aws-sdk-backup 1.33.0 → 1.37.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 477db29fed1a07d045bb148798161a6876066674373298acc7bb1b6e0c9521ae
-  data.tar.gz: 759b811e2cded6f09dcddf1a9bc62a1cc181abb9191d08a8a8adce88bffb6fcf
+  metadata.gz: 2a3555bf0c96c1e14ed15095b6f3a6c21c94cc660d1401bd4d40e869afda89ce
+  data.tar.gz: 5a144051881626bc0981d647c92b2420e6082d5076c7181712b54610f5c58455
 SHA512:
-  metadata.gz: 3b3cae0f124f2680a88e2dc6d94f42de125606b187aa20ecc5a5bd5a16185ebb95f229f67068d6704686f86bc24b97b5831b98ecaf9e11a18a428131bf8da206
-  data.tar.gz: 6b3ea0012b2597eb815cdba08a4a87b6c1df3b10d3268678e509535323b221d79ebe4d084f600ab3a3492a4ffd0058406a1d1df08de1bce17db7773ecfd055a5
+  metadata.gz: b607b1aaaeba6562d5b5d06f12098267c8e4651438ad9f5860b2746fb99e7a09516150ddcbcb347014560de41c0217f7f002cc67b98a5ebb07aa134c75c74e95
+  data.tar.gz: 335020bc32527cab5d6d1d3ead57d2c7a60272476f2c269220e525cf5e2dbcbd5b0c7fe3816387f039ccb4aa2319855ac464e944114cc37a42bb46dc2edeae4e

data/CHANGELOG.md

@@ -1,6 +1,26 @@
 Unreleased Changes
 ------------------
 
+1.37.0 (2021-11-10)
+------------------
+
+* Feature - AWS Backup SDK provides new options when scheduling backups: select supported services and resources that are assigned to a particular tag, linked to a combination of tags, or can be identified by a partial tag value, and exclude resources from their assignments.
+
+1.36.0 (2021-11-04)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.35.0 (2021-10-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+1.34.0 (2021-10-07)
+------------------
+
+* Feature - Launch of AWS Backup Vault Lock, which protects your backups from malicious and accidental actions, works with existing backup policies, and helps you meet compliance requirements.
+
 1.33.0 (2021-10-05)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.33.0
+1.37.0

