeMetadataOutput {
+ s.Challenges = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListChallengeMetadataOutput) SetNextToken(v string) *ListChallengeMetadataOutput {
+ s.NextToken = &v
+ return s
+}
+
+type ListConnectorsInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The maximum number of objects that you want Connector for SCEP to return
+ // for this request. If more objects are available, in the response, Connector
+ // for SCEP provides a NextToken value that you can use in a subsequent call
+ // to get the next batch of objects.
+ MaxResults *int64 `location:"querystring" locationName:"MaxResults" min:"1" type:"integer"`
+
+ // When you request a list of objects with a MaxResults setting, if the number
+ // of objects that are still available for retrieval exceeds the maximum you
+ // requested, Connector for SCEP returns a NextToken value in the response.
+ // To retrieve the next batch of objects, use the token returned from the prior
+ // request in your next request.
+ NextToken *string `location:"querystring" locationName:"NextToken" min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListConnectorsInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListConnectorsInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListConnectorsInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListConnectorsInput"}
+ if s.MaxResults != nil && *s.MaxResults < 1 {
+ invalidParams.Add(request.NewErrParamMinValue("MaxResults", 1))
+ }
+ if s.NextToken != nil && len(*s.NextToken) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("NextToken", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetMaxResults sets the MaxResults field's value.
+func (s *ListConnectorsInput) SetMaxResults(v int64) *ListConnectorsInput {
+ s.MaxResults = &v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListConnectorsInput) SetNextToken(v string) *ListConnectorsInput {
+ s.NextToken = &v
+ return s
+}
+
+type ListConnectorsOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The connectors belonging to your Amazon Web Services account.
+ Connectors []*ConnectorSummary `type:"list"`
+
+ // When you request a list of objects with a MaxResults setting, if the number
+ // of objects that are still available for retrieval exceeds the maximum you
+ // requested, Connector for SCEP returns a NextToken value in the response.
+ // To retrieve the next batch of objects, use the token returned from the prior
+ // request in your next request.
+ NextToken *string `min:"1" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListConnectorsOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListConnectorsOutput) GoString() string {
+ return s.String()
+}
+
+// SetConnectors sets the Connectors field's value.
+func (s *ListConnectorsOutput) SetConnectors(v []*ConnectorSummary) *ListConnectorsOutput {
+ s.Connectors = v
+ return s
+}
+
+// SetNextToken sets the NextToken field's value.
+func (s *ListConnectorsOutput) SetNextToken(v string) *ListConnectorsOutput {
+ s.NextToken = &v
+ return s
+}
+
+type ListTagsForResourceInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the resource.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *ListTagsForResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "ListTagsForResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *ListTagsForResourceInput) SetResourceArn(v string) *ListTagsForResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+type ListTagsForResourceOutput struct {
+ _ struct{} `type:"structure"`
+
+ // The key-value pairs to associate with the resource.
+ Tags map[string]*string `type:"map"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ListTagsForResourceOutput) GoString() string {
+ return s.String()
+}
+
+// SetTags sets the Tags field's value.
+func (s *ListTagsForResourceOutput) SetTags(v map[string]*string) *ListTagsForResourceOutput {
+ s.Tags = v
+ return s
+}
+
+// If you don't supply a value, by default Connector for SCEP creates a connector
+// for general-purpose use. A general-purpose connector is designed to work
+// with clients or endpoints that support the SCEP protocol, except Connector
+// for SCEP for Microsoft Intune. For information about considerations and limitations
+// with using Connector for SCEP, see Considerations and Limitations (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlc4scep-considerations-limitations.html).
+//
+// If you provide an IntuneConfiguration, Connector for SCEP creates a connector
+// for use with Microsoft Intune, and you manage the challenge passwords using
+// Microsoft Intune. For more information, see Using Connector for SCEP for
+// Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+type MobileDeviceManagement struct {
+ _ struct{} `type:"structure"`
+
+ // Configuration settings for use with Microsoft Intune. For information about
+ // using Connector for SCEP for Microsoft Intune, see Using Connector for SCEP
+ // for Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+ Intune *IntuneConfiguration `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MobileDeviceManagement) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s MobileDeviceManagement) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *MobileDeviceManagement) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "MobileDeviceManagement"}
+ if s.Intune != nil {
+ if err := s.Intune.Validate(); err != nil {
+ invalidParams.AddNested("Intune", err.(request.ErrInvalidParams))
+ }
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetIntune sets the Intune field's value.
+func (s *MobileDeviceManagement) SetIntune(v *IntuneConfiguration) *MobileDeviceManagement {
+ s.Intune = v
+ return s
+}
+
+// Contains OpenID Connect (OIDC) parameters for use with Microsoft Intune.
+// For more information about using Connector for SCEP for Microsoft Intune,
+// see Using Connector for SCEP for Microsoft Intune (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.htmlconnector-for-scep-intune.html).
+type OpenIdConfiguration struct {
+ _ struct{} `type:"structure"`
+
+ // The audience value to copy into your Microsoft Entra app registration's OIDC.
+ Audience *string `type:"string"`
+
+ // The issuer value to copy into your Microsoft Entra app registration's OIDC.
+ Issuer *string `type:"string"`
+
+ // The subject value to copy into your Microsoft Entra app registration's OIDC.
