They types of analysis performed during a repository analysis or a pull request review. You can specify either Security, CodeQuality, or both.
The types of analysis performed during a repository analysis or a pull request review. You can specify either Security, CodeQuality, or both.
They types of analysis performed during a repository analysis or a pull request review. You can specify either Security, CodeQuality, or both.
The SHA of the merge base of a commit.
" } }, + "ConfigFileState": { + "base": null, + "refs": { + "CodeReview$ConfigFileState": "The state of the aws-codeguru-reviewer.yml configuration file that allows the configuration of the CodeGuru Reviewer analysis. The file either exists, doesn't exist, or exists with errors at the root directory of your repository.
The requested operation would cause a conflict with the current state of a service resource associated with the request. Resolve the conflict before retrying this request.
", "refs": { @@ -315,6 +321,15 @@ "RecommendationSummary$EndLine": "Last line where the recommendation is applicable in the source commit or source branch. For a single line comment the start line and end line values are the same.
" } }, + "LinesOfCodeCount": { + "base": null, + "refs": { + "Metrics$MeteredLinesOfCodeCount": " MeteredLinesOfCodeCount is the number of lines of code in the repository where the code review happened. This does not include non-code lines such as comments and blank lines.
SuppressedLinesOfCodeCount is the number of lines of code in the repository where the code review happened that CodeGuru Reviewer did not analyze. The lines suppressed in the analysis is based on the excludeFiles variable in the aws-codeguru-reviewer.yml file. This number does not include non-code lines such as comments and blank lines.
Lines of code metered in the code review. For the initial code review pull request and all subsequent revisions, this includes all lines of code in the files added to the pull request. In subsequent revisions, for files that already existed in the pull request, this includes only the changed lines of code. In both cases, this does not include non-code lines such as comments and import statements. For example, if you submit a pull request containing 5 files, each with 500 lines of code, and in a subsequent revision you added a new file with 200 lines of code, and also modified a total of 25 lines across the initial 5 files, MeteredLinesOfCodeCount includes the first 5 files (5 * 500 = 2,500 lines), the new file (200 lines) and the 25 changed lines of code for a total of 2,725 lines of code.
Lines of code suppressed in the code review based on the excludeFiles element in the aws-codeguru-reviewer.yml file. For full repository analyses, this number includes all lines of code in the files that are suppressed. For pull requests, this number only includes the changed lines of code that are suppressed. In both cases, this number does not include non-code lines such as comments and import statements. For example, if you initiate a full repository analysis on a repository containing 5 files, each file with 100 lines of code, and 2 files are listed as excluded in the aws-codeguru-reviewer.yml file, then SuppressedLinesOfCodeCount returns 200 (2 * 100) as the total number of lines of code suppressed. However, if you submit a pull request for the same repository, then SuppressedLinesOfCodeCount only includes the lines in the 2 files that changed. If only 1 of the 2 files changed in the pull request, then SuppressedLinesOfCodeCount returns 100 (1 * 100) as the total number of lines of code suppressed.
The maximum number of repository association results returned by ListRepositoryAssociations in paginated output. When this parameter is used, ListRepositoryAssociations only returns maxResults results in a single page with a nextToken response element. The remaining results of the initial request can be seen by sending another ListRepositoryAssociations request with the returned nextToken value. This value can be between 1 and 100. If this parameter is not used, ListRepositoryAssociations returns up to 100 results and a nextToken value if applicable.
MeteredLinesOfCode is the number of lines of code in the repository where the code review happened. This does not include non-code lines such as comments and blank lines.
Lines of code metered in the code review. For the initial code review pull request and all subsequent revisions, this includes all lines of code in the files added to the pull request. In subsequent revisions, for files that already existed in the pull request, this includes only the changed lines of code. In both cases, this does not include non-code lines such as comments and import statements. For example, if you submit a pull request containing 5 files, each with 500 lines of code, and in a subsequent revision you added a new file with 200 lines of code, and also modified a total of 25 lines across the initial 5 files, MeteredLinesOfCodeCount includes the first 5 files (5 * 500 = 2,500 lines), the new file (200 lines) and the 25 changed lines of code for a total of 2,725 lines of code.
Information about the statistics from the code review.
", "refs": { diff --git a/models/apis/mediaconvert/2017-08-29/api-2.json b/models/apis/mediaconvert/2017-08-29/api-2.json index 309b13c42ae..453de80c122 100644 --- a/models/apis/mediaconvert/2017-08-29/api-2.json +++ b/models/apis/mediaconvert/2017-08-29/api-2.json @@ -3412,6 +3412,10 @@ "shape": "DolbyVisionLevel6Mode", "locationName": "l6Mode" }, + "Mapping": { + "shape": "DolbyVisionMapping", + "locationName": "mapping" + }, "Profile": { "shape": "DolbyVisionProfile", "locationName": "profile" @@ -3439,10 +3443,18 @@ "SPECIFY" ] }, + "DolbyVisionMapping": { + "type": "string", + "enum": [ + "HDR10_NOMAP", + "HDR10_1000" + ] + }, "DolbyVisionProfile": { "type": "string", "enum": [ - "PROFILE_5" + "PROFILE_5", + "PROFILE_8_1" ] }, "DropFrameTimecode": { @@ -5865,6 +5877,10 @@ "shape": "__stringMin11Max11Pattern01D20305D205D", "locationName": "timecodeStart" }, + "VideoGenerator": { + "shape": "InputVideoGenerator", + "locationName": "videoGenerator" + }, "VideoSelector": { "shape": "VideoSelector", "locationName": "videoSelector" @@ -6051,6 +6067,15 @@ "SPECIFIEDSTART" ] }, + "InputVideoGenerator": { + "type": "structure", + "members": { + "Duration": { + "shape": "__integerMin50Max86400000", + "locationName": "duration" + } + } + }, "InsertableImage": { "type": "structure", "members": { @@ -8385,6 +8410,13 @@ } } }, + "PadVideo": { + "type": "string", + "enum": [ + "DISABLED", + "BLACK" + ] + }, "PartnerWatermarking": { "type": "structure", "members": { @@ -9684,6 +9716,10 @@ "shape": "Hdr10Metadata", "locationName": "hdr10Metadata" }, + "PadVideo": { + "shape": "PadVideo", + "locationName": "padVideo" + }, "Pid": { "shape": "__integerMin1Max2147483647", "locationName": "pid" @@ -10735,6 +10771,11 @@ "min": 4, "max": 12 }, + "__integerMin50Max86400000": { + "type": "integer", + "min": 50, + "max": 86400000 + }, "__integerMin6000Max1024000": { "type": "integer", "min": 6000, diff --git a/models/apis/mediaconvert/2017-08-29/docs-2.json b/models/apis/mediaconvert/2017-08-29/docs-2.json index 26c5e842d22..537cf6cf961 100644 --- a/models/apis/mediaconvert/2017-08-29/docs-2.json +++ b/models/apis/mediaconvert/2017-08-29/docs-2.json @@ -1058,10 +1058,16 @@ "DolbyVision$L6Mode": "Use Dolby Vision Mode to choose how the service will handle Dolby Vision MaxCLL and MaxFALL properies." } }, + "DolbyVisionMapping": { + "base": "Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to Static (HDR10_1000), the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims.", + "refs": { + "DolbyVision$Mapping": "Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping is not applied to the HDR10-compatible signal. Depending on the source peak nit level, clipping might occur on HDR devices without Dolby Vision. When you set Content mapping to Static (HDR10_1000), the transcoder creates a 1,000 nits peak HDR10-compatible signal by applying static content mapping to the source. This mode is speed-optimized for PQ10 sources with metadata that is created from analysis. For graded Dolby Vision content, be aware that creative intent might not be guaranteed with extreme 1,000 nits trims." + } + }, "DolbyVisionProfile": { - "base": "In the current MediaConvert implementation, the Dolby Vision profile is always 5 (PROFILE_5). Therefore, all of your inputs must contain Dolby Vision frame interleaved data.", + "base": "Required when you use Dolby Vision (DolbyVision) processing. Set Profile (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output.", "refs": { - "DolbyVision$Profile": "In the current MediaConvert implementation, the Dolby Vision profile is always 5 (PROFILE_5). Therefore, all of your inputs must contain Dolby Vision frame interleaved data." + "DolbyVision$Profile": "Required when you use Dolby Vision (DolbyVision) processing. Set Profile (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) to include both frame-interleaved Dolby Vision metadata and HDR10 metadata in your output." } }, "DropFrameTimecode": { @@ -2146,6 +2152,12 @@ "InputTemplate$TimecodeSource": "Use this Timecode source setting, located under the input settings (InputTimecodeSource), to specify how the service counts input video frames. This input frame count affects only the behavior of features that apply to a single input at a time, such as input clipping and synchronizing some captions formats. Choose Embedded (EMBEDDED) to use the timecodes in your input video. Choose Start at zero (ZEROBASED) to start the first frame at zero. Choose Specified start (SPECIFIEDSTART) to start the first frame at the timecode that you specify in the setting Start timecode (timecodeStart). If you don't specify a value for Timecode source, the service will use Embedded by default. For more information about timecodes, see https://docs.aws.amazon.com/console/mediaconvert/timecode." } }, + "InputVideoGenerator": { + "base": "Use this setting if you do not have a video input or if you want to add black video frames before, or after, other inputs. When you include Video generator, MediaConvert creates a video input with black frames and without an audio track. You can specify a value for Video generator, or you can specify an Input file, but you cannot specify both.", + "refs": { + "Input$VideoGenerator": "Use this setting if you do not have a video input or if you want to add black video frames before, or after, other inputs. When you include Video generator, MediaConvert creates a video input with black frames and without an audio track. You can specify a value for Video generator, or you can specify an Input file, but you cannot specify both." + } + }, "InsertableImage": { "base": "These settings apply to a specific graphic overlay. You can include multiple overlays in your job.", "refs": { @@ -2919,6 +2931,12 @@ "Output$OutputSettings": "Specific settings for this type of output." } }, + "PadVideo": { + "base": "Use this setting if your input has video and audio durations that don't align, and your output or player has strict alignment requirements. Examples: Input audio track has a delayed start. Input video track ends before audio ends. When you set Pad video (padVideo) to Black (BLACK), MediaConvert generates black video frames so that output video and audio durations match. Black video frames are added at the beginning or end, depending on your input. To keep the default behavior and not generate black video, set Pad video to Disabled (DISABLED) or leave blank.", + "refs": { + "VideoSelector$PadVideo": "Use this setting if your input has video and audio durations that don't align, and your output or player has strict alignment requirements. Examples: Input audio track has a delayed start. Input video track ends before audio ends. When you set Pad video (padVideo) to Black (BLACK), MediaConvert generates black video frames so that output video and audio durations match. Black video frames are added at the beginning or end, depending on your input. To keep the default behavior and not generate black video, set Pad video to Disabled (DISABLED) or leave blank." + } + }, "PartnerWatermarking": { "base": "If you work with a third party video watermarking partner, use the group of settings that correspond with your watermarking partner to include watermarks in your output.", "refs": { @@ -4456,6 +4474,12 @@ "XavcHdProfileSettings$Slices": "Number of slices per picture. Must be less than or equal to the number of macroblock rows for progressive pictures, and less than or equal to half the number of macroblock rows for interlaced pictures." } }, + "__integerMin50Max86400000": { + "base": null, + "refs": { + "InputVideoGenerator$Duration": "Specify an integer value for Black video duration from 50 to 86400000 to generate a black video input for that many milliseconds. Required when you include Video generator." + } + }, "__integerMin6000Max1024000": { "base": null, "refs": { diff --git a/models/apis/rds/2014-10-31/api-2.json b/models/apis/rds/2014-10-31/api-2.json index fb4fe3f9cf9..94591ac05ec 100644 --- a/models/apis/rds/2014-10-31/api-2.json +++ b/models/apis/rds/2014-10-31/api-2.json @@ -363,7 +363,8 @@ {"shape":"AuthorizationNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, {"shape":"DomainNotFoundFault"}, - {"shape":"BackupPolicyNotFoundFault"} + {"shape":"BackupPolicyNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "CreateDBInstanceReadReplica":{ @@ -396,7 +397,8 @@ {"shape":"InvalidDBSubnetGroupFault"}, {"shape":"StorageTypeNotSupportedFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"DomainNotFoundFault"} + {"shape":"DomainNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "CreateDBParameterGroup":{ @@ -1600,7 +1602,8 @@ {"shape":"DomainNotFoundFault"}, {"shape":"BackupPolicyNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"InvalidDBClusterStateFault"} + {"shape":"InvalidDBClusterStateFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "ModifyDBParameterGroup":{ @@ -2111,7 +2114,8 @@ {"shape":"DBSecurityGroupNotFoundFault"}, {"shape":"DomainNotFoundFault"}, {"shape":"DBParameterGroupNotFoundFault"}, - {"shape":"BackupPolicyNotFoundFault"} + {"shape":"BackupPolicyNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "RestoreDBInstanceFromS3":{ @@ -2142,7 +2146,8 @@ {"shape":"StorageTypeNotSupportedFault"}, {"shape":"AuthorizationNotFoundFault"}, {"shape":"KMSKeyNotAccessibleFault"}, - {"shape":"BackupPolicyNotFoundFault"} + {"shape":"BackupPolicyNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "RestoreDBInstanceToPointInTime":{ @@ -2178,7 +2183,8 @@ {"shape":"DomainNotFoundFault"}, {"shape":"BackupPolicyNotFoundFault"}, {"shape":"DBParameterGroupNotFoundFault"}, - {"shape":"DBInstanceAutomatedBackupNotFoundFault"} + {"shape":"DBInstanceAutomatedBackupNotFoundFault"}, + {"shape":"NetworkTypeNotSupported"} ] }, "RevokeDBSecurityGroupIngress":{ @@ -3025,7 +3031,8 @@ "MaxAllocatedStorage":{"shape":"IntegerOptional"}, "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, "CustomIamInstanceProfile":{"shape":"String"}, - "BackupTarget":{"shape":"String"} + "BackupTarget":{"shape":"String"}, + "NetworkType":{"shape":"String"} } }, "CreateDBInstanceReadReplicaMessage":{ @@ -3067,7 +3074,8 @@ "DomainIAMRoleName":{"shape":"String"}, "ReplicaMode":{"shape":"ReplicaMode"}, "MaxAllocatedStorage":{"shape":"IntegerOptional"}, - "CustomIamInstanceProfile":{"shape":"String"} + "CustomIamInstanceProfile":{"shape":"String"}, + "NetworkType":{"shape":"String"} } }, "CreateDBInstanceReadReplicaResult":{ @@ -3909,7 +3917,8 @@ "AutomationMode":{"shape":"AutomationMode"}, "ResumeFullAutomationModeTime":{"shape":"TStamp"}, "CustomIamInstanceProfile":{"shape":"String"}, - "BackupTarget":{"shape":"String"} + "BackupTarget":{"shape":"String"}, + "NetworkType":{"shape":"String"} }, "wrapper":true }, @@ -4599,7 +4608,8 @@ "VpcId":{"shape":"String"}, "SubnetGroupStatus":{"shape":"String"}, "Subnets":{"shape":"SubnetList"}, - "DBSubnetGroupArn":{"shape":"String"} + "DBSubnetGroupArn":{"shape":"String"}, + "SupportedNetworkTypes":{"shape":"StringList"} }, "wrapper":true }, @@ -6388,7 +6398,8 @@ "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, "AwsBackupRecoveryPointArn":{"shape":"AwsBackupRecoveryPointArn"}, "AutomationMode":{"shape":"AutomationMode"}, - "ResumeFullAutomationModeMinutes":{"shape":"IntegerOptional"} + "ResumeFullAutomationModeMinutes":{"shape":"IntegerOptional"}, + "NetworkType":{"shape":"String"} } }, "ModifyDBInstanceResult":{ @@ -6563,6 +6574,17 @@ "OptionGroup":{"shape":"OptionGroup"} } }, + "NetworkTypeNotSupported":{ + "type":"structure", + "members":{ + }, + "error":{ + "code":"NetworkTypeNotSupported", + "httpStatusCode":400, + "senderFault":true + }, + "exception":true + }, "Option":{ "type":"structure", "members":{ @@ -6824,7 +6846,8 @@ "OutpostCapable":{"shape":"Boolean"}, "SupportedActivityStreamModes":{"shape":"ActivityStreamModeList"}, "SupportsGlobalDatabases":{"shape":"Boolean"}, - "SupportsClusters":{"shape":"Boolean"} + "SupportsClusters":{"shape":"Boolean"}, + "SupportedNetworkTypes":{"shape":"StringList"} }, "wrapper":true }, @@ -7505,7 +7528,8 @@ "DeletionProtection":{"shape":"BooleanOptional"}, "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, "CustomIamInstanceProfile":{"shape":"String"}, - "BackupTarget":{"shape":"String"} + "BackupTarget":{"shape":"String"}, + "NetworkType":{"shape":"String"} } }, "RestoreDBInstanceFromDBSnapshotResult":{ @@ -7569,7 +7593,8 @@ "ProcessorFeatures":{"shape":"ProcessorFeatureList"}, "UseDefaultProcessorFeatures":{"shape":"BooleanOptional"}, "DeletionProtection":{"shape":"BooleanOptional"}, - "MaxAllocatedStorage":{"shape":"IntegerOptional"} + "MaxAllocatedStorage":{"shape":"IntegerOptional"}, + "NetworkType":{"shape":"String"} } }, "RestoreDBInstanceFromS3Result":{ @@ -7617,7 +7642,8 @@ "SourceDBInstanceAutomatedBackupsArn":{"shape":"String"}, "EnableCustomerOwnedIp":{"shape":"BooleanOptional"}, "CustomIamInstanceProfile":{"shape":"String"}, - "BackupTarget":{"shape":"String"} + "BackupTarget":{"shape":"String"}, + "NetworkType":{"shape":"String"} } }, "RestoreDBInstanceToPointInTimeResult":{ diff --git a/models/apis/rds/2014-10-31/docs-2.json b/models/apis/rds/2014-10-31/docs-2.json index 9cf1b17f2b5..8ea0a201c7e 100644 --- a/models/apis/rds/2014-10-31/docs-2.json +++ b/models/apis/rds/2014-10-31/docs-2.json @@ -2919,6 +2919,11 @@ "refs": { } }, + "NetworkTypeNotSupported": { + "base": "The network type is invalid for the DB instance. Valid nework type values are IPV4 and DUAL.
