aws-sdk-athena 1.47.0 → 1.48.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2fe9003ba1094fae9aa14881613746f812fd66d1fa884c5cd36658a139585bb0
-  data.tar.gz: cd0573a8ce853bc3d22e220a35dea9efef7586d7bb5f08a9efd1cfc4f2e44cd8
+  metadata.gz: da7467e550bf620597ceef165f353fc3808321b98e63d7d7d676aeab464bea29
+  data.tar.gz: 4cf673e0808b660cf7362bbc01353a4b3dbc9a86b4e82c55d8edafce913e5dda
 SHA512:
-  metadata.gz: 15aefea7187c5f80ff87e7c1ba6ba26dd2f4a43832e5d154646e9cbe81792d0170347f4f04b4804cd318c43627302f21e8eea9aac3cee57c12e8b72d43b9b542
-  data.tar.gz: 87de8497408bff649a91198326d155ccc66281a923bf87a2c83808339af4b8eed032b2f99d932323ab32f5f9dfcea5a1b140e276772ed5923c909f5b0cadd9db
+  metadata.gz: e4018d1f3ab5c934357ced0d31157c3433675f762d5bc4b0d24afb28b4dd9198b0a03ec6d16a01bf7774ab9ff2aac714e8d84641408a943603c3ace013043fef
+  data.tar.gz: 8c38f7b1b66adc538ae7c0aafa55d841b547c505a4d10d4cec3feb2e4c82af23aeb3e53d973246bf53ac72d8001fbd2d46e6ff49d0531e7c3190733fa9a19077

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.48.0 (2022-02-04)
+------------------
+
+* Feature - You can now optionally specify the account ID that you expect to be the owner of your query results output location bucket in Athena. If the account ID of the query results bucket owner does not match the specified account ID, attempts to output to the bucket will fail with an S3 permissions error.
+
 1.47.0 (2022-02-03)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.47.0
+1.48.0

data/lib/aws-sdk-athena/client.rb

@@ -438,6 +438,7 @@ module Aws::Athena
     #   resp.query_executions[0].result_configuration.output_location #=> String
     #   resp.query_executions[0].result_configuration.encryption_configuration.encryption_option #=> String, one of "SSE_S3", "SSE_KMS", "CSE_KMS"
     #   resp.query_executions[0].result_configuration.encryption_configuration.kms_key #=> String
+    #   resp.query_executions[0].result_configuration.expected_bucket_owner #=> String
     #   resp.query_executions[0].query_execution_context.database #=> String
     #   resp.query_executions[0].query_execution_context.catalog #=> String
     #   resp.query_executions[0].status.state #=> String, one of "QUEUED", "RUNNING", "SUCCEEDED", "FAILED", "CANCELLED"
@@ -703,6 +704,7 @@ module Aws::Athena
     #           encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #           kms_key: "String",
     #         },
+    #         expected_bucket_owner: "String",
     #       },
     #       enforce_work_group_configuration: false,
     #       publish_cloud_watch_metrics_enabled: false,
@@ -1005,6 +1007,7 @@ module Aws::Athena
     #   resp.query_execution.result_configuration.output_location #=> String
     #   resp.query_execution.result_configuration.encryption_configuration.encryption_option #=> String, one of "SSE_S3", "SSE_KMS", "CSE_KMS"
     #   resp.query_execution.result_configuration.encryption_configuration.kms_key #=> String
+    #   resp.query_execution.result_configuration.expected_bucket_owner #=> String
     #   resp.query_execution.query_execution_context.database #=> String
     #   resp.query_execution.query_execution_context.catalog #=> String
     #   resp.query_execution.status.state #=> String, one of "QUEUED", "RUNNING", "SUCCEEDED", "FAILED", "CANCELLED"
@@ -1038,6 +1041,14 @@ module Aws::Athena
     # User Guide*. This request does not execute the query but returns
     # results. Use StartQueryExecution to run a query.
     #
+    # If the original query execution ran using an
+    # ResultConfiguration$ExpectedBucketOwner setting, the setting also
+    # applies to Amazon S3 read operations when `GetQueryResults` is called.
+    # If an expected bucket owner has been specified and the query results
+    # are in an Amazon S3 bucket whose owner account ID is different from
+    # the expected bucket owner, the `GetQueryResults` call fails with an
+    # Amazon S3 permissions error.
+    #
     # To stream query results successfully, the IAM principal with
     # permission to call `GetQueryResults` also must have permissions to the
     # Amazon S3 `GetObject` action for the Athena query results location.
@@ -1180,6 +1191,7 @@ module Aws::Athena
     #   resp.work_group.configuration.result_configuration.output_location #=> String
     #   resp.work_group.configuration.result_configuration.encryption_configuration.encryption_option #=> String, one of "SSE_S3", "SSE_KMS", "CSE_KMS"
     #   resp.work_group.configuration.result_configuration.encryption_configuration.kms_key #=> String
+    #   resp.work_group.configuration.result_configuration.expected_bucket_owner #=> String
     #   resp.work_group.configuration.enforce_work_group_configuration #=> Boolean
     #   resp.work_group.configuration.publish_cloud_watch_metrics_enabled #=> Boolean
     #   resp.work_group.configuration.bytes_scanned_cutoff_per_query #=> Integer
@@ -1706,6 +1718,7 @@ module Aws::Athena
     #         encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #         kms_key: "String",
     #       },
+    #       expected_bucket_owner: "String",
     #     },
     #     work_group: "WorkGroupName",
     #   })
@@ -1965,6 +1978,8 @@ module Aws::Athena
     #           kms_key: "String",
     #         },
     #         remove_encryption_configuration: false,
+    #         expected_bucket_owner: "String",
+    #         remove_expected_bucket_owner: false,
     #       },
     #       publish_cloud_watch_metrics_enabled: false,
     #       bytes_scanned_cutoff_per_query: 1,
@@ -2000,7 +2015,7 @@ module Aws::Athena
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-athena'
-      context[:gem_version] = '1.47.0'
+      context[:gem_version] = '1.48.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-athena/client_api.rb

