aws-sdk-ec2 1.423.0 → 1.424.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 7878b58e27a99c4dae4767bef3cc189fc4d120fa7ec103bc15a424946809399a
-  data.tar.gz: 986b5b6be83e3443f6d90b4d28e9980e4788bcffa4ad5f558f18b29874591b40
+  metadata.gz: bf3a3b7ef16bc4c610ac2af484bd06f48c975905d63ca9a71727272e20e888fb
+  data.tar.gz: 8e359e175eea11a36cbe5540025fa79ec3dd94298c4e354af34c78871c7cddc6
 SHA512:
-  metadata.gz: a939b287dee77decfb085dc49e58f8568119203da09afeb56b64e3acc8e11e045ba887eccd4fc41c312e9b8e6be224c16b67ba0a33f7b433718f3151a70c5e0c
-  data.tar.gz: d93e9cee042da867d23f07573e8c6e7a5d4cd230fbb04f8c1848a26c7d2538fc4c518bd45287cccb5913fb51013f74c581c83e75cf08310d5800c1404313a6ef
+  metadata.gz: 8c1ab045a3c77b78271ba51125b3846f93378e116070483c3d73ac6c006d8fe78a23c06404dbf06fc3d960f8b9dd98ade2b32edacb84d79189598d77afe44672
+  data.tar.gz: 49c4f20cc01e7aedc20f331267f66a76e4d1bf2484ea3ebe135b1234aff1d4e7bfa94728f6eb3ee95e902e6d38b81c972c5dd802d003094abf0771aefacfd477

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.424.0 (2023-11-20)
+------------------
+
+* Feature - This release adds support for Security group referencing over Transit gateways, enabling you to simplify Security group management and control of instance-to-instance traffic across VPCs that are connected by Transit gateway.
+
 1.423.0 (2023-11-17)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.423.0
+1.424.0

data/lib/aws-sdk-ec2/client.rb

@@ -646,6 +646,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
@@ -3233,9 +3234,17 @@ module Aws::EC2
     # For information about VPC security group quotas, see [Amazon VPC
     # quotas][1].
     #
+    # <note markdown="1"> If you want to reference a security group across VPCs attached to a
+    # transit gateway using the [security group referencing feature][2],
+    # note that you can only reference security groups for ingress rules.
+    # You cannot reference a security group for egress rules.
+    #
+    #  </note>
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html
+    # [2]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -12691,6 +12700,7 @@ module Aws::EC2
     #       default_route_table_propagation: "enable", # accepts enable, disable
     #       vpn_ecmp_support: "enable", # accepts enable, disable
     #       dns_support: "enable", # accepts enable, disable
+    #       security_group_referencing_support: "enable", # accepts enable, disable
     #       multicast_support: "enable", # accepts enable, disable
     #       transit_gateway_cidr_blocks: ["String"],
     #     },
@@ -12726,6 +12736,7 @@ module Aws::EC2
     #   resp.transit_gateway.options.propagation_default_route_table_id #=> String
     #   resp.transit_gateway.options.vpn_ecmp_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.multicast_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.tags #=> Array
     #   resp.transit_gateway.tags[0].key #=> String
@@ -13416,6 +13427,7 @@ module Aws::EC2
     #     subnet_ids: ["SubnetId"], # required
     #     options: {
     #       dns_support: "enable", # accepts enable, disable
+    #       security_group_referencing_support: "enable", # accepts enable, disable
     #       ipv_6_support: "enable", # accepts enable, disable
     #       appliance_mode_support: "enable", # accepts enable, disable
     #     },
@@ -13444,6 +13456,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
@@ -17735,6 +17748,7 @@ module Aws::EC2
     #   resp.transit_gateway.options.propagation_default_route_table_id #=> String
     #   resp.transit_gateway.options.vpn_ecmp_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.multicast_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.tags #=> Array
     #   resp.transit_gateway.tags[0].key #=> String
@@ -18206,6 +18220,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
@@ -31312,8 +31327,9 @@ module Aws::EC2
       req.send_request(options)
     end
 
