aws-sdk-ram 1.41.0 → 1.43.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -374,7 +374,7 @@ module Aws::RAM
374
374
  # relevant Amazon Web Services Management Consoles and tools.
375
375
  #
376
376
  # @option params [required, String] :resource_share_invitation_arn
377
- # The [Amazon Resoure Name (ARN)][1] of the invitation that you want to
377
+ # The [Amazon Resource Name (ARN)][1] of the invitation that you want to
378
378
  # accept.
379
379
  #
380
380
  #
@@ -392,6 +392,10 @@ module Aws::RAM
392
392
  # If you don't provide this value, then Amazon Web Services generates a
393
393
  # random one for you.
394
394
  #
395
+ # If you retry the operation with the same `ClientToken`, but with
396
+ # different parameters, the retry fails with an
397
+ # `IdempotentParameterMismatch` error.
398
+ #
395
399
  #
396
400
  #
397
401
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -446,7 +450,7 @@ module Aws::RAM
446
450
  # resource share.
447
451
  #
448
452
  # @option params [required, String] :resource_share_arn
449
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share
453
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share
450
454
  # that you want to add principals or resources to.
451
455
  #
452
456
  #
@@ -474,7 +478,7 @@ module Aws::RAM
474
478
  #
475
479
  # * An Amazon Web Services account ID, for example: `123456789012`
476
480
  #
477
- # * An [Amazon Resoure Name (ARN)][1] of an organization in
481
+ # * An [Amazon Resource Name (ARN)][1] of an organization in
478
482
  # Organizations, for example:
479
483
  # `organizations::123456789012:organization/o-exampleorgid`
480
484
  #
@@ -508,6 +512,10 @@ module Aws::RAM
508
512
  # If you don't provide this value, then Amazon Web Services generates a
509
513
  # random one for you.
510
514
  #
515
+ # If you retry the operation with the same `ClientToken`, but with
516
+ # different parameters, the retry fails with an
517
+ # `IdempotentParameterMismatch` error.
518
+ #
511
519
  #
512
520
  #
513
521
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -556,7 +564,7 @@ module Aws::RAM
556
564
  # type currently in the resource share.
557
565
  #
558
566
  # @option params [required, String] :resource_share_arn
559
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share to
567
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
560
568
  # which you want to add or replace permissions.
561
569
  #
562
570
  #
@@ -564,7 +572,7 @@ module Aws::RAM
564
572
  # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
565
573
  #
566
574
  # @option params [required, String] :permission_arn
567
- # Specifies the [Amazon Resoure Name (ARN)][1] of the RAM permission to
575
+ # Specifies the [Amazon Resource Name (ARN)][1] of the RAM permission to
568
576
  # associate with the resource share. To find the ARN for a permission,
569
577
  # use either the ListPermissions operation or go to the [Permissions
570
578
  # library][2] page in the RAM console and then choose the name of the
@@ -576,10 +584,11 @@ module Aws::RAM
576
584
  # [2]: https://console.aws.amazon.com/ram/home#Permissions:
577
585
  #
578
586
  # @option params [Boolean] :replace
579
- # Specifies whether the specified permission should replace or add to
580
- # the existing permission associated with the resource share. Use `true`
581
- # to replace the current permissions. Use `false` to add the permission
582
- # to the current permission. The default value is `false`.
587
+ # Specifies whether the specified permission should replace the existing
588
+ # permission associated with the resource share. Use `true` to replace
589
+ # the current permissions. Use `false` to add the permission to a
590
+ # resource share that currently doesn't have a permission. The default
591
+ # value is `false`.
583
592
  #
584
593
  # <note markdown="1"> A resource share can have only one permission per resource type. If a
585
594
  # resource share already has a permission for the specified resource
@@ -599,16 +608,27 @@ module Aws::RAM
599
608
  # If you don't provide this value, then Amazon Web Services generates a
600
609
  # random one for you.
601
610
  #
611
+ # If you retry the operation with the same `ClientToken`, but with
612
+ # different parameters, the retry fails with an
613
+ # `IdempotentParameterMismatch` error.
614
+ #
602
615
  #
603
616
  #
604
617
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
605
618
  #
606
619
  # @option params [Integer] :permission_version
607
620
  # Specifies the version of the RAM permission to associate with the
608
- # resource share. If you don't specify this parameter, the operation
609
- # uses the version designated as the default. You can use the
610
- # ListPermissionVersions operation to discover the available versions of
611
- # a permission.
621
+ # resource share. You can specify *only* the version that is currently
622
+ # set as the default version for the permission. If you also set the
623
+ # `replace` pararameter to `true`, then this operation updates an
624
+ # outdated version of the permission to the current default version.
625
+ #
626
+ # <note markdown="1"> You don't need to specify this parameter because the default behavior
627
+ # is to use the version that is currently set as the default version for
628
+ # the permission. This parameter is supported for backwards
629
+ # compatibility.
630
+ #
631
+ # </note>
612
632
  #
613
633
  # @return [Types::AssociateResourceSharePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
614
634
  #
@@ -639,6 +659,234 @@ module Aws::RAM
639
659
  req.send_request(options)
640
660
  end
641
661
 
662
+ # Creates a customer managed permission for a specified resource type
663
+ # that you can attach to resource shares. It is created in the Amazon
664
+ # Web Services Region in which you call the operation.
665
+ #
666
+ # @option params [required, String] :name
667
+ # Specifies the name of the customer managed permission. The name must
668
+ # be unique within the Amazon Web Services Region.
669
+ #
670
+ # @option params [required, String] :resource_type
671
+ # Specifies the name of the resource type that this customer managed
672
+ # permission applies to.
673
+ #
674
+ # The format is ` <service-code>:<resource-type> ` and is not case
675
+ # sensitive. For example, to specify an Amazon EC2 Subnet, you can use
676
+ # the string `ec2:subnet`. To see the list of valid values for this
677
+ # parameter, query the ListResourceTypes operation.
678
+ #
679
+ # @option params [required, String] :policy_template
680
+ # A string in JSON format string that contains the following elements of
681
+ # a resource-based policy:
682
+ #
683
+ # * **Effect**: must be set to `ALLOW`.
684
+ #
685
+ # * **Action**: specifies the actions that are allowed by this customer
686
+ # managed permission. The list must contain only actions that are
687
+ # supported by the specified resource type. For a list of all actions
688
+ # supported by each resource type, see [Actions, resources, and
689
+ # condition keys for Amazon Web Services services][1] in the *Identity
690
+ # and Access Management User Guide*.
691
+ #
692
+ # * **Condition**: (optional) specifies conditional parameters that must
693
+ # evaluate to true when a user attempts an action for that action to
694
+ # be allowed. For more information about the Condition element, see
695
+ # [IAM policies: Condition element][2] in the *Identity and Access
696
+ # Management User Guide*.
697
+ #
698
+ # This template can't include either the `Resource` or `Principal`
699
+ # elements. Those are both filled in by RAM when it instantiates the
700
+ # resource-based policy on each resource shared using this managed
701
+ # permission. The `Resource` comes from the ARN of the specific resource
702
+ # that you are sharing. The `Principal` comes from the list of
703
+ # identities added to the resource share.
704
+ #
705
+ #
706
+ #
707
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
708
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
709
+ #
710
+ # @option params [String] :client_token
711
+ # Specifies a unique, case-sensitive identifier that you provide to
712
+ # ensure the idempotency of the request. This lets you safely retry the
713
+ # request without accidentally performing the same operation a second
714
+ # time. Passing the same value to a later call to an operation requires
715
+ # that you also pass the same value for all other parameters. We
716
+ # recommend that you use a [UUID type of value.][1].
717
+ #
718
+ # If you don't provide this value, then Amazon Web Services generates a
719
+ # random one for you.
720
+ #
721
+ # If you retry the operation with the same `ClientToken`, but with
722
+ # different parameters, the retry fails with an
723
+ # `IdempotentParameterMismatch` error.
724
+ #
725
+ #
726
+ #
727
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
728
+ #
729
+ # @option params [Array<Types::Tag>] :tags
730
+ # Specifies a list of one or more tag key and value pairs to attach to
731
+ # the permission.