@@ -528,12 +528,15 @@ module Aws::Athena
 
     ResultConfiguration.add_member(:output_location, Shapes::ShapeRef.new(shape: String, location_name: "OutputLocation"))
     ResultConfiguration.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
+    ResultConfiguration.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: String, location_name: "ExpectedBucketOwner"))
     ResultConfiguration.struct_class = Types::ResultConfiguration
 
     ResultConfigurationUpdates.add_member(:output_location, Shapes::ShapeRef.new(shape: String, location_name: "OutputLocation"))
     ResultConfigurationUpdates.add_member(:remove_output_location, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "RemoveOutputLocation"))
     ResultConfigurationUpdates.add_member(:encryption_configuration, Shapes::ShapeRef.new(shape: EncryptionConfiguration, location_name: "EncryptionConfiguration"))
     ResultConfigurationUpdates.add_member(:remove_encryption_configuration, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "RemoveEncryptionConfiguration"))
+    ResultConfigurationUpdates.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: String, location_name: "ExpectedBucketOwner"))
+    ResultConfigurationUpdates.add_member(:remove_expected_bucket_owner, Shapes::ShapeRef.new(shape: BoxedBoolean, location_name: "RemoveExpectedBucketOwner"))
     ResultConfigurationUpdates.struct_class = Types::ResultConfigurationUpdates
 
     ResultSet.add_member(:rows, Shapes::ShapeRef.new(shape: RowList, location_name: "Rows"))

