RubyGems - aws-sdk-secretsmanager - Versions diffs - 1.44.0 → 1.45.0 - Mend

aws-sdk-secretsmanager 1.44.0 → 1.45.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

checksums.yaml +4 -4
data/lib/aws-sdk-secretsmanager.rb +1 -1
data/lib/aws-sdk-secretsmanager/client.rb +240 -49
data/lib/aws-sdk-secretsmanager/client_api.rb +97 -0
data/lib/aws-sdk-secretsmanager/types.rb +314 -51
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f6c6bad2a4b036843ccfb62a2cea8ff975b750c8cd56766f0d65725a94b46973
-  data.tar.gz: c02d2eec7eae4d148ad53d3ac38d9a1b0ad3838750970ab6e550ad7283fdd1e5
+  metadata.gz: d846c13bffe56b68cf541256000b48cc80ae134843af7263c7742e7bdfbaf2b7
+  data.tar.gz: 3d8dfc8bfb52906c7af56b69e3f6f71908db55658b68c01c17ce3a0c08744f2b
 SHA512:
-  metadata.gz: 473a87bcc8e159d67c76f2a52ac189490c145e5397d6f7c6ea434dd43373364bd71c5f03b36bf78a15ddccd2090533b96f935fbd6eccaf480ad891b623367bb3
-  data.tar.gz: 2589fc010c099183aacc676f7844b3bdcd412769f614b1ab3eb5359368585c6c877efb8640798335ff5a9ad0d9fa08739c8a50e8e8ee037678d20af22e7947d5
+  metadata.gz: fc9fb09b8111bab8e4a69f57dd24213feadee71f931ce288ccfae967383125995ef3977855603e659238d671d9b3cc7407ae47fe3547369afbba5bef511aa63f
+  data.tar.gz: c2abdb72a7948aa4fee2f32821c1da57debe4e824cf6e613ec786da6aff60500c650fa8a5e4081cefc637a7d7d1de213a3b65a15bce7e82b99c4a78962b4d9bc

data/lib/aws-sdk-secretsmanager.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
-  GEM_VERSION = '1.44.0'
+  GEM_VERSION = '1.45.0'
 end

data/lib/aws-sdk-secretsmanager/client.rb CHANGED Viewed

@@ -584,7 +584,7 @@ module Aws::SecretsManager
     #
     #   * If a version with this value already exists and that version's
     #     `SecretString` and `SecretBinary` values are different from those in
-    #     the request then the request fails because you cannot modify an
+    #     the request, then the request fails because you cannot modify an
     #     existing version. Instead, use PutSecretValue to create a new
     #     version.
     #
@@ -714,11 +714,21 @@ module Aws::SecretsManager
     #
     #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #
+    # @option params [Array<Types::ReplicaRegionType>] :add_replica_regions
+    #   (Optional) Add a list of regions to replicate secrets. Secrets Manager
+    #   replicates the KMSKeyID objects to the list of regions specified in
+    #   the parameter.
+    #
+    # @option params [Boolean] :force_overwrite_replica_secret
+    #   (Optional) If set, the replication overwrites a secret with the same
+    #   name in the destination region.
+    #
     # @return [Types::CreateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateSecretResponse#arn #arn} => String
     #   * {Types::CreateSecretResponse#name #name} => String
     #   * {Types::CreateSecretResponse#version_id #version_id} => String
+    #   * {Types::CreateSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
     #
     #
     # @example Example: To create a basic secret
@@ -755,6 +765,13 @@ module Aws::SecretsManager
     #         value: "TagValueType",
     #       },
     #     ],
+    #     add_replica_regions: [
+    #       {
+    #         region: "RegionType",
+    #         kms_key_id: "KmsKeyIdType",
+    #       },
+    #     ],
+    #     force_overwrite_replica_secret: false,
     #   })
     #
     # @example Response structure
@@ -762,6 +779,12 @@ module Aws::SecretsManager
     #   resp.arn #=> String
     #   resp.name #=> String
     #   resp.version_id #=> String
+    #   resp.replication_status #=> Array
+    #   resp.replication_status[0].region #=> String
+    #   resp.replication_status[0].kms_key_id #=> String
+    #   resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
+    #   resp.replication_status[0].status_message #=> String
+    #   resp.replication_status[0].last_accessed_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecret AWS API Documentation
     #
@@ -786,8 +809,8 @@ module Aws::SecretsManager
     #
     # * To attach a resource policy to a secret, use PutResourcePolicy.
     #
-    # * To retrieve the current resource-based policy that's attached to a
-    #   secret, use GetResourcePolicy.
+    # * To retrieve the current resource-based policy attached to a secret,
+    #   use GetResourcePolicy.
     #
     # * To list all of the currently available secrets, use ListSecrets.
     #
@@ -857,7 +880,7 @@ module Aws::SecretsManager
       req.send_request(options)
     end
-    # Deletes an entire secret and all of its versions. You can optionally
+    # Deletes an entire secret and all of the versions. You can optionally
     # include a recovery window during which you can restore the secret. If
     # you don't specify a recovery window value, the operation defaults to
     # 30 days. Secrets Manager attaches a `DeletionDate` stamp to the secret
@@ -867,17 +890,17 @@ module Aws::SecretsManager
     # At any time before recovery window ends, you can use RestoreSecret to
     # remove the `DeletionDate` and cancel the deletion of the secret.
     #
-    # You cannot access the encrypted secret information in any secret that
-    # is scheduled for deletion. If you need to access that information, you
+    # You cannot access the encrypted secret information in any secret
+    # scheduled for deletion. If you need to access that information, you
     # must cancel the deletion with RestoreSecret and then retrieve the
     # information.
     #
     # <note markdown="1"> * There is no explicit operation to delete a version of a secret.
     #   Instead, remove all staging labels from the `VersionStage` field of
     #   a version. That marks the version as deprecated and allows Secrets
-    #   Manager to delete it as needed. Versions that do not have any
-    #   staging labels do not show up in ListSecretVersionIds unless you
-    #   specify `IncludeDeprecated`.
+    #   Manager to delete it as needed. Versions without any staging labels
+    #   do not show up in ListSecretVersionIds unless you specify
+    #   `IncludeDeprecated`.
