aws-sdk-firehose 1.23.0 → 1.24.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: b93c8ef6587ad17d0422c4b02a0a6892390444ad
-  data.tar.gz: 57b5878899010b16d8b8fbff6b30e9b461d4e68c
+  metadata.gz: 1ce4d2633d82f381e0e50865cc188f7ad3ddb385
+  data.tar.gz: 99e97f5764c7efe3e2986af5b25f644432168a1e
 SHA512:
-  metadata.gz: e8d831801e5ea5ede0bc3b4620b91db80664b90b1d35847b1a1d8c5284ccb2da328fbce5d12bea34ef17e4f9b410baa2af110d689c4f2f23fb37e1838d574e62
-  data.tar.gz: e519f1e609b0a74c6cf74e6da8e5da222ea9e4f4b1be61d2af91d888db71023421deb833cc90cf7b82b60e5789771974027213bb07d7f003da424b759f4964f0
+  metadata.gz: c63ff9b66687b3fd6e9ecd9cd3c2ea8c29dcc73caec18ef89cf648c29c0e1cf7e6a7d5770c3e883aed7e3ac2188bd72db041e77301ab47e80d8b703c5d839682
+  data.tar.gz: 001f15af1a8aa9a1f848dc28602b25b5d8424c015de362b6cc5503a27ee7117886f44cc55fa21ee491be7b20026f9416dc8fe345062b323e1043e69620e571cd

data/lib/aws-sdk-firehose.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-firehose/customizations'
 # @service
 module Aws::Firehose
 
-  GEM_VERSION = '1.23.0'
+  GEM_VERSION = '1.24.0'
 
 end

data/lib/aws-sdk-firehose/client.rb

@@ -271,9 +271,15 @@ module Aws::Firehose
     # This is an asynchronous operation that immediately returns. The
     # initial status of the delivery stream is `CREATING`. After the
     # delivery stream is created, its status is `ACTIVE` and it now accepts
-    # data. Attempts to send data to a delivery stream that is not in the
-    # `ACTIVE` state cause an exception. To check the state of a delivery
-    # stream, use DescribeDeliveryStream.
+    # data. If the delivery stream creation fails, the status transitions to
+    # `CREATING_FAILED`. Attempts to send data to a delivery stream that is
+    # not in the `ACTIVE` state cause an exception. To check the state of a
+    # delivery stream, use DescribeDeliveryStream.
+    #
+    # If the status of a delivery stream is `CREATING_FAILED`, this status
+    # doesn't change, and you can't invoke `CreateDeliveryStream` again on
+    # it. However, you can invoke the DeleteDeliveryStream operation to
+    # delete it.
     #
     # A Kinesis Data Firehose delivery stream can be configured to receive
     # records directly from providers using PutRecord or PutRecordBatch, or
@@ -283,6 +289,12 @@ module Aws::Firehose
     # the Kinesis stream Amazon Resource Name (ARN) and role ARN in the
     # `KinesisStreamSourceConfiguration` parameter.
     #
+    # To create a delivery stream with server-side encryption (SSE) enabled,
+    # include DeliveryStreamEncryptionConfigurationInput in your request.
+    # This is optional. You can also invoke StartDeliveryStreamEncryption to
+    # turn on SSE for an existing delivery stream that doesn't have SSE
+    # enabled.
+    #
     # A delivery stream is configured with a single destination: Amazon S3,
     # Amazon ES, Amazon Redshift, or Splunk. You must specify only one of
     # the following destination configuration parameters:
@@ -354,6 +366,10 @@ module Aws::Firehose
     #   stream Amazon Resource Name (ARN) and the role ARN for the source
     #   stream.
     #
+    # @option params [Types::DeliveryStreamEncryptionConfigurationInput] :delivery_stream_encryption_configuration_input
+    #   Used to specify the type and Amazon Resource Name (ARN) of the KMS key
+    #   needed for Server-Side Encryption (SSE).
+    #
     # @option params [Types::S3DestinationConfiguration] :s3_destination_configuration
     #   \[Deprecated\] The destination in Amazon S3. You can specify only one
     #   destination.
@@ -398,6 +414,10 @@ module Aws::Firehose
     #       kinesis_stream_arn: "KinesisStreamARN", # required
     #       role_arn: "RoleARN", # required
     #     },
+    #     delivery_stream_encryption_configuration_input: {
+    #       key_arn: "AWSKMSKeyARN",
+    #       key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
+    #     },
     #     s3_destination_configuration: {
     #       role_arn: "RoleARN", # required
     #       bucket_arn: "BucketARN", # required
@@ -737,27 +757,45 @@ module Aws::Firehose
 
