RubyGems - aws-sdk-secretsmanager - Versions diffs - 1.55.0 → 1.56.0 - Mend

aws-sdk-secretsmanager 1.55.0 → 1.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-secretsmanager/client.rb +203 -20
data/lib/aws-sdk-secretsmanager/client_api.rb +8 -0
data/lib/aws-sdk-secretsmanager/types.rb +101 -18
data/lib/aws-sdk-secretsmanager.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99fc2c2363aa6d21002711d003ee38e38a7ae19a76241052cffacd2a52b75c44
-  data.tar.gz: 18652eb739c40dfb70e1fde31df707ee00c0240de29a463887aa98ebe50b8f96
+  metadata.gz: afae56189aaced0447f70b316c9844c9f8e3cead9190a1ce1acf53cb4e7377fa
+  data.tar.gz: 2555cf8b9f69fe0da5c886e40c5fd2ba3081f0556767c3dbfb7c5ca4f1bf20b8
 SHA512:
-  metadata.gz: a994a9da89e78e6dbeda365153f0395a26da133f96f1139cf615a2b12b61a78e93cbb8643bd86bac0ae2aa071e01afb8e1c99336213bdd4448f0774bd5c9bf29
-  data.tar.gz: 27d3a83d680e4d05ed663ef1b30b530f0ee62a4f90a475f1d99c8937c5ab8b950d2a8cf5a7a36503a46b80baa987d530c876137e155ffc31cf3284c4971da97d
+  metadata.gz: 3bd0e26570f843f7578b8ea81690bafec69fd4d1bbb5ec100077f55520ca696b30db864ea8cff35bf06ccd993a42698911480117dd347d152e1df11ffce2eead
+  data.tar.gz: d2af4d31855f4af44298037b00b853fd581e7f5b3bc88a78b90983bb6e044dcd96a964bd4f91288dc25dc5c026ce91a606a715cace97a3f3bfbfad7bf4ed030f

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.56.0 (2022-01-28)
+------------------
+* Feature - Feature are ready to release on Jan 28th
 1.55.0 (2021-12-21)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.55.0
1	+ 1.56.0