     #
     # * The permanent secret deletion at the end of the waiting period is
     #   performed as a background task with low priority. There is no
@@ -902,8 +925,8 @@ module Aws::SecretsManager
     #   window has expired, use RestoreSecret.
     #
     # @option params [required, String] :secret_id
-    #   Specifies the secret that you want to delete. You can specify either
-    #   the Amazon Resource Name (ARN) or the friendly name of the secret.
+    #   Specifies the secret to delete. You can specify either the Amazon
+    #   Resource Name (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -928,10 +951,11 @@ module Aws::SecretsManager
     #
     # @option params [Integer] :recovery_window_in_days
     #   (Optional) Specifies the number of days that Secrets Manager waits
-    #   before it can delete the secret. You can't use both this parameter
-    #   and the `ForceDeleteWithoutRecovery` parameter in the same API call.
+    #   before Secrets Manager can delete the secret. You can't use both this
+    #   parameter and the `ForceDeleteWithoutRecovery` parameter in the same
+    #   API call.
     #
-    #   This value can range from 7 to 30 days. The default value is 30.
+    #   This value can range from 7 to 30 days with a default value of 30.
     #
     # @option params [Boolean] :force_delete_without_recovery
     #   (Optional) Specifies that the secret is to be deleted without any
@@ -948,8 +972,12 @@ module Aws::SecretsManager
     #   to skip the normal waiting period before the permanent deletion that
     #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
     #   If you delete a secret with the `ForceDeleteWithouRecovery` parameter,
-    #   then you have no opportunity to recover the secret. It is permanently
-    #   lost.
+    #   then you have no opportunity to recover the secret. You lose the
+    #   secret permanently.
+    #
+    #   If you use this parameter and include a previously deleted or
+    #   nonexistent secret, the operation does not return the error
+    #   `ResourceNotFoundException` in order to correctly handle retries.
     #
     # @return [Types::DeleteSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1065,6 +1093,8 @@ module Aws::SecretsManager
     #   * {Types::DescribeSecretResponse#version_ids_to_stages #version_ids_to_stages} => Hash&lt;String,Array&lt;String&gt;&gt;
     #   * {Types::DescribeSecretResponse#owning_service #owning_service} => String
     #   * {Types::DescribeSecretResponse#created_date #created_date} => Time
+    #   * {Types::DescribeSecretResponse#primary_region #primary_region} => String
+    #   * {Types::DescribeSecretResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
     #
     #
     # @example Example: To retrieve the details of a secret
@@ -1136,6 +1166,13 @@ module Aws::SecretsManager
     #   resp.version_ids_to_stages["SecretVersionIdType"][0] #=> String
     #   resp.owning_service #=> String
     #   resp.created_date #=> Time
+    #   resp.primary_region #=> String
+    #   resp.replication_status #=> Array
+    #   resp.replication_status[0].region #=> String
+    #   resp.replication_status[0].kms_key_id #=> String
+    #   resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
+    #   resp.replication_status[0].status_message #=> String
+    #   resp.replication_status[0].last_accessed_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecret AWS API Documentation
     #
@@ -1395,10 +1432,11 @@ module Aws::SecretsManager
     #
     # @option params [String] :version_id
     #   Specifies the unique identifier of the version of the secret that you
-    #   want to retrieve. If you specify this parameter then don't specify
-    #   `VersionStage`. If you don't specify either a `VersionStage` or
-    #   `VersionId` then the default is to perform the operation on the
-    #   version with the `VersionStage` value of `AWSCURRENT`.
+    #   want to retrieve. If you specify both this parameter and
+    #   `VersionStage`, the two parameters must refer to the same secret
+    #   version. If you don't specify either a `VersionStage` or `VersionId`
+    #   then the default is to perform the operation on the version with the
+    #   `VersionStage` value of `AWSCURRENT`.
     #
     #   This value is typically a [UUID-type][1] value with 32 hexadecimal
     #   digits.
@@ -1412,10 +1450,11 @@ module Aws::SecretsManager
     #   label attached to the version.
     #
     #   Staging labels are used to keep track of different versions during the
-    #   rotation process. If you use this parameter then don't specify
-    #   `VersionId`. If you don't specify either a `VersionStage` or
-    #   `VersionId`, then the default is to perform the operation on the
-    #   version with the `VersionStage` value of `AWSCURRENT`.
+    #   rotation process. If you specify both this parameter and `VersionId`,
+    #   the two parameters must refer to the same secret version . If you
+    #   don't specify either a `VersionStage` or `VersionId`, then the
+    #   default is to perform the operation on the version with the
+    #   `VersionStage` value of `AWSCURRENT`.
     #
     # @return [Types::GetSecretValueResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1738,7 +1777,7 @@ module Aws::SecretsManager
     #     next_token: "NextTokenType",
     #     filters: [
     #       {
-    #         key: "description", # accepts description, name, tag-key, tag-value, all
+    #         key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
     #         values: ["FilterValueStringType"],
     #       },
     #     ],
@@ -1767,6 +1806,7 @@ module Aws::SecretsManager
     #   resp.secret_list[0].secret_versions_to_stages["SecretVersionIdType"][0] #=> String
     #   resp.secret_list[0].owning_service #=> String
     #   resp.secret_list[0].created_date #=> Time
+    #   resp.secret_list[0].primary_region #=> String
     #   resp.next_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ListSecrets AWS API Documentation
@@ -1803,8 +1843,8 @@ module Aws::SecretsManager
     # * To retrieve the resource policy attached to a secret, use
     #   GetResourcePolicy.
     #
-    # * To delete the resource-based policy that's attached to a secret,
-    #   use DeleteResourcePolicy.
+    # * To delete the resource-based policy attached to a secret, use
+    #   DeleteResourcePolicy.
     #
     # * To list all of the currently available secrets, use ListSecrets.
     #
@@ -1814,8 +1854,9 @@ module Aws::SecretsManager
     # [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
     #
     # @option params [required, String] :secret_id
-    #   Specifies the secret that you want to attach the resource-based policy
-    #   to. You can specify either the ARN or the friendly name of the secret.
