AWS DataSync is a managed data transfer service that makes it simpler for you to automate moving data between on-premises storage and Amazon Simple Storage Service (Amazon S3) or Amazon Elastic File System (Amazon EFS).
This API interface reference for AWS DataSync contains documentation for a programming interface that you can use to manage AWS DataSync.
", + "service": "DataSync is a managed data transfer service that makes it simpler for you to automate moving data between on-premises storage and Amazon Simple Storage Service (Amazon S3) or Amazon Elastic File System (Amazon EFS).
This API interface reference for DataSync contains documentation for a programming interface that you can use to manage DataSync.
", "operations": { - "CancelTaskExecution": "Cancels execution of a task.
When you cancel a task execution, the transfer of some files is abruptly interrupted. The contents of files that are transferred to the destination might be incomplete or inconsistent with the source files. However, if you start a new task execution on the same task and you allow the task execution to complete, file content on the destination is complete and consistent. This applies to other unexpected failures that interrupt a task execution. In all of these cases, AWS DataSync successfully complete the transfer when you start the next task execution.
", - "CreateAgent": "Activates an AWS DataSync agent that you have deployed on your host. The activation process associates your agent with your account. In the activation process, you specify information such as the AWS Region that you want to activate the agent in. You activate the agent in the AWS Region where your target locations (in Amazon S3 or Amazon EFS) reside. Your tasks are created in this AWS Region.
You can activate the agent in a VPC (virtual private cloud) or provide the agent access to a VPC endpoint so you can run tasks without going over the public internet.
You can use an agent for more than one location. If a task uses multiple agents, all of them need to have status AVAILABLE for the task to run. If you use multiple agents for a source location, the status of all the agents must be AVAILABLE for the task to run.
Agents are automatically updated by AWS on a regular basis, using a mechanism that ensures minimal interruption to your tasks.
", + "CancelTaskExecution": "Cancels execution of a task.
When you cancel a task execution, the transfer of some files is abruptly interrupted. The contents of files that are transferred to the destination might be incomplete or inconsistent with the source files. However, if you start a new task execution on the same task and you allow the task execution to complete, file content on the destination is complete and consistent. This applies to other unexpected failures that interrupt a task execution. In all of these cases, DataSync successfully complete the transfer when you start the next task execution.
", + "CreateAgent": "Activates an DataSync agent that you have deployed on your host. The activation process associates your agent with your account. In the activation process, you specify information such as the Amazon Web Services Region that you want to activate the agent in. You activate the agent in the Amazon Web Services Region where your target locations (in Amazon S3 or Amazon EFS) reside. Your tasks are created in this Amazon Web Services Region.
You can activate the agent in a VPC (virtual private cloud) or provide the agent access to a VPC endpoint so you can run tasks without going over the public internet.
You can use an agent for more than one location. If a task uses multiple agents, all of them need to have status AVAILABLE for the task to run. If you use multiple agents for a source location, the status of all the agents must be AVAILABLE for the task to run.
Agents are automatically updated by Amazon Web Services on a regular basis, using a mechanism that ensures minimal interruption to your tasks.
", "CreateLocationEfs": "Creates an endpoint for an Amazon EFS file system.
", "CreateLocationFsxWindows": "Creates an endpoint for an Amazon FSx for Windows File Server file system.
", "CreateLocationNfs": "Defines a file system on a Network File System (NFS) server that can be read from or written to.
", "CreateLocationObjectStorage": "Creates an endpoint for a self-managed object storage bucket. For more information about self-managed object storage locations, see Creating a location for object storage.
", - "CreateLocationS3": "Creates an endpoint for an Amazon S3 bucket.
For more information, see https://docs.aws.amazon.com/datasync/latest/userguide/create-locations-cli.html#create-location-s3-cli in the AWS DataSync User Guide.
", + "CreateLocationS3": "Creates an endpoint for an Amazon S3 bucket.
For more information, see Create an Amazon S3 location in the DataSync User Guide.
", "CreateLocationSmb": "Defines a file system on a Server Message Block (SMB) server that can be read from or written to.
", - "CreateTask": "Creates a task.
A task includes a source location and a destination location, and a configuration that specifies how data is transferred. A task always transfers data from the source location to the destination location. The configuration specifies options such as task scheduling, bandwidth limits, etc. A task is the complete definition of a data transfer.
When you create a task that transfers data between AWS services in different AWS Regions, one of the two locations that you specify must reside in the Region where DataSync is being used. The other location must be specified in a different Region.
You can transfer data between commercial AWS Regions except for China, or between AWS GovCloud (US-East and US-West) Regions.
When you use DataSync to copy files or objects between AWS Regions, you pay for data transfer between Regions. This is billed as data transfer OUT from your source Region to your destination Region. For more information, see Data Transfer pricing.
Deletes an agent. To specify which agent to delete, use the Amazon Resource Name (ARN) of the agent in your request. The operation disassociates the agent from your AWS account. However, it doesn't delete the agent virtual machine (VM) from your on-premises environment.
", - "DeleteLocation": "Deletes the configuration of a location used by AWS DataSync.
", + "CreateTask": "Creates a task.
A task includes a source location and a destination location, and a configuration that specifies how data is transferred. A task always transfers data from the source location to the destination location. The configuration specifies options such as task scheduling, bandwidth limits, etc. A task is the complete definition of a data transfer.
When you create a task that transfers data between Amazon Web Services services in different Amazon Web Services Regions, one of the two locations that you specify must reside in the Region where DataSync is being used. The other location must be specified in a different Region.
You can transfer data between commercial Amazon Web Services Regions except for China, or between Amazon Web Services GovCloud (US) Regions.
When you use DataSync to copy files or objects between Amazon Web Services Regions, you pay for data transfer between Regions. This is billed as data transfer OUT from your source Region to your destination Region. For more information, see Data Transfer pricing.
Deletes an agent. To specify which agent to delete, use the Amazon Resource Name (ARN) of the agent in your request. The operation disassociates the agent from your Amazon Web Services account. However, it doesn't delete the agent virtual machine (VM) from your on-premises environment.
", + "DeleteLocation": "Deletes the configuration of a location used by DataSync.
", "DeleteTask": "Deletes a task.
", "DescribeAgent": "Returns metadata such as the name, the network interfaces, and the status (that is, whether the agent is running or not) for an agent. To specify which agent to describe, use the Amazon Resource Name (ARN) of the agent in your request.
", "DescribeLocationEfs": "Returns metadata, such as the path information about an Amazon EFS location.
", @@ -23,14 +23,14 @@ "DescribeLocationSmb": "Returns metadata, such as the path and user information about an SMB location.
", "DescribeTask": "Returns metadata about a task.
", "DescribeTaskExecution": "Returns detailed metadata about a task that is being executed.
", - "ListAgents": "Returns a list of agents owned by an AWS account in the AWS Region specified in the request. The returned list is ordered by agent Amazon Resource Name (ARN).
By default, this operation returns a maximum of 100 agents. This operation supports pagination that enables you to optionally reduce the number of agents returned in a response.
If you have more agents than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a marker that you can specify in your next request to fetch the next page of agents.
", + "ListAgents": "Returns a list of agents owned by an Amazon Web Services account in the Amazon Web Services Region specified in the request. The returned list is ordered by agent Amazon Resource Name (ARN).
By default, this operation returns a maximum of 100 agents. This operation supports pagination that enables you to optionally reduce the number of agents returned in a response.
If you have more agents than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a marker that you can specify in your next request to fetch the next page of agents.
", "ListLocations": "Returns a list of source and destination locations.
If you have more locations than are returned in a response (that is, the response returns only a truncated list of your agents), the response contains a token that you can specify in your next request to fetch the next page of locations.
", "ListTagsForResource": "Returns all the tags associated with a specified resource.
", "ListTaskExecutions": "Returns a list of executed tasks.
", "ListTasks": "Returns a list of all the tasks.
", - "StartTaskExecution": "Starts a specific invocation of a task. A TaskExecution value represents an individual run of a task. Each task can have at most one TaskExecution at a time.
TaskExecution has the following transition phases: INITIALIZING | PREPARING | TRANSFERRING | VERIFYING | SUCCESS/FAILURE.
For detailed information, see the Task Execution section in the Components and Terminology topic in the AWS DataSync User Guide.
", - "TagResource": "Applies a key-value pair to an AWS resource.
", - "UntagResource": "Removes a tag from an AWS resource.
", + "StartTaskExecution": "Starts a specific invocation of a task. A TaskExecution value represents an individual run of a task. Each task can have at most one TaskExecution at a time.
TaskExecution has the following transition phases: INITIALIZING | PREPARING | TRANSFERRING | VERIFYING | SUCCESS/FAILURE.
For detailed information, see the Task Execution section in the Components and Terminology topic in the DataSync User Guide.
", + "TagResource": "Applies a key-value pair to an Amazon Web Services resource.
", + "UntagResource": "Removes a tag from an Amazon Web Services resource.
", "UpdateAgent": "Updates the name of an agent.
", "UpdateLocationNfs": "Updates some of the parameters of a previously created location for Network File System (NFS) access. For information about creating an NFS location, see Creating a location for NFS.
", "UpdateLocationObjectStorage": "Updates some of the parameters of a previously created location for self-managed object storage server access. For information about creating a self-managed object storage location, see Creating a location for object storage.
", @@ -42,7 +42,7 @@ "ActivationKey": { "base": null, "refs": { - "CreateAgentRequest$ActivationKey": "Your agent activation key. You can get the activation key either by sending an HTTP GET request with redirects that enable you to get the agent IP address (port 80). Alternatively, you can get it from the AWS DataSync console.
The redirect URL returned in the response provides you the activation key for your agent in the query string parameter activationKey. It might also include other activation-related parameters; however, these are merely defaults. The arguments you pass to this API call determine the actual configuration of your agent.
For more information, see Activating an Agent in the AWS DataSync User Guide.
" + "CreateAgentRequest$ActivationKey": "Your agent activation key. You can get the activation key either by sending an HTTP GET request with redirects that enable you to get the agent IP address (port 80). Alternatively, you can get it from the DataSync console.
The redirect URL returned in the response provides you the activation key for your agent in the query string parameter activationKey. It might also include other activation-related parameters; however, these are merely defaults. The arguments you pass to this API call determine the actual configuration of your agent.
For more information, see Activating an Agent in the DataSync User Guide.
" } }, "AgentArn": { @@ -50,8 +50,8 @@ "refs": { "AgentArnList$member": null, "AgentListEntry$AgentArn": "The Amazon Resource Name (ARN) of the agent.
", - "CreateAgentResponse$AgentArn": "The Amazon Resource Name (ARN) of the agent. Use the ListAgents operation to return a list of agents for your account and AWS Region.
The Amazon Resource Name (ARN) of the agent to delete. Use the ListAgents operation to return a list of agents for your account and AWS Region.
The Amazon Resource Name (ARN) of the agent. Use the ListAgents operation to return a list of agents for your account and Amazon Web Services Region.
The Amazon Resource Name (ARN) of the agent to delete. Use the ListAgents operation to return a list of agents for your account and Amazon Web Services Region.
The Amazon Resource Name (ARN) of the agent to describe.
", "DescribeAgentResponse$AgentArn": "The Amazon Resource Name (ARN) of the agent.
", "UpdateAgentRequest$AgentArn": "The Amazon Resource Name (ARN) of the agent to update.
" @@ -61,10 +61,10 @@ "base": null, "refs": { "CreateLocationObjectStorageRequest$AgentArns": "The Amazon Resource Name (ARN) of the agents associated with the self-managed object storage server location.
", - "CreateLocationS3Request$AgentArns": "If you are using DataSync on an AWS Outpost, specify the Amazon Resource Names (ARNs) of the DataSync agents deployed on your Outpost. For more information about launching a DataSync agent on an AWS Outpost, see Deploy your DataSync agent on AWS Outposts.
", + "CreateLocationS3Request$AgentArns": "If you are using DataSync on an Amazon Web Services Outpost, specify the Amazon Resource Names (ARNs) of the DataSync agents deployed on your Outpost. For more information about launching a DataSync agent on an Amazon Web Services Outpost, see Deploy your DataSync agent on Outposts.
", "CreateLocationSmbRequest$AgentArns": "The Amazon Resource Names (ARNs) of agents to use for a Simple Message Block (SMB) location.
", "DescribeLocationObjectStorageResponse$AgentArns": "The Amazon Resource Name (ARN) of the agents associated with the self-managed object storage server location.
", - "DescribeLocationS3Response$AgentArns": "If you are using DataSync on an AWS Outpost, the Amazon Resource Name (ARNs) of the EC2 agents deployed on your Outpost. For more information about launching a DataSync agent on an AWS Outpost, see Deploy your DataSync agent on AWS Outposts.
", + "DescribeLocationS3Response$AgentArns": "If you are using DataSync on an Amazon Web Services Outpost, the Amazon Resource Name (ARNs) of the EC2 agents deployed on your Outpost. For more information about launching a DataSync agent on an Amazon Web Services Outpost, see Deploy your DataSync agent on Outposts.