data/lib/aws-sdk-backup/client.rb

@@ -275,6 +275,15 @@ module Aws::Backup
     #     ** Please note ** When response stubbing is enabled, no HTTP
     #     requests are made, and retries are disabled.
     #
+    #   @option options [Boolean] :use_dualstack_endpoint
+    #     When set to `true`, dualstack enabled endpoints (with `.aws` TLD)
+    #     will be used if available.
+    #
+    #   @option options [Boolean] :use_fips_endpoint
+    #     When set to `true`, fips compatible endpoints will be used if available.
+    #     When a `fips` region is used, the region is normalized and this config
+    #     is set to `true`.
+    #
     #   @option options [Boolean] :validate_params (true)
     #     When `true`, request parameters are validated before
     #     sending the request.
@@ -487,6 +496,33 @@ module Aws::Backup
     #           condition_value: "ConditionValue", # required
     #         },
     #       ],
+    #       not_resources: ["ARN"],
+    #       conditions: {
+    #         string_equals: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_not_equals: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_like: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_not_like: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #       },
     #     },
     #     creator_request_id: "string",
     #   })
@@ -850,6 +886,38 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Deletes Backup Vault Lock from a backup vault specified by a backup
+    # vault name.
+    #
+    # If the Vault Lock configuration is immutable, then you cannot delete
+    # Vault Lock using API operations, and you will receive an
+    # `InvalidRequestException` if you attempt to do so. For more
+    # information, see [Vault Lock][1] in the *Backup Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The name of the backup vault from which to delete Backup Vault Lock.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_backup_vault_lock_configuration({
+    #     backup_vault_name: "BackupVaultName", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DeleteBackupVaultLockConfiguration AWS API Documentation
+    #
+    # @overload delete_backup_vault_lock_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_backup_vault_lock_configuration(params = {}, options = {})
+      req = build_request(:delete_backup_vault_lock_configuration, params)
+      req.send_request(options)
+    end
+
     # Deletes event notifications for the specified backup vault.
     #
     # @option params [required, String] :backup_vault_name
@@ -1040,6 +1108,10 @@ module Aws::Backup
     #   * {Types::DescribeBackupVaultOutput#creation_date #creation_date} => Time
     #   * {Types::DescribeBackupVaultOutput#creator_request_id #creator_request_id} => String
     #   * {Types::DescribeBackupVaultOutput#number_of_recovery_points #number_of_recovery_points} => Integer
+    #   * {Types::DescribeBackupVaultOutput#locked #locked} => Boolean
+    #   * {Types::DescribeBackupVaultOutput#min_retention_days #min_retention_days} => Integer
+    #   * {Types::DescribeBackupVaultOutput#max_retention_days #max_retention_days} => Integer
+    #   * {Types::DescribeBackupVaultOutput#lock_date #lock_date} => Time
     #
     # @example Request syntax with placeholder values
     #
@@ -1055,6 +1127,10 @@ module Aws::Backup
     #   resp.creation_date #=> Time
     #   resp.creator_request_id #=> String
     #   resp.number_of_recovery_points #=> Integer
+    #   resp.locked #=> Boolean
+    #   resp.min_retention_days #=> Integer
+    #   resp.max_retention_days #=> Integer
+    #   resp.lock_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeBackupVault AWS API Documentation
     #
@@ -1728,6 +1804,20 @@ module Aws::Backup
     #   resp.backup_selection.list_of_tags[0].condition_type #=> String, one of "STRINGEQUALS"
     #   resp.backup_selection.list_of_tags[0].condition_key #=> String
     #   resp.backup_selection.list_of_tags[0].condition_value #=> String
+    #   resp.backup_selection.not_resources #=> Array
+    #   resp.backup_selection.not_resources[0] #=> String
+    #   resp.backup_selection.conditions.string_equals #=> Array
+    #   resp.backup_selection.conditions.string_equals[0].condition_key #=> String
+    #   resp.backup_selection.conditions.string_equals[0].condition_value #=> String
+    #   resp.backup_selection.conditions.string_not_equals #=> Array
+    #   resp.backup_selection.conditions.string_not_equals[0].condition_key #=> String
+    #   resp.backup_selection.conditions.string_not_equals[0].condition_value #=> String
+    #   resp.backup_selection.conditions.string_like #=> Array
+    #   resp.backup_selection.conditions.string_like[0].condition_key #=> String
+    #   resp.backup_selection.conditions.string_like[0].condition_value #=> String
+    #   resp.backup_selection.conditions.string_not_like #=> Array
+    #   resp.backup_selection.conditions.string_not_like[0].condition_key #=> String