Option details.
", "refs": { @@ -3771,7 +3776,7 @@ "CreateDBInstanceMessage$PreferredMaintenanceWindow": "The time range each week during which system maintenance can occur, in Universal Coordinated Time (UTC). For more information, see Amazon RDS Maintenance Window.
Format: ddd:hh24:mi-ddd:hh24:mi
The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region, occurring on a random day of the week.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.
Constraints: Minimum 30-minute window.
", "CreateDBInstanceMessage$DBParameterGroupName": "The name of the DB parameter group to associate with this DB instance. If you do not specify a value, then the default DB parameter group for the specified DB engine and version is used.
This setting doesn't apply to RDS Custom.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The daily time range during which automated backups are created if automated backups are enabled, using the BackupRetentionPeriod parameter. The default is a 30-minute window selected at random from an 8-hour block of time for each Amazon Web Services Region. For more information, see Backup window in the Amazon RDS User Guide.
Amazon Aurora
Not applicable. The daily time range for creating automated backups is managed by the DB cluster.
Constraints:
Must be in the format hh24:mi-hh24:mi.
Must be in Universal Coordinated Time (UTC).
Must not conflict with the preferred maintenance window.
Must be at least 30 minutes.
The version number of the database engine to use.
For a list of valid engine versions, use the DescribeDBEngineVersions action.
The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.
Amazon Aurora
Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
Amazon RDS Custom for Oracle
A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: 19.customized_string . An example identifier is 19.my_cev1. For more information, see Creating an RDS Custom for Oracle DB instance in the Amazon RDS User Guide.
Amazon RDS Custom for SQL Server
See RDS Custom for SQL Server general requirements in the Amazon RDS User Guide.
MariaDB
For information, see MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.
Microsoft SQL Server
For information, see Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.
MySQL
For information, see MySQL on Amazon RDS Versions in the Amazon RDS User Guide.
Oracle
For information, see Oracle Database Engine Release Notes in the Amazon RDS User Guide.
PostgreSQL
For information, see Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$EngineVersion": "The version number of the database engine to use.
For a list of valid engine versions, use the DescribeDBEngineVersions action.
The following are the database engines and links to information about the major and minor versions that are available with Amazon RDS. Not every database engine is available for every Amazon Web Services Region.
Amazon Aurora
Not applicable. The version number of the database engine to be used by the DB instance is managed by the DB cluster.
Amazon RDS Custom for Oracle
A custom engine version (CEV) that you have previously created. This setting is required for RDS Custom for Oracle. The CEV name has the following format: 19.customized_string . An example identifier is 19.my_cev1. For more information, see Creating an RDS Custom for Oracle DB instance in the Amazon RDS User Guide.
Amazon RDS Custom for SQL Server
See RDS Custom for SQL Server general requirements in the Amazon RDS User Guide.
MariaDB
For information, see MariaDB on Amazon RDS Versions in the Amazon RDS User Guide.
Microsoft SQL Server
For information, see Microsoft SQL Server Versions on Amazon RDS in the Amazon RDS User Guide.
MySQL
For information, see MySQL on Amazon RDS Versions in the Amazon RDS User Guide.
Oracle
For information, see Oracle Database Engine Release Notes in the Amazon RDS User Guide.
PostgreSQL
For information, see Amazon RDS for PostgreSQL versions and extensions in the Amazon RDS User Guide.
", "CreateDBInstanceMessage$LicenseModel": "License model information for this DB instance.
Valid values: license-included | bring-your-own-license | general-public-license
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$OptionGroupName": "A value that indicates that the DB instance should be associated with the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, can't be removed from an option group. Also, that option group can't be removed from a DB instance after it is associated with a DB instance.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$CharacterSetName": "For supported engines, this value indicates that the DB instance should be associated with the specified CharacterSet.
This setting doesn't apply to RDS Custom. However, if you need to change the character set, you can change it on the database itself.
Amazon Aurora
Not applicable. The character set is managed by the DB cluster. For more information, see CreateDBCluster.
The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
This setting is required for RDS Custom.
", "CreateDBInstanceMessage$BackupTarget": "Specifies where automated backups and manual snapshots are stored.
Possible values are outposts (Amazon Web Services Outposts) and region (Amazon Web Services Region). The default is region.
For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
", + "CreateDBInstanceMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "CreateDBInstanceReadReplicaMessage$DBInstanceIdentifier": "The DB instance identifier of the read replica. This identifier is the unique key that identifies a DB instance. This parameter is stored as a lowercase string.
", "CreateDBInstanceReadReplicaMessage$SourceDBInstanceIdentifier": "The identifier of the DB instance that will act as the source for the read replica. Each DB instance can have up to five read replicas.
Constraints:
Must be the identifier of an existing MySQL, MariaDB, Oracle, PostgreSQL, or SQL Server DB instance.
Can specify a DB instance that is a MySQL read replica only if the source is running MySQL 5.6 or later.
For the limitations of Oracle read replicas, see Read Replica Limitations with Oracle in the Amazon RDS User Guide.
For the limitations of SQL Server read replicas, see Read Replica Limitations with Microsoft SQL Server in the Amazon RDS User Guide.
Can specify a PostgreSQL DB instance only if the source is running PostgreSQL 9.3.5 or later (9.4.7 and higher for cross-Region replication).
The specified DB instance must have automatic backups enabled, that is, its backup retention period must be greater than 0.
If the source DB instance is in the same Amazon Web Services Region as the read replica, specify a valid DB instance identifier.
If the source DB instance is in a different Amazon Web Services Region from the read replica, specify a valid DB instance ARN. For more information, see Constructing an ARN for Amazon RDS in the Amazon RDS User Guide. This doesn't apply to SQL Server or RDS Custom, which don't support cross-Region replicas.
The compute and memory capacity of the read replica, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: Inherits from the source DB instance.
", @@ -3803,6 +3809,7 @@ "CreateDBInstanceReadReplicaMessage$Domain": "The Active Directory directory ID to create the DB instance in. Currently, only MySQL, Microsoft SQL Server, Oracle, and PostgreSQL DB instances can be created in an Active Directory Domain.
For more information, see Kerberos Authentication in the Amazon RDS User Guide.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceReadReplicaMessage$DomainIAMRoleName": "Specify the name of the IAM role to be used when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", "CreateDBInstanceReadReplicaMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
This setting is required for RDS Custom.
", + "CreateDBInstanceReadReplicaMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for read replica. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "CreateDBParameterGroupMessage$DBParameterGroupName": "The name of the DB parameter group.
Constraints:
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
This value is stored as a lowercase string.
The DB parameter group family name. A DB parameter group can be associated with one and only one DB parameter group family, and can be applied only to a DB instance running a database engine and engine version compatible with that DB parameter group family.
To list all of the available parameter group families for a DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine <engine>
For example, to list all of the available parameter group families for the MySQL DB engine, use the following command:
aws rds describe-db-engine-versions --query \"DBEngineVersions[].DBParameterGroupFamily\" --engine mysql
The output contains duplicates.
The following are the valid DB engine values:
aurora (for MySQL 5.6-compatible Aurora)
aurora-mysql (for MySQL 5.7-compatible and MySQL 8.0-compatible Aurora)
aurora-postgresql
mariadb
mysql
oracle-ee
oracle-ee-cdb
oracle-se2
oracle-se2-cdb
postgres
sqlserver-ee
sqlserver-se
sqlserver-ex
sqlserver-web
The description for the DB parameter group.
", @@ -3942,6 +3949,7 @@ "DBInstance$ActivityStreamKinesisStreamName": "The name of the Amazon Kinesis data stream used for the database activity stream.
", "DBInstance$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
", "DBInstance$BackupTarget": "Specifies where automated backups and manual snapshots are stored: Amazon Web Services Outposts or the Amazon Web Services Region.
", + "DBInstance$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide and Working with a DB instance in a VPC in the Amazon Aurora User Guide.
", "DBInstanceAutomatedBackup$DBInstanceArn": "The Amazon Resource Name (ARN) for the automated backups.
", "DBInstanceAutomatedBackup$DbiResourceId": "The identifier for the source DB instance, which can't be changed and which is unique to an Amazon Web Services Region.
", "DBInstanceAutomatedBackup$Region": "The Amazon Web Services Region associated with the automated backup.
", @@ -4270,6 +4278,7 @@ "ModifyDBInstanceMessage$MonitoringRoleArn": "The ARN for the IAM role that permits RDS to send enhanced monitoring metrics to Amazon CloudWatch Logs. For example, arn:aws:iam:123456789012:role/emaccess. For information on creating a monitoring role, see To create an IAM role for Amazon RDS Enhanced Monitoring in the Amazon RDS User Guide.
If MonitoringInterval is set to a value other than 0, supply a MonitoringRoleArn value.
This setting doesn't apply to RDS Custom.
", "ModifyDBInstanceMessage$DomainIAMRoleName": "The name of the IAM role to use when making API calls to the Directory Service.
This setting doesn't apply to RDS Custom.
", "ModifyDBInstanceMessage$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
This setting doesn't apply to RDS Custom.
", + "ModifyDBInstanceMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "ModifyDBParameterGroupMessage$DBParameterGroupName": "The name of the DB parameter group.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
The identifier for the DBProxy to modify.
The new identifier for the DBProxy. An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.
The name of the DB parameter group to associate with this DB instance.
If you don't specify a value for DBParameterGroupName, then RDS uses the default DBParameterGroup for the specified DB engine.
This setting doesn't apply to RDS Custom.
Constraints:
If supplied, must match the name of an existing DBParameterGroup.
Must be 1 to 255 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
This setting is required for RDS Custom.
", "RestoreDBInstanceFromDBSnapshotMessage$BackupTarget": "Specifies where automated backups and manual snapshots are stored for the restored DB instance.
Possible values are outposts (Amazon Web Services Outposts) and region (Amazon Web Services Region). The default is region.
For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
", + "RestoreDBInstanceFromDBSnapshotMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RestoreDBInstanceFromS3Message$DBName": "The name of the database to create when the DB instance is created. Follow the naming rules specified in CreateDBInstance.
The DB instance identifier. This parameter is stored as a lowercase string.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens.
First character must be a letter.
Can't end with a hyphen or contain two consecutive hyphens.
Example: mydbinstance
The compute and memory capacity of the DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Importing from Amazon S3 isn't supported on the db.t2.micro DB instance class.
", @@ -4487,6 +4497,7 @@ "RestoreDBInstanceFromS3Message$S3Prefix": "The prefix of your Amazon S3 bucket.
", "RestoreDBInstanceFromS3Message$S3IngestionRoleArn": "An Amazon Web Services Identity and Access Management (IAM) role to allow Amazon RDS to access your Amazon S3 bucket.
", "RestoreDBInstanceFromS3Message$PerformanceInsightsKMSKeyId": "The Amazon Web Services KMS key identifier for encryption of Performance Insights data.
The Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If you do not specify a value for PerformanceInsightsKMSKeyId, then Amazon RDS uses your default KMS key. There is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.
The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RestoreDBInstanceToPointInTimeMessage$SourceDBInstanceIdentifier": "The identifier of the source DB instance from which to restore.
Constraints:
Must match the identifier of an existing DB instance.
The name of the new DB instance to be created.
Constraints:
Must contain from 1 to 63 letters, numbers, or hyphens
First character must be a letter
Can't end with a hyphen or contain two consecutive hyphens
The compute and memory capacity of the Amazon RDS DB instance, for example db.m4.large. Not all DB instance classes are available in all Amazon Web Services Regions, or for all database engines. For the full list of DB instance classes, and availability for your engine, see DB Instance Class in the Amazon RDS User Guide.
Default: The same DBInstanceClass as the original DB instance.
", @@ -4506,6 +4517,7 @@ "RestoreDBInstanceToPointInTimeMessage$SourceDBInstanceAutomatedBackupsArn": "The Amazon Resource Name (ARN) of the replicated automated backups from which to restore, for example, arn:aws:rds:useast-1:123456789012:auto-backup:ab-L2IJCEXJP7XQ7HOJ4SIEXAMPLE.
This setting doesn't apply to RDS Custom.
", "RestoreDBInstanceToPointInTimeMessage$CustomIamInstanceProfile": "The instance profile associated with the underlying Amazon EC2 instance of an RDS Custom DB instance. The instance profile must meet the following requirements:
The profile must exist in your account.
The profile must have an IAM role that Amazon EC2 has permissions to assume.
The instance profile name and the associated IAM role name must start with the prefix AWSRDSCustom.
For the list of permissions required for the IAM role, see Configure IAM and your VPC in the Amazon RDS User Guide.
This setting is required for RDS Custom.
", "RestoreDBInstanceToPointInTimeMessage$BackupTarget": "Specifies where automated backups and manual snapshots are stored for the restored DB instance.
Possible values are outposts (Amazon Web Services Outposts) and region (Amazon Web Services Region). The default is region.
For more information, see Working with Amazon RDS on Amazon Web Services Outposts in the Amazon RDS User Guide.
", + "RestoreDBInstanceToPointInTimeMessage$NetworkType": "The network type of the DB instance.
Valid values:
IPV4
DUAL
The network type is determined by the DBSubnetGroup specified for the DB instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RevokeDBSecurityGroupIngressMessage$DBSecurityGroupName": "The name of the DB security group to revoke ingress from.
", "RevokeDBSecurityGroupIngressMessage$CIDRIP": "The IP range to revoke access from. Must be a valid CIDR range. If CIDRIP is specified, EC2SecurityGroupName, EC2SecurityGroupId and EC2SecurityGroupOwnerId can't be provided.
The name of the EC2 security group to revoke access from. For VPC DB security groups, EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId must be provided.
The EC2 subnet IDs for the proxy.
", "DBProxyEndpoint$VpcSecurityGroupIds": "Provides a list of VPC security groups that the DB proxy endpoint belongs to.
", "DBProxyEndpoint$VpcSubnetIds": "The EC2 subnet IDs for the DB proxy endpoint.
", + "DBSubnetGroup$SupportedNetworkTypes": "The network type of the DB subnet group.
Valid values:
IPV4
DUAL
A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "DeregisterDBProxyTargetsRequest$DBInstanceIdentifiers": "One or more DB instance identifiers.
", "DeregisterDBProxyTargetsRequest$DBClusterIdentifiers": "One or more DB cluster identifiers.
", "ExportTask$ExportOnly": "The data exported from the snapshot. Valid values are the following:
database - Export all the data from a specified database.
database.table table-name - Export a table of the snapshot. This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL.
database.schema schema-name - Export a database schema of the snapshot. This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL.
database.schema.table table-name - Export a table of the database schema. This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL.
List of DB instance identifiers that aren't part of the custom endpoint group. All other eligible instances are reachable through the custom endpoint. Only relevant if the list of static members is empty.
", "ModifyDBProxyEndpointRequest$VpcSecurityGroupIds": "The VPC security group IDs for the DB proxy endpoint. When the DB proxy endpoint uses a different VPC than the original proxy, you also specify a different set of security group IDs than for the original proxy.
", "ModifyDBProxyRequest$SecurityGroups": "The new list of security groups for the DBProxy.
The network types supported by the DB instance (IPV4 or DUAL).
A DB instance can support only the IPv4 protocol or the IPv4 and the IPv6 protocols (DUAL).
For more information, see Working with a DB instance in a VPC in the Amazon RDS User Guide.
", "RegisterDBProxyTargetsRequest$DBInstanceIdentifiers": "One or more DB instance identifiers.
", "RegisterDBProxyTargetsRequest$DBClusterIdentifiers": "One or more DB cluster identifiers.
", "StartExportTaskMessage$ExportOnly": "The data to be exported from the snapshot. If this parameter is not provided, all the snapshot data is exported. Valid values are the following:
database - Export all the data from a specified database.
database.table table-name - Export a table of the snapshot. This format is valid only for RDS for MySQL, RDS for MariaDB, and Aurora MySQL.
database.schema schema-name - Export a database schema of the snapshot. This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL.
database.schema.table table-name - Export a table of the database schema. This format is valid only for RDS for PostgreSQL and Aurora PostgreSQL.