     # Deletes a delivery stream and its data.
     #
-    # You can delete a delivery stream only if it is in `ACTIVE` or
-    # `DELETING` state, and not in the `CREATING` state. While the deletion
-    # request is in process, the delivery stream is in the `DELETING` state.
-    #
     # To check the state of a delivery stream, use DescribeDeliveryStream.
-    #
-    # While the delivery stream is `DELETING` state, the service might
-    # continue to accept the records, but it doesn't make any guarantees
+    # You can delete a delivery stream only if it is in one of the following
+    # states: `ACTIVE`, `DELETING`, `CREATING_FAILED`, or `DELETING_FAILED`.
+    # You can't delete a delivery stream that is in the `CREATING` state.
+    # While the deletion request is in process, the delivery stream is in
+    # the `DELETING` state.
+    #
+    # While the delivery stream is in the `DELETING` state, the service
+    # might continue to accept records, but it doesn't make any guarantees
     # with respect to delivering the data. Therefore, as a best practice,
-    # you should first stop any applications that are sending records before
-    # deleting a delivery stream.
+    # first stop any applications that are sending records before you delete
+    # a delivery stream.
     #
     # @option params [required, String] :delivery_stream_name
     #   The name of the delivery stream.
     #
+    # @option params [Boolean] :allow_force_delete
+    #   Set this to true if you want to delete the delivery stream even if
+    #   Kinesis Data Firehose is unable to retire the grant for the CMK.
+    #   Kinesis Data Firehose might be unable to retire the grant due to a
+    #   customer error, such as when the CMK or the grant are in an invalid
+    #   state. If you force deletion, you can then use the [RevokeGrant][1]
+    #   operation to revoke the grant you gave to Kinesis Data Firehose. If a
+    #   failure to retire the grant happens due to an AWS KMS issue, Kinesis
+    #   Data Firehose keeps retrying the delete operation.
+    #
+    #   The default value is false.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.delete_delivery_stream({
     #     delivery_stream_name: "DeliveryStreamName", # required
+    #     allow_force_delete: false,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/DeleteDeliveryStream AWS API Documentation
@@ -769,10 +807,17 @@ module Aws::Firehose
       req.send_request(options)
     end
 