+    #   resp.backup_selection.conditions.string_not_like[0].condition_value #=> String
     #   resp.selection_id #=> String
     #   resp.backup_plan_id #=> String
     #   resp.creation_date #=> Time
@@ -2242,6 +2332,10 @@ module Aws::Backup
     #   resp.backup_vault_list[0].encryption_key_arn #=> String
     #   resp.backup_vault_list[0].creator_request_id #=> String
     #   resp.backup_vault_list[0].number_of_recovery_points #=> Integer
+    #   resp.backup_vault_list[0].locked #=> Boolean
+    #   resp.backup_vault_list[0].min_retention_days #=> Integer
+    #   resp.backup_vault_list[0].max_retention_days #=> Integer
+    #   resp.backup_vault_list[0].lock_date #=> Time
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListBackupVaults AWS API Documentation
@@ -2886,6 +2980,97 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Applies Backup Vault Lock to a backup vault, preventing attempts to
+    # delete any recovery point stored in or created in a backup vault.
+    # Vault Lock also prevents attempts to update the lifecycle policy that
+    # controls the retention period of any recovery point currently stored
+    # in a backup vault. If specified, Vault Lock enforces a minimum and
+    # maximum retention period for future backup and copy jobs that target a
+    # backup vault.
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The Backup Vault Lock configuration that specifies the name of the
+    #   backup vault it protects.
+    #
+    # @option params [Integer] :min_retention_days
+    #   The Backup Vault Lock configuration that specifies the minimum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to retain certain data for at least seven years (2555
+    #   days).
+    #
+    #   If this parameter is not specified, Vault Lock will not enforce a
+    #   minimum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   longer than the minimum retention period. If the job's retention
+    #   period is shorter than that minimum retention period, then the vault
+    #   fails that backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #
+    # @option params [Integer] :max_retention_days
+    #   The Backup Vault Lock configuration that specifies the maximum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to destroy certain data after retaining it for four years
+    #   (1460 days).
+    #
+    #   If this parameter is not included, Vault Lock does not enforce a
+    #   maximum retention period on the recovery points in the vault. If this
+    #   parameter is included without a value, Vault Lock will not enforce a
+    #   maximum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   shorter than the maximum retention period. If the job's retention
+    #   period is longer than that maximum retention period, then the vault
+    #   fails the backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #
+    # @option params [Integer] :changeable_for_days
+    #   The Backup Vault Lock configuration that specifies the number of days
+    #   before the lock date. For example, setting `ChangeableForDays` to 30
+    #   on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31, 2022 at
+    #   8pm UTC.
+    #
+    #   Backup enforces a 72-hour cooling-off period before Vault Lock takes
+    #   effect and becomes immutable. Therefore, you must set
+    #   `ChangeableForDays` to 3 or greater.
+    #
+    #   Before the lock date, you can delete Vault Lock from the vault using
+    #   `DeleteBackupVaultLockConfiguration` or change the Vault Lock
+    #   configuration using `PutBackupVaultLockConfiguration`. On and after
+    #   the lock date, the Vault Lock becomes immutable and cannot be changed
+    #   or deleted.
+    #
+    #   If this parameter is not specified, you can delete Vault Lock from the
+    #   vault using `DeleteBackupVaultLockConfiguration` or change the Vault
+    #   Lock configuration using `PutBackupVaultLockConfiguration` at any
+    #   time.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_backup_vault_lock_configuration({
+    #     backup_vault_name: "BackupVaultName", # required
+    #     min_retention_days: 1,
+    #     max_retention_days: 1,
+    #     changeable_for_days: 1,
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/PutBackupVaultLockConfiguration AWS API Documentation
+    #
+    # @overload put_backup_vault_lock_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_backup_vault_lock_configuration(params = {}, options = {})
+      req = build_request(:put_backup_vault_lock_configuration, params)
+      req.send_request(options)
+    end
+
     # Turns on notifications on a backup vault for the specified topic and
     # events.
     #
@@ -3722,7 +3907,7 @@ module Aws::Backup
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-backup'
-      context[:gem_version] = '1.33.0'
+      context[:gem_version] = '1.37.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-backup/client_api.rb

