aws-sdk-ec2 1.515.0 → 1.516.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: de46ca220d828f5239116c6d36d7466c3c261738fbbfc8f3d00d92499f084a0e
-  data.tar.gz: beec2063bd89096186bacae72e58bda919f188b1995235dd204af3d861f0e4fc
+  metadata.gz: 668a55cb6c253c445bc938e04fabc6e18b9d1e5e886451a6c038f91a52eebc74
+  data.tar.gz: a9b6b9f89cc21726efd63f940b3e3f1c9f5354c76a91f04d39c6481b18b91a57
 SHA512:
-  metadata.gz: a188c8e976bcace4528f129e648f609e5e314ba558f50c62b2d538961c8f629417ad3b29bec87fa850e7b7e654ca727d581bdd07756f46d99a457a3ee50a5568
-  data.tar.gz: 26cb5af33e35bacde7562f2460e4111aea40fcd7d1aec7fe6384e433a0a14390bb9e86b6fb4c4cad4207b8d59b32451f15d86fe469eaf9bbad47fd2805366b80
+  metadata.gz: 4fd3ab1d73e8121d66b5ca69606eb542556a4389fcc22de99a4096a539bb51681bd234f6f041728b7e5ea0cbeb45921be1e84d9d556cb3a3f767a510ec7be9e4
+  data.tar.gz: f86d2cd04454ce525d0d99d518e40fdb2fd1477dcd81d9db4df89bb5714b0c1eafbb5a68860bd3368ce3281ec41b8416a2729e76dfc403a66ec66273868e92c7

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.516.0 (2025-04-22)
+------------------
+
+* Feature - Added support for  ClientRouteEnforcementOptions flag in CreateClientVpnEndpoint and ModifyClientVpnEndpoint requests and DescribeClientVpnEndpoints responses
+
 1.515.0 (2025-04-04)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.515.0
+1.516.0

data/lib/aws-sdk-ec2/client.rb

@@ -6090,6 +6090,19 @@ module Aws::EC2
     #   on Amazon Web Services provided clients when a VPN session is
     #   established.
     #
+    # @option params [Types::ClientRouteEnforcementOptions] :client_route_enforcement_options
+    #   Client route enforcement is a feature of the Client VPN service that
+    #   helps enforce administrator defined routes on devices connected
+    #   through the VPN. T his feature helps improve your security posture by
+    #   ensuring that network traffic originating from a connected client is
+    #   not inadvertently sent outside the VPN tunnel.
+    #
+    #   Client route enforcement works by monitoring the route table of a
+    #   connected device for routing policy changes to the VPN connection. If
+    #   the feature detects any VPN routing policy modifications, it will
+    #   automatically force an update to the route table, reverting it back to
+    #   the expected route configurations.
+    #
     # @option params [Boolean] :disconnect_on_session_timeout
     #   Indicates whether the client VPN session is disconnected after the
     #   maximum timeout specified in `SessionTimeoutHours` is reached. If
@@ -6157,6 +6170,9 @@ module Aws::EC2
     #       enabled: false,
     #       banner_text: "String",
     #     },
+    #     client_route_enforcement_options: {
+    #       enforced: false,
+    #     },
     #     disconnect_on_session_timeout: false,
     #   })
     #
@@ -21578,7 +21594,7 @@ module Aws::EC2
     #   resp.addresses[0].customer_owned_ip #=> String
     #   resp.addresses[0].customer_owned_ipv_4_pool #=> String
     #   resp.addresses[0].carrier_ip #=> String
-    #   resp.addresses[0].service_managed #=> String, one of "alb", "nlb"
+    #   resp.addresses[0].service_managed #=> String, one of "alb", "nlb", "rnat"
     #   resp.addresses[0].instance_id #=> String
     #   resp.addresses[0].public_ip #=> String
     #
@@ -23155,6 +23171,7 @@ module Aws::EC2
     #   resp.client_vpn_endpoints[0].session_timeout_hours #=> Integer
     #   resp.client_vpn_endpoints[0].client_login_banner_options.enabled #=> Boolean
     #   resp.client_vpn_endpoints[0].client_login_banner_options.banner_text #=> String
+    #   resp.client_vpn_endpoints[0].client_route_enforcement_options.enforced #=> Boolean
     #   resp.client_vpn_endpoints[0].disconnect_on_session_timeout #=> Boolean
     #   resp.next_token #=> String
     #
@@ -40298,7 +40315,8 @@ module Aws::EC2
     end
 