+    #   Specifies the secret that you want to attach the resource-based
+    #   policy. You can specify either the ARN or the friendly name of the
+    #   secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -1839,8 +1880,8 @@ module Aws::SecretsManager
     #    </note>
     #
     # @option params [required, String] :resource_policy
-    #   A JSON-formatted string that's constructed according to the grammar
-    #   and syntax for an AWS resource-based policy. The policy in the string
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
     #   identifies who can access or manage this secret and its versions. For
     #   information on how to format a JSON parameter for the various command
     #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
@@ -1851,8 +1892,9 @@ module Aws::SecretsManager
     #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #
     # @option params [Boolean] :block_public_policy
-    #   Makes an optional API call to Zelkova to validate the Resource Policy
-    #   to prevent broad access to your secret.
+    #   (Optional) If you set the parameter, `BlockPublicPolicy` to true, then
+    #   you block resource-based policies that allow broad access to the
+    #   secret.
     #
     # @return [Types::PutResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -1913,13 +1955,12 @@ module Aws::SecretsManager
     #   Secrets Manager automatically attaches the staging label
     #   `AWSCURRENT` to the new version.
     #
-    # * If another version of this secret already exists, then this
-    #   operation does not automatically move any staging labels other than
-    #   those that you explicitly specify in the `VersionStages` parameter.
+    # * If you do not specify a value for VersionStages then Secrets Manager
+    #   automatically moves the staging label `AWSCURRENT` to this new
+    #   version.
     #
     # * If this operation moves the staging label `AWSCURRENT` from another
-    #   version to this version (because you included it in the
-    #   `StagingLabels` parameter) then Secrets Manager also automatically
+    #   version to this version, then Secrets Manager also automatically
     #   moves the staging label `AWSPREVIOUS` to the version that
     #   `AWSCURRENT` was removed from.
     #
@@ -2158,6 +2199,95 @@ module Aws::SecretsManager
       req.send_request(options)
     end
+    # Remove regions from replication.
+    #
+    # @option params [required, String] :secret_id
+    #   Remove a secret by `SecretId` from replica Regions.
+    #
+    # @option params [required, Array<String>] :remove_replica_regions
+    #   Remove replication from specific Regions.
+    #
+    # @return [Types::RemoveRegionsFromReplicationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RemoveRegionsFromReplicationResponse#arn #arn} => String
+    #   * {Types::RemoveRegionsFromReplicationResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.remove_regions_from_replication({
+    #     secret_id: "SecretIdType", # required
+    #     remove_replica_regions: ["RegionType"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.replication_status #=> Array
+    #   resp.replication_status[0].region #=> String
+    #   resp.replication_status[0].kms_key_id #=> String
+    #   resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
+    #   resp.replication_status[0].status_message #=> String
+    #   resp.replication_status[0].last_accessed_date #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplication AWS API Documentation
+    #
+    # @overload remove_regions_from_replication(params = {})
+    # @param [Hash] params ({})
+    def remove_regions_from_replication(params = {}, options = {})
+      req = build_request(:remove_regions_from_replication, params)
+      req.send_request(options)
+    end
+    # Converts an existing secret to a multi-Region secret and begins
+    # replication the secret to a list of new regions.
+    #
+    # @option params [required, String] :secret_id
+    #   Use the `Secret Id` to replicate a secret to regions.
+    #
+    # @option params [required, Array<Types::ReplicaRegionType>] :add_replica_regions
+    #   Add Regions to replicate the secret.
+    #
+    # @option params [Boolean] :force_overwrite_replica_secret
+    #   (Optional) If set, Secrets Manager replication overwrites a secret
+    #   with the same name in the destination region.
+    #
+    # @return [Types::ReplicateSecretToRegionsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ReplicateSecretToRegionsResponse#arn #arn} => String
+    #   * {Types::ReplicateSecretToRegionsResponse#replication_status #replication_status} => Array&lt;Types::ReplicationStatusType&gt;
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.replicate_secret_to_regions({
+    #     secret_id: "SecretIdType", # required
+    #     add_replica_regions: [ # required
+    #       {
+    #         region: "RegionType",
+    #         kms_key_id: "KmsKeyIdType",
+    #       },
+    #     ],
+    #     force_overwrite_replica_secret: false,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #   resp.replication_status #=> Array
+    #   resp.replication_status[0].region #=> String
+    #   resp.replication_status[0].kms_key_id #=> String
+    #   resp.replication_status[0].status #=> String, one of "InSync", "Failed", "InProgress"
+    #   resp.replication_status[0].status_message #=> String
+    #   resp.replication_status[0].last_accessed_date #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegions AWS API Documentation
+    #
+    # @overload replicate_secret_to_regions(params = {})
+    # @param [Hash] params ({})
+    def replicate_secret_to_regions(params = {}, options = {})
+      req = build_request(:replicate_secret_to_regions, params)
+      req.send_request(options)
+    end
     # Cancels the scheduled deletion of a secret by removing the
     # `DeletedDate` time stamp. This makes the secret accessible to query
     # once again.
@@ -2400,6 +2530,36 @@ module Aws::SecretsManager
       req.send_request(options)
     end
+    # Removes the secret from replication and promotes the secret to a
+    # regional secret in the replica Region.
+    #
+    # @option params [required, String] :secret_id
+    #   Response to `StopReplicationToReplica` of a secret, based on the
+    #   `SecretId`.
+    #
+    # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::StopReplicationToReplicaResponse#arn #arn} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.stop_replication_to_replica({
+    #     secret_id: "SecretIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.arn #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplica AWS API Documentation
+    #
+    # @overload stop_replication_to_replica(params = {})
+    # @param [Hash] params ({})
+    def stop_replication_to_replica(params = {}, options = {})
+      req = build_request(:stop_replication_to_replica, params)
+      req.send_request(options)
+    end
     # Attaches one or more tags, each consisting of a key name and a value,
     # to the specified secret. Tags are part of the secret's overall
     # metadata, and are not associated with any specific version of the
@@ -2481,7 +2641,7 @@ module Aws::SecretsManager
     #   information on how to format a JSON parameter for the various command
     #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
     #   CLI User Guide*. For the AWS CLI, you can also use the syntax: `--Tags
-    #   Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
+    #   Key="Key1",Value="Value1" Key="Key2",Value="Value2"[,…]`
     #
     #
     #
@@ -3088,16 +3248,38 @@ module Aws::SecretsManager
       req.send_request(options)
     end
-    # Validates the JSON text of the resource-based policy document attached
-    # to the specified secret. The JSON request string input and response
-    # output displays formatted code with white space and line breaks for
-    # better readability. Submit your input as a single line JSON string. A
-    # resource-based policy is optional.