@@ -51,8 +51,11 @@ module Aws::Backup
     ComplianceResourceIdList = Shapes::ListShape.new(name: 'ComplianceResourceIdList')
     Condition = Shapes::StructureShape.new(name: 'Condition')
     ConditionKey = Shapes::StringShape.new(name: 'ConditionKey')
+    ConditionParameter = Shapes::StructureShape.new(name: 'ConditionParameter')
+    ConditionParameters = Shapes::ListShape.new(name: 'ConditionParameters')
     ConditionType = Shapes::StringShape.new(name: 'ConditionType')
     ConditionValue = Shapes::StringShape.new(name: 'ConditionValue')
+    Conditions = Shapes::StructureShape.new(name: 'Conditions')
     ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     ControlInputParameter = Shapes::StructureShape.new(name: 'ControlInputParameter')
     ControlInputParameters = Shapes::ListShape.new(name: 'ControlInputParameters')
@@ -79,6 +82,7 @@ module Aws::Backup
     DeleteBackupSelectionInput = Shapes::StructureShape.new(name: 'DeleteBackupSelectionInput')
     DeleteBackupVaultAccessPolicyInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultAccessPolicyInput')
     DeleteBackupVaultInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultInput')
+    DeleteBackupVaultLockConfigurationInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultLockConfigurationInput')
     DeleteBackupVaultNotificationsInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultNotificationsInput')
     DeleteFrameworkInput = Shapes::StructureShape.new(name: 'DeleteFrameworkInput')
     DeleteRecoveryPointInput = Shapes::StructureShape.new(name: 'DeleteRecoveryPointInput')
@@ -185,6 +189,7 @@ module Aws::Backup
     ProtectedResource = Shapes::StructureShape.new(name: 'ProtectedResource')
     ProtectedResourcesList = Shapes::ListShape.new(name: 'ProtectedResourcesList')
     PutBackupVaultAccessPolicyInput = Shapes::StructureShape.new(name: 'PutBackupVaultAccessPolicyInput')
+    PutBackupVaultLockConfigurationInput = Shapes::StructureShape.new(name: 'PutBackupVaultLockConfigurationInput')
     PutBackupVaultNotificationsInput = Shapes::StructureShape.new(name: 'PutBackupVaultNotificationsInput')
     RecoveryPointByBackupVault = Shapes::StructureShape.new(name: 'RecoveryPointByBackupVault')
     RecoveryPointByBackupVaultList = Shapes::ListShape.new(name: 'RecoveryPointByBackupVaultList')
@@ -351,6 +356,8 @@ module Aws::Backup
     BackupSelection.add_member(:iam_role_arn, Shapes::ShapeRef.new(shape: IAMRoleArn, required: true, location_name: "IamRoleArn"))
     BackupSelection.add_member(:resources, Shapes::ShapeRef.new(shape: ResourceArns, location_name: "Resources"))
     BackupSelection.add_member(:list_of_tags, Shapes::ShapeRef.new(shape: ListOfTags, location_name: "ListOfTags"))
+    BackupSelection.add_member(:not_resources, Shapes::ShapeRef.new(shape: ResourceArns, location_name: "NotResources"))
+    BackupSelection.add_member(:conditions, Shapes::ShapeRef.new(shape: Conditions, location_name: "Conditions"))
     BackupSelection.struct_class = Types::BackupSelection
 