     # Describes the principals (service consumers) that are permitted to
-    # discover your VPC endpoint service.
+    # discover your VPC endpoint service. Principal ARNs with path
+    # components aren't supported.
     #
     # @option params [Boolean] :dry_run
     #   Checks whether you have the required permissions for the action,
@@ -50482,6 +50500,19 @@ module Aws::EC2
     #   on Amazon Web Services provided clients when a VPN session is
     #   established.
     #
+    # @option params [Types::ClientRouteEnforcementOptions] :client_route_enforcement_options
+    #   Client route enforcement is a feature of the Client VPN service that
+    #   helps enforce administrator defined routes on devices connected
+    #   through the VPN. T his feature helps improve your security posture by
+    #   ensuring that network traffic originating from a connected client is
+    #   not inadvertently sent outside the VPN tunnel.
+    #
+    #   Client route enforcement works by monitoring the route table of a
+    #   connected device for routing policy changes to the VPN connection. If
+    #   the feature detects any VPN routing policy modifications, it will
+    #   automatically force an update to the route table, reverting it back to
+    #   the expected route configurations.
+    #
     # @option params [Boolean] :disconnect_on_session_timeout
     #   Indicates whether the client VPN session is disconnected after the
     #   maximum timeout specified in `sessionTimeoutHours` is reached. If
@@ -50522,6 +50553,9 @@ module Aws::EC2
     #       enabled: false,
     #       banner_text: "String",
     #     },
+    #     client_route_enforcement_options: {
+    #       enforced: false,
+    #     },
     #     disconnect_on_session_timeout: false,
     #   })
     #
@@ -55923,6 +55957,7 @@ module Aws::EC2
     # Modifies the permissions for your VPC endpoint service. You can add or
     # remove permissions for service consumers (Amazon Web Services
     # accounts, users, and IAM roles) to connect to your endpoint service.
+    # Principal ARNs with path components aren't supported.
     #
     # If you grant permissions to all principals, the service is public. Any
     # users who know the name of a public service can send a request to
@@ -64739,7 +64774,7 @@ module Aws::EC2
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-ec2'
-      context[:gem_version] = '1.515.0'
+      context[:gem_version] = '1.516.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-ec2/client_api.rb

@@ -367,6 +367,8 @@ module Aws::EC2
     ClientData = Shapes::StructureShape.new(name: 'ClientData')
     ClientLoginBannerOptions = Shapes::StructureShape.new(name: 'ClientLoginBannerOptions')
     ClientLoginBannerResponseOptions = Shapes::StructureShape.new(name: 'ClientLoginBannerResponseOptions')
+    ClientRouteEnforcementOptions = Shapes::StructureShape.new(name: 'ClientRouteEnforcementOptions')
+    ClientRouteEnforcementResponseOptions = Shapes::StructureShape.new(name: 'ClientRouteEnforcementResponseOptions')
     ClientSecretType = Shapes::StringShape.new(name: 'ClientSecretType')
     ClientVpnAuthentication = Shapes::StructureShape.new(name: 'ClientVpnAuthentication')
     ClientVpnAuthenticationList = Shapes::ListShape.new(name: 'ClientVpnAuthenticationList')
@@ -4695,6 +4697,12 @@ module Aws::EC2
     ClientLoginBannerResponseOptions.add_member(:banner_text, Shapes::ShapeRef.new(shape: String, location_name: "bannerText"))
     ClientLoginBannerResponseOptions.struct_class = Types::ClientLoginBannerResponseOptions
 
