aws-sdk-backup 1.33.0 → 1.34.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 477db29fed1a07d045bb148798161a6876066674373298acc7bb1b6e0c9521ae
-  data.tar.gz: 759b811e2cded6f09dcddf1a9bc62a1cc181abb9191d08a8a8adce88bffb6fcf
+  metadata.gz: 0ebad1986daeb768ef8b1bad1482bd91a4bd9ac8623b2ecd9dfd81d20842fac9
+  data.tar.gz: d3b80ddd0750ea3ffac8827fb8a58e76aebd8f40748a165047ed2723d1b0397d
 SHA512:
-  metadata.gz: 3b3cae0f124f2680a88e2dc6d94f42de125606b187aa20ecc5a5bd5a16185ebb95f229f67068d6704686f86bc24b97b5831b98ecaf9e11a18a428131bf8da206
-  data.tar.gz: 6b3ea0012b2597eb815cdba08a4a87b6c1df3b10d3268678e509535323b221d79ebe4d084f600ab3a3492a4ffd0058406a1d1df08de1bce17db7773ecfd055a5
+  metadata.gz: 50bbefbf352c4371f20ecd7ecda1f55c342d6226efc4ddf8a2c411bc65f48ea0767f542ca08b76c0154dac667192848f0390f539533c5e90cebb2f0e52477a1d
+  data.tar.gz: ee6fc23d98bc6df646a32b8f5a82e148d0d7a445122f26f19a1a9a094ded33e39c365ad0668e13e80867ee1a36fd4715e3d8b5f59ce9633ea933943dcf751093

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.34.0 (2021-10-07)
+------------------
+
+* Feature - Launch of AWS Backup Vault Lock, which protects your backups from malicious and accidental actions, works with existing backup policies, and helps you meet compliance requirements.
+
 1.33.0 (2021-10-05)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.33.0
+1.34.0

data/lib/aws-sdk-backup/client.rb

@@ -850,6 +850,38 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Deletes Backup Vault Lock from a backup vault specified by a backup
+    # vault name.
+    #
+    # If the Vault Lock configuration is immutable, then you cannot delete
+    # Vault Lock using API operations, and you will receive an
+    # `InvalidRequestException` if you attempt to do so. For more
+    # information, see [Vault Lock][1] in the *Backup Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/aws-backup/latest/devguide/vault-lock.html
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The name of the backup vault from which to delete Backup Vault Lock.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_backup_vault_lock_configuration({
+    #     backup_vault_name: "BackupVaultName", # required
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DeleteBackupVaultLockConfiguration AWS API Documentation
+    #
+    # @overload delete_backup_vault_lock_configuration(params = {})
+    # @param [Hash] params ({})
+    def delete_backup_vault_lock_configuration(params = {}, options = {})
+      req = build_request(:delete_backup_vault_lock_configuration, params)
+      req.send_request(options)
+    end
+
     # Deletes event notifications for the specified backup vault.
     #
     # @option params [required, String] :backup_vault_name
@@ -1040,6 +1072,10 @@ module Aws::Backup
     #   * {Types::DescribeBackupVaultOutput#creation_date #creation_date} => Time
     #   * {Types::DescribeBackupVaultOutput#creator_request_id #creator_request_id} => String
     #   * {Types::DescribeBackupVaultOutput#number_of_recovery_points #number_of_recovery_points} => Integer
+    #   * {Types::DescribeBackupVaultOutput#locked #locked} => Boolean
+    #   * {Types::DescribeBackupVaultOutput#min_retention_days #min_retention_days} => Integer
+    #   * {Types::DescribeBackupVaultOutput#max_retention_days #max_retention_days} => Integer
+    #   * {Types::DescribeBackupVaultOutput#lock_date #lock_date} => Time
     #
     # @example Request syntax with placeholder values
     #
@@ -1055,6 +1091,10 @@ module Aws::Backup
     #   resp.creation_date #=> Time
     #   resp.creator_request_id #=> String
     #   resp.number_of_recovery_points #=> Integer
+    #   resp.locked #=> Boolean
+    #   resp.min_retention_days #=> Integer
+    #   resp.max_retention_days #=> Integer
+    #   resp.lock_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeBackupVault AWS API Documentation
     #
@@ -2242,6 +2282,10 @@ module Aws::Backup
     #   resp.backup_vault_list[0].encryption_key_arn #=> String
     #   resp.backup_vault_list[0].creator_request_id #=> String
     #   resp.backup_vault_list[0].number_of_recovery_points #=> Integer
+    #   resp.backup_vault_list[0].locked #=> Boolean
+    #   resp.backup_vault_list[0].min_retention_days #=> Integer
+    #   resp.backup_vault_list[0].max_retention_days #=> Integer
+    #   resp.backup_vault_list[0].lock_date #=> Time
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/ListBackupVaults AWS API Documentation
@@ -2886,6 +2930,97 @@ module Aws::Backup
       req.send_request(options)
     end
 