     BackupSelectionsList.member = Shapes::ShapeRef.new(shape: BackupSelectionsListMember)
@@ -373,6 +380,10 @@ module Aws::Backup
     BackupVaultListMember.add_member(:encryption_key_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "EncryptionKeyArn"))
     BackupVaultListMember.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: string, location_name: "CreatorRequestId"))
     BackupVaultListMember.add_member(:number_of_recovery_points, Shapes::ShapeRef.new(shape: long, location_name: "NumberOfRecoveryPoints"))
+    BackupVaultListMember.add_member(:locked, Shapes::ShapeRef.new(shape: Boolean, location_name: "Locked"))
+    BackupVaultListMember.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    BackupVaultListMember.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    BackupVaultListMember.add_member(:lock_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "LockDate"))
     BackupVaultListMember.struct_class = Types::BackupVaultListMember
 
     CalculatedLifecycle.add_member(:move_to_cold_storage_at, Shapes::ShapeRef.new(shape: timestamp, location_name: "MoveToColdStorageAt"))
@@ -386,6 +397,18 @@ module Aws::Backup
     Condition.add_member(:condition_value, Shapes::ShapeRef.new(shape: ConditionValue, required: true, location_name: "ConditionValue"))
     Condition.struct_class = Types::Condition
 
+    ConditionParameter.add_member(:condition_key, Shapes::ShapeRef.new(shape: ConditionKey, location_name: "ConditionKey"))
+    ConditionParameter.add_member(:condition_value, Shapes::ShapeRef.new(shape: ConditionValue, location_name: "ConditionValue"))
+    ConditionParameter.struct_class = Types::ConditionParameter
+
+    ConditionParameters.member = Shapes::ShapeRef.new(shape: ConditionParameter)
+
+    Conditions.add_member(:string_equals, Shapes::ShapeRef.new(shape: ConditionParameters, location_name: "StringEquals"))
+    Conditions.add_member(:string_not_equals, Shapes::ShapeRef.new(shape: ConditionParameters, location_name: "StringNotEquals"))
+    Conditions.add_member(:string_like, Shapes::ShapeRef.new(shape: ConditionParameters, location_name: "StringLike"))
+    Conditions.add_member(:string_not_like, Shapes::ShapeRef.new(shape: ConditionParameters, location_name: "StringNotLike"))
+    Conditions.struct_class = Types::Conditions
+
     ConflictException.add_member(:code, Shapes::ShapeRef.new(shape: string, location_name: "Code"))
     ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: string, location_name: "Message"))
     ConflictException.add_member(:type, Shapes::ShapeRef.new(shape: string, location_name: "Type"))
@@ -504,6 +527,9 @@ module Aws::Backup
     DeleteBackupVaultInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "backupVaultName"))
     DeleteBackupVaultInput.struct_class = Types::DeleteBackupVaultInput
 
+    DeleteBackupVaultLockConfigurationInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
+    DeleteBackupVaultLockConfigurationInput.struct_class = Types::DeleteBackupVaultLockConfigurationInput
+
     DeleteBackupVaultNotificationsInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
     DeleteBackupVaultNotificationsInput.struct_class = Types::DeleteBackupVaultNotificationsInput
 
@@ -557,6 +583,10 @@ module Aws::Backup
     DescribeBackupVaultOutput.add_member(:creation_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "CreationDate"))
     DescribeBackupVaultOutput.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: string, location_name: "CreatorRequestId"))
     DescribeBackupVaultOutput.add_member(:number_of_recovery_points, Shapes::ShapeRef.new(shape: long, location_name: "NumberOfRecoveryPoints"))
+    DescribeBackupVaultOutput.add_member(:locked, Shapes::ShapeRef.new(shape: Boolean, location_name: "Locked"))
+    DescribeBackupVaultOutput.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    DescribeBackupVaultOutput.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    DescribeBackupVaultOutput.add_member(:lock_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "LockDate"))
     DescribeBackupVaultOutput.struct_class = Types::DescribeBackupVaultOutput
 
     DescribeCopyJobInput.add_member(:copy_job_id, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "copyJobId"))
@@ -954,6 +984,12 @@ module Aws::Backup
     PutBackupVaultAccessPolicyInput.add_member(:policy, Shapes::ShapeRef.new(shape: IAMPolicy, location_name: "Policy"))
     PutBackupVaultAccessPolicyInput.struct_class = Types::PutBackupVaultAccessPolicyInput
 
+    PutBackupVaultLockConfigurationInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
+    PutBackupVaultLockConfigurationInput.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    PutBackupVaultLockConfigurationInput.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    PutBackupVaultLockConfigurationInput.add_member(:changeable_for_days, Shapes::ShapeRef.new(shape: Long, location_name: "ChangeableForDays"))
+    PutBackupVaultLockConfigurationInput.struct_class = Types::PutBackupVaultLockConfigurationInput
+
     PutBackupVaultNotificationsInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
     PutBackupVaultNotificationsInput.add_member(:sns_topic_arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "SNSTopicArn"))
     PutBackupVaultNotificationsInput.add_member(:backup_vault_events, Shapes::ShapeRef.new(shape: BackupVaultEvents, required: true, location_name: "BackupVaultEvents"))
@@ -1324,6 +1360,19 @@ module Aws::Backup
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
+      api.add_operation(:delete_backup_vault_lock_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteBackupVaultLockConfiguration"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/backup-vaults/{backupVaultName}/vault-lock"
+        o.input = Shapes::ShapeRef.new(shape: DeleteBackupVaultLockConfigurationInput)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: MissingParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+      end)
+
       api.add_operation(:delete_backup_vault_notifications, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteBackupVaultNotifications"
         o.http_method = "DELETE"
@@ -1894,6 +1943,19 @@ module Aws::Backup
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
+      api.add_operation(:put_backup_vault_lock_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBackupVaultLockConfiguration"
+        o.http_method = "PUT"
+        o.http_request_uri = "/backup-vaults/{backupVaultName}/vault-lock"
+        o.input = Shapes::ShapeRef.new(shape: PutBackupVaultLockConfigurationInput)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: MissingParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+      end)
+
       api.add_operation(:put_backup_vault_notifications, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutBackupVaultNotifications"
         o.http_method = "PUT"