", "DescribeLocationSmbResponse$AgentArns": "The Amazon Resource Name (ARN) of the source SMB file system location that is created.
", "OnPremConfig$AgentArns": "ARNs of the agents to use for an NFS location.
", "UpdateLocationObjectStorageRequest$AgentArns": "The Amazon Resource Name (ARN) of the agents associated with the self-managed object storage server location.
", @@ -93,13 +93,13 @@ "Atime": { "base": null, "refs": { - "Options$Atime": "A file metadata value that shows the last time a file was accessed (that is, when the file was read or written to). If you set Atime to BEST_EFFORT, DataSync attempts to preserve the original Atime attribute on all source files (that is, the version before the PREPARING phase). However, Atime's behavior is not fully standard across platforms, so AWS DataSync can only do this on a best-effort basis.
Default value: BEST_EFFORT.
BEST_EFFORT: Attempt to preserve the per-file Atime value (recommended).
NONE: Ignore Atime.
If Atime is set to BEST_EFFORT, Mtime must be set to PRESERVE.
If Atime is set to NONE, Mtime must also be NONE.
A file metadata value that shows the last time a file was accessed (that is, when the file was read or written to). If you set Atime to BEST_EFFORT, DataSync attempts to preserve the original Atime attribute on all source files (that is, the version before the PREPARING phase). However, Atime's behavior is not fully standard across platforms, so DataSync can only do this on a best-effort basis.
Default value: BEST_EFFORT.
BEST_EFFORT: Attempt to preserve the per-file Atime value (recommended).
NONE: Ignore Atime.
If Atime is set to BEST_EFFORT, Mtime must be set to PRESERVE.
If Atime is set to NONE, Mtime must also be NONE.
A value that limits the bandwidth used by AWS DataSync. For example, if you want AWS DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).
A value that limits the bandwidth used by DataSync. For example, if you want DataSync to use a maximum of 1 MB, set this value to 1048576 (=1024*1024).
The total time in milliseconds that AWS DataSync spent in the PREPARING phase.
", - "TaskExecutionResultDetail$TotalDuration": "The total time in milliseconds that AWS DataSync took to transfer the file from the source to the destination location.
", - "TaskExecutionResultDetail$TransferDuration": "The total time in milliseconds that AWS DataSync spent in the TRANSFERRING phase.
", - "TaskExecutionResultDetail$VerifyDuration": "The total time in milliseconds that AWS DataSync spent in the VERIFYING phase.
" + "TaskExecutionResultDetail$PrepareDuration": "The total time in milliseconds that DataSync spent in the PREPARING phase.
", + "TaskExecutionResultDetail$TotalDuration": "The total time in milliseconds that DataSync took to transfer the file from the source to the destination location.
", + "TaskExecutionResultDetail$TransferDuration": "The total time in milliseconds that DataSync spent in the TRANSFERRING phase.
", + "TaskExecutionResultDetail$VerifyDuration": "The total time in milliseconds that DataSync spent in the VERIFYING phase.
" } }, "Ec2Config": { @@ -365,7 +365,7 @@ "EfsSubdirectory": { "base": null, "refs": { - "CreateLocationEfsRequest$Subdirectory": "A subdirectory in the location’s path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination. By default, AWS DataSync uses the root directory.
Subdirectory must be specified with forward slashes. For example, /path/to/folder.
A subdirectory in the location’s path. This subdirectory in the EFS file system is used to read data from the EFS source location or write data to the EFS destination. By default, DataSync uses the root directory.
Subdirectory must be specified with forward slashes. For example, /path/to/folder.
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example, \"/folder1|/folder2\".
", + "CreateTaskRequest$Includes": "
A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example: \"/folder1|/folder2\"
", "DescribeTaskExecutionResponse$Includes": "
A list of filter rules that determines which files to include when running a task. The list should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe), for example: \"/folder1|/folder2\"
", "DescribeTaskResponse$Excludes": "
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example: \"/folder1|/folder2\"
", + "DescribeTaskResponse$Includes": "
A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
", - "UpdateTaskRequest$Excludes": "
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example: \"/folder1|/folder2\"
" + "StartTaskExecutionRequest$Excludes": "
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example, \"/folder1|/folder2\".
A list of filter rules that determines which files to exclude from a task. The list should contain a single filter string that consists of the patterns to exclude. The patterns are delimited by \"|\" (that is, a pipe), for example: \"/folder1|/folder2\"
", + "UpdateTaskRequest$Includes": "
A list of filter rules that determines which files to include when running a task. The pattern should contain a single filter string that consists of the patterns to include. The patterns are delimited by \"|\" (that is, a pipe). For example: \"/folder1|/folder2\"
The type of filter rule to apply. AWS DataSync only supports the SIMPLE_PATTERN rule type.
" + "FilterRule$FilterType": "The type of filter rule to apply. DataSync only supports the SIMPLE_PATTERN rule type.
" } }, "FilterValue": { @@ -461,7 +465,7 @@ } }, "InternalException": { - "base": "This exception is thrown when an error occurs in the AWS DataSync service.
", + "base": "This exception is thrown when an error occurs in the DataSync service.
", "refs": { } }, @@ -530,7 +534,7 @@ "CreateLocationS3Response$LocationArn": "The Amazon Resource Name (ARN) of the source Amazon S3 bucket location that is created.
", "CreateLocationSmbResponse$LocationArn": "The Amazon Resource Name (ARN) of the source SMB file system location that is created.
", "CreateTaskRequest$SourceLocationArn": "The Amazon Resource Name (ARN) of the source location for the task.
", - "CreateTaskRequest$DestinationLocationArn": "The Amazon Resource Name (ARN) of an AWS storage resource's location.
", + "CreateTaskRequest$DestinationLocationArn": "The Amazon Resource Name (ARN) of an Amazon Web Services storage resource's location.
", "DeleteLocationRequest$LocationArn": "The Amazon Resource Name (ARN) of the location to delete.
", "DescribeLocationEfsRequest$LocationArn": "The Amazon Resource Name (ARN) of the EFS location to describe.
", "DescribeLocationEfsResponse$LocationArn": "The Amazon Resource Name (ARN) of the EFS location that was described.
", @@ -545,7 +549,7 @@ "DescribeLocationSmbRequest$LocationArn": "The Amazon Resource Name (ARN) of the SMB location to describe.
", "DescribeLocationSmbResponse$LocationArn": "The Amazon Resource Name (ARN) of the SMB location that was described.
", "DescribeTaskResponse$SourceLocationArn": "The Amazon Resource Name (ARN) of the source file system's location.
", - "DescribeTaskResponse$DestinationLocationArn": "The Amazon Resource Name (ARN) of the AWS storage resource's location.
", + "DescribeTaskResponse$DestinationLocationArn": "The Amazon Resource Name (ARN) of the Amazon Web Services storage resource's location.
", "LocationListEntry$LocationArn": "The Amazon Resource Name (ARN) of the location. For Network File System (NFS) or Amazon EFS, the location is the export path. For Amazon S3, the location is the prefix path that you want to mount and use as the root of the location.
", "UpdateLocationNfsRequest$LocationArn": "The Amazon Resource Name (ARN) of the NFS location to update.
", "UpdateLocationObjectStorageRequest$LocationArn": "The Amazon Resource Name (ARN) of the self-managed object storage server location to be updated.
", @@ -657,8 +661,8 @@ "NfsSubdirectory": { "base": null, "refs": { - "CreateLocationNfsRequest$Subdirectory": "The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
", - "UpdateLocationNfsRequest$Subdirectory": "The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder that you specified, DataSync must have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the files you want DataSync to access have permissions that allow read access for all users. Doing either option enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" + "CreateLocationNfsRequest$Subdirectory": "The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder you specified, DataSync needs to have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the permissions for all of the files that you want DataSync allow read access for all users. Doing either enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
", + "UpdateLocationNfsRequest$Subdirectory": "The subdirectory in the NFS file system that is used to read data from the NFS source location or write data to the NFS destination. The NFS path should be a path that's exported by the NFS server, or a subdirectory of that path. The path should be such that it can be mounted by other NFS clients in your network.
To see all the paths exported by your NFS server, run \"showmount -e nfs-server-name\" from an NFS client that has access to your server. You can specify any directory that appears in the results, and any subdirectory of that directory. Ensure that the NFS export is accessible without Kerberos authentication.
To transfer all the data in the folder that you specified, DataSync must have permissions to read all the data. To ensure this, either configure the NFS export with no_root_squash, or ensure that the files you want DataSync to access have permissions that allow read access for all users. Doing either option enables the agent to read the files. For the agent to access directories, you must additionally enable all execute access.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
For information about NFS export configuration, see 18.7. The /etc/exports Configuration File in the Red Hat Enterprise Linux documentation.
" } }, "NfsVersion": { @@ -707,7 +711,7 @@ "OnPremConfig": { "base": "A list of Amazon Resource Names (ARNs) of agents to use for a Network File System (NFS) location.
", "refs": { - "CreateLocationNfsRequest$OnPremConfig": "Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect to an NFS server.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
", + "CreateLocationNfsRequest$OnPremConfig": "Contains a list of Amazon Resource Names (ARNs) of agents that are used to connect to an NFS server.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
", "DescribeLocationNfsResponse$OnPremConfig": null, "UpdateLocationNfsRequest$OnPremConfig": null } @@ -739,7 +743,7 @@ "OverwriteMode": { "base": null, "refs": { - "Options$OverwriteMode": "A value that determines whether files at the destination should be overwritten or preserved when copying files. If set to NEVER a destination file will not be replaced by a source file, even if the destination file differs from the source file. If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.
Some storage classes have specific behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the AWS DataSync User Guide.
" + "Options$OverwriteMode": "A value that determines whether files at the destination should be overwritten or preserved when copying files. If set to NEVER a destination file will not be replaced by a source file, even if the destination file differs from the source file. If you modify files in the destination and you sync the files, you can use this value to protect against overwriting those changes.
Some storage classes have specific behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the DataSync User Guide.
" } }, "PLSecurityGroupArnList": { @@ -767,19 +771,19 @@ "PosixPermissions": { "base": null, "refs": { - "Options$PosixPermissions": "A value that determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. This option should only be set for NFS, EFS, and S3 locations. For more information about what metadata is copied by DataSync, see Metadata Copied by DataSync.
Default value: PRESERVE.
PRESERVE: Preserve POSIX-style permissions (recommended).
NONE: Ignore permissions.
AWS DataSync can preserve extant permissions of a source location.
A value that determines which users or groups can access a file for a specific purpose such as reading, writing, or execution of the file. This option should only be set for NFS, EFS, and S3 locations. For more information about what metadata is copied by DataSync, see Metadata Copied by DataSync.
Default value: PRESERVE.
PRESERVE: Preserve POSIX-style permissions (recommended).
NONE: Ignore permissions.
DataSync can preserve extant permissions of a source location.
A value that specifies whether files in the destination that don't exist in the source file system should be preserved. This option can affect your storage cost. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the AWS DataSync User Guide.
Default value: PRESERVE.
PRESERVE: Ignore such destination files (recommended).
REMOVE: Delete destination files that aren’t present in the source.
" + "Options$PreserveDeletedFiles": "A value that specifies whether files in the destination that don't exist in the source file system should be preserved. This option can affect your storage cost. If your task deletes objects, you might incur minimum storage duration charges for certain storage classes. For detailed information, see Considerations when working with Amazon S3 storage classes in DataSync in the DataSync User Guide.
Default value: PRESERVE.
PRESERVE: Ignore such destination files (recommended).
REMOVE: Delete destination files that aren’t present in the source.
" } }, "PreserveDevices": { "base": null, "refs": { - "Options$PreserveDevices": "A value that determines whether AWS DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.
AWS DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker.
Default value: NONE.
NONE: Ignore special devices (recommended).
PRESERVE: Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.
" + "Options$PreserveDevices": "A value that determines whether DataSync should preserve the metadata of block and character devices in the source file system, and re-create the files with that device name and metadata on the destination. DataSync does not copy the contents of such devices, only the name and metadata.
DataSync can't sync the actual contents of such devices, because they are nonterminal and don't return an end-of-file (EOF) marker.
Default value: NONE.
NONE: Ignore special devices (recommended).
PRESERVE: Preserve character and block device metadata. This option isn't currently supported for Amazon EFS.
" } }, "PrivateLinkConfig": { @@ -791,11 +795,11 @@ "S3BucketArn": { "base": null, "refs": { - "CreateLocationS3Request$S3BucketArn": "The ARN of the Amazon S3 bucket. If the bucket is on an AWS Outpost, this must be an access point ARN.
" + "CreateLocationS3Request$S3BucketArn": "The ARN of the Amazon S3 bucket. If the bucket is on an Amazon Web Services Outpost, this must be an access point ARN.
" } }, "S3Config": { - "base": "The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that is used to access an Amazon S3 bucket.
For detailed information about using such a role, see Creating a Location for Amazon S3 in the AWS DataSync User Guide.
", + "base": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) role that is used to access an Amazon S3 bucket.
For detailed information about using such a role, see Creating a Location for Amazon S3 in the DataSync User Guide.