+ Subject *string `type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OpenIdConfiguration) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s OpenIdConfiguration) GoString() string {
+ return s.String()
+}
+
+// SetAudience sets the Audience field's value.
+func (s *OpenIdConfiguration) SetAudience(v string) *OpenIdConfiguration {
+ s.Audience = &v
+ return s
+}
+
+// SetIssuer sets the Issuer field's value.
+func (s *OpenIdConfiguration) SetIssuer(v string) *OpenIdConfiguration {
+ s.Issuer = &v
+ return s
+}
+
+// SetSubject sets the Subject field's value.
+func (s *OpenIdConfiguration) SetSubject(v string) *OpenIdConfiguration {
+ s.Subject = &v
+ return s
+}
+
+// The operation tried to access a nonexistent resource. The resource might
+// be incorrectly specified, or it might have a status other than ACTIVE.
+type ResourceNotFoundException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+
+ // The identifier of the Amazon Web Services resource.
+ //
+ // ResourceId is a required field
+ ResourceId *string `type:"string" required:"true"`
+
+ // The resource type, which can be either Connector or Challenge.
+ //
+ // ResourceType is a required field
+ ResourceType *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ResourceNotFoundException) GoString() string {
+ return s.String()
+}
+
+func newErrorResourceNotFoundException(v protocol.ResponseMetadata) error {
+ return &ResourceNotFoundException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ResourceNotFoundException) Code() string {
+ return "ResourceNotFoundException"
+}
+
+// Message returns the exception's message.
+func (s *ResourceNotFoundException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ResourceNotFoundException) OrigErr() error {
+ return nil
+}
+
+func (s *ResourceNotFoundException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ResourceNotFoundException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ResourceNotFoundException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+// The request would cause a service quota to be exceeded.
+type ServiceQuotaExceededException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+
+ // The quota identifier.
+ //
+ // QuotaCode is a required field
+ QuotaCode *string `type:"string" required:"true"`
+
+ // The resource type, which can be either Connector or Challenge.
+ //
+ // ResourceType is a required field
+ ResourceType *string `type:"string" required:"true"`
+
+ // Identifies the originating service.
+ //
+ // ServiceCode is a required field
+ ServiceCode *string `type:"string" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ServiceQuotaExceededException) GoString() string {
+ return s.String()
+}
+
+func newErrorServiceQuotaExceededException(v protocol.ResponseMetadata) error {
+ return &ServiceQuotaExceededException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ServiceQuotaExceededException) Code() string {
+ return "ServiceQuotaExceededException"
+}
+
+// Message returns the exception's message.
+func (s *ServiceQuotaExceededException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ServiceQuotaExceededException) OrigErr() error {
+ return nil
+}
+
+func (s *ServiceQuotaExceededException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ServiceQuotaExceededException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ServiceQuotaExceededException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type TagResourceInput struct {
+ _ struct{} `type:"structure"`
+
+ // The Amazon Resource Name (ARN) of the resource.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+
+ // The key-value pairs to associate with the resource.
+ //
+ // Tags is a required field
+ Tags map[string]*string `type:"map" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *TagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.Tags == nil {
+ invalidParams.Add(request.NewErrParamRequired("Tags"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *TagResourceInput) SetResourceArn(v string) *TagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTags sets the Tags field's value.
+func (s *TagResourceInput) SetTags(v map[string]*string) *TagResourceInput {
+ s.Tags = v
+ return s
+}
+
+type TagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s TagResourceOutput) GoString() string {
+ return s.String()
+}
+
+// The limit on the number of requests per second was exceeded.
+type ThrottlingException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ThrottlingException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ThrottlingException) GoString() string {
+ return s.String()
+}
+
+func newErrorThrottlingException(v protocol.ResponseMetadata) error {
+ return &ThrottlingException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ThrottlingException) Code() string {
+ return "ThrottlingException"
+}
+
+// Message returns the exception's message.
+func (s *ThrottlingException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ThrottlingException) OrigErr() error {
+ return nil
+}
+
+func (s *ThrottlingException) Error() string {
+ return fmt.Sprintf("%s: %s", s.Code(), s.Message())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ThrottlingException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ThrottlingException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+type UntagResourceInput struct {
+ _ struct{} `type:"structure" nopayload:"true"`
+
+ // The Amazon Resource Name (ARN) of the resource.
+ //
+ // ResourceArn is a required field
+ ResourceArn *string `location:"uri" locationName:"ResourceArn" type:"string" required:"true"`
+
+ // Specifies a list of tag keys that you want to remove from the specified resources.
+ //
+ // TagKeys is a required field
+ TagKeys []*string `location:"querystring" locationName:"tagKeys" type:"list" required:"true"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceInput) GoString() string {
+ return s.String()
+}
+
+// Validate inspects the fields of the type to determine if they are valid.
+func (s *UntagResourceInput) Validate() error {
+ invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"}
+ if s.ResourceArn == nil {
+ invalidParams.Add(request.NewErrParamRequired("ResourceArn"))
+ }
+ if s.ResourceArn != nil && len(*s.ResourceArn) < 1 {
+ invalidParams.Add(request.NewErrParamMinLen("ResourceArn", 1))
+ }
+ if s.TagKeys == nil {
+ invalidParams.Add(request.NewErrParamRequired("TagKeys"))
+ }
+
+ if invalidParams.Len() > 0 {
+ return invalidParams
+ }
+ return nil
+}
+
+// SetResourceArn sets the ResourceArn field's value.