+    # Applies Backup Vault Lock to a backup vault, preventing attempts to
+    # delete any recovery point stored in or created in a backup vault.
+    # Vault Lock also prevents attempts to update the lifecycle policy that
+    # controls the retention period of any recovery point currently stored
+    # in a backup vault. If specified, Vault Lock enforces a minimum and
+    # maximum retention period for future backup and copy jobs that target a
+    # backup vault.
+    #
+    # @option params [required, String] :backup_vault_name
+    #   The Backup Vault Lock configuration that specifies the name of the
+    #   backup vault it protects.
+    #
+    # @option params [Integer] :min_retention_days
+    #   The Backup Vault Lock configuration that specifies the minimum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to retain certain data for at least seven years (2555
+    #   days).
+    #
+    #   If this parameter is not specified, Vault Lock will not enforce a
+    #   minimum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   longer than the minimum retention period. If the job's retention
+    #   period is shorter than that minimum retention period, then the vault
+    #   fails that backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #
+    # @option params [Integer] :max_retention_days
+    #   The Backup Vault Lock configuration that specifies the maximum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to destroy certain data after retaining it for four years
+    #   (1460 days).
+    #
+    #   If this parameter is not included, Vault Lock does not enforce a
+    #   maximum retention period on the recovery points in the vault. If this
+    #   parameter is included without a value, Vault Lock will not enforce a
+    #   maximum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   shorter than the maximum retention period. If the job's retention
+    #   period is longer than that maximum retention period, then the vault
+    #   fails the backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #
+    # @option params [Integer] :changeable_for_days
+    #   The Backup Vault Lock configuration that specifies the number of days
+    #   before the lock date. For example, setting `ChangeableForDays` to 30
+    #   on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31, 2022 at
+    #   8pm UTC.
+    #
+    #   Backup enforces a 72-hour cooling-off period before Vault Lock takes
+    #   effect and becomes immutable. Therefore, you must set
+    #   `ChangeableForDays` to 3 or greater.
+    #
+    #   Before the lock date, you can delete Vault Lock from the vault using
+    #   `DeleteBackupVaultLockConfiguration` or change the Vault Lock
+    #   configuration using `PutBackupVaultLockConfiguration`. On and after
+    #   the lock date, the Vault Lock becomes immutable and cannot be changed
+    #   or deleted.
+    #
+    #   If this parameter is not specified, you can delete Vault Lock from the
+    #   vault using `DeleteBackupVaultLockConfiguration` or change the Vault
+    #   Lock configuration using `PutBackupVaultLockConfiguration` at any
+    #   time.
+    #
+    # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.put_backup_vault_lock_configuration({
+    #     backup_vault_name: "BackupVaultName", # required
+    #     min_retention_days: 1,
+    #     max_retention_days: 1,
+    #     changeable_for_days: 1,
+    #   })
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/PutBackupVaultLockConfiguration AWS API Documentation
+    #
+    # @overload put_backup_vault_lock_configuration(params = {})
+    # @param [Hash] params ({})
+    def put_backup_vault_lock_configuration(params = {}, options = {})
+      req = build_request(:put_backup_vault_lock_configuration, params)
+      req.send_request(options)
+    end
+
     # Turns on notifications on a backup vault for the specified topic and
     # events.
     #
@@ -3722,7 +3857,7 @@ module Aws::Backup
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-backup'
-      context[:gem_version] = '1.33.0'
+      context[:gem_version] = '1.34.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-backup/client_api.rb