", "refs": { "CreateLocationS3Request$S3Config": null, "DescribeLocationS3Response$S3Config": null @@ -804,7 +808,7 @@ "S3StorageClass": { "base": null, "refs": { - "CreateLocationS3Request$S3StorageClass": "The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. For buckets in AWS Regions, the storage class defaults to Standard. For buckets on AWS Outposts, the storage class defaults to AWS S3 Outposts.
For more information about S3 storage classes, see Amazon S3 Storage Classes. Some storage classes have behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with S3 storage classes in DataSync.
", + "CreateLocationS3Request$S3StorageClass": "The Amazon S3 storage class that you want to store your files in when this location is used as a task destination. For buckets in Amazon Web Services Regions, the storage class defaults to Standard. For buckets on Outposts, the storage class defaults to Amazon Web Services S3 Outposts.
For more information about S3 storage classes, see Amazon S3 Storage Classes. Some storage classes have behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with S3 storage classes in DataSync.
", "DescribeLocationS3Response$S3StorageClass": "The Amazon S3 storage class that you chose to store your files in when this location is used as a task destination. For more information about S3 storage classes, see Amazon S3 Storage Classes. Some storage classes have behaviors that can affect your S3 storage cost. For detailed information, see Considerations when working with S3 storage classes in DataSync.
" } }, @@ -819,13 +823,13 @@ "ScheduleExpressionCron": { "base": null, "refs": { - "TaskSchedule$ScheduleExpression": "A cron expression that specifies when AWS DataSync initiates a scheduled transfer from a source to a destination location.
" + "TaskSchedule$ScheduleExpression": "A cron expression that specifies when DataSync initiates a scheduled transfer from a source to a destination location.
" } }, "ServerHostname": { "base": null, "refs": { - "CreateLocationNfsRequest$ServerHostname": "The name of the NFS server. This value is the IP address or Domain Name Service (DNS) name of the NFS server. An agent that is installed on-premises uses this host name to mount the NFS server in a network.
If you are copying data to or from your AWS Snowcone device, see NFS Server on AWS Snowcone for more information.
This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.
The name of the NFS server. This value is the IP address or Domain Name Service (DNS) name of the NFS server. An agent that is installed on-premises uses this host name to mount the NFS server in a network.
If you are copying data to or from your Snowcone device, see NFS Server on Snowcone for more information.
This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.
The name of the self-managed object storage server. This value is the IP address or Domain Name Service (DNS) name of the object storage server. An agent uses this host name to mount the object storage server in a network.
", "CreateLocationSmbRequest$ServerHostname": "The name of the SMB server. This value is the IP address or Domain Name Service (DNS) name of the SMB server. An agent that is installed on-premises uses this hostname to mount the SMB server in a network.
This name must either be DNS-compliant or must be an IP version 4 (IPv4) address.
The key for an AWS resource tag.
" + "TagListEntry$Key": "The key for an Amazon Web Services resource tag.
" } }, "TagKeyList": { @@ -939,7 +943,7 @@ "CreateTaskRequest$Name": "The name of a task. This value is a text reference that is used to identify the task in the console.
", "DescribeAgentResponse$Name": "The name of the agent.
", "DescribeTaskResponse$Name": "The name of the task that was described.
", - "TagListEntry$Value": "The value for an AWS resource tag.
", + "TagListEntry$Value": "The value for an Amazon Web Services resource tag.
", "TaskListEntry$Name": "The name of the task.
", "UpdateAgentRequest$Name": "The name that you want to use to configure the agent.
", "UpdateTaskRequest$Name": "The name of the task to update.
" @@ -999,7 +1003,7 @@ "TaskExecutionStatus": { "base": null, "refs": { - "DescribeTaskExecutionResponse$Status": "The status of the task execution.
For detailed information about task execution statuses, see Understanding Task Statuses in the AWS DataSync User Guide.
", + "DescribeTaskExecutionResponse$Status": "The status of the task execution.
For detailed information about task execution statuses, see Understanding Task Statuses in the DataSync User Guide.
", "TaskExecutionListEntry$Status": "The status of a task execution.
" } }, @@ -1050,7 +1054,7 @@ "TaskStatus": { "base": null, "refs": { - "DescribeTaskResponse$Status": "The status of the task that was described.
For detailed information about task execution statuses, see Understanding Task Statuses in the AWS DataSync User Guide.
", + "DescribeTaskResponse$Status": "The status of the task that was described.
For detailed information about task execution statuses, see Understanding Task Statuses in the DataSync User Guide.
", "TaskListEntry$Status": "The status of the task.
" } }, @@ -1170,20 +1174,20 @@ "DescribeTaskExecutionResponse$EstimatedFilesToTransfer": "The expected number of files that is to be transferred over the network. This value is calculated during the PREPARING phase, before the TRANSFERRING phase. This value is the expected number of files to be transferred. It's calculated based on comparing the content of the source and destination locations and finding the delta that needs to be transferred.
", "DescribeTaskExecutionResponse$EstimatedBytesToTransfer": "The estimated physical number of bytes that is to be transferred over the network.
", "DescribeTaskExecutionResponse$FilesTransferred": "The actual number of files that was transferred over the network. This value is calculated and updated on an ongoing basis during the TRANSFERRING phase. It's updated periodically when each file is read from the source and sent over the network.
If failures occur during a transfer, this value can be less than EstimatedFilesToTransfer. This value can also be greater than EstimatedFilesTransferred in some cases. This element is implementation-specific for some location types, so don't use it as an indicator for a correct file number or to monitor your task execution.
The number of logical bytes written to the destination AWS storage resource.
", + "DescribeTaskExecutionResponse$BytesWritten": "The number of logical bytes written to the destination Amazon Web Services storage resource.
", "DescribeTaskExecutionResponse$BytesTransferred": "The physical number of bytes transferred over the network.
" } }, "string": { "base": null, "refs": { - "DescribeTaskResponse$ErrorCode": "Errors that AWS DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
", + "DescribeTaskResponse$ErrorCode": "Errors that DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
", "DescribeTaskResponse$ErrorDetail": "Detailed description of an error that was encountered during the task execution. You can use this information to help troubleshoot issues.
", "InternalException$message": null, "InternalException$errorCode": null, "InvalidRequestException$message": null, "InvalidRequestException$errorCode": null, - "TaskExecutionResultDetail$ErrorCode": "Errors that AWS DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
", + "TaskExecutionResultDetail$ErrorCode": "Errors that DataSync encountered during execution of the task. You can use this error code to help troubleshoot issues.
", "TaskExecutionResultDetail$ErrorDetail": "Detailed description of an error that was encountered during the task execution. You can use this information to help troubleshoot issues.
" } } diff --git a/models/apis/ec2/2016-11-15/api-2.json b/models/apis/ec2/2016-11-15/api-2.json index 1abe3b8bd41..f35b185e7ff 100755 --- a/models/apis/ec2/2016-11-15/api-2.json +++ b/models/apis/ec2/2016-11-15/api-2.json @@ -20498,7 +20498,8 @@ "members":{ "HttpTokens":{"shape":"HttpTokensState"}, "HttpPutResponseHopLimit":{"shape":"Integer"}, - "HttpEndpoint":{"shape":"InstanceMetadataEndpointState"} + "HttpEndpoint":{"shape":"InstanceMetadataEndpointState"}, + "HttpProtocolIpv6":{"shape":"InstanceMetadataProtocolState"} } }, "InstanceMetadataOptionsResponse":{ @@ -20519,6 +20520,10 @@ "HttpEndpoint":{ "shape":"InstanceMetadataEndpointState", "locationName":"httpEndpoint" + }, + "HttpProtocolIpv6":{ + "shape":"InstanceMetadataProtocolState", + "locationName":"httpProtocolIpv6" } } }, @@ -20529,6 +20534,13 @@ "applied" ] }, + "InstanceMetadataProtocolState":{ + "type":"string", + "enum":[ + "disabled", + "enabled" + ] + }, "InstanceMonitoring":{ "type":"structure", "members":{ @@ -23924,7 +23936,8 @@ "HttpTokens":{"shape":"HttpTokensState"}, "HttpPutResponseHopLimit":{"shape":"Integer"}, "HttpEndpoint":{"shape":"InstanceMetadataEndpointState"}, - "DryRun":{"shape":"Boolean"} + "DryRun":{"shape":"Boolean"}, + "HttpProtocolIpv6":{"shape":"InstanceMetadataProtocolState"} } }, "ModifyInstanceMetadataOptionsResult":{ diff --git a/models/apis/ec2/2016-11-15/docs-2.json b/models/apis/ec2/2016-11-15/docs-2.json index a51713918be..3a19c47feed 100755 --- a/models/apis/ec2/2016-11-15/docs-2.json +++ b/models/apis/ec2/2016-11-15/docs-2.json @@ -12,8 +12,8 @@ "AllocateAddress": "Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.
You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.
[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.
An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.
For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).
", "AllocateHosts": "Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.
", "ApplySecurityGroupsToClientVpnTargetNetwork": "Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.
", - "AssignIpv6Addresses": "Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.
You must specify either the IPv6 addresses or the IPv6 address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
", - "AssignPrivateIpAddresses": "Assigns one or more secondary private IP addresses to the specified network interface.
You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.
Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.
You must specify either the IP addresses or the IP address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
", + "AssignIpv6Addresses": "Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide.
You must specify either the IPv6 addresses or the IPv6 address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
", + "AssignPrivateIpAddresses": "Assigns one or more secondary private IP addresses to the specified network interface.
You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide. For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.
Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.
You must specify either the IP addresses or the IP address count in the request.
You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
", "AssociateAddress": "Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.
An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide.
[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.
[VPC in an EC2-Classic account] If you don't specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.
[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.
You cannot associate an Elastic IP address with an interface in a different network border group.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing.
Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that's in a different VPC, you must first modify the Client VPN endpoint (ModifyClientVpnEndpoint) and change the VPC that's associated with it.
", "AssociateDhcpOptions": "Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.
After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.
For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide.
", @@ -24,7 +24,7 @@ "AssociateSubnetCidrBlock": "Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.
", "AssociateTransitGatewayMulticastDomain": "Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.
The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.
", "AssociateTransitGatewayRouteTable": "Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.
", - "AssociateTrunkInterface": "Associates a branch network interface with a trunk network interface.
Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.
For more information, see Network interface trunking in the Amazon Elastic Compute Cloud User Guide.
", + "AssociateTrunkInterface": "This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Associates a branch network interface with a trunk network interface.
Before you create the association, run the create-network-interface command and set --interface-type to trunk. You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.
Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP). The IPv6 CIDR block size is fixed at /56.
You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.
For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide.
", "AttachClassicLinkVpc": "Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.
After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.
Linking your instance to a VPC is sometimes referred to as attaching your instance.
", "AttachInternetGateway": "Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide.
", @@ -279,7 +279,7 @@ "DescribeTransitGatewayRouteTables": "Describes one or more transit gateway route tables. By default, all transit gateway route tables are described. Alternatively, you can filter the results.
", "DescribeTransitGatewayVpcAttachments": "Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.
", "DescribeTransitGateways": "Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.
", - "DescribeTrunkInterfaceAssociations": "Describes one or more network interface trunk associations.
", + "DescribeTrunkInterfaceAssociations": "This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Describes one or more network interface trunk associations.
", "DescribeVolumeAttribute": "Describes the specified attribute of the specified volume. You can specify only one attribute at a time.
For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
", "DescribeVolumeStatus": "Describes the status of the specified volumes. Volume status provides the result of the checks performed on your volumes to determine events that can impair the performance of your volumes. The performance of a volume can be affected if an issue occurs on the volume's underlying host. If the volume's underlying host experiences a power outage or system issue, after the system is restored, there could be data inconsistencies on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to be taken in response to the event.
The DescribeVolumeStatus operation provides the following information about the specified volumes:
Status: Reflects the current status of the volume. The possible values are ok, impaired , warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks might still be taking place on your volume at the time. We recommend that you retry the request. For more information about volume status, see Monitor the status of your volumes in the Amazon Elastic Compute Cloud User Guide.
Events: Reflect the cause of a volume status and might require you to take action. For example, if your volume returns an impaired status, then the volume event might be potential-data-inconsistency. This means that your volume has been affected by an issue with the underlying host, has all I/O operations disabled, and might have inconsistent data.
Actions: Reflect the actions you might have to take in response to an event. For example, if the status of the volume is impaired and the volume event shows potential-data-inconsistency, then the action shows enable-volume-io. This means that you may want to enable the I/O operations for the volume by calling the EnableVolumeIO action and then check the volume for data consistency.
Volume status is based on the volume status checks, and does not reflect the volume state. Therefore, volume status does not indicate volumes in the error state (for example, when a volume is incapable of accepting I/O.)
Describes the specified EBS volumes or all of your EBS volumes.
If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. The MaxResults parameter sets the maximum number of results returned in a single page. If the list of results exceeds your MaxResults value, then that number of results is returned along with a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the remaining results.
For more information about EBS volumes, see Amazon EBS volumes in the Amazon Elastic Compute Cloud User Guide.