data/lib/aws-sdk-backup/types.rb

@@ -653,6 +653,33 @@ module Aws::Backup
     #             condition_value: "ConditionValue", # required
     #           },
     #         ],
+    #         not_resources: ["ARN"],
+    #         conditions: {
+    #           string_equals: [
+    #             {
+    #               condition_key: "ConditionKey",
+    #               condition_value: "ConditionValue",
+    #             },
+    #           ],
+    #           string_not_equals: [
+    #             {
+    #               condition_key: "ConditionKey",
+    #               condition_value: "ConditionValue",
+    #             },
+    #           ],
+    #           string_like: [
+    #             {
+    #               condition_key: "ConditionKey",
+    #               condition_value: "ConditionValue",
+    #             },
+    #           ],
+    #           string_not_like: [
+    #             {
+    #               condition_key: "ConditionKey",
+    #               condition_value: "ConditionValue",
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] selection_name
@@ -677,13 +704,21 @@ module Aws::Backup
     #   plan to every resource with at least one matching tag.
     #   @return [Array<Types::Condition>]
     #
+    # @!attribute [rw] not_resources
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] conditions
+    #   @return [Types::Conditions]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/BackupSelection AWS API Documentation
     #
     class BackupSelection < Struct.new(
       :selection_name,
       :iam_role_arn,
       :resources,
-      :list_of_tags)
+      :list_of_tags,
+      :not_resources,
+      :conditions)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -773,6 +808,56 @@ module Aws::Backup
     #   The number of recovery points that are stored in a backup vault.
     #   @return [Integer]
     #
+    # @!attribute [rw] locked
+    #   A Boolean value that indicates whether Backup Vault Lock applies to
+    #   the selected backup vault. If `true`, Vault Lock prevents delete and
+    #   update operations on the recovery points in the selected vault.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock setting that specifies the minimum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a minimum retention
+    #   period.
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or longer than the
+    #   minimum retention period. If the job's retention period is shorter
+    #   than that minimum retention period, then the vault fails the backup
+    #   or copy job, and you should either modify your lifecycle settings or
+    #   use a different vault. Recovery points already stored in the vault
+    #   prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock setting that specifies the maximum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a maximum retention
+    #   period on the recovery points in the vault (allowing indefinite
+    #   storage).
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or shorter than
+    #   the maximum retention period. If the job's retention period is
+    #   longer than that maximum retention period, then the vault fails the
+    #   backup or copy job, and you should either modify your lifecycle
+    #   settings or use a different vault. Recovery points already stored in
+    #   the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] lock_date
+    #   The date and time when Backup Vault Lock configuration becomes
+    #   immutable, meaning it cannot be changed or deleted.
+    #
+    #   If you applied Vault Lock to your vault without specifying a lock
+    #   date, you can change your Vault Lock settings, or delete Vault Lock
+    #   from the vault entirely, at any time.
+    #
+    #   This value is in Unix format, Coordinated Universal Time (UTC), and
+    #   accurate to milliseconds. For example, the value 1516925490.087
+    #   represents Friday, January 26, 2018 12:11:30.087 AM.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/BackupVaultListMember AWS API Documentation
     #
     class BackupVaultListMember < Struct.new(
@@ -781,7 +866,11 @@ module Aws::Backup
       :creation_date,
       :encryption_key_arn,
       :creator_request_id,
-      :number_of_recovery_points)
+      :number_of_recovery_points,
+      :locked,
+      :min_retention_days,
+      :max_retention_days,
+      :lock_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -860,6 +949,82 @@ module Aws::Backup
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ConditionParameter
+    #   data as a hash:
+    #
+    #       {
+    #         condition_key: "ConditionKey",
+    #         condition_value: "ConditionValue",
+    #       }
+    #
+    # @!attribute [rw] condition_key
+    #   @return [String]
+    #
+    # @!attribute [rw] condition_value
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ConditionParameter AWS API Documentation
+    #
+    class ConditionParameter < Struct.new(
+      :condition_key,