+    # Validates that the resource policy does not grant a wide range of IAM
+    # principals access to your secret. The JSON request string input and
+    # response output displays formatted code with white space and line
+    # breaks for better readability. Submit your input as a single line JSON
+    # string. A resource-based policy is optional for secrets.
+    #
+    # The API performs three checks when validating the secret:
+    #
+    # * Sends a call to [Zelkova][1], an automated reasoning engine, to
+    #   ensure your Resource Policy does not allow broad access to your
+    #   secret.
+    #
+    # * Checks for correct syntax in a policy.
+    #
+    # * Verifies the policy does not lock out a caller.
+    #
+    # **Minimum Permissions**
+    #
+    # You must have the permissions required to access the following APIs:
+    #
+    # * `secretsmanager:PutResourcePolicy`
+    #
+    # * `secretsmanager:ValidateResourcePolicy`
+    #
+    #
+    #
+    # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
     #
     # @option params [String] :secret_id
-    #   The identifier for the secret that you want to validate a resource
-    #   policy. You can specify either the Amazon Resource Name (ARN) or the
-    #   friendly name of the secret.
+    #   (Optional) The identifier of the secret with the resource-based policy
+    #   you want to validate. You can specify either the Amazon Resource Name
+    #   (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -3121,7 +3303,16 @@ module Aws::SecretsManager
     #    </note>
     #
     # @option params [required, String] :resource_policy
-    #   Identifies the Resource Policy attached to the secret.
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
+    #   identifies who can access or manage this secret and its versions. For
+    #   information on how to format a JSON parameter for the various command
+    #   line tool environments, see [Using JSON for Parameters][1] in the *AWS
+    #   CLI User Guide*.publi
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #
     # @return [Types::ValidateResourcePolicyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -3181,7 +3372,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.44.0'
+      context[:gem_version] = '1.45.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-secretsmanager/client_api.rb CHANGED Viewed

@@ -13,6 +13,7 @@ module Aws::SecretsManager
     include Seahorse::Model
+    AddReplicaRegionListType = Shapes::ListShape.new(name: 'AddReplicaRegionListType')
     AutomaticallyRotateAfterDaysType = Shapes::IntegerShape.new(name: 'AutomaticallyRotateAfterDaysType')
     BooleanType = Shapes::BooleanShape.new(name: 'BooleanType')
     CancelRotateSecretRequest = Shapes::StructureShape.new(name: 'CancelRotateSecretRequest')
@@ -78,6 +79,15 @@ module Aws::SecretsManager
     PutSecretValueResponse = Shapes::StructureShape.new(name: 'PutSecretValueResponse')
     RandomPasswordType = Shapes::StringShape.new(name: 'RandomPasswordType')
     RecoveryWindowInDaysType = Shapes::IntegerShape.new(name: 'RecoveryWindowInDaysType')
+    RegionType = Shapes::StringShape.new(name: 'RegionType')
+    RemoveRegionsFromReplicationRequest = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationRequest')
+    RemoveRegionsFromReplicationResponse = Shapes::StructureShape.new(name: 'RemoveRegionsFromReplicationResponse')
+    RemoveReplicaRegionListType = Shapes::ListShape.new(name: 'RemoveReplicaRegionListType')
+    ReplicaRegionType = Shapes::StructureShape.new(name: 'ReplicaRegionType')
+    ReplicateSecretToRegionsRequest = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsRequest')
+    ReplicateSecretToRegionsResponse = Shapes::StructureShape.new(name: 'ReplicateSecretToRegionsResponse')
+    ReplicationStatusListType = Shapes::ListShape.new(name: 'ReplicationStatusListType')
+    ReplicationStatusType = Shapes::StructureShape.new(name: 'ReplicationStatusType')
     RequireEachIncludedTypeType = Shapes::BooleanShape.new(name: 'RequireEachIncludedTypeType')
     ResourceExistsException = Shapes::StructureShape.new(name: 'ResourceExistsException')
     ResourceNotFoundException = Shapes::StructureShape.new(name: 'ResourceNotFoundException')
@@ -102,6 +112,10 @@ module Aws::SecretsManager
     SecretVersionsListType = Shapes::ListShape.new(name: 'SecretVersionsListType')
     SecretVersionsToStagesMapType = Shapes::MapShape.new(name: 'SecretVersionsToStagesMapType')
     SortOrderType = Shapes::StringShape.new(name: 'SortOrderType')
+    StatusMessageType = Shapes::StringShape.new(name: 'StatusMessageType')
+    StatusType = Shapes::StringShape.new(name: 'StatusType')
+    StopReplicationToReplicaRequest = Shapes::StructureShape.new(name: 'StopReplicationToReplicaRequest')
+    StopReplicationToReplicaResponse = Shapes::StructureShape.new(name: 'StopReplicationToReplicaResponse')
     Tag = Shapes::StructureShape.new(name: 'Tag')
     TagKeyListType = Shapes::ListShape.new(name: 'TagKeyListType')
     TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
@@ -119,6 +133,8 @@ module Aws::SecretsManager
     ValidationErrorsEntry = Shapes::StructureShape.new(name: 'ValidationErrorsEntry')
     ValidationErrorsType = Shapes::ListShape.new(name: 'ValidationErrorsType')
+    AddReplicaRegionListType.member = Shapes::ShapeRef.new(shape: ReplicaRegionType)
     CancelRotateSecretRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
     CancelRotateSecretRequest.struct_class = Types::CancelRotateSecretRequest
@@ -134,11 +150,14 @@ module Aws::SecretsManager
     CreateSecretRequest.add_member(:secret_binary, Shapes::ShapeRef.new(shape: SecretBinaryType, location_name: "SecretBinary"))
     CreateSecretRequest.add_member(:secret_string, Shapes::ShapeRef.new(shape: SecretStringType, location_name: "SecretString"))
     CreateSecretRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagListType, location_name: "Tags"))
+    CreateSecretRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, location_name: "AddReplicaRegions"))
+    CreateSecretRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
     CreateSecretRequest.struct_class = Types::CreateSecretRequest
     CreateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
     CreateSecretResponse.add_member(:name, Shapes::ShapeRef.new(shape: SecretNameType, location_name: "Name"))
     CreateSecretResponse.add_member(:version_id, Shapes::ShapeRef.new(shape: SecretVersionIdType, location_name: "VersionId"))
+    CreateSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
     CreateSecretResponse.struct_class = Types::CreateSecretResponse
     DecryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -179,6 +198,8 @@ module Aws::SecretsManager
     DescribeSecretResponse.add_member(:version_ids_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "VersionIdsToStages"))