+    ClientRouteEnforcementOptions.add_member(:enforced, Shapes::ShapeRef.new(shape: Boolean, location_name: "Enforced"))
+    ClientRouteEnforcementOptions.struct_class = Types::ClientRouteEnforcementOptions
+
+    ClientRouteEnforcementResponseOptions.add_member(:enforced, Shapes::ShapeRef.new(shape: Boolean, location_name: "enforced"))
+    ClientRouteEnforcementResponseOptions.struct_class = Types::ClientRouteEnforcementResponseOptions
+
     ClientVpnAuthentication.add_member(:type, Shapes::ShapeRef.new(shape: ClientVpnAuthenticationType, location_name: "type"))
     ClientVpnAuthentication.add_member(:active_directory, Shapes::ShapeRef.new(shape: DirectoryServiceAuthentication, location_name: "activeDirectory"))
     ClientVpnAuthentication.add_member(:mutual_authentication, Shapes::ShapeRef.new(shape: CertificateAuthentication, location_name: "mutualAuthentication"))
@@ -4760,6 +4768,7 @@ module Aws::EC2
     ClientVpnEndpoint.add_member(:client_connect_options, Shapes::ShapeRef.new(shape: ClientConnectResponseOptions, location_name: "clientConnectOptions"))
     ClientVpnEndpoint.add_member(:session_timeout_hours, Shapes::ShapeRef.new(shape: Integer, location_name: "sessionTimeoutHours"))
     ClientVpnEndpoint.add_member(:client_login_banner_options, Shapes::ShapeRef.new(shape: ClientLoginBannerResponseOptions, location_name: "clientLoginBannerOptions"))
+    ClientVpnEndpoint.add_member(:client_route_enforcement_options, Shapes::ShapeRef.new(shape: ClientRouteEnforcementResponseOptions, location_name: "clientRouteEnforcementOptions"))
     ClientVpnEndpoint.add_member(:disconnect_on_session_timeout, Shapes::ShapeRef.new(shape: Boolean, location_name: "disconnectOnSessionTimeout"))
     ClientVpnEndpoint.struct_class = Types::ClientVpnEndpoint
 
@@ -5040,6 +5049,7 @@ module Aws::EC2
     CreateClientVpnEndpointRequest.add_member(:client_connect_options, Shapes::ShapeRef.new(shape: ClientConnectOptions, location_name: "ClientConnectOptions"))
     CreateClientVpnEndpointRequest.add_member(:session_timeout_hours, Shapes::ShapeRef.new(shape: Integer, location_name: "SessionTimeoutHours"))
     CreateClientVpnEndpointRequest.add_member(:client_login_banner_options, Shapes::ShapeRef.new(shape: ClientLoginBannerOptions, location_name: "ClientLoginBannerOptions"))
+    CreateClientVpnEndpointRequest.add_member(:client_route_enforcement_options, Shapes::ShapeRef.new(shape: ClientRouteEnforcementOptions, location_name: "ClientRouteEnforcementOptions"))
     CreateClientVpnEndpointRequest.add_member(:disconnect_on_session_timeout, Shapes::ShapeRef.new(shape: Boolean, location_name: "DisconnectOnSessionTimeout"))
     CreateClientVpnEndpointRequest.struct_class = Types::CreateClientVpnEndpointRequest
 
@@ -12441,6 +12451,7 @@ module Aws::EC2
     ModifyClientVpnEndpointRequest.add_member(:client_connect_options, Shapes::ShapeRef.new(shape: ClientConnectOptions, location_name: "ClientConnectOptions"))
     ModifyClientVpnEndpointRequest.add_member(:session_timeout_hours, Shapes::ShapeRef.new(shape: Integer, location_name: "SessionTimeoutHours"))
     ModifyClientVpnEndpointRequest.add_member(:client_login_banner_options, Shapes::ShapeRef.new(shape: ClientLoginBannerOptions, location_name: "ClientLoginBannerOptions"))
+    ModifyClientVpnEndpointRequest.add_member(:client_route_enforcement_options, Shapes::ShapeRef.new(shape: ClientRouteEnforcementOptions, location_name: "ClientRouteEnforcementOptions"))
     ModifyClientVpnEndpointRequest.add_member(:disconnect_on_session_timeout, Shapes::ShapeRef.new(shape: Boolean, location_name: "DisconnectOnSessionTimeout"))
     ModifyClientVpnEndpointRequest.struct_class = Types::ModifyClientVpnEndpointRequest
 