732
+ #
733
+ # @return [Types::CreatePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
734
+ #
735
+ # * {Types::CreatePermissionResponse#permission #permission} => Types::ResourceSharePermissionSummary
736
+ # * {Types::CreatePermissionResponse#client_token #client_token} => String
737
+ #
738
+ # @example Request syntax with placeholder values
739
+ #
740
+ # resp = client.create_permission({
741
+ # name: "PermissionName", # required
742
+ # resource_type: "String", # required
743
+ # policy_template: "Policy", # required
744
+ # client_token: "String",
745
+ # tags: [
746
+ # {
747
+ # key: "TagKey",
748
+ # value: "TagValue",
749
+ # },
750
+ # ],
751
+ # })
752
+ #
753
+ # @example Response structure
754
+ #
755
+ # resp.permission.arn #=> String
756
+ # resp.permission.version #=> String
757
+ # resp.permission.default_version #=> Boolean
758
+ # resp.permission.name #=> String
759
+ # resp.permission.resource_type #=> String
760
+ # resp.permission.status #=> String
761
+ # resp.permission.creation_time #=> Time
762
+ # resp.permission.last_updated_time #=> Time
763
+ # resp.permission.is_resource_type_default #=> Boolean
764
+ # resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
765
+ # resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
766
+ # resp.permission.tags #=> Array
767
+ # resp.permission.tags[0].key #=> String
768
+ # resp.permission.tags[0].value #=> String
769
+ # resp.client_token #=> String
770
+ #
771
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermission AWS API Documentation
772
+ #
773
+ # @overload create_permission(params = {})
774
+ # @param [Hash] params ({})
775
+ def create_permission(params = {}, options = {})
776
+ req = build_request(:create_permission, params)
777
+ req.send_request(options)
778
+ end
779
+
780
+ # Creates a new version of the specified customer managed permission.
781
+ # The new version is automatically set as the default version of the
782
+ # customer managed permission. New resource shares automatically use the
783
+ # default permission. Existing resource shares continue to use their
784
+ # original permission versions, but you can use
785
+ # ReplacePermissionAssociations to update them.
786
+ #
787
+ # If the specified customer managed permission already has the maximum
788
+ # of 5 versions, then you must delete one of the existing versions
789
+ # before you can create a new one.
790
+ #
791
+ # @option params [required, String] :permission_arn
792
+ # Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
793
+ # permission you're creating a new version for.
794
+ #
795
+ #
796
+ #
797
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
798
+ #
799
+ # @option params [required, String] :policy_template
800
+ # A string in JSON format string that contains the following elements of
801
+ # a resource-based policy:
802
+ #
803
+ # * **Effect**: must be set to `ALLOW`.
804
+ #
805
+ # * **Action**: specifies the actions that are allowed by this customer
806
+ # managed permission. The list must contain only actions that are
807
+ # supported by the specified resource type. For a list of all actions
808
+ # supported by each resource type, see [Actions, resources, and
809
+ # condition keys for Amazon Web Services services][1] in the *Identity
810
+ # and Access Management User Guide*.
811
+ #
812
+ # * **Condition**: (optional) specifies conditional parameters that must
813
+ # evaluate to true when a user attempts an action for that action to
814
+ # be allowed. For more information about the Condition element, see
815
+ # [IAM policies: Condition element][2] in the *Identity and Access
816
+ # Management User Guide*.
817
+ #
818
+ # This template can't include either the `Resource` or `Principal`
819
+ # elements. Those are both filled in by RAM when it instantiates the
820
+ # resource-based policy on each resource shared using this managed
821
+ # permission. The `Resource` comes from the ARN of the specific resource
822
+ # that you are sharing. The `Principal` comes from the list of
823
+ # identities added to the resource share.
824
+ #
825
+ #
826
+ #
827
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html
828
+ # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html
829
+ #
830
+ # @option params [String] :client_token
831
+ # Specifies a unique, case-sensitive identifier that you provide to
832
+ # ensure the idempotency of the request. This lets you safely retry the
833
+ # request without accidentally performing the same operation a second
834
+ # time. Passing the same value to a later call to an operation requires
835
+ # that you also pass the same value for all other parameters. We
836
+ # recommend that you use a [UUID type of value.][1].
837
+ #
838
+ # If you don't provide this value, then Amazon Web Services generates a
839
+ # random one for you.
840
+ #
841
+ # If you retry the operation with the same `ClientToken`, but with
842
+ # different parameters, the retry fails with an
843
+ # `IdempotentParameterMismatch` error.
844
+ #
845
+ #
846
+ #
847
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
848
+ #
849
+ # @return [Types::CreatePermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
850
+ #
851
+ # * {Types::CreatePermissionVersionResponse#permission #permission} => Types::ResourceSharePermissionDetail
852
+ # * {Types::CreatePermissionVersionResponse#client_token #client_token} => String
853
+ #
854
+ # @example Request syntax with placeholder values
855
+ #
856
+ # resp = client.create_permission_version({
857
+ # permission_arn: "String", # required
858
+ # policy_template: "Policy", # required
859
+ # client_token: "String",
860
+ # })
861
+ #
862
+ # @example Response structure
863
+ #
864
+ # resp.permission.arn #=> String
865
+ # resp.permission.version #=> String
866
+ # resp.permission.default_version #=> Boolean
867
+ # resp.permission.name #=> String
868
+ # resp.permission.resource_type #=> String
869
+ # resp.permission.permission #=> String
870
+ # resp.permission.creation_time #=> Time
871
+ # resp.permission.last_updated_time #=> Time
872
+ # resp.permission.is_resource_type_default #=> Boolean
873
+ # resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
874
+ # resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
875
+ # resp.permission.status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
876
+ # resp.permission.tags #=> Array
877
+ # resp.permission.tags[0].key #=> String
878
+ # resp.permission.tags[0].value #=> String
879
+ # resp.client_token #=> String
880
+ #
881
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/CreatePermissionVersion AWS API Documentation
882
+ #
883
+ # @overload create_permission_version(params = {})
884
+ # @param [Hash] params ({})
885
+ def create_permission_version(params = {}, options = {})
886
+ req = build_request(:create_permission_version, params)
887
+ req.send_request(options)
888
+ end
889
+
642
890
  # Creates a resource share. You can provide a list of the [Amazon
643
891
  # Resource Names (ARNs)][1] for the resources that you want to share, a
644
892
  # list of principals you want to share the resources with, and the
@@ -670,7 +918,7 @@ module Aws::RAM
670
918
  #
671
919
  # * An Amazon Web Services account ID, for example: `123456789012`
672
920
  #
673
- # * An [Amazon Resoure Name (ARN)][1] of an organization in
921
+ # * An [Amazon Resource Name (ARN)][1] of an organization in
674
922
  # Organizations, for example:
675
923
  # `organizations::123456789012:organization/o-exampleorgid`
676
924
  #
@@ -717,6 +965,10 @@ module Aws::RAM
717
965
  # If you don't provide this value, then Amazon Web Services generates a
718
966
  # random one for you.
719
967
  #
968
+ # If you retry the operation with the same `ClientToken`, but with
969
+ # different parameters, the retry fails with an
970
+ # `IdempotentParameterMismatch` error.
971
+ #
720
972
  #
721
973
  #
722
974
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -779,13 +1031,155 @@ module Aws::RAM
779
1031
  req.send_request(options)
780
1032
  end
781
1033
 
782
- # Deletes the specified resource share. This doesn't delete any of the
783
- # resources that were associated with the resource share; it only stops
784
- # the sharing of those resources outside of the Amazon Web Services
785
- # account that created them.
1034
+ # Deletes the specified customer managed permission in the Amazon Web
1035
+ # Services Region in which you call this operation. You can delete a
1036
+ # customer managed permission only if it isn't attached to any resource
1037
+ # share. The operation deletes all versions associated with the customer
1038
+ # managed permission.
1039
+ #
1040
+ # @option params [required, String] :permission_arn
1041
+ # Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
1042
+ # permission that you want to delete.
1043
+ #
1044
+ #
1045
+ #
1046
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1047
+ #
1048
+ # @option params [String] :client_token
1049
+ # Specifies a unique, case-sensitive identifier that you provide to
1050
+ # ensure the idempotency of the request. This lets you safely retry the
1051
+ # request without accidentally performing the same operation a second
1052
+ # time. Passing the same value to a later call to an operation requires
1053
+ # that you also pass the same value for all other parameters. We
1054
+ # recommend that you use a [UUID type of value.][1].
1055
+ #
1056
+ # If you don't provide this value, then Amazon Web Services generates a
1057
+ # random one for you.
1058
+ #
1059
+ # If you retry the operation with the same `ClientToken`, but with
1060
+ # different parameters, the retry fails with an
1061
+ # `IdempotentParameterMismatch` error.