     DescribeSecretResponse.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
     DescribeSecretResponse.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    DescribeSecretResponse.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
+    DescribeSecretResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
     DescribeSecretResponse.struct_class = Types::DescribeSecretResponse
     EncryptionFailure.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
@@ -295,6 +316,38 @@ module Aws::SecretsManager
     PutSecretValueResponse.add_member(:version_stages, Shapes::ShapeRef.new(shape: SecretVersionStagesType, location_name: "VersionStages"))
     PutSecretValueResponse.struct_class = Types::PutSecretValueResponse
+    RemoveRegionsFromReplicationRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    RemoveRegionsFromReplicationRequest.add_member(:remove_replica_regions, Shapes::ShapeRef.new(shape: RemoveReplicaRegionListType, required: true, location_name: "RemoveReplicaRegions"))
+    RemoveRegionsFromReplicationRequest.struct_class = Types::RemoveRegionsFromReplicationRequest
+    RemoveRegionsFromReplicationResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    RemoveRegionsFromReplicationResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
+    RemoveRegionsFromReplicationResponse.struct_class = Types::RemoveRegionsFromReplicationResponse
+    RemoveReplicaRegionListType.member = Shapes::ShapeRef.new(shape: RegionType)
+    ReplicaRegionType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
+    ReplicaRegionType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
+    ReplicaRegionType.struct_class = Types::ReplicaRegionType
+    ReplicateSecretToRegionsRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    ReplicateSecretToRegionsRequest.add_member(:add_replica_regions, Shapes::ShapeRef.new(shape: AddReplicaRegionListType, required: true, location_name: "AddReplicaRegions"))
+    ReplicateSecretToRegionsRequest.add_member(:force_overwrite_replica_secret, Shapes::ShapeRef.new(shape: BooleanType, location_name: "ForceOverwriteReplicaSecret"))
+    ReplicateSecretToRegionsRequest.struct_class = Types::ReplicateSecretToRegionsRequest
+    ReplicateSecretToRegionsResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    ReplicateSecretToRegionsResponse.add_member(:replication_status, Shapes::ShapeRef.new(shape: ReplicationStatusListType, location_name: "ReplicationStatus"))
+    ReplicateSecretToRegionsResponse.struct_class = Types::ReplicateSecretToRegionsResponse
+    ReplicationStatusListType.member = Shapes::ShapeRef.new(shape: ReplicationStatusType)
+    ReplicationStatusType.add_member(:region, Shapes::ShapeRef.new(shape: RegionType, location_name: "Region"))
+    ReplicationStatusType.add_member(:kms_key_id, Shapes::ShapeRef.new(shape: KmsKeyIdType, location_name: "KmsKeyId"))
+    ReplicationStatusType.add_member(:status, Shapes::ShapeRef.new(shape: StatusType, location_name: "Status"))
+    ReplicationStatusType.add_member(:status_message, Shapes::ShapeRef.new(shape: StatusMessageType, location_name: "StatusMessage"))
+    ReplicationStatusType.add_member(:last_accessed_date, Shapes::ShapeRef.new(shape: LastAccessedDateType, location_name: "LastAccessedDate"))
+    ReplicationStatusType.struct_class = Types::ReplicationStatusType
     ResourceExistsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     ResourceExistsException.struct_class = Types::ResourceExistsException
@@ -337,6 +390,7 @@ module Aws::SecretsManager
     SecretListEntry.add_member(:secret_versions_to_stages, Shapes::ShapeRef.new(shape: SecretVersionsToStagesMapType, location_name: "SecretVersionsToStages"))
     SecretListEntry.add_member(:owning_service, Shapes::ShapeRef.new(shape: OwningServiceType, location_name: "OwningService"))
     SecretListEntry.add_member(:created_date, Shapes::ShapeRef.new(shape: TimestampType, location_name: "CreatedDate", metadata: {"box"=>true}))
+    SecretListEntry.add_member(:primary_region, Shapes::ShapeRef.new(shape: RegionType, location_name: "PrimaryRegion"))
     SecretListEntry.struct_class = Types::SecretListEntry
     SecretListType.member = Shapes::ShapeRef.new(shape: SecretListEntry)
@@ -354,6 +408,12 @@ module Aws::SecretsManager
     SecretVersionsToStagesMapType.key = Shapes::ShapeRef.new(shape: SecretVersionIdType)
     SecretVersionsToStagesMapType.value = Shapes::ShapeRef.new(shape: SecretVersionStagesType)
+    StopReplicationToReplicaRequest.add_member(:secret_id, Shapes::ShapeRef.new(shape: SecretIdType, required: true, location_name: "SecretId"))
+    StopReplicationToReplicaRequest.struct_class = Types::StopReplicationToReplicaRequest
+    StopReplicationToReplicaResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
+    StopReplicationToReplicaResponse.struct_class = Types::StopReplicationToReplicaResponse
     Tag.add_member(:key, Shapes::ShapeRef.new(shape: TagKeyType, location_name: "Key"))
     Tag.add_member(:value, Shapes::ShapeRef.new(shape: TagValueType, location_name: "Value"))
     Tag.struct_class = Types::Tag
@@ -464,6 +524,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
       end)
       api.add_operation(:delete_secret, Seahorse::Model::Operation.new.tap do |o|
@@ -586,6 +647,30 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
       end)
+      api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RemoveRegionsFromReplication"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationRequest)
+        o.output = Shapes::ShapeRef.new(shape: RemoveRegionsFromReplicationResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
+      api.add_operation(:replicate_secret_to_regions, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ReplicateSecretToRegions"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ReplicateSecretToRegionsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
       api.add_operation(:restore_secret, Seahorse::Model::Operation.new.tap do |o|
         o.name = "RestoreSecret"
         o.http_method = "POST"
@@ -610,6 +695,18 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
       end)
+      api.add_operation(:stop_replication_to_replica, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "StopReplicationToReplica"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: StopReplicationToReplicaRequest)
+        o.output = Shapes::ShapeRef.new(shape: StopReplicationToReplicaResponse)
+        o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidRequestException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+      end)
       api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
         o.name = "TagResource"
         o.http_method = "POST"

data/lib/aws-sdk-secretsmanager/types.rb CHANGED Viewed