-    # Describes the specified delivery stream and gets the status. For
-    # example, after your delivery stream is created, call
-    # `DescribeDeliveryStream` to see whether the delivery stream is
-    # `ACTIVE` and therefore ready for data to be sent to it.
+    # Describes the specified delivery stream and its status. For example,
+    # after your delivery stream is created, call `DescribeDeliveryStream`
+    # to see whether the delivery stream is `ACTIVE` and therefore ready for
+    # data to be sent to it.
+    #
+    # If the status of a delivery stream is `CREATING_FAILED`, this status
+    # doesn't change, and you can't invoke CreateDeliveryStream again on
+    # it. However, you can invoke the DeleteDeliveryStream operation to
+    # delete it. If the status is `DELETING_FAILED`, you can force deletion
+    # by invoking DeleteDeliveryStream again but with
+    # DeleteDeliveryStreamInput$AllowForceDelete set to true.
     #
     # @option params [required, String] :delivery_stream_name
     #   The name of the delivery stream.
@@ -802,8 +847,14 @@ module Aws::Firehose
     #
     #   resp.delivery_stream_description.delivery_stream_name #=> String
     #   resp.delivery_stream_description.delivery_stream_arn #=> String
-    #   resp.delivery_stream_description.delivery_stream_status #=> String, one of "CREATING", "DELETING", "ACTIVE"
-    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.status #=> String, one of "ENABLED", "ENABLING", "DISABLED", "DISABLING"
+    #   resp.delivery_stream_description.delivery_stream_status #=> String, one of "CREATING", "CREATING_FAILED", "DELETING", "DELETING_FAILED", "ACTIVE"
+    #   resp.delivery_stream_description.failure_description.type #=> String, one of "RETIRE_KMS_GRANT_FAILED", "CREATE_KMS_GRANT_FAILED", "KMS_ACCESS_DENIED", "DISABLED_KMS_KEY", "INVALID_KMS_KEY", "KMS_KEY_NOT_FOUND", "KMS_OPT_IN_REQUIRED", "UNKNOWN_ERROR"
+    #   resp.delivery_stream_description.failure_description.details #=> String
+    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.key_arn #=> String
+    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.key_type #=> String, one of "AWS_OWNED_CMK", "CUSTOMER_MANAGED_CMK"
+    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.status #=> String, one of "ENABLED", "ENABLING", "ENABLING_FAILED", "DISABLED", "DISABLING", "DISABLING_FAILED"
+    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.failure_description.type #=> String, one of "RETIRE_KMS_GRANT_FAILED", "CREATE_KMS_GRANT_FAILED", "KMS_ACCESS_DENIED", "DISABLED_KMS_KEY", "INVALID_KMS_KEY", "KMS_KEY_NOT_FOUND", "KMS_OPT_IN_REQUIRED", "UNKNOWN_ERROR"
+    #   resp.delivery_stream_description.delivery_stream_encryption_configuration.failure_description.details #=> String
     #   resp.delivery_stream_description.delivery_stream_type #=> String, one of "DirectPut", "KinesisStreamAsSource"
     #   resp.delivery_stream_description.version_id #=> String
     #   resp.delivery_stream_description.create_timestamp #=> Time
@@ -1302,19 +1353,38 @@ module Aws::Firehose
     # Enables server-side encryption (SSE) for the delivery stream.
     #
     # This operation is asynchronous. It returns immediately. When you
-    # invoke it, Kinesis Data Firehose first sets the status of the stream
-    # to `ENABLING`, and then to `ENABLED`. You can continue to read and
-    # write data to your stream while its status is `ENABLING`, but the data
-    # is not encrypted. It can take up to 5 seconds after the encryption
-    # status changes to `ENABLED` before all records written to the delivery
-    # stream are encrypted. To find out whether a record or a batch of
-    # records was encrypted, check the response elements
-    # PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted,
-    # respectively.
-    #
-    # To check the encryption state of a delivery stream, use
+    # invoke it, Kinesis Data Firehose first sets the encryption status of
+    # the stream to `ENABLING`, and then to `ENABLED`. The encryption status
+    # of a delivery stream is the `Status` property in
+    # DeliveryStreamEncryptionConfiguration. If the operation fails, the
+    # encryption status changes to `ENABLING_FAILED`. You can continue to
+    # read and write data to your delivery stream while the encryption
+    # status is `ENABLING`, but the data is not encrypted. It can take up to
+    # 5 seconds after the encryption status changes to `ENABLED` before all
+    # records written to the delivery stream are encrypted. To find out
+    # whether a record or a batch of records was encrypted, check the
+    # response elements PutRecordOutput$Encrypted and
+    # PutRecordBatchOutput$Encrypted, respectively.
+    #
+    # To check the encryption status of a delivery stream, use
     # DescribeDeliveryStream.
     #
+    # Even if encryption is currently enabled for a delivery stream, you can
+    # still invoke this operation on it to change the ARN of the CMK or both
+    # its type and ARN. In this case, Kinesis Data Firehose schedules the
+    # grant it had on the old CMK for retirement and creates a grant that
+    # enables it to use the new CMK to encrypt and decrypt data and to
+    # manage the grant.
+    #
+    # If a delivery stream already has encryption enabled and then you
+    # invoke this operation to change the ARN of the CMK or both its type
+    # and ARN and you get `ENABLING_FAILED`, this only means that the
+    # attempt to change the CMK failed. In this case, encryption remains
+    # enabled with the old CMK.
+    #
+    # If the encryption status of your delivery stream is `ENABLING_FAILED`,
+    # you can invoke this operation again.
+    #
     # You can only enable SSE for a delivery stream that uses `DirectPut` as
     # its source.
     #
@@ -1329,12 +1399,20 @@ module Aws::Firehose
     #   The name of the delivery stream for which you want to enable
     #   server-side encryption (SSE).
     #
+    # @option params [Types::DeliveryStreamEncryptionConfigurationInput] :delivery_stream_encryption_configuration_input
+    #   Used to specify the type and Amazon Resource Name (ARN) of the KMS key
+    #   needed for Server-Side Encryption (SSE).
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.start_delivery_stream_encryption({
     #     delivery_stream_name: "DeliveryStreamName", # required
+    #     delivery_stream_encryption_configuration_input: {
+    #       key_arn: "AWSKMSKeyARN",
+    #       key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
+    #     },
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/StartDeliveryStreamEncryption AWS API Documentation
@@ -1349,19 +1427,24 @@ module Aws::Firehose
     # Disables server-side encryption (SSE) for the delivery stream.
     #
     # This operation is asynchronous. It returns immediately. When you
-    # invoke it, Kinesis Data Firehose first sets the status of the stream
-    # to `DISABLING`, and then to `DISABLED`. You can continue to read and
-    # write data to your stream while its status is `DISABLING`. It can take
-    # up to 5 seconds after the encryption status changes to `DISABLED`
-    # before all records written to the delivery stream are no longer
-    # subject to encryption. To find out whether a record or a batch of
-    # records was encrypted, check the response elements
+    # invoke it, Kinesis Data Firehose first sets the encryption status of
+    # the stream to `DISABLING`, and then to `DISABLED`. You can continue to
+    # read and write data to your stream while its status is `DISABLING`. It
+    # can take up to 5 seconds after the encryption status changes to
+    # `DISABLED` before all records written to the delivery stream are no
+    # longer subject to encryption. To find out whether a record or a batch
+    # of records was encrypted, check the response elements
     # PutRecordOutput$Encrypted and PutRecordBatchOutput$Encrypted,
     # respectively.
     #
     # To check the encryption state of a delivery stream, use
     # DescribeDeliveryStream.
     #
+    # If SSE is enabled using a customer managed CMK and then you invoke
+    # `StopDeliveryStreamEncryption`, Kinesis Data Firehose schedules the
+    # related KMS grant for retirement and then retires it after it ensures
+    # that it is finished delivering records to the destination.
+    #
     # The `StartDeliveryStreamEncryption` and `StopDeliveryStreamEncryption`
     # operations have a combined limit of 25 calls per delivery stream per
     # 24 hours. For example, you reach the limit if you call
@@ -1884,7 +1967,7 @@ module Aws::Firehose
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-firehose'
-      context[:gem_version] = '1.23.0'
+      context[:gem_version] = '1.24.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-firehose/client_api.rb