1062
+ #
1063
+ #
1064
+ #
1065
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
1066
+ #
1067
+ # @return [Types::DeletePermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1068
+ #
1069
+ # * {Types::DeletePermissionResponse#return_value #return_value} => Boolean
1070
+ # * {Types::DeletePermissionResponse#client_token #client_token} => String
1071
+ # * {Types::DeletePermissionResponse#permission_status #permission_status} => String
1072
+ #
1073
+ # @example Request syntax with placeholder values
1074
+ #
1075
+ # resp = client.delete_permission({
1076
+ # permission_arn: "String", # required
1077
+ # client_token: "String",
1078
+ # })
1079
+ #
1080
+ # @example Response structure
1081
+ #
1082
+ # resp.return_value #=> Boolean
1083
+ # resp.client_token #=> String
1084
+ # resp.permission_status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
1085
+ #
1086
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermission AWS API Documentation
1087
+ #
1088
+ # @overload delete_permission(params = {})
1089
+ # @param [Hash] params ({})
1090
+ def delete_permission(params = {}, options = {})
1091
+ req = build_request(:delete_permission, params)
1092
+ req.send_request(options)
1093
+ end
1094
+
1095
+ # Deletes one version of a customer managed permission. The version you
1096
+ # specify must not be attached to any resource share and must not be the
1097
+ # default version for the permission.
1098
+ #
1099
+ # If a customer managed permission has the maximum of 5 versions, then
1100
+ # you must delete at least one version before you can create another.
1101
+ #
1102
+ # @option params [required, String] :permission_arn
1103
+ # Specifies the [Amazon Resource Name (ARN)][1] of the permission with
1104
+ # the version you want to delete.
1105
+ #
1106
+ #
1107
+ #
1108
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1109
+ #
1110
+ # @option params [required, Integer] :permission_version
1111
+ # Specifies the version number to delete.
1112
+ #
1113
+ # You can't delete the default version for a customer managed
1114
+ # permission.
1115
+ #
1116
+ # You can't delete a version if it's the only version of the
1117
+ # permission. You must either first create another version, or delete
1118
+ # the permission completely.
1119
+ #
1120
+ # You can't delete a version if it is attached to any resource shares.
1121
+ # If the version is the default, you must first use
1122
+ # SetDefaultPermissionVersion to set a different version as the default
1123
+ # for the customer managed permission, and then use
1124
+ # AssociateResourceSharePermission to update your resource shares to use
1125
+ # the new default version.
1126
+ #
1127
+ # @option params [String] :client_token
1128
+ # Specifies a unique, case-sensitive identifier that you provide to
1129
+ # ensure the idempotency of the request. This lets you safely retry the
1130
+ # request without accidentally performing the same operation a second
1131
+ # time. Passing the same value to a later call to an operation requires
1132
+ # that you also pass the same value for all other parameters. We
1133
+ # recommend that you use a [UUID type of value.][1].
1134
+ #
1135
+ # If you don't provide this value, then Amazon Web Services generates a
1136
+ # random one for you.
1137
+ #
1138
+ # If you retry the operation with the same `ClientToken`, but with
1139
+ # different parameters, the retry fails with an
1140
+ # `IdempotentParameterMismatch` error.
1141
+ #
1142
+ #
1143
+ #
1144
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
1145
+ #
1146
+ # @return [Types::DeletePermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1147
+ #
1148
+ # * {Types::DeletePermissionVersionResponse#return_value #return_value} => Boolean
1149
+ # * {Types::DeletePermissionVersionResponse#client_token #client_token} => String
1150
+ # * {Types::DeletePermissionVersionResponse#permission_status #permission_status} => String
1151
+ #
1152
+ # @example Request syntax with placeholder values
1153
+ #
1154
+ # resp = client.delete_permission_version({
1155
+ # permission_arn: "String", # required
1156
+ # permission_version: 1, # required
1157
+ # client_token: "String",
1158
+ # })
1159
+ #
1160
+ # @example Response structure
1161
+ #
1162
+ # resp.return_value #=> Boolean
1163
+ # resp.client_token #=> String
1164
+ # resp.permission_status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
1165
+ #
1166
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/DeletePermissionVersion AWS API Documentation
1167
+ #
1168
+ # @overload delete_permission_version(params = {})
1169
+ # @param [Hash] params ({})
1170
+ def delete_permission_version(params = {}, options = {})
1171
+ req = build_request(:delete_permission_version, params)
1172
+ req.send_request(options)
1173
+ end
1174
+
1175
+ # Deletes the specified resource share.
1176
+ #
1177
+ # This doesn't delete any of the resources that were associated with
1178
+ # the resource share; it only stops the sharing of those resources
1179
+ # through this resource share.
786
1180
  #
787
1181
  # @option params [required, String] :resource_share_arn
788
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share to
1182
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
789
1183
  # delete.
790
1184
  #
791
1185
  #
@@ -803,6 +1197,10 @@ module Aws::RAM
803
1197
  # If you don't provide this value, then Amazon Web Services generates a
804
1198
  # random one for you.
805
1199
  #
1200
+ # If you retry the operation with the same `ClientToken`, but with
1201
+ # different parameters, the retry fails with an
1202
+ # `IdempotentParameterMismatch` error.
1203
+ #
806
1204
  #
807
1205
  #
808
1206
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -833,12 +1231,12 @@ module Aws::RAM
833
1231
  req.send_request(options)
834
1232
  end
835
1233
 
836
- # Disassociates the specified principals or resources from the specified
837
- # resource share.
1234
+ # Removes the specified principals or resources from participating in
1235
+ # the specified resource share.
838
1236
  #
839
1237
  # @option params [required, String] :resource_share_arn
840
- # Specifies [Amazon Resoure Name (ARN)][1] of the resource share that
841
- # you want to remove resources from.
1238
+ # Specifies [Amazon Resource Name (ARN)][1] of the resource share that
1239
+ # you want to remove resources or principals from.
842
1240
  #
843
1241
  #
844
1242
  #
@@ -848,7 +1246,7 @@ module Aws::RAM
848
1246
  # Specifies a list of [Amazon Resource Names (ARNs)][1] for one or more
849
1247
  # resources that you want to remove from the resource share. After the
850
1248
  # operation runs, these resources are no longer shared with principals
851
- # outside of the Amazon Web Services account that created the resources.
1249
+ # associated with the resource share.
852
1250
  #
853
1251
  #
854
1252
  #
@@ -862,7 +1260,7 @@ module Aws::RAM
862
1260
  #
863
1261
  # * An Amazon Web Services account ID, for example: `123456789012`
864
1262
  #
865
- # * An [Amazon Resoure Name (ARN)][1] of an organization in
1263
+ # * An [Amazon Resource Name (ARN)][1] of an organization in
866
1264
  # Organizations, for example:
867
1265
  # `organizations::123456789012:organization/o-exampleorgid`
868
1266
  #
@@ -896,6 +1294,10 @@ module Aws::RAM
896
1294
  # If you don't provide this value, then Amazon Web Services generates a
897
1295
  # random one for you.
898
1296
  #
1297
+ # If you retry the operation with the same `ClientToken`, but with
1298
+ # different parameters, the retry fails with an
1299
+ # `IdempotentParameterMismatch` error.
1300
+ #
899
1301
  #
900
1302
  #
901
1303
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -937,23 +1339,23 @@ module Aws::RAM
937
1339
  req.send_request(options)
938
1340
  end
939
1341
 
940
- # Disassociates an RAM permission from a resource share. Permission
941
- # changes take effect immediately. You can remove a RAM permission from
942
- # a resource share only if there are currently no resources of the
1342
+ # Removes a managed permission from a resource share. Permission changes
1343
+ # take effect immediately. You can remove a managed permission from a
1344
+ # resource share only if there are currently no resources of the
943
1345
  # relevant resource type currently attached to the resource share.
944
1346
  #
945
1347
  # @option params [required, String] :resource_share_arn
946
- # The [Amazon Resoure Name (ARN)][1] of the resource share from which
947
- # you want to disassociate a permission.
1348
+ # The [Amazon Resource Name (ARN)][1] of the resource share that you
1349
+ # want to remove the managed permission from.
948
1350
  #
949
1351
  #
950
1352
  #
951
1353
  # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
952
1354
  #
953
1355
  # @option params [required, String] :permission_arn
954
- # The [Amazon Resoure Name (ARN)][1] of the permission to disassociate
955
- # from the resource share. Changes to permissions take effect
956
- # immediately.
1356
+ # The [Amazon Resource Name (ARN)][1] of the managed permission to
1357
+ # disassociate from the resource share. Changes to permissions take
1358
+ # effect immediately.
957
1359
  #
958
1360
  #
959
1361
  #
@@ -970,6 +1372,10 @@ module Aws::RAM
970
1372
  # If you don't provide this value, then Amazon Web Services generates a
971
1373
  # random one for you.
972
1374
  #
1375
+ # If you retry the operation with the same `ClientToken`, but with
1376
+ # different parameters, the retry fails with an
1377
+ # `IdempotentParameterMismatch` error.