+func (s *UntagResourceInput) SetResourceArn(v string) *UntagResourceInput {
+ s.ResourceArn = &v
+ return s
+}
+
+// SetTagKeys sets the TagKeys field's value.
+func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput {
+ s.TagKeys = v
+ return s
+}
+
+type UntagResourceOutput struct {
+ _ struct{} `type:"structure"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s UntagResourceOutput) GoString() string {
+ return s.String()
+}
+
+// An input validation error occurred. For example, invalid characters in a
+// name tag, or an invalid pagination token.
+type ValidationException struct {
+ _ struct{} `type:"structure"`
+ RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"`
+
+ Message_ *string `locationName:"Message" type:"string"`
+
+ // The reason for the validation error, if available. The service doesn't return
+ // a reason for every validation exception.
+ Reason *string `type:"string" enum:"ValidationExceptionReason"`
+}
+
+// String returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) String() string {
+ return awsutil.Prettify(s)
+}
+
+// GoString returns the string representation.
+//
+// API parameter values that are decorated as "sensitive" in the API will not
+// be included in the string output. The member name will be present, but the
+// value will be replaced with "sensitive".
+func (s ValidationException) GoString() string {
+ return s.String()
+}
+
+func newErrorValidationException(v protocol.ResponseMetadata) error {
+ return &ValidationException{
+ RespMetadata: v,
+ }
+}
+
+// Code returns the exception type name.
+func (s *ValidationException) Code() string {
+ return "ValidationException"
+}
+
+// Message returns the exception's message.
+func (s *ValidationException) Message() string {
+ if s.Message_ != nil {
+ return *s.Message_
+ }
+ return ""
+}
+
+// OrigErr always returns nil, satisfies awserr.Error interface.
+func (s *ValidationException) OrigErr() error {
+ return nil
+}
+
+func (s *ValidationException) Error() string {
+ return fmt.Sprintf("%s: %s\n%s", s.Code(), s.Message(), s.String())
+}
+
+// Status code returns the HTTP status code for the request's response error.
+func (s *ValidationException) StatusCode() int {
+ return s.RespMetadata.StatusCode
+}
+
+// RequestID returns the service's response RequestID for request.
+func (s *ValidationException) RequestID() string {
+ return s.RespMetadata.RequestID
+}
+
+const (
+ // ConnectorStatusCreating is a ConnectorStatus enum value
+ ConnectorStatusCreating = "CREATING"
+
+ // ConnectorStatusActive is a ConnectorStatus enum value
+ ConnectorStatusActive = "ACTIVE"
+
+ // ConnectorStatusDeleting is a ConnectorStatus enum value
+ ConnectorStatusDeleting = "DELETING"
+
+ // ConnectorStatusFailed is a ConnectorStatus enum value
+ ConnectorStatusFailed = "FAILED"
+)
+
+// ConnectorStatus_Values returns all elements of the ConnectorStatus enum
+func ConnectorStatus_Values() []string {
+ return []string{
+ ConnectorStatusCreating,
+ ConnectorStatusActive,
+ ConnectorStatusDeleting,
+ ConnectorStatusFailed,
+ }
+}
+
+const (
+ // ConnectorStatusReasonInternalFailure is a ConnectorStatusReason enum value
+ ConnectorStatusReasonInternalFailure = "INTERNAL_FAILURE"
+
+ // ConnectorStatusReasonPrivatecaAccessDenied is a ConnectorStatusReason enum value
+ ConnectorStatusReasonPrivatecaAccessDenied = "PRIVATECA_ACCESS_DENIED"
+
+ // ConnectorStatusReasonPrivatecaInvalidState is a ConnectorStatusReason enum value
+ ConnectorStatusReasonPrivatecaInvalidState = "PRIVATECA_INVALID_STATE"
+
+ // ConnectorStatusReasonPrivatecaResourceNotFound is a ConnectorStatusReason enum value
+ ConnectorStatusReasonPrivatecaResourceNotFound = "PRIVATECA_RESOURCE_NOT_FOUND"
+)
+
+// ConnectorStatusReason_Values returns all elements of the ConnectorStatusReason enum
+func ConnectorStatusReason_Values() []string {
+ return []string{
+ ConnectorStatusReasonInternalFailure,
+ ConnectorStatusReasonPrivatecaAccessDenied,
+ ConnectorStatusReasonPrivatecaInvalidState,
+ ConnectorStatusReasonPrivatecaResourceNotFound,
+ }
+}
+
+const (
+ // ConnectorTypeGeneralPurpose is a ConnectorType enum value
+ ConnectorTypeGeneralPurpose = "GENERAL_PURPOSE"
+
+ // ConnectorTypeIntune is a ConnectorType enum value
+ ConnectorTypeIntune = "INTUNE"
+)
+
+// ConnectorType_Values returns all elements of the ConnectorType enum
+func ConnectorType_Values() []string {
+ return []string{
+ ConnectorTypeGeneralPurpose,
+ ConnectorTypeIntune,
+ }
+}
+
+const (
+ // ValidationExceptionReasonCaCertValidityTooShort is a ValidationExceptionReason enum value
+ ValidationExceptionReasonCaCertValidityTooShort = "CA_CERT_VALIDITY_TOO_SHORT"
+
+ // ValidationExceptionReasonInvalidCaUsageMode is a ValidationExceptionReason enum value