data/lib/aws-sdk-secretsmanager/client.rb CHANGED Viewed

@@ -372,6 +372,15 @@ module Aws::SecretsManager
     #
     #  </note>
     #
+    # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -451,9 +460,15 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # KMS key.
     #
+    # <b>Required permissions: </b> `secretsmanager:CreateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :name
     #   The name of the new secret.
@@ -687,6 +702,15 @@ module Aws::SecretsManager
     # Deletes the resource-based permission policy attached to the secret.
     # To attach a policy to a secret, use PutResourcePolicy.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete the attached resource-based
     #   policy for.
@@ -756,9 +780,15 @@ module Aws::SecretsManager
     # secret value. To access that information, first cancel the deletion
     # with RestoreSecret and then retrieve the information.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete.
@@ -843,6 +873,15 @@ module Aws::SecretsManager
     # secret value. Secrets Manager only returns fields that have a value in
     # the response.
     #
+    # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -927,6 +966,8 @@ module Aws::SecretsManager
     #   resp.rotation_enabled #=> Boolean
     #   resp.rotation_lambda_arn #=> String
     #   resp.rotation_rules.automatically_after_days #=> Integer
+    #   resp.rotation_rules.duration #=> String
+    #   resp.rotation_rules.schedule_expression #=> String
     #   resp.last_rotated_date #=> Time
     #   resp.last_changed_date #=> Time
     #   resp.last_accessed_date #=> Time
@@ -960,6 +1001,15 @@ module Aws::SecretsManager
     # length and include every character type that the system you are
     # generating a password for can support.
     #
+    # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [Integer] :password_length
     #   The length of the password. If you don't include this parameter, the
     #   default length is 32 characters.
@@ -1048,9 +1098,15 @@ module Aws::SecretsManager
     # attached to a secret, see [Permissions policies attached to a
     # secret][1].
     #
+    # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve the attached resource-based
@@ -1106,17 +1162,22 @@ module Aws::SecretsManager
     # `SecretBinary` from the specified version of a secret, whichever
     # contains content.
     #
-    # For information about retrieving the secret value in the console, see
-    # [Retrieve secrets][1].
+    # We recommend that you cache your secret values by using client-side
+    # caching. Caching secrets improves speed and reduces your costs. For
+    # more information, see [Cache secrets for your applications][1].
     #
-    # To run this command, you must have `secretsmanager:GetSecretValue`
-    # permissions. If the secret is encrypted using a customer-managed key
-    # instead of the Amazon Web Services managed key `aws/secretsmanager`,
-    # then you also need `kms:Decrypt` permissions for that key.
+    # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
+    # secret is encrypted using a customer-managed key instead of the Amazon
+    # Web Services managed key `aws/secretsmanager`, then you also need
+    # `kms:Decrypt` permissions for that key. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve.
@@ -1216,10 +1277,14 @@ module Aws::SecretsManager
     # To get the secret value from `SecretString` or `SecretBinary`, call
     # GetSecretValue.
     #
-    # **Minimum permissions**
+    # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
     #
-    # To run this command, you must have
-    # `secretsmanager:ListSecretVersionIds` permissions.
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret whose versions you want to list.
@@ -1333,14 +1398,15 @@ module Aws::SecretsManager
     # For information about finding secrets in the console, see [Enhanced
     # search capabilities for secrets in Secrets Manager][1].
     #
-    # **Minimum permissions**
-    #
-    # To run this command, you must have `secretsmanager:ListSecrets`
-    # permissions.
+    # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [Integer] :max_results
     #   The number of results to include in the response.
@@ -1427,6 +1493,8 @@ module Aws::SecretsManager
     #   resp.secret_list[0].rotation_enabled #=> Boolean
     #   resp.secret_list[0].rotation_lambda_arn #=> String
     #   resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
+    #   resp.secret_list[0].rotation_rules.duration #=> String
+    #   resp.secret_list[0].rotation_rules.schedule_expression #=> String
     #   resp.secret_list[0].last_rotated_date #=> Time
     #   resp.secret_list[0].last_changed_date #=> Time
     #   resp.secret_list[0].last_accessed_date #=> Time
@@ -1458,10 +1526,15 @@ module Aws::SecretsManager
     # For information about attaching a policy in the console, see [Attach a
     # permissions policy to a secret][2].
     #
+    # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][1].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to attach the resource-based policy.
@@ -1558,6 +1631,15 @@ module Aws::SecretsManager
     # fails because you can't modify an existing version; you can only
     # create new ones.
     #
+    # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to add a new version to.
     #
@@ -1699,6 +1781,16 @@ module Aws::SecretsManager
     # For a secret that is replicated to other Regions, deletes the secret
     # replicas from the Regions you specify.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:RemoveRegionsFromReplication`. For more information,
+    # see [ IAM policy actions for Secrets Manager][1] and [Authentication
+    # and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -1738,9 +1830,16 @@ module Aws::SecretsManager
     # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to replicate.
@@ -1793,6 +1892,15 @@ module Aws::SecretsManager
     # `DeletedDate` time stamp. You can access a secret again after it has
     # been restored.
     #
+    # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to restore.
     #
@@ -1864,14 +1972,19 @@ module Aws::SecretsManager
     # `RotateSecret` assumes that a previous rotation request is still in
     # progress and returns an error.
     #
-    # To run this command, you must have `secretsmanager:RotateSecret`
-    # permissions and `lambda:InvokeFunction` permissions on the function
-    # specified in the secret's metadata.
+    # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4]. You also
+    # need `lambda:InvokeFunction` permissions on the rotation function. For
+    # more information, see [ Permissions for rotation][5].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to rotate.
@@ -1912,6 +2025,23 @@ module Aws::SecretsManager
     # @option params [Types::RotationRulesType] :rotation_rules
     #   A structure that defines the rotation configuration for this secret.
     #
+    # @option params [Boolean] :rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests the
+    #   rotation configuration by running the [ `testSecret` step][1] of the
+    #   Lambda rotation function. The test creates an `AWSPENDING` version of
+    #   the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #
     # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RotateSecretResponse#arn #arn} => String
@@ -1926,7 +2056,10 @@ module Aws::SecretsManager
     #     rotation_lambda_arn: "RotationLambdaARNType",
     #     rotation_rules: {
     #       automatically_after_days: 1,
+    #       duration: "DurationType",
+    #       schedule_expression: "ScheduleExpressionType",
     #     },
+    #     rotate_immediately: false,
     #   })
     #
     # @example Response structure
@@ -1950,6 +2083,16 @@ module Aws::SecretsManager
     # You must call this operation from the Region in which you want to
     # promote the replica to a primary secret.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:StopReplicationToReplica`. For more information, see [
+    # IAM policy actions for Secrets Manager][1] and [Authentication and
+    # access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN of the primary secret.
     #
@@ -2007,6 +2150,15 @@ module Aws::SecretsManager
     # operation would result in you losing your permissions for this secret,
     # then the operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The identifier for the secret to attach tags to. You can specify
     #   either the Amazon Resource Name (ARN) or the friendly name of the
@@ -2081,6 +2233,15 @@ module Aws::SecretsManager
     # would result in you losing your permissions for this secret, then the
     # operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -2172,9 +2333,18 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # key.
     #
-    # To run this command, you must have `secretsmanager:UpdateSecret`
-    # permissions. If you use a customer managed key, you must also have
-    # `kms:GenerateDataKey` and `kms:Decrypt` permissions .
+    # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2]. If you use
+    # a customer managed key, you must also have `kms:GenerateDataKey` and
+    # `kms:Decrypt` permissions on the key. For more information, see [
+    # Secret encryption and decryption][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -2350,9 +2520,16 @@ module Aws::SecretsManager
     # then the version is considered to be 'deprecated' and can be deleted
     # by Secrets Manager.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or the name of the secret with the version and staging
@@ -2477,9 +2654,15 @@ module Aws::SecretsManager
     #
     # * Verifies the policy does not lock out a caller.
     #
+    # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][2]
+    # and [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [String] :secret_id
     #   This field is reserved for internal use.
@@ -2552,7 +2735,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.55.0'
+      context[:gem_version] = '1.56.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-secretsmanager/client_api.rb CHANGED Viewed