1378
+ #
973
1379
  #
974
1380
  #
975
1381
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -1002,15 +1408,18 @@ module Aws::RAM
1002
1408
  end
1003
1409
 
1004
1410
  # Enables resource sharing within your organization in Organizations.
1005
- # Calling this operation enables RAM to retrieve information about the
1006
- # organization and its structure. This lets you share resources with all
1007
- # of the accounts in an organization by specifying the organization's
1411
+ # This operation creates a service-linked role called
1412
+ # `AWSServiceRoleForResourceAccessManager` that has the IAM managed
1413
+ # policy named AWSResourceAccessManagerServiceRolePolicy attached. This
1414
+ # role permits RAM to retrieve information about the organization and
1415
+ # its structure. This lets you share resources with all of the accounts
1416
+ # in the calling account's organization by specifying the organization
1008
1417
  # ID, or all of the accounts in an organizational unit (OU) by
1009
- # specifying the OU's ID. Until you enable sharing within the
1418
+ # specifying the OU ID. Until you enable sharing within the
1010
1419
  # organization, you can specify only individual Amazon Web Services
1011
- # accounts, or for supported resource types, IAM users and roles.
1420
+ # accounts, or for supported resource types, IAM roles and users.
1012
1421
  #
1013
- # You must call this operation from an IAM user or role in the
1422
+ # You must call this operation from an IAM role or user in the
1014
1423
  # organization's management account.
1015
1424
  #
1016
1425
  # @return [Types::EnableSharingWithAwsOrganizationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -1030,10 +1439,10 @@ module Aws::RAM
1030
1439
  req.send_request(options)
1031
1440
  end
1032
1441
 
1033
- # Gets the contents of an RAM permission in JSON format.
1442
+ # Retrieves the contents of a managed permission in JSON format.
1034
1443
  #
1035
1444
  # @option params [required, String] :permission_arn
1036
- # Specifies the [Amazon Resoure Name (ARN)][1] of the permission whose
1445
+ # Specifies the [Amazon Resource Name (ARN)][1] of the permission whose
1037
1446
  # contents you want to retrieve. To find the ARN for a permission, use
1038
1447
  # either the ListPermissions operation or go to the [Permissions
1039
1448
  # library][2] page in the RAM console and then choose the name of the
@@ -1045,9 +1454,11 @@ module Aws::RAM
1045
1454
  # [2]: https://console.aws.amazon.com/ram/home#Permissions:
1046
1455
  #
1047
1456
  # @option params [Integer] :permission_version
1048
- # Specifies identifier for the version of the RAM permission to
1049
- # retrieve. If you don't specify this parameter, the operation
1050
- # retrieves the default version.
1457
+ # Specifies the version number of the RAM permission to retrieve. If you
1458
+ # don't specify this parameter, the operation retrieves the default
1459
+ # version.
1460
+ #
1461
+ # To see the list of available versions, use ListPermissionVersions.
1051
1462
  #
1052
1463
  # @return [Types::GetPermissionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1053
1464
  #
@@ -1071,6 +1482,12 @@ module Aws::RAM
1071
1482
  # resp.permission.creation_time #=> Time
1072
1483
  # resp.permission.last_updated_time #=> Time
1073
1484
  # resp.permission.is_resource_type_default #=> Boolean
1485
+ # resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
1486
+ # resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
1487
+ # resp.permission.status #=> String, one of "ATTACHABLE", "UNATTACHABLE", "DELETING", "DELETED"
1488
+ # resp.permission.tags #=> Array
1489
+ # resp.permission.tags[0].key #=> String
1490
+ # resp.permission.tags[0].value #=> String
1074
1491
  #
1075
1492
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/GetPermission AWS API Documentation
1076
1493
  #
@@ -1145,18 +1562,17 @@ module Aws::RAM
1145
1562
  req.send_request(options)
1146
1563
  end
1147
1564
 
1148
- # Retrieves the resource and principal associations for resource shares
1149
- # that you own.
1565
+ # Retrieves the lists of resources and principals that associated for
1566
+ # resource shares that you own.
1150
1567
  #
1151
1568
  # @option params [required, String] :association_type
1152
1569
  # Specifies whether you want to retrieve the associations that involve a
1153
1570
  # specified resource or principal.
1154
1571
  #
1155
- # * `PRINCIPAL` – list the principals that are associated with the
1156
- # specified resource share.
1572
+ # * `PRINCIPAL` – list the principals whose associations you want to
1573
+ # see.
1157
1574
  #
1158
- # * `RESOURCE` – list the resources that are associated with the
1159
- # specified resource share.
1575
+ # * `RESOURCE` – list the resources whose associations you want to see.
1160
1576
  #
1161
1577
  # @option params [Array<String>] :resource_share_arns
1162
1578
  # Specifies a list of [Amazon Resource Names (ARNs)][1] of the resource
@@ -1167,7 +1583,7 @@ module Aws::RAM
1167
1583
  # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1168
1584
  #
1169
1585
  # @option params [String] :resource_arn
1170
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource whose
1586
+ # Specifies the [Amazon Resource Name (ARN)][1] of a resource whose
1171
1587
  # resource shares you want to retrieve.
1172
1588
  #
1173
1589
  # You cannot specify this parameter if the association type is
@@ -1180,7 +1596,7 @@ module Aws::RAM
1180
1596
  # @option params [String] :principal
1181
1597
  # Specifies the ID of the principal whose resource shares you want to
1182
1598
  # retrieve. This can be an Amazon Web Services account ID, an
1183
- # organization ID, an organizational unit ID, or the [Amazon Resoure
1599
+ # organization ID, an organizational unit ID, or the [Amazon Resource
1184
1600
  # Name (ARN)][1] of an individual IAM user or role.
1185
1601
  #
1186
1602
  # You cannot specify this parameter if the association type is
@@ -1191,7 +1607,7 @@ module Aws::RAM
1191
1607
  # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1192
1608
  #
1193
1609
  # @option params [String] :association_status
1194
- # Specifies that you want to retrieve only associations with this
1610
+ # Specifies that you want to retrieve only associations that have this
1195
1611
  # status.
1196
1612
  #
1197
1613
  # @option params [String] :next_token
@@ -1396,13 +1812,17 @@ module Aws::RAM
1396
1812
  #
1397
1813
  # @option params [String] :permission_arn
1398
1814
  # Specifies that you want to retrieve details of only those resource
1399
- # shares that use the RAM permission with this [Amazon Resoure Name
1815
+ # shares that use the managed permission with this [Amazon Resource Name
1400
1816
  # (ARN)][1].
1401
1817
  #
1402
1818
  #
1403
1819
  #
1404
1820
  # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1405
1821
  #
1822
+ # @option params [Integer] :permission_version
1823
+ # Specifies that you want to retrieve details for only those resource
1824
+ # shares that use the specified version of the managed permission.
1825
+ #
1406
1826
  # @return [Types::GetResourceSharesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1407
1827
  #
1408
1828
  # * {Types::GetResourceSharesResponse#resource_shares #resource_shares} => Array&lt;Types::ResourceShare&gt;
@@ -1426,6 +1846,7 @@ module Aws::RAM
1426
1846
  # next_token: "String",
1427
1847
  # max_results: 1,
1428
1848
  # permission_arn: "String",
1849
+ # permission_version: 1,
1429
1850
  # })
1430
1851
  #
1431
1852
  # @example Response structure
@@ -1460,7 +1881,7 @@ module Aws::RAM
1460
1881
  # hasn't expired.
1461
1882
  #
1462
1883
  # @option params [required, String] :resource_share_invitation_arn
1463
- # Specifies the [Amazon Resoure Name (ARN)][1] of the invitation. You
1884
+ # Specifies the [Amazon Resource Name (ARN)][1] of the invitation. You
1464
1885
  # can use GetResourceShareInvitations to find the ARN of the invitation.
1465
1886
  #
1466
1887
  #
@@ -1540,10 +1961,111 @@ module Aws::RAM
1540
1961
  req.send_request(options)
1541
1962
  end
1542
1963
 
1964
+ # Lists information about the managed permission and its associations to
1965
+ # any resource shares that use this managed permission. This lets you
1966
+ # see which resource shares use which versions of the specified managed
1967
+ # permission.
1968
+ #
1969
+ # @option params [String] :permission_arn
1970
+ # Specifies the [Amazon Resource Name (ARN)][1] of the managed
1971
+ # permission.