@@ -35,7 +35,9 @@ module Aws::Firehose
     DeliveryStreamARN = Shapes::StringShape.new(name: 'DeliveryStreamARN')
     DeliveryStreamDescription = Shapes::StructureShape.new(name: 'DeliveryStreamDescription')
     DeliveryStreamEncryptionConfiguration = Shapes::StructureShape.new(name: 'DeliveryStreamEncryptionConfiguration')
+    DeliveryStreamEncryptionConfigurationInput = Shapes::StructureShape.new(name: 'DeliveryStreamEncryptionConfigurationInput')
     DeliveryStreamEncryptionStatus = Shapes::StringShape.new(name: 'DeliveryStreamEncryptionStatus')
+    DeliveryStreamFailureType = Shapes::StringShape.new(name: 'DeliveryStreamFailureType')
     DeliveryStreamName = Shapes::StringShape.new(name: 'DeliveryStreamName')
     DeliveryStreamNameList = Shapes::ListShape.new(name: 'DeliveryStreamNameList')
     DeliveryStreamStatus = Shapes::StringShape.new(name: 'DeliveryStreamStatus')
@@ -69,6 +71,7 @@ module Aws::Firehose
     ExtendedS3DestinationConfiguration = Shapes::StructureShape.new(name: 'ExtendedS3DestinationConfiguration')
     ExtendedS3DestinationDescription = Shapes::StructureShape.new(name: 'ExtendedS3DestinationDescription')
     ExtendedS3DestinationUpdate = Shapes::StructureShape.new(name: 'ExtendedS3DestinationUpdate')
+    FailureDescription = Shapes::StructureShape.new(name: 'FailureDescription')
     HECAcknowledgmentTimeoutInSeconds = Shapes::IntegerShape.new(name: 'HECAcknowledgmentTimeoutInSeconds')
     HECEndpoint = Shapes::StringShape.new(name: 'HECEndpoint')
     HECEndpointType = Shapes::StringShape.new(name: 'HECEndpointType')
@@ -77,7 +80,9 @@ module Aws::Firehose
     InputFormatConfiguration = Shapes::StructureShape.new(name: 'InputFormatConfiguration')
     IntervalInSeconds = Shapes::IntegerShape.new(name: 'IntervalInSeconds')
     InvalidArgumentException = Shapes::StructureShape.new(name: 'InvalidArgumentException')
+    InvalidKMSResourceException = Shapes::StructureShape.new(name: 'InvalidKMSResourceException')
     KMSEncryptionConfig = Shapes::StructureShape.new(name: 'KMSEncryptionConfig')
+    KeyType = Shapes::StringShape.new(name: 'KeyType')
     KinesisStreamARN = Shapes::StringShape.new(name: 'KinesisStreamARN')
     KinesisStreamSourceConfiguration = Shapes::StructureShape.new(name: 'KinesisStreamSourceConfiguration')
     KinesisStreamSourceDescription = Shapes::StructureShape.new(name: 'KinesisStreamSourceDescription')
@@ -193,6 +198,7 @@ module Aws::Firehose
     CreateDeliveryStreamInput.add_member(:delivery_stream_name, Shapes::ShapeRef.new(shape: DeliveryStreamName, required: true, location_name: "DeliveryStreamName"))
     CreateDeliveryStreamInput.add_member(:delivery_stream_type, Shapes::ShapeRef.new(shape: DeliveryStreamType, location_name: "DeliveryStreamType"))
     CreateDeliveryStreamInput.add_member(:kinesis_stream_source_configuration, Shapes::ShapeRef.new(shape: KinesisStreamSourceConfiguration, location_name: "KinesisStreamSourceConfiguration"))
+    CreateDeliveryStreamInput.add_member(:delivery_stream_encryption_configuration_input, Shapes::ShapeRef.new(shape: DeliveryStreamEncryptionConfigurationInput, location_name: "DeliveryStreamEncryptionConfigurationInput"))
     CreateDeliveryStreamInput.add_member(:s3_destination_configuration, Shapes::ShapeRef.new(shape: S3DestinationConfiguration, deprecated: true, location_name: "S3DestinationConfiguration"))
     CreateDeliveryStreamInput.add_member(:extended_s3_destination_configuration, Shapes::ShapeRef.new(shape: ExtendedS3DestinationConfiguration, location_name: "ExtendedS3DestinationConfiguration"))
     CreateDeliveryStreamInput.add_member(:redshift_destination_configuration, Shapes::ShapeRef.new(shape: RedshiftDestinationConfiguration, location_name: "RedshiftDestinationConfiguration"))
@@ -211,6 +217,7 @@ module Aws::Firehose
     DataFormatConversionConfiguration.struct_class = Types::DataFormatConversionConfiguration
 