", @@ -319,7 +319,7 @@ "DisassociateSubnetCidrBlock": "Disassociates a CIDR block from a subnet. Currently, you can disassociate an IPv6 CIDR block only. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
", "DisassociateTransitGatewayMulticastDomain": "Disassociates the specified subnets from the transit gateway multicast domain.
", "DisassociateTransitGatewayRouteTable": "Disassociates a resource attachment from a transit gateway route table.
", - "DisassociateTrunkInterface": "Removes an association between a branch network interface with a trunk network interface.
", + "DisassociateTrunkInterface": "This API action is currently in limited preview only. If you are interested in using this feature, contact your account manager.
Removes an association between a branch network interface with a trunk network interface.
", "DisassociateVpcCidrBlock": "Disassociates a CIDR block from a VPC. To disassociate the CIDR block, you must specify its association ID. You can get the association ID by using DescribeVpcs. You must detach or delete all gateways and resources that are associated with the CIDR block before you can disassociate it.
You cannot disassociate the CIDR block with which you originally created the VPC (the primary CIDR block).
", "EnableEbsEncryptionByDefault": "Enables EBS encryption by default for your account in the current Region.
After you enable encryption by default, the EBS volumes that you create are always encrypted, either using the default KMS key or the KMS key that you specified when you created each volume. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide.
You can specify the default KMS key for encryption by default using ModifyEbsDefaultKmsKeyId or ResetEbsDefaultKmsKeyId.
Enabling encryption by default has no effect on the encryption status of your existing volumes.
After you enable encryption by default, you can no longer launch instances using instance types that do not support encryption. For more information, see Supported instance types.
", "EnableFastSnapshotRestores": "Enables fast snapshot restores for the specified snapshots in the specified Availability Zones.
You get the full benefit of fast snapshot restores after they enter the enabled state. To get the current state of fast snapshot restores, use DescribeFastSnapshotRestores. To disable fast snapshot restores, use DisableFastSnapshotRestores.
For more information, see Amazon EBS fast snapshot restore in the Amazon Elastic Compute Cloud User Guide.
", @@ -8782,6 +8782,14 @@ "InstanceMetadataOptionsResponse$State": "The state of the metadata option changes.
pending - The metadata options are being updated and the instance is not ready to process metadata traffic with the new selection.
applied - The metadata options have been successfully applied on the instance.
Enables or disables the IPv6 endpoint for the instance metadata service.
", + "InstanceMetadataOptionsResponse$HttpProtocolIpv6": "Whether or not the IPv6 endpoint for the instance metadata service is enabled or disabled.
", + "ModifyInstanceMetadataOptionsRequest$HttpProtocolIpv6": "Enables or disables the IPv6 endpoint for the instance metadata service.
" + } + }, "InstanceMonitoring": { "base": "Describes the monitoring of an instance.
", "refs": { @@ -9035,9 +9043,9 @@ "AllocateHostsRequest$Quantity": "The number of Dedicated Hosts to allocate to your account with these parameters.
", "AnalysisAclRule$RuleNumber": "The rule number.
", "AssignIpv6AddressesRequest$Ipv6AddressCount": "The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses.
", - "AssignIpv6AddressesRequest$Ipv6PrefixCount": "The number of IPv6 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses.
", - "AssignPrivateIpAddressesRequest$Ipv4PrefixCount": "The number of IPv4 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The ID of the VLAN. This applies to the VLAN protocol.
", "AssociateTrunkInterfaceRequest$GreKey": "The application key. This applies to the GRE protocol.
", "AttachNetworkInterfaceRequest$DeviceIndex": "The index of the device for the network interface attachment.
", @@ -9063,8 +9071,8 @@ "CreateNetworkAclEntryRequest$RuleNumber": "The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
Constraints: Positive integer from 1 to 32766. The range 32767 to 65535 is reserved for internal use.
", "CreateNetworkInterfaceRequest$Ipv6AddressCount": "The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses. If your subnet has the AssignIpv6AddressOnCreation attribute set to true, you can specify 0 to override this setting.
The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses.
The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.
", - "CreateNetworkInterfaceRequest$Ipv4PrefixCount": "The number of IPv4 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The number of IPv6 Prefix Delegation prefixes that AWS automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
The number of partitions. Valid only when Strategy is set to partition.
The number of instances that are a part of a Reserved Instance account to be listed in the Reserved Instance Marketplace. This number should be less than or equal to the instance count associated with the Reserved Instance ID specified in this call.
", "CreateTrafficMirrorFilterRuleRequest$RuleNumber": "The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.
", @@ -9135,7 +9143,7 @@ "InstanceNetworkInterfaceSpecification$DeviceIndex": "The position of the network interface in the attachment order. A primary network interface has a device index of 0.
If you specify a network interface when launching an instance, you must specify the device index.
", "InstanceNetworkInterfaceSpecification$Ipv6AddressCount": "A number of IPv6 addresses to assign to the network interface. Amazon EC2 chooses the IPv6 addresses from the range of the subnet. You cannot specify this option and the option to assign specific IPv6 addresses in the same request. You can specify this option if you've specified a minimum number of instances to launch.
", "InstanceNetworkInterfaceSpecification$SecondaryPrivateIpAddressCount": "The number of secondary private IPv4 addresses. You can't specify this option and specify more than one private IP address using the private IP addresses option. You cannot specify this option if you're launching more than one instance in a RunInstances request.
", - "InstanceNetworkInterfaceSpecification$NetworkCardIndex": "The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.
", + "InstanceNetworkInterfaceSpecification$NetworkCardIndex": "The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.
If you are using RequestSpotInstances to create Spot Instances, omit this parameter because you can’t specify the network card index when using this API. To specify the network card index, use RunInstances.
", "InstanceNetworkInterfaceSpecification$Ipv4PrefixCount": "The number of IPv4 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv4Prefix option.
The number of IPv6 delegated prefixes to be automatically assigned to the network interface. You cannot use this option if you use the Ipv6Prefix option.
The state of the instance as a 16-bit unsigned integer.
The high byte is all of the bits between 2^8 and (2^16)-1, which equals decimal values between 256 and 65,535. These numerical values are used for internal purposes and should be ignored.
The low byte is all of the bits between 2^0 and (2^8)-1, which equals decimal values between 0 and 255.
The valid values for instance-state-code will all be in the range of the low byte and they are:
0 : pending
16 : running
32 : shutting-down
48 : terminated
64 : stopping
80 : stopped
You can ignore the high byte value by zeroing out all of the bits above 2^8 or 256 in decimal.
", @@ -9414,12 +9422,12 @@ "IpPrefixList": { "base": null, "refs": { - "AssignIpv6AddressesRequest$Ipv6Prefixes": "One or more IPv6 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
The IPv6 Prefix Delegation prefixes that are assigned to the network interface.
", - "AssignPrivateIpAddressesRequest$Ipv4Prefixes": "One or more IPv4 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or moreIPv6 Prefix Delegation prefixes to unassign from the network interface.
", - "UnassignIpv6AddressesResult$UnassignedIpv6Prefixes": "The IPv4 Prefix Delegation prefixes that have been unassigned from the network interface.
", - "UnassignPrivateIpAddressesRequest$Ipv4Prefixes": "The IPv4 Prefix Delegation prefixes to unassign from the network interface.
" + "AssignIpv6AddressesRequest$Ipv6Prefixes": "One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
The IPv6 prefixes that are assigned to the network interface.
", + "AssignPrivateIpAddressesRequest$Ipv4Prefixes": "One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv6 prefixes to unassign from the network interface.
", + "UnassignIpv6AddressesResult$UnassignedIpv6Prefixes": "The IPv4 prefixes that have been unassigned from the network interface.
", + "UnassignPrivateIpAddressesRequest$Ipv4Prefixes": "The IPv4 prefixes to unassign from the network interface.
" } }, "IpRange": { @@ -9450,7 +9458,7 @@ "Ipv4PrefixList": { "base": null, "refs": { - "CreateNetworkInterfaceRequest$Ipv4Prefixes": "One or moreIPv4 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv4 delegated prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
One or more IPv4 delegated prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.
Describes an IPv4 Prefix Delegation.
", + "base": "Describes an IPv4 prefix.
", "refs": { "Ipv4PrefixesList$member": null } }, "Ipv4PrefixSpecificationRequest": { - "base": "Describes the IPv4 Prefix Delegation option for a network interface.
", + "base": "Describes the IPv4 prefix option for a network interface.
", "refs": { "Ipv4PrefixList$member": null } @@ -9482,8 +9490,8 @@ "Ipv4PrefixesList": { "base": null, "refs": { - "AssignPrivateIpAddressesResult$AssignedIpv4Prefixes": "The IPv4 Prefix Delegation prefixes that are assigned to the network interface.
", - "NetworkInterface$Ipv4Prefixes": "The IPv4 Prefix Delegation prefixes that are assigned to the network interface.
" + "AssignPrivateIpAddressesResult$AssignedIpv4Prefixes": "The IPv4 prefixes that are assigned to the network interface.
", + "NetworkInterface$Ipv4Prefixes": "The IPv4 prefixes that are assigned to the network interface.
" } }, "Ipv6Address": { @@ -9568,7 +9576,7 @@ "Ipv6PrefixList": { "base": null, "refs": { - "CreateNetworkInterfaceRequest$Ipv6Prefixes": "One or moreIPv6 Prefix Delegation prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
One or more IPv6 delegated prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
One or more IPv6 delegated prefixes to be assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.
Describes the IPv6 Prefix Delegation.
", + "base": "Describes the IPv6 prefix.
", "refs": { "Ipv6PrefixesList$member": null } }, "Ipv6PrefixSpecificationRequest": { - "base": "Describes the IPv4 Prefix Delegation option for a network interface.
", + "base": "Describes the IPv4 prefix option for a network interface.
", "refs": { "Ipv6PrefixList$member": null } @@ -9600,7 +9608,7 @@ "Ipv6PrefixesList": { "base": null, "refs": { - "NetworkInterface$Ipv6Prefixes": "The IPv6 Prefix Delegation prefixes that are assigned to the network interface.
" + "NetworkInterface$Ipv6Prefixes": "The IPv6 prefixes that are assigned to the network interface.
" } }, "Ipv6Range": { @@ -14988,8 +14996,8 @@ "IpRange$CidrIp": "The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.
", "IpRange$Description": "A description for the security group rule that references this IPv4 address range.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
", "IpRanges$member": null, - "Ipv4PrefixSpecification$Ipv4Prefix": "The IPv4 Prefix Delegation prefix. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
", - "Ipv4PrefixSpecificationRequest$Ipv4Prefix": "The IPv4 Prefix Delegation prefix. For information, see Prefix Delegation in the Amazon Elastic Compute Cloud User Guide.
", + "Ipv4PrefixSpecification$Ipv4Prefix": "The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
", + "Ipv4PrefixSpecificationRequest$Ipv4Prefix": "The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
", "Ipv4PrefixSpecificationResponse$Ipv4Prefix": "One or more IPv4 delegated prefixes assigned to the network interface.
", "Ipv6AddressList$member": null, "Ipv6CidrAssociation$Ipv6Cidr": "The IPv6 CIDR block.
", @@ -14997,8 +15005,8 @@ "Ipv6CidrBlock$Ipv6CidrBlock": "The IPv6 CIDR block.
", "Ipv6Pool$PoolId": "The ID of the address pool.
", "Ipv6Pool$Description": "The description for the address pool.
", - "Ipv6PrefixSpecification$Ipv6Prefix": "The IPv6 Prefix Delegation prefix.
", - "Ipv6PrefixSpecificationRequest$Ipv6Prefix": "The IPv6 Prefix Delegation prefix.
", + "Ipv6PrefixSpecification$Ipv6Prefix": "The IPv6 prefix.
", + "Ipv6PrefixSpecificationRequest$Ipv6Prefix": "The IPv6 prefix.
", "Ipv6PrefixSpecificationResponse$Ipv6Prefix": "One or more IPv6 delegated prefixes assigned to the network interface.
", "Ipv6Range$CidrIpv6": "The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.
", "Ipv6Range$Description": "A description for the security group rule that references this IPv6 address range.
Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*
", @@ -16027,7 +16035,7 @@ "TransitGatewayPeeringAttachment$Tags": "The tags for the transit gateway peering attachment.
", "TransitGatewayRouteTable$Tags": "Any tags assigned to the route table.
", "TransitGatewayVpcAttachment$Tags": "The tags for the VPC attachment.
", - "TrunkInterfaceAssociation$Tags": "The tags.
", + "TrunkInterfaceAssociation$Tags": "The tags for the trunk interface associaton.
", "Volume$Tags": "Any tags assigned to the volume.
", "Vpc$Tags": "Any tags assigned to the VPC.
", "VpcClassicLink$Tags": "Any tags assigned to the VPC.
", @@ -17071,7 +17079,7 @@ } }, "TrunkInterfaceAssociation": { - "base": "Information about an association between a branch network interface with a trunk network interface.
", + "base": "Currently available in limited preview only. If you are interested in using this feature, contact your account manager.