1972
+ #
1973
+ #
1974
+ #
1975
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
1976
+ #
1977
+ # @option params [Integer] :permission_version
1978
+ # Specifies that you want to list only those associations with resource
1979
+ # shares that use this version of the managed permission. If you don't
1980
+ # provide a value for this parameter, then the operation returns
1981
+ # information about associations with resource shares that use any
1982
+ # version of the managed permission.
1983
+ #
1984
+ # @option params [String] :association_status
1985
+ # Specifies that you want to list only those associations with resource
1986
+ # shares that match this status.
1987
+ #
1988
+ # @option params [String] :resource_type
1989
+ # Specifies that you want to list only those associations with resource
1990
+ # shares that include at least one resource of this resource type.
1991
+ #
1992
+ # @option params [String] :feature_set
1993
+ # Specifies that you want to list only those associations with resource
1994
+ # shares that have a `featureSet` with this value.
1995
+ #
1996
+ # @option params [Boolean] :default_version
1997
+ # When `true`, specifies that you want to list only those associations
1998
+ # with resource shares that use the default version of the specified
1999
+ # managed permission.
2000
+ #
2001
+ # When `false` (the default value), lists associations with resource
2002
+ # shares that use any version of the specified managed permission.
2003
+ #
2004
+ # @option params [String] :next_token
2005
+ # Specifies that you want to receive the next page of results. Valid
2006
+ # only if you received a `NextToken` response in the previous request.
2007
+ # If you did, it indicates that more output is available. Set this
2008
+ # parameter to the value provided by the previous call's `NextToken`
2009
+ # response to request the next page of results.
2010
+ #
2011
+ # @option params [Integer] :max_results
2012
+ # Specifies the total number of results that you want included on each
2013
+ # page of the response. If you do not include this parameter, it
2014
+ # defaults to a value that is specific to the operation. If additional
2015
+ # items exist beyond the number you specify, the `NextToken` response
2016
+ # element is returned with a value (not null). Include the specified
2017
+ # value as the `NextToken` request parameter in the next call to the
2018
+ # operation to get the next part of the results. Note that the service
2019
+ # might return fewer results than the maximum even when there are more
2020
+ # results available. You should check `NextToken` after every operation
2021
+ # to ensure that you receive all of the results.
2022
+ #
2023
+ # @return [Types::ListPermissionAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2024
+ #
2025
+ # * {Types::ListPermissionAssociationsResponse#permissions #permissions} => Array&lt;Types::AssociatedPermission&gt;
2026
+ # * {Types::ListPermissionAssociationsResponse#next_token #next_token} => String
2027
+ #
2028
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2029
+ #
2030
+ # @example Request syntax with placeholder values
2031
+ #
2032
+ # resp = client.list_permission_associations({
2033
+ # permission_arn: "String",
2034
+ # permission_version: 1,
2035
+ # association_status: "ASSOCIATING", # accepts ASSOCIATING, ASSOCIATED, FAILED, DISASSOCIATING, DISASSOCIATED
2036
+ # resource_type: "String",
2037
+ # feature_set: "CREATED_FROM_POLICY", # accepts CREATED_FROM_POLICY, PROMOTING_TO_STANDARD, STANDARD
2038
+ # default_version: false,
2039
+ # next_token: "String",
2040
+ # max_results: 1,
2041
+ # })
2042
+ #
2043
+ # @example Response structure
2044
+ #
2045
+ # resp.permissions #=> Array
2046
+ # resp.permissions[0].arn #=> String
2047
+ # resp.permissions[0].permission_version #=> String
2048
+ # resp.permissions[0].default_version #=> Boolean
2049
+ # resp.permissions[0].resource_type #=> String
2050
+ # resp.permissions[0].status #=> String
2051
+ # resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
2052
+ # resp.permissions[0].last_updated_time #=> Time
2053
+ # resp.permissions[0].resource_share_arn #=> String
2054
+ # resp.next_token #=> String
2055
+ #
2056
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionAssociations AWS API Documentation
2057
+ #
2058
+ # @overload list_permission_associations(params = {})
2059
+ # @param [Hash] params ({})
2060
+ def list_permission_associations(params = {}, options = {})
2061
+ req = build_request(:list_permission_associations, params)
2062
+ req.send_request(options)
2063
+ end
2064
+
1543
2065
  # Lists the available versions of the specified RAM permission.
1544
2066
  #
1545
2067
  # @option params [required, String] :permission_arn
1546
- # Specifies the [Amazon Resoure Name (ARN)][1] of the RAM permission
2068
+ # Specifies the [Amazon Resource Name (ARN)][1] of the RAM permission
1547
2069
  # whose versions you want to list. You can use the `permissionVersion`
1548
2070
  # parameter on the AssociateResourceSharePermission operation to specify
1549
2071
  # a non-default version to attach.
@@ -1598,6 +2120,11 @@ module Aws::RAM
1598
2120
  # resp.permissions[0].creation_time #=> Time
1599
2121
  # resp.permissions[0].last_updated_time #=> Time
1600
2122
  # resp.permissions[0].is_resource_type_default #=> Boolean
2123
+ # resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
2124
+ # resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
2125
+ # resp.permissions[0].tags #=> Array
2126
+ # resp.permissions[0].tags[0].key #=> String
2127
+ # resp.permissions[0].tags[0].value #=> String
1601
2128
  # resp.next_token #=> String
1602
2129
  #
1603
2130
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissionVersions AWS API Documentation
@@ -1613,9 +2140,11 @@ module Aws::RAM
1613
2140
  # supported resource types.
1614
2141
  #
1615
2142
  # @option params [String] :resource_type
1616
- # Specifies that you want to list permissions for only the specified
1617
- # resource type. For example, to list only permissions that apply to EC2
1618
- # subnets, specify `ec2:Subnet`. You can use the ListResourceTypes
2143
+ # Specifies that you want to list only those permissions that apply to
2144
+ # the specified resource type. This parameter is not case sensitive.
2145
+ #
2146
+ # For example, to list only permissions that apply to Amazon EC2
2147
+ # subnets, specify `ec2:subnet`. You can use the ListResourceTypes
1619
2148
  # operation to get the specific string required.
1620
2149
  #
1621
2150
  # @option params [String] :next_token
@@ -1637,6 +2166,18 @@ module Aws::RAM
1637
2166
  # results available. You should check `NextToken` after every operation
1638
2167
  # to ensure that you receive all of the results.
1639
2168
  #
2169
+ # @option params [String] :permission_type
2170
+ # Specifies that you want to list only permissions of this type:
2171
+ #
2172
+ # * `AWS` – returns only Amazon Web Services managed permissions.
2173
+ #
2174
+ # * `LOCAL` – returns only customer managed permissions
2175
+ #
2176
+ # * `ALL` – returns both Amazon Web Services managed permissions and
2177
+ # customer managed permissions.
2178
+ #
2179
+ # If you don't specify this parameter, the default is `All`.
2180
+ #
1640
2181
  # @return [Types::ListPermissionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1641
2182
  #
1642
2183
  # * {Types::ListPermissionsResponse#permissions #permissions} => Array&lt;Types::ResourceSharePermissionSummary&gt;
@@ -1650,6 +2191,7 @@ module Aws::RAM
1650
2191
  # resource_type: "String",
1651
2192
  # next_token: "String",
1652
2193
  # max_results: 1,
2194
+ # permission_type: "ALL", # accepts ALL, AWS_MANAGED, CUSTOMER_MANAGED
1653
2195
  # })
1654
2196
  #
1655
2197
  # @example Response structure
@@ -1664,6 +2206,11 @@ module Aws::RAM
1664
2206
  # resp.permissions[0].creation_time #=> Time
1665
2207
  # resp.permissions[0].last_updated_time #=> Time
1666
2208
  # resp.permissions[0].is_resource_type_default #=> Boolean
2209
+ # resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
2210
+ # resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
2211
+ # resp.permissions[0].tags #=> Array
2212
+ # resp.permissions[0].tags[0].key #=> String
2213
+ # resp.permissions[0].tags[0].value #=> String
1667
2214
  # resp.next_token #=> String
1668
2215
  #
1669
2216
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListPermissions AWS API Documentation
@@ -1690,7 +2237,7 @@ module Aws::RAM
1690
2237
  #
1691
2238
  # @option params [String] :resource_arn
1692
2239
  # Specifies that you want to list principal information for the resource
1693
- # share with the specified [Amazon Resoure Name (ARN)][1].
2240
+ # share with the specified [Amazon Resource Name (ARN)][1].