data/lib/aws-sdk-ec2/types.rb

@@ -6092,6 +6092,53 @@ module Aws::EC2
       include Aws::Structure
     end
 
+    # Client route enforcement is a feature of the Client VPN service that
+    # helps enforce administrator defined routes on devices connected
+    # through the VPN. T his feature helps improve your security posture by
+    # ensuring that network traffic originating from a connected client is
+    # not inadvertently sent outside the VPN tunnel.
+    #
+    # Client route enforcement works by monitoring the route table of a
+    # connected device for routing policy changes to the VPN connection. If
+    # the feature detects any VPN routing policy modifications, it will
+    # automatically force an update to the route table, reverting it back to
+    # the expected route configurations.
+    #
+    # @!attribute [rw] enforced
+    #   Enable or disable the client route enforcement feature.
+    #
+    #   Valid values: `true | false`
+    #
+    #   Default value: `false`
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClientRouteEnforcementOptions AWS API Documentation
+    #
+    class ClientRouteEnforcementOptions < Struct.new(
+      :enforced)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # The current status of client route enforcement. The state will either
+    # be `true` (enabled) or `false` (disabled).
+    #
+    # @!attribute [rw] enforced
+    #   Status of the client route enforcement feature.
+    #
+    #   Valid values: `true | false`
+    #
+    #   Default value: `false`
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ClientRouteEnforcementResponseOptions AWS API Documentation
+    #
+    class ClientRouteEnforcementResponseOptions < Struct.new(
+      :enforced)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Describes the authentication methods used by a Client VPN endpoint.
     # For more information, see [Authentication][1] in the *Client VPN
     # Administrator Guide*.
@@ -6404,6 +6451,20 @@ module Aws::EC2
     #   is established.
     #   @return [Types::ClientLoginBannerResponseOptions]
     #
+    # @!attribute [rw] client_route_enforcement_options
+    #   Client route enforcement is a feature of the Client VPN service that
+    #   helps enforce administrator defined routes on devices connected
+    #   through the VPN. T his feature helps improve your security posture
+    #   by ensuring that network traffic originating from a connected client
+    #   is not inadvertently sent outside the VPN tunnel.
+    #
+    #   Client route enforcement works by monitoring the route table of a
+    #   connected device for routing policy changes to the VPN connection.
+    #   If the feature detects any VPN routing policy modifications, it will
+    #   automatically force an update to the route table, reverting it back
+    #   to the expected route configurations.
+    #   @return [Types::ClientRouteEnforcementResponseOptions]
+    #
     # @!attribute [rw] disconnect_on_session_timeout
     #   Indicates whether the client VPN session is disconnected after the
     #   maximum `sessionTimeoutHours` is reached. If `true`, users are
@@ -6437,6 +6498,7 @@ module Aws::EC2
       :client_connect_options,
       :session_timeout_hours,
       :client_login_banner_options,
+      :client_route_enforcement_options,
       :disconnect_on_session_timeout)
       SENSITIVE = []
       include Aws::Structure
@@ -8253,6 +8315,20 @@ module Aws::EC2
     #   is established.
     #   @return [Types::ClientLoginBannerOptions]
     #
+    # @!attribute [rw] client_route_enforcement_options
+    #   Client route enforcement is a feature of the Client VPN service that
+    #   helps enforce administrator defined routes on devices connected