     DeleteDeliveryStreamInput.add_member(:delivery_stream_name, Shapes::ShapeRef.new(shape: DeliveryStreamName, required: true, location_name: "DeliveryStreamName"))
+    DeleteDeliveryStreamInput.add_member(:allow_force_delete, Shapes::ShapeRef.new(shape: BooleanObject, location_name: "AllowForceDelete"))
     DeleteDeliveryStreamInput.struct_class = Types::DeleteDeliveryStreamInput
 
     DeleteDeliveryStreamOutput.struct_class = Types::DeleteDeliveryStreamOutput
@@ -218,6 +225,7 @@ module Aws::Firehose
     DeliveryStreamDescription.add_member(:delivery_stream_name, Shapes::ShapeRef.new(shape: DeliveryStreamName, required: true, location_name: "DeliveryStreamName"))
     DeliveryStreamDescription.add_member(:delivery_stream_arn, Shapes::ShapeRef.new(shape: DeliveryStreamARN, required: true, location_name: "DeliveryStreamARN"))
     DeliveryStreamDescription.add_member(:delivery_stream_status, Shapes::ShapeRef.new(shape: DeliveryStreamStatus, required: true, location_name: "DeliveryStreamStatus"))
+    DeliveryStreamDescription.add_member(:failure_description, Shapes::ShapeRef.new(shape: FailureDescription, location_name: "FailureDescription"))
     DeliveryStreamDescription.add_member(:delivery_stream_encryption_configuration, Shapes::ShapeRef.new(shape: DeliveryStreamEncryptionConfiguration, location_name: "DeliveryStreamEncryptionConfiguration"))
     DeliveryStreamDescription.add_member(:delivery_stream_type, Shapes::ShapeRef.new(shape: DeliveryStreamType, required: true, location_name: "DeliveryStreamType"))
     DeliveryStreamDescription.add_member(:version_id, Shapes::ShapeRef.new(shape: DeliveryStreamVersionId, required: true, location_name: "VersionId"))
@@ -228,9 +236,16 @@ module Aws::Firehose
     DeliveryStreamDescription.add_member(:has_more_destinations, Shapes::ShapeRef.new(shape: BooleanObject, required: true, location_name: "HasMoreDestinations"))
     DeliveryStreamDescription.struct_class = Types::DeliveryStreamDescription
 
+    DeliveryStreamEncryptionConfiguration.add_member(:key_arn, Shapes::ShapeRef.new(shape: AWSKMSKeyARN, location_name: "KeyARN"))
+    DeliveryStreamEncryptionConfiguration.add_member(:key_type, Shapes::ShapeRef.new(shape: KeyType, location_name: "KeyType"))
     DeliveryStreamEncryptionConfiguration.add_member(:status, Shapes::ShapeRef.new(shape: DeliveryStreamEncryptionStatus, location_name: "Status"))
+    DeliveryStreamEncryptionConfiguration.add_member(:failure_description, Shapes::ShapeRef.new(shape: FailureDescription, location_name: "FailureDescription"))
     DeliveryStreamEncryptionConfiguration.struct_class = Types::DeliveryStreamEncryptionConfiguration
 
+    DeliveryStreamEncryptionConfigurationInput.add_member(:key_arn, Shapes::ShapeRef.new(shape: AWSKMSKeyARN, location_name: "KeyARN"))
+    DeliveryStreamEncryptionConfigurationInput.add_member(:key_type, Shapes::ShapeRef.new(shape: KeyType, required: true, location_name: "KeyType"))
+    DeliveryStreamEncryptionConfigurationInput.struct_class = Types::DeliveryStreamEncryptionConfigurationInput
+
     DeliveryStreamNameList.member = Shapes::ShapeRef.new(shape: DeliveryStreamName)
 
     DescribeDeliveryStreamInput.add_member(:delivery_stream_name, Shapes::ShapeRef.new(shape: DeliveryStreamName, required: true, location_name: "DeliveryStreamName"))
@@ -349,6 +364,10 @@ module Aws::Firehose
     ExtendedS3DestinationUpdate.add_member(:data_format_conversion_configuration, Shapes::ShapeRef.new(shape: DataFormatConversionConfiguration, location_name: "DataFormatConversionConfiguration"))
     ExtendedS3DestinationUpdate.struct_class = Types::ExtendedS3DestinationUpdate
 
+    FailureDescription.add_member(:type, Shapes::ShapeRef.new(shape: DeliveryStreamFailureType, required: true, location_name: "Type"))
+    FailureDescription.add_member(:details, Shapes::ShapeRef.new(shape: NonEmptyString, required: true, location_name: "Details"))
+    FailureDescription.struct_class = Types::FailureDescription
+
     HiveJsonSerDe.add_member(:timestamp_formats, Shapes::ShapeRef.new(shape: ListOfNonEmptyStrings, location_name: "TimestampFormats"))
     HiveJsonSerDe.struct_class = Types::HiveJsonSerDe
 