@@ -79,6 +79,7 @@ module Aws::Backup
     DeleteBackupSelectionInput = Shapes::StructureShape.new(name: 'DeleteBackupSelectionInput')
     DeleteBackupVaultAccessPolicyInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultAccessPolicyInput')
     DeleteBackupVaultInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultInput')
+    DeleteBackupVaultLockConfigurationInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultLockConfigurationInput')
     DeleteBackupVaultNotificationsInput = Shapes::StructureShape.new(name: 'DeleteBackupVaultNotificationsInput')
     DeleteFrameworkInput = Shapes::StructureShape.new(name: 'DeleteFrameworkInput')
     DeleteRecoveryPointInput = Shapes::StructureShape.new(name: 'DeleteRecoveryPointInput')
@@ -185,6 +186,7 @@ module Aws::Backup
     ProtectedResource = Shapes::StructureShape.new(name: 'ProtectedResource')
     ProtectedResourcesList = Shapes::ListShape.new(name: 'ProtectedResourcesList')
     PutBackupVaultAccessPolicyInput = Shapes::StructureShape.new(name: 'PutBackupVaultAccessPolicyInput')
+    PutBackupVaultLockConfigurationInput = Shapes::StructureShape.new(name: 'PutBackupVaultLockConfigurationInput')
     PutBackupVaultNotificationsInput = Shapes::StructureShape.new(name: 'PutBackupVaultNotificationsInput')
     RecoveryPointByBackupVault = Shapes::StructureShape.new(name: 'RecoveryPointByBackupVault')
     RecoveryPointByBackupVaultList = Shapes::ListShape.new(name: 'RecoveryPointByBackupVaultList')
@@ -373,6 +375,10 @@ module Aws::Backup
     BackupVaultListMember.add_member(:encryption_key_arn, Shapes::ShapeRef.new(shape: ARN, location_name: "EncryptionKeyArn"))
     BackupVaultListMember.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: string, location_name: "CreatorRequestId"))
     BackupVaultListMember.add_member(:number_of_recovery_points, Shapes::ShapeRef.new(shape: long, location_name: "NumberOfRecoveryPoints"))
+    BackupVaultListMember.add_member(:locked, Shapes::ShapeRef.new(shape: Boolean, location_name: "Locked"))
+    BackupVaultListMember.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    BackupVaultListMember.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    BackupVaultListMember.add_member(:lock_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "LockDate"))
     BackupVaultListMember.struct_class = Types::BackupVaultListMember
 
     CalculatedLifecycle.add_member(:move_to_cold_storage_at, Shapes::ShapeRef.new(shape: timestamp, location_name: "MoveToColdStorageAt"))
@@ -504,6 +510,9 @@ module Aws::Backup
     DeleteBackupVaultInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "backupVaultName"))
     DeleteBackupVaultInput.struct_class = Types::DeleteBackupVaultInput
 
+    DeleteBackupVaultLockConfigurationInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
+    DeleteBackupVaultLockConfigurationInput.struct_class = Types::DeleteBackupVaultLockConfigurationInput
+
     DeleteBackupVaultNotificationsInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
     DeleteBackupVaultNotificationsInput.struct_class = Types::DeleteBackupVaultNotificationsInput
 
@@ -557,6 +566,10 @@ module Aws::Backup
     DescribeBackupVaultOutput.add_member(:creation_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "CreationDate"))
     DescribeBackupVaultOutput.add_member(:creator_request_id, Shapes::ShapeRef.new(shape: string, location_name: "CreatorRequestId"))
     DescribeBackupVaultOutput.add_member(:number_of_recovery_points, Shapes::ShapeRef.new(shape: long, location_name: "NumberOfRecoveryPoints"))
+    DescribeBackupVaultOutput.add_member(:locked, Shapes::ShapeRef.new(shape: Boolean, location_name: "Locked"))
+    DescribeBackupVaultOutput.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    DescribeBackupVaultOutput.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    DescribeBackupVaultOutput.add_member(:lock_date, Shapes::ShapeRef.new(shape: timestamp, location_name: "LockDate"))
     DescribeBackupVaultOutput.struct_class = Types::DescribeBackupVaultOutput
 