-    # Describes the VPCs on the other side of a VPC peering connection that
-    # are referencing the security groups you've specified in this request.
+    # Describes the VPCs on the other side of a VPC peering connection or
+    # the VPCs attached to a transit gateway that are referencing the
+    # security groups you've specified in this request.
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -31363,6 +31379,7 @@ module Aws::EC2
     #   resp.security_group_reference_set[0].group_id #=> String
     #   resp.security_group_reference_set[0].referencing_vpc_id #=> String
     #   resp.security_group_reference_set[0].vpc_peering_connection_id #=> String
+    #   resp.security_group_reference_set[0].transit_gateway_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/DescribeSecurityGroupReferences AWS API Documentation
     #
@@ -33228,9 +33245,16 @@ module Aws::EC2
 
     # Describes the stale security group rules for security groups in a
     # specified VPC. Rules are stale when they reference a deleted security
-    # group in the same VPC or in a peer VPC, or if they reference a
-    # security group in a peer VPC for which the VPC peering connection has
-    # been deleted.
+    # group in the same VPC, peered VPC, or in separate VPCs attached to a
+    # transit gateway (with [security group referencing support][1]
+    # enabled). Rules can also be stale if they reference a security group
+    # in a peer VPC for which the VPC peering connection has been deleted or
+    # if they reference a security group in a VPC that has been detached
+    # from a transit gateway.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -34785,6 +34809,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachments[0].subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachments[0].creation_time #=> Time
     #   resp.transit_gateway_vpc_attachments[0].options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachments[0].options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachments[0].options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachments[0].options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachments[0].tags #=> Array
@@ -34900,6 +34925,7 @@ module Aws::EC2
     #   resp.transit_gateways[0].options.propagation_default_route_table_id #=> String
     #   resp.transit_gateways[0].options.vpn_ecmp_support #=> String, one of "enable", "disable"
     #   resp.transit_gateways[0].options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateways[0].options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateways[0].options.multicast_support #=> String, one of "enable", "disable"
     #   resp.transit_gateways[0].tags #=> Array
     #   resp.transit_gateways[0].tags[0].key #=> String
@@ -48979,6 +49005,7 @@ module Aws::EC2
     #       remove_transit_gateway_cidr_blocks: ["String"],
     #       vpn_ecmp_support: "enable", # accepts enable, disable
     #       dns_support: "enable", # accepts enable, disable
+    #       security_group_referencing_support: "enable", # accepts enable, disable
     #       auto_accept_shared_attachments: "enable", # accepts enable, disable
     #       default_route_table_association: "enable", # accepts enable, disable
     #       association_default_route_table_id: "TransitGatewayRouteTableId",
@@ -49007,6 +49034,7 @@ module Aws::EC2
     #   resp.transit_gateway.options.propagation_default_route_table_id #=> String
     #   resp.transit_gateway.options.vpn_ecmp_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.options.multicast_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway.tags #=> Array
     #   resp.transit_gateway.tags[0].key #=> String
@@ -49109,6 +49137,7 @@ module Aws::EC2
     #     remove_subnet_ids: ["SubnetId"],
     #     options: {
     #       dns_support: "enable", # accepts enable, disable
+    #       security_group_referencing_support: "enable", # accepts enable, disable
     #       ipv_6_support: "enable", # accepts enable, disable
     #       appliance_mode_support: "enable", # accepts enable, disable
     #     },
@@ -49126,6 +49155,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
@@ -52486,6 +52516,7 @@ module Aws::EC2
     #   resp.transit_gateway_vpc_attachment.subnet_ids[0] #=> String
     #   resp.transit_gateway_vpc_attachment.creation_time #=> Time
     #   resp.transit_gateway_vpc_attachment.options.dns_support #=> String, one of "enable", "disable"
+    #   resp.transit_gateway_vpc_attachment.options.security_group_referencing_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.ipv_6_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.options.appliance_mode_support #=> String, one of "enable", "disable"
     #   resp.transit_gateway_vpc_attachment.tags #=> Array
@@ -58573,7 +58604,7 @@ module Aws::EC2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.423.0'
+      context[:gem_version] = '1.424.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ec2/client_api.rb