The name of the plugin. Must be one of the following: aws:updateAgent, aws:domainjoin, aws:applications, aws:runPowerShellScript, aws:psmodule, aws:cloudWatch, aws:runShellScript, or aws:updateSSMAgent.
The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example, aws:RunShellScript is a plugin.
To find the PluginName, check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.
The name of the step for which you want detailed results. If the document contains only one step, you can omit the name and details for that step. If the document contains more than one step, you must specify the name of the step for which you want to view details. Be sure to specify the name of the step, not the name of a plugin like aws:RunShellScript.
To find the PluginName, check the document content and find the name of the step you want details for. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.
The name of the plugin, or step name, for which details are reported. For example, aws:RunShellScript is a plugin.
The specified key-value mapping of document parameters to target resources.
", "AutomationExecutionMetadata$TargetMaps": "The specified key-value mapping of document parameters to target resources.
", + "Runbook$TargetMaps": "A key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can't be specified together.
", "StartAutomationExecutionRequest$TargetMaps": "A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
" } }, diff --git a/models/apis/wafv2/2019-07-29/api-2.json b/models/apis/wafv2/2019-07-29/api-2.json index 49d86063543..375bcafb0ce 100755 --- a/models/apis/wafv2/2019-07-29/api-2.json +++ b/models/apis/wafv2/2019-07-29/api-2.json @@ -128,7 +128,8 @@ {"shape":"WAFTagOperationException"}, {"shape":"WAFTagOperationInternalErrorException"}, {"shape":"WAFSubscriptionNotFoundException"}, - {"shape":"WAFInvalidOperationException"} + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFConfigurationWarningException"} ] }, "DeleteFirewallManagerRuleGroups":{ @@ -777,7 +778,8 @@ {"shape":"WAFLimitsExceededException"}, {"shape":"WAFUnavailableEntityException"}, {"shape":"WAFSubscriptionNotFoundException"}, - {"shape":"WAFInvalidOperationException"} + {"shape":"WAFInvalidOperationException"}, + {"shape":"WAFConfigurationWarningException"} ] }, "UpdateWebACL":{ @@ -799,7 +801,8 @@ {"shape":"WAFUnavailableEntityException"}, {"shape":"WAFSubscriptionNotFoundException"}, {"shape":"WAFInvalidOperationException"}, - {"shape":"WAFExpiredManagedRuleGroupVersionException"} + {"shape":"WAFExpiredManagedRuleGroupVersionException"}, + {"shape":"WAFConfigurationWarningException"} ] } }, @@ -870,6 +873,7 @@ "Body":{ "type":"structure", "members":{ + "OversizeHandling":{"shape":"OversizeHandling"} } }, "BodyParsingFallbackBehavior":{ @@ -964,6 +968,33 @@ "type":"long", "min":0 }, + "CookieMatchPattern":{ + "type":"structure", + "members":{ + "All":{"shape":"All"}, + "IncludedCookies":{"shape":"CookieNames"}, + "ExcludedCookies":{"shape":"CookieNames"} + } + }, + "CookieNames":{ + "type":"list", + "member":{"shape":"SingleCookieName"}, + "max":199, + "min":1 + }, + "Cookies":{ + "type":"structure", + "required":[ + "MatchPattern", + "MatchScope", + "OversizeHandling" + ], + "members":{ + "MatchPattern":{"shape":"CookieMatchPattern"}, + "MatchScope":{"shape":"MapMatchScope"}, + "OversizeHandling":{"shape":"OversizeHandling"} + } + }, "CountAction":{ "type":"structure", "members":{ @@ -1222,7 +1253,8 @@ "EH", "YE", "ZM", - "ZW" + "ZW", + "XK" ] }, "CountryCodes":{ @@ -1615,7 +1647,9 @@ "QueryString":{"shape":"QueryString"}, "Body":{"shape":"Body"}, "Method":{"shape":"Method"}, - "JsonBody":{"shape":"JsonBody"} + "JsonBody":{"shape":"JsonBody"}, + "Headers":{"shape":"Headers"}, + "Cookies":{"shape":"Cookies"} } }, "FieldToMatchData":{ @@ -1958,8 +1992,35 @@ } }, "HTTPVersion":{"type":"string"}, + "HeaderMatchPattern":{ + "type":"structure", + "members":{ + "All":{"shape":"All"}, + "IncludedHeaders":{"shape":"HeaderNames"}, + "ExcludedHeaders":{"shape":"HeaderNames"} + } + }, "HeaderName":{"type":"string"}, + "HeaderNames":{ + "type":"list", + "member":{"shape":"FieldToMatchData"}, + "max":199, + "min":1 + }, "HeaderValue":{"type":"string"}, + "Headers":{ + "type":"structure", + "required":[ + "MatchPattern", + "MatchScope", + "OversizeHandling" + ], + "members":{ + "MatchPattern":{"shape":"HeaderMatchPattern"}, + "MatchScope":{"shape":"MapMatchScope"}, + "OversizeHandling":{"shape":"OversizeHandling"} + } + }, "IPAddress":{ "type":"string", "max":50, @@ -2047,7 +2108,8 @@ "members":{ "MatchPattern":{"shape":"JsonMatchPattern"}, "MatchScope":{"shape":"JsonMatchScope"}, - "InvalidFallbackBehavior":{"shape":"BodyParsingFallbackBehavior"} + "InvalidFallbackBehavior":{"shape":"BodyParsingFallbackBehavior"}, + "OversizeHandling":{"shape":"OversizeHandling"} } }, "JsonMatchPattern":{ @@ -2463,6 +2525,14 @@ "ExpiryTimestamp":{"shape":"Timestamp"} } }, + "MapMatchScope":{ + "type":"string", + "enum":[ + "ALL", + "KEY", + "VALUE" + ] + }, "Method":{ "type":"structure", "members":{ @@ -2516,6 +2586,14 @@ "None":{"shape":"NoneAction"} } }, + "OversizeHandling":{ + "type":"string", + "enum":[ + "CONTINUE", + "MATCH", + "NO_MATCH" + ] + }, "PaginationLimit":{ "type":"integer", "max":100, @@ -2582,7 +2660,11 @@ "ASSOCIABLE_RESOURCE", "LOG_DESTINATION", "MANAGED_RULE_GROUP_CONFIG", - "PAYLOAD_TYPE" + "PAYLOAD_TYPE", + "HEADER_MATCH_PATTERN", + "COOKIE_MATCH_PATTERN", + "MAP_MATCH_SCOPE", + "OVERSIZE_HANDLING" ] }, "ParameterExceptionParameter":{ @@ -2968,6 +3050,12 @@ ] }, "SearchString":{"type":"blob"}, + "SingleCookieName":{ + "type":"string", + "max":60, + "min":1, + "pattern":".*\\S.*" + }, "SingleHeader":{ "type":"structure", "required":["Name"], @@ -3364,6 +3452,13 @@ }, "exception":true }, + "WAFConfigurationWarningException":{ + "type":"structure", + "members":{ + "Message":{"shape":"ErrorMessage"} + }, + "exception":true + }, "WAFDuplicateItemException":{ "type":"structure", "members":{ diff --git a/models/apis/wafv2/2019-07-29/docs-2.json b/models/apis/wafv2/2019-07-29/docs-2.json index a3ba1fda8e9..522cb289ae3 100755 --- a/models/apis/wafv2/2019-07-29/docs-2.json +++ b/models/apis/wafv2/2019-07-29/docs-2.json @@ -2,7 +2,7 @@ "version": "2.0", "service": "This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like \"V2\" or \"v2\", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. You can access your old rules, web ACLs, and other WAF resources only through the WAF Classic APIs. The WAF Classic APIs have retained the prior names, endpoints, and namespaces.
For information, including how to migrate your WAF resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API. WAF also lets you control access to your content. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, or the AppSync GraphQL API responds to requests either with the requested content or with an HTTP 403 status code (Forbidden). You also can configure CloudFront to return a custom error page when a request is blocked.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and an overview of how to use WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
For regional applications, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API.
For Amazon CloudFront applications, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
We currently provide two versions of the WAF API: this API and the prior versions, the classic WAF APIs. This new API provides the same functionality as the older versions, with the following major improvements:
You use one API for both global and regional applications. Where you need to distinguish the scope, you specify a Scope parameter and set it to CLOUDFRONT or REGIONAL.
You can define a web ACL or rule group with a single call, and update it with a single call. You define all rule specifications in JSON format, and pass them to your rule group or web ACL calls.
The limits WAF places on the use of rules more closely reflects the cost of running each type of rule. Rule groups include capacity settings, so you know the maximum cost of a rule group when you use it.
Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution.
Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", "CheckCapacity": "Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.
WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
", "CreateIPSet": "Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure WAF to block them using an IPSet that lists those IP addresses.
", "CreateRegexPatternSet": "Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have WAF inspect a web request component for the specified patterns.
", @@ -14,9 +14,9 @@ "DeletePermissionPolicy": "Permanently deletes an IAM policy from the specified rule group.
You must be the owner of the rule group to perform this operation.
", "DeleteRegexPatternSet": "Deletes the specified RegexPatternSet.
", "DeleteRuleGroup": "Deletes the specified RuleGroup.
", - "DeleteWebACL": "Deletes the specified WebACL.
You can only use this if ManagedByFirewallManager is false in the specified WebACL.
Deletes the specified WebACL.
You can only use this if ManagedByFirewallManager is false in the specified WebACL.
Before deleting any web ACL, first disassociate it from all resources.
To retrieve a list of the resources that are associated with a web ACL, use the following calls:
For regional resources, call ListResourcesForWebACL.
For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId.
To disassociate a resource from a web ACL, use the following calls:
For regional resources, call DisassociateWebACL.
For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Provides high-level information for a managed rule group, including descriptions of the rules.
", - "DisassociateWebACL": "Disassociates a web ACL from a regional application resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, or an AppSync GraphQL API.
For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.
Generates a presigned download URL for the specified release of the mobile SDK.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage Security Token Service (STS) security tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration in the WAF Developer Guide.
", "GetIPSet": "Retrieves the specified IPSet.
", "GetLoggingConfiguration": "Returns the LoggingConfiguration for the specified web ACL.
", @@ -45,11 +45,11 @@ "PutPermissionPolicy": "Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.
You must be the owner of the rule group to perform this operation.
This action is subject to the following restrictions:
You can attach only one policy with each PutPermissionPolicy request.
The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same Region.
The user making the request must be the owner of the rule group.
Associates tags with the specified Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.
", "UntagResource": "Disassociates tags from an Amazon Web Services resource. Tags are key:value pairs that you can associate with Amazon Web Services resources. For example, the tag key might be \"customer\" and the tag value might be \"companyA.\" You can specify one or more tags to add to each container. You can add up to 50 tags to each Amazon Web Services resource.
", - "UpdateIPSet": "Updates the specified IPSet.
This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call. To modify the IP set, retrieve it by calling GetIPSet, update the settings as needed, and then provide the complete IP set specification to this call.
Updates the specified IPSet.
This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call. To modify the IP set, retrieve it by calling GetIPSet, update the settings as needed, and then provide the complete IP set specification to this call.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", "UpdateManagedRuleSetVersionExpiryDate": "Updates the expiration information for your managed rule set. Use this to initiate the expiration of a managed rule group version. After you initiate expiration for a version, WAF excludes it from the reponse to ListAvailableManagedRuleGroupVersions for the managed rule group.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
Updates the specified RegexPatternSet.
This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call. To modify the regex pattern set, retrieve it by calling GetRegexPatternSet, update the settings as needed, and then provide the complete regex pattern set specification to this call.
Updates the specified RuleGroup.
This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call. To modify the rule group, retrieve it by calling GetRuleGroup, update the settings as needed, and then provide the complete rule group specification to this call.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", - "UpdateWebACL": "Updates the specified WebACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify the web ACL, retrieve it by calling GetWebACL, update the settings as needed, and then provide the complete web ACL specification to this call.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API.
" + "UpdateRegexPatternSet": "Updates the specified RegexPatternSet.
This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call. To modify the regex pattern set, retrieve it by calling GetRegexPatternSet, update the settings as needed, and then provide the complete regex pattern set specification to this call.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
", + "UpdateRuleGroup": "Updates the specified RuleGroup.
This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call. To modify the rule group, retrieve it by calling GetRuleGroup, update the settings as needed, and then provide the complete rule group specification to this call.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
", + "UpdateWebACL": "Updates the specified WebACL. While updating a web ACL, WAF provides continous coverage to the resources that you have associated with the web ACL.
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify the web ACL, retrieve it by calling GetWebACL, update the settings as needed, and then provide the complete web ACL specification to this call.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AppSync GraphQL API.
" }, "shapes": { "Action": { @@ -71,13 +71,15 @@ } }, "All": { - "base": "Inspect all of the elements that WAF has parsed and extracted from the web request JSON body that are within the JsonBody MatchScope. This is used with the FieldToMatch option JsonBody.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"All\": {}
Inspect all of the elements that WAF has parsed and extracted from the web request component that you've identified in your FieldToMatch specifications.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: \"All\": {}
Inspect all cookies.
", + "HeaderMatchPattern$All": "Inspect all headers.
", "JsonMatchPattern$All": "Match all of the elements. See also MatchScope in JsonBody.
You must specify either this setting or the IncludedPaths setting, but not both.
All query arguments of a web request.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"AllQueryArguments\": {}
Inspect all query arguments of the web request.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: \"AllQueryArguments\": {}
Inspect all query arguments.
" } @@ -113,9 +115,9 @@ } }, "Body": { - "base": "The body of a web request. This immediately follows the request headers.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"Body\": {}
Inspect the body of the web request. The body immediately follows the request headers.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
", "refs": { - "FieldToMatch$Body": "Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Note that only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for inspection by the underlying host service. If you don't need to inspect more than 8 KB, you can guarantee that you don't allow additional bytes in by combining a statement that inspects the body of the web request, such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a SizeConstraintStatement that enforces an 8 KB size limit on the body of the request. WAF doesn't support inspecting the entire contents of web requests whose bodies exceed the 8 KB limit.
" + "FieldToMatch$Body": "Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for inspection by the underlying host service. For information about how to handle oversized request bodies, see the Body object configuration.
The web ACL capacity units (WCUs) currently being used by this web ACL.
WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
" } }, + "CookieMatchPattern": { + "base": "The filter to use to identify the subset of cookies to inspect in a web request.
You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
Example JSON: \"CookieMatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }
The filter to use to identify the subset of cookies to inspect in a web request.
You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
Example JSON: \"CookieMatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }
Inspect only the cookies that have a key that matches one of the strings specified here.
", + "CookieMatchPattern$ExcludedCookies": "Inspect only the cookies whose keys don't match any of the strings specified here.
" + } + }, + "Cookies": { + "base": "Inspect the cookies in the web request. You can specify the parts of the cookies to inspect and you can narrow the set of cookies to inspect by including or excluding specific keys.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Example JSON: \"Cookies\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }
Inspect the request cookies. You must configure scope and pattern matching filters in the Cookies object, to define the set of cookies and the parts of the cookies that WAF inspects.
Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the Cookies object. WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
Specifies that WAF should count the request. Optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
", "refs": { @@ -537,6 +558,7 @@ "base": null, "refs": { "WAFAssociatedItemException$Message": null, + "WAFConfigurationWarningException$Message": null, "WAFDuplicateItemException$Message": null, "WAFExpiredManagedRuleGroupVersionException$Message": null, "WAFInternalErrorException$Message": null, @@ -595,20 +617,21 @@ } }, "FieldToMatch": { - "base": "The part of a web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of a web request, create a separate rule statement for each component.
JSON specification for a QueryString field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
The part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
", + "ByteMatchStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
", "RedactedFields$member": null, - "RegexMatchStatement$FieldToMatch": "The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
", - "RegexPatternSetReferenceStatement$FieldToMatch": "The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
", - "SizeConstraintStatement$FieldToMatch": "The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
", - "SqliMatchStatement$FieldToMatch": "The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
", - "XssMatchStatement$FieldToMatch": "The part of a web request that you want WAF to inspect. For more information, see FieldToMatch.
" + "RegexMatchStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
", + "RegexPatternSetReferenceStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
", + "SizeConstraintStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
", + "SqliMatchStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
", + "XssMatchStatement$FieldToMatch": "The part of the web request that you want WAF to inspect. For more information, see FieldToMatch.
" } }, "FieldToMatchData": { "base": null, "refs": { + "HeaderNames$member": null, "SingleHeader$Name": "The name of the query header to inspect.
", "SingleQueryArgument$Name": "The name of the query argument to inspect.
" } @@ -834,18 +857,37 @@ "HTTPRequest$HTTPVersion": "The HTTP version specified in the sampled web request, for example, HTTP/1.1.
The filter to use to identify the subset of headers to inspect in a web request.
You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
Example JSON: \"HeaderMatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }
The filter to use to identify the subset of headers to inspect in a web request.
You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
Example JSON: \"HeaderMatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }
The name of the HTTP header.
" } }, + "HeaderNames": { + "base": null, + "refs": { + "HeaderMatchPattern$IncludedHeaders": "Inspect only the headers that have a key that matches one of the strings specified here.