Information about an association between a branch network interface with a trunk network interface.
", "refs": { "AssociateTrunkInterfaceResult$InterfaceAssociation": "Information about the association between the trunk network interface and branch network interface.
", "TrunkInterfaceAssociationList$member": null diff --git a/models/apis/eventbridge/2015-10-07/api-2.json b/models/apis/eventbridge/2015-10-07/api-2.json index 318403e8350..52ae1f852c7 100644 --- a/models/apis/eventbridge/2015-10-07/api-2.json +++ b/models/apis/eventbridge/2015-10-07/api-2.json @@ -1744,7 +1744,8 @@ "type":"string", "enum":[ "EC2", - "FARGATE" + "FARGATE", + "EXTERNAL" ] }, "LimitExceededException":{ diff --git a/models/apis/eventbridge/2015-10-07/docs-2.json b/models/apis/eventbridge/2015-10-07/docs-2.json index 44655759662..42d89b4a35a 100644 --- a/models/apis/eventbridge/2015-10-07/docs-2.json +++ b/models/apis/eventbridge/2015-10-07/docs-2.json @@ -43,7 +43,7 @@ "PutPartnerEvents": "This is used by SaaS partners to write events to a customer's partner event bus. Amazon Web Services customers do not use this operation.
", "PutPermission": "Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as \"*\" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
", "PutRule": "Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by Amazon Web Services services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
", - "PutTargets": "Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
EC2 Image Builder
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Revokes the permission of another Amazon Web Services account to be able to put events to the specified event bus. Specify the account to revoke by the StatementId value that you associated with the account when you granted it permission with PutPermission. You can find the StatementId by using DescribeEventBus.
Removes the specified targets from the specified rule. When the rule is triggered, those targets are no longer be invoked.
When you remove a target, when the associated rule triggers, removed targets might continue to be invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Starts the specified replay. Events are not necessarily replayed in the exact same order that they were added to the archive. A replay processes events to replay based on the time in the event, and replays them using 1 minute intervals. If you specify an EventStartTime and an EventEndTime that covers a 20 minute time range, the events are replayed from the first minute of that 20 minute range first. Then the events from the second minute are replayed. You can use DescribeReplay to determine the progress of a replay. The value returned for EventLastReplayedTime indicates the time within the specified time range associated with the last event replayed.
Amazon EventBridge helps you to respond to state changes in your AWS resources. When your resources change state, they automatically send events into an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a predetermined schedule. For example, you can configure rules to:
Automatically invoke an AWS Lambda function to update DNS entries when an event notifies you that Amazon EC2 instance enters the running state.
Direct specific API records from AWS CloudTrail to an Amazon Kinesis data stream for detailed analysis of potential security or availability risks.
Periodically invoke a built-in target to create a snapshot of an Amazon EBS volume.
For more information about the features of Amazon EventBridge, see the Amazon EventBridge User Guide.
", + "service": "Amazon EventBridge helps you to respond to state changes in your Amazon Web Services resources. When your resources change state, they automatically send events to an event stream. You can create rules that match selected events in the stream and route them to targets to take action. You can also use rules to take action on a predetermined schedule. For example, you can configure rules to:
Automatically invoke an Lambda function to update DNS entries when an event notifies you that Amazon EC2 instance enters the running state.
Direct specific API records from CloudTrail to an Amazon Kinesis data stream for detailed analysis of potential security or availability risks.
Periodically invoke a built-in target to create a snapshot of an Amazon EBS volume.
For more information about the features of Amazon EventBridge, see the Amazon EventBridge User Guide.
", "operations": { "ActivateEventSource": "Activates a partner event source that has been deactivated. Once activated, your matching event bus will start receiving events from the event source.
", "CancelReplay": "Cancels the specified replay.
", @@ -8,47 +8,47 @@ "CreateArchive": "Creates an archive of events with the specified settings. When you create an archive, incoming events might not immediately start being sent to the archive. Allow a short period of time for changes to take effect. If you do not specify a pattern to filter events sent to the archive, all events are sent to the archive except replayed events. Replayed events are not sent to an archive.
", "CreateConnection": "Creates a connection. A connection defines the authorization type and credentials to use for authorization with an API destination HTTP endpoint.
", "CreateEventBus": "Creates a new event bus within your account. This can be a custom event bus which you can use to receive events from your custom applications and services, or it can be a partner event bus which can be matched to a partner event source.
", - "CreatePartnerEventSource": "Called by an SaaS partner to create a partner event source. This operation is not used by AWS customers.
Each partner event source can be used by one AWS account to create a matching partner event bus in that AWS account. A SaaS partner must create one partner event source for each AWS account that wants to receive those event types.
A partner event source creates events based on resources within the SaaS partner's service or application.
An AWS account that creates a partner event bus that matches the partner event source can use that event bus to receive events from the partner, and then process them using AWS Events rules and targets.
Partner event source names follow this format:
partner_name/event_namespace/event_name
partner_name is determined during partner registration and identifies the partner to AWS customers. event_namespace is determined by the partner and is a way for the partner to categorize their events. event_name is determined by the partner, and should uniquely identify an event-generating resource within the partner system. The combination of event_namespace and event_name should help AWS customers decide whether to create an event bus to receive these events.
", - "DeactivateEventSource": "You can use this operation to temporarily stop receiving events from the specified partner event source. The matching event bus is not deleted.
When you deactivate a partner event source, the source goes into PENDING state. If it remains in PENDING state for more than two weeks, it is deleted.
To activate a deactivated partner event source, use ActivateEventSource.
", + "CreatePartnerEventSource": "Called by an SaaS partner to create a partner event source. This operation is not used by Amazon Web Services customers.
Each partner event source can be used by one Amazon Web Services account to create a matching partner event bus in that Amazon Web Services account. A SaaS partner must create one partner event source for each Amazon Web Services account that wants to receive those event types.
A partner event source creates events based on resources within the SaaS partner's service or application.
An Amazon Web Services account that creates a partner event bus that matches the partner event source can use that event bus to receive events from the partner, and then process them using Amazon Web Services Events rules and targets.
Partner event source names follow this format:
partner_name/event_namespace/event_name
partner_name is determined during partner registration and identifies the partner to Amazon Web Services customers. event_namespace is determined by the partner and is a way for the partner to categorize their events. event_name is determined by the partner, and should uniquely identify an event-generating resource within the partner system. The combination of event_namespace and event_name should help Amazon Web Services customers decide whether to create an event bus to receive these events.
", + "DeactivateEventSource": "You can use this operation to temporarily stop receiving events from the specified partner event source. The matching event bus is not deleted.
When you deactivate a partner event source, the source goes into PENDING state. If it remains in PENDING state for more than two weeks, it is deleted.
To activate a deactivated partner event source, use ActivateEventSource.
", "DeauthorizeConnection": "Removes all authorization parameters from the connection. This lets you remove the secret from the connection so you can reuse it without having to create a new connection.
", "DeleteApiDestination": "Deletes the specified API destination.
", "DeleteArchive": "Deletes the specified archive.
", "DeleteConnection": "Deletes a connection.
", "DeleteEventBus": "Deletes the specified custom event bus or partner event bus. All rules associated with this event bus need to be deleted. You can't delete your account's default event bus.
", - "DeletePartnerEventSource": "This operation is used by SaaS partners to delete a partner event source. This operation is not used by AWS customers.
When you delete an event source, the status of the corresponding partner event bus in the AWS customer account becomes DELETED.
", - "DeleteRule": "Deletes the specified rule.
Before you can delete the rule, you must remove all targets, using RemoveTargets.
When you delete a rule, incoming events might continue to match to the deleted rule. Allow a short period of time for changes to take effect.
If you call delete rule multiple times for the same rule, all calls will succeed. When you call delete rule for a non-existent custom eventbus, ResourceNotFoundException is returned.
Managed rules are rules created and managed by another AWS service on your behalf. These rules are created by those other AWS services to support functionality in those services. You can delete these rules using the Force option, but you should do so only if you are sure the other service is not still using that rule.
This operation is used by SaaS partners to delete a partner event source. This operation is not used by Amazon Web Services customers.
When you delete an event source, the status of the corresponding partner event bus in the Amazon Web Services customer account becomes DELETED.
", + "DeleteRule": "Deletes the specified rule.
Before you can delete the rule, you must remove all targets, using RemoveTargets.
When you delete a rule, incoming events might continue to match to the deleted rule. Allow a short period of time for changes to take effect.
If you call delete rule multiple times for the same rule, all calls will succeed. When you call delete rule for a non-existent custom eventbus, ResourceNotFoundException is returned.
Managed rules are rules created and managed by another Amazon Web Services service on your behalf. These rules are created by those other Amazon Web Services services to support functionality in those services. You can delete these rules using the Force option, but you should do so only if you are sure the other service is not still using that rule.
Retrieves details about an API destination.
", "DescribeArchive": "Retrieves details about an archive.
", "DescribeConnection": "Retrieves details about a connection.
", - "DescribeEventBus": "Displays details about an event bus in your account. This can include the external AWS accounts that are permitted to write events to your default event bus, and the associated policy. For custom event buses and partner event buses, it displays the name, ARN, policy, state, and creation time.
To enable your account to receive events from other accounts on its default event bus, use PutPermission.
For more information about partner event buses, see CreateEventBus.
", + "DescribeEventBus": "Displays details about an event bus in your account. This can include the external Amazon Web Services accounts that are permitted to write events to your default event bus, and the associated policy. For custom event buses and partner event buses, it displays the name, ARN, policy, state, and creation time.
To enable your account to receive events from other accounts on its default event bus, use PutPermission.
For more information about partner event buses, see CreateEventBus.
", "DescribeEventSource": "This operation lists details about a partner event source that is shared with your account.
", - "DescribePartnerEventSource": "An SaaS partner can use this operation to list details about a partner event source that they have created. AWS customers do not use this operation. Instead, AWS customers can use DescribeEventSource to see details about a partner event source that is shared with them.
", + "DescribePartnerEventSource": "An SaaS partner can use this operation to list details about a partner event source that they have created. Amazon Web Services customers do not use this operation. Instead, Amazon Web Services customers can use DescribeEventSource to see details about a partner event source that is shared with them.
", "DescribeReplay": "Retrieves details about a replay. Use DescribeReplay to determine the progress of a running replay. A replay processes events to replay based on the time in the event, and replays them using 1 minute intervals. If you use StartReplay and specify an EventStartTime and an EventEndTime that covers a 20 minute time range, the events are replayed from the first minute of that 20 minute range first. Then the events from the second minute are replayed. You can use DescribeReplay to determine the progress of a replay. The value returned for EventLastReplayedTime indicates the time within the specified time range associated with the last event replayed.
Describes the specified rule.
DescribeRule does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
", + "DescribeRule": "Describes the specified rule.
DescribeRule does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
", "DisableRule": "Disables the specified rule. A disabled rule won't match any events, and won't self-trigger if it has a schedule expression.
When you disable a rule, incoming events might continue to match to the disabled rule. Allow a short period of time for changes to take effect.
", "EnableRule": "Enables the specified rule. If the rule does not exist, the operation fails.
When you enable a rule, incoming events might not immediately start matching to a newly enabled rule. Allow a short period of time for changes to take effect.
", "ListApiDestinations": "Retrieves a list of API destination in the account in the current Region.
", "ListArchives": "Lists your archives. You can either list all the archives or you can provide a prefix to match to the archive names. Filter parameters are exclusive.
", "ListConnections": "Retrieves a list of connections from the account.
", "ListEventBuses": "Lists all the event buses in your account, including the default event bus, custom event buses, and partner event buses.
", - "ListEventSources": "You can use this to see all the partner event sources that have been shared with your AWS account. For more information about partner event sources, see CreateEventBus.
", - "ListPartnerEventSourceAccounts": "An SaaS partner can use this operation to display the AWS account ID that a particular partner event source name is associated with. This operation is not used by AWS customers.
", - "ListPartnerEventSources": "An SaaS partner can use this operation to list all the partner event source names that they have created. This operation is not used by AWS customers.
", + "ListEventSources": "You can use this to see all the partner event sources that have been shared with your Amazon Web Services account. For more information about partner event sources, see CreateEventBus.
", + "ListPartnerEventSourceAccounts": "An SaaS partner can use this operation to display the Amazon Web Services account ID that a particular partner event source name is associated with. This operation is not used by Amazon Web Services customers.
", + "ListPartnerEventSources": "An SaaS partner can use this operation to list all the partner event source names that they have created. This operation is not used by Amazon Web Services customers.
", "ListReplays": "Lists your replays. You can either list all the replays or you can provide a prefix to match to the replay names. Filter parameters are exclusive.
", "ListRuleNamesByTarget": "Lists the rules for the specified target. You can see which of the rules in Amazon EventBridge can invoke a specific target in your account.
", - "ListRules": "Lists your Amazon EventBridge rules. You can either list all the rules or you can provide a prefix to match to the rule names.
ListRules does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
", + "ListRules": "Lists your Amazon EventBridge rules. You can either list all the rules or you can provide a prefix to match to the rule names.