@@ -2649,6 +2649,7 @@ module Aws::EC2
     SecurityGroupName = Shapes::StringShape.new(name: 'SecurityGroupName')
     SecurityGroupReference = Shapes::StructureShape.new(name: 'SecurityGroupReference')
     SecurityGroupReferences = Shapes::ListShape.new(name: 'SecurityGroupReferences')
+    SecurityGroupReferencingSupportValue = Shapes::StringShape.new(name: 'SecurityGroupReferencingSupportValue')
     SecurityGroupRule = Shapes::StructureShape.new(name: 'SecurityGroupRule')
     SecurityGroupRuleDescription = Shapes::StructureShape.new(name: 'SecurityGroupRuleDescription')
     SecurityGroupRuleDescriptionList = Shapes::ListShape.new(name: 'SecurityGroupRuleDescriptionList')
@@ -5291,6 +5292,7 @@ module Aws::EC2
     CreateTransitGatewayVpcAttachmentRequest.struct_class = Types::CreateTransitGatewayVpcAttachmentRequest
 
     CreateTransitGatewayVpcAttachmentRequestOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "DnsSupport"))
+    CreateTransitGatewayVpcAttachmentRequestOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "SecurityGroupReferencingSupport"))
     CreateTransitGatewayVpcAttachmentRequestOptions.add_member(:ipv_6_support, Shapes::ShapeRef.new(shape: Ipv6SupportValue, location_name: "Ipv6Support"))
     CreateTransitGatewayVpcAttachmentRequestOptions.add_member(:appliance_mode_support, Shapes::ShapeRef.new(shape: ApplianceModeSupportValue, location_name: "ApplianceModeSupport"))
     CreateTransitGatewayVpcAttachmentRequestOptions.struct_class = Types::CreateTransitGatewayVpcAttachmentRequestOptions
@@ -11648,6 +11650,7 @@ module Aws::EC2
     ModifyTransitGatewayOptions.add_member(:remove_transit_gateway_cidr_blocks, Shapes::ShapeRef.new(shape: TransitGatewayCidrBlockStringList, location_name: "RemoveTransitGatewayCidrBlocks"))
     ModifyTransitGatewayOptions.add_member(:vpn_ecmp_support, Shapes::ShapeRef.new(shape: VpnEcmpSupportValue, location_name: "VpnEcmpSupport"))
     ModifyTransitGatewayOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "DnsSupport"))
+    ModifyTransitGatewayOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "SecurityGroupReferencingSupport"))
     ModifyTransitGatewayOptions.add_member(:auto_accept_shared_attachments, Shapes::ShapeRef.new(shape: AutoAcceptSharedAttachmentsValue, location_name: "AutoAcceptSharedAttachments"))
     ModifyTransitGatewayOptions.add_member(:default_route_table_association, Shapes::ShapeRef.new(shape: DefaultRouteTableAssociationValue, location_name: "DefaultRouteTableAssociation"))
     ModifyTransitGatewayOptions.add_member(:association_default_route_table_id, Shapes::ShapeRef.new(shape: TransitGatewayRouteTableId, location_name: "AssociationDefaultRouteTableId"))
@@ -11683,6 +11686,7 @@ module Aws::EC2
     ModifyTransitGatewayVpcAttachmentRequest.struct_class = Types::ModifyTransitGatewayVpcAttachmentRequest
 
     ModifyTransitGatewayVpcAttachmentRequestOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "DnsSupport"))
+    ModifyTransitGatewayVpcAttachmentRequestOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "SecurityGroupReferencingSupport"))
     ModifyTransitGatewayVpcAttachmentRequestOptions.add_member(:ipv_6_support, Shapes::ShapeRef.new(shape: Ipv6SupportValue, location_name: "Ipv6Support"))
     ModifyTransitGatewayVpcAttachmentRequestOptions.add_member(:appliance_mode_support, Shapes::ShapeRef.new(shape: ApplianceModeSupportValue, location_name: "ApplianceModeSupport"))
     ModifyTransitGatewayVpcAttachmentRequestOptions.struct_class = Types::ModifyTransitGatewayVpcAttachmentRequestOptions
@@ -13747,6 +13751,7 @@ module Aws::EC2
     SecurityGroupReference.add_member(:group_id, Shapes::ShapeRef.new(shape: String, location_name: "groupId"))
     SecurityGroupReference.add_member(:referencing_vpc_id, Shapes::ShapeRef.new(shape: String, location_name: "referencingVpcId"))
     SecurityGroupReference.add_member(:vpc_peering_connection_id, Shapes::ShapeRef.new(shape: String, location_name: "vpcPeeringConnectionId"))
+    SecurityGroupReference.add_member(:transit_gateway_id, Shapes::ShapeRef.new(shape: String, location_name: "transitGatewayId"))
     SecurityGroupReference.struct_class = Types::SecurityGroupReference
 