@@ -96,6 +96,13 @@ module Aws::SecretsManager
     #             value: "TagValueType",
     #           },
     #         ],
+    #         add_replica_regions: [
+    #           {
+    #             region: "RegionType",
+    #             kms_key_id: "KmsKeyIdType",
+    #           },
+    #         ],
+    #         force_overwrite_replica_secret: false,
     #       }
     #
     # @!attribute [rw] name
@@ -143,8 +150,8 @@ module Aws::SecretsManager
     #
     #   * If a version with this value already exists and that version's
     #     `SecretString` and `SecretBinary` values are different from those
-    #     in the request then the request fails because you cannot modify an
-    #     existing version. Instead, use PutSecretValue to create a new
+    #     in the request, then the request fails because you cannot modify
+    #     an existing version. Instead, use PutSecretValue to create a new
     #     version.
     #
     #   This value becomes the `VersionId` of the new version.
@@ -279,6 +286,17 @@ module Aws::SecretsManager
     #   [1]: https://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #   @return [Array<Types::Tag>]
     #
+    # @!attribute [rw] add_replica_regions
+    #   (Optional) Add a list of regions to replicate secrets. Secrets
+    #   Manager replicates the KMSKeyID objects to the list of regions
+    #   specified in the parameter.
+    #   @return [Array<Types::ReplicaRegionType>]
+    #
+    # @!attribute [rw] force_overwrite_replica_secret
+    #   (Optional) If set, the replication overwrites a secret with the same
+    #   name in the destination region.
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretRequest AWS API Documentation
     #
     class CreateSecretRequest < Struct.new(
@@ -288,7 +306,9 @@ module Aws::SecretsManager
       :kms_key_id,
       :secret_binary,
       :secret_string,
-      :tags)
+      :tags,
+      :add_replica_regions,
+      :force_overwrite_replica_secret)
       SENSITIVE = [:secret_binary, :secret_string]
       include Aws::Structure
     end
@@ -316,12 +336,18 @@ module Aws::SecretsManager
     #   just created.
     #   @return [String]
     #
+    # @!attribute [rw] replication_status
+    #   Describes a list of replication status objects as `InProgress`,
+    #   `Failed` or `InSync`.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/CreateSecretResponse AWS API Documentation
     #
     class CreateSecretResponse < Struct.new(
       :arn,
       :name,
-      :version_id)
+      :version_id,
+      :replication_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -412,8 +438,8 @@ module Aws::SecretsManager
     #       }
     #
     # @!attribute [rw] secret_id
-    #   Specifies the secret that you want to delete. You can specify either
-    #   the Amazon Resource Name (ARN) or the friendly name of the secret.
+    #   Specifies the secret to delete. You can specify either the Amazon
+    #   Resource Name (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -440,10 +466,11 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] recovery_window_in_days
     #   (Optional) Specifies the number of days that Secrets Manager waits
-    #   before it can delete the secret. You can't use both this parameter
-    #   and the `ForceDeleteWithoutRecovery` parameter in the same API call.
+    #   before Secrets Manager can delete the secret. You can't use both
+    #   this parameter and the `ForceDeleteWithoutRecovery` parameter in the
+    #   same API call.
     #
-    #   This value can range from 7 to 30 days. The default value is 30.
+    #   This value can range from 7 to 30 days with a default value of 30.
     #   @return [Integer]
     #
     # @!attribute [rw] force_delete_without_recovery
@@ -461,8 +488,12 @@ module Aws::SecretsManager
     #   to skip the normal waiting period before the permanent deletion that
     #   AWS would normally impose with the `RecoveryWindowInDays` parameter.
     #   If you delete a secret with the `ForceDeleteWithouRecovery`
-    #   parameter, then you have no opportunity to recover the secret. It is
-    #   permanently lost.
+    #   parameter, then you have no opportunity to recover the secret. You
+    #   lose the secret permanently.
+    #
+    #   If you use this parameter and include a previously deleted or
+    #   nonexistent secret, the operation does not return the error
+    #   `ResourceNotFoundException` in order to correctly handle retries.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DeleteSecretRequest AWS API Documentation
@@ -480,7 +511,7 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret that is now scheduled for deletion.
+    #   The friendly name of the secret currently scheduled for deletion.
     #   @return [String]
     #
     # @!attribute [rw] deletion_date
@@ -578,14 +609,16 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
-    #   A structure that contains the rotation configuration for this
-    #   secret.
+    #   A structure with the rotation configuration for this secret.
     #   @return [Types::RotationRulesType]
     #
     # @!attribute [rw] last_rotated_date
+    #   The last date and time that the rotation process for this secret was
+    #   invoked.
+    #
     #   The most recent date and time that the Secrets Manager rotation
-    #   process was successfully completed. This value is null if the secret
-    #   has never rotated.
+    #   process successfully completed. If the secret doesn't rotate,
+    #   Secrets Manager returns a null value.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -632,9 +665,18 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] created_date
-    #   The date that the secret was created.
+    #   The date you created the secret.
     #   @return [Time]
     #
+    # @!attribute [rw] primary_region
+    #   Specifies the primary region for secret replication.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes a list of replication status objects as `InProgress`,
+    #   `Failed` or `InSync`.`P`
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/DescribeSecretResponse AWS API Documentation
     #
     class DescribeSecretResponse < Struct.new(
@@ -652,7 +694,9 @@ module Aws::SecretsManager
       :tags,
       :version_ids_to_stages,
       :owning_service,
-      :created_date)
+      :created_date,
+      :primary_region,
+      :replication_status)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -677,13 +721,14 @@ module Aws::SecretsManager
       include Aws::Structure
     end
-    # Allows you to filter your list of secrets.