ListRules does not list the targets of a rule. To see the targets associated with a rule, use ListTargetsByRule.
", "ListTagsForResource": "Displays the tags associated with an EventBridge resource. In EventBridge, rules and event buses can be tagged.
", "ListTargetsByRule": "Lists the targets assigned to the specified rule.
", "PutEvents": "Sends custom events to Amazon EventBridge so that they can be matched to rules.
", - "PutPartnerEvents": "This is used by SaaS partners to write events to a customer's partner event bus. AWS customers do not use this operation.
", - "PutPermission": "Running PutPermission permits the specified AWS account or AWS organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple AWS accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same AWS organization, you can run PutPermission once specifying Principal as \"*\" and specifying the AWS organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
The permission policy on the default event bus cannot exceed 10 KB in size.
", - "PutRule": "Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by AWS services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in AWS treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
", - "PutTargets": "Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
AWS Batch job queue
CloudWatch Logs group
CodeBuild project
CodePineline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different AWS account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
AWS Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the AWS Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge (CloudWatch Events) needs the appropriate permissions. For AWS Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis data streams, AWS Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another AWS account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge (CloudWatch Events) Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different AWS account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Revokes the permission of another AWS account to be able to put events to the specified event bus. Specify the account to revoke by the StatementId value that you associated with the account when you granted it permission with PutPermission. You can find the StatementId by using DescribeEventBus.
This is used by SaaS partners to write events to a customer's partner event bus. Amazon Web Services customers do not use this operation.
", + "PutPermission": "Running PutPermission permits the specified Amazon Web Services account or Amazon Web Services organization to put events to the specified event bus. Amazon EventBridge (CloudWatch Events) rules in your account are triggered by these events arriving to an event bus in your account.
For another account to send events to your account, that external account must have an EventBridge rule with your account's event bus as a target.
To enable multiple Amazon Web Services accounts to put events to your event bus, run PutPermission once for each of these accounts. Or, if all the accounts are members of the same Amazon Web Services organization, you can run PutPermission once specifying Principal as \"*\" and specifying the Amazon Web Services organization ID in Condition, to grant permissions to all accounts in that organization.
If you grant permissions using an organization, then accounts in that organization must specify a RoleArn with proper permissions when they use PutTarget to add your account's event bus as a target. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The permission policy on the event bus cannot exceed 10 KB in size.
", + "PutRule": "Creates or updates the specified rule. Rules are enabled by default, or based on value of the state. You can disable a rule using DisableRule.
A single rule watches for events from a single event bus. Events generated by Amazon Web Services services go to your account's default event bus. Events generated by SaaS partner services or applications go to the matching partner event bus. If you have custom applications or services, you can specify whether their events go to your default event bus or a custom event bus that you have created. For more information, see CreateEventBus.
If you are updating an existing rule, the rule is replaced with what you specify in this PutRule command. If you omit arguments in PutRule, the old values for those arguments are not kept. Instead, they are replaced with null values.
When you create or update a rule, incoming events might not immediately start matching to new or updated rules. Allow a short period of time for changes to take effect.
A rule must contain at least an EventPattern or ScheduleExpression. Rules with EventPatterns are triggered when a matching event is observed. Rules with ScheduleExpressions self-trigger based on the given schedule. A rule can have both an EventPattern and a ScheduleExpression, in which case the rule triggers on matching events as well as on a schedule.
When you initially create a rule, you can optionally assign one or more tags to the rule. Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only rules with certain tag values. To use the PutRule operation and assign tags, you must have both the events:PutRule and events:TagResource permissions.
If you are updating an existing rule, any tags you specify in the PutRule operation are ignored. To update the tags of an existing rule, use TagResource and UntagResource.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
In EventBridge, it is possible to create rules that lead to infinite loops, where a rule is fired repeatedly. For example, a rule might detect that ACLs have changed on an S3 bucket, and trigger software to change them to the desired state. If the rule is not written carefully, the subsequent change to the ACLs fires the rule again, creating an infinite loop.
To prevent this, write the rules so that the triggered actions do not re-fire the same rule. For example, your rule could fire only if ACLs are found to be in a bad state, instead of after any change.
An infinite loop can quickly cause higher than expected charges. We recommend that you use budgeting, which alerts you when charges exceed your specified limit. For more information, see Managing Your Costs with Budgets.
", + "PutTargets": "Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule.
Targets are the resources that are invoked when a rule is triggered.
You can configure the following as targets for Events:
Amazon API Gateway REST API endpoints
API Gateway
Batch job queue
CloudWatch Logs group
CodeBuild project
CodePipeline
Amazon EC2 CreateSnapshot API call
Amazon EC2 RebootInstances API call
Amazon EC2 StopInstances API call
Amazon EC2 TerminateInstances API call
Amazon ECS tasks
Event bus in a different Amazon Web Services account or Region.
You can use an event bus in the US East (N. Virginia) us-east-1, US West (Oregon) us-west-2, or Europe (Ireland) eu-west-1 Regions as a target for a rule.
Firehose delivery stream (Kinesis Data Firehose)
Inspector assessment template (Amazon Inspector)
Kinesis stream (Kinesis Data Stream)
Lambda function
Redshift clusters (Data API statement execution)
Amazon SNS topic
Amazon SQS queues (includes FIFO queues
SSM Automation
SSM OpsItem
SSM Run Command
Step Functions state machines
Creating rules with built-in targets is supported only in the Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call.
For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field.
To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway REST APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide.
If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing.
Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
For more information about enabling cross-account events, see PutPermission.
Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event:
If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target).
If Input is specified in the form of valid JSON, then the matched event is overridden with this constant.
If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed).
If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target.
When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation.
When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Revokes the permission of another Amazon Web Services account to be able to put events to the specified event bus. Specify the account to revoke by the StatementId value that you associated with the account when you granted it permission with PutPermission. You can find the StatementId by using DescribeEventBus.
Removes the specified targets from the specified rule. When the rule is triggered, those targets are no longer be invoked.
When you remove a target, when the associated rule triggers, removed targets might continue to be invoked. Allow a short period of time for changes to take effect.
This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
Starts the specified replay. Events are not necessarily replayed in the exact same order that they were added to the archive. A replay processes events to replay based on the time in the event, and replays them using 1 minute intervals. If you specify an EventStartTime and an EventEndTime that covers a 20 minute time range, the events are replayed from the first minute of that 20 minute range first. Then the events from the second minute are replayed. You can use DescribeReplay to determine the progress of a replay. The value returned for EventLastReplayedTime indicates the time within the specified time range associated with the last event replayed.
Assigns one or more tags (key-value pairs) to the specified EventBridge resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In EventBridge, rules and event buses can be tagged.
Tags don't have any semantic meaning to AWS and are interpreted strictly as strings of characters.
You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource.
", - "TestEventPattern": "Tests whether the specified event pattern matches the provided event.
Most services in AWS treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
", + "TagResource": "Assigns one or more tags (key-value pairs) to the specified EventBridge resource. Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values. In EventBridge, rules and event buses can be tagged.
Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.
You can use the TagResource action with a resource that already has tags. If you specify a new tag key, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource.
", + "TestEventPattern": "Tests whether the specified event pattern matches the provided event.
Most services in Amazon Web Services treat : or / as the same character in Amazon Resource Names (ARNs). However, EventBridge uses an exact match in event patterns and rules. Be sure to use the correct ARN characters when creating event patterns so that they match the ARN syntax in the event you want to match.
", "UntagResource": "Removes one or more tags from the specified EventBridge resource. In Amazon EventBridge (CloudWatch Events), rules and event buses can be tagged.
", "UpdateApiDestination": "Updates an API destination.
", "UpdateArchive": "Updates the specified archive.
", @@ -58,15 +58,15 @@ "AccountId": { "base": null, "refs": { - "CreatePartnerEventSourceRequest$Account": "The AWS account ID that is permitted to create a matching partner event bus for this partner event source.
", - "DeletePartnerEventSourceRequest$Account": "The AWS account ID of the AWS customer that the event source was created for.
", - "PartnerEventSourceAccount$Account": "The AWS account ID that the partner event source was offered to.
" + "CreatePartnerEventSourceRequest$Account": "The Amazon Web Services account ID that is permitted to create a matching partner event bus for this partner event source.
", + "DeletePartnerEventSourceRequest$Account": "The Amazon Web Services account ID of the Amazon Web Services customer that the event source was created for.
", + "PartnerEventSourceAccount$Account": "The Amazon Web Services account ID that the partner event source was offered to.
" } }, "Action": { "base": null, "refs": { - "PutPermissionRequest$Action": "The action that you are enabling the other account to perform. Currently, this must be events:PutEvents.
The action that you are enabling the other account to perform.
" } }, "ActivateEventSourceRequest": { @@ -205,12 +205,12 @@ "base": null, "refs": { "Archive$EventSourceArn": "The ARN of the event bus associated with the archive. Only events from this event bus are sent to the archive.
", - "CreateArchiveRequest$EventSourceArn": "The ARN of the event source associated with the archive.
", + "CreateArchiveRequest$EventSourceArn": "The ARN of the event bus that sends events to the archive.
", "DescribeArchiveResponse$EventSourceArn": "The ARN of the event source associated with the archive.
", "DescribeReplayResponse$EventSourceArn": "The ARN of the archive events were replayed from.
", "EcsParameters$TaskDefinitionArn": "The ARN of the task definition to use if the event target is an Amazon ECS task.
", "ListArchivesRequest$EventSourceArn": "The ARN of the event source associated with the archive.
", - "ListReplaysRequest$EventSourceArn": "The ARN of the event source associated with the replay.
", + "ListReplaysRequest$EventSourceArn": "The ARN of the archive from which the events are replayed.
", "ListTagsForResourceRequest$ResourceARN": "The ARN of the EventBridge resource for which you want to view tags.
", "Replay$EventSourceArn": "The ARN of the archive to replay event from.
", "ReplayDestination$Arn": "The ARN of the event bus to replay event to. You can replay events only to the event bus specified to create the archive.
", @@ -253,21 +253,21 @@ } }, "BatchArrayProperties": { - "base": "The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an AWS Batch job.
", + "base": "The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an Batch job.
", "refs": { - "BatchParameters$ArrayProperties": "The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an AWS Batch job.
" + "BatchParameters$ArrayProperties": "The array properties for the submitted job, such as the size of the array. The array size can be between 2 and 10,000. If you specify array properties for a job, it becomes an array job. This parameter is used only if the target is an Batch job.
" } }, "BatchParameters": { - "base": "The custom parameters to be used when the target is an AWS Batch job.
", + "base": "The custom parameters to be used when the target is an Batch job.
", "refs": { - "Target$BatchParameters": "If the event target is an AWS Batch job, this contains the job definition, job name, and other parameters. For more information, see Jobs in the AWS Batch User Guide.
" + "Target$BatchParameters": "If the event target is an Batch job, this contains the job definition, job name, and other parameters. For more information, see Jobs in the Batch User Guide.
" } }, "BatchRetryStrategy": { - "base": "The retry strategy to use for failed jobs, if the target is an AWS Batch job. If you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
", + "base": "The retry strategy to use for failed jobs, if the target is an Batch job. If you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
", "refs": { - "BatchParameters$RetryStrategy": "The retry strategy to use for failed jobs, if the target is an AWS Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1–10. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" + "BatchParameters$RetryStrategy": "The retry strategy to use for failed jobs, if the target is an Batch job. The retry strategy is the number of times to retry the failed job execution. Valid values are 1–10. When you specify a retry strategy here, it overrides the retry strategy defined in the job definition.
" } }, "Boolean": { @@ -276,12 +276,12 @@ "ConnectionBodyParameter$IsValueSecret": "Specified whether the value is secret.
", "ConnectionHeaderParameter$IsValueSecret": "Specified whether the value is a secret.
", "ConnectionQueryStringParameter$IsValueSecret": "Specifies whether the value is secret.
", - "DeleteRuleRequest$Force": "If this is a managed rule, created by an AWS service on your behalf, you must specify Force as True to delete the rule. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
If this is a managed rule, created by an Amazon Web Services service on your behalf, you must specify Force as True to delete the rule. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
Specifies whether to enable Amazon ECS managed tags for the task. For more information, see Tagging Your Amazon ECS Resources in the Amazon Elastic Container Service Developer Guide.
", "EcsParameters$EnableExecuteCommand": "Whether or not to enable the execute command functionality for the containers in this task. If true, this enables execute command functionality on all containers in the task.
", "RedshiftDataParameters$WithEvent": "Indicates whether to send an event back to EventBridge after the SQL statement runs.
", "RemovePermissionRequest$RemoveAllPermissions": "Specifies whether to remove all permissions.
", - "RemoveTargetsRequest$Force": "If this is a managed rule, created by an AWS service on your behalf, you must specify Force as True to remove targets. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
If this is a managed rule, created by an Amazon Web Services service on your behalf, you must specify Force as True to remove targets. This parameter is ignored for rules that are not managed rules. You can check whether a rule is a managed rule by using DescribeRule or ListRules and checking the ManagedBy field of the response.
Indicates whether the event matches the event pattern.