     DescribeCopyJobInput.add_member(:copy_job_id, Shapes::ShapeRef.new(shape: string, required: true, location: "uri", location_name: "copyJobId"))
@@ -954,6 +967,12 @@ module Aws::Backup
     PutBackupVaultAccessPolicyInput.add_member(:policy, Shapes::ShapeRef.new(shape: IAMPolicy, location_name: "Policy"))
     PutBackupVaultAccessPolicyInput.struct_class = Types::PutBackupVaultAccessPolicyInput
 
+    PutBackupVaultLockConfigurationInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
+    PutBackupVaultLockConfigurationInput.add_member(:min_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MinRetentionDays"))
+    PutBackupVaultLockConfigurationInput.add_member(:max_retention_days, Shapes::ShapeRef.new(shape: Long, location_name: "MaxRetentionDays"))
+    PutBackupVaultLockConfigurationInput.add_member(:changeable_for_days, Shapes::ShapeRef.new(shape: Long, location_name: "ChangeableForDays"))
+    PutBackupVaultLockConfigurationInput.struct_class = Types::PutBackupVaultLockConfigurationInput
+
     PutBackupVaultNotificationsInput.add_member(:backup_vault_name, Shapes::ShapeRef.new(shape: BackupVaultName, required: true, location: "uri", location_name: "backupVaultName"))
     PutBackupVaultNotificationsInput.add_member(:sns_topic_arn, Shapes::ShapeRef.new(shape: ARN, required: true, location_name: "SNSTopicArn"))
     PutBackupVaultNotificationsInput.add_member(:backup_vault_events, Shapes::ShapeRef.new(shape: BackupVaultEvents, required: true, location_name: "BackupVaultEvents"))
@@ -1324,6 +1343,19 @@ module Aws::Backup
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
+      api.add_operation(:delete_backup_vault_lock_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteBackupVaultLockConfiguration"
+        o.http_method = "DELETE"
+        o.http_request_uri = "/backup-vaults/{backupVaultName}/vault-lock"
+        o.input = Shapes::ShapeRef.new(shape: DeleteBackupVaultLockConfigurationInput)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: MissingParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+      end)
+
       api.add_operation(:delete_backup_vault_notifications, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteBackupVaultNotifications"
         o.http_method = "DELETE"
@@ -1894,6 +1926,19 @@ module Aws::Backup
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
+      api.add_operation(:put_backup_vault_lock_configuration, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutBackupVaultLockConfiguration"
+        o.http_method = "PUT"
+        o.http_request_uri = "/backup-vaults/{backupVaultName}/vault-lock"
+        o.input = Shapes::ShapeRef.new(shape: PutBackupVaultLockConfigurationInput)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: MissingParameterValueException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
+      end)
+
       api.add_operation(:put_backup_vault_notifications, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutBackupVaultNotifications"
         o.http_method = "PUT"