@@ -32,6 +32,7 @@ module Aws::SecretsManager
     DescribeSecretRequest = Shapes::StructureShape.new(name: 'DescribeSecretRequest')
     DescribeSecretResponse = Shapes::StructureShape.new(name: 'DescribeSecretResponse')
     DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
+    DurationType = Shapes::StringShape.new(name: 'DurationType')
     EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
@@ -99,6 +100,7 @@ module Aws::SecretsManager
     RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
     RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
     RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
+    ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
     SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
     SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
     SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
@@ -368,6 +370,7 @@ module Aws::SecretsManager
     RotateSecretRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken"=>true}))
     RotateSecretRequest.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     RotateSecretRequest.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    RotateSecretRequest.add_member(:rotate_immediately, Shapes::ShapeRef.new(shape: BooleanType, location_name: "RotateImmediately", metadata: {"box"=>true}))
     RotateSecretRequest.struct_class = Types::RotateSecretRequest
     RotateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -376,6 +379,8 @@ module Aws::SecretsManager
     RotateSecretResponse.struct_class = Types::RotateSecretResponse
     RotationRulesType.add_member(:automatically_after_days, Shapes::ShapeRef.new(shape: AutomaticallyRotateAfterDaysType, location_name: "AutomaticallyAfterDays", metadata: {"box"=>true}))
+    RotationRulesType.add_member(:duration, Shapes::ShapeRef.new(shape: DurationType, location_name: "Duration"))
+    RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
     RotationRulesType.struct_class = Types::RotationRulesType
     SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -517,6 +522,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -652,6 +658,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
@@ -753,6 +760,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
       api.add_operation(:update_secret_version_stage, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-secretsmanager/types.rb CHANGED Viewed