     SecurityGroupReferences.member = Shapes::ShapeRef.new(shape: SecurityGroupReference, location_name: "item")
@@ -14644,6 +14649,7 @@ module Aws::EC2
     TransitGatewayOptions.add_member(:propagation_default_route_table_id, Shapes::ShapeRef.new(shape: String, location_name: "propagationDefaultRouteTableId"))
     TransitGatewayOptions.add_member(:vpn_ecmp_support, Shapes::ShapeRef.new(shape: VpnEcmpSupportValue, location_name: "vpnEcmpSupport"))
     TransitGatewayOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "dnsSupport"))
+    TransitGatewayOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "securityGroupReferencingSupport"))
     TransitGatewayOptions.add_member(:multicast_support, Shapes::ShapeRef.new(shape: MulticastSupportValue, location_name: "multicastSupport"))
     TransitGatewayOptions.struct_class = Types::TransitGatewayOptions
 
@@ -14731,6 +14737,7 @@ module Aws::EC2
     TransitGatewayRequestOptions.add_member(:default_route_table_propagation, Shapes::ShapeRef.new(shape: DefaultRouteTablePropagationValue, location_name: "DefaultRouteTablePropagation"))
     TransitGatewayRequestOptions.add_member(:vpn_ecmp_support, Shapes::ShapeRef.new(shape: VpnEcmpSupportValue, location_name: "VpnEcmpSupport"))
     TransitGatewayRequestOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "DnsSupport"))
+    TransitGatewayRequestOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "SecurityGroupReferencingSupport"))
     TransitGatewayRequestOptions.add_member(:multicast_support, Shapes::ShapeRef.new(shape: MulticastSupportValue, location_name: "MulticastSupport"))
     TransitGatewayRequestOptions.add_member(:transit_gateway_cidr_blocks, Shapes::ShapeRef.new(shape: TransitGatewayCidrBlockStringList, location_name: "TransitGatewayCidrBlocks"))
     TransitGatewayRequestOptions.struct_class = Types::TransitGatewayRequestOptions
@@ -14824,6 +14831,7 @@ module Aws::EC2
     TransitGatewayVpcAttachmentList.member = Shapes::ShapeRef.new(shape: TransitGatewayVpcAttachment, location_name: "item")
 
     TransitGatewayVpcAttachmentOptions.add_member(:dns_support, Shapes::ShapeRef.new(shape: DnsSupportValue, location_name: "dnsSupport"))
+    TransitGatewayVpcAttachmentOptions.add_member(:security_group_referencing_support, Shapes::ShapeRef.new(shape: SecurityGroupReferencingSupportValue, location_name: "securityGroupReferencingSupport"))
     TransitGatewayVpcAttachmentOptions.add_member(:ipv_6_support, Shapes::ShapeRef.new(shape: Ipv6SupportValue, location_name: "ipv6Support"))
     TransitGatewayVpcAttachmentOptions.add_member(:appliance_mode_support, Shapes::ShapeRef.new(shape: ApplianceModeSupportValue, location_name: "applianceModeSupport"))
     TransitGatewayVpcAttachmentOptions.struct_class = Types::TransitGatewayVpcAttachmentOptions