" } }, @@ -331,9 +331,9 @@ } }, "Condition": { - "base": "A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition. Currently, the only supported condition is membership in a certain AWS organization. The string must contain Type, Key, and Value fields. The Value field specifies the ID of the AWS organization. Following is an example value for Condition:
'{\"Type\" : \"StringEquals\", \"Key\": \"aws:PrincipalOrgID\", \"Value\": \"o-1234567890\"}'
A JSON string which you can use to limit the event bus permissions you are granting to only accounts that fulfill the condition. Currently, the only supported condition is membership in a certain Amazon Web Services organization. The string must contain Type, Key, and Value fields. The Value field specifies the ID of the Amazon Web Services organization. Following is an example value for Condition:
'{\"Type\" : \"StringEquals\", \"Key\": \"aws:PrincipalOrgID\", \"Value\": \"o-1234567890\"}'
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see What Is AWS Organizations in the AWS Organizations User Guide.
If you specify Condition with an AWS organization ID, and specify \"*\" as the value for Principal, you grant permission to all the accounts in the named organization.
The Condition is a JSON string which must contain Type, Key, and Value fields.
This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain Amazon Web Services organization. For more information about Amazon Web Services Organizations, see What Is Amazon Web Services Organizations in the Amazon Web Services Organizations User Guide.
If you specify Condition with an Amazon Web Services organization ID, and specify \"*\" as the value for Principal, you grant permission to all the accounts in the named organization.
The Condition is a JSON string which must contain Type, Key, and Value fields.
An event bus receives events from a source and routes them to rules associated with that event bus. Your account's default event bus receives events from AWS services. A custom event bus can receive events from your custom applications and services. A partner event bus receives events from an event source created by an SaaS partner. These events come from the partners services or applications.
", + "base": "An event bus receives events from a source and routes them to rules associated with that event bus. Your account's default event bus receives events from Amazon Web Services services. A custom event bus can receive events from your custom applications and services. A partner event bus receives events from an event source created by an SaaS partner. These events come from the partners services or applications.
", "refs": { "EventBusList$member": null } @@ -842,12 +842,12 @@ "EventResourceList": { "base": null, "refs": { - "PutEventsRequestEntry$Resources": "AWS resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
", - "PutPartnerEventsRequestEntry$Resources": "AWS resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" + "PutEventsRequestEntry$Resources": "Amazon Web Services resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
", + "PutPartnerEventsRequestEntry$Resources": "Amazon Web Services resources, identified by Amazon Resource Name (ARN), which the event primarily concerns. Any number, including zero, may be present.
" } }, "EventSource": { - "base": "A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that AWS account can receive events from the partner's applications or services.
", + "base": "A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that Amazon Web Services account can receive events from the partner's applications or services.
", "refs": { "EventSourceList$member": null } @@ -863,13 +863,13 @@ "refs": { "ActivateEventSourceRequest$Name": "The name of the partner event source to activate.
", "CreateEventBusRequest$EventSourceName": "If you are creating a partner event bus, this specifies the partner event source that the new event bus will be matched with.
", - "CreatePartnerEventSourceRequest$Name": "The name of the partner event source. This name must be unique and must be in the format partner_name/event_namespace/event_name . The AWS account that wants to use this partner event source must create a partner event bus with a name that matches the name of the partner event source.
The name of the partner event source. This name must be unique and must be in the format partner_name/event_namespace/event_name . The Amazon Web Services account that wants to use this partner event source must create a partner event bus with a name that matches the name of the partner event source.
The name of the partner event source to deactivate.
", "DeletePartnerEventSourceRequest$Name": "The name of the event source to delete.
", "DescribeEventSourceRequest$Name": "The name of the partner event source to display the details of.
", "DescribePartnerEventSourceRequest$Name": "The name of the event source to display.
", "ListPartnerEventSourceAccountsRequest$EventSourceName": "The name of the partner event source to display account information about.
", - "PutPartnerEventsRequestEntry$Source": "The event source that is generating the evntry.
" + "PutPartnerEventsRequestEntry$Source": "The event source that is generating the entry.
" } }, "EventSourceNamePrefix": { @@ -889,7 +889,7 @@ "EventTime": { "base": null, "refs": { - "PutEventsRequestEntry$Time": "The time stamp of the event, per RFC3339. If no time stamp is provided, the time stamp of the PutEvents call is used.
", + "PutEventsRequestEntry$Time": "The time stamp of the event, per RFC3339. If no time stamp is provided, the time stamp of the PutEvents call is used.
", "PutPartnerEventsRequestEntry$Time": "The date and time of the event.
" } }, @@ -983,7 +983,7 @@ "LaunchType": { "base": null, "refs": { - "EcsParameters$LaunchType": "Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where AWS Fargate with Amazon ECS is supported. For more information, see AWS Fargate on Amazon ECS in the Amazon Elastic Container Service Developer Guide.
Specifies the launch type on which your task is running. The launch type that you specify here must match one of the launch type (compatibilities) of the target task. The FARGATE value is supported only in the Regions where Fargate witt Amazon ECS is supported. For more information, see Fargate on Amazon ECS in the Amazon Elastic Container Service Developer Guide.
If this is a managed rule, created by an AWS service on your behalf, this field displays the principal name of the AWS service that created the rule.
", - "Rule$ManagedBy": "If the rule was created on behalf of your account by an AWS service, this field displays the principal name of the service that created the rule.
" + "DescribeRuleResponse$ManagedBy": "If this is a managed rule, created by an Amazon Web Services service on your behalf, this field displays the principal name of the Amazon Web Services service that created the rule.
", + "Rule$ManagedBy": "If the rule was created on behalf of your account by an Amazon Web Services service, this field displays the principal name of the service that created the rule.
" } }, "ManagedRuleException": { - "base": "This rule was created by an AWS service on behalf of your account. It is managed by that service. If you see this error in response to DeleteRule or RemoveTargets, you can use the Force parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.
This rule was created by an Amazon Web Services service on behalf of your account. It is managed by that service. If you see this error in response to DeleteRule or RemoveTargets, you can use the Force parameter in those calls to delete the rule or remove targets from the rule. You cannot modify these managed rules by using DisableRule, EnableRule, PutTargets, PutRule, TagResource, or UntagResource.
This structure specifies the network configuration for an ECS task.
", "refs": { - "EcsParameters$NetworkConfiguration": "Use this structure if the ECS task uses the awsvpc network mode. This structure specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. This structure is required if LaunchType is FARGATE because the awsvpc mode is required for Fargate tasks.
If you specify NetworkConfiguration when the target ECS task does not use the awsvpc network mode, the task fails.
Use this structure if the Amazon ECS task uses the awsvpc network mode. This structure specifies the VPC subnets and security groups associated with the task, and whether a public IP address is to be used. This structure is required if LaunchType is FARGATE because the awsvpc mode is required for Fargate tasks.
If you specify NetworkConfiguration when the target ECS task does not use the awsvpc network mode, the task fails.
A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that AWS account can receive events from the partner's applications or services.
", + "base": "A partner event source is created by an SaaS partner. If a customer creates a partner event bus that matches this event source, that Amazon Web Services account can receive events from the partner's applications or services.
", "refs": { "PartnerEventSourceList$member": null } }, "PartnerEventSourceAccount": { - "base": "The AWS account that a partner event source has been offered to.
", + "base": "The Amazon Web Services account that a partner event source has been offered to.
", "refs": { "PartnerEventSourceAccountList$member": null } @@ -1296,7 +1296,7 @@ } }, "PlacementStrategy": { - "base": "The task placement strategy for a task or service. To learn more, see Task Placement Strategies in the Amazon Elastic Container Service Developer Guide.
", + "base": "The task placement strategy for a task or service. To learn more, see Task Placement Strategies in the Amazon Elastic Container Service Service Developer Guide.
", "refs": { "PlacementStrategies$member": null } @@ -1321,7 +1321,7 @@ "Principal": { "base": null, "refs": { - "PutPermissionRequest$Principal": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.
If you specify \"*\" without specifying Condition, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
The 12-digit Amazon Web Services account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.
If you specify \"*\" without specifying Condition, avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an account field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.
These are custom parameters to be used when the target is a Redshift cluster to invoke the Redshift Data API ExecuteStatement based on EventBridge events.
", + "base": "These are custom parameters to be used when the target is a Amazon Redshift cluster to invoke the Amazon Redshift Data API ExecuteStatement based on EventBridge events.
", "refs": { - "Target$RedshiftDataParameters": "Contains the Redshift Data API parameters to use when the target is a Redshift cluster.
If you specify a Redshift Cluster as a Target, you can use this to specify parameters to invoke the Redshift Data API ExecuteStatement based on EventBridge events.
" + "Target$RedshiftDataParameters": "Contains the Amazon Redshift Data API parameters to use when the target is a Amazon Redshift cluster.
If you specify a Amazon Redshift Cluster as a Target, you can use this to specify parameters to invoke the Amazon Redshift Data API ExecuteStatement based on EventBridge events.
" } }, "RedshiftSecretManagerArn": { "base": null, "refs": { - "RedshiftDataParameters$SecretManagerArn": "The name or ARN of the secret that enables access to the database. Required when authenticating using AWS Secrets Manager.
" + "RedshiftDataParameters$SecretManagerArn": "The name or ARN of the secret that enables access to the database. Required when authenticating using Amazon Web Services Secrets Manager.
" } }, "ReferenceId": { @@ -1605,8 +1605,8 @@ "base": null, "refs": { "DescribeRuleResponse$RoleArn": "The Amazon Resource Name (ARN) of the IAM role associated with the rule.
", - "PutRuleRequest$RoleArn": "The Amazon Resource Name (ARN) of the IAM role associated with the rule.
", - "Rule$RoleArn": "The Amazon Resource Name (ARN) of the role that is used for target invocation.
", + "PutRuleRequest$RoleArn": "The Amazon Resource Name (ARN) of the IAM role associated with the rule.
If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
The Amazon Resource Name (ARN) of the role that is used for target invocation.
If you're setting an event bus in another account as the target and that account granted permission to your account through an organization instead of directly by the account ID, you must specify a RoleArn with proper permissions in the Target structure, instead of here in this parameter.
The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. If one rule triggers multiple targets, you can use a different IAM role for each target.
" } }, @@ -1740,7 +1740,7 @@ "refs": { "DescribeRuleResponse$ScheduleExpression": "The scheduling expression. For example, \"cron(0 20 * * ? *)\", \"rate(5 minutes)\".
", "PutRuleRequest$ScheduleExpression": "The scheduling expression. For example, \"cron(0 20 * * ? *)\" or \"rate(5 minutes)\".
", - "Rule$ScheduleExpression": "The scheduling expression. For example, \"cron(0 20 * * ? *)\", \"rate(5 minutes)\".
" + "Rule$ScheduleExpression": "The scheduling expression. For example, \"cron(0 20 * * ? *)\", \"rate(5 minutes)\". For more information, see Creating an Amazon EventBridge rule that runs on a schedule.
" } }, "SecretsManagerSecretArn": { @@ -1774,7 +1774,7 @@ "StatementId": { "base": null, "refs": { - "PutPermissionRequest$StatementId": "An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission.
An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this StatementId when you run RemovePermission.
The statement ID corresponding to the account that is no longer allowed to put events to the default event bus.
" } }, @@ -1787,8 +1787,8 @@ "String": { "base": null, "refs": { - "BatchParameters$JobDefinition": "The ARN or name of the job definition to use if the event target is an AWS Batch job. This job definition must already exist.
", - "BatchParameters$JobName": "The name to use for this execution of the job, if the target is an AWS Batch job.
", + "BatchParameters$JobDefinition": "The ARN or name of the job definition to use if the event target is an Batch job. This job definition must already exist.
", + "BatchParameters$JobName": "The name to use for this execution of the job, if the target is an Batch job.
", "Condition$Type": "Specifies the type of condition. Currently the only supported value is StringEquals.
Specifies the key for the condition. Currently the only supported key is aws:PrincipalOrgID.
Specifies the value for the key. Currently, this must be the ID of the organization.
", @@ -1804,11 +1804,11 @@ "DescribeEventSourceResponse$Name": "The name of the partner event source.
", "DescribePartnerEventSourceResponse$Arn": "The ARN of the event source.
", "DescribePartnerEventSourceResponse$Name": "The name of the event source.
", - "EcsParameters$PlatformVersion": "Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0.
This structure is used only if LaunchType is FARGATE. For more information about valid platform versions, see AWS Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.
Specifies the platform version for the task. Specify only the numeric portion of the platform version, such as 1.1.0.
This structure is used only if LaunchType is FARGATE. For more information about valid platform versions, see Fargate Platform Versions in the Amazon Elastic Container Service Developer Guide.
Specifies an ECS task group for the task. The maximum length is 255 characters.
", "EventBus$Name": "The name of the event bus.
", "EventBus$Arn": "The ARN of the event bus.
", - "EventBus$Policy": "The permissions policy of the event bus, describing which other AWS accounts can write events to this event bus.
", + "EventBus$Policy": "The permissions policy of the event bus, describing which other Amazon Web Services accounts can write events to this event bus.