@@ -358,6 +377,10 @@ module Aws::Firehose
     InvalidArgumentException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "message"))
     InvalidArgumentException.struct_class = Types::InvalidArgumentException
 
+    InvalidKMSResourceException.add_member(:code, Shapes::ShapeRef.new(shape: ErrorCode, location_name: "code"))
+    InvalidKMSResourceException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "message"))
+    InvalidKMSResourceException.struct_class = Types::InvalidKMSResourceException
+
     KMSEncryptionConfig.add_member(:awskms_key_arn, Shapes::ShapeRef.new(shape: AWSKMSKeyARN, required: true, location_name: "AWSKMSKeyARN"))
     KMSEncryptionConfig.struct_class = Types::KMSEncryptionConfig
 
@@ -602,6 +625,7 @@ module Aws::Firehose
     SplunkRetryOptions.struct_class = Types::SplunkRetryOptions
 
     StartDeliveryStreamEncryptionInput.add_member(:delivery_stream_name, Shapes::ShapeRef.new(shape: DeliveryStreamName, required: true, location_name: "DeliveryStreamName"))
+    StartDeliveryStreamEncryptionInput.add_member(:delivery_stream_encryption_configuration_input, Shapes::ShapeRef.new(shape: DeliveryStreamEncryptionConfigurationInput, location_name: "DeliveryStreamEncryptionConfigurationInput"))
     StartDeliveryStreamEncryptionInput.struct_class = Types::StartDeliveryStreamEncryptionInput
 
     StartDeliveryStreamEncryptionOutput.struct_class = Types::StartDeliveryStreamEncryptionOutput
@@ -671,6 +695,7 @@ module Aws::Firehose
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgumentException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidKMSResourceException)
       end)
 
       api.add_operation(:delete_delivery_stream, Seahorse::Model::Operation.new.tap do |o|
@@ -719,6 +744,7 @@ module Aws::Firehose
         o.output = Shapes::ShapeRef.new(shape: PutRecordOutput)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgumentException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidKMSResourceException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
@@ -730,6 +756,7 @@ module Aws::Firehose
         o.output = Shapes::ShapeRef.new(shape: PutRecordBatchOutput)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgumentException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidKMSResourceException)
         o.errors << Shapes::ShapeRef.new(shape: ServiceUnavailableException)
       end)
 
@@ -743,6 +770,7 @@ module Aws::Firehose
         o.errors << Shapes::ShapeRef.new(shape: ResourceInUseException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidArgumentException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidKMSResourceException)
       end)
 
       api.add_operation(:stop_delivery_stream_encryption, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-firehose/errors.rb

@@ -42,6 +42,27 @@ module Aws::Firehose
 
     end
 
+    class InvalidKMSResourceException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::Firehose::Types::InvalidKMSResourceException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def code
+        @code || @data[:code]
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+
+    end
+
     class LimitExceededException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-firehose/types.rb

@@ -168,6 +168,10 @@ module Aws::Firehose
     #           kinesis_stream_arn: "KinesisStreamARN", # required
     #           role_arn: "RoleARN", # required
     #         },
+    #         delivery_stream_encryption_configuration_input: {
+    #           key_arn: "AWSKMSKeyARN",
+    #           key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
+    #         },
     #         s3_destination_configuration: {
     #           role_arn: "RoleARN", # required
     #           bucket_arn: "BucketARN", # required
@@ -517,6 +521,11 @@ module Aws::Firehose
     #   source stream.
     #   @return [Types::KinesisStreamSourceConfiguration]
     #
+    # @!attribute [rw] delivery_stream_encryption_configuration_input
+    #   Used to specify the type and Amazon Resource Name (ARN) of the KMS
+    #   key needed for Server-Side Encryption (SSE).
+    #   @return [Types::DeliveryStreamEncryptionConfigurationInput]
+    #
     # @!attribute [rw] s3_destination_configuration
     #   \[Deprecated\] The destination in Amazon S3. You can specify only
     #   one destination.
@@ -561,6 +570,7 @@ module Aws::Firehose
       :delivery_stream_name,
       :delivery_stream_type,
       :kinesis_stream_source_configuration,
+      :delivery_stream_encryption_configuration_input,
       :s3_destination_configuration,
       :extended_s3_destination_configuration,
       :redshift_destination_configuration,
@@ -681,16 +691,35 @@ module Aws::Firehose
     #
     #       {
     #         delivery_stream_name: "DeliveryStreamName", # required
+    #         allow_force_delete: false,
     #       }
     #
     # @!attribute [rw] delivery_stream_name
     #   The name of the delivery stream.
     #   @return [String]
     #
+    # @!attribute [rw] allow_force_delete
+    #   Set this to true if you want to delete the delivery stream even if
+    #   Kinesis Data Firehose is unable to retire the grant for the CMK.
+    #   Kinesis Data Firehose might be unable to retire the grant due to a
+    #   customer error, such as when the CMK or the grant are in an invalid
+    #   state. If you force deletion, you can then use the [RevokeGrant][1]
+    #   operation to revoke the grant you gave to Kinesis Data Firehose. If
+    #   a failure to retire the grant happens due to an AWS KMS issue,
+    #   Kinesis Data Firehose keeps retrying the delete operation.
+    #
+    #   The default value is false.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RevokeGrant.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/DeleteDeliveryStreamInput AWS API Documentation
     #
     class DeleteDeliveryStreamInput < Struct.new(
-      :delivery_stream_name)
+      :delivery_stream_name,
+      :allow_force_delete)
       include Aws::Structure
     end
 