", + "HeaderMatchPattern$ExcludedHeaders": "Inspect only the headers whose keys don't match any of the strings specified here.
" + } + }, "HeaderValue": { "base": null, "refs": { "HTTPHeader$Value": "The value of the HTTP header.
" } }, + "Headers": { + "base": "Inspect the headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Alternately, you can use the SingleHeader FieldToMatch setting to inspect the value of a single header, identified by its key.
Example JSON: \"Headers\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }
Inspect the request headers. You must configure scope and pattern matching filters in the Headers object, to define the set of headers to and the parts of the headers that WAF inspects.
Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the Headers object. WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
The body of a web request, inspected as JSON. The body immediately follows the request headers. This is used in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: \"JsonBody\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"ALL\" }
Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: \"JsonBody\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"ALL\" }
Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Note that only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for inspection by the underlying host service. If you don't need to inspect more than 8 KB, you can guarantee that you don't allow additional bytes in by combining a statement that inspects the body of the web request, such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a SizeConstraintStatement that enforces an 8 KB size limit on the body of the request. WAF doesn't support inspecting the entire contents of web requests whose bodies exceed the 8 KB limit.
" + "FieldToMatch$JsonBody": "Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for inspection by the underlying host service. For information about how to handle oversized request bodies, see the JsonBody object configuration.
The parts of the cookies to inspect with the rule inspection criteria. If you specify All, WAF inspects both keys and values.
The parts of the headers to match with the rule inspection criteria. If you specify All, WAF inspects both keys and values.
The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"Method\": {}
Inspect the HTTP method of the web request. The method indicates the type of operation that the request is asking the origin to perform.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: \"Method\": {}
Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
" } @@ -1331,6 +1380,15 @@ "Rule$OverrideAction": "The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead exclude those rules in your rule group reference statement settings.
What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service.
The options for oversize handling are the following:
CONTINUE - Inspect the body normally, according to the rule inspection criteria.
MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB.
Default: CONTINUE
What WAF should do if the cookies of the request are larger than WAF can inspect. WAF does not support inspecting the entire contents of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host service forwards a maximum of 200 cookies and at most 8 KB of cookie contents to WAF.
The options for oversize handling are the following:
CONTINUE - Inspect the cookies normally, according to the rule inspection criteria.
MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
What WAF should do if the headers of the request are larger than WAF can inspect. WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to WAF.
The options for oversize handling are the following:
CONTINUE - Inspect the headers normally, according to the rule inspection criteria.
MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the body of a web request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to WAF by the underlying host service.
The options for oversize handling are the following:
CONTINUE - Inspect the body normally, according to the rule inspection criteria.
MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB.
Default: CONTINUE
The area within the portion of a web request that you want WAF to search for SearchString. Valid values include the following:
CONTAINS
The specified part of the web request must include the value of SearchString, but the location doesn't matter.
CONTAINS_WORD
The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:
SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.
SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.
EXACTLY
The value of the specified part of the web request must exactly match the value of SearchString.
STARTS_WITH
The value of SearchString must appear at the beginning of the specified part of the web request.
ENDS_WITH
The value of SearchString must appear at the end of the specified part of the web request.
The area within the portion of the web request that you want WAF to search for SearchString. Valid values include the following:
CONTAINS
The specified part of the web request must include the value of SearchString, but the location doesn't matter.
CONTAINS_WORD
The specified part of the web request must include the value of SearchString, and SearchString must contain only alphanumeric characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means that both of the following are true:
SearchString is at the beginning of the specified part of the web request or is preceded by a character other than an alphanumeric character or underscore (_). Examples include the value of a header and ;BadBot.
SearchString is at the end of the specified part of the web request or is followed by a character other than an alphanumeric character or underscore (_), for example, BadBot; and -BadBot;.
EXACTLY
The value of the specified part of the web request must exactly match the value of SearchString.
STARTS_WITH
The value of SearchString must appear at the beginning of the specified part of the web request.
ENDS_WITH
The value of SearchString must appear at the end of the specified part of the web request.
The query string of a web request. This is the part of a URL that appears after a ? character, if any.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"QueryString\": {}
Inspect the query string of the web request. This is the part of a URL that appears after a ? character, if any.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: \"QueryString\": {}
Inspect the query string. This is the part of a URL that appears after a ? character, if any.
A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 50 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 50 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" } }, + "SingleCookieName": { + "base": null, + "refs": { + "CookieNames$member": null + } + }, "SingleHeader": { - "base": "One of the headers in a web request, identified by name, for example, User-Agent or Referer. This setting isn't case sensitive.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Example JSON: \"SingleHeader\": { \"Name\": \"haystack\" }
Inspect one of the headers in the web request, identified by name, for example, User-Agent or Referer. The name isn't case sensitive.
You can filter and inspect all headers with the FieldToMatch setting Headers.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Example JSON: \"SingleHeader\": { \"Name\": \"haystack\" }
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
Example JSON: \"SingleHeader\": { \"Name\": \"haystack\" }
Inspect a single header. Provide the name of the header to inspect, for example, User-Agent or Referer. This setting isn't case sensitive.
Example JSON: \"SingleHeader\": { \"Name\": \"haystack\" }
Alternately, you can filter and inspect all headers with the Headers FieldToMatch setting.
One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Example JSON: \"SingleQueryArgument\": { \"Name\": \"myArgument\" }
Inspect one query argument in the web request, identified by name, for example UserName or SalesRegion. The name isn't case sensitive.
This is used to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Example JSON: \"SingleQueryArgument\": { \"Name\": \"myArgument\" }
Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
Example JSON: \"SingleQueryArgument\": { \"Name\": \"myArgument\" }
Inspect a single query argument. Provide the name of the query argument to inspect, such as UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive.
Example JSON: \"SingleQueryArgument\": { \"Name\": \"myArgument\" }
The path component of the URI of a web request. This is the part of a web request that identifies a resource. For example, /images/daily-ad.jpg.
This is used only to indicate the web request component for WAF to inspect, in the FieldToMatch specification.
JSON specification: \"UriPath\": {}
Inspect the path component of the URI of the web request. This is the part of the web request that identifies a resource. For example, /images/daily-ad.jpg.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: \"UriPath\": {}
Inspect the request URI path. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg.
Inspect the request URI path. This is the part of the web request that identifies a resource, for example, /images/daily-ad.jpg.
WAF couldn’t perform the operation because your resource is being used by another resource or it’s associated with another resource.
", + "base": "WAF couldn’t perform the operation because your resource is being used by another resource or it’s associated with another resource.
For DeleteWebACL, you will only get this exception if the web ACL is still associated with a regional resource. Deleting a web ACL that is still associated with an Amazon CloudFront distribution won't get this exception.
The operation failed because you are inspecting the web request body, headers, or cookies without specifying how to handle oversize components. Rules that inspect the body must either provide an OversizeHandling configuration or they must be preceded by a SizeConstraintStatement that blocks the body content from being too large. Rules that inspect the headers or cookies must provide an OversizeHandling configuration.
Provide the handling configuration and retry your operation.
Alternately, you can suppress this warning by adding the following tag to the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, value:true).
WAF couldn’t perform your tagging operation because of an internal error. Retry your request.
", + "base": "WAF couldn’t perform your tagging operation because of an internal error. Retry ybjectNoteWebRequestComponentour request.
", "refs": { } }, "WAFUnavailableEntityException": { - "base": "WAF couldn’t retrieve the resource that you requested. Retry your request.
", + "base": "WAF couldn’t retrieve a resource that you specified for this operation. Verify the resources that you are specifying in your request parameters and then retry the operation.
", "refs": { } }, diff --git a/service/codegurureviewer/api.go b/service/codegurureviewer/api.go index a80411ee9f6..56b6fd4db0b 100644 --- a/service/codegurureviewer/api.go +++ b/service/codegurureviewer/api.go @@ -1958,7 +1958,7 @@ func (s *CodeCommitRepository) SetName(v string) *CodeCommitRepository { type CodeReview struct { _ struct{} `type:"structure"` - // They types of analysis performed during a repository analysis or a pull request + // The types of analysis performed during a repository analysis or a pull request // review. You can specify either Security, CodeQuality, or both. AnalysisTypes []*string `type:"list" enum:"AnalysisType"` @@ -1971,6 +1971,11 @@ type CodeReview struct { // object. CodeReviewArn *string `min:"1" type:"string"` + // The state of the aws-codeguru-reviewer.yml configuration file that allows + // the configuration of the CodeGuru Reviewer analysis. The file either exists, + // doesn't exist, or exists with errors at the root directory of your repository. + ConfigFileState *string `type:"string" enum:"ConfigFileState"` + // The time, in milliseconds since the epoch, when the code review was created. CreatedTimeStamp *time.Time `type:"timestamp"` @@ -2058,6 +2063,12 @@ func (s *CodeReview) SetCodeReviewArn(v string) *CodeReview { return s } +// SetConfigFileState sets the ConfigFileState field's value. +func (s *CodeReview) SetConfigFileState(v string) *CodeReview { + s.ConfigFileState = &v + return s +} + // SetCreatedTimeStamp sets the CreatedTimeStamp field's value. func (s *CodeReview) SetCreatedTimeStamp(v time.Time) *CodeReview { s.CreatedTimeStamp = &v @@ -3920,10 +3931,17 @@ type Metrics struct { // Total number of recommendations found in the code review. FindingsCount *int64 `type:"long"` - // MeteredLinesOfCode is the number of lines of code in the repository where - // the code review happened. This does not include non-code lines such as comments - // and blank lines. + // MeteredLinesOfCodeCount is the number of lines of code in the repository + // where the code review happened. This does not include non-code lines such + // as comments and blank lines. MeteredLinesOfCodeCount *int64 `type:"long"` + + // SuppressedLinesOfCodeCount is the number of lines of code in the repository + // where the code review happened that CodeGuru Reviewer did not analyze. The + // lines suppressed in the analysis is based on the excludeFiles variable in + // the aws-codeguru-reviewer.yml file. This number does not include non-code + // lines such as comments and blank lines. + SuppressedLinesOfCodeCount *int64 `type:"long"` } // String returns the string representation. @@ -3956,6 +3974,12 @@ func (s *Metrics) SetMeteredLinesOfCodeCount(v int64) *Metrics { return s } +// SetSuppressedLinesOfCodeCount sets the SuppressedLinesOfCodeCount field's value. +func (s *Metrics) SetSuppressedLinesOfCodeCount(v int64) *Metrics { + s.SuppressedLinesOfCodeCount = &v + return s +} + // Information about metrics summaries. type MetricsSummary struct { _ struct{} `type:"structure"` @@ -3975,6 +3999,21 @@ type MetricsSummary struct { // files (5 * 500 = 2,500 lines), the new file (200 lines) and the 25 changed // lines of code for a total of 2,725 lines of code. MeteredLinesOfCodeCount *int64 `type:"long"` + + // Lines of code suppressed in the code review based on the excludeFiles element + // in the aws-codeguru-reviewer.yml file. For full repository analyses, this + // number includes all lines of code in the files that are suppressed. For pull + // requests, this number only includes the changed lines of code that are suppressed. + // In both cases, this number does not include non-code lines such as comments + // and import statements. For example, if you initiate a full repository analysis + // on a repository containing 5 files, each file with 100 lines of code, and + // 2 files are listed as excluded in the aws-codeguru-reviewer.yml file, then + // SuppressedLinesOfCodeCount returns 200 (2 * 100) as the total number of lines + // of code suppressed. However, if you submit a pull request for the same repository, + // then SuppressedLinesOfCodeCount only includes the lines in the 2 files that + // changed. If only 1 of the 2 files changed in the pull request, then SuppressedLinesOfCodeCount + // returns 100 (1 * 100) as the total number of lines of code suppressed. + SuppressedLinesOfCodeCount *int64 `type:"long"` } // String returns the string representation. @@ -4007,6 +4046,12 @@ func (s *MetricsSummary) SetMeteredLinesOfCodeCount(v int64) *MetricsSummary { return s } +// SetSuppressedLinesOfCodeCount sets the SuppressedLinesOfCodeCount field's value. +func (s *MetricsSummary) SetSuppressedLinesOfCodeCount(v int64) *MetricsSummary { + s.SuppressedLinesOfCodeCount = &v + return s +} + // The resource specified in the request was not found. type NotFoundException struct { _ struct{} `type:"structure"` @@ -5892,6 +5937,26 @@ func AnalysisType_Values() []string { } } +const ( + // ConfigFileStatePresent is a ConfigFileState enum value + ConfigFileStatePresent = "Present" + + // ConfigFileStateAbsent is a ConfigFileState enum value + ConfigFileStateAbsent = "Absent" + + // ConfigFileStatePresentWithErrors is a ConfigFileState enum value + ConfigFileStatePresentWithErrors = "PresentWithErrors" +) + +// ConfigFileState_Values returns all elements of the ConfigFileState enum +func ConfigFileState_Values() []string { + return []string{ + ConfigFileStatePresent, + ConfigFileStateAbsent, + ConfigFileStatePresentWithErrors, + } +} + const ( // EncryptionOptionAwsOwnedCmk is a EncryptionOption enum value EncryptionOptionAwsOwnedCmk = "AWS_OWNED_CMK" diff --git a/service/mediaconvert/api.go b/service/mediaconvert/api.go index 08c3486e9bc..9f52b5eb3be 100644 --- a/service/mediaconvert/api.go +++ b/service/mediaconvert/api.go @@ -8972,9 +8972,22 @@ type DolbyVision struct { // MaxCLL and MaxFALL properies. L6Mode *string `locationName:"l6Mode" type:"string" enum:"DolbyVisionLevel6Mode"` - // In the current MediaConvert implementation, the Dolby Vision profile is always - // 5 (PROFILE_5). Therefore, all of your inputs must contain Dolby Vision frame - // interleaved data. + // Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). + // When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping + // is not applied to the HDR10-compatible signal. Depending on the source peak + // nit level, clipping might occur on HDR devices without Dolby Vision. When + // you set Content mapping to Static (HDR10_1000), the transcoder creates a + // 1,000 nits peak HDR10-compatible signal by applying static content mapping + // to the source. This mode is speed-optimized for PQ10 sources with metadata + // that is created from analysis. For graded Dolby Vision content, be aware + // that creative intent might not be guaranteed with extreme 1,000 nits trims. + Mapping *string `locationName:"mapping" type:"string" enum:"DolbyVisionMapping"` + + // Required when you use Dolby Vision (DolbyVision) processing. Set Profile + // (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved + // Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) + // to include both frame-interleaved Dolby Vision metadata and HDR10 metadata + // in your output. Profile *string `locationName:"profile" type:"string" enum:"DolbyVisionProfile"` } @@ -9008,6 +9021,12 @@ func (s *DolbyVision) SetL6Mode(v string) *DolbyVision { return s } +// SetMapping sets the Mapping field's value. +func (s *DolbyVision) SetMapping(v string) *DolbyVision { + s.Mapping = &v + return s +} + // SetProfile sets the Profile field's value. func (s *DolbyVision) SetProfile(v string) *DolbyVision { s.Profile = &v @@ -14409,6 +14428,13 @@ type Input struct { // For more information about timecodes, see https://docs.aws.amazon.com/console/mediaconvert/timecode. TimecodeStart *string `locationName:"timecodeStart" min:"11" type:"string"` + // Use this setting if you do not have a video input or if you want to add black + // video frames before, or after, other inputs. When you include Video generator, + // MediaConvert creates a video input with black frames and without an audio + // track. You can specify a value for Video generator, or you can specify an + // Input file, but you cannot specify both. + VideoGenerator *InputVideoGenerator `locationName:"videoGenerator" type:"structure"` + // Input video selectors contain the video settings for the input. Each of your // inputs can have up to one video selector. VideoSelector *VideoSelector `locationName:"videoSelector" type:"structure"` @@ -14487,6 +14513,11 @@ func (s *Input) Validate() error { invalidParams.AddNested("Position", err.