data/lib/aws-sdk-athena/types.rb

@@ -422,6 +422,7 @@ module Aws::Athena
     #               encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #               kms_key: "String",
     #             },
+    #             expected_bucket_owner: "String",
     #           },
     #           enforce_work_group_configuration: false,
     #           publish_cloud_watch_metrics_enabled: false,
@@ -1960,6 +1961,7 @@ module Aws::Athena
     #           encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #           kms_key: "String",
     #         },
+    #         expected_bucket_owner: "String",
     #       }
     #
     # @!attribute [rw] output_location
@@ -1994,11 +1996,33 @@ module Aws::Athena
     #   [1]: https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html
     #   @return [Types::EncryptionConfiguration]
     #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID that you expect to be the owner
+    #   of the Amazon S3 bucket specified by
+    #   ResultConfiguration$OutputLocation. If set, Athena uses the value
+    #   for `ExpectedBucketOwner` when it makes Amazon S3 calls to your
+    #   specified output location. If the `ExpectedBucketOwner` Amazon Web
+    #   Services account ID does not match the actual owner of the Amazon S3
+    #   bucket, the call fails with a permissions error.
+    #
+    #   This is a client-side setting. If workgroup settings override
+    #   client-side settings, then the query uses the `ExpectedBucketOwner`
+    #   setting that is specified for the workgroup, and also uses the
+    #   location for storing query results specified in the workgroup. See
+    #   WorkGroupConfiguration$EnforceWorkGroupConfiguration and [Workgroup
+    #   Settings Override Client-Side Settings][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/athena-2017-05-18/ResultConfiguration AWS API Documentation
     #
     class ResultConfiguration < Struct.new(
       :output_location,
-      :encryption_configuration)
+      :encryption_configuration,
+      :expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2017,6 +2041,8 @@ module Aws::Athena
     #           kms_key: "String",
     #         },
     #         remove_encryption_configuration: false,
+    #         expected_bucket_owner: "String",
+    #         remove_expected_bucket_owner: false,
     #       }
     #
     # @!attribute [rw] output_location
@@ -2041,7 +2067,7 @@ module Aws::Athena
     #   in this workgroup should be ignored and set to null. If set to
     #   "false" or not set, and a value is present in the `OutputLocation`
     #   in `ResultConfigurationUpdates` (the client-side setting), the
-    #   `OutputLocation` in the workgroup's `ResultConfiguration` will be
+    #   `OutputLocation` in the workgroup's `ResultConfiguration` is
     #   updated with the new value. For more information, see [Workgroup
     #   Settings Override Client-Side Settings][1].
     #
@@ -2061,9 +2087,45 @@ module Aws::Athena
     #   to "false" or not set, and a value is present in the
     #   `EncryptionConfiguration` in `ResultConfigurationUpdates` (the
     #   client-side setting), the `EncryptionConfiguration` in the
-    #   workgroup's `ResultConfiguration` will be updated with the new
-    #   value. For more information, see [Workgroup Settings Override
-    #   Client-Side Settings][1].
+    #   workgroup's `ResultConfiguration` is updated with the new value.
+    #   For more information, see [Workgroup Settings Override Client-Side
+    #   Settings][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] expected_bucket_owner
+    #   The Amazon Web Services account ID that you expect to be the owner
+    #   of the Amazon S3 bucket specified by
+    #   ResultConfiguration$OutputLocation. If set, Athena uses the value
+    #   for `ExpectedBucketOwner` when it makes Amazon S3 calls to your
+    #   specified output location. If the `ExpectedBucketOwner` Amazon Web
+    #   Services account ID does not match the actual owner of the Amazon S3
+    #   bucket, the call fails with a permissions error.
+    #
+    #   If workgroup settings override client-side settings, then the query
+    #   uses the `ExpectedBucketOwner` setting that is specified for the
+    #   workgroup, and also uses the location for storing query results
+    #   specified in the workgroup. See
+    #   WorkGroupConfiguration$EnforceWorkGroupConfiguration and [Workgroup
+    #   Settings Override Client-Side Settings][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html
+    #   @return [String]
+    #
+    # @!attribute [rw] remove_expected_bucket_owner
+    #   If set to "true", removes the Amazon Web Services account ID
+    #   previously specified for ResultConfiguration$ExpectedBucketOwner. If
+    #   set to "false" or not set, and a value is present in the
+    #   `ExpectedBucketOwner` in `ResultConfigurationUpdates` (the
+    #   client-side setting), the `ExpectedBucketOwner` in the workgroup's
+    #   `ResultConfiguration` is updated with the new value. For more
+    #   information, see [Workgroup Settings Override Client-Side
+    #   Settings][1].
     #
     #
     #
@@ -2076,7 +2138,9 @@ module Aws::Athena
       :output_location,
       :remove_output_location,
       :encryption_configuration,
-      :remove_encryption_configuration)
+      :remove_encryption_configuration,
+      :expected_bucket_owner,
+      :remove_expected_bucket_owner)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -2149,6 +2213,7 @@ module Aws::Athena
     #             encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #             kms_key: "String",
     #           },
+    #           expected_bucket_owner: "String",
     #         },
     #         work_group: "WorkGroupName",
     #       }
@@ -2601,6 +2666,8 @@ module Aws::Athena
     #               kms_key: "String",
     #             },
     #             remove_encryption_configuration: false,
+    #             expected_bucket_owner: "String",
+    #             remove_expected_bucket_owner: false,
     #           },
     #           publish_cloud_watch_metrics_enabled: false,
     #           bytes_scanned_cutoff_per_query: 1,
@@ -2719,6 +2786,7 @@ module Aws::Athena
     #             encryption_option: "SSE_S3", # required, accepts SSE_S3, SSE_KMS, CSE_KMS
     #             kms_key: "String",
     #           },
+    #           expected_bucket_owner: "String",
     #         },
     #         enforce_work_group_configuration: false,
     #         publish_cloud_watch_metrics_enabled: false,
@@ -2820,6 +2888,8 @@ module Aws::Athena
     #             kms_key: "String",
     #           },
     #           remove_encryption_configuration: false,
+    #           expected_bucket_owner: "String",
+    #           remove_expected_bucket_owner: false,
     #         },
     #         publish_cloud_watch_metrics_enabled: false,
     #         bytes_scanned_cutoff_per_query: 1,

data/lib/aws-sdk-athena.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-athena/customizations'
 # @!group service
 module Aws::Athena
 
-  GEM_VERSION = '1.47.0'
+  GEM_VERSION = '1.48.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-athena
 version: !ruby/object:Gem::Version
-  version: 1.47.0
+  version: 1.48.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-03 00:00:00.000000000 Z
+date: 2022-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core