+      :condition_value)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass Conditions
+    #   data as a hash:
+    #
+    #       {
+    #         string_equals: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_not_equals: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_like: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #         string_not_like: [
+    #           {
+    #             condition_key: "ConditionKey",
+    #             condition_value: "ConditionValue",
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] string_equals
+    #   @return [Array<Types::ConditionParameter>]
+    #
+    # @!attribute [rw] string_not_equals
+    #   @return [Array<Types::ConditionParameter>]
+    #
+    # @!attribute [rw] string_like
+    #   @return [Array<Types::ConditionParameter>]
+    #
+    # @!attribute [rw] string_not_like
+    #   @return [Array<Types::ConditionParameter>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/Conditions AWS API Documentation
+    #
+    class Conditions < Struct.new(
+      :string_equals,
+      :string_not_equals,
+      :string_like,
+      :string_not_like)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Backup can't perform the action that you requested until it finishes
     # performing a previous action. Try again later.
     #
@@ -1244,6 +1409,33 @@ module Aws::Backup
     #               condition_value: "ConditionValue", # required
     #             },
     #           ],
+    #           not_resources: ["ARN"],
+    #           conditions: {
+    #             string_equals: [
+    #               {
+    #                 condition_key: "ConditionKey",
+    #                 condition_value: "ConditionValue",
+    #               },
+    #             ],
+    #             string_not_equals: [
+    #               {
+    #                 condition_key: "ConditionKey",
+    #                 condition_value: "ConditionValue",
+    #               },
+    #             ],
+    #             string_like: [
+    #               {
+    #                 condition_key: "ConditionKey",
+    #                 condition_value: "ConditionValue",
+    #               },
+    #             ],
+    #             string_not_like: [
+    #               {
+    #                 condition_key: "ConditionKey",
+    #                 condition_value: "ConditionValue",
+    #               },
+    #             ],
+    #           },
     #         },
     #         creator_request_id: "string",
     #       }
@@ -1697,6 +1889,25 @@ module Aws::Backup
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteBackupVaultLockConfigurationInput
+    #   data as a hash:
+    #
+    #       {
+    #         backup_vault_name: "BackupVaultName", # required
+    #       }
+    #
+    # @!attribute [rw] backup_vault_name
+    #   The name of the backup vault from which to delete Backup Vault Lock.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DeleteBackupVaultLockConfigurationInput AWS API Documentation
+    #
+    class DeleteBackupVaultLockConfigurationInput < Struct.new(
+      :backup_vault_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteBackupVaultNotificationsInput
     #   data as a hash:
     #
@@ -2033,6 +2244,57 @@ module Aws::Backup
     #   The number of recovery points that are stored in a backup vault.
     #   @return [Integer]
     #
+    # @!attribute [rw] locked
+    #   A Boolean that indicates whether Backup Vault Lock is currently
+    #   protecting the backup vault. `True` means that Vault Lock causes
+    #   delete or update operations on the recovery points stored in the
+    #   vault to fail.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock setting that specifies the minimum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a minimum retention
+    #   period.
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or longer than the
+    #   minimum retention period. If the job's retention period is shorter
+    #   than that minimum retention period, then the vault fails the backup
+    #   or copy job, and you should either modify your lifecycle settings or
+    #   use a different vault. Recovery points already stored in the vault
+    #   prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock setting that specifies the maximum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a maximum retention
+    #   period on the recovery points in the vault (allowing indefinite
+    #   storage).
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or shorter than
+    #   the maximum retention period. If the job's retention period is
+    #   longer than that maximum retention period, then the vault fails the
+    #   backup or copy job, and you should either modify your lifecycle
+    #   settings or use a different vault. Recovery points already stored in
+    #   the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] lock_date
+    #   The date and time when Backup Vault Lock configuration cannot be