+ ValidationExceptionReasonInvalidCaUsageMode = "INVALID_CA_USAGE_MODE"
+
+ // ValidationExceptionReasonInvalidConnectorType is a ValidationExceptionReason enum value
+ ValidationExceptionReasonInvalidConnectorType = "INVALID_CONNECTOR_TYPE"
+
+ // ValidationExceptionReasonInvalidState is a ValidationExceptionReason enum value
+ ValidationExceptionReasonInvalidState = "INVALID_STATE"
+
+ // ValidationExceptionReasonNoClientToken is a ValidationExceptionReason enum value
+ ValidationExceptionReasonNoClientToken = "NO_CLIENT_TOKEN"
+
+ // ValidationExceptionReasonUnknownOperation is a ValidationExceptionReason enum value
+ ValidationExceptionReasonUnknownOperation = "UNKNOWN_OPERATION"
+
+ // ValidationExceptionReasonOther is a ValidationExceptionReason enum value
+ ValidationExceptionReasonOther = "OTHER"
+)
+
+// ValidationExceptionReason_Values returns all elements of the ValidationExceptionReason enum
+func ValidationExceptionReason_Values() []string {
+ return []string{
+ ValidationExceptionReasonCaCertValidityTooShort,
+ ValidationExceptionReasonInvalidCaUsageMode,
+ ValidationExceptionReasonInvalidConnectorType,
+ ValidationExceptionReasonInvalidState,
+ ValidationExceptionReasonNoClientToken,
+ ValidationExceptionReasonUnknownOperation,
+ ValidationExceptionReasonOther,
+ }
+}
diff --git a/service/pcaconnectorscep/doc.go b/service/pcaconnectorscep/doc.go
new file mode 100644
index 00000000000..c5538ede331
--- /dev/null
+++ b/service/pcaconnectorscep/doc.go
@@ -0,0 +1,34 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package pcaconnectorscep provides the client and types for making API
+// requests to Private CA Connector for SCEP.
+//
+// Connector for SCEP (Preview) is in preview release for Amazon Web Services
+// Private Certificate Authority and is subject to change.
+//
+// Connector for SCEP (Preview) creates a connector between Amazon Web Services
+// Private CA and your SCEP-enabled clients and devices. For more information,
+// see Connector for SCEP (https://docs.aws.amazon.com/privateca/latest/userguide/scep-connector.html)
+// in the Amazon Web Services Private CA User Guide.
+//
+// See https://docs.aws.amazon.com/goto/WebAPI/pca-connector-scep-2018-05-10 for more information on this service.
+//
+// See pcaconnectorscep package documentation for more information.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/pcaconnectorscep/
+//
+// # Using the Client
+//
+// To contact Private CA Connector for SCEP with the SDK use the New function to create
+// a new service client. With that client you can make API requests to the service.
+// These clients are safe to use concurrently.
+//
+// See the SDK's documentation for more information on how to use the SDK.
+// https://docs.aws.amazon.com/sdk-for-go/api/
+//
+// See aws.Config documentation for more information on configuring SDK clients.
+// https://docs.aws.amazon.com/sdk-for-go/api/aws/#Config
+//
+// See the Private CA Connector for SCEP client PcaConnectorScep for more
+// information on creating client for this service.
+// https://docs.aws.amazon.com/sdk-for-go/api/service/pcaconnectorscep/#New
+package pcaconnectorscep
diff --git a/service/pcaconnectorscep/errors.go b/service/pcaconnectorscep/errors.go
new file mode 100644
index 00000000000..b5c0ddab5ea
--- /dev/null
+++ b/service/pcaconnectorscep/errors.go
@@ -0,0 +1,79 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package pcaconnectorscep
+
+import (
+ "github.com/aws/aws-sdk-go/private/protocol"
+)
+
+const (
+
+ // ErrCodeAccessDeniedException for service response error code
+ // "AccessDeniedException".
+ //
+ // You can receive this error if you attempt to perform an operation and you
+ // don't have the required permissions. This can be caused by insufficient permissions
+ // in policies attached to your Amazon Web Services Identity and Access Management
+ // (IAM) principal. It can also happen because of restrictions in place from
+ // an Amazon Web Services Organizations service control policy (SCP) that affects
+ // your Amazon Web Services account.
+ ErrCodeAccessDeniedException = "AccessDeniedException"
+
+ // ErrCodeBadRequestException for service response error code
+ // "BadRequestException".
+ //
+ // The request is malformed or contains an error such as an invalid parameter
+ // value or a missing required parameter.
+ ErrCodeBadRequestException = "BadRequestException"
+
+ // ErrCodeConflictException for service response error code
+ // "ConflictException".
+ //
+ // This request can't be completed for one of the following reasons because
+ // the requested resource was being concurrently modified by another request.
+ ErrCodeConflictException = "ConflictException"
+
+ // ErrCodeInternalServerException for service response error code
+ // "InternalServerException".