+    # Allows you to add filters when you use the search function in Secrets
+    # Manager.
     #
     # @note When making an API call, you may pass Filter
     #   data as a hash:
     #
     #       {
-    #         key: "description", # accepts description, name, tag-key, tag-value, all
+    #         key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
     #         values: ["FilterValueStringType"],
     #       }
     #
@@ -693,6 +738,9 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] values
     #   Filters your list of secrets by a specific value.
+    #
+    #   You can prefix your search value with an exclamation mark (`!`) in
+    #   order to perform negation filters.
     #   @return [Array<String>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/Filter AWS API Documentation
@@ -916,11 +964,11 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] version_id
     #   Specifies the unique identifier of the version of the secret that
-    #   you want to retrieve. If you specify this parameter then don't
-    #   specify `VersionStage`. If you don't specify either a
-    #   `VersionStage` or `VersionId` then the default is to perform the
-    #   operation on the version with the `VersionStage` value of
-    #   `AWSCURRENT`.
+    #   you want to retrieve. If you specify both this parameter and
+    #   `VersionStage`, the two parameters must refer to the same secret
+    #   version. If you don't specify either a `VersionStage` or
+    #   `VersionId` then the default is to perform the operation on the
+    #   version with the `VersionStage` value of `AWSCURRENT`.
     #
     #   This value is typically a [UUID-type][1] value with 32 hexadecimal
     #   digits.
@@ -935,8 +983,9 @@ module Aws::SecretsManager
     #   staging label attached to the version.
     #
     #   Staging labels are used to keep track of different versions during
-    #   the rotation process. If you use this parameter then don't specify
-    #   `VersionId`. If you don't specify either a `VersionStage` or
+    #   the rotation process. If you specify both this parameter and
+    #   `VersionId`, the two parameters must refer to the same secret
+    #   version . If you don't specify either a `VersionStage` or
     #   `VersionId`, then the default is to perform the operation on the
     #   version with the `VersionStage` value of `AWSCURRENT`.
     #   @return [String]
@@ -1226,7 +1275,7 @@ module Aws::SecretsManager
     #         next_token: "NextTokenType",
     #         filters: [
     #           {
-    #             key: "description", # accepts description, name, tag-key, tag-value, all
+    #             key: "description", # accepts description, name, tag-key, tag-value, primary-region, all
     #             values: ["FilterValueStringType"],
     #           },
     #         ],
@@ -1297,7 +1346,7 @@ module Aws::SecretsManager
       include Aws::Structure
     end
-    # The policy document that you provided isn't valid.
+    # You provided a resource-based policy with syntax errors.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1324,7 +1373,8 @@ module Aws::SecretsManager
       include Aws::Structure
     end
-    # The resource policy did not prevent broad access to the secret.
+    # The BlockPublicPolicy parameter is set to true and the resource policy
+    # did not prevent broad access to the secret.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1348,8 +1398,8 @@ module Aws::SecretsManager
     #
     # @!attribute [rw] secret_id
     #   Specifies the secret that you want to attach the resource-based
-    #   policy to. You can specify either the ARN or the friendly name of
-    #   the secret.
+    #   policy. You can specify either the ARN or the friendly name of the
+    #   secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -1375,12 +1425,12 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
-    #   A JSON-formatted string that's constructed according to the grammar
-    #   and syntax for an AWS resource-based policy. The policy in the
-    #   string identifies who can access or manage this secret and its
-    #   versions. For information on how to format a JSON parameter for the
-    #   various command line tool environments, see [Using JSON for
-    #   Parameters][1] in the *AWS CLI User Guide*.
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
+    #   identifies who can access or manage this secret and its versions.
+    #   For information on how to format a JSON parameter for the various
+    #   command line tool environments, see [Using JSON for Parameters][1]
+    #   in the *AWS CLI User Guide*.
     #
     #
     #
@@ -1388,8 +1438,9 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] block_public_policy
-    #   Makes an optional API call to Zelkova to validate the Resource
-    #   Policy to prevent broad access to your secret.
+    #   (Optional) If you set the parameter, `BlockPublicPolicy` to true,
+    #   then you block resource-based policies that allow broad access to
+    #   the secret.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyRequest AWS API Documentation
@@ -1407,8 +1458,8 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] name
-    #   The friendly name of the secret that the retrieved by the
-    #   resource-based policy.
+    #   The friendly name of the secret retrieved by the resource-based
+    #   policy.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/PutResourcePolicyResponse AWS API Documentation
@@ -1608,6 +1659,170 @@ module Aws::SecretsManager
       include Aws::Structure
     end
+    # @note When making an API call, you may pass RemoveRegionsFromReplicationRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #         remove_replica_regions: ["RegionType"], # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Remove a secret by `SecretId` from replica Regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] remove_replica_regions
+    #   Remove replication from specific Regions.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationRequest AWS API Documentation
+    #
+    class RemoveRegionsFromReplicationRequest < Struct.new(
+      :secret_id,
+      :remove_replica_regions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] arn
+    #   The secret `ARN` removed from replication regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes the remaining replication status after you remove regions
+    #   from the replication list.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RemoveRegionsFromReplicationResponse AWS API Documentation
+    #
+    class RemoveRegionsFromReplicationResponse < Struct.new(
+      :arn,
+      :replication_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # (Optional) Custom type consisting of a `Region` (required) and the
+    # `KmsKeyId` which can be an `ARN`, `Key ID`, or `Alias`.
+    #
+    # @note When making an API call, you may pass ReplicaRegionType
+    #   data as a hash:
+    #
+    #       {
+    #         region: "RegionType",
+    #         kms_key_id: "KmsKeyIdType",
+    #       }
+    #
+    # @!attribute [rw] region
+    #   Describes a single instance of Region objects.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   Can be an `ARN`, `Key ID`, or `Alias`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicaRegionType AWS API Documentation
+    #
+    class ReplicaRegionType < Struct.new(
+      :region,
+      :kms_key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @note When making an API call, you may pass ReplicateSecretToRegionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #         add_replica_regions: [ # required
+    #           {
+    #             region: "RegionType",
+    #             kms_key_id: "KmsKeyIdType",
+    #           },
+    #         ],
+    #         force_overwrite_replica_secret: false,
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Use the `Secret Id` to replicate a secret to regions.