+    #   through the VPN. T his feature helps improve your security posture
+    #   by ensuring that network traffic originating from a connected client
+    #   is not inadvertently sent outside the VPN tunnel.
+    #
+    #   Client route enforcement works by monitoring the route table of a
+    #   connected device for routing policy changes to the VPN connection.
+    #   If the feature detects any VPN routing policy modifications, it will
+    #   automatically force an update to the route table, reverting it back
+    #   to the expected route configurations.
+    #   @return [Types::ClientRouteEnforcementOptions]
+    #
     # @!attribute [rw] disconnect_on_session_timeout
     #   Indicates whether the client VPN session is disconnected after the
     #   maximum timeout specified in `SessionTimeoutHours` is reached. If
@@ -8282,6 +8358,7 @@ module Aws::EC2
       :client_connect_options,
       :session_timeout_hours,
       :client_login_banner_options,
+      :client_route_enforcement_options,
       :disconnect_on_session_timeout)
       SENSITIVE = []
       include Aws::Structure
@@ -51885,6 +51962,20 @@ module Aws::EC2
     #   is established.
     #   @return [Types::ClientLoginBannerOptions]
     #
+    # @!attribute [rw] client_route_enforcement_options
+    #   Client route enforcement is a feature of the Client VPN service that
+    #   helps enforce administrator defined routes on devices connected
+    #   through the VPN. T his feature helps improve your security posture
+    #   by ensuring that network traffic originating from a connected client
+    #   is not inadvertently sent outside the VPN tunnel.
+    #
+    #   Client route enforcement works by monitoring the route table of a
+    #   connected device for routing policy changes to the VPN connection.
+    #   If the feature detects any VPN routing policy modifications, it will
+    #   automatically force an update to the route table, reverting it back
+    #   to the expected route configurations.
+    #   @return [Types::ClientRouteEnforcementOptions]
+    #
     # @!attribute [rw] disconnect_on_session_timeout
     #   Indicates whether the client VPN session is disconnected after the
     #   maximum timeout specified in `sessionTimeoutHours` is reached. If
@@ -51910,6 +52001,7 @@ module Aws::EC2
       :client_connect_options,
       :session_timeout_hours,
       :client_login_banner_options,
+      :client_route_enforcement_options,
       :disconnect_on_session_timeout)
       SENSITIVE = []
       include Aws::Structure
@@ -71708,7 +71800,10 @@ module Aws::EC2
     #
     # @!attribute [rw] default_route_table_association
     #   Indicates whether resource attachments are automatically associated
-    #   with the default association route table.
+    #   with the default association route table. Enabled by default. If
+    #   `defaultRouteTableAssociation` is set to `enable`, Amazon Web
+    #   Services Transit Gateway will create the default transit gateway
+    #   route table.
     #   @return [String]
     #
     # @!attribute [rw] association_default_route_table_id
@@ -71717,7 +71812,10 @@ module Aws::EC2
     #
     # @!attribute [rw] default_route_table_propagation
     #   Indicates whether resource attachments automatically propagate
-    #   routes to the default propagation route table.
+    #   routes to the default propagation route table. Enabled by default.
+    #   If `defaultRouteTablePropagation` is set to `enable`, Amazon Web
+    #   Services Transit Gateway will create the default transit gateway
+    #   route table.
     #   @return [String]
     #
     # @!attribute [rw] propagation_default_route_table_id