+ //
+ // The request processing has failed because of an unknown error, exception
+ // or failure with an internal server.
+ ErrCodeInternalServerException = "InternalServerException"
+
+ // ErrCodeResourceNotFoundException for service response error code
+ // "ResourceNotFoundException".
+ //
+ // The operation tried to access a nonexistent resource. The resource might
+ // be incorrectly specified, or it might have a status other than ACTIVE.
+ ErrCodeResourceNotFoundException = "ResourceNotFoundException"
+
+ // ErrCodeServiceQuotaExceededException for service response error code
+ // "ServiceQuotaExceededException".
+ //
+ // The request would cause a service quota to be exceeded.
+ ErrCodeServiceQuotaExceededException = "ServiceQuotaExceededException"
+
+ // ErrCodeThrottlingException for service response error code
+ // "ThrottlingException".
+ //
+ // The limit on the number of requests per second was exceeded.
+ ErrCodeThrottlingException = "ThrottlingException"
+
+ // ErrCodeValidationException for service response error code
+ // "ValidationException".
+ //
+ // An input validation error occurred. For example, invalid characters in a
+ // name tag, or an invalid pagination token.
+ ErrCodeValidationException = "ValidationException"
+)
+
+var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{
+ "AccessDeniedException": newErrorAccessDeniedException,
+ "BadRequestException": newErrorBadRequestException,
+ "ConflictException": newErrorConflictException,
+ "InternalServerException": newErrorInternalServerException,
+ "ResourceNotFoundException": newErrorResourceNotFoundException,
+ "ServiceQuotaExceededException": newErrorServiceQuotaExceededException,
+ "ThrottlingException": newErrorThrottlingException,
+ "ValidationException": newErrorValidationException,
+}
diff --git a/service/pcaconnectorscep/pcaconnectorscepiface/interface.go b/service/pcaconnectorscep/pcaconnectorscepiface/interface.go
new file mode 100644
index 00000000000..2ca6d6316af
--- /dev/null
+++ b/service/pcaconnectorscep/pcaconnectorscepiface/interface.go
@@ -0,0 +1,118 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+// Package pcaconnectorscepiface provides an interface to enable mocking the Private CA Connector for SCEP service client
+// for testing your code.
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters.
+package pcaconnectorscepiface
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/service/pcaconnectorscep"
+)
+
+// PcaConnectorScepAPI provides an interface to enable mocking the
+// pcaconnectorscep.PcaConnectorScep service client's API operation,
+// paginators, and waiters. This make unit testing your code that calls out
+// to the SDK's service client's calls easier.
+//
+// The best way to use this interface is so the SDK's service client's calls
+// can be stubbed out for unit testing your code with the SDK without needing
+// to inject custom request handlers into the SDK's request pipeline.
+//
+// // myFunc uses an SDK service client to make a request to
+// // Private CA Connector for SCEP.
+// func myFunc(svc pcaconnectorscepiface.PcaConnectorScepAPI) bool {
+// // Make svc.CreateChallenge request
+// }
+//
+// func main() {
+// sess := session.New()
+// svc := pcaconnectorscep.New(sess)
+//
+// myFunc(svc)
+// }
+//
+// In your _test.go file:
+//
+// // Define a mock struct to be used in your unit tests of myFunc.
+// type mockPcaConnectorScepClient struct {
+// pcaconnectorscepiface.PcaConnectorScepAPI
+// }
+// func (m *mockPcaConnectorScepClient) CreateChallenge(input *pcaconnectorscep.CreateChallengeInput) (*pcaconnectorscep.CreateChallengeOutput, error) {
+// // mock response/functionality
+// }
+//
+// func TestMyFunc(t *testing.T) {
+// // Setup Test
+// mockSvc := &mockPcaConnectorScepClient{}
+//
+// myfunc(mockSvc)
+//
+// // Verify myFunc's functionality
+// }
+//
+// It is important to note that this interface will have breaking changes
+// when the service model is updated and adds new API operations, paginators,
+// and waiters. Its suggested to use the pattern above for testing, or using
+// tooling to generate mocks to satisfy the interfaces.