", "EventSource$Arn": "The ARN of the event source.
", "EventSource$CreatedBy": "The name of the partner that created the event source.
", "EventSource$Name": "The name of the event source.
", @@ -1821,7 +1821,7 @@ "PutPartnerEventsRequestEntry$Detail": "A valid JSON string. There is no other schema imposed. The JSON string may contain fields and nested subobjects.
", "PutPermissionRequest$Policy": "A JSON string that describes the permission policy statement. You can include a Policy parameter in the request instead of using the StatementId, Action, Principal, or Condition parameters.
The event, in JSON format, to test against the event pattern. The JSON must follow the format specified in AWS Events, and the following fields are mandatory:
id
account
source
time
region
resources
detail-type
The event, in JSON format, to test against the event pattern. The JSON must follow the format specified in Amazon Web Services Events, and the following fields are mandatory:
id
account
source
time
region
resources
detail-type
A key-value pair associated with an AWS resource. In EventBridge, rules and event buses support tagging.
", + "base": "A key-value pair associated with an Amazon Web Services resource. In EventBridge, rules and event buses support tagging.
", "refs": { "TagList$member": null } @@ -1877,7 +1877,7 @@ } }, "Target": { - "base": "Targets are the resources to be invoked when a rule is triggered. For a complete list of services and resources that can be set as a target, see PutTargets.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon EventBridge User Guide.
Targets are the resources to be invoked when a rule is triggered. For a complete list of services and resources that can be set as a target, see PutTargets.
If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide.
The ID of the target.
", "RemoveTargetsResultEntry$TargetId": "The ID of the target.
", - "Target$Id": "The ID of the target.
", + "Target$Id": "The ID of the target. We recommend using a memorable and unique string.
", "TargetIdList$member": null } }, @@ -1974,9 +1974,9 @@ "DescribeReplayResponse$ReplayStartTime": "A time stamp for the time that the replay started.
", "DescribeReplayResponse$ReplayEndTime": "A time stamp for the time that the replay stopped.
", "EventSource$CreationTime": "The date and time the event source was created.
", - "EventSource$ExpirationTime": "The date and time that the event source will expire, if the AWS account doesn't create a matching event bus for it.
", + "EventSource$ExpirationTime": "The date and time that the event source will expire, if the Amazon Web Services account doesn't create a matching event bus for it.
", "PartnerEventSourceAccount$CreationTime": "The date and time the event source was created.
", - "PartnerEventSourceAccount$ExpirationTime": "The date and time that the event source will expire, if the AWS account doesn't create a matching event bus for it.
", + "PartnerEventSourceAccount$ExpirationTime": "The date and time that the event source will expire, if the Amazon Web Services account doesn't create a matching event bus for it.
", "Replay$EventStartTime": "A time stamp for the time to start replaying events. This is determined by the time in the event as described in Time.
", "Replay$EventEndTime": "A time stamp for the time to start replaying events. Any event with a creation time prior to the EventEndTime specified is replayed.
A time stamp for the time that the last event was replayed.
", @@ -1996,7 +1996,7 @@ "TraceHeader": { "base": null, "refs": { - "PutEventsRequestEntry$TraceHeader": "An AWS X-Ray trade header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.
To learn more about X-Ray trace headers, see Tracing header in the AWS X-Ray Developer Guide.
" + "PutEventsRequestEntry$TraceHeader": "An X-Ray trade header, which is an http header (X-Amzn-Trace-Id) that contains the trace-id associated with the event.
To learn more about X-Ray trace headers, see Tracing header in the X-Ray Developer Guide.
" } }, "TransformerInput": { @@ -2008,7 +2008,7 @@ "TransformerPaths": { "base": null, "refs": { - "InputTransformer$InputPathsMap": "Map of JSON paths to be extracted from the event. You can then insert these in the template in InputTemplate to produce the output you want to be sent to the target.
InputPathsMap is an array key-value pairs, where each value is a valid JSON path. You can have as many as 100 key-value pairs. You must use JSON dot notation, not bracket notation.
The keys cannot start with \"AWS.\"
" + "InputTransformer$InputPathsMap": "Map of JSON paths to be extracted from the event. You can then insert these in the template in InputTemplate to produce the output you want to be sent to the target.
InputPathsMap is an array key-value pairs, where each value is a valid JSON path. You can have as many as 100 key-value pairs. You must use JSON dot notation, not bracket notation.
The keys cannot start with \"Amazon Web Services.\"
" } }, "UntagResourceRequest": { diff --git a/models/apis/fms/2018-01-01/api-2.json b/models/apis/fms/2018-01-01/api-2.json index 7bf68f2d45e..4c82da9ad19 100644 --- a/models/apis/fms/2018-01-01/api-2.json +++ b/models/apis/fms/2018-01-01/api-2.json @@ -1203,6 +1203,7 @@ "ResourceTags":{"shape":"ResourceTags"}, "ExcludeResourceTags":{"shape":"Boolean"}, "RemediationEnabled":{"shape":"Boolean"}, + "DeleteUnusedFMManagedResources":{"shape":"Boolean"}, "IncludeMap":{"shape":"CustomerPolicyScopeMap"}, "ExcludeMap":{"shape":"CustomerPolicyScopeMap"} } @@ -1256,7 +1257,8 @@ "PolicyName":{"shape":"ResourceName"}, "ResourceType":{"shape":"ResourceType"}, "SecurityServiceType":{"shape":"SecurityServiceType"}, - "RemediationEnabled":{"shape":"Boolean"} + "RemediationEnabled":{"shape":"Boolean"}, + "DeleteUnusedFMManagedResources":{"shape":"Boolean"} } }, "PolicySummaryList":{ diff --git a/models/apis/fms/2018-01-01/docs-2.json b/models/apis/fms/2018-01-01/docs-2.json index ad37a017e0c..fad864dd22a 100644 --- a/models/apis/fms/2018-01-01/docs-2.json +++ b/models/apis/fms/2018-01-01/docs-2.json @@ -156,8 +156,10 @@ "NetworkFirewallInvalidRouteConfigurationViolation$IsRouteTableUsedInDifferentAZ": "Information about whether the route table is used in another Availability Zone.
", "Policy$ExcludeResourceTags": "If set to True, resources with the tags that are specified in the ResourceTag array are not in scope of the policy. If set to False, and the ResourceTag array is not null, only resources with the specified tags are in scope of the policy.
Indicates if the policy should be automatically applied to new resources.
", + "Policy$DeleteUnusedFMManagedResources": "Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
", "PolicyComplianceDetail$EvaluationLimitExceeded": "Indicates if over 100 resources are noncompliant with the Firewall Manager policy.
", "PolicySummary$RemediationEnabled": "Indicates if the policy should be automatically applied to new resources.
", + "PolicySummary$DeleteUnusedFMManagedResources": "Indicates whether Firewall Manager should delete Firewall Manager managed resources, such as web ACLs and security groups, when they are not in use by the Firewall Manager policy. By default, Firewall Manager doesn't delete unused Firewall Manager managed resources. This option is not available for Shield Advanced or WAF Classic policies.
", "PossibleRemediationAction$IsDefaultAction": "Information about whether an action is taken by default.
", "SecurityGroupRemediationAction$IsDefaultAction": "Indicates if the current action is the default action.
" } @@ -601,7 +603,7 @@ "ManagedServiceData": { "base": null, "refs": { - "SecurityServicePolicyData$ManagedServiceData": "Details about the service that are specific to the service type, in JSON format. For service type SHIELD_ADVANCED, this is an empty string.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Example: NETWORK_FIREWALL
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration, you can specify one logDestinationConfigs, you can optionally provide up to 20 redactedFields, and the RedactedFieldType must be one of URI, QUERY_STRING, HEADER, or METHOD.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW or DENY. For ALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"
Details about the service that are specific to the service type, in JSON format. For service type SHIELD_ADVANCED, this is an empty string.
Example: DNS_FIREWALL
\"{\\\"type\\\":\\\"DNS_FIREWALL\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-1\\\",\\\"priority\\\":10}],\\\"postProcessRuleGroups\\\":[{\\\"ruleGroupId\\\":\\\"rslvr-frg-2\\\",\\\"priority\\\":9911}]}\"
Valid values for preProcessRuleGroups are between 1 and 99. Valid values for postProcessRuleGroups are between 9901 and 10000.
Example: NETWORK_FIREWALL
\"{\\\"type\\\":\\\"NETWORK_FIREWALL\\\",\\\"networkFirewallStatelessRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateless-rulegroup/rulegroup2\\\",\\\"priority\\\":10}],\\\"networkFirewallStatelessDefaultActions\\\":[\\\"aws:pass\\\",\\\"custom1\\\"],\\\"networkFirewallStatelessFragmentDefaultActions\\\":[\\\"custom2\\\",\\\"aws:pass\\\"],\\\"networkFirewallStatelessCustomActions\\\":[{\\\"actionName\\\":\\\"custom1\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension1\\\"}]}}},{\\\"actionName\\\":\\\"custom2\\\",\\\"actionDefinition\\\":{\\\"publishMetricAction\\\":{\\\"dimensions\\\":[{\\\"value\\\":\\\"dimension2\\\"}]}}}],\\\"networkFirewallStatefulRuleGroupReferences\\\":[{\\\"resourceARN\\\":\\\"arn:aws:network-firewall:us-west-1:1234567891011:stateful-rulegroup/rulegroup1\\\"}],\\\"networkFirewallOrchestrationConfig\\\":{\\\"singleFirewallEndpointPerVPC\\\":true,\\\"allowedIPV4CidrList\\\":[\\\"10.24.34.0/28\\\"]} }\"
Example: WAFV2
\"{\\\"type\\\":\\\"WAFV2\\\",\\\"preProcessRuleGroups\\\":[{\\\"ruleGroupArn\\\":null,\\\"overrideAction\\\":{\\\"type\\\":\\\"NONE\\\"},\\\"managedRuleGroupIdentifier\\\":{\\\"version\\\":null,\\\"vendorName\\\":\\\"AWS\\\",\\\"managedRuleGroupName\\\":\\\"AWSManagedRulesAmazonIpReputationList\\\"},\\\"ruleGroupType\\\":\\\"ManagedRuleGroup\\\",\\\"excludeRules\\\":[{\\\"name\\\":\\\"NoUserAgent_HEADER\\\"}]}],\\\"postProcessRuleGroups\\\":[],\\\"defaultAction\\\":{\\\"type\\\":\\\"ALLOW\\\"},\\\"overrideCustomerWebACLAssociation\\\":false,\\\"loggingConfiguration\\\":{\\\"logDestinationConfigs\\\":[\\\"arn:aws:firehose:us-west-2:12345678912:deliverystream/aws-waf-logs-fms-admin-destination\\\"],\\\"redactedFields\\\":[{\\\"redactedFieldType\\\":\\\"SingleHeader\\\",\\\"redactedFieldValue\\\":\\\"Cookies\\\"},{\\\"redactedFieldType\\\":\\\"Method\\\"}]}}\"
In the loggingConfiguration, you can specify one logDestinationConfigs, you can optionally provide up to 20 redactedFields, and the RedactedFieldType must be one of URI, QUERY_STRING, HEADER, or METHOD.
Example: WAF Classic
\"{\\\"type\\\": \\\"WAF\\\", \\\"ruleGroups\\\": [{\\\"id\\\":\\\"12345678-1bcd-9012-efga-0987654321ab\\\", \\\"overrideAction\\\" : {\\\"type\\\": \\\"COUNT\\\"}}], \\\"defaultAction\\\": {\\\"type\\\": \\\"BLOCK\\\"}}\"
Example: SECURITY_GROUPS_COMMON
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: Shared VPCs. Apply the preceding policy to resources in shared VPCs as well as to those in VPCs that the account owns
\"{\\\"type\\\":\\\"SECURITY_GROUPS_COMMON\\\",\\\"revertManualSecurityGroupChanges\\\":false,\\\"exclusiveResourceSecurityGroupManagement\\\":false, \\\"applyToAllEC2InstanceENIs\\\":false,\\\"includeSharedVPC\\\":true,\\\"securityGroups\\\":[{\\\"id\\\":\\\" sg-000e55995d61a06bd\\\"}]}\"
Example: SECURITY_GROUPS_CONTENT_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_CONTENT_AUDIT\\\",\\\"securityGroups\\\":[{\\\"id\\\":\\\"sg-000e55995d61a06bd\\\"}],\\\"securityGroupAction\\\":{\\\"type\\\":\\\"ALLOW\\\"}}\"
The security group action for content audit can be ALLOW or DENY. For ALLOW, all in-scope security group rules must be within the allowed range of the policy's security group rules. For DENY, all in-scope security group rules must not contain a value or a range that matches a rule value or range in the policy security group.
Example: SECURITY_GROUPS_USAGE_AUDIT
\"{\\\"type\\\":\\\"SECURITY_GROUPS_USAGE_AUDIT\\\",\\\"deleteUnusedSecurityGroups\\\":true,\\\"coalesceRedundantSecurityGroups\\\":true}\"