data/lib/aws-sdk-ec2/types.rb

@@ -11760,6 +11760,29 @@ module Aws::EC2
     #   Enable or disable DNS support. The default is `enable`.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   Enables you to reference a security group across VPCs attached to a
+    #   transit gateway (TGW). Use this option to simplify security group
+    #   management and control of instance-to-instance traffic across VPCs
+    #   that are connected by transit gateway. You can also use this option
+    #   to migrate from VPC peering (which was the only option that
+    #   supported security group referencing) to transit gateways (which now
+    #   also support security group referencing). This option is disabled by
+    #   default and there are no additional costs to use this feature.
+    #
+    #   If you don't enable or disable SecurityGroupReferencingSupport in
+    #   the request, the attachment will inherit the security group
+    #   referencing support setting on the transit gateway.
+    #
+    #   For important information about this feature, see [Create a transit
+    #   gateway attachment to a VPC][1] in the *Amazon Web Services Transit
+    #   Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment
+    #   @return [String]
+    #
     # @!attribute [rw] ipv_6_support
     #   Enable or disable IPv6 support. The default is `disable`.
     #   @return [String]
@@ -11775,6 +11798,7 @@ module Aws::EC2
     #
     class CreateTransitGatewayVpcAttachmentRequestOptions < Struct.new(
       :dns_support,
+      :security_group_referencing_support,
       :ipv_6_support,
       :appliance_mode_support)
       SENSITIVE = []
@@ -48691,6 +48715,24 @@ module Aws::EC2
     #   Enable or disable DNS support.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   Enables you to reference a security group across VPCs attached to a
+    #   transit gateway (TGW). Use this option to simplify security group
+    #   management and control of instance-to-instance traffic across VPCs
+    #   that are connected by transit gateway. You can also use this option
+    #   to migrate from VPC peering (which was the only option that
+    #   supported security group referencing) to transit gateways (which now
+    #   also support security group referencing). This option is disabled by
+    #   default and there are no additional costs to use this feature.
+    #
+    #   For important information about this feature, see [Create a transit
+    #   gateway][1] in the *Amazon Web Services Transit Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw
+    #   @return [String]
+    #
     # @!attribute [rw] auto_accept_shared_attachments
     #   Enable or disable automatic acceptance of attachment requests.
     #   @return [String]
@@ -48731,6 +48773,7 @@ module Aws::EC2
       :remove_transit_gateway_cidr_blocks,
       :vpn_ecmp_support,
       :dns_support,
+      :security_group_referencing_support,
       :auto_accept_shared_attachments,
       :default_route_table_association,
       :association_default_route_table_id,
@@ -48872,6 +48915,25 @@ module Aws::EC2
     #   Enable or disable DNS support. The default is `enable`.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   Enables you to reference a security group across VPCs attached to a
+    #   transit gateway (TGW). Use this option to simplify security group
+    #   management and control of instance-to-instance traffic across VPCs
+    #   that are connected by transit gateway. You can also use this option
+    #   to migrate from VPC peering (which was the only option that
+    #   supported security group referencing) to transit gateways (which now
+    #   also support security group referencing). This option is disabled by
+    #   default and there are no additional costs to use this feature.
+    #
+    #   For important information about this feature, see [Create a transit
+    #   gateway attachment to a VPC][1] in the *Amazon Web Services Transit
+    #   Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment
+    #   @return [String]
+    #
     # @!attribute [rw] ipv_6_support
     #   Enable or disable IPv6 support. The default is `enable`.
     #   @return [String]
@@ -48887,6 +48949,7 @@ module Aws::EC2
     #
     class ModifyTransitGatewayVpcAttachmentRequestOptions < Struct.new(
       :dns_support,
+      :security_group_referencing_support,
       :ipv_6_support,
       :appliance_mode_support)
       SENSITIVE = []
@@ -54035,7 +54098,7 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] vpc_peering_connection_id
-    #   The ID of the VPC peering connection.
+    #   The ID of the VPC peering connection (if applicable).
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ReferencedSecurityGroup AWS API Documentation
@@ -59465,7 +59528,25 @@ module Aws::EC2
     #   @return [String]
     #
     # @!attribute [rw] vpc_peering_connection_id
-    #   The ID of the VPC peering connection.
+    #   The ID of the VPC peering connection (if applicable). For more
+    #   information about security group referencing for peering