+    #   @return [String]
+    #
+    # @!attribute [rw] add_replica_regions
+    #   Add Regions to replicate the secret.
+    #   @return [Array<Types::ReplicaRegionType>]
+    #
+    # @!attribute [rw] force_overwrite_replica_secret
+    #   (Optional) If set, Secrets Manager replication overwrites a secret
+    #   with the same name in the destination region.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsRequest AWS API Documentation
+    #
+    class ReplicateSecretToRegionsRequest < Struct.new(
+      :secret_id,
+      :add_replica_regions,
+      :force_overwrite_replica_secret)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] arn
+    #   Replicate a secret based on the `ReplicaRegionType`&gt; consisting
+    #   of a Region(required) and a KMSKeyId (optional) which can be the
+    #   ARN, KeyID, or Alias.
+    #   @return [String]
+    #
+    # @!attribute [rw] replication_status
+    #   Describes the secret replication status as `PENDING`, `SUCCESS` or
+    #   `FAIL`.
+    #   @return [Array<Types::ReplicationStatusType>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicateSecretToRegionsResponse AWS API Documentation
+    #
+    class ReplicateSecretToRegionsResponse < Struct.new(
+      :arn,
+      :replication_status)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # A replication object consisting of a `RegionReplicationStatus` object
+    # and includes a Region, KMSKeyId, status, and status message.
+    #
+    # @!attribute [rw] region
+    #   The Region where replication occurs.
+    #   @return [String]
+    #
+    # @!attribute [rw] kms_key_id
+    #   Can be an `ARN`, `Key ID`, or `Alias`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status
+    #   The status can be `InProgress`, `Failed`, or `InSync`.
+    #   @return [String]
+    #
+    # @!attribute [rw] status_message
+    #   Status message such as "*Secret with this name already exists in
+    #   this region*".
+    #   @return [String]
+    #
+    # @!attribute [rw] last_accessed_date
+    #   The date that you last accessed the secret in the Region.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ReplicationStatusType AWS API Documentation
+    #
+    class ReplicationStatusType < Struct.new(
+      :region,
+      :kms_key_id,
+      :status,
+      :status_message,
+      :last_accessed_date)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A resource with the ID you requested already exists.
     #
     # @!attribute [rw] message
@@ -1886,8 +2101,9 @@ module Aws::SecretsManager
     #   @return [Types::RotationRulesType]
     #
     # @!attribute [rw] last_rotated_date
-    #   The last date and time that the rotation process for this secret was
-    #   invoked.
+    #   The most recent date and time that the Secrets Manager rotation
+    #   process was successfully completed. This value is null if the secret
+    #   hasn't ever rotated.
     #   @return [Time]
     #
     # @!attribute [rw] last_changed_date
@@ -1934,6 +2150,10 @@ module Aws::SecretsManager
     #   The date and time when a secret was created.
     #   @return [Time]
     #
+    # @!attribute [rw] primary_region
+    #   The Region where Secrets Manager originated the secret.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/SecretListEntry AWS API Documentation
     #
     class SecretListEntry < Struct.new(
@@ -1951,7 +2171,8 @@ module Aws::SecretsManager
       :tags,
       :secret_versions_to_stages,
       :owning_service,
-      :created_date)
+      :created_date,
+      :primary_region)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1988,6 +2209,39 @@ module Aws::SecretsManager
       include Aws::Structure
     end
+    # @note When making an API call, you may pass StopReplicationToReplicaRequest
+    #   data as a hash:
+    #
+    #       {
+    #         secret_id: "SecretIdType", # required
+    #       }
+    #
+    # @!attribute [rw] secret_id
+    #   Response to `StopReplicationToReplica` of a secret, based on the
+    #   `SecretId`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaRequest AWS API Documentation
+    #
+    class StopReplicationToReplicaRequest < Struct.new(
+      :secret_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+    # @!attribute [rw] arn
+    #   Response `StopReplicationToReplica` of a secret, based on the
+    #   `ARN,`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/StopReplicationToReplicaResponse AWS API Documentation
+    #
+    class StopReplicationToReplicaResponse < Struct.new(
+      :arn)
+      SENSITIVE = []
+      include Aws::Structure
+    end
     # A structure that contains information about a tag.
     #
     # @note When making an API call, you may pass Tag
@@ -2064,8 +2318,8 @@ module Aws::SecretsManager
     #   information on how to format a JSON parameter for the various
     #   command line tool environments, see [Using JSON for Parameters][1]
     #   in the *AWS CLI User Guide*. For the AWS CLI, you can also use the
-    #   syntax: `--Tags
-    #   Key="Key1",Value="Value1",Key="Key2",Value="Value2"[,…]`
+    #   syntax: `--Tags Key="Key1",Value="Value1"
+    #   Key="Key2",Value="Value2"[,…]`
     #
     #
     #
@@ -2435,9 +2689,9 @@ module Aws::SecretsManager
     #       }
     #
     # @!attribute [rw] secret_id
-    #   The identifier for the secret that you want to validate a resource
-    #   policy. You can specify either the Amazon Resource Name (ARN) or the
-    #   friendly name of the secret.
+    #   (Optional) The identifier of the secret with the resource-based
+    #   policy you want to validate. You can specify either the Amazon
+    #   Resource Name (ARN) or the friendly name of the secret.
     #
     #   <note markdown="1"> If you specify an ARN, we generally recommend that you specify a
     #   complete ARN. You can specify a partial ARN too—for example, if you
@@ -2463,7 +2717,16 @@ module Aws::SecretsManager
     #   @return [String]
     #
     # @!attribute [rw] resource_policy
-    #   Identifies the Resource Policy attached to the secret.
+    #   A JSON-formatted string constructed according to the grammar and
+    #   syntax for an AWS resource-based policy. The policy in the string
+    #   identifies who can access or manage this secret and its versions.
+    #   For information on how to format a JSON parameter for the various
+    #   command line tool environments, see [Using JSON for Parameters][1]
+    #   in the *AWS CLI User Guide*.publi
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/cli/latest/userguide/cli-using-param.html#cli-using-param-json
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/ValidateResourcePolicyRequest AWS API Documentation

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.44.0
+  version: 1.45.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-02 00:00:00.000000000 Z
+date: 2021-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core