+type PcaConnectorScepAPI interface {
+ CreateChallenge(*pcaconnectorscep.CreateChallengeInput) (*pcaconnectorscep.CreateChallengeOutput, error)
+ CreateChallengeWithContext(aws.Context, *pcaconnectorscep.CreateChallengeInput, ...request.Option) (*pcaconnectorscep.CreateChallengeOutput, error)
+ CreateChallengeRequest(*pcaconnectorscep.CreateChallengeInput) (*request.Request, *pcaconnectorscep.CreateChallengeOutput)
+
+ CreateConnector(*pcaconnectorscep.CreateConnectorInput) (*pcaconnectorscep.CreateConnectorOutput, error)
+ CreateConnectorWithContext(aws.Context, *pcaconnectorscep.CreateConnectorInput, ...request.Option) (*pcaconnectorscep.CreateConnectorOutput, error)
+ CreateConnectorRequest(*pcaconnectorscep.CreateConnectorInput) (*request.Request, *pcaconnectorscep.CreateConnectorOutput)
+
+ DeleteChallenge(*pcaconnectorscep.DeleteChallengeInput) (*pcaconnectorscep.DeleteChallengeOutput, error)
+ DeleteChallengeWithContext(aws.Context, *pcaconnectorscep.DeleteChallengeInput, ...request.Option) (*pcaconnectorscep.DeleteChallengeOutput, error)
+ DeleteChallengeRequest(*pcaconnectorscep.DeleteChallengeInput) (*request.Request, *pcaconnectorscep.DeleteChallengeOutput)
+
+ DeleteConnector(*pcaconnectorscep.DeleteConnectorInput) (*pcaconnectorscep.DeleteConnectorOutput, error)
+ DeleteConnectorWithContext(aws.Context, *pcaconnectorscep.DeleteConnectorInput, ...request.Option) (*pcaconnectorscep.DeleteConnectorOutput, error)
+ DeleteConnectorRequest(*pcaconnectorscep.DeleteConnectorInput) (*request.Request, *pcaconnectorscep.DeleteConnectorOutput)
+
+ GetChallengeMetadata(*pcaconnectorscep.GetChallengeMetadataInput) (*pcaconnectorscep.GetChallengeMetadataOutput, error)
+ GetChallengeMetadataWithContext(aws.Context, *pcaconnectorscep.GetChallengeMetadataInput, ...request.Option) (*pcaconnectorscep.GetChallengeMetadataOutput, error)
+ GetChallengeMetadataRequest(*pcaconnectorscep.GetChallengeMetadataInput) (*request.Request, *pcaconnectorscep.GetChallengeMetadataOutput)
+
+ GetChallengePassword(*pcaconnectorscep.GetChallengePasswordInput) (*pcaconnectorscep.GetChallengePasswordOutput, error)
+ GetChallengePasswordWithContext(aws.Context, *pcaconnectorscep.GetChallengePasswordInput, ...request.Option) (*pcaconnectorscep.GetChallengePasswordOutput, error)
+ GetChallengePasswordRequest(*pcaconnectorscep.GetChallengePasswordInput) (*request.Request, *pcaconnectorscep.GetChallengePasswordOutput)
+
+ GetConnector(*pcaconnectorscep.GetConnectorInput) (*pcaconnectorscep.GetConnectorOutput, error)
+ GetConnectorWithContext(aws.Context, *pcaconnectorscep.GetConnectorInput, ...request.Option) (*pcaconnectorscep.GetConnectorOutput, error)
+ GetConnectorRequest(*pcaconnectorscep.GetConnectorInput) (*request.Request, *pcaconnectorscep.GetConnectorOutput)
+
+ ListChallengeMetadata(*pcaconnectorscep.ListChallengeMetadataInput) (*pcaconnectorscep.ListChallengeMetadataOutput, error)
+ ListChallengeMetadataWithContext(aws.Context, *pcaconnectorscep.ListChallengeMetadataInput, ...request.Option) (*pcaconnectorscep.ListChallengeMetadataOutput, error)
+ ListChallengeMetadataRequest(*pcaconnectorscep.ListChallengeMetadataInput) (*request.Request, *pcaconnectorscep.ListChallengeMetadataOutput)
+
+ ListChallengeMetadataPages(*pcaconnectorscep.ListChallengeMetadataInput, func(*pcaconnectorscep.ListChallengeMetadataOutput, bool) bool) error
+ ListChallengeMetadataPagesWithContext(aws.Context, *pcaconnectorscep.ListChallengeMetadataInput, func(*pcaconnectorscep.ListChallengeMetadataOutput, bool) bool, ...request.Option) error
+
+ ListConnectors(*pcaconnectorscep.ListConnectorsInput) (*pcaconnectorscep.ListConnectorsOutput, error)
+ ListConnectorsWithContext(aws.Context, *pcaconnectorscep.ListConnectorsInput, ...request.Option) (*pcaconnectorscep.ListConnectorsOutput, error)
+ ListConnectorsRequest(*pcaconnectorscep.ListConnectorsInput) (*request.Request, *pcaconnectorscep.ListConnectorsOutput)
+
+ ListConnectorsPages(*pcaconnectorscep.ListConnectorsInput, func(*pcaconnectorscep.ListConnectorsOutput, bool) bool) error
+ ListConnectorsPagesWithContext(aws.Context, *pcaconnectorscep.ListConnectorsInput, func(*pcaconnectorscep.ListConnectorsOutput, bool) bool, ...request.Option) error
+
+ ListTagsForResource(*pcaconnectorscep.ListTagsForResourceInput) (*pcaconnectorscep.ListTagsForResourceOutput, error)
+ ListTagsForResourceWithContext(aws.Context, *pcaconnectorscep.ListTagsForResourceInput, ...request.Option) (*pcaconnectorscep.ListTagsForResourceOutput, error)
+ ListTagsForResourceRequest(*pcaconnectorscep.ListTagsForResourceInput) (*request.Request, *pcaconnectorscep.ListTagsForResourceOutput)
+
+ TagResource(*pcaconnectorscep.TagResourceInput) (*pcaconnectorscep.TagResourceOutput, error)
+ TagResourceWithContext(aws.Context, *pcaconnectorscep.TagResourceInput, ...request.Option) (*pcaconnectorscep.TagResourceOutput, error)
+ TagResourceRequest(*pcaconnectorscep.TagResourceInput) (*request.Request, *pcaconnectorscep.TagResourceOutput)
+
+ UntagResource(*pcaconnectorscep.UntagResourceInput) (*pcaconnectorscep.UntagResourceOutput, error)
+ UntagResourceWithContext(aws.Context, *pcaconnectorscep.UntagResourceInput, ...request.Option) (*pcaconnectorscep.UntagResourceOutput, error)
+ UntagResourceRequest(*pcaconnectorscep.UntagResourceInput) (*request.Request, *pcaconnectorscep.UntagResourceOutput)
+}
+
+var _ PcaConnectorScepAPI = (*pcaconnectorscep.PcaConnectorScep)(nil)
diff --git a/service/pcaconnectorscep/service.go b/service/pcaconnectorscep/service.go
new file mode 100644
index 00000000000..b603c6066f2
--- /dev/null
+++ b/service/pcaconnectorscep/service.go
@@ -0,0 +1,106 @@
+// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
+
+package pcaconnectorscep
+
+import (
+ "github.com/aws/aws-sdk-go/aws"
+ "github.com/aws/aws-sdk-go/aws/client"
+ "github.com/aws/aws-sdk-go/aws/client/metadata"
+ "github.com/aws/aws-sdk-go/aws/request"
+ "github.com/aws/aws-sdk-go/aws/signer/v4"
+ "github.com/aws/aws-sdk-go/private/protocol"
+ "github.com/aws/aws-sdk-go/private/protocol/restjson"
+)
+
+// PcaConnectorScep provides the API operation methods for making requests to
+// Private CA Connector for SCEP. See this package's package overview docs
+// for details on the service.