+    #   connections, see [Update your security groups to reference peer
+    #   security groups][1] in the *VPC Peering Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/peering/vpc-peering-security-groups.html
+    #   @return [String]
+    #
+    # @!attribute [rw] transit_gateway_id
+    #   The ID of the transit gateway (if applicable). For more information
+    #   about security group referencing for transit gateways, see [Create a
+    #   transit gateway attachment to a VPC][1] in the *Amazon Web Services
+    #   Transit Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/tgw/tgw-vpc-attachments.html#create-vpc-attachment
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/SecurityGroupReference AWS API Documentation
@@ -59473,7 +59554,8 @@ module Aws::EC2
     class SecurityGroupReference < Struct.new(
       :group_id,
       :referencing_vpc_id,
-      :vpc_peering_connection_id)
+      :vpc_peering_connection_id,
+      :transit_gateway_id)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -64108,6 +64190,24 @@ module Aws::EC2
     #   Indicates whether DNS support is enabled.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   Enables you to reference a security group across VPCs attached to a
+    #   transit gateway (TGW). Use this option to simplify security group
+    #   management and control of instance-to-instance traffic across VPCs
+    #   that are connected by transit gateway. You can also use this option
+    #   to migrate from VPC peering (which was the only option that
+    #   supported security group referencing) to transit gateways (which now
+    #   also support security group referencing). This option is disabled by
+    #   default and there are no additional costs to use this feature.
+    #
+    #   For important information about this feature, see [Create a transit
+    #   gateway][1] in the *Amazon Web Services Transit Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw
+    #   @return [String]
+    #
     # @!attribute [rw] multicast_support
     #   Indicates whether multicast is enabled on the transit gateway
     #   @return [String]
@@ -64124,6 +64224,7 @@ module Aws::EC2
       :propagation_default_route_table_id,
       :vpn_ecmp_support,
       :dns_support,
+      :security_group_referencing_support,
       :multicast_support)
       SENSITIVE = []
       include Aws::Structure
@@ -64489,6 +64590,24 @@ module Aws::EC2
     #   Enable or disable DNS support. Enabled by default.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   Enables you to reference a security group across VPCs attached to a
+    #   transit gateway (TGW). Use this option to simplify security group
+    #   management and control of instance-to-instance traffic across VPCs
+    #   that are connected by transit gateway. You can also use this option
+    #   to migrate from VPC peering (which was the only option that
+    #   supported security group referencing) to transit gateways (which now
+    #   also support security group referencing). This option is disabled by
+    #   default and there are no additional costs to use this feature.
+    #
+    #   For important information about this feature, see [Create a transit
+    #   gateway][1] in the *Amazon Web Services Transit Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw
+    #   @return [String]
+    #
     # @!attribute [rw] multicast_support
     #   Indicates whether multicast is enabled on the transit gateway
     #   @return [String]
@@ -64508,6 +64627,7 @@ module Aws::EC2
       :default_route_table_propagation,
       :vpn_ecmp_support,
       :dns_support,
+      :security_group_referencing_support,
       :multicast_support,
       :transit_gateway_cidr_blocks)
       SENSITIVE = []
@@ -64865,6 +64985,16 @@ module Aws::EC2
     #   Indicates whether DNS support is enabled.
     #   @return [String]
     #
+    # @!attribute [rw] security_group_referencing_support
+    #   For important information about this feature, see [Create a transit
+    #   gateway attachment to a VPC][1] in the *Amazon Web Services Transit
+    #   Gateway Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/vpc/latest/tgw/tgw-vpc-attachments.html#create-vpc-attachment
+    #   @return [String]
+    #
     # @!attribute [rw] ipv_6_support
     #   Indicates whether IPv6 support is disabled.
     #   @return [String]
@@ -64877,6 +65007,7 @@ module Aws::EC2
     #
     class TransitGatewayVpcAttachmentOptions < Struct.new(
       :dns_support,
+      :security_group_referencing_support,
       :ipv_6_support,
       :appliance_mode_support)
       SENSITIVE = []

data/lib/aws-sdk-ec2.rb

@@ -76,6 +76,6 @@ require_relative 'aws-sdk-ec2/customizations'
 # @!group service
 module Aws::EC2
 
-  GEM_VERSION = '1.423.0'
+  GEM_VERSION = '1.424.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ec2
 version: !ruby/object:Gem::Version
-  version: 1.423.0
+  version: 1.424.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-11-17 00:00:00.000000000 Z
+date: 2023-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sigv4