@@ -715,9 +744,19 @@ module Aws::Firehose
     #   @return [String]
     #
     # @!attribute [rw] delivery_stream_status
-    #   The status of the delivery stream.
+    #   The status of the delivery stream. If the status of a delivery
+    #   stream is `CREATING_FAILED`, this status doesn't change, and you
+    #   can't invoke `CreateDeliveryStream` again on it. However, you can
+    #   invoke the DeleteDeliveryStream operation to delete it.
     #   @return [String]
     #
+    # @!attribute [rw] failure_description
+    #   Provides details in case one of the following operations fails due
+    #   to an error related to KMS: CreateDeliveryStream,
+    #   DeleteDeliveryStream, StartDeliveryStreamEncryption,
+    #   StopDeliveryStreamEncryption.
+    #   @return [Types::FailureDescription]
+    #
     # @!attribute [rw] delivery_stream_encryption_configuration
     #   Indicates the server-side encryption (SSE) status for the delivery
     #   stream.
@@ -767,6 +806,7 @@ module Aws::Firehose
       :delivery_stream_name,
       :delivery_stream_arn,
       :delivery_stream_status,
+      :failure_description,
       :delivery_stream_encryption_configuration,
       :delivery_stream_type,
       :version_id,
@@ -778,18 +818,99 @@ module Aws::Firehose
       include Aws::Structure
     end
 
-    # Indicates the server-side encryption (SSE) status for the delivery
-    # stream.
+    # Contains information about the server-side encryption (SSE) status for
+    # the delivery stream, the type customer master key (CMK) in use, if
+    # any, and the ARN of the CMK. You can get
+    # `DeliveryStreamEncryptionConfiguration` by invoking the
+    # DescribeDeliveryStream operation.
+    #
+    # @!attribute [rw] key_arn
+    #   If `KeyType` is `CUSTOMER_MANAGED_CMK`, this field contains the ARN
+    #   of the customer managed CMK. If `KeyType` is `AWS_OWNED_CMK`,
+    #   `DeliveryStreamEncryptionConfiguration` doesn't contain a value for
+    #   `KeyARN`.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_type
+    #   Indicates the type of customer master key (CMK) that is used for
+    #   encryption. The default setting is `AWS_OWNED_CMK`. For more
+    #   information about CMKs, see [Customer Master Keys (CMKs)][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
+    #   @return [String]
     #
     # @!attribute [rw] status
-    #   For a full description of the different values of this status, see
-    #   StartDeliveryStreamEncryption and StopDeliveryStreamEncryption.
+    #   This is the server-side encryption (SSE) status for the delivery
+    #   stream. For a full description of the different values of this
+    #   status, see StartDeliveryStreamEncryption and
+    #   StopDeliveryStreamEncryption. If this status is `ENABLING_FAILED` or
+    #   `DISABLING_FAILED`, it is the status of the most recent attempt to
+    #   enable or disable SSE, respectively.
     #   @return [String]
     #
+    # @!attribute [rw] failure_description
+    #   Provides details in case one of the following operations fails due
+    #   to an error related to KMS: CreateDeliveryStream,
+    #   DeleteDeliveryStream, StartDeliveryStreamEncryption,
+    #   StopDeliveryStreamEncryption.
+    #   @return [Types::FailureDescription]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/DeliveryStreamEncryptionConfiguration AWS API Documentation
     #
     class DeliveryStreamEncryptionConfiguration < Struct.new(
-      :status)
+      :key_arn,
+      :key_type,
+      :status,
+      :failure_description)
+      include Aws::Structure
+    end
+
+    # Used to specify the type and Amazon Resource Name (ARN) of the CMK
+    # needed for Server-Side Encryption (SSE).
+    #
+    # @note When making an API call, you may pass DeliveryStreamEncryptionConfigurationInput
+    #   data as a hash:
+    #
+    #       {
+    #         key_arn: "AWSKMSKeyARN",
+    #         key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
+    #       }
+    #
+    # @!attribute [rw] key_arn
+    #   If you set `KeyType` to `CUSTOMER_MANAGED_CMK`, you must specify the
+    #   Amazon Resource Name (ARN) of the CMK. If you set `KeyType` to
+    #   `AWS_OWNED_CMK`, Kinesis Data Firehose uses a service-account CMK.
+    #   @return [String]
+    #
+    # @!attribute [rw] key_type
+    #   Indicates the type of customer master key (CMK) to use for
+    #   encryption. The default setting is `AWS_OWNED_CMK`. For more
+    #   information about CMKs, see [Customer Master Keys (CMKs)][1]. When
+    #   you invoke CreateDeliveryStream or StartDeliveryStreamEncryption
+    #   with `KeyType` set to CUSTOMER\_MANAGED\_CMK, Kinesis Data Firehose
+    #   invokes the Amazon KMS operation [CreateGrant][2] to create a grant
+    #   that allows the Kinesis Data Firehose service to use the customer
+    #   managed CMK to perform encryption and decryption. Kinesis Data
+    #   Firehose manages that grant.
+    #
+    #   When you invoke StartDeliveryStreamEncryption to change the CMK for
+    #   a delivery stream that is already encrypted with a customer managed
+    #   CMK, Kinesis Data Firehose schedules the grant it had on the old CMK
+    #   for retirement.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
+    #   [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/DeliveryStreamEncryptionConfigurationInput AWS API Documentation
+    #
+    class DeliveryStreamEncryptionConfigurationInput < Struct.new(
+      :key_arn,
+      :key_type)
       include Aws::Structure
     end
 