data/lib/aws-sdk-backup/types.rb

@@ -773,6 +773,56 @@ module Aws::Backup
     #   The number of recovery points that are stored in a backup vault.
     #   @return [Integer]
     #
+    # @!attribute [rw] locked
+    #   A Boolean value that indicates whether Backup Vault Lock applies to
+    #   the selected backup vault. If `true`, Vault Lock prevents delete and
+    #   update operations on the recovery points in the selected vault.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock setting that specifies the minimum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a minimum retention
+    #   period.
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or longer than the
+    #   minimum retention period. If the job's retention period is shorter
+    #   than that minimum retention period, then the vault fails the backup
+    #   or copy job, and you should either modify your lifecycle settings or
+    #   use a different vault. Recovery points already stored in the vault
+    #   prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock setting that specifies the maximum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a maximum retention
+    #   period on the recovery points in the vault (allowing indefinite
+    #   storage).
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or shorter than
+    #   the maximum retention period. If the job's retention period is
+    #   longer than that maximum retention period, then the vault fails the
+    #   backup or copy job, and you should either modify your lifecycle
+    #   settings or use a different vault. Recovery points already stored in
+    #   the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] lock_date
+    #   The date and time when Backup Vault Lock configuration becomes
+    #   immutable, meaning it cannot be changed or deleted.
+    #
+    #   If you applied Vault Lock to your vault without specifying a lock
+    #   date, you can change your Vault Lock settings, or delete Vault Lock
+    #   from the vault entirely, at any time.
+    #
+    #   This value is in Unix format, Coordinated Universal Time (UTC), and
+    #   accurate to milliseconds. For example, the value 1516925490.087
+    #   represents Friday, January 26, 2018 12:11:30.087 AM.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/BackupVaultListMember AWS API Documentation
     #
     class BackupVaultListMember < Struct.new(
@@ -781,7 +831,11 @@ module Aws::Backup
       :creation_date,
       :encryption_key_arn,
       :creator_request_id,
-      :number_of_recovery_points)
+      :number_of_recovery_points,
+      :locked,
+      :min_retention_days,
+      :max_retention_days,
+      :lock_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1697,6 +1751,25 @@ module Aws::Backup
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteBackupVaultLockConfigurationInput
+    #   data as a hash:
+    #
+    #       {
+    #         backup_vault_name: "BackupVaultName", # required
+    #       }
+    #
+    # @!attribute [rw] backup_vault_name
+    #   The name of the backup vault from which to delete Backup Vault Lock.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DeleteBackupVaultLockConfigurationInput AWS API Documentation
+    #
+    class DeleteBackupVaultLockConfigurationInput < Struct.new(
+      :backup_vault_name)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteBackupVaultNotificationsInput
     #   data as a hash:
     #
@@ -2033,6 +2106,57 @@ module Aws::Backup
     #   The number of recovery points that are stored in a backup vault.
     #   @return [Integer]
     #
+    # @!attribute [rw] locked
+    #   A Boolean that indicates whether Backup Vault Lock is currently
+    #   protecting the backup vault. `True` means that Vault Lock causes
+    #   delete or update operations on the recovery points stored in the
+    #   vault to fail.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock setting that specifies the minimum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a minimum retention
+    #   period.
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or longer than the
+    #   minimum retention period. If the job's retention period is shorter
+    #   than that minimum retention period, then the vault fails the backup
+    #   or copy job, and you should either modify your lifecycle settings or
+    #   use a different vault. Recovery points already stored in the vault
+    #   prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock setting that specifies the maximum retention
+    #   period that the vault retains its recovery points. If this parameter
+    #   is not specified, Vault Lock does not enforce a maximum retention
+    #   period on the recovery points in the vault (allowing indefinite
+    #   storage).
+    #
+    #   If specified, any backup or copy job to the vault must have a
+    #   lifecycle policy with a retention period equal to or shorter than
+    #   the maximum retention period. If the job's retention period is
+    #   longer than that maximum retention period, then the vault fails the
+    #   backup or copy job, and you should either modify your lifecycle
+    #   settings or use a different vault. Recovery points already stored in
+    #   the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] lock_date