@@ -956,7 +956,7 @@ module Aws::SecretsManager
       include Aws::Structure
     end
-    # The parameter name is invalid value.
+    # The parameter name or value is invalid.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1634,7 +1634,10 @@ module Aws::SecretsManager
     #         rotation_lambda_arn: "RotationLambdaARNType",
     #         rotation_rules: {
     #           automatically_after_days: 1,
+    #           duration: "DurationType",
+    #           schedule_expression: "ScheduleExpressionType",
     #         },
+    #         rotate_immediately: false,
     #       }
     #
     # @!attribute [rw] secret_id
@@ -1682,13 +1685,32 @@ module Aws::SecretsManager
     #   A structure that defines the rotation configuration for this secret.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests
+    #   the rotation configuration by running the [ `testSecret` step][1] of
+    #   the Lambda rotation function. The test creates an `AWSPENDING`
+    #   version of the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
     #
     class RotateSecretRequest < Struct.new(
       :secret_id,
       :client_request_token,
       :rotation_lambda_arn,
-      :rotation_rules)
+      :rotation_rules,
+      :rotate_immediately)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1722,32 +1744,79 @@ module Aws::SecretsManager
     #
     #       {
     #         automatically_after_days: 1,
+    #         duration: "DurationType",
+    #         schedule_expression: "ScheduleExpressionType",
     #       }
     #
     # @!attribute [rw] automatically_after_days
-    #   Specifies the number of days between automatic scheduled rotations
-    #   of the secret.
-    #
-    #   Secrets Manager schedules the next rotation when the previous one is
-    #   complete. Secrets Manager schedules the date by adding the rotation
-    #   interval (number of days) to the actual date of the last rotation.
-    #   The service chooses the hour within that 24-hour date window
-    #   randomly. The minute is also chosen somewhat randomly, but weighted
-    #   towards the top of the hour and influenced by a variety of factors
-    #   that help distribute load.
+    #   The number of days between automatic scheduled rotations of the
+    #   secret. You can use this value to check that your secret meets your
+    #   compliance guidelines for how often secrets must be rotated.
+    #
+    #   In `DescribeSecret` and `ListSecrets`, this value is calculated from
+    #   the rotation schedule after every successful rotation. In
+    #   `RotateSecret`, you can set the rotation schedule in `RotationRules`
+    #   with `AutomaticallyAfterDays` or `ScheduleExpression`, but not both.
     #   @return [Integer]
     #
+    # @!attribute [rw] duration
+    #   The length of the rotation window in hours, for example `3h` for a
+    #   three hour window. Secrets Manager rotates your secret at any time
+    #   during this window. The window must not go into the next UTC day. If
+    #   you don't specify this value, the window automatically ends at the
+    #   end of the UTC day. The window begins according to the
+    #   `ScheduleExpression`. For more information, including examples, see
+    #   [Schedule expressions in Secrets Manager rotation][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
+    # @!attribute [rw] schedule_expression
+    #   A `cron()` or `rate()` expression that defines the schedule for
+    #   rotating your secret. Secrets Manager rotation schedules use UTC
+    #   time zone.
+    #
+    #   Secrets Manager `rate()` expressions represent the interval in days
+    #   that you want to rotate your secret, for example `rate(10 days)`. If
+    #   you use a `rate()` expression, the rotation window opens at
+    #   midnight, and Secrets Manager rotates your secret any time that day
+    #   after midnight. You can set a `Duration` to shorten the rotation
+    #   window.
+    #
+    #   You can use a `cron()` expression to create rotation schedules that
+    #   are more detailed than a rotation interval. For more information,
+    #   including examples, see [Schedule expressions in Secrets Manager
+    #   rotation][1]. If you use a `cron()` expression, Secrets Manager
+    #   rotates your secret any time during that day after the window opens.
+    #   For example, `cron(0 8 1 * ? *)` represents a rotation window that
+    #   occurs on the first day of every month beginning at 8:00 AM UTC.
+    #   Secrets Manager rotates the secret any time that day after 8:00 AM.
+    #   You can set a `Duration` to shorten the rotation window.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation
     #
     class RotationRulesType < Struct.new(
-      :automatically_after_days)
+      :automatically_after_days,
+      :duration,
+      :schedule_expression)
       SENSITIVE = []
       include Aws::Structure
     end
     # A structure that contains the details about a secret. It does not
     # include the encrypted `SecretString` and `SecretBinary` values. To get
-    # those values, use the GetSecretValue operation.
+    # those values, use [GetSecretValue][1] .
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
     #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) of the secret.
@@ -1778,7 +1847,11 @@ module Aws::SecretsManager
     # @!attribute [rw] rotation_lambda_arn
     #   The ARN of an Amazon Web Services Lambda function invoked by Secrets
     #   Manager to rotate and expire the secret either automatically per the
-    #   schedule or manually by a call to RotateSecret.
+    #   schedule or manually by a call to [ `RotateSecret` ][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
@@ -1805,13 +1878,23 @@ module Aws::SecretsManager
     #   The date and time the deletion of the secret occurred. Not present
     #   on active secrets. The secret can be recovered until the number of
     #   days in the recovery window has passed, as specified in the
-    #   `RecoveryWindowInDays` parameter of the DeleteSecret operation.
+    #   `RecoveryWindowInDays` parameter of the [ `DeleteSecret` ][1]
+    #   operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html
     #   @return [Time]
     #
     # @!attribute [rw] tags
     #   The list of user-defined tags associated with the secret. To add
-    #   tags to a secret, use TagResource. To remove tags, use
-    #   UntagResource.
+    #   tags to a secret, use [ `TagResource` ][1]. To remove tags, use [
+    #   `UntagResource` ][2].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html
+    #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] secret_versions_to_stages

data/lib/aws-sdk-secretsmanager.rb CHANGED Viewed

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
-  GEM_VERSION = '1.55.0'
+  GEM_VERSION = '1.56.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.55.0
+  version: 1.56.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core