aws-sdk-secretsmanager 1.55.0 → 1.56.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 99fc2c2363aa6d21002711d003ee38e38a7ae19a76241052cffacd2a52b75c44
-  data.tar.gz: 18652eb739c40dfb70e1fde31df707ee00c0240de29a463887aa98ebe50b8f96
+  metadata.gz: afae56189aaced0447f70b316c9844c9f8e3cead9190a1ce1acf53cb4e7377fa
+  data.tar.gz: 2555cf8b9f69fe0da5c886e40c5fd2ba3081f0556767c3dbfb7c5ca4f1bf20b8
 SHA512:
-  metadata.gz: a994a9da89e78e6dbeda365153f0395a26da133f96f1139cf615a2b12b61a78e93cbb8643bd86bac0ae2aa071e01afb8e1c99336213bdd4448f0774bd5c9bf29
-  data.tar.gz: 27d3a83d680e4d05ed663ef1b30b530f0ee62a4f90a475f1d99c8937c5ab8b950d2a8cf5a7a36503a46b80baa987d530c876137e155ffc31cf3284c4971da97d
+  metadata.gz: 3bd0e26570f843f7578b8ea81690bafec69fd4d1bbb5ec100077f55520ca696b30db864ea8cff35bf06ccd993a42698911480117dd347d152e1df11ffce2eead
+  data.tar.gz: d2af4d31855f4af44298037b00b853fd581e7f5b3bc88a78b90983bb6e044dcd96a964bd4f91288dc25dc5c026ce91a606a715cace97a3f3bfbfad7bf4ed030f

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.56.0 (2022-01-28)
+------------------
+
+* Feature - Feature are ready to release on Jan 28th
+
 1.55.0 (2021-12-21)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.55.0
+1.56.0

data/lib/aws-sdk-secretsmanager/client.rb

@@ -372,6 +372,15 @@ module Aws::SecretsManager
     #
     #  </note>
     #
+    # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -451,9 +460,15 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # KMS key.
     #
+    # <b>Required permissions: </b> `secretsmanager:CreateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :name
     #   The name of the new secret.
@@ -687,6 +702,15 @@ module Aws::SecretsManager
     # Deletes the resource-based permission policy attached to the secret.
     # To attach a policy to a secret, use PutResourcePolicy.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete the attached resource-based
     #   policy for.
@@ -756,9 +780,15 @@ module Aws::SecretsManager
     # secret value. To access that information, first cancel the deletion
     # with RestoreSecret and then retrieve the information.
     #
+    # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to delete.
@@ -843,6 +873,15 @@ module Aws::SecretsManager
     # secret value. Secrets Manager only returns fields that have a value in
     # the response.
     #
+    # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -927,6 +966,8 @@ module Aws::SecretsManager
     #   resp.rotation_enabled #=> Boolean
     #   resp.rotation_lambda_arn #=> String
     #   resp.rotation_rules.automatically_after_days #=> Integer
+    #   resp.rotation_rules.duration #=> String
+    #   resp.rotation_rules.schedule_expression #=> String
     #   resp.last_rotated_date #=> Time
     #   resp.last_changed_date #=> Time
     #   resp.last_accessed_date #=> Time
@@ -960,6 +1001,15 @@ module Aws::SecretsManager
     # length and include every character type that the system you are
     # generating a password for can support.
     #
+    # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [Integer] :password_length
     #   The length of the password. If you don't include this parameter, the
     #   default length is 32 characters.
@@ -1048,9 +1098,15 @@ module Aws::SecretsManager
     # attached to a secret, see [Permissions policies attached to a
     # secret][1].
     #
+    # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve the attached resource-based
@@ -1106,17 +1162,22 @@ module Aws::SecretsManager
     # `SecretBinary` from the specified version of a secret, whichever
     # contains content.
     #
-    # For information about retrieving the secret value in the console, see
-    # [Retrieve secrets][1].
+    # We recommend that you cache your secret values by using client-side
+    # caching. Caching secrets improves speed and reduces your costs. For
+    # more information, see [Cache secrets for your applications][1].
     #
-    # To run this command, you must have `secretsmanager:GetSecretValue`
-    # permissions. If the secret is encrypted using a customer-managed key
-    # instead of the Amazon Web Services managed key `aws/secretsmanager`,
-    # then you also need `kms:Decrypt` permissions for that key.
+    # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
+    # secret is encrypted using a customer-managed key instead of the Amazon
+    # Web Services managed key `aws/secretsmanager`, then you also need
+    # `kms:Decrypt` permissions for that key. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to retrieve.
@@ -1216,10 +1277,14 @@ module Aws::SecretsManager
     # To get the secret value from `SecretString` or `SecretBinary`, call
     # GetSecretValue.
     #
-    # **Minimum permissions**
+    # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
+    # For more information, see [ IAM policy actions for Secrets Manager][1]
+    # and [Authentication and access control in Secrets Manager][2].
     #
-    # To run this command, you must have
-    # `secretsmanager:ListSecretVersionIds` permissions.
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret whose versions you want to list.
@@ -1333,14 +1398,15 @@ module Aws::SecretsManager
     # For information about finding secrets in the console, see [Enhanced
     # search capabilities for secrets in Secrets Manager][1].
     #
-    # **Minimum permissions**
-    #
-    # To run this command, you must have `secretsmanager:ListSecrets`
-    # permissions.
+    # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
+    # information, see [ IAM policy actions for Secrets Manager][2] and
+    # [Authentication and access control in Secrets Manager][3].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [Integer] :max_results
     #   The number of results to include in the response.
@@ -1427,6 +1493,8 @@ module Aws::SecretsManager
     #   resp.secret_list[0].rotation_enabled #=> Boolean
     #   resp.secret_list[0].rotation_lambda_arn #=> String
     #   resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
+    #   resp.secret_list[0].rotation_rules.duration #=> String
+    #   resp.secret_list[0].rotation_rules.schedule_expression #=> String
     #   resp.secret_list[0].last_rotated_date #=> Time
     #   resp.secret_list[0].last_changed_date #=> Time
     #   resp.secret_list[0].last_accessed_date #=> Time
@@ -1458,10 +1526,15 @@ module Aws::SecretsManager
     # For information about attaching a policy in the console, see [Attach a
     # permissions policy to a secret][2].
     #
+    # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
+    # more information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][1].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to attach the resource-based policy.
@@ -1558,6 +1631,15 @@ module Aws::SecretsManager
     # fails because you can't modify an existing version; you can only
     # create new ones.
     #
+    # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
+    # more information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to add a new version to.
     #
@@ -1699,6 +1781,16 @@ module Aws::SecretsManager
     # For a secret that is replicated to other Regions, deletes the secret
     # replicas from the Regions you specify.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:RemoveRegionsFromReplication`. For more information,
+    # see [ IAM policy actions for Secrets Manager][1] and [Authentication
+    # and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -1738,9 +1830,16 @@ module Aws::SecretsManager
 
     # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to replicate.
@@ -1793,6 +1892,15 @@ module Aws::SecretsManager
     # `DeletedDate` time stamp. You can access a secret again after it has
     # been restored.
     #
+    # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to restore.
     #
@@ -1864,14 +1972,19 @@ module Aws::SecretsManager
     # `RotateSecret` assumes that a previous rotation request is still in
     # progress and returns an error.
     #
-    # To run this command, you must have `secretsmanager:RotateSecret`
-    # permissions and `lambda:InvokeFunction` permissions on the function
-    # specified in the secret's metadata.
+    # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][3] and
+    # [Authentication and access control in Secrets Manager][4]. You also
+    # need `lambda:InvokeFunction` permissions on the rotation function. For
+    # more information, see [ Permissions for rotation][5].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
     # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret to rotate.
@@ -1912,6 +2025,23 @@ module Aws::SecretsManager
     # @option params [Types::RotationRulesType] :rotation_rules
     #   A structure that defines the rotation configuration for this secret.
     #
+    # @option params [Boolean] :rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests the
+    #   rotation configuration by running the [ `testSecret` step][1] of the
+    #   Lambda rotation function. The test creates an `AWSPENDING` version of
+    #   the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #
     # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::RotateSecretResponse#arn #arn} => String
@@ -1926,7 +2056,10 @@ module Aws::SecretsManager
     #     rotation_lambda_arn: "RotationLambdaARNType",
     #     rotation_rules: {
     #       automatically_after_days: 1,
+    #       duration: "DurationType",
+    #       schedule_expression: "ScheduleExpressionType",
     #     },
+    #     rotate_immediately: false,
     #   })
     #
     # @example Response structure
@@ -1950,6 +2083,16 @@ module Aws::SecretsManager
     # You must call this operation from the Region in which you want to
     # promote the replica to a primary secret.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:StopReplicationToReplica`. For more information, see [
+    # IAM policy actions for Secrets Manager][1] and [Authentication and
+    # access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN of the primary secret.
     #
@@ -2007,6 +2150,15 @@ module Aws::SecretsManager
     # operation would result in you losing your permissions for this secret,
     # then the operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The identifier for the secret to attach tags to. You can specify
     #   either the Amazon Resource Name (ARN) or the friendly name of the
@@ -2081,6 +2233,15 @@ module Aws::SecretsManager
     # would result in you losing your permissions for this secret, then the
     # operation is blocked and returns an Access Denied error.
     #
+    # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
     #
@@ -2172,9 +2333,18 @@ module Aws::SecretsManager
     # to encrypt the secret, and you must create and use a customer managed
     # key.
     #
-    # To run this command, you must have `secretsmanager:UpdateSecret`
-    # permissions. If you use a customer managed key, you must also have
-    # `kms:GenerateDataKey` and `kms:Decrypt` permissions .
+    # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
+    # information, see [ IAM policy actions for Secrets Manager][1] and
+    # [Authentication and access control in Secrets Manager][2]. If you use
+    # a customer managed key, you must also have `kms:GenerateDataKey` and
+    # `kms:Decrypt` permissions on the key. For more information, see [
+    # Secret encryption and decryption][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or name of the secret.
@@ -2350,9 +2520,16 @@ module Aws::SecretsManager
     # then the version is considered to be 'deprecated' and can be deleted
     # by Secrets Manager.
     #
+    # <b>Required permissions: </b>
+    # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
+    # IAM policy actions for Secrets Manager][2] and [Authentication and
+    # access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [required, String] :secret_id
     #   The ARN or the name of the secret with the version and staging
@@ -2477,9 +2654,15 @@ module Aws::SecretsManager
     #
     # * Verifies the policy does not lock out a caller.
     #
+    # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
+    # For more information, see [ IAM policy actions for Secrets Manager][2]
+    # and [Authentication and access control in Secrets Manager][3].
+    #
     #
     #
     # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
+    # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
+    # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
     #
     # @option params [String] :secret_id
     #   This field is reserved for internal use.
@@ -2552,7 +2735,7 @@ module Aws::SecretsManager
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-secretsmanager'
-      context[:gem_version] = '1.55.0'
+      context[:gem_version] = '1.56.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-