1694
2241
  #
1695
2242
  #
1696
2243
  #
@@ -1704,7 +2251,7 @@ module Aws::RAM
1704
2251
  #
1705
2252
  # * An Amazon Web Services account ID, for example: `123456789012`
1706
2253
  #
1707
- # * An [Amazon Resoure Name (ARN)][1] of an organization in
2254
+ # * An [Amazon Resource Name (ARN)][1] of an organization in
1708
2255
  # Organizations, for example:
1709
2256
  # `organizations::123456789012:organization/o-exampleorgid`
1710
2257
  #
@@ -1800,11 +2347,81 @@ module Aws::RAM
1800
2347
  req.send_request(options)
1801
2348
  end
1802
2349
 
2350
+ # Retrieves the current status of the asynchronous tasks performed by
2351
+ # RAM when you perform the ReplacePermissionAssociationsWork operation.
2352
+ #
2353
+ # @option params [Array<String>] :work_ids
2354
+ # A list of IDs. These values come from the `id`field of the
2355
+ # `replacePermissionAssociationsWork`structure returned by the
2356
+ # ReplacePermissionAssociations operation.
2357
+ #
2358
+ # @option params [String] :status
2359
+ # Specifies that you want to see only the details about requests with a
2360
+ # status that matches this value.
2361
+ #
2362
+ # @option params [String] :next_token
2363
+ # Specifies that you want to receive the next page of results. Valid
2364
+ # only if you received a `NextToken` response in the previous request.
2365
+ # If you did, it indicates that more output is available. Set this
2366
+ # parameter to the value provided by the previous call's `NextToken`
2367
+ # response to request the next page of results.
2368
+ #
2369
+ # @option params [Integer] :max_results
2370
+ # Specifies the total number of results that you want included on each
2371
+ # page of the response. If you do not include this parameter, it
2372
+ # defaults to a value that is specific to the operation. If additional
2373
+ # items exist beyond the number you specify, the `NextToken` response
2374
+ # element is returned with a value (not null). Include the specified
2375
+ # value as the `NextToken` request parameter in the next call to the
2376
+ # operation to get the next part of the results. Note that the service
2377
+ # might return fewer results than the maximum even when there are more
2378
+ # results available. You should check `NextToken` after every operation
2379
+ # to ensure that you receive all of the results.
2380
+ #
2381
+ # @return [Types::ListReplacePermissionAssociationsWorkResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2382
+ #
2383
+ # * {Types::ListReplacePermissionAssociationsWorkResponse#replace_permission_associations_works #replace_permission_associations_works} => Array&lt;Types::ReplacePermissionAssociationsWork&gt;
2384
+ # * {Types::ListReplacePermissionAssociationsWorkResponse#next_token #next_token} => String
2385
+ #
2386
+ # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
2387
+ #
2388
+ # @example Request syntax with placeholder values
2389
+ #
2390
+ # resp = client.list_replace_permission_associations_work({
2391
+ # work_ids: ["String"],
2392
+ # status: "IN_PROGRESS", # accepts IN_PROGRESS, COMPLETED, FAILED
2393
+ # next_token: "String",
2394
+ # max_results: 1,
2395
+ # })
2396
+ #
2397
+ # @example Response structure
2398
+ #
2399
+ # resp.replace_permission_associations_works #=> Array
2400
+ # resp.replace_permission_associations_works[0].id #=> String
2401
+ # resp.replace_permission_associations_works[0].from_permission_arn #=> String
2402
+ # resp.replace_permission_associations_works[0].from_permission_version #=> String
2403
+ # resp.replace_permission_associations_works[0].to_permission_arn #=> String
2404
+ # resp.replace_permission_associations_works[0].to_permission_version #=> String
2405
+ # resp.replace_permission_associations_works[0].status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
2406
+ # resp.replace_permission_associations_works[0].status_message #=> String
2407
+ # resp.replace_permission_associations_works[0].creation_time #=> Time
2408
+ # resp.replace_permission_associations_works[0].last_updated_time #=> Time
2409
+ # resp.next_token #=> String
2410
+ #
2411
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListReplacePermissionAssociationsWork AWS API Documentation
2412
+ #
2413
+ # @overload list_replace_permission_associations_work(params = {})
2414
+ # @param [Hash] params ({})
2415
+ def list_replace_permission_associations_work(params = {}, options = {})
2416
+ req = build_request(:list_replace_permission_associations_work, params)
2417
+ req.send_request(options)
2418
+ end
2419
+
1803
2420
  # Lists the RAM permissions that are associated with a resource share.
1804
2421
  #
1805
2422
  # @option params [required, String] :resource_share_arn
1806
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share for
1807
- # which you want to retrieve the associated permissions.
2423
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share
2424
+ # for which you want to retrieve the associated permissions.
1808
2425
  #
1809
2426
  #
1810
2427
  #
@@ -1856,6 +2473,11 @@ module Aws::RAM
1856
2473
  # resp.permissions[0].creation_time #=> Time
1857
2474
  # resp.permissions[0].last_updated_time #=> Time
1858
2475
  # resp.permissions[0].is_resource_type_default #=> Boolean
2476
+ # resp.permissions[0].permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
2477
+ # resp.permissions[0].feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
2478
+ # resp.permissions[0].tags #=> Array
2479
+ # resp.permissions[0].tags[0].key #=> String
2480
+ # resp.permissions[0].tags[0].value #=> String
1859
2481
  # resp.next_token #=> String
1860
2482
  #
1861
2483
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ListResourceSharePermissions AWS API Documentation
@@ -2051,18 +2673,135 @@ module Aws::RAM
2051
2673
  req.send_request(options)
2052
2674
  end
2053
2675
 
2054
- # When you attach a resource-based permission policy to a resource, it
2055
- # automatically creates a resource share. However, resource shares
2056
- # created this way are visible only to the resource share owner, and the
2057
- # resource share can't be modified in RAM.
2676
+ # When you attach a resource-based policy to a resource, RAM
2677
+ # automatically creates a resource share of
2678
+ # `featureSet`=`CREATED_FROM_POLICY` with a managed permission that has
2679
+ # the same IAM permissions as the original resource-based policy.
2680
+ # However, this type of managed permission is visible to only the
2681
+ # resource share owner, and the associated resource share can't be
2682
+ # modified by using RAM.
2683
+ #
2684
+ # This operation creates a separate, fully manageable customer managed
2685
+ # permission that has the same IAM permissions as the original
2686
+ # resource-based policy. You can associate this customer managed
2687
+ # permission to any resource shares.
2688
+ #
2689
+ # Before you use PromoteResourceShareCreatedFromPolicy, you should first
2690
+ # run this operation to ensure that you have an appropriate customer
2691
+ # managed permission that can be associated with the promoted resource
2692
+ # share.
2693
+ #
2694
+ # <note markdown="1"> * The original `CREATED_FROM_POLICY` policy isn't deleted, and
2695
+ # resource shares using that original policy aren't automatically
2696
+ # updated.
2697
+ #
2698
+ # * You can't modify a `CREATED_FROM_POLICY` resource share so you
2699
+ # can't associate the new customer managed permission by using
2700
+ # `ReplacePermsissionAssociations`. However, if you use
2701
+ # PromoteResourceShareCreatedFromPolicy, that operation automatically
2702
+ # associates the fully manageable customer managed permission to the
2703
+ # newly promoted `STANDARD` resource share.
2704
+ #
2705
+ # * After you promote a resource share, if the original
2706
+ # `CREATED_FROM_POLICY` managed permission has no other associations
2707
+ # to A resource share, then RAM automatically deletes it.
2708
+ #
2709
+ # </note>
2710
+ #
2711
+ # @option params [required, String] :permission_arn
2712
+ # Specifies the [Amazon Resource Name (ARN)][1] of the
2713
+ # `CREATED_FROM_POLICY` permission that you want to promote. You can get
2714
+ # this [Amazon Resource Name (ARN)][1] by calling the
2715
+ # ListResourceSharePermissions operation.
2716
+ #
2717
+ #
2718
+ #
2719
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
2720
+ #
2721
+ # @option params [required, String] :name
2722
+ # Specifies a name for the promoted customer managed permission.
2723
+ #
2724
+ # @option params [String] :client_token
2725
+ # Specifies a unique, case-sensitive identifier that you provide to
2726
+ # ensure the idempotency of the request. This lets you safely retry the
2727
+ # request without accidentally performing the same operation a second
2728
+ # time. Passing the same value to a later call to an operation requires
2729
+ # that you also pass the same value for all other parameters. We
2730
+ # recommend that you use a [UUID type of value.][1].
2731
+ #
2732
+ # If you don't provide this value, then Amazon Web Services generates a
2733
+ # random one for you.
2734
+ #
2735
+ # If you retry the operation with the same `ClientToken`, but with
2736
+ # different parameters, the retry fails with an
2737
+ # `IdempotentParameterMismatch` error.
2738
+ #
2739
+ #
2740
+ #
2741
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
2742
+ #
2743
+ # @return [Types::PromotePermissionCreatedFromPolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2744
+ #
2745
+ # * {Types::PromotePermissionCreatedFromPolicyResponse#permission #permission} => Types::ResourceSharePermissionSummary
2746
+ # * {Types::PromotePermissionCreatedFromPolicyResponse#client_token #client_token} => String
2747
+ #
2748
+ # @example Request syntax with placeholder values
2749
+ #
2750
+ # resp = client.promote_permission_created_from_policy({
2751
+ # permission_arn: "String", # required
2752
+ # name: "String", # required
2753
+ # client_token: "String",
2754
+ # })
2755
+ #
2756
+ # @example Response structure
2058
2757
  #
2059
- # You can use this operation to promote the resource share to a full RAM
2060
- # resource share. When you promote a resource share, you can then manage
2061
- # the resource share in RAM and it becomes visible to all of the
2062
- # principals you shared it with.
2758
+ # resp.permission.arn #=> String
2759
+ # resp.permission.version #=> String
2760
+ # resp.permission.default_version #=> Boolean
2761
+ # resp.permission.name #=> String
2762
+ # resp.permission.resource_type #=> String
2763
+ # resp.permission.status #=> String
2764
+ # resp.permission.creation_time #=> Time
2765
+ # resp.permission.last_updated_time #=> Time
2766
+ # resp.permission.is_resource_type_default #=> Boolean
2767
+ # resp.permission.permission_type #=> String, one of "CUSTOMER_MANAGED", "AWS_MANAGED"
2768
+ # resp.permission.feature_set #=> String, one of "CREATED_FROM_POLICY", "PROMOTING_TO_STANDARD", "STANDARD"
2769
+ # resp.permission.tags #=> Array
2770
+ # resp.permission.tags[0].key #=> String
2771
+ # resp.permission.tags[0].value #=> String
2772
+ # resp.client_token #=> String
2773
+ #
2774
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/PromotePermissionCreatedFromPolicy AWS API Documentation
2775
+ #
2776
+ # @overload promote_permission_created_from_policy(params = {})
2777
+ # @param [Hash] params ({})
2778
+ def promote_permission_created_from_policy(params = {}, options = {})
2779
+ req = build_request(:promote_permission_created_from_policy, params)
2780
+ req.send_request(options)
2781
+ end
2782
+
2783
+ # When you attach a resource-based policy to a resource, RAM
2784
+ # automatically creates a resource share of
2785
+ # `featureSet`=`CREATED_FROM_POLICY` with a managed permission that has
2786
+ # the same IAM permissions as the original resource-based policy.
2787
+ # However, this type of managed permission is visible to only the
2788
+ # resource share owner, and the associated resource share can't be
2789
+ # modified by using RAM.
2790
+ #
2791
+ # This operation promotes the resource share to a `STANDARD` resource
2792
+ # share that is fully manageable in RAM. When you promote a resource
2793
+ # share, you can then manage the resource share in RAM and it becomes
2794
+ # visible to all of the principals you shared it with.
2795
+ #
2796
+ # Before you perform this operation, you should first run
2797
+ # PromotePermissionCreatedFromPolicyto ensure that you have an
2798
+ # appropriate customer managed permission that can be associated with
2799
+ # this resource share after its is promoted. If this operation can't
2800
+ # find a managed permission that exactly matches the existing
2801
+ # `CREATED_FROM_POLICY` permission, then this operation fails.
2063
2802
  #
2064
2803
  # @option params [required, String] :resource_share_arn
2065
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share to
2804
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share to
2066
2805
  # promote.
2067
2806
  #
2068
2807
  #
@@ -2096,7 +2835,7 @@ module Aws::RAM
2096
2835
  # Services account.
2097
2836
  #
2098
2837
  # @option params [required, String] :resource_share_invitation_arn
2099
- # Specifies the [Amazon Resoure Name (ARN)][1] of the invitation that
2838
+ # Specifies the [Amazon Resource Name (ARN)][1] of the invitation that
2100
2839
  # you want to reject.
2101
2840
  #
2102
2841
  #
@@ -2114,6 +2853,10 @@ module Aws::RAM
2114
2853
  # If you don't provide this value, then Amazon Web Services generates a
2115
2854
  # random one for you.
2116
2855
  #
2856
+ # If you retry the operation with the same `ClientToken`, but with
2857
+ # different parameters, the retry fails with an
2858
+ # `IdempotentParameterMismatch` error.
2859
+ #
2117
2860
  #
2118
2861
  #
2119
2862
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -2161,13 +2904,178 @@ module Aws::RAM
2161
2904
  req.send_request(options)
2162
2905
  end
2163
2906
 
2164
- # Adds the specified tag keys and values to the specified resource
2165
- # share. The tags are attached only to the resource share, not to the
2166
- # resources that are in the resource share.
2907
+ # Updates all resource shares that use a managed permission to a
2908
+ # different managed permission. This operation always applies the
2909
+ # default version of the target managed permission. You can optionally
2910
+ # specify that the update applies to only resource shares that currently
2911
+ # use a specified version. This enables you to update to the latest
2912
+ # version, without changing the which managed permission is used.
2167
2913
  #
2168
- # @option params [required, String] :resource_share_arn
2169
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share
2170
- # that you want to add tags to.
2914
+ # You can use this operation to update all of your resource shares to
2915
+ # use the current default version of the permission by specifying the
2916
+ # same value for the `fromPermissionArn` and `toPermissionArn`
2917
+ # parameters.
2918
+ #
2919
+ # You can use the optional `fromPermissionVersion` parameter to update
2920
+ # only those resources that use a specified version of the managed
2921
+ # permission to the new managed permission.
2922
+ #
2923
+ # To successfully perform this operation, you must have permission to
2924
+ # update the resource-based policy on all affected resource types.
2925
+ #
2926
+ # @option params [required, String] :from_permission_arn
2927
+ # Specifies the [Amazon Resource Name (ARN)][1] of the managed
2928
+ # permission that you want to replace.
2929
+ #
2930
+ #
2931
+ #
2932
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
2933
+ #
2934
+ # @option params [Integer] :from_permission_version
2935
+ # Specifies that you want to updated the permissions for only those
2936
+ # resource shares that use the specified version of the managed
2937
+ # permission.
2938
+ #
2939
+ # @option params [required, String] :to_permission_arn
2940
+ # Specifies the ARN of the managed permission that you want to associate
2941
+ # with resource shares in place of the one specified by
2942
+ # `fromPerssionArn` and `fromPermissionVersion`.
2943
+ #
2944
+ # The operation always associates the version that is currently the
2945
+ # default for the specified managed permission.
2946
+ #
2947
+ # @option params [String] :client_token
2948
+ # Specifies a unique, case-sensitive identifier that you provide to
2949
+ # ensure the idempotency of the request. This lets you safely retry the
2950
+ # request without accidentally performing the same operation a second
2951
+ # time. Passing the same value to a later call to an operation requires
2952
+ # that you also pass the same value for all other parameters. We
2953
+ # recommend that you use a [UUID type of value.][1].
2954
+ #
2955
+ # If you don't provide this value, then Amazon Web Services generates a
2956
+ # random one for you.
2957
+ #
2958
+ # If you retry the operation with the same `ClientToken`, but with
2959
+ # different parameters, the retry fails with an
2960
+ # `IdempotentParameterMismatch` error.
2961
+ #
2962
+ #
2963
+ #
2964
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
2965
+ #
2966
+ # @return [Types::ReplacePermissionAssociationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2967
+ #
2968
+ # * {Types::ReplacePermissionAssociationsResponse#replace_permission_associations_work #replace_permission_associations_work} => Types::ReplacePermissionAssociationsWork
2969
+ # * {Types::ReplacePermissionAssociationsResponse#client_token #client_token} => String
2970
+ #
2971
+ # @example Request syntax with placeholder values
2972
+ #
2973
+ # resp = client.replace_permission_associations({
2974
+ # from_permission_arn: "String", # required
2975
+ # from_permission_version: 1,
2976
+ # to_permission_arn: "String", # required
2977
+ # client_token: "String",
2978
+ # })
2979
+ #
2980
+ # @example Response structure
2981
+ #
2982
+ # resp.replace_permission_associations_work.id #=> String
2983
+ # resp.replace_permission_associations_work.from_permission_arn #=> String
2984
+ # resp.replace_permission_associations_work.from_permission_version #=> String
2985
+ # resp.replace_permission_associations_work.to_permission_arn #=> String
2986
+ # resp.replace_permission_associations_work.to_permission_version #=> String
2987
+ # resp.replace_permission_associations_work.status #=> String, one of "IN_PROGRESS", "COMPLETED", "FAILED"
2988
+ # resp.replace_permission_associations_work.status_message #=> String
2989
+ # resp.replace_permission_associations_work.creation_time #=> Time
2990
+ # resp.replace_permission_associations_work.last_updated_time #=> Time
2991
+ # resp.client_token #=> String
2992
+ #
2993
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/ReplacePermissionAssociations AWS API Documentation
2994
+ #
2995
+ # @overload replace_permission_associations(params = {})
2996
+ # @param [Hash] params ({})
2997
+ def replace_permission_associations(params = {}, options = {})
2998
+ req = build_request(:replace_permission_associations, params)
2999
+ req.send_request(options)
3000
+ end
3001
+
3002
+ # Designates the specified version number as the default version for the
3003
+ # specified customer managed permission. New resource shares
3004
+ # automatically use this new default permission. Existing resource
3005
+ # shares continue to use their original permission version, but you can
3006
+ # use ReplacePermissionAssociations to update them.
3007
+ #
3008
+ # @option params [required, String] :permission_arn
3009
+ # Specifies the [Amazon Resource Name (ARN)][1] of the customer managed
3010
+ # permission whose default version you want to change.
3011
+ #
3012
+ #
3013
+ #
3014
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
3015
+ #
3016
+ # @option params [required, Integer] :permission_version
3017
+ # Specifies the version number that you want to designate as the default
3018
+ # for customer managed permission. To see a list of all available
3019
+ # version numbers, use ListPermissionVersions.
3020
+ #
3021
+ # @option params [String] :client_token
3022
+ # Specifies a unique, case-sensitive identifier that you provide to
3023
+ # ensure the idempotency of the request. This lets you safely retry the
3024
+ # request without accidentally performing the same operation a second
3025
+ # time. Passing the same value to a later call to an operation requires
3026
+ # that you also pass the same value for all other parameters. We
3027
+ # recommend that you use a [UUID type of value.][1].
3028
+ #
3029
+ # If you don't provide this value, then Amazon Web Services generates a
3030
+ # random one for you.
3031
+ #
3032
+ # If you retry the operation with the same `ClientToken`, but with
3033
+ # different parameters, the retry fails with an
3034
+ # `IdempotentParameterMismatch` error.
3035
+ #
3036
+ #
3037
+ #
3038
+ # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
3039
+ #
3040
+ # @return [Types::SetDefaultPermissionVersionResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3041
+ #
3042
+ # * {Types::SetDefaultPermissionVersionResponse#return_value #return_value} => Boolean
3043
+ # * {Types::SetDefaultPermissionVersionResponse#client_token #client_token} => String
3044
+ #
3045
+ # @example Request syntax with placeholder values
3046
+ #
3047
+ # resp = client.set_default_permission_version({
3048
+ # permission_arn: "String", # required
3049
+ # permission_version: 1, # required
3050
+ # client_token: "String",
3051
+ # })
3052
+ #
3053
+ # @example Response structure
3054
+ #
3055
+ # resp.return_value #=> Boolean
3056
+ # resp.client_token #=> String
3057
+ #
3058
+ # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/SetDefaultPermissionVersion AWS API Documentation
3059
+ #
3060
+ # @overload set_default_permission_version(params = {})
3061
+ # @param [Hash] params ({})
3062
+ def set_default_permission_version(params = {}, options = {})
3063
+ req = build_request(:set_default_permission_version, params)
3064
+ req.send_request(options)
3065
+ end
3066
+
3067
+ # Adds the specified tag keys and values to a resource share or managed
3068
+ # permission. If you choose a resource share, the tags are attached to
3069
+ # only the resource share, not to the resources that are in the resource
3070
+ # share.
3071
+ #
3072
+ # The tags on a managed permission are the same for all versions of the
3073
+ # managed permission.
3074
+ #
3075
+ # @option params [String] :resource_share_arn
3076
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share
3077
+ # that you want to add tags to. You must specify *either*
3078
+ # `resourceShareArn`, or `resourceArn`, but not both.
2171
3079
  #
2172
3080
  #
2173
3081
  #
@@ -2178,18 +3086,28 @@ module Aws::RAM
2178
3086
  # present and not be an empty string. The tag value must be present but
2179
3087
  # can be an empty string.
2180
3088
  #
3089
+ # @option params [String] :resource_arn
3090
+ # Specifies the [Amazon Resource Name (ARN)][1] of the managed
3091
+ # permission that you want to add tags to. You must specify *either*
3092
+ # `resourceArn`, or `resourceShareArn`, but not both.
3093
+ #
3094
+ #
3095
+ #
3096
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
3097
+ #
2181
3098
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2182
3099
  #
2183
3100
  # @example Request syntax with placeholder values
2184
3101
  #
2185
3102
  # resp = client.tag_resource({
2186
- # resource_share_arn: "String", # required
3103
+ # resource_share_arn: "String",
2187
3104
  # tags: [ # required
2188
3105
  # {
2189
3106
  # key: "TagKey",
2190
3107
  # value: "TagValue",
2191
3108
  # },
2192
3109
  # ],
3110
+ # resource_arn: "String",
2193
3111
  # })
2194
3112
  #
2195
3113
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/TagResource AWS API Documentation
@@ -2202,12 +3120,13 @@ module Aws::RAM
2202
3120
  end
2203
3121
 
2204
3122
  # Removes the specified tag key and value pairs from the specified
2205
- # resource share.
3123
+ # resource share or managed permission.
2206
3124
  #
2207
- # @option params [required, String] :resource_share_arn
2208
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share
3125
+ # @option params [String] :resource_share_arn
3126
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share
2209
3127
  # that you want to remove tags from. The tags are removed from the
2210
- # resource share, not the resources in the resource share.
3128
+ # resource share, not the resources in the resource share. You must
3129
+ # specify either `resourceShareArn`, or `resourceArn`, but not both.
2211
3130
  #
2212
3131
  #
2213
3132
  #
@@ -2216,13 +3135,23 @@ module Aws::RAM
2216
3135
  # @option params [required, Array<String>] :tag_keys
2217
3136
  # Specifies a list of one or more tag keys that you want to remove.
2218
3137
  #
3138
+ # @option params [String] :resource_arn
3139
+ # Specifies the [Amazon Resource Name (ARN)][1] of the managed
3140
+ # permission that you want to remove tags from. You must specify either
3141
+ # `resourceArn`, or `resourceShareArn`, but not both.
3142
+ #
3143
+ #
3144
+ #
3145
+ # [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
3146
+ #
2219
3147
  # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
2220
3148
  #
2221
3149
  # @example Request syntax with placeholder values
2222
3150
  #
2223
3151
  # resp = client.untag_resource({
2224
- # resource_share_arn: "String", # required
3152
+ # resource_share_arn: "String",
2225
3153
  # tag_keys: ["TagKey"], # required
3154
+ # resource_arn: "String",
2226
3155
  # })
2227
3156
  #
2228
3157
  # @see http://docs.aws.amazon.com/goto/WebAPI/ram-2018-01-04/UntagResource AWS API Documentation
@@ -2237,7 +3166,7 @@ module Aws::RAM
2237
3166
  # Modifies some of the properties of the specified resource share.
2238
3167
  #
2239
3168
  # @option params [required, String] :resource_share_arn
2240
- # Specifies the [Amazon Resoure Name (ARN)][1] of the resource share
3169
+ # Specifies the [Amazon Resource Name (ARN)][1] of the resource share
2241
3170
  # that you want to modify.
2242
3171
  #
2243
3172
  #
@@ -2263,6 +3192,10 @@ module Aws::RAM
2263
3192
  # If you don't provide this value, then Amazon Web Services generates a
2264
3193
  # random one for you.
2265
3194
  #
3195
+ # If you retry the operation with the same `ClientToken`, but with
3196
+ # different parameters, the retry fails with an
3197
+ # `IdempotentParameterMismatch` error.
3198
+ #
2266
3199
  #
2267
3200
  #
2268
3201
  # [1]: https://wikipedia.org/wiki/Universally_unique_identifier
@@ -2319,7 +3252,7 @@ module Aws::RAM
2319
3252
  params: params,
2320
3253
  config: config)
2321
3254
  context[:gem_name] = 'aws-sdk-ram'
2322
- context[:gem_version] = '1.41.0'
3255
+ context[:gem_version] = '1.43.0'
2323
3256
  Seahorse::Client::Request.new(handlers, context)
2324
3257
  end
2325
3258