+//
+// PcaConnectorScep methods are safe to use concurrently. It is not safe to
+// modify mutate any of the struct's properties though.
+type PcaConnectorScep struct {
+ *client.Client
+}
+
+// Used for custom client initialization logic
+var initClient func(*client.Client)
+
+// Used for custom request initialization logic
+var initRequest func(*request.Request)
+
+// Service information constants
+const (
+ ServiceName = "Pca Connector Scep" // Name of service.
+ EndpointsID = "pca-connector-scep" // ID to lookup a service endpoint with.
+ ServiceID = "Pca Connector Scep" // ServiceID is a unique identifier of a specific service.
+)
+
+// New creates a new instance of the PcaConnectorScep client with a session.
+// If additional configuration is needed for the client instance use the optional
+// aws.Config parameter to add your extra config.
+//
+// Example:
+//
+// mySession := session.Must(session.NewSession())
+//
+// // Create a PcaConnectorScep client from just a session.
+// svc := pcaconnectorscep.New(mySession)
+//
+// // Create a PcaConnectorScep client with additional configuration
+// svc := pcaconnectorscep.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
+func New(p client.ConfigProvider, cfgs ...*aws.Config) *PcaConnectorScep {
+ c := p.ClientConfig(EndpointsID, cfgs...)
+ if c.SigningNameDerived || len(c.SigningName) == 0 {
+ c.SigningName = "pca-connector-scep"
+ }
+ return newClient(*c.Config, c.Handlers, c.PartitionID, c.Endpoint, c.SigningRegion, c.SigningName, c.ResolvedRegion)
+}
+
+// newClient creates, initializes and returns a new service client instance.
+func newClient(cfg aws.Config, handlers request.Handlers, partitionID, endpoint, signingRegion, signingName, resolvedRegion string) *PcaConnectorScep {
+ svc := &PcaConnectorScep{
+ Client: client.New(
+ cfg,
+ metadata.ClientInfo{
+ ServiceName: ServiceName,
+ ServiceID: ServiceID,
+ SigningName: signingName,
+ SigningRegion: signingRegion,
+ PartitionID: partitionID,
+ Endpoint: endpoint,
+ APIVersion: "2018-05-10",
+ ResolvedRegion: resolvedRegion,
+ },
+ handlers,
+ ),
+ }
+
+ // Handlers
+ svc.Handlers.Sign.PushBackNamed(v4.SignRequestHandler)
+ svc.Handlers.Build.PushBackNamed(restjson.BuildHandler)
+ svc.Handlers.Unmarshal.PushBackNamed(restjson.UnmarshalHandler)
+ svc.Handlers.UnmarshalMeta.PushBackNamed(restjson.UnmarshalMetaHandler)
+ svc.Handlers.UnmarshalError.PushBackNamed(
+ protocol.NewUnmarshalErrorHandler(restjson.NewUnmarshalTypedError(exceptionFromCode)).NamedHandler(),
+ )
+
+ // Run custom client initialization if present
+ if initClient != nil {
+ initClient(svc.Client)
+ }
+
+ return svc
+}
+
+// newRequest creates a new request for a PcaConnectorScep operation and runs any
+// custom request initialization.
+func (c *PcaConnectorScep) newRequest(op *request.Operation, params, data interface{}) *request.Request {
+ req := c.NewRequest(op, params, data)
+
+ // Run custom request initialization if present
+ if initRequest != nil {
+ initRequest(req)
+ }
+
+ return req
+}
diff --git a/service/sagemaker/api.go b/service/sagemaker/api.go
index 49955d859ee..995fe135374 100644
--- a/service/sagemaker/api.go
+++ b/service/sagemaker/api.go
@@ -89843,6 +89843,13 @@ type ListModelPackageGroupsInput struct {
// A filter that returns only model groups created before the specified time.