(request.ErrInvalidParams)) } } + if s.VideoGenerator != nil { + if err := s.VideoGenerator.Validate(); err != nil { + invalidParams.AddNested("VideoGenerator", err.(request.ErrInvalidParams)) + } + } if s.VideoSelector != nil { if err := s.VideoSelector.Validate(); err != nil { invalidParams.AddNested("VideoSelector", err.(request.ErrInvalidParams)) @@ -14619,6 +14650,12 @@ func (s *Input) SetTimecodeStart(v string) *Input { return s } +// SetVideoGenerator sets the VideoGenerator field's value. +func (s *Input) SetVideoGenerator(v *InputVideoGenerator) *Input { + s.VideoGenerator = v + return s +} + // SetVideoSelector sets the VideoSelector field's value. func (s *Input) SetVideoSelector(v *VideoSelector) *Input { s.VideoSelector = v @@ -15088,6 +15125,57 @@ func (s *InputTemplate) SetVideoSelector(v *VideoSelector) *InputTemplate { return s } +// Use this setting if you do not have a video input or if you want to add black +// video frames before, or after, other inputs. When you include Video generator, +// MediaConvert creates a video input with black frames and without an audio +// track. You can specify a value for Video generator, or you can specify an +// Input file, but you cannot specify both. +type InputVideoGenerator struct { + _ struct{} `type:"structure"` + + // Specify an integer value for Black video duration from 50 to 86400000 to + // generate a black video input for that many milliseconds. Required when you + // include Video generator. + Duration *int64 `locationName:"duration" min:"50" type:"integer"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InputVideoGenerator) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s InputVideoGenerator) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *InputVideoGenerator) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "InputVideoGenerator"} + if s.Duration != nil && *s.Duration < 50 { + invalidParams.Add(request.NewErrParamMinValue("Duration", 50)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetDuration sets the Duration field's value. +func (s *InputVideoGenerator) SetDuration(v int64) *InputVideoGenerator { + s.Duration = &v + return s +} + // These settings apply to a specific graphic overlay. You can include multiple // overlays in your job. type InsertableImage struct { @@ -24367,6 +24455,16 @@ type VideoSelector struct { // For more information about MediaConvert HDR jobs, see https://docs.aws.amazon.com/console/mediaconvert/hdr. Hdr10Metadata *Hdr10Metadata `locationName:"hdr10Metadata" type:"structure"` + // Use this setting if your input has video and audio durations that don't align, + // and your output or player has strict alignment requirements. Examples: Input + // audio track has a delayed start. Input video track ends before audio ends. + // When you set Pad video (padVideo) to Black (BLACK), MediaConvert generates + // black video frames so that output video and audio durations match. Black + // video frames are added at the beginning or end, depending on your input. + // To keep the default behavior and not generate black video, set Pad video + // to Disabled (DISABLED) or leave blank. + PadVideo *string `locationName:"padVideo" type:"string" enum:"PadVideo"` + // Use PID (Pid) to select specific video data from an input file. Specify this // value as an integer; the system automatically converts it to the hexidecimal // value. For example, 257 selects PID 0x101. A PID, or packet identifier, is @@ -24465,6 +24563,12 @@ func (s *VideoSelector) SetHdr10Metadata(v *Hdr10Metadata) *VideoSelector { return s } +// SetPadVideo sets the PadVideo field's value. +func (s *VideoSelector) SetPadVideo(v string) *VideoSelector { + s.PadVideo = &v + return s +} + // SetPid sets the Pid field's value. func (s *VideoSelector) SetPid(v int64) *VideoSelector { s.Pid = &v @@ -28665,18 +28769,49 @@ func DolbyVisionLevel6Mode_Values() []string { } } -// In the current MediaConvert implementation, the Dolby Vision profile is always -// 5 (PROFILE_5). Therefore, all of your inputs must contain Dolby Vision frame -// interleaved data. +// Required when you set Dolby Vision Profile (Profile) to Profile 8.1 (PROFILE_8_1). +// When you set Content mapping (Mapping) to None (HDR10_NOMAP), content mapping +// is not applied to the HDR10-compatible signal. Depending on the source peak +// nit level, clipping might occur on HDR devices without Dolby Vision. When +// you set Content mapping to Static (HDR10_1000), the transcoder creates a +// 1,000 nits peak HDR10-compatible signal by applying static content mapping +// to the source. This mode is speed-optimized for PQ10 sources with metadata +// that is created from analysis. For graded Dolby Vision content, be aware +// that creative intent might not be guaranteed with extreme 1,000 nits trims. +const ( + // DolbyVisionMappingHdr10Nomap is a DolbyVisionMapping enum value + DolbyVisionMappingHdr10Nomap = "HDR10_NOMAP" + + // DolbyVisionMappingHdr101000 is a DolbyVisionMapping enum value + DolbyVisionMappingHdr101000 = "HDR10_1000" +) + +// DolbyVisionMapping_Values returns all elements of the DolbyVisionMapping enum +func DolbyVisionMapping_Values() []string { + return []string{ + DolbyVisionMappingHdr10Nomap, + DolbyVisionMappingHdr101000, + } +} + +// Required when you use Dolby Vision (DolbyVision) processing. Set Profile +// (DolbyVisionProfile) to Profile 5 (Profile_5) to only include frame-interleaved +// Dolby Vision metadata in your output. Set Profile to Profile 8.1 (Profile_8_1) +// to include both frame-interleaved Dolby Vision metadata and HDR10 metadata +// in your output. const ( // DolbyVisionProfileProfile5 is a DolbyVisionProfile enum value DolbyVisionProfileProfile5 = "PROFILE_5" + + // DolbyVisionProfileProfile81 is a DolbyVisionProfile enum value + DolbyVisionProfileProfile81 = "PROFILE_8_1" ) // DolbyVisionProfile_Values returns all elements of the DolbyVisionProfile enum func DolbyVisionProfile_Values() []string { return []string{ DolbyVisionProfileProfile5, + DolbyVisionProfileProfile81, } } @@ -34481,6 +34616,30 @@ func OutputSdt_Values() []string { } } +// Use this setting if your input has video and audio durations that don't align, +// and your output or player has strict alignment requirements. Examples: Input +// audio track has a delayed start. Input video track ends before audio ends. +// When you set Pad video (padVideo) to Black (BLACK), MediaConvert generates +// black video frames so that output video and audio durations match. Black +// video frames are added at the beginning or end, depending on your input. +// To keep the default behavior and not generate black video, set Pad video +// to Disabled (DISABLED) or leave blank. +const ( + // PadVideoDisabled is a PadVideo enum value + PadVideoDisabled = "DISABLED" + + // PadVideoBlack is a PadVideo enum value + PadVideoBlack = "BLACK" +) + +// PadVideo_Values returns all elements of the PadVideo enum +func PadVideo_Values() []string { + return []string{ + PadVideoDisabled, + PadVideoBlack, + } +} + // Optional. When you request a list of presets, you can choose to list them // alphabetically by NAME or chronologically by CREATION_DATE. If you don't // specify, the service will list them by name. diff --git a/service/rds/api.go b/service/rds/api.go index 8b727cce3dd..935bed9e306 100644 --- a/service/rds/api.go +++ b/service/rds/api.go @@ -1973,6 +1973,10 @@ func (c *RDS) CreateDBInstanceRequest(input *CreateDBInstanceInput) (req *reques // // * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstance func (c *RDS) CreateDBInstance(input *CreateDBInstanceInput) (*CreateDBInstanceOutput, error) { req, out := c.CreateDBInstanceRequest(input) @@ -2126,6 +2130,10 @@ func (c *RDS) CreateDBInstanceReadReplicaRequest(input *CreateDBInstanceReadRepl // * ErrCodeDomainNotFoundFault "DomainNotFoundFault" // Domain doesn't refer to an existing Active Directory domain. // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/CreateDBInstanceReadReplica func (c *RDS) CreateDBInstanceReadReplica(input *CreateDBInstanceReadReplicaInput) (*CreateDBInstanceReadReplicaOutput, error) { req, out := c.CreateDBInstanceReadReplicaRequest(input) @@ -10852,6 +10860,10 @@ func (c *RDS) ModifyDBInstanceRequest(input *ModifyDBInstanceInput) (req *reques // * ErrCodeInvalidDBClusterStateFault "InvalidDBClusterStateFault" // The requested operation can't be performed while the cluster is in this state. // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/ModifyDBInstance func (c *RDS) ModifyDBInstance(input *ModifyDBInstanceInput) (*ModifyDBInstanceOutput, error) { req, out := c.ModifyDBInstanceRequest(input) @@ -13608,6 +13620,10 @@ func (c *RDS) RestoreDBInstanceFromDBSnapshotRequest(input *RestoreDBInstanceFro // // * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromDBSnapshot func (c *RDS) RestoreDBInstanceFromDBSnapshot(input *RestoreDBInstanceFromDBSnapshotInput) (*RestoreDBInstanceFromDBSnapshotOutput, error) { req, out := c.RestoreDBInstanceFromDBSnapshotRequest(input) @@ -13753,6 +13769,10 @@ func (c *RDS) RestoreDBInstanceFromS3Request(input *RestoreDBInstanceFromS3Input // // * ErrCodeBackupPolicyNotFoundFault "BackupPolicyNotFoundFault" // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceFromS3 func (c *RDS) RestoreDBInstanceFromS3(input *RestoreDBInstanceFromS3Input) (*RestoreDBInstanceFromS3Output, error) { req, out := c.RestoreDBInstanceFromS3Request(input) @@ -13918,6 +13938,10 @@ func (c *RDS) RestoreDBInstanceToPointInTimeRequest(input *RestoreDBInstanceToPo // * ErrCodeDBInstanceAutomatedBackupNotFoundFault "DBInstanceAutomatedBackupNotFound" // No automated backup for this DB instance was found. // +// * ErrCodeNetworkTypeNotSupported "NetworkTypeNotSupported" +// The network type is invalid for the DB instance. Valid nework type values +// are IPV4 and DUAL. +// // See also, https://docs.aws.amazon.com/goto/WebAPI/rds-2014-10-31/RestoreDBInstanceToPointInTime func (c *RDS) RestoreDBInstanceToPointInTime(input *RestoreDBInstanceToPointInTimeInput) (*RestoreDBInstanceToPointInTimeOutput, error) { req, out := c.RestoreDBInstanceToPointInTimeRequest(input) @@ -20103,7 +20127,7 @@ type CreateDBInstanceInput struct { // // Amazon RDS Custom for SQL Server // - // See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits.html#custom-reqs-limits.reqsMS) + // See RDS Custom for SQL Server general requirements (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/custom-reqs-limits-MS.html) // in the Amazon RDS User Guide. // // MariaDB @@ -20268,6 +20292,22 @@ type CreateDBInstanceInput struct { // This parameter doesn't apply to RDS Custom. NcharCharacterSetName *string `type:"string"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // A value that indicates that the DB instance should be associated with the // specified option group. // @@ -20726,6 +20766,12 @@ func (s *CreateDBInstanceInput) SetNcharCharacterSetName(v string) *CreateDBInst return s } +// SetNetworkType sets the NetworkType field's value. +func (s *CreateDBInstanceInput) SetNetworkType(v string) *CreateDBInstanceInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *CreateDBInstanceInput) SetOptionGroupName(v string) *CreateDBInstanceInput { s.OptionGroupName = &v @@ -21079,6 +21125,22 @@ type CreateDBInstanceReadReplicaInput struct { // This setting doesn't apply to RDS Custom. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for read replica. + // A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The option group the DB instance is associated with. If omitted, the option // group associated with the source instance is used. // @@ -21441,6 +21503,12 @@ func (s *CreateDBInstanceReadReplicaInput) SetMultiAZ(v bool) *CreateDBInstanceR return s } +// SetNetworkType sets the NetworkType field's value. +func (s *CreateDBInstanceReadReplicaInput) SetNetworkType(v string) *CreateDBInstanceReadReplicaInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *CreateDBInstanceReadReplicaInput) SetOptionGroupName(v string) *CreateDBInstanceReadReplicaInput { s.OptionGroupName = &v @@ -24983,6 +25051,23 @@ type DBInstance struct { // NCHAR, NCLOB, or NVARCHAR2. NcharCharacterSetName *string `type:"string"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide and Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon Aurora User Guide. + NetworkType *string `type:"string"` + // Provides the list of option group memberships for this DB instance. OptionGroupMemberships []*OptionGroupMembership `locationNameList:"OptionGroupMembership" type:"list"` @@ -25424,6 +25509,12 @@ func (s *DBInstance) SetNcharCharacterSetName(v string) *DBInstance { return s } +// SetNetworkType sets the NetworkType field's value. +func (s *DBInstance) SetNetworkType(v string) *DBInstance { + s.NetworkType = &v + return s +} + // SetOptionGroupMemberships sets the OptionGroupMemberships field's value. func (s *DBInstance) SetOptionGroupMemberships(v []*OptionGroupMembership) *DBInstance { s.OptionGroupMemberships = v @@ -27288,6 +27379,21 @@ type DBSubnetGroup struct { // Contains a list of Subnet elements. Subnets []*Subnet `locationNameList:"Subnet" type:"list"` + // The network type of the DB subnet group. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // A DBSubnetGroup can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + SupportedNetworkTypes []*string `type:"list"` + // Provides the VpcId of the DB subnet group. VpcId *string `type:"string"` } @@ -27340,6 +27446,12 @@ func (s *DBSubnetGroup) SetSubnets(v []*Subnet) *DBSubnetGroup { return s } +// SetSupportedNetworkTypes sets the SupportedNetworkTypes field's value. +func (s *DBSubnetGroup) SetSupportedNetworkTypes(v []*string) *DBSubnetGroup { + s.SupportedNetworkTypes = v + return s +} + // SetVpcId sets the VpcId field's value. func (s *DBSubnetGroup) SetVpcId(v string) *DBSubnetGroup { s.VpcId = &v @@ -38903,6 +39015,22 @@ type ModifyDBInstanceInput struct { // This setting doesn't apply to RDS Custom. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The new DB instance identifier for the DB instance when renaming a DB instance. // When you change the DB instance identifier, an instance reboot occurs immediately // if you enable ApplyImmediately, or will occur during the next maintenance @@ -39340,6 +39468,12 @@ func (s *ModifyDBInstanceInput) SetMultiAZ(v bool) *ModifyDBInstanceInput { return s } +// SetNetworkType sets the NetworkType field's value. +func (s *ModifyDBInstanceInput) SetNetworkType(v string) *ModifyDBInstanceInput { + s.NetworkType = &v + return s +} + // SetNewDBInstanceIdentifier sets the NewDBInstanceIdentifier field's value. func (s *ModifyDBInstanceInput) SetNewDBInstanceIdentifier(v string) *ModifyDBInstanceInput { s.NewDBInstanceIdentifier = &v @@ -41525,6 +41659,15 @@ type OrderableDBInstanceOption struct { // A list of the supported DB engine modes. SupportedEngineModes []*string `type:"list"` + // The network types supported by the DB instance (IPV4 or DUAL). + // + // A DB instance can support only the IPv4 protocol or the IPv4 and the IPv6 + // protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + SupportedNetworkTypes []*string `type:"list"` + // Whether DB instances can be configured as a Multi-AZ DB cluster. // // For more information on Multi-AZ DB clusters, see Multi-AZ deployments with @@ -41695,6 +41838,12 @@ func (s *OrderableDBInstanceOption) SetSupportedEngineModes(v []*string) *Ordera return s } +// SetSupportedNetworkTypes sets the SupportedNetworkTypes field's value. +func (s *OrderableDBInstanceOption) SetSupportedNetworkTypes(v []*string) *OrderableDBInstanceOption { + s.SupportedNetworkTypes = v + return s +} + // SetSupportsClusters sets the SupportsClusters field's value. func (s *OrderableDBInstanceOption) SetSupportsClusters(v bool) *OrderableDBInstanceOption { s.SupportsClusters = &v @@ -46008,6 +46157,22 @@ type RestoreDBInstanceFromDBSnapshotInput struct { // is a Multi-AZ deployment. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The name of the option group to be used for the restored DB instance. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, @@ -46241,6 +46406,12 @@ func (s *RestoreDBInstanceFromDBSnapshotInput) SetMultiAZ(v bool) *RestoreDBInst return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceFromDBSnapshotInput) SetNetworkType(v string) *RestoreDBInstanceFromDBSnapshotInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceFromDBSnapshotInput) SetOptionGroupName(v string) *RestoreDBInstanceFromDBSnapshotInput { s.OptionGroupName = &v @@ -46540,6 +46711,22 @@ type RestoreDBInstanceFromS3Input struct { // parameter. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The name of the option group to associate with this DB instance. If this // argument is omitted, the default option group for the specified engine is // used. @@ -46882,6 +47069,12 @@ func (s *RestoreDBInstanceFromS3Input) SetMultiAZ(v bool) *RestoreDBInstanceFrom return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceFromS3Input) SetNetworkType(v string) *RestoreDBInstanceFromS3Input { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceFromS3Input) SetOptionGroupName(v string) *RestoreDBInstanceFromS3Input { s.OptionGroupName = &v @@ -47249,6 +47442,22 @@ type RestoreDBInstanceToPointInTimeInput struct { // is a Multi-AZ deployment. MultiAZ *bool `type:"boolean"` + // The network type of the DB instance. + // + // Valid values: + // + // * IPV4 + // + // * DUAL + // + // The network type is determined by the DBSubnetGroup specified for the DB + // instance. A DBSubnetGroup can support only the IPv4 protocol or the IPv4 + // and the IPv6 protocols (DUAL). + // + // For more information, see Working with a DB instance in a VPC (https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.WorkingWithRDSInstanceinaVPC.html) + // in the Amazon RDS User Guide. + NetworkType *string `type:"string"` + // The name of the option group to be used for the restored DB instance. // // Permanent options, such as the TDE option for Oracle Advanced Security TDE, @@ -47522,6 +47731,12 @@ func (s *RestoreDBInstanceToPointInTimeInput) SetMultiAZ(v bool) *RestoreDBInsta return s } +// SetNetworkType sets the NetworkType field's value. +func (s *RestoreDBInstanceToPointInTimeInput) SetNetworkType(v string) *RestoreDBInstanceToPointInTimeInput { + s.NetworkType = &v + return s +} + // SetOptionGroupName sets the OptionGroupName field's value. func (s *RestoreDBInstanceToPointInTimeInput) SetOptionGroupName(v string) *RestoreDBInstanceToPointInTimeInput { s.OptionGroupName = &v diff --git a/service/rds/errors.go b/service/rds/errors.go index ae4ebb15901..bbfa365c5c6 100644 --- a/service/rds/errors.go +++ b/service/rds/errors.go @@ -626,6 +626,13 @@ const ( // An error occurred accessing an Amazon Web Services KMS key. ErrCodeKMSKeyNotAccessibleFault = "KMSKeyNotAccessibleFault" + // ErrCodeNetworkTypeNotSupported for service response error code + // "NetworkTypeNotSupported". + // + // The network type is invalid for the DB instance. Valid nework type values + // are IPV4 and DUAL. + ErrCodeNetworkTypeNotSupported = "NetworkTypeNotSupported" + // ErrCodeOptionGroupAlreadyExistsFault for service response error code // "OptionGroupAlreadyExistsFault". // diff --git a/service/rds/examples_test.go b/service/rds/examples_test.go index 1ea0f0fdff9..870952aa84c 100644 --- a/service/rds/examples_test.go +++ b/service/rds/examples_test.go @@ -560,6 +560,8 @@ func ExampleRDS_CreateDBInstance_shared00() { fmt.Println(rds.ErrCodeDomainNotFoundFault, aerr.Error()) case rds.ErrCodeBackupPolicyNotFoundFault: fmt.Println(rds.ErrCodeBackupPolicyNotFoundFault, aerr.Error()) + case rds.ErrCodeNetworkTypeNotSupported: + fmt.Println(rds.ErrCodeNetworkTypeNotSupported, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -637,6 +639,8 @@ func ExampleRDS_CreateDBInstanceReadReplica_shared00() { fmt.Println(rds.ErrCodeKMSKeyNotAccessibleFault, aerr.Error()) case rds.ErrCodeDomainNotFoundFault: fmt.Println(rds.ErrCodeDomainNotFoundFault, aerr.Error()) + case rds.ErrCodeNetworkTypeNotSupported: + fmt.Println(rds.ErrCodeNetworkTypeNotSupported, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -2340,6 +2344,8 @@ func ExampleRDS_ModifyDBInstance_shared00() { fmt.Println(rds.ErrCodeKMSKeyNotAccessibleFault, aerr.Error()) case rds.ErrCodeInvalidDBClusterStateFault: fmt.Println(rds.ErrCodeInvalidDBClusterStateFault, aerr.Error()) + case rds.ErrCodeNetworkTypeNotSupported: + fmt.Println(rds.ErrCodeNetworkTypeNotSupported, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -2979,6 +2985,8 @@ func ExampleRDS_RestoreDBInstanceFromDBSnapshot_shared00() { fmt.Println(rds.ErrCodeDBParameterGroupNotFoundFault, aerr.Error()) case rds.ErrCodeBackupPolicyNotFoundFault: fmt.Println(rds.ErrCodeBackupPolicyNotFoundFault, aerr.Error()) + case rds.ErrCodeNetworkTypeNotSupported: + fmt.Println(rds.ErrCodeNetworkTypeNotSupported, aerr.Error()) default: fmt.Println(aerr.Error()) } @@ -3053,6 +3061,8 @@ func ExampleRDS_RestoreDBInstanceToPointInTime_shared00() { fmt.Println(rds.ErrCodeDBParameterGroupNotFoundFault, aerr.Error()) case rds.ErrCodeDBInstanceAutomatedBackupNotFoundFault: fmt.Println(rds.ErrCodeDBInstanceAutomatedBackupNotFoundFault, aerr.Error()) + case rds.ErrCodeNetworkTypeNotSupported: + fmt.Println(rds.ErrCodeNetworkTypeNotSupported, aerr.Error()) default: fmt.Println(aerr.Error()) } diff --git a/service/ssm/api.go b/service/ssm/api.go index 6f0a1935553..48cbe7113af 100644 --- a/service/ssm/api.go +++ b/service/ssm/api.go @@ -30751,18 +30751,16 @@ type GetCommandInvocationInput struct { // InstanceId is a required field InstanceId *string `type:"string" required:"true"` - // The name of the plugin for which you want detailed results. If the document - // contains only one plugin, you can omit the name and details for that plugin. - // If the document contains more than one plugin, you must specify the name - // of the plugin for which you want to view details. - // - // Plugin names are also referred to as step names in Systems Manager documents - // (SSM documents). For example, aws:RunShellScript is a plugin. + // The name of the step for which you want detailed results. If the document + // contains only one step, you can omit the name and details for that step. + // If the document contains more than one step, you must specify the name of + // the step for which you want to view details. Be sure to specify the name + // of the step, not the name of a plugin like aws:RunShellScript. // // To find the PluginName, check the document content and find the name of the - // plugin. Alternatively, use ListCommandInvocations with the CommandId and - // Details parameters. The PluginName is the Name attribute of the CommandPlugin - // object in the CommandPlugins list. + // step you want details for. Alternatively, use ListCommandInvocations with + // the CommandId and Details parameters. The PluginName is the Name attribute + // of the CommandPlugin object in the CommandPlugins list. PluginName *string `min:"4" type:"string"` } @@ -51400,6 +51398,10 @@ type Runbook struct { // accounts targeted by the current Runbook operation. TargetLocations []*TargetLocation `min:"1" type:"list"` + // A key-value mapping of runbook parameters to target resources. Both Targets + // and TargetMaps can't be specified together. + TargetMaps []map[string][]*string `type:"list"` + // The name of the parameter used as the target resource for the rate-controlled // runbook workflow. Required if you specify Targets. TargetParameterName *string `min:"1" type:"string"` @@ -51511,6 +51513,12 @@ func (s *Runbook) SetTargetLocations(v []*TargetLocation) *Runbook { return s } +// SetTargetMaps sets the TargetMaps field's value. +func (s *Runbook) SetTargetMaps(v []map[string][]*string) *Runbook { + s.TargetMaps = v + return s +} + // SetTargetParameterName sets the TargetParameterName field's value. func (s *Runbook) SetTargetParameterName(v string) *Runbook { s.TargetParameterName = &v diff --git a/service/wafv2/api.go b/service/wafv2/api.go index 9e177d1bc78..682f1b50811 100644 --- a/service/wafv2/api.go +++ b/service/wafv2/api.go @@ -67,6 +67,19 @@ func (c *WAFV2) AssociateWebACLRequest(input *AssociateWebACLInput) (req *reques // UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) // of the web ACL. For information, see UpdateDistribution (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html). // +// When you make changes to web ACLs or web ACL components, like rules and rule +// groups, WAF propagates the changes everywhere that the web ACL and its components +// are stored and used. Your changes are applied within seconds, but there might +// be a brief period of inconsistency when the changes have arrived in some +// places and not in others. So, for example, if you change a rule action setting, +// the action might be the old action in one area and the new action in another +// area. Or if you add an IP address to an IP set used in a blocking rule, the +// new address might briefly be blocked in one area while still allowed in another. +// This temporary inconsistency can occur when you first associate a web ACL +// with an Amazon Web Services resource and when you change a web ACL that is +// already associated with a resource. Generally, any inconsistencies of this +// type last only a few seconds. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -98,7 +111,9 @@ func (c *WAFV2) AssociateWebACLRequest(input *AssociateWebACLInput) (req *reques // WAF couldn’t perform the operation because your resource doesn’t exist. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFInvalidOperationException // The operation isn't valid. @@ -222,7 +237,9 @@ func (c *WAFV2) CheckCapacityRequest(input *CheckCapacityInput) (req *request.Re // isn’t valid. Check the resource, and try again. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFSubscriptionNotFoundException // You tried to use a managed rule group that's available by subscription, but @@ -351,7 +368,7 @@ func (c *WAFV2) CreateIPSetRequest(input *CreateIPSetInput) (req *request.Reques // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -472,7 +489,7 @@ func (c *WAFV2) CreateRegexPatternSetRequest(input *CreateRegexPatternSetInput) // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -594,14 +611,16 @@ func (c *WAFV2) CreateRuleGroupRequest(input *CreateRuleGroupInput) (req *reques // in the WAF Developer Guide. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFTagOperationException // An error occurred during the tagging operation. Retry your request. // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFSubscriptionNotFoundException // You tried to use a managed rule group that's available by subscription, but @@ -738,7 +757,9 @@ func (c *WAFV2) CreateWebACLRequest(input *CreateWebACLInput) (req *request.Requ // isn’t valid. Check the resource, and try again. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFNonexistentItemException // WAF couldn’t perform the operation because your resource doesn’t exist. @@ -748,7 +769,7 @@ func (c *WAFV2) CreateWebACLRequest(input *CreateWebACLInput) (req *request.Requ // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFSubscriptionNotFoundException // You tried to use a managed rule group that's available by subscription, but @@ -757,6 +778,20 @@ func (c *WAFV2) CreateWebACLRequest(input *CreateWebACLInput) (req *request.Requ // * WAFInvalidOperationException // The operation isn't valid. // +// * WAFConfigurationWarningException +// The operation failed because you are inspecting the web request body, headers, +// or cookies without specifying how to handle oversize components. Rules that +// inspect the body must either provide an OversizeHandling configuration or +// they must be preceded by a SizeConstraintStatement that blocks the body content +// from being too large. Rules that inspect the headers or cookies must provide +// an OversizeHandling configuration. +// +// Provide the handling configuration and retry your operation. +// +// Alternately, you can suppress this warning by adding the following tag to +// the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, +// value:true). +// // See also, https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACL func (c *WAFV2) CreateWebACL(input *CreateWebACLInput) (*CreateWebACLOutput, error) { req, out := c.CreateWebACLRequest(input) @@ -975,12 +1010,16 @@ func (c *WAFV2) DeleteIPSetRequest(input *DeleteIPSetInput) (req *request.Reques // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. // +// For DeleteWebACL, you will only get this exception if the web ACL is still +// associated with a regional resource. Deleting a web ACL that is still associated +// with an Amazon CloudFront distribution won't get this exception. +// // * WAFTagOperationException // An error occurred during the tagging operation. Retry your request. // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -1301,12 +1340,16 @@ func (c *WAFV2) DeleteRegexPatternSetRequest(input *DeleteRegexPatternSetInput) // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. // +// For DeleteWebACL, you will only get this exception if the web ACL is still +// associated with a regional resource. Deleting a web ACL that is still associated +// with an Amazon CloudFront distribution won't get this exception. +// // * WAFTagOperationException // An error occurred during the tagging operation. Retry your request. // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -1419,12 +1462,16 @@ func (c *WAFV2) DeleteRuleGroupRequest(input *DeleteRuleGroupInput) (req *reques // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. // +// For DeleteWebACL, you will only get this exception if the web ACL is still +// associated with a regional resource. Deleting a web ACL that is still associated +// with an Amazon CloudFront distribution won't get this exception. +// // * WAFTagOperationException // An error occurred during the tagging operation. Retry your request. // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -1501,6 +1548,18 @@ func (c *WAFV2) DeleteWebACLRequest(input *DeleteWebACLInput) (req *request.Requ // You can only use this if ManagedByFirewallManager is false in the specified // WebACL. // +// Before deleting any web ACL, first disassociate it from all resources. +// +// * To retrieve a list of the resources that are associated with a web ACL, +// use the following calls: For regional resources, call ListResourcesForWebACL. +// For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. +// For information, see ListDistributionsByWebACLId (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html). +// +// * To disassociate a resource from a web ACL, use the following calls: +// For regional resources, call DisassociateWebACL. For Amazon CloudFront +// distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. +// For information, see UpdateDistribution (https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html). +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -1540,12 +1599,16 @@ func (c *WAFV2) DeleteWebACLRequest(input *DeleteWebACLInput) (req *request.Requ // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. // +// For DeleteWebACL, you will only get this exception if the web ACL is still +// associated with a regional resource. Deleting a web ACL that is still associated +// with an Amazon CloudFront distribution won't get this exception. +// // * WAFTagOperationException // An error occurred during the tagging operation. Retry your request. // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -1728,9 +1791,10 @@ func (c *WAFV2) DisassociateWebACLRequest(input *DisassociateWebACLInput) (req * // DisassociateWebACL API operation for AWS WAFV2. // -// Disassociates a web ACL from a regional application resource. A regional -// application can be an Application Load Balancer (ALB), an Amazon API Gateway -// REST API, or an AppSync GraphQL API. +// Disassociates the specified regional application resource from any existing +// web ACL association. A resource can have at most one web ACL association. +// A regional application can be an Application Load Balancer (ALB), an Amazon +// API Gateway REST API, or an AppSync GraphQL API. // // For Amazon CloudFront, don't use this call. Instead, use your CloudFront // distribution configuration. To disassociate a web ACL, provide an empty web @@ -3023,7 +3087,9 @@ func (c *WAFV2) GetWebACLForResourceRequest(input *GetWebACLForResourceInput) (r // a resource with which a web ACL can't be associated. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFInvalidOperationException // The operation isn't valid. @@ -4049,7 +4115,7 @@ func (c *WAFV2) ListTagsForResourceRequest(input *ListTagsForResourceInput) (req // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -4686,7 +4752,7 @@ func (c *WAFV2) TagResourceRequest(input *TagResourceInput) (req *request.Reques // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -4799,7 +4865,7 @@ func (c *WAFV2) UntagResourceRequest(input *UntagResourceInput) (req *request.Re // // * WAFTagOperationInternalErrorException // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. // // * WAFInvalidOperationException // The operation isn't valid. @@ -4877,6 +4943,19 @@ func (c *WAFV2) UpdateIPSetRequest(input *UpdateIPSetInput) (req *request.Reques // the IP set, retrieve it by calling GetIPSet, update the settings as needed, // and then provide the complete IP set specification to this call. // +// When you make changes to web ACLs or web ACL components, like rules and rule +// groups, WAF propagates the changes everywhere that the web ACL and its components +// are stored and used. Your changes are applied within seconds, but there might +// be a brief period of inconsistency when the changes have arrived in some +// places and not in others. So, for example, if you change a rule action setting, +// the action might be the old action in one area and the new action in another +// area. Or if you add an IP address to an IP set used in a blocking rule, the +// new address might briefly be blocked in one area while still allowed in another. +// This temporary inconsistency can occur when you first associate a web ACL +// with an Amazon Web Services resource and when you change a web ACL that is +// already associated with a resource. Generally, any inconsistencies of this +// type last only a few seconds. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5116,6 +5195,19 @@ func (c *WAFV2) UpdateRegexPatternSetRequest(input *UpdateRegexPatternSetInput) // update the settings as needed, and then provide the complete regex pattern // set specification to this call. // +// When you make changes to web ACLs or web ACL components, like rules and rule +// groups, WAF propagates the changes everywhere that the web ACL and its components +// are stored and used. Your changes are applied within seconds, but there might +// be a brief period of inconsistency when the changes have arrived in some +// places and not in others. So, for example, if you change a rule action setting, +// the action might be the old action in one area and the new action in another +// area. Or if you add an IP address to an IP set used in a blocking rule, the +// new address might briefly be blocked in one area while still allowed in another. +// This temporary inconsistency can occur when you first associate a web ACL +// with an Amazon Web Services resource and when you change a web ACL that is +// already associated with a resource. Generally, any inconsistencies of this +// type last only a few seconds. +// // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. @@ -5238,6 +5330,19 @@ func (c *WAFV2) UpdateRuleGroupRequest(input *UpdateRuleGroupInput) (req *reques // as needed, and then provide the complete rule group specification to this // call. // +// When you make changes to web ACLs or web ACL components, like rules and rule +// groups, WAF propagates the changes everywhere that the web ACL and its components +// are stored and used. Your changes are applied within seconds, but there might +// be a brief period of inconsistency when the changes have arrived in some +// places and not in others. So, for example, if you change a rule action setting, +// the action might be the old action in one area and the new action in another +// area. Or if you add an IP address to an IP set used in a blocking rule, the +// new address might briefly be blocked in one area while still allowed in another. +// This temporary inconsistency can occur when you first associate a web ACL +// with an Amazon Web Services resource and when you change a web ACL that is +// already associated with a resource. Generally, any inconsistencies of this +// type last only a few seconds. +// // A rule group defines a collection of rules to inspect and control web requests // that you can use in a WebACL. When you create a rule group, you define an // immutable capacity limit. If you update a rule group, you must stay within @@ -5290,7 +5395,9 @@ func (c *WAFV2) UpdateRuleGroupRequest(input *UpdateRuleGroupInput) (req *reques // in the WAF Developer Guide. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFSubscriptionNotFoundException // You tried to use a managed rule group that's available by subscription, but @@ -5299,6 +5406,20 @@ func (c *WAFV2) UpdateRuleGroupRequest(input *UpdateRuleGroupInput) (req *reques // * WAFInvalidOperationException // The operation isn't valid. // +// * WAFConfigurationWarningException +// The operation failed because you are inspecting the web request body, headers, +// or cookies without specifying how to handle oversize components. Rules that +// inspect the body must either provide an OversizeHandling configuration or +// they must be preceded by a SizeConstraintStatement that blocks the body content +// from being too large. Rules that inspect the headers or cookies must provide +// an OversizeHandling configuration. +// +// Provide the handling configuration and retry your operation. +// +// Alternately, you can suppress this warning by adding the following tag to +// the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, +// value:true). +// // See also, https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroup func (c *WAFV2) UpdateRuleGroup(input *UpdateRuleGroupInput) (*UpdateRuleGroupOutput, error) { req, out := c.UpdateRuleGroupRequest(input) @@ -5365,7 +5486,21 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // UpdateWebACL API operation for AWS WAFV2. // -// Updates the specified WebACL. +// Updates the specified WebACL. While updating a web ACL, WAF provides continous +// coverage to the resources that you have associated with the web ACL. +// +// When you make changes to web ACLs or web ACL components, like rules and rule +// groups, WAF propagates the changes everywhere that the web ACL and its components +// are stored and used. Your changes are applied within seconds, but there might +// be a brief period of inconsistency when the changes have arrived in some +// places and not in others. So, for example, if you change a rule action setting, +// the action might be the old action in one area and the new action in another +// area. Or if you add an IP address to an IP set used in a blocking rule, the +// new address might briefly be blocked in one area while still allowed in another. +// This temporary inconsistency can occur when you first associate a web ACL +// with an Amazon Web Services resource and when you change a web ACL that is +// already associated with a resource. Generally, any inconsistencies of this +// type last only a few seconds. // // This operation completely replaces the mutable specifications that you already // have for the web ACL with the ones that you provide to this call. To modify @@ -5432,7 +5567,9 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // isn’t valid. Check the resource, and try again. // // * WAFUnavailableEntityException -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. // // * WAFSubscriptionNotFoundException // You tried to use a managed rule group that's available by subscription, but @@ -5446,6 +5583,20 @@ func (c *WAFV2) UpdateWebACLRequest(input *UpdateWebACLInput) (req *request.Requ // has expired. You can retrieve the available versions for the managed rule // group by calling ListAvailableManagedRuleGroupVersions. // +// * WAFConfigurationWarningException +// The operation failed because you are inspecting the web request body, headers, +// or cookies without specifying how to handle oversize components. Rules that +// inspect the body must either provide an OversizeHandling configuration or +// they must be preceded by a SizeConstraintStatement that blocks the body content +// from being too large. Rules that inspect the headers or cookies must provide +// an OversizeHandling configuration. +// +// Provide the handling configuration and retry your operation. +// +// Alternately, you can suppress this warning by adding the following tag to +// the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, +// value:true). +// // See also, https://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACL func (c *WAFV2) UpdateWebACL(input *UpdateWebACLInput) (*UpdateWebACLOutput, error) { req, out := c.UpdateWebACLRequest(input) @@ -5516,11 +5667,10 @@ func (s *ActionCondition) SetAction(v string) *ActionCondition { } // Inspect all of the elements that WAF has parsed and extracted from the web -// request JSON body that are within the JsonBody MatchScope. This is used with -// the FieldToMatch option JsonBody. +// request component that you've identified in your FieldToMatch specifications. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used only in the FieldToMatch specification for some web request +// component types. // // JSON specification: "All": {} type All struct { @@ -5545,10 +5695,10 @@ func (s All) GoString() string { return s.String() } -// All query arguments of a web request. +// Inspect all query arguments of the web request. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used only in the FieldToMatch specification for some web request +// component types. // // JSON specification: "AllQueryArguments": {} type AllQueryArguments struct { @@ -5830,14 +5980,35 @@ func (s *BlockAction) SetCustomResponse(v *CustomResponse) *BlockAction { return s } -// The body of a web request. This immediately follows the request headers. -// -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// Inspect the body of the web request. The body immediately follows the request +// headers. // -// JSON specification: "Body": {} +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. type Body struct { _ struct{} `type:"structure"` + + // What WAF should do if the body is larger than WAF can inspect. WAF does not + // support inspecting the entire contents of the body of a web request when + // the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body + // are forwarded to WAF by the underlying host service. + // + // The options for oversize handling are the following: + // + // * CONTINUE - Inspect the body normally, according to the rule inspection + // criteria. + // + // * MATCH - Treat the web request as matching the rule statement. WAF applies + // the rule action to the request. + // + // * NO_MATCH - Treat the web request as not matching the rule statement. + // + // You can combine the MATCH or NO_MATCH settings for oversize handling with + // your rule and web ACL action settings, so that you block any request whose + // body is over 8 KB. + // + // Default: CONTINUE + OversizeHandling *string `type:"string" enum:"OversizeHandling"` } // String returns the string representation. @@ -5858,6 +6029,12 @@ func (s Body) GoString() string { return s.String() } +// SetOversizeHandling sets the OversizeHandling field's value. +func (s *Body) SetOversizeHandling(v string) *Body { + s.OversizeHandling = &v + return s +} + // A rule statement that defines a string match search for WAF to apply to web // requests. The byte match statement provides the bytes to search for, the // location in requests that you want WAF to search, and other settings. The @@ -5867,13 +6044,13 @@ func (s Body) GoString() string { type ByteMatchStatement struct { _ struct{} `type:"structure"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field FieldToMatch *FieldToMatch `type:"structure" required:"true"` - // The area within the portion of a web request that you want WAF to search + // The area within the portion of the web request that you want WAF to search // for SearchString. Valid values include the following: // // CONTAINS @@ -6385,6 +6562,187 @@ func (s *Condition) SetLabelNameCondition(v *LabelNameCondition) *Condition { return s } +// The filter to use to identify the subset of cookies to inspect in a web request. +// +// You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies. +// +// Example JSON: "CookieMatchPattern": { "IncludedCookies": {"KeyToInclude1", +// "KeyToInclude2", "KeyToInclude3"} } +type CookieMatchPattern struct { + _ struct{} `type:"structure"` + + // Inspect all cookies. + All *All `type:"structure"` + + // Inspect only the cookies whose keys don't match any of the strings specified + // here. + ExcludedCookies []*string `min:"1" type:"list"` + + // Inspect only the cookies that have a key that matches one of the strings + // specified here. + IncludedCookies []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CookieMatchPattern) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s CookieMatchPattern) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *CookieMatchPattern) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "CookieMatchPattern"} + if s.ExcludedCookies != nil && len(s.ExcludedCookies) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ExcludedCookies", 1)) + } + if s.IncludedCookies != nil && len(s.IncludedCookies) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IncludedCookies", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAll sets the All field's value. +func (s *CookieMatchPattern) SetAll(v *All) *CookieMatchPattern { + s.All = v + return s +} + +// SetExcludedCookies sets the ExcludedCookies field's value. +func (s *CookieMatchPattern) SetExcludedCookies(v []*string) *CookieMatchPattern { + s.ExcludedCookies = v + return s +} + +// SetIncludedCookies sets the IncludedCookies field's value. +func (s *CookieMatchPattern) SetIncludedCookies(v []*string) *CookieMatchPattern { + s.IncludedCookies = v + return s +} + +// Inspect the cookies in the web request. You can specify the parts of the +// cookies to inspect and you can narrow the set of cookies to inspect by including +// or excluding specific keys. +// +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. +// +// Example JSON: "Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", +// "OversizeHandling": "MATCH" } +type Cookies struct { + _ struct{} `type:"structure"` + + // The filter to use to identify the subset of cookies to inspect in a web request. + // + // You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies. + // + // Example JSON: "CookieMatchPattern": { "IncludedCookies": {"KeyToInclude1", + // "KeyToInclude2", "KeyToInclude3"} } + // + // MatchPattern is a required field + MatchPattern *CookieMatchPattern `type:"structure" required:"true"` + + // The parts of the cookies to inspect with the rule inspection criteria. If + // you specify All, WAF inspects both keys and values. + // + // MatchScope is a required field + MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"` + + // What WAF should do if the cookies of the request are larger than WAF can + // inspect. WAF does not support inspecting the entire contents of request cookies + // when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host + // service forwards a maximum of 200 cookies and at most 8 KB of cookie contents + // to WAF. + // + // The options for oversize handling are the following: + // + // * CONTINUE - Inspect the cookies normally, according to the rule inspection + // criteria. + // + // * MATCH - Treat the web request as matching the rule statement. WAF applies + // the rule action to the request. + // + // * NO_MATCH - Treat the web request as not matching the rule statement. + // + // OversizeHandling is a required field + OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cookies) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Cookies) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Cookies) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Cookies"} + if s.MatchPattern == nil { + invalidParams.Add(request.NewErrParamRequired("MatchPattern")) + } + if s.MatchScope == nil { + invalidParams.Add(request.NewErrParamRequired("MatchScope")) + } + if s.OversizeHandling == nil { + invalidParams.Add(request.NewErrParamRequired("OversizeHandling")) + } + if s.MatchPattern != nil { + if err := s.MatchPattern.Validate(); err != nil { + invalidParams.AddNested("MatchPattern", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMatchPattern sets the MatchPattern field's value. +func (s *Cookies) SetMatchPattern(v *CookieMatchPattern) *Cookies { + s.MatchPattern = v + return s +} + +// SetMatchScope sets the MatchScope field's value. +func (s *Cookies) SetMatchScope(v string) *Cookies { + s.MatchScope = &v + return s +} + +// SetOversizeHandling sets the OversizeHandling field's value. +func (s *Cookies) SetOversizeHandling(v string) *Cookies { + s.OversizeHandling = &v + return s +} + // Specifies that WAF should count the request. Optionally defines additional // custom handling for the request. // @@ -8838,14 +9196,14 @@ func (s *ExcludedRule) SetName(v string) *ExcludedRule { return s } -// The part of a web request that you want WAF to inspect. Include the single +// The part of the web request that you want WAF to inspect. Include the single // FieldToMatch type that you want to inspect, with additional specifications // as needed, according to the type. You specify a single request component // in FieldToMatch for each rule statement that requires it. To inspect more -// than one component of a web request, create a separate rule statement for +// than one component of the web request, create a separate rule statement for // each component. // -// JSON specification for a QueryString field to match: +// Example JSON for a QueryString field to match: // // "FieldToMatch": { "QueryString": {} } // @@ -8863,29 +9221,41 @@ type FieldToMatch struct { // data that you want to send to your web server as the HTTP request body, such // as data from a form. // - // Note that only the first 8 KB (8192 bytes) of the request body are forwarded - // to WAF for inspection by the underlying host service. If you don't need to - // inspect more than 8 KB, you can guarantee that you don't allow additional - // bytes in by combining a statement that inspects the body of the web request, - // such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a SizeConstraintStatement - // that enforces an 8 KB size limit on the body of the request. WAF doesn't - // support inspecting the entire contents of web requests whose bodies exceed - // the 8 KB limit. + // Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF + // for inspection by the underlying host service. For information about how + // to handle oversized request bodies, see the Body object configuration. Body *Body `type:"structure"` + // Inspect the request cookies. You must configure scope and pattern matching + // filters in the Cookies object, to define the set of cookies and the parts + // of the cookies that WAF inspects. + // + // Only the first 8 KB (8192 bytes) of a request's cookies and only the first + // 200 cookies are forwarded to WAF for inspection by the underlying host service. + // You must configure how to handle any oversize cookie content in the Cookies + // object. WAF applies the pattern matching filters to the cookies that it receives + // from the underlying host service. + Cookies *Cookies `type:"structure"` + + // Inspect the request headers. You must configure scope and pattern matching + // filters in the Headers object, to define the set of headers to and the parts + // of the headers that WAF inspects. + // + // Only the first 8 KB (8192 bytes) of a request's headers and only the first + // 200 headers are forwarded to WAF for inspection by the underlying host service. + // You must configure how to handle any oversize header content in the Headers + // object. WAF applies the pattern matching filters to the headers that it receives + // from the underlying host service. + Headers *Headers `type:"structure"` + // Inspect the request body as JSON. The request body immediately follows the // request headers. This is the part of a request that contains any additional // data that you want to send to your web server as the HTTP request body, such // as data from a form. // - // Note that only the first 8 KB (8192 bytes) of the request body are forwarded - // to WAF for inspection by the underlying host service. If you don't need to - // inspect more than 8 KB, you can guarantee that you don't allow additional - // bytes in by combining a statement that inspects the body of the web request, - // such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a SizeConstraintStatement - // that enforces an 8 KB size limit on the body of the request. WAF doesn't - // support inspecting the entire contents of web requests whose bodies exceed - // the 8 KB limit. + // Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF + // for inspection by the underlying host service. For information about how + // to handle oversized request bodies, see the JsonBody object configuration. JsonBody *JsonBody `type:"structure"` // Inspect the HTTP method. The method indicates the type of operation that @@ -8900,19 +9270,19 @@ type FieldToMatch struct { // User-Agent or Referer. This setting isn't case sensitive. // // Example JSON: "SingleHeader": { "Name": "haystack" } + // + // Alternately, you can filter and inspect all headers with the Headers FieldToMatch + // setting. SingleHeader *SingleHeader `type:"structure"` // Inspect a single query argument. Provide the name of the query argument to // inspect, such as UserName or SalesRegion. The name can be up to 30 characters // long and isn't case sensitive. // - // This is used only to indicate the web request component for WAF to inspect, - // in the FieldToMatch specification. - // // Example JSON: "SingleQueryArgument": { "Name": "myArgument" } SingleQueryArgument *SingleQueryArgument `type:"structure"` - // Inspect the request URI path. This is the part of a web request that identifies + // Inspect the request URI path. This is the part of the web request that identifies // a resource, for example, /images/daily-ad.jpg. UriPath *UriPath `type:"structure"` } @@ -8938,6 +9308,16 @@ func (s FieldToMatch) GoString() string { // Validate inspects the fields of the type to determine if they are valid. func (s *FieldToMatch) Validate() error { invalidParams := request.ErrInvalidParams{Context: "FieldToMatch"} + if s.Cookies != nil { + if err := s.Cookies.Validate(); err != nil { + invalidParams.AddNested("Cookies", err.(request.ErrInvalidParams)) + } + } + if s.Headers != nil { + if err := s.Headers.Validate(); err != nil { + invalidParams.AddNested("Headers", err.(request.ErrInvalidParams)) + } + } if s.JsonBody != nil { if err := s.JsonBody.Validate(); err != nil { invalidParams.AddNested("JsonBody", err.(request.ErrInvalidParams)) @@ -8972,6 +9352,18 @@ func (s *FieldToMatch) SetBody(v *Body) *FieldToMatch { return s } +// SetCookies sets the Cookies field's value. +func (s *FieldToMatch) SetCookies(v *Cookies) *FieldToMatch { + s.Cookies = v + return s +} + +// SetHeaders sets the Headers field's value. +func (s *FieldToMatch) SetHeaders(v *Headers) *FieldToMatch { + s.Headers = v + return s +} + // SetJsonBody sets the JsonBody field's value. func (s *FieldToMatch) SetJsonBody(v *JsonBody) *FieldToMatch { s.JsonBody = v @@ -11049,6 +11441,190 @@ func (s *HTTPRequest) SetURI(v string) *HTTPRequest { return s } +// The filter to use to identify the subset of headers to inspect in a web request. +// +// You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders. +// +// Example JSON: "HeaderMatchPattern": { "ExcludedHeaders": {"KeyToExclude1", +// "KeyToExclude2"} } +type HeaderMatchPattern struct { + _ struct{} `type:"structure"` + + // Inspect all headers. + All *All `type:"structure"` + + // Inspect only the headers whose keys don't match any of the strings specified + // here. + ExcludedHeaders []*string `min:"1" type:"list"` + + // Inspect only the headers that have a key that matches one of the strings + // specified here. + IncludedHeaders []*string `min:"1" type:"list"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s HeaderMatchPattern) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s HeaderMatchPattern) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *HeaderMatchPattern) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "HeaderMatchPattern"} + if s.ExcludedHeaders != nil && len(s.ExcludedHeaders) < 1 { + invalidParams.Add(request.NewErrParamMinLen("ExcludedHeaders", 1)) + } + if s.IncludedHeaders != nil && len(s.IncludedHeaders) < 1 { + invalidParams.Add(request.NewErrParamMinLen("IncludedHeaders", 1)) + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetAll sets the All field's value. +func (s *HeaderMatchPattern) SetAll(v *All) *HeaderMatchPattern { + s.All = v + return s +} + +// SetExcludedHeaders sets the ExcludedHeaders field's value. +func (s *HeaderMatchPattern) SetExcludedHeaders(v []*string) *HeaderMatchPattern { + s.ExcludedHeaders = v + return s +} + +// SetIncludedHeaders sets the IncludedHeaders field's value. +func (s *HeaderMatchPattern) SetIncludedHeaders(v []*string) *HeaderMatchPattern { + s.IncludedHeaders = v + return s +} + +// Inspect the headers in the web request. You can specify the parts of the +// headers to inspect and you can narrow the set of headers to inspect by including +// or excluding specific keys. +// +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. +// +// Alternately, you can use the SingleHeader FieldToMatch setting to inspect +// the value of a single header, identified by its key. +// +// Example JSON: "Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", +// "OversizeHandling": "MATCH" } +type Headers struct { + _ struct{} `type:"structure"` + + // The filter to use to identify the subset of headers to inspect in a web request. + // + // You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders. + // + // Example JSON: "HeaderMatchPattern": { "ExcludedHeaders": {"KeyToExclude1", + // "KeyToExclude2"} } + // + // MatchPattern is a required field + MatchPattern *HeaderMatchPattern `type:"structure" required:"true"` + + // The parts of the headers to match with the rule inspection criteria. If you + // specify All, WAF inspects both keys and values. + // + // MatchScope is a required field + MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"` + + // What WAF should do if the headers of the request are larger than WAF can + // inspect. WAF does not support inspecting the entire contents of request headers + // when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host + // service forwards a maximum of 200 headers and at most 8 KB of header contents + // to WAF. + // + // The options for oversize handling are the following: + // + // * CONTINUE - Inspect the headers normally, according to the rule inspection + // criteria. + // + // * MATCH - Treat the web request as matching the rule statement. WAF applies + // the rule action to the request. + // + // * NO_MATCH - Treat the web request as not matching the rule statement. + // + // OversizeHandling is a required field + OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Headers) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s Headers) GoString() string { + return s.String() +} + +// Validate inspects the fields of the type to determine if they are valid. +func (s *Headers) Validate() error { + invalidParams := request.ErrInvalidParams{Context: "Headers"} + if s.MatchPattern == nil { + invalidParams.Add(request.NewErrParamRequired("MatchPattern")) + } + if s.MatchScope == nil { + invalidParams.Add(request.NewErrParamRequired("MatchScope")) + } + if s.OversizeHandling == nil { + invalidParams.Add(request.NewErrParamRequired("OversizeHandling")) + } + if s.MatchPattern != nil { + if err := s.MatchPattern.Validate(); err != nil { + invalidParams.AddNested("MatchPattern", err.