data/lib/aws-sdk-ec2.rb

@@ -78,7 +78,7 @@ module Aws::EC2
   autoload :VpcPeeringConnection, 'aws-sdk-ec2/vpc_peering_connection'
   autoload :VpcAddress, 'aws-sdk-ec2/vpc_address'
 
-  GEM_VERSION = '1.515.0'
+  GEM_VERSION = '1.516.0'
 
 end
 

data/sig/classic_address.rbs

@@ -54,7 +54,7 @@ module Aws
       def carrier_ip: () -> ::String
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/ClassicAddress.html#service_managed-instance_method
-      def service_managed: () -> ("alb" | "nlb")
+      def service_managed: () -> ("alb" | "nlb" | "rnat")
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/ClassicAddress.html#instance_id-instance_method
       def instance_id: () -> ::String

data/sig/client.rbs

@@ -1273,6 +1273,9 @@ module Aws
                                           enabled: bool?,
                                           banner_text: ::String?
                                         },
+                                        ?client_route_enforcement_options: {
+                                          enforced: bool?
+                                        },
                                         ?disconnect_on_session_timeout: bool
                                       ) -> _CreateClientVpnEndpointResponseSuccess
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateClientVpnEndpointResponseSuccess
@@ -10594,6 +10597,9 @@ module Aws
                                           enabled: bool?,
                                           banner_text: ::String?
                                         },
+                                        ?client_route_enforcement_options: {
+                                          enforced: bool?
+                                        },
                                         ?disconnect_on_session_timeout: bool
                                       ) -> _ModifyClientVpnEndpointResponseSuccess
                                     | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ModifyClientVpnEndpointResponseSuccess

data/sig/types.rbs

@@ -215,7 +215,7 @@ module Aws::EC2
       attr_accessor customer_owned_ip: ::String
       attr_accessor customer_owned_ipv_4_pool: ::String
       attr_accessor carrier_ip: ::String
-      attr_accessor service_managed: ("alb" | "nlb")
+      attr_accessor service_managed: ("alb" | "nlb" | "rnat")
       attr_accessor instance_id: ::String
       attr_accessor public_ip: ::String
       SENSITIVE: []
@@ -1458,6 +1458,16 @@ module Aws::EC2
       SENSITIVE: []
     end
 
+    class ClientRouteEnforcementOptions
+      attr_accessor enforced: bool
+      SENSITIVE: []
+    end
+
+    class ClientRouteEnforcementResponseOptions
+      attr_accessor enforced: bool
+      SENSITIVE: []
+    end
+
     class ClientVpnAuthentication
       attr_accessor type: ("certificate-authentication" | "directory-service-authentication" | "federated-authentication")
       attr_accessor active_directory: Types::DirectoryServiceAuthentication
@@ -1528,6 +1538,7 @@ module Aws::EC2
       attr_accessor client_connect_options: Types::ClientConnectResponseOptions
       attr_accessor session_timeout_hours: ::Integer
       attr_accessor client_login_banner_options: Types::ClientLoginBannerResponseOptions
+      attr_accessor client_route_enforcement_options: Types::ClientRouteEnforcementResponseOptions
       attr_accessor disconnect_on_session_timeout: bool
       SENSITIVE: []
     end
@@ -1862,6 +1873,7 @@ module Aws::EC2
       attr_accessor client_connect_options: Types::ClientConnectOptions
       attr_accessor session_timeout_hours: ::Integer
       attr_accessor client_login_banner_options: Types::ClientLoginBannerOptions
+      attr_accessor client_route_enforcement_options: Types::ClientRouteEnforcementOptions
       attr_accessor disconnect_on_session_timeout: bool
       SENSITIVE: []
     end
@@ -11264,6 +11276,7 @@ module Aws::EC2
       attr_accessor client_connect_options: Types::ClientConnectOptions
       attr_accessor session_timeout_hours: ::Integer
       attr_accessor client_login_banner_options: Types::ClientLoginBannerOptions
+      attr_accessor client_route_enforcement_options: Types::ClientRouteEnforcementOptions
       attr_accessor disconnect_on_session_timeout: bool
       SENSITIVE: []
     end

data/sig/vpc_address.rbs

@@ -51,7 +51,7 @@ module Aws
       def carrier_ip: () -> ::String
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/VpcAddress.html#service_managed-instance_method
-      def service_managed: () -> ("alb" | "nlb")
+      def service_managed: () -> ("alb" | "nlb" | "rnat")
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/EC2/VpcAddress.html#instance_id-instance_method
       def instance_id: () -> ::String

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-ec2
 version: !ruby/object:Gem::Version
-  version: 1.515.0
+  version: 1.516.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-04-04 00:00:00.000000000 Z
+date: 2025-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core