@@ -1953,6 +2074,26 @@ module Aws::Firehose
       include Aws::Structure
     end
 
+    # Provides details in case one of the following operations fails due to
+    # an error related to KMS: CreateDeliveryStream, DeleteDeliveryStream,
+    # StartDeliveryStreamEncryption, StopDeliveryStreamEncryption.
+    #
+    # @!attribute [rw] type
+    #   The type of error that caused the failure.
+    #   @return [String]
+    #
+    # @!attribute [rw] details
+    #   A message providing details about the error that caused the failure.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/FailureDescription AWS API Documentation
+    #
+    class FailureDescription < Struct.new(
+      :type,
+      :details)
+      include Aws::Structure
+    end
+
     # The native Hive / HCatalog JsonSerDe. Used by Kinesis Data Firehose
     # for deserializing data, which means converting it from the JSON format
     # in preparation for serializing it to the Parquet or ORC format. This
@@ -2036,6 +2177,26 @@ module Aws::Firehose
       include Aws::Structure
     end
 
+    # Kinesis Data Firehose throws this exception when an attempt to put
+    # records or to start or stop delivery stream encryption fails. This
+    # happens when the KMS service throws one of the following exception
+    # types: `AccessDeniedException`, `InvalidStateException`,
+    # `DisabledException`, or `NotFoundException`.
+    #
+    # @!attribute [rw] code
+    #   @return [String]
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/InvalidKMSResourceException AWS API Documentation
+    #
+    class InvalidKMSResourceException < Struct.new(
+      :code,
+      :message)
+      include Aws::Structure
+    end
+
     # Describes an encryption key for a destination in Amazon S3.
     #
     # @note When making an API call, you may pass KMSEncryptionConfig
@@ -2504,7 +2665,7 @@ module Aws::Firehose
     #   The compression code to use over data blocks. The possible values
     #   are `UNCOMPRESSED`, `SNAPPY`, and `GZIP`, with the default being
     #   `SNAPPY`. Use `SNAPPY` for higher decompression speed. Use `GZIP` if
-    #   the compression ration is more important than speed.
+    #   the compression ratio is more important than speed.
     #   @return [String]
     #
     # @!attribute [rw] enable_dictionary_compression
@@ -3989,6 +4150,10 @@ module Aws::Firehose
     #
     #       {
     #         delivery_stream_name: "DeliveryStreamName", # required
+    #         delivery_stream_encryption_configuration_input: {
+    #           key_arn: "AWSKMSKeyARN",
+    #           key_type: "AWS_OWNED_CMK", # required, accepts AWS_OWNED_CMK, CUSTOMER_MANAGED_CMK
+    #         },
     #       }
     #
     # @!attribute [rw] delivery_stream_name
@@ -3996,10 +4161,16 @@ module Aws::Firehose
     #   server-side encryption (SSE).
     #   @return [String]
     #
+    # @!attribute [rw] delivery_stream_encryption_configuration_input
+    #   Used to specify the type and Amazon Resource Name (ARN) of the KMS
+    #   key needed for Server-Side Encryption (SSE).
+    #   @return [Types::DeliveryStreamEncryptionConfigurationInput]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/firehose-2015-08-04/StartDeliveryStreamEncryptionInput AWS API Documentation
     #
     class StartDeliveryStreamEncryptionInput < Struct.new(
-      :delivery_stream_name)
+      :delivery_stream_name,
+      :delivery_stream_encryption_configuration_input)
       include Aws::Structure
     end
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-firehose
 version: !ruby/object:Gem::Version
-  version: 1.23.0
+  version: 1.24.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-23 00:00:00.000000000 Z
+date: 2019-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core