(request.ErrInvalidParams)) + } + } + + if invalidParams.Len() > 0 { + return invalidParams + } + return nil +} + +// SetMatchPattern sets the MatchPattern field's value. +func (s *Headers) SetMatchPattern(v *HeaderMatchPattern) *Headers { + s.MatchPattern = v + return s +} + +// SetMatchScope sets the MatchScope field's value. +func (s *Headers) SetMatchScope(v string) *Headers { + s.MatchScope = &v + return s +} + +// SetOversizeHandling sets the OversizeHandling field's value. +func (s *Headers) SetOversizeHandling(v string) *Headers { + s.OversizeHandling = &v + return s +} + // Contains zero or more IP addresses or blocks of IP addresses specified in // Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and // IPv6 CIDR ranges except for /0. For information about CIDR notation, see @@ -11502,8 +12078,11 @@ func (s *ImmunityTimeProperty) SetImmunityTime(v int64) *ImmunityTimeProperty { return s } -// The body of a web request, inspected as JSON. The body immediately follows -// the request headers. This is used in the FieldToMatch specification. +// Inspect the body of the web request as JSON. The body immediately follows +// the request headers. +// +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. // // Use the specifications in this object to indicate which parts of the JSON // body to inspect using the rule's inspection criteria. WAF inspects only the @@ -11553,6 +12132,28 @@ type JsonBody struct { // // MatchScope is a required field MatchScope *string `type:"string" required:"true" enum:"JsonMatchScope"` + + // What WAF should do if the body is larger than WAF can inspect. WAF does not + // support inspecting the entire contents of the body of a web request when + // the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body + // are forwarded to WAF by the underlying host service. + // + // The options for oversize handling are the following: + // + // * CONTINUE - Inspect the body normally, according to the rule inspection + // criteria. + // + // * MATCH - Treat the web request as matching the rule statement. WAF applies + // the rule action to the request. + // + // * NO_MATCH - Treat the web request as not matching the rule statement. + // + // You can combine the MATCH or NO_MATCH settings for oversize handling with + // your rule and web ACL action settings, so that you block any request whose + // body is over 8 KB. + // + // Default: CONTINUE + OversizeHandling *string `type:"string" enum:"OversizeHandling"` } // String returns the string representation. @@ -11612,6 +12213,12 @@ func (s *JsonBody) SetMatchScope(v string) *JsonBody { return s } +// SetOversizeHandling sets the OversizeHandling field's value. +func (s *JsonBody) SetOversizeHandling(v string) *JsonBody { + s.OversizeHandling = &v + return s +} + // The patterns to look for in the JSON body. WAF inspects the results of these // pattern matches against the rule inspection criteria. This is used with the // FieldToMatch option JsonBody. @@ -14233,11 +14840,11 @@ func (s *ManagedRuleSetVersion) SetPublishTimestamp(v time.Time) *ManagedRuleSet return s } -// The HTTP method of a web request. The method indicates the type of operation -// that the request is asking the origin to perform. +// Inspect the HTTP method of the web request. The method indicates the type +// of operation that the request is asking the origin to perform. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used only in the FieldToMatch specification for some web request +// component types. // // JSON specification: "Method": {} type Method struct { @@ -15027,11 +15634,11 @@ func (s PutPermissionPolicyOutput) GoString() string { return s.String() } -// The query string of a web request. This is the part of a URL that appears -// after a ? character, if any. +// Inspect the query string of the web request. This is the part of a URL that +// appears after a ? character, if any. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used only in the FieldToMatch specification for some web request +// component types. // // JSON specification: "QueryString": {} type QueryString struct { @@ -15297,7 +15904,7 @@ func (s *Regex) SetRegexString(v string) *Regex { type RegexMatchStatement struct { _ struct{} `type:"structure"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field @@ -15486,7 +16093,7 @@ type RegexPatternSetReferenceStatement struct { // ARN is a required field ARN *string `min:"20" type:"string" required:"true"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field @@ -16513,11 +17120,13 @@ func (s *SampledHTTPRequest) SetWeight(v int64) *SampledHTTPRequest { return s } -// One of the headers in a web request, identified by name, for example, User-Agent -// or Referer. This setting isn't case sensitive. +// Inspect one of the headers in the web request, identified by name, for example, +// User-Agent or Referer. The name isn't case sensitive. +// +// You can filter and inspect all headers with the FieldToMatch setting Headers. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. // // Example JSON: "SingleHeader": { "Name": "haystack" } type SingleHeader struct { @@ -16569,8 +17178,11 @@ func (s *SingleHeader) SetName(v string) *SingleHeader { return s } -// One query argument in a web request, identified by name, for example UserName -// or SalesRegion. The name can be up to 30 characters long and isn't case sensitive. +// Inspect one query argument in the web request, identified by name, for example +// UserName or SalesRegion. The name isn't case sensitive. +// +// This is used to indicate the web request component for WAF to inspect, in +// the FieldToMatch specification. // // Example JSON: "SingleQueryArgument": { "Name": "myArgument" } type SingleQueryArgument struct { @@ -16643,7 +17255,7 @@ type SizeConstraintStatement struct { // ComparisonOperator is a required field ComparisonOperator *string `type:"string" required:"true" enum:"ComparisonOperator"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field @@ -16756,7 +17368,7 @@ func (s *SizeConstraintStatement) SetTextTransformations(v []*TextTransformation type SqliMatchStatement struct { _ struct{} `type:"structure"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field @@ -18865,11 +19477,11 @@ func (s *UpdateWebACLOutput) SetNextLockToken(v string) *UpdateWebACLOutput { return s } -// The path component of the URI of a web request. This is the part of a web -// request that identifies a resource. For example, /images/daily-ad.jpg. +// Inspect the path component of the URI of the web request. This is the part +// of the web request that identifies a resource. For example, /images/daily-ad.jpg. // -// This is used only to indicate the web request component for WAF to inspect, -// in the FieldToMatch specification. +// This is used only in the FieldToMatch specification for some web request +// component types. // // JSON specification: "UriPath": {} type UriPath struct { @@ -19097,6 +19709,10 @@ func (s *VisibilityConfig) SetSampledRequestsEnabled(v bool) *VisibilityConfig { // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. +// +// For DeleteWebACL, you will only get this exception if the web ACL is still +// associated with a regional resource. Deleting a web ACL that is still associated +// with an Amazon CloudFront distribution won't get this exception. type WAFAssociatedItemException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -19160,6 +19776,81 @@ func (s *WAFAssociatedItemException) RequestID() string { return s.RespMetadata.RequestID } +// The operation failed because you are inspecting the web request body, headers, +// or cookies without specifying how to handle oversize components. Rules that +// inspect the body must either provide an OversizeHandling configuration or +// they must be preceded by a SizeConstraintStatement that blocks the body content +// from being too large. Rules that inspect the headers or cookies must provide +// an OversizeHandling configuration. +// +// Provide the handling configuration and retry your operation. +// +// Alternately, you can suppress this warning by adding the following tag to +// the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, +// value:true). +type WAFConfigurationWarningException struct { + _ struct{} `type:"structure"` + RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` + + Message_ *string `locationName:"Message" type:"string"` +} + +// String returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WAFConfigurationWarningException) String() string { + return awsutil.Prettify(s) +} + +// GoString returns the string representation. +// +// API parameter values that are decorated as "sensitive" in the API will not +// be included in the string output. The member name will be present, but the +// value will be replaced with "sensitive". +func (s WAFConfigurationWarningException) GoString() string { + return s.String() +} + +func newErrorWAFConfigurationWarningException(v protocol.ResponseMetadata) error { + return &WAFConfigurationWarningException{ + RespMetadata: v, + } +} + +// Code returns the exception type name. +func (s *WAFConfigurationWarningException) Code() string { + return "WAFConfigurationWarningException" +} + +// Message returns the exception's message. +func (s *WAFConfigurationWarningException) Message() string { + if s.Message_ != nil { + return *s.Message_ + } + return "" +} + +// OrigErr always returns nil, satisfies awserr.Error interface. +func (s *WAFConfigurationWarningException) OrigErr() error { + return nil +} + +func (s *WAFConfigurationWarningException) Error() string { + return fmt.Sprintf("%s: %s", s.Code(), s.Message()) +} + +// Status code returns the HTTP status code for the request's response error. +func (s *WAFConfigurationWarningException) StatusCode() int { + return s.RespMetadata.StatusCode +} + +// RequestID returns the service's response RequestID for request. +func (s *WAFConfigurationWarningException) RequestID() string { + return s.RespMetadata.RequestID +} + // WAF couldn’t perform the operation because the resource that you tried // to save is a duplicate of an existing one. type WAFDuplicateItemException struct { @@ -20116,7 +20807,7 @@ func (s *WAFTagOperationException) RequestID() string { } // WAF couldn’t perform your tagging operation because of an internal error. -// Retry your request. +// Retry ybjectNoteWebRequestComponentour request. type WAFTagOperationInternalErrorException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -20180,7 +20871,9 @@ func (s *WAFTagOperationInternalErrorException) RequestID() string { return s.RespMetadata.RequestID } -// WAF couldn’t retrieve the resource that you requested. Retry your request. +// WAF couldn’t retrieve a resource that you specified for this operation. +// Verify the resources that you are specifying in your request parameters and +// then retry the operation. type WAFUnavailableEntityException struct { _ struct{} `type:"structure"` RespMetadata protocol.ResponseMetadata `json:"-" xml:"-"` @@ -20557,7 +21250,7 @@ func (s *WebACLSummary) SetName(v string) *WebACLSummary { type XssMatchStatement struct { _ struct{} `type:"structure"` - // The part of a web request that you want WAF to inspect. For more information, + // The part of the web request that you want WAF to inspect. For more information, // see FieldToMatch. // // FieldToMatch is a required field @@ -21464,6 +22157,9 @@ const ( // CountryCodeZw is a CountryCode enum value CountryCodeZw = "ZW" + + // CountryCodeXk is a CountryCode enum value + CountryCodeXk = "XK" ) // CountryCode_Values returns all elements of the CountryCode enum @@ -21718,6 +22414,7 @@ func CountryCode_Values() []string { CountryCodeYe, CountryCodeZm, CountryCodeZw, + CountryCodeXk, } } @@ -21857,6 +22554,46 @@ func LabelMatchScope_Values() []string { } } +const ( + // MapMatchScopeAll is a MapMatchScope enum value + MapMatchScopeAll = "ALL" + + // MapMatchScopeKey is a MapMatchScope enum value + MapMatchScopeKey = "KEY" + + // MapMatchScopeValue is a MapMatchScope enum value + MapMatchScopeValue = "VALUE" +) + +// MapMatchScope_Values returns all elements of the MapMatchScope enum +func MapMatchScope_Values() []string { + return []string{ + MapMatchScopeAll, + MapMatchScopeKey, + MapMatchScopeValue, + } +} + +const ( + // OversizeHandlingContinue is a OversizeHandling enum value + OversizeHandlingContinue = "CONTINUE" + + // OversizeHandlingMatch is a OversizeHandling enum value + OversizeHandlingMatch = "MATCH" + + // OversizeHandlingNoMatch is a OversizeHandling enum value + OversizeHandlingNoMatch = "NO_MATCH" +) + +// OversizeHandling_Values returns all elements of the OversizeHandling enum +func OversizeHandling_Values() []string { + return []string{ + OversizeHandlingContinue, + OversizeHandlingMatch, + OversizeHandlingNoMatch, + } +} + const ( // ParameterExceptionFieldWebAcl is a ParameterExceptionField enum value ParameterExceptionFieldWebAcl = "WEB_ACL" @@ -22034,6 +22771,18 @@ const ( // ParameterExceptionFieldPayloadType is a ParameterExceptionField enum value ParameterExceptionFieldPayloadType = "PAYLOAD_TYPE" + + // ParameterExceptionFieldHeaderMatchPattern is a ParameterExceptionField enum value + ParameterExceptionFieldHeaderMatchPattern = "HEADER_MATCH_PATTERN" + + // ParameterExceptionFieldCookieMatchPattern is a ParameterExceptionField enum value + ParameterExceptionFieldCookieMatchPattern = "COOKIE_MATCH_PATTERN" + + // ParameterExceptionFieldMapMatchScope is a ParameterExceptionField enum value + ParameterExceptionFieldMapMatchScope = "MAP_MATCH_SCOPE" + + // ParameterExceptionFieldOversizeHandling is a ParameterExceptionField enum value + ParameterExceptionFieldOversizeHandling = "OVERSIZE_HANDLING" ) // ParameterExceptionField_Values returns all elements of the ParameterExceptionField enum @@ -22098,6 +22847,10 @@ func ParameterExceptionField_Values() []string { ParameterExceptionFieldLogDestination, ParameterExceptionFieldManagedRuleGroupConfig, ParameterExceptionFieldPayloadType, + ParameterExceptionFieldHeaderMatchPattern, + ParameterExceptionFieldCookieMatchPattern, + ParameterExceptionFieldMapMatchScope, + ParameterExceptionFieldOversizeHandling, } } diff --git a/service/wafv2/errors.go b/service/wafv2/errors.go index e6f53743aca..c8b45b78582 100644 --- a/service/wafv2/errors.go +++ b/service/wafv2/errors.go @@ -13,8 +13,29 @@ const ( // // WAF couldn’t perform the operation because your resource is being used // by another resource or it’s associated with another resource. + // + // For DeleteWebACL, you will only get this exception if the web ACL is still + // associated with a regional resource. Deleting a web ACL that is still associated + // with an Amazon CloudFront distribution won't get this exception. ErrCodeWAFAssociatedItemException = "WAFAssociatedItemException" + // ErrCodeWAFConfigurationWarningException for service response error code + // "WAFConfigurationWarningException". + // + // The operation failed because you are inspecting the web request body, headers, + // or cookies without specifying how to handle oversize components. Rules that + // inspect the body must either provide an OversizeHandling configuration or + // they must be preceded by a SizeConstraintStatement that blocks the body content + // from being too large. Rules that inspect the headers or cookies must provide + // an OversizeHandling configuration. + // + // Provide the handling configuration and retry your operation. + // + // Alternately, you can suppress this warning by adding the following tag to + // the resource that you provide to this operation: Tag (key:WAF:OversizeFieldsHandlingConstraintOptOut, + // value:true). + ErrCodeWAFConfigurationWarningException = "WAFConfigurationWarningException" + // ErrCodeWAFDuplicateItemException for service response error code // "WAFDuplicateItemException". // @@ -153,18 +174,21 @@ const ( // "WAFTagOperationInternalErrorException". // // WAF couldn’t perform your tagging operation because of an internal error. - // Retry your request. + // Retry ybjectNoteWebRequestComponentour request. ErrCodeWAFTagOperationInternalErrorException = "WAFTagOperationInternalErrorException" // ErrCodeWAFUnavailableEntityException for service response error code // "WAFUnavailableEntityException". // - // WAF couldn’t retrieve the resource that you requested. Retry your request. + // WAF couldn’t retrieve a resource that you specified for this operation. + // Verify the resources that you are specifying in your request parameters and + // then retry the operation. ErrCodeWAFUnavailableEntityException = "WAFUnavailableEntityException" ) var exceptionFromCode = map[string]func(protocol.ResponseMetadata) error{ "WAFAssociatedItemException": newErrorWAFAssociatedItemException, + "WAFConfigurationWarningException": newErrorWAFConfigurationWarningException, "WAFDuplicateItemException": newErrorWAFDuplicateItemException, "WAFExpiredManagedRuleGroupVersionException": newErrorWAFExpiredManagedRuleGroupVersionException, "WAFInternalErrorException": newErrorWAFInternalErrorException,