+    #   changed or deleted.
+    #
+    #   If you applied Vault Lock to your vault without specifying a lock
+    #   date, you can change any of your Vault Lock settings, or delete
+    #   Vault Lock from the vault entirely, at any time.
+    #
+    #   This value is in Unix format, Coordinated Universal Time (UTC), and
+    #   accurate to milliseconds. For example, the value 1516925490.087
+    #   represents Friday, January 26, 2018 12:11:30.087 AM.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeBackupVaultOutput AWS API Documentation
     #
     class DescribeBackupVaultOutput < Struct.new(
@@ -2041,7 +2303,11 @@ module Aws::Backup
       :encryption_key_arn,
       :creation_date,
       :creator_request_id,
-      :number_of_recovery_points)
+      :number_of_recovery_points,
+      :locked,
+      :min_retention_days,
+      :max_retention_days,
+      :lock_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4453,6 +4719,94 @@ module Aws::Backup
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutBackupVaultLockConfigurationInput
+    #   data as a hash:
+    #
+    #       {
+    #         backup_vault_name: "BackupVaultName", # required
+    #         min_retention_days: 1,
+    #         max_retention_days: 1,
+    #         changeable_for_days: 1,
+    #       }
+    #
+    # @!attribute [rw] backup_vault_name
+    #   The Backup Vault Lock configuration that specifies the name of the
+    #   backup vault it protects.
+    #   @return [String]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock configuration that specifies the minimum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to retain certain data for at least seven years (2555
+    #   days).
+    #
+    #   If this parameter is not specified, Vault Lock will not enforce a
+    #   minimum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   longer than the minimum retention period. If the job's retention
+    #   period is shorter than that minimum retention period, then the vault
+    #   fails that backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock configuration that specifies the maximum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to destroy certain data after retaining it for four
+    #   years (1460 days).
+    #
+    #   If this parameter is not included, Vault Lock does not enforce a
+    #   maximum retention period on the recovery points in the vault. If
+    #   this parameter is included without a value, Vault Lock will not
+    #   enforce a maximum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   shorter than the maximum retention period. If the job's retention
+    #   period is longer than that maximum retention period, then the vault
+    #   fails the backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] changeable_for_days
+    #   The Backup Vault Lock configuration that specifies the number of
+    #   days before the lock date. For example, setting `ChangeableForDays`
+    #   to 30 on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31,
+    #   2022 at 8pm UTC.
+    #
+    #   Backup enforces a 72-hour cooling-off period before Vault Lock takes
+    #   effect and becomes immutable. Therefore, you must set
+    #   `ChangeableForDays` to 3 or greater.
+    #
+    #   Before the lock date, you can delete Vault Lock from the vault using
+    #   `DeleteBackupVaultLockConfiguration` or change the Vault Lock
+    #   configuration using `PutBackupVaultLockConfiguration`. On and after
+    #   the lock date, the Vault Lock becomes immutable and cannot be
+    #   changed or deleted.
+    #
+    #   If this parameter is not specified, you can delete Vault Lock from
+    #   the vault using `DeleteBackupVaultLockConfiguration` or change the
+    #   Vault Lock configuration using `PutBackupVaultLockConfiguration` at
+    #   any time.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/PutBackupVaultLockConfigurationInput AWS API Documentation
+    #
+    class PutBackupVaultLockConfigurationInput < Struct.new(
+      :backup_vault_name,
+      :min_retention_days,
+      :max_retention_days,
+      :changeable_for_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutBackupVaultNotificationsInput
     #   data as a hash:
     #

data/lib/aws-sdk-backup.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-backup/customizations'
 # @!group service
 module Aws::Backup
 
-  GEM_VERSION = '1.33.0'
+  GEM_VERSION = '1.37.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-backup
 version: !ruby/object:Gem::Version
-  version: 1.33.0
+  version: 1.37.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-05 00:00:00.000000000 Z
+date: 2021-11-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -19,7 +19,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.122.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
         version: '3'
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.120.0
+        version: 3.122.0
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement