aws-sdk-secretsmanager 1.44.0 → 1.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f6c6bad2a4b036843ccfb62a2cea8ff975b750c8cd56766f0d65725a94b46973
4
- data.tar.gz: c02d2eec7eae4d148ad53d3ac38d9a1b0ad3838750970ab6e550ad7283fdd1e5
3
+ metadata.gz: d846c13bffe56b68cf541256000b48cc80ae134843af7263c7742e7bdfbaf2b7
4
+ data.tar.gz: 3d8dfc8bfb52906c7af56b69e3f6f71908db55658b68c01c17ce3a0c08744f2b
5
5
  SHA512:
6
- metadata.gz: 473a87bcc8e159d67c76f2a52ac189490c145e5397d6f7c6ea434dd43373364bd71c5f03b36bf78a15ddccd2090533b96f935fbd6eccaf480ad891b623367bb3
7
- data.tar.gz: 2589fc010c099183aacc676f7844b3bdcd412769f614b1ab3eb5359368585c6c877efb8640798335ff5a9ad0d9fa08739c8a50e8e8ee037678d20af22e7947d5
6
+ metadata.gz: fc9fb09b8111bab8e4a69f57dd24213feadee71f931ce288ccfae967383125995ef3977855603e659238d671d9b3cc7407ae47fe3547369afbba5bef511aa63f
7
+ data.tar.gz: c2abdb72a7948aa4fee2f32821c1da57debe4e824cf6e613ec786da6aff60500c650fa8a5e4081cefc637a7d7d1de213a3b65a15bce7e82b99c4a78962b4d9bc
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
48
48
  # @!group service
49
49
  module Aws::SecretsManager
50
50
 
51
- GEM_VERSION = '1.44.0'
51
+ GEM_VERSION = '1.45.0'
52
52
 
53
53
  end
@@ -584,7 +584,7 @@ module Aws::SecretsManager
584
584
  #
585
585
  # * If a version with this value already exists and that version's
586
586
  # `SecretString` and `SecretBinary` values are different from those in
587
- # the request then the request fails because you cannot modify an
587
+ # the request, then the request fails because you cannot modify an
588
588
  # existing version. Instead, use PutSecretValue to create a new
589
589
  # version.
590
590
  #
@@ -714,11 +714,21 @@ module Aws::SecretsManager
714
714
  #
715
715
  # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
716
716
  #
717
+ # @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
718
+ # (Optional) Add a list of regions to replicate secrets. Secrets Manager
719
+ # replicates the KMSKeyID objects to the list of regions specified in
720
+ # the parameter.
721
+ #
722
+ # @option params [Boolean] :force_overwrite_replica_secret
723
+ # (Optional) If set, the replication overwrites a secret with the same
724
+ # name in the destination region.
725
+ #
717
726
  # @return [Types::CreateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
718
727
  #
719
728
  # * {Types::CreateSecretResponse#arn #arn} => String
720
729
  # * {Types::CreateSecretResponse#name #name} => String
721
730
  # * {Types::CreateSecretResponse#version_id #version_id} => String
731
+ # * {Types::CreateSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
722
732
  #
723
733
  #
724
734
  # @example Example: To create a basic secret
@@ -755,6 +765,13 @@ module Aws::SecretsManager
755
765
  # value: "TagValueType",
756
766
  # },
757
767
  # ],
768
+ # add_replica_regions: [
769
+ # {
770
+ # region: "RegionType",
771
+ # kms_key_id: "KmsKeyIdType",
772
+ # },
773
+ # ],
774
+ # force_overwrite_replica_secret: false,
758
775
  # })
759
776
  #
760
777
  # @example Response structure
@@ -762,6 +779,12 @@ module Aws::SecretsManager
762
779
  # resp.arn #=> String
763
780
  # resp.name #=> String
764
781
  # resp.version_id #=> String
782
+ # resp.replication_status #=> Array
783
+ # resp.replication_status[0].region #=> String
784
+ # resp.replication_status[0].kms_key_id #=> String
785
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
786
+ # resp.replication_status[0].status_message #=> String
787
+ # resp.replication_status[0].last_accessed_date #=> Time
765
788
  #
766
789
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret AWS API Documentation
767
790
  #
@@ -786,8 +809,8 @@ module Aws::SecretsManager
786
809
  #
787
810
  # * To attach a resource policy to a secret, use PutResourcePolicy.
788
811
  #
789
- # * To retrieve the current resource-based policy that's attached to a
790
- # secret, use GetResourcePolicy.
812
+ # * To retrieve the current resource-based policy attached to a secret,
813
+ # use GetResourcePolicy.
791
814
  #
792
815
  # * To list all of the currently available secrets, use ListSecrets.
793
816
  #
@@ -857,7 +880,7 @@ module Aws::SecretsManager
857
880
  req.send_request(options)
858
881
  end
859
882
 
860
- # Deletes an entire secret and all of its versions. You can optionally
883
+ # Deletes an entire secret and all of the versions. You can optionally
861
884
  # include a recovery window during which you can restore the secret. If
862
885
  # you don't specify a recovery window value, the operation defaults to
863
886
  # 30 days. Secrets Manager attaches a `DeletionDate` stamp to the secret
@@ -867,17 +890,17 @@ module Aws::SecretsManager
867
890
  # At any time before recovery window ends, you can use RestoreSecret to
868
891
  # remove the `DeletionDate` and cancel the deletion of the secret.
869
892
  #
870
- # You cannot access the encrypted secret information in any secret that
871
- # is scheduled for deletion. If you need to access that information, you
893
+ # You cannot access the encrypted secret information in any secret
894
+ # scheduled for deletion. If you need to access that information, you
872
895
  # must cancel the deletion with RestoreSecret and then retrieve the
873
896
  # information.
874
897
  #
875
898
  # <note markdown="1"> * There is no explicit operation to delete a version of a secret.
876
899
  # Instead, remove all staging labels from the `VersionStage` field of
877
900
  # a version. That marks the version as deprecated and allows Secrets
878
- # Manager to delete it as needed. Versions that do not have any
879
- # staging labels do not show up in ListSecretVersionIds unless you
880
- # specify `IncludeDeprecated`.
901
+ # Manager to delete it as needed. Versions without any staging labels
902
+ # do not show up in ListSecretVersionIds unless you specify
903
+ # `IncludeDeprecated`.
881
904
  #
882
905
  # * The permanent secret deletion at the end of the waiting period is
883
906
  # performed as a background task with low priority. There is no
@@ -902,8 +925,8 @@ module Aws::SecretsManager
902
925
  # window has expired, use RestoreSecret.
903
926
  #
904
927
  # @option params [required, String] :secret_id
905
- # Specifies the secret that you want to delete. You can specify either
906
- # the Amazon Resource Name (ARN) or the friendly name of the secret.
928
+ # Specifies the secret to delete. You can specify either the Amazon
929
+ # Resource Name (ARN) or the friendly name of the secret.
907
930
  #
908
931
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
909
932
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -928,10 +951,11 @@ module Aws::SecretsManager
928
951
  #
929
952
  # @option params [Integer] :recovery_window_in_days
930
953
  # (Optional) Specifies the number of days that Secrets Manager waits
931
- # before it can delete the secret. You can't use both this parameter
932
- # and the `ForceDeleteWithoutRecovery` parameter in the same API call.
954
+ # before Secrets Manager can delete the secret. You can't use both this
955
+ # parameter and the `ForceDeleteWithoutRecovery` parameter in the same
956
+ # API call.
933
957
  #
934
- # This value can range from 7 to 30 days. The default value is 30.
958
+ # This value can range from 7 to 30 days with a default value of 30.
935
959
  #
936
960
  # @option params [Boolean] :force_delete_without_recovery
937
961
  # (Optional) Specifies that the secret is to be deleted without any
@@ -948,8 +972,12 @@ module Aws::SecretsManager
948
972
  # to skip the normal waiting period before the permanent deletion that
949
973
  # AWS would normally impose with the `RecoveryWindowInDays` parameter.
950
974
  # If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
951
- # then you have no opportunity to recover the secret. It is permanently
952
- # lost.
975
+ # then you have no opportunity to recover the secret. You lose the
976
+ # secret permanently.
977
+ #
978
+ # If you use this parameter and include a previously deleted or
979
+ # nonexistent secret, the operation does not return the error
980
+ # `ResourceNotFoundException` in order to correctly handle retries.
953
981
  #
954
982
  # @return [Types::DeleteSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
955
983
  #
@@ -1065,6 +1093,8 @@ module Aws::SecretsManager
1065
1093
  # * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
1066
1094
  # * {Types::DescribeSecretResponse#owning_service #owning_service} => String
1067
1095
  # * {Types::DescribeSecretResponse#created_date #created_date} => Time
1096
+ # * {Types::DescribeSecretResponse#primary_region #primary_region} => String
1097
+ # * {Types::DescribeSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
1068
1098
  #
1069
1099
  #
1070
1100
  # @example Example: To retrieve the details of a secret
@@ -1136,6 +1166,13 @@ module Aws::SecretsManager
1136
1166
  # resp.version_ids_to_stages["SecretVersionIdType"][0] #=> String
1137
1167
  # resp.owning_service #=> String
1138
1168
  # resp.created_date #=> Time
1169
+ # resp.primary_region #=> String
1170
+ # resp.replication_status #=> Array
1171
+ # resp.replication_status[0].region #=> String
1172
+ # resp.replication_status[0].kms_key_id #=> String
1173
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
1174
+ # resp.replication_status[0].status_message #=> String
1175
+ # resp.replication_status[0].last_accessed_date #=> Time
1139
1176
  #
1140
1177
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret AWS API Documentation
1141
1178
  #
@@ -1395,10 +1432,11 @@ module Aws::SecretsManager
1395
1432
  #
1396
1433
  # @option params [String] :version_id
1397
1434
  # Specifies the unique identifier of the version of the secret that you
1398
- # want to retrieve. If you specify this parameter then don't specify
1399
- # `VersionStage`. If you don't specify either a `VersionStage` or
1400
- # `VersionId` then the default is to perform the operation on the
1401
- # version with the `VersionStage` value of `AWSCURRENT`.
1435
+ # want to retrieve. If you specify both this parameter and
1436
+ # `VersionStage`, the two parameters must refer to the same secret
1437
+ # version. If you don't specify either a `VersionStage` or `VersionId`
1438
+ # then the default is to perform the operation on the version with the
1439
+ # `VersionStage` value of `AWSCURRENT`.
1402
1440
  #
1403
1441
  # This value is typically a [UUID-type][1] value with 32 hexadecimal
1404
1442
  # digits.
@@ -1412,10 +1450,11 @@ module Aws::SecretsManager
1412
1450
  # label attached to the version.
1413
1451
  #
1414
1452
  # Staging labels are used to keep track of different versions during the
1415
- # rotation process. If you use this parameter then don't specify
1416
- # `VersionId`. If you don't specify either a `VersionStage` or
1417
- # `VersionId`, then the default is to perform the operation on the
1418
- # version with the `VersionStage` value of `AWSCURRENT`.
1453
+ # rotation process. If you specify both this parameter and `VersionId`,
1454
+ # the two parameters must refer to the same secret version . If you
1455
+ # don't specify either a `VersionStage` or `VersionId`, then the
1456
+ # default is to perform the operation on the version with the
1457
+ # `VersionStage` value of `AWSCURRENT`.
1419
1458
  #
1420
1459
  # @return [Types::GetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1421
1460
  #
@@ -1738,7 +1777,7 @@ module Aws::SecretsManager
1738
1777
  # next_token: "NextTokenType",
1739
1778
  # filters: [
1740
1779
  # {
1741
- # key: "description", # accepts description, name, tag-key, tag-value, all
1780
+ # key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
1742
1781
  # values: ["FilterValueStringType"],
1743
1782
  # },
1744
1783
  # ],
@@ -1767,6 +1806,7 @@ module Aws::SecretsManager
1767
1806
  # resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"][0] #=> String
1768
1807
  # resp.secret_list[0].owning_service #=> String
1769
1808
  # resp.secret_list[0].created_date #=> Time
1809
+ # resp.secret_list[0].primary_region #=> String
1770
1810
  # resp.next_token #=> String
1771
1811
  #
1772
1812
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets AWS API Documentation
@@ -1803,8 +1843,8 @@ module Aws::SecretsManager
1803
1843
  # * To retrieve the resource policy attached to a secret, use
1804
1844
  # GetResourcePolicy.
1805
1845
  #
1806
- # * To delete the resource-based policy that's attached to a secret,
1807
- # use DeleteResourcePolicy.
1846
+ # * To delete the resource-based policy attached to a secret, use
1847
+ # DeleteResourcePolicy.
1808
1848
  #
1809
1849
  # * To list all of the currently available secrets, use ListSecrets.
1810
1850
  #
@@ -1814,8 +1854,9 @@ module Aws::SecretsManager
1814
1854
  # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
1815
1855
  #
1816
1856
  # @option params [required, String] :secret_id
1817
- # Specifies the secret that you want to attach the resource-based policy
1818
- # to. You can specify either the ARN or the friendly name of the secret.
1857
+ # Specifies the secret that you want to attach the resource-based
1858
+ # policy. You can specify either the ARN or the friendly name of the
1859
+ # secret.
1819
1860
  #
1820
1861
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1821
1862
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -1839,8 +1880,8 @@ module Aws::SecretsManager
1839
1880
  # </note>
1840
1881
  #
1841
1882
  # @option params [required, String] :resource_policy
1842
- # A JSON-formatted string that's constructed according to the grammar
1843
- # and syntax for an AWS resource-based policy. The policy in the string
1883
+ # A JSON-formatted string constructed according to the grammar and
1884
+ # syntax for an AWS resource-based policy. The policy in the string
1844
1885
  # identifies who can access or manage this secret and its versions. For
1845
1886
  # information on how to format a JSON parameter for the various command
1846
1887
  # line tool environments, see [Using JSON for Parameters][1] in the *AWS
@@ -1851,8 +1892,9 @@ module Aws::SecretsManager
1851
1892
  # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
1852
1893
  #
1853
1894
  # @option params [Boolean] :block_public_policy
1854
- # Makes an optional API call to Zelkova to validate the Resource Policy
1855
- # to prevent broad access to your secret.
1895
+ # (Optional) If you set the parameter, `BlockPublicPolicy` to true, then
1896
+ # you block resource-based policies that allow broad access to the
1897
+ # secret.
1856
1898
  #
1857
1899
  # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1858
1900
  #
@@ -1913,13 +1955,12 @@ module Aws::SecretsManager
1913
1955
  # Secrets Manager automatically attaches the staging label
1914
1956
  # `AWSCURRENT` to the new version.
1915
1957
  #
1916
- # * If another version of this secret already exists, then this
1917
- # operation does not automatically move any staging labels other than
1918
- # those that you explicitly specify in the `VersionStages` parameter.
1958
+ # * If you do not specify a value for VersionStages then Secrets Manager
1959
+ # automatically moves the staging label `AWSCURRENT` to this new
1960
+ # version.
1919
1961
  #
1920
1962
  # * If this operation moves the staging label `AWSCURRENT` from another
1921
- # version to this version (because you included it in the
1922
- # `StagingLabels` parameter) then Secrets Manager also automatically
1963
+ # version to this version, then Secrets Manager also automatically
1923
1964
  # moves the staging label `AWSPREVIOUS` to the version that
1924
1965
  # `AWSCURRENT` was removed from.
1925
1966
  #
@@ -2158,6 +2199,95 @@ module Aws::SecretsManager
2158
2199
  req.send_request(options)
2159
2200
  end
2160
2201
 
2202
+ # Remove regions from replication.
2203
+ #
2204
+ # @option params [required, String] :secret_id
2205
+ # Remove a secret by `SecretId` from replica Regions.
2206
+ #
2207
+ # @option params [required, Array<String>] :remove_replica_regions
2208
+ # Remove replication from specific Regions.
2209
+ #
2210
+ # @return [Types::RemoveRegionsFromReplicationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2211
+ #
2212
+ # * {Types::RemoveRegionsFromReplicationResponse#arn #arn} => String
2213
+ # * {Types::RemoveRegionsFromReplicationResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
2214
+ #
2215
+ # @example Request syntax with placeholder values
2216
+ #
2217
+ # resp = client.remove_regions_from_replication({
2218
+ # secret_id: "SecretIdType", # required
2219
+ # remove_replica_regions: ["RegionType"], # required
2220
+ # })
2221
+ #
2222
+ # @example Response structure
2223
+ #
2224
+ # resp.arn #=> String
2225
+ # resp.replication_status #=> Array
2226
+ # resp.replication_status[0].region #=> String
2227
+ # resp.replication_status[0].kms_key_id #=> String
2228
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
2229
+ # resp.replication_status[0].status_message #=> String
2230
+ # resp.replication_status[0].last_accessed_date #=> Time
2231
+ #
2232
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication AWS API Documentation
2233
+ #
2234
+ # @overload remove_regions_from_replication(params = {})
2235
+ # @param [Hash] params ({})
2236
+ def remove_regions_from_replication(params = {}, options = {})
2237
+ req = build_request(:remove_regions_from_replication, params)
2238
+ req.send_request(options)
2239
+ end
2240
+
2241
+ # Converts an existing secret to a multi-Region secret and begins
2242
+ # replication the secret to a list of new regions.
2243
+ #
2244
+ # @option params [required, String] :secret_id
2245
+ # Use the `Secret Id` to replicate a secret to regions.
2246
+ #
2247
+ # @option params [required, Array<Types::ReplicaRegionType>] :add_replica_regions
2248
+ # Add Regions to replicate the secret.
2249
+ #
2250
+ # @option params [Boolean] :force_overwrite_replica_secret
2251
+ # (Optional) If set, Secrets Manager replication overwrites a secret
2252
+ # with the same name in the destination region.
2253
+ #
2254
+ # @return [Types::ReplicateSecretToRegionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2255
+ #
2256
+ # * {Types::ReplicateSecretToRegionsResponse#arn #arn} => String
2257
+ # * {Types::ReplicateSecretToRegionsResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
2258
+ #
2259
+ # @example Request syntax with placeholder values
2260
+ #
2261
+ # resp = client.replicate_secret_to_regions({
2262
+ # secret_id: "SecretIdType", # required
2263
+ # add_replica_regions: [ # required
2264
+ # {
2265
+ # region: "RegionType",
2266
+ # kms_key_id: "KmsKeyIdType",
2267
+ # },
2268
+ # ],
2269
+ # force_overwrite_replica_secret: false,
2270
+ # })
2271
+ #
2272
+ # @example Response structure
2273
+ #
2274
+ # resp.arn #=> String
2275
+ # resp.replication_status #=> Array
2276
+ # resp.replication_status[0].region #=> String
2277
+ # resp.replication_status[0].kms_key_id #=> String
2278
+ # resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
2279
+ # resp.replication_status[0].status_message #=> String
2280
+ # resp.replication_status[0].last_accessed_date #=> Time
2281
+ #
2282
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions AWS API Documentation
2283
+ #
2284
+ # @overload replicate_secret_to_regions(params = {})
2285
+ # @param [Hash] params ({})
2286
+ def replicate_secret_to_regions(params = {}, options = {})
2287
+ req = build_request(:replicate_secret_to_regions, params)
2288
+ req.send_request(options)
2289
+ end
2290
+
2161
2291
  # Cancels the scheduled deletion of a secret by removing the
2162
2292
  # `DeletedDate` time stamp. This makes the secret accessible to query
2163
2293
  # once again.
@@ -2400,6 +2530,36 @@ module Aws::SecretsManager
2400
2530
  req.send_request(options)
2401
2531
  end
2402
2532
 
2533
+ # Removes the secret from replication and promotes the secret to a
2534
+ # regional secret in the replica Region.
2535
+ #
2536
+ # @option params [required, String] :secret_id
2537
+ # Response to `StopReplicationToReplica` of a secret, based on the
2538
+ # `SecretId`.
2539
+ #
2540
+ # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
2541
+ #
2542
+ # * {Types::StopReplicationToReplicaResponse#arn #arn} => String
2543
+ #
2544
+ # @example Request syntax with placeholder values
2545
+ #
2546
+ # resp = client.stop_replication_to_replica({
2547
+ # secret_id: "SecretIdType", # required
2548
+ # })
2549
+ #
2550
+ # @example Response structure
2551
+ #
2552
+ # resp.arn #=> String
2553
+ #
2554
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica AWS API Documentation
2555
+ #
2556
+ # @overload stop_replication_to_replica(params = {})
2557
+ # @param [Hash] params ({})
2558
+ def stop_replication_to_replica(params = {}, options = {})
2559
+ req = build_request(:stop_replication_to_replica, params)
2560
+ req.send_request(options)
2561
+ end
2562
+
2403
2563
  # Attaches one or more tags, each consisting of a key name and a value,
2404
2564
  # to the specified secret. Tags are part of the secret's overall
2405
2565
  # metadata, and are not associated with any specific version of the
@@ -2481,7 +2641,7 @@ module Aws::SecretsManager
2481
2641
  # information on how to format a JSON parameter for the various command
2482
2642
  # line tool environments, see [Using JSON for Parameters][1] in the *AWS
2483
2643
  # CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
2484
- # Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
2644
+ # Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
2485
2645
  #
2486
2646
  #
2487
2647
  #
@@ -3088,16 +3248,38 @@ module Aws::SecretsManager
3088
3248
  req.send_request(options)
3089
3249
  end
3090
3250
 
3091
- # Validates the JSON text of the resource-based policy document attached
3092
- # to the specified secret. The JSON request string input and response
3093
- # output displays formatted code with white space and line breaks for
3094
- # better readability. Submit your input as a single line JSON string. A
3095
- # resource-based policy is optional.
3251
+ # Validates that the resource policy does not grant a wide range of IAM
3252
+ # principals access to your secret. The JSON request string input and
3253
+ # response output displays formatted code with white space and line
3254
+ # breaks for better readability. Submit your input as a single line JSON
3255
+ # string. A resource-based policy is optional for secrets.
3256
+ #
3257
+ # The API performs three checks when validating the secret:
3258
+ #
3259
+ # * Sends a call to [Zelkova][1], an automated reasoning engine, to
3260
+ # ensure your Resource Policy does not allow broad access to your
3261
+ # secret.
3262
+ #
3263
+ # * Checks for correct syntax in a policy.
3264
+ #
3265
+ # * Verifies the policy does not lock out a caller.
3266
+ #
3267
+ # **Minimum Permissions**
3268
+ #
3269
+ # You must have the permissions required to access the following APIs:
3270
+ #
3271
+ # * `secretsmanager:PutResourcePolicy`
3272
+ #
3273
+ # * `secretsmanager:ValidateResourcePolicy`
3274
+ #
3275
+ #
3276
+ #
3277
+ # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
3096
3278
  #
3097
3279
  # @option params [String] :secret_id
3098
- # The identifier for the secret that you want to validate a resource
3099
- # policy. You can specify either the Amazon Resource Name (ARN) or the
3100
- # friendly name of the secret.
3280
+ # (Optional) The identifier of the secret with the resource-based policy
3281
+ # you want to validate. You can specify either the Amazon Resource Name
3282
+ # (ARN) or the friendly name of the secret.
3101
3283
  #
3102
3284
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
3103
3285
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -3121,7 +3303,16 @@ module Aws::SecretsManager
3121
3303
  # </note>
3122
3304
  #
3123
3305
  # @option params [required, String] :resource_policy
3124
- # Identifies the Resource Policy attached to the secret.
3306
+ # A JSON-formatted string constructed according to the grammar and
3307
+ # syntax for an AWS resource-based policy. The policy in the string
3308
+ # identifies who can access or manage this secret and its versions. For
3309
+ # information on how to format a JSON parameter for the various command
3310
+ # line tool environments, see [Using JSON for Parameters][1] in the *AWS
3311
+ # CLI User Guide*.publi
3312
+ #
3313
+ #
3314
+ #
3315
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
3125
3316
  #
3126
3317
  # @return [Types::ValidateResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
3127
3318
  #
@@ -3181,7 +3372,7 @@ module Aws::SecretsManager
3181
3372
  params: params,
3182
3373
  config: config)
3183
3374
  context[:gem_name] = 'aws-sdk-secretsmanager'
3184
- context[:gem_version] = '1.44.0'
3375
+ context[:gem_version] = '1.45.0'
3185
3376
  Seahorse::Client::Request.new(handlers, context)
3186
3377
  end
3187
3378
 
@@ -13,6 +13,7 @@ module Aws::SecretsManager
13
13
 
14
14
  include Seahorse::Model
15
15
 
16
+ AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
16
17
  AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
17
18
  BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
18
19
  CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
@@ -78,6 +79,15 @@ module Aws::SecretsManager
78
79
  PutSecretValueResponse = Shapes::StructureShape.new(name: 'PutSecretValueResponse')
79
80
  RandomPasswordType = Shapes::StringShape.new(name: 'RandomPasswordType')
80
81
  RecoveryWindowInDaysType = Shapes::IntegerShape.new(name: 'RecoveryWindowInDaysType')
82
+ RegionType = Shapes::StringShape.new(name: 'RegionType')
83
+ RemoveRegionsFromReplicationRequest = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationRequest')
84
+ RemoveRegionsFromReplicationResponse = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationResponse')
85
+ RemoveReplicaRegionListType = Shapes::ListShape.new(name: 'RemoveReplicaRegionListType')
86
+ ReplicaRegionType = Shapes::StructureShape.new(name: 'ReplicaRegionType')
87
+ ReplicateSecretToRegionsRequest = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsRequest')
88
+ ReplicateSecretToRegionsResponse = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsResponse')
89
+ ReplicationStatusListType = Shapes::ListShape.new(name: 'ReplicationStatusListType')
90
+ ReplicationStatusType = Shapes::StructureShape.new(name: 'ReplicationStatusType')
81
91
  RequireEachIncludedTypeType = Shapes::BooleanShape.new(name: 'RequireEachIncludedTypeType')
82
92
  ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
83
93
  ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
@@ -102,6 +112,10 @@ module Aws::SecretsManager
102
112
  SecretVersionsListType = Shapes::ListShape.new(name: 'SecretVersionsListType')
103
113
  SecretVersionsToStagesMapType = Shapes::MapShape.new(name: 'SecretVersionsToStagesMapType')
104
114
  SortOrderType = Shapes::StringShape.new(name: 'SortOrderType')
115
+ StatusMessageType = Shapes::StringShape.new(name: 'StatusMessageType')
116
+ StatusType = Shapes::StringShape.new(name: 'StatusType')
117
+ StopReplicationToReplicaRequest = Shapes::StructureShape.new(name: 'StopReplicationToReplicaRequest')
118
+ StopReplicationToReplicaResponse = Shapes::StructureShape.new(name: 'StopReplicationToReplicaResponse')
105
119
  Tag = Shapes::StructureShape.new(name: 'Tag')
106
120
  TagKeyListType = Shapes::ListShape.new(name: 'TagKeyListType')
107
121
  TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
@@ -119,6 +133,8 @@ module Aws::SecretsManager
119
133
  ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
120
134
  ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
121
135
 
136
+ AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
137
+
122
138
  CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
123
139
  CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
124
140
 
@@ -134,11 +150,14 @@ module Aws::SecretsManager
134
150
  CreateSecretRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
135
151
  CreateSecretRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
136
152
  CreateSecretRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
153
+ CreateSecretRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, location_name: "AddReplicaRegions"))
154
+ CreateSecretRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
137
155
  CreateSecretRequest.struct_class = Types::CreateSecretRequest
138
156
 
139
157
  CreateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
140
158
  CreateSecretResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
141
159
  CreateSecretResponse.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
160
+ CreateSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
142
161
  CreateSecretResponse.struct_class = Types::CreateSecretResponse
143
162
 
144
163
  DecryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -179,6 +198,8 @@ module Aws::SecretsManager
179
198
  DescribeSecretResponse.add_member(:version_ids_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "VersionIdsToStages"))
180
199
  DescribeSecretResponse.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
181
200
  DescribeSecretResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
201
+ DescribeSecretResponse.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
202
+ DescribeSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
182
203
  DescribeSecretResponse.struct_class = Types::DescribeSecretResponse
183
204
 
184
205
  EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -295,6 +316,38 @@ module Aws::SecretsManager
295
316
  PutSecretValueResponse.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
296
317
  PutSecretValueResponse.struct_class = Types::PutSecretValueResponse
297
318
 
319
+ RemoveRegionsFromReplicationRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
320
+ RemoveRegionsFromReplicationRequest.add_member(:remove_replica_regions, Shapes::ShapeRef.new(shape: RemoveReplicaRegionListType, required: true, location_name: "RemoveReplicaRegions"))
321
+ RemoveRegionsFromReplicationRequest.struct_class = Types::RemoveRegionsFromReplicationRequest
322
+
323
+ RemoveRegionsFromReplicationResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
324
+ RemoveRegionsFromReplicationResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
325
+ RemoveRegionsFromReplicationResponse.struct_class = Types::RemoveRegionsFromReplicationResponse
326
+
327
+ RemoveReplicaRegionListType.member = Shapes::ShapeRef.new(shape: RegionType)
328
+
329
+ ReplicaRegionType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
330
+ ReplicaRegionType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
331
+ ReplicaRegionType.struct_class = Types::ReplicaRegionType
332
+
333
+ ReplicateSecretToRegionsRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
334
+ ReplicateSecretToRegionsRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, required: true, location_name: "AddReplicaRegions"))
335
+ ReplicateSecretToRegionsRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
336
+ ReplicateSecretToRegionsRequest.struct_class = Types::ReplicateSecretToRegionsRequest
337
+
338
+ ReplicateSecretToRegionsResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
339
+ ReplicateSecretToRegionsResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
340
+ ReplicateSecretToRegionsResponse.struct_class = Types::ReplicateSecretToRegionsResponse
341
+
342
+ ReplicationStatusListType.member = Shapes::ShapeRef.new(shape: ReplicationStatusType)
343
+
344
+ ReplicationStatusType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
345
+ ReplicationStatusType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
346
+ ReplicationStatusType.add_member(:status, Shapes::ShapeRef.new(shape: StatusType, location_name: "Status"))
347
+ ReplicationStatusType.add_member(:status_message, Shapes::ShapeRef.new(shape: StatusMessageType, location_name: "StatusMessage"))
348
+ ReplicationStatusType.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate"))
349
+ ReplicationStatusType.struct_class = Types::ReplicationStatusType
350
+
298
351
  ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
299
352
  ResourceExistsException.struct_class = Types::ResourceExistsException
300
353
 
@@ -337,6 +390,7 @@ module Aws::SecretsManager
337
390
  SecretListEntry.add_member(:secret_versions_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "SecretVersionsToStages"))
338
391
  SecretListEntry.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
339
392
  SecretListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
393
+ SecretListEntry.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
340
394
  SecretListEntry.struct_class = Types::SecretListEntry
341
395
 
342
396
  SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
@@ -354,6 +408,12 @@ module Aws::SecretsManager
354
408
  SecretVersionsToStagesMapType.key = Shapes::ShapeRef.new(shape: SecretVersionIdType)
355
409
  SecretVersionsToStagesMapType.value = Shapes::ShapeRef.new(shape: SecretVersionStagesType)
356
410
 
411
+ StopReplicationToReplicaRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
412
+ StopReplicationToReplicaRequest.struct_class = Types::StopReplicationToReplicaRequest
413
+
414
+ StopReplicationToReplicaResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
415
+ StopReplicationToReplicaResponse.struct_class = Types::StopReplicationToReplicaResponse
416
+
357
417
  Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKeyType, location_name: "Key"))
358
418
  Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValueType, location_name: "Value"))
359
419
  Tag.struct_class = Types::Tag
@@ -464,6 +524,7 @@ module Aws::SecretsManager
464
524
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
465
525
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
466
526
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
527
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
467
528
  end)
468
529
 
469
530
  api.add_operation(:delete_secret, Seahorse::Model::Operation.new.tap do |o|
@@ -586,6 +647,30 @@ module Aws::SecretsManager
586
647
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
587
648
  end)
588
649
 
650
+ api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
651
+ o.name = "RemoveRegionsFromReplication"
652
+ o.http_method = "POST"
653
+ o.http_request_uri = "/"
654
+ o.input = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationRequest)
655
+ o.output = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationResponse)
656
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
657
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
658
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
659
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
660
+ end)
661
+
662
+ api.add_operation(:replicate_secret_to_regions, Seahorse::Model::Operation.new.tap do |o|
663
+ o.name = "ReplicateSecretToRegions"
664
+ o.http_method = "POST"
665
+ o.http_request_uri = "/"
666
+ o.input = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsRequest)
667
+ o.output = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsResponse)
668
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
669
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
670
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
671
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
672
+ end)
673
+
589
674
  api.add_operation(:restore_secret, Seahorse::Model::Operation.new.tap do |o|
590
675
  o.name = "RestoreSecret"
591
676
  o.http_method = "POST"
@@ -610,6 +695,18 @@ module Aws::SecretsManager
610
695
  o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
611
696
  end)
612
697
 
698
+ api.add_operation(:stop_replication_to_replica, Seahorse::Model::Operation.new.tap do |o|
699
+ o.name = "StopReplicationToReplica"
700
+ o.http_method = "POST"
701
+ o.http_request_uri = "/"
702
+ o.input = Shapes::ShapeRef.new(shape: StopReplicationToReplicaRequest)
703
+ o.output = Shapes::ShapeRef.new(shape: StopReplicationToReplicaResponse)
704
+ o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
705
+ o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
706
+ o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
707
+ o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
708
+ end)
709
+
613
710
  api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
614
711
  o.name = "TagResource"
615
712
  o.http_method = "POST"
@@ -96,6 +96,13 @@ module Aws::SecretsManager
96
96
  # value: "TagValueType",
97
97
  # },
98
98
  # ],
99
+ # add_replica_regions: [
100
+ # {
101
+ # region: "RegionType",
102
+ # kms_key_id: "KmsKeyIdType",
103
+ # },
104
+ # ],
105
+ # force_overwrite_replica_secret: false,
99
106
  # }
100
107
  #
101
108
  # @!attribute [rw] name
@@ -143,8 +150,8 @@ module Aws::SecretsManager
143
150
  #
144
151
  # * If a version with this value already exists and that version's
145
152
  # `SecretString` and `SecretBinary` values are different from those
146
- # in the request then the request fails because you cannot modify an
147
- # existing version. Instead, use PutSecretValue to create a new
153
+ # in the request, then the request fails because you cannot modify
154
+ # an existing version. Instead, use PutSecretValue to create a new
148
155
  # version.
149
156
  #
150
157
  # This value becomes the `VersionId` of the new version.
@@ -279,6 +286,17 @@ module Aws::SecretsManager
279
286
  # [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
280
287
  # @return [Array<Types::Tag>]
281
288
  #
289
+ # @!attribute [rw] add_replica_regions
290
+ # (Optional) Add a list of regions to replicate secrets. Secrets
291
+ # Manager replicates the KMSKeyID objects to the list of regions
292
+ # specified in the parameter.
293
+ # @return [Array<Types::ReplicaRegionType>]
294
+ #
295
+ # @!attribute [rw] force_overwrite_replica_secret
296
+ # (Optional) If set, the replication overwrites a secret with the same
297
+ # name in the destination region.
298
+ # @return [Boolean]
299
+ #
282
300
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
283
301
  #
284
302
  class CreateSecretRequest < Struct.new(
@@ -288,7 +306,9 @@ module Aws::SecretsManager
288
306
  :kms_key_id,
289
307
  :secret_binary,
290
308
  :secret_string,
291
- :tags)
309
+ :tags,
310
+ :add_replica_regions,
311
+ :force_overwrite_replica_secret)
292
312
  SENSITIVE = [:secret_binary, :secret_string]
293
313
  include Aws::Structure
294
314
  end
@@ -316,12 +336,18 @@ module Aws::SecretsManager
316
336
  # just created.
317
337
  # @return [String]
318
338
  #
339
+ # @!attribute [rw] replication_status
340
+ # Describes a list of replication status objects as `InProgress`,
341
+ # `Failed` or `InSync`.
342
+ # @return [Array<Types::ReplicationStatusType>]
343
+ #
319
344
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
320
345
  #
321
346
  class CreateSecretResponse < Struct.new(
322
347
  :arn,
323
348
  :name,
324
- :version_id)
349
+ :version_id,
350
+ :replication_status)
325
351
  SENSITIVE = []
326
352
  include Aws::Structure
327
353
  end
@@ -412,8 +438,8 @@ module Aws::SecretsManager
412
438
  # }
413
439
  #
414
440
  # @!attribute [rw] secret_id
415
- # Specifies the secret that you want to delete. You can specify either
416
- # the Amazon Resource Name (ARN) or the friendly name of the secret.
441
+ # Specifies the secret to delete. You can specify either the Amazon
442
+ # Resource Name (ARN) or the friendly name of the secret.
417
443
  #
418
444
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
419
445
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -440,10 +466,11 @@ module Aws::SecretsManager
440
466
  #
441
467
  # @!attribute [rw] recovery_window_in_days
442
468
  # (Optional) Specifies the number of days that Secrets Manager waits
443
- # before it can delete the secret. You can't use both this parameter
444
- # and the `ForceDeleteWithoutRecovery` parameter in the same API call.
469
+ # before Secrets Manager can delete the secret. You can't use both
470
+ # this parameter and the `ForceDeleteWithoutRecovery` parameter in the
471
+ # same API call.
445
472
  #
446
- # This value can range from 7 to 30 days. The default value is 30.
473
+ # This value can range from 7 to 30 days with a default value of 30.
447
474
  # @return [Integer]
448
475
  #
449
476
  # @!attribute [rw] force_delete_without_recovery
@@ -461,8 +488,12 @@ module Aws::SecretsManager
461
488
  # to skip the normal waiting period before the permanent deletion that
462
489
  # AWS would normally impose with the `RecoveryWindowInDays` parameter.
463
490
  # If you delete a secret with the `ForceDeleteWithouRecovery`
464
- # parameter, then you have no opportunity to recover the secret. It is
465
- # permanently lost.
491
+ # parameter, then you have no opportunity to recover the secret. You
492
+ # lose the secret permanently.
493
+ #
494
+ # If you use this parameter and include a previously deleted or
495
+ # nonexistent secret, the operation does not return the error
496
+ # `ResourceNotFoundException` in order to correctly handle retries.
466
497
  # @return [Boolean]
467
498
  #
468
499
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
@@ -480,7 +511,7 @@ module Aws::SecretsManager
480
511
  # @return [String]
481
512
  #
482
513
  # @!attribute [rw] name
483
- # The friendly name of the secret that is now scheduled for deletion.
514
+ # The friendly name of the secret currently scheduled for deletion.
484
515
  # @return [String]
485
516
  #
486
517
  # @!attribute [rw] deletion_date
@@ -578,14 +609,16 @@ module Aws::SecretsManager
578
609
  # @return [String]
579
610
  #
580
611
  # @!attribute [rw] rotation_rules
581
- # A structure that contains the rotation configuration for this
582
- # secret.
612
+ # A structure with the rotation configuration for this secret.
583
613
  # @return [Types::RotationRulesType]
584
614
  #
585
615
  # @!attribute [rw] last_rotated_date
616
+ # The last date and time that the rotation process for this secret was
617
+ # invoked.
618
+ #
586
619
  # The most recent date and time that the Secrets Manager rotation
587
- # process was successfully completed. This value is null if the secret
588
- # has never rotated.
620
+ # process successfully completed. If the secret doesn't rotate,
621
+ # Secrets Manager returns a null value.
589
622
  # @return [Time]
590
623
  #
591
624
  # @!attribute [rw] last_changed_date
@@ -632,9 +665,18 @@ module Aws::SecretsManager
632
665
  # @return [String]
633
666
  #
634
667
  # @!attribute [rw] created_date
635
- # The date that the secret was created.
668
+ # The date you created the secret.
636
669
  # @return [Time]
637
670
  #
671
+ # @!attribute [rw] primary_region
672
+ # Specifies the primary region for secret replication.
673
+ # @return [String]
674
+ #
675
+ # @!attribute [rw] replication_status
676
+ # Describes a list of replication status objects as `InProgress`,
677
+ # `Failed` or `InSync`.`P`
678
+ # @return [Array<Types::ReplicationStatusType>]
679
+ #
638
680
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
639
681
  #
640
682
  class DescribeSecretResponse < Struct.new(
@@ -652,7 +694,9 @@ module Aws::SecretsManager
652
694
  :tags,
653
695
  :version_ids_to_stages,
654
696
  :owning_service,
655
- :created_date)
697
+ :created_date,
698
+ :primary_region,
699
+ :replication_status)
656
700
  SENSITIVE = []
657
701
  include Aws::Structure
658
702
  end
@@ -677,13 +721,14 @@ module Aws::SecretsManager
677
721
  include Aws::Structure
678
722
  end
679
723
 
680
- # Allows you to filter your list of secrets.
724
+ # Allows you to add filters when you use the search function in Secrets
725
+ # Manager.
681
726
  #
682
727
  # @note When making an API call, you may pass Filter
683
728
  # data as a hash:
684
729
  #
685
730
  # {
686
- # key: "description", # accepts description, name, tag-key, tag-value, all
731
+ # key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
687
732
  # values: ["FilterValueStringType"],
688
733
  # }
689
734
  #
@@ -693,6 +738,9 @@ module Aws::SecretsManager
693
738
  #
694
739
  # @!attribute [rw] values
695
740
  # Filters your list of secrets by a specific value.
741
+ #
742
+ # You can prefix your search value with an exclamation mark (`!`) in
743
+ # order to perform negation filters.
696
744
  # @return [Array<String>]
697
745
  #
698
746
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Filter AWS API Documentation
@@ -916,11 +964,11 @@ module Aws::SecretsManager
916
964
  #
917
965
  # @!attribute [rw] version_id
918
966
  # Specifies the unique identifier of the version of the secret that
919
- # you want to retrieve. If you specify this parameter then don't
920
- # specify `VersionStage`. If you don't specify either a
921
- # `VersionStage` or `VersionId` then the default is to perform the
922
- # operation on the version with the `VersionStage` value of
923
- # `AWSCURRENT`.
967
+ # you want to retrieve. If you specify both this parameter and
968
+ # `VersionStage`, the two parameters must refer to the same secret
969
+ # version. If you don't specify either a `VersionStage` or
970
+ # `VersionId` then the default is to perform the operation on the
971
+ # version with the `VersionStage` value of `AWSCURRENT`.
924
972
  #
925
973
  # This value is typically a [UUID-type][1] value with 32 hexadecimal
926
974
  # digits.
@@ -935,8 +983,9 @@ module Aws::SecretsManager
935
983
  # staging label attached to the version.
936
984
  #
937
985
  # Staging labels are used to keep track of different versions during
938
- # the rotation process. If you use this parameter then don't specify
939
- # `VersionId`. If you don't specify either a `VersionStage` or
986
+ # the rotation process. If you specify both this parameter and
987
+ # `VersionId`, the two parameters must refer to the same secret
988
+ # version . If you don't specify either a `VersionStage` or
940
989
  # `VersionId`, then the default is to perform the operation on the
941
990
  # version with the `VersionStage` value of `AWSCURRENT`.
942
991
  # @return [String]
@@ -1226,7 +1275,7 @@ module Aws::SecretsManager
1226
1275
  # next_token: "NextTokenType",
1227
1276
  # filters: [
1228
1277
  # {
1229
- # key: "description", # accepts description, name, tag-key, tag-value, all
1278
+ # key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
1230
1279
  # values: ["FilterValueStringType"],
1231
1280
  # },
1232
1281
  # ],
@@ -1297,7 +1346,7 @@ module Aws::SecretsManager
1297
1346
  include Aws::Structure
1298
1347
  end
1299
1348
 
1300
- # The policy document that you provided isn't valid.
1349
+ # You provided a resource-based policy with syntax errors.
1301
1350
  #
1302
1351
  # @!attribute [rw] message
1303
1352
  # @return [String]
@@ -1324,7 +1373,8 @@ module Aws::SecretsManager
1324
1373
  include Aws::Structure
1325
1374
  end
1326
1375
 
1327
- # The resource policy did not prevent broad access to the secret.
1376
+ # The BlockPublicPolicy parameter is set to true and the resource policy
1377
+ # did not prevent broad access to the secret.
1328
1378
  #
1329
1379
  # @!attribute [rw] message
1330
1380
  # @return [String]
@@ -1348,8 +1398,8 @@ module Aws::SecretsManager
1348
1398
  #
1349
1399
  # @!attribute [rw] secret_id
1350
1400
  # Specifies the secret that you want to attach the resource-based
1351
- # policy to. You can specify either the ARN or the friendly name of
1352
- # the secret.
1401
+ # policy. You can specify either the ARN or the friendly name of the
1402
+ # secret.
1353
1403
  #
1354
1404
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
1355
1405
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -1375,12 +1425,12 @@ module Aws::SecretsManager
1375
1425
  # @return [String]
1376
1426
  #
1377
1427
  # @!attribute [rw] resource_policy
1378
- # A JSON-formatted string that's constructed according to the grammar
1379
- # and syntax for an AWS resource-based policy. The policy in the
1380
- # string identifies who can access or manage this secret and its
1381
- # versions. For information on how to format a JSON parameter for the
1382
- # various command line tool environments, see [Using JSON for
1383
- # Parameters][1] in the *AWS CLI User Guide*.
1428
+ # A JSON-formatted string constructed according to the grammar and
1429
+ # syntax for an AWS resource-based policy. The policy in the string
1430
+ # identifies who can access or manage this secret and its versions.
1431
+ # For information on how to format a JSON parameter for the various
1432
+ # command line tool environments, see [Using JSON for Parameters][1]
1433
+ # in the *AWS CLI User Guide*.
1384
1434
  #
1385
1435
  #
1386
1436
  #
@@ -1388,8 +1438,9 @@ module Aws::SecretsManager
1388
1438
  # @return [String]
1389
1439
  #
1390
1440
  # @!attribute [rw] block_public_policy
1391
- # Makes an optional API call to Zelkova to validate the Resource
1392
- # Policy to prevent broad access to your secret.
1441
+ # (Optional) If you set the parameter, `BlockPublicPolicy` to true,
1442
+ # then you block resource-based policies that allow broad access to
1443
+ # the secret.
1393
1444
  # @return [Boolean]
1394
1445
  #
1395
1446
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
@@ -1407,8 +1458,8 @@ module Aws::SecretsManager
1407
1458
  # @return [String]
1408
1459
  #
1409
1460
  # @!attribute [rw] name
1410
- # The friendly name of the secret that the retrieved by the
1411
- # resource-based policy.
1461
+ # The friendly name of the secret retrieved by the resource-based
1462
+ # policy.
1412
1463
  # @return [String]
1413
1464
  #
1414
1465
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
@@ -1608,6 +1659,170 @@ module Aws::SecretsManager
1608
1659
  include Aws::Structure
1609
1660
  end
1610
1661
 
1662
+ # @note When making an API call, you may pass RemoveRegionsFromReplicationRequest
1663
+ # data as a hash:
1664
+ #
1665
+ # {
1666
+ # secret_id: "SecretIdType", # required
1667
+ # remove_replica_regions: ["RegionType"], # required
1668
+ # }
1669
+ #
1670
+ # @!attribute [rw] secret_id
1671
+ # Remove a secret by `SecretId` from replica Regions.
1672
+ # @return [String]
1673
+ #
1674
+ # @!attribute [rw] remove_replica_regions
1675
+ # Remove replication from specific Regions.
1676
+ # @return [Array<String>]
1677
+ #
1678
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationRequest AWS API Documentation
1679
+ #
1680
+ class RemoveRegionsFromReplicationRequest < Struct.new(
1681
+ :secret_id,
1682
+ :remove_replica_regions)
1683
+ SENSITIVE = []
1684
+ include Aws::Structure
1685
+ end
1686
+
1687
+ # @!attribute [rw] arn
1688
+ # The secret `ARN` removed from replication regions.
1689
+ # @return [String]
1690
+ #
1691
+ # @!attribute [rw] replication_status
1692
+ # Describes the remaining replication status after you remove regions
1693
+ # from the replication list.
1694
+ # @return [Array<Types::ReplicationStatusType>]
1695
+ #
1696
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationResponse AWS API Documentation
1697
+ #
1698
+ class RemoveRegionsFromReplicationResponse < Struct.new(
1699
+ :arn,
1700
+ :replication_status)
1701
+ SENSITIVE = []
1702
+ include Aws::Structure
1703
+ end
1704
+
1705
+ # (Optional) Custom type consisting of a `Region` (required) and the
1706
+ # `KmsKeyId` which can be an `ARN`, `Key ID`, or `Alias`.
1707
+ #
1708
+ # @note When making an API call, you may pass ReplicaRegionType
1709
+ # data as a hash:
1710
+ #
1711
+ # {
1712
+ # region: "RegionType",
1713
+ # kms_key_id: "KmsKeyIdType",
1714
+ # }
1715
+ #
1716
+ # @!attribute [rw] region
1717
+ # Describes a single instance of Region objects.
1718
+ # @return [String]
1719
+ #
1720
+ # @!attribute [rw] kms_key_id
1721
+ # Can be an `ARN`, `Key ID`, or `Alias`.
1722
+ # @return [String]
1723
+ #
1724
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicaRegionType AWS API Documentation
1725
+ #
1726
+ class ReplicaRegionType < Struct.new(
1727
+ :region,
1728
+ :kms_key_id)
1729
+ SENSITIVE = []
1730
+ include Aws::Structure
1731
+ end
1732
+
1733
+ # @note When making an API call, you may pass ReplicateSecretToRegionsRequest
1734
+ # data as a hash:
1735
+ #
1736
+ # {
1737
+ # secret_id: "SecretIdType", # required
1738
+ # add_replica_regions: [ # required
1739
+ # {
1740
+ # region: "RegionType",
1741
+ # kms_key_id: "KmsKeyIdType",
1742
+ # },
1743
+ # ],
1744
+ # force_overwrite_replica_secret: false,
1745
+ # }
1746
+ #
1747
+ # @!attribute [rw] secret_id
1748
+ # Use the `Secret Id` to replicate a secret to regions.
1749
+ # @return [String]
1750
+ #
1751
+ # @!attribute [rw] add_replica_regions
1752
+ # Add Regions to replicate the secret.
1753
+ # @return [Array<Types::ReplicaRegionType>]
1754
+ #
1755
+ # @!attribute [rw] force_overwrite_replica_secret
1756
+ # (Optional) If set, Secrets Manager replication overwrites a secret
1757
+ # with the same name in the destination region.
1758
+ # @return [Boolean]
1759
+ #
1760
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsRequest AWS API Documentation
1761
+ #
1762
+ class ReplicateSecretToRegionsRequest < Struct.new(
1763
+ :secret_id,
1764
+ :add_replica_regions,
1765
+ :force_overwrite_replica_secret)
1766
+ SENSITIVE = []
1767
+ include Aws::Structure
1768
+ end
1769
+
1770
+ # @!attribute [rw] arn
1771
+ # Replicate a secret based on the `ReplicaRegionType`&gt; consisting
1772
+ # of a Region(required) and a KMSKeyId (optional) which can be the
1773
+ # ARN, KeyID, or Alias.
1774
+ # @return [String]
1775
+ #
1776
+ # @!attribute [rw] replication_status
1777
+ # Describes the secret replication status as `PENDING`, `SUCCESS` or
1778
+ # `FAIL`.
1779
+ # @return [Array<Types::ReplicationStatusType>]
1780
+ #
1781
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsResponse AWS API Documentation
1782
+ #
1783
+ class ReplicateSecretToRegionsResponse < Struct.new(
1784
+ :arn,
1785
+ :replication_status)
1786
+ SENSITIVE = []
1787
+ include Aws::Structure
1788
+ end
1789
+
1790
+ # A replication object consisting of a `RegionReplicationStatus` object
1791
+ # and includes a Region, KMSKeyId, status, and status message.
1792
+ #
1793
+ # @!attribute [rw] region
1794
+ # The Region where replication occurs.
1795
+ # @return [String]
1796
+ #
1797
+ # @!attribute [rw] kms_key_id
1798
+ # Can be an `ARN`, `Key ID`, or `Alias`.
1799
+ # @return [String]
1800
+ #
1801
+ # @!attribute [rw] status
1802
+ # The status can be `InProgress`, `Failed`, or `InSync`.
1803
+ # @return [String]
1804
+ #
1805
+ # @!attribute [rw] status_message
1806
+ # Status message such as "*Secret with this name already exists in
1807
+ # this region*".
1808
+ # @return [String]
1809
+ #
1810
+ # @!attribute [rw] last_accessed_date
1811
+ # The date that you last accessed the secret in the Region.
1812
+ # @return [Time]
1813
+ #
1814
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicationStatusType AWS API Documentation
1815
+ #
1816
+ class ReplicationStatusType < Struct.new(
1817
+ :region,
1818
+ :kms_key_id,
1819
+ :status,
1820
+ :status_message,
1821
+ :last_accessed_date)
1822
+ SENSITIVE = []
1823
+ include Aws::Structure
1824
+ end
1825
+
1611
1826
  # A resource with the ID you requested already exists.
1612
1827
  #
1613
1828
  # @!attribute [rw] message
@@ -1886,8 +2101,9 @@ module Aws::SecretsManager
1886
2101
  # @return [Types::RotationRulesType]
1887
2102
  #
1888
2103
  # @!attribute [rw] last_rotated_date
1889
- # The last date and time that the rotation process for this secret was
1890
- # invoked.
2104
+ # The most recent date and time that the Secrets Manager rotation
2105
+ # process was successfully completed. This value is null if the secret
2106
+ # hasn't ever rotated.
1891
2107
  # @return [Time]
1892
2108
  #
1893
2109
  # @!attribute [rw] last_changed_date
@@ -1934,6 +2150,10 @@ module Aws::SecretsManager
1934
2150
  # The date and time when a secret was created.
1935
2151
  # @return [Time]
1936
2152
  #
2153
+ # @!attribute [rw] primary_region
2154
+ # The Region where Secrets Manager originated the secret.
2155
+ # @return [String]
2156
+ #
1937
2157
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
1938
2158
  #
1939
2159
  class SecretListEntry < Struct.new(
@@ -1951,7 +2171,8 @@ module Aws::SecretsManager
1951
2171
  :tags,
1952
2172
  :secret_versions_to_stages,
1953
2173
  :owning_service,
1954
- :created_date)
2174
+ :created_date,
2175
+ :primary_region)
1955
2176
  SENSITIVE = []
1956
2177
  include Aws::Structure
1957
2178
  end
@@ -1988,6 +2209,39 @@ module Aws::SecretsManager
1988
2209
  include Aws::Structure
1989
2210
  end
1990
2211
 
2212
+ # @note When making an API call, you may pass StopReplicationToReplicaRequest
2213
+ # data as a hash:
2214
+ #
2215
+ # {
2216
+ # secret_id: "SecretIdType", # required
2217
+ # }
2218
+ #
2219
+ # @!attribute [rw] secret_id
2220
+ # Response to `StopReplicationToReplica` of a secret, based on the
2221
+ # `SecretId`.
2222
+ # @return [String]
2223
+ #
2224
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaRequest AWS API Documentation
2225
+ #
2226
+ class StopReplicationToReplicaRequest < Struct.new(
2227
+ :secret_id)
2228
+ SENSITIVE = []
2229
+ include Aws::Structure
2230
+ end
2231
+
2232
+ # @!attribute [rw] arn
2233
+ # Response `StopReplicationToReplica` of a secret, based on the
2234
+ # `ARN,`.
2235
+ # @return [String]
2236
+ #
2237
+ # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaResponse AWS API Documentation
2238
+ #
2239
+ class StopReplicationToReplicaResponse < Struct.new(
2240
+ :arn)
2241
+ SENSITIVE = []
2242
+ include Aws::Structure
2243
+ end
2244
+
1991
2245
  # A structure that contains information about a tag.
1992
2246
  #
1993
2247
  # @note When making an API call, you may pass Tag
@@ -2064,8 +2318,8 @@ module Aws::SecretsManager
2064
2318
  # information on how to format a JSON parameter for the various
2065
2319
  # command line tool environments, see [Using JSON for Parameters][1]
2066
2320
  # in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
2067
- # syntax: `--Tags
2068
- # Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
2321
+ # syntax: `--Tags Key="Key1",Value="Value1"
2322
+ # Key="Key2",Value="Value2"[,…]`
2069
2323
  #
2070
2324
  #
2071
2325
  #
@@ -2435,9 +2689,9 @@ module Aws::SecretsManager
2435
2689
  # }
2436
2690
  #
2437
2691
  # @!attribute [rw] secret_id
2438
- # The identifier for the secret that you want to validate a resource
2439
- # policy. You can specify either the Amazon Resource Name (ARN) or the
2440
- # friendly name of the secret.
2692
+ # (Optional) The identifier of the secret with the resource-based
2693
+ # policy you want to validate. You can specify either the Amazon
2694
+ # Resource Name (ARN) or the friendly name of the secret.
2441
2695
  #
2442
2696
  # <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
2443
2697
  # complete ARN. You can specify a partial ARN too—for example, if you
@@ -2463,7 +2717,16 @@ module Aws::SecretsManager
2463
2717
  # @return [String]
2464
2718
  #
2465
2719
  # @!attribute [rw] resource_policy
2466
- # Identifies the Resource Policy attached to the secret.
2720
+ # A JSON-formatted string constructed according to the grammar and
2721
+ # syntax for an AWS resource-based policy. The policy in the string
2722
+ # identifies who can access or manage this secret and its versions.
2723
+ # For information on how to format a JSON parameter for the various
2724
+ # command line tool environments, see [Using JSON for Parameters][1]
2725
+ # in the *AWS CLI User Guide*.publi
2726
+ #
2727
+ #
2728
+ #
2729
+ # [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
2467
2730
  # @return [String]
2468
2731
  #
2469
2732
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.44.0
4
+ version: 1.45.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-02 00:00:00.000000000 Z
11
+ date: 2021-03-03 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core