CreationTimeBefore *time.Time `type:"timestamp"`
+ // A filter that returns either model groups shared with you or model groups
+ // in your own account. When the value is CrossAccount, the results show the
+ // resources made discoverable to you from other accounts. When the value is
+ // SameAccount or null, the results show resources from your account. The default
+ // is SameAccount.
+ CrossAccountFilterOption *string `type:"string" enum:"CrossAccountFilterOption"`
+
// The maximum number of results to return in the response.
MaxResults *int64 `min:"1" type:"integer"`
@@ -89905,6 +89912,12 @@ func (s *ListModelPackageGroupsInput) SetCreationTimeBefore(v time.Time) *ListMo
return s
}
+// SetCrossAccountFilterOption sets the CrossAccountFilterOption field's value.
+func (s *ListModelPackageGroupsInput) SetCrossAccountFilterOption(v string) *ListModelPackageGroupsInput {
+ s.CrossAccountFilterOption = &v
+ return s
+}
+
// SetMaxResults sets the MaxResults field's value.
func (s *ListModelPackageGroupsInput) SetMaxResults(v int64) *ListModelPackageGroupsInput {
s.MaxResults = &v
@@ -101652,6 +101665,10 @@ func (s *OfflineStoreStatus) SetStatus(v string) *OfflineStoreStatus {
type OidcConfig struct {
_ struct{} `type:"structure"`
+ // A string to string map of identifiers specific to the custom identity provider
+ // (IdP) being used.
+ AuthenticationRequestExtraParams map[string]*string `type:"map"`
+
// The OIDC IdP authorization endpoint used to configure your private workforce.
//
// AuthorizationEndpoint is a required field
@@ -101686,6 +101703,10 @@ type OidcConfig struct {
// LogoutEndpoint is a required field
LogoutEndpoint *string `type:"string" required:"true"`
+ // An array of string identifiers used to refer to the specific pieces of user
+ // data or claims that the client application wants to access.
+ Scope *string `type:"string"`
+
// The OIDC IdP token endpoint used to configure your private workforce.
//
// TokenEndpoint is a required field
@@ -101755,6 +101776,12 @@ func (s *OidcConfig) Validate() error {
return nil
}
+// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value.
+func (s *OidcConfig) SetAuthenticationRequestExtraParams(v map[string]*string) *OidcConfig {
+ s.AuthenticationRequestExtraParams = v
+ return s
+}
+
// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value.
func (s *OidcConfig) SetAuthorizationEndpoint(v string) *OidcConfig {
s.AuthorizationEndpoint = &v
@@ -101791,6 +101818,12 @@ func (s *OidcConfig) SetLogoutEndpoint(v string) *OidcConfig {
return s
}
+// SetScope sets the Scope field's value.
+func (s *OidcConfig) SetScope(v string) *OidcConfig {
+ s.Scope = &v
+ return s
+}
+
// SetTokenEndpoint sets the TokenEndpoint field's value.
func (s *OidcConfig) SetTokenEndpoint(v string) *OidcConfig {
s.TokenEndpoint = &v
@@ -101807,6 +101840,10 @@ func (s *OidcConfig) SetUserInfoEndpoint(v string) *OidcConfig {
type OidcConfigForResponse struct {
_ struct{} `type:"structure"`
+ // A string to string map of identifiers specific to the custom identity provider
+ // (IdP) being used.
+ AuthenticationRequestExtraParams map[string]*string `type:"map"`
+
// The OIDC IdP authorization endpoint used to configure your private workforce.
AuthorizationEndpoint *string `type:"string"`
@@ -101822,6 +101859,10 @@ type OidcConfigForResponse struct {
// The OIDC IdP logout endpoint used to configure your private workforce.
LogoutEndpoint *string `type:"string"`
+ // An array of string identifiers used to refer to the specific pieces of user
+ // data or claims that the client application wants to access.
+ Scope *string `type:"string"`
+
// The OIDC IdP token endpoint used to configure your private workforce.
TokenEndpoint *string `type:"string"`
@@ -101847,6 +101888,12 @@ func (s OidcConfigForResponse) GoString() string {
return s.String()
}
+// SetAuthenticationRequestExtraParams sets the AuthenticationRequestExtraParams field's value.
+func (s *OidcConfigForResponse) SetAuthenticationRequestExtraParams(v map[string]*string) *OidcConfigForResponse {
+ s.AuthenticationRequestExtraParams = v
+ return s
+}
+
// SetAuthorizationEndpoint sets the AuthorizationEndpoint field's value.
func (s *OidcConfigForResponse) SetAuthorizationEndpoint(v string) *OidcConfigForResponse {
s.AuthorizationEndpoint = &v
@@ -101877,6 +101924,12 @@ func (s *OidcConfigForResponse) SetLogoutEndpoint(v string) *OidcConfigForRespon
return s
}
+// SetScope sets the Scope field's value.
+func (s *OidcConfigForResponse) SetScope(v string) *OidcConfigForResponse {
+ s.Scope = &v
+ return s
+}
+
// SetTokenEndpoint sets the TokenEndpoint field's value.
func (s *OidcConfigForResponse) SetTokenEndpoint(v string) *OidcConfigForResponse {
s.TokenEndpoint = &v