+    #   The date and time when Backup Vault Lock configuration cannot be
+    #   changed or deleted.
+    #
+    #   If you applied Vault Lock to your vault without specifying a lock
+    #   date, you can change any of your Vault Lock settings, or delete
+    #   Vault Lock from the vault entirely, at any time.
+    #
+    #   This value is in Unix format, Coordinated Universal Time (UTC), and
+    #   accurate to milliseconds. For example, the value 1516925490.087
+    #   represents Friday, January 26, 2018 12:11:30.087 AM.
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/DescribeBackupVaultOutput AWS API Documentation
     #
     class DescribeBackupVaultOutput < Struct.new(
@@ -2041,7 +2165,11 @@ module Aws::Backup
       :encryption_key_arn,
       :creation_date,
       :creator_request_id,
-      :number_of_recovery_points)
+      :number_of_recovery_points,
+      :locked,
+      :min_retention_days,
+      :max_retention_days,
+      :lock_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4453,6 +4581,94 @@ module Aws::Backup
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutBackupVaultLockConfigurationInput
+    #   data as a hash:
+    #
+    #       {
+    #         backup_vault_name: "BackupVaultName", # required
+    #         min_retention_days: 1,
+    #         max_retention_days: 1,
+    #         changeable_for_days: 1,
+    #       }
+    #
+    # @!attribute [rw] backup_vault_name
+    #   The Backup Vault Lock configuration that specifies the name of the
+    #   backup vault it protects.
+    #   @return [String]
+    #
+    # @!attribute [rw] min_retention_days
+    #   The Backup Vault Lock configuration that specifies the minimum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to retain certain data for at least seven years (2555
+    #   days).
+    #
+    #   If this parameter is not specified, Vault Lock will not enforce a
+    #   minimum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   longer than the minimum retention period. If the job's retention
+    #   period is shorter than that minimum retention period, then the vault
+    #   fails that backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] max_retention_days
+    #   The Backup Vault Lock configuration that specifies the maximum
+    #   retention period that the vault retains its recovery points. This
+    #   setting can be useful if, for example, your organization's policies
+    #   require you to destroy certain data after retaining it for four
+    #   years (1460 days).
+    #
+    #   If this parameter is not included, Vault Lock does not enforce a
+    #   maximum retention period on the recovery points in the vault. If
+    #   this parameter is included without a value, Vault Lock will not
+    #   enforce a maximum retention period.
+    #
+    #   If this parameter is specified, any backup or copy job to the vault
+    #   must have a lifecycle policy with a retention period equal to or
+    #   shorter than the maximum retention period. If the job's retention
+    #   period is longer than that maximum retention period, then the vault
+    #   fails the backup or copy job, and you should either modify your
+    #   lifecycle settings or use a different vault. Recovery points already
+    #   saved in the vault prior to Vault Lock are not affected.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] changeable_for_days
+    #   The Backup Vault Lock configuration that specifies the number of
+    #   days before the lock date. For example, setting `ChangeableForDays`
+    #   to 30 on Jan. 1, 2022 at 8pm UTC will set the lock date to Jan. 31,
+    #   2022 at 8pm UTC.
+    #
+    #   Backup enforces a 72-hour cooling-off period before Vault Lock takes
+    #   effect and becomes immutable. Therefore, you must set
+    #   `ChangeableForDays` to 3 or greater.
+    #
+    #   Before the lock date, you can delete Vault Lock from the vault using
+    #   `DeleteBackupVaultLockConfiguration` or change the Vault Lock
+    #   configuration using `PutBackupVaultLockConfiguration`. On and after
+    #   the lock date, the Vault Lock becomes immutable and cannot be
+    #   changed or deleted.
+    #
+    #   If this parameter is not specified, you can delete Vault Lock from
+    #   the vault using `DeleteBackupVaultLockConfiguration` or change the
+    #   Vault Lock configuration using `PutBackupVaultLockConfiguration` at
+    #   any time.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/backup-2018-11-15/PutBackupVaultLockConfigurationInput AWS API Documentation
+    #
+    class PutBackupVaultLockConfigurationInput < Struct.new(
+      :backup_vault_name,
+      :min_retention_days,
+      :max_retention_days,
+      :changeable_for_days)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutBackupVaultNotificationsInput
     #   data as a hash:
     #

data/lib/aws-sdk-backup.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-backup/customizations'
 # @!group service
 module Aws::Backup
 
-  GEM_VERSION = '1.33.0'
+  GEM_VERSION = '1.34.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-backup
 version: !ruby/object:Gem::Version
-  version: 1.33.0
+  version: 1.34.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-10-05 00:00:00.000000000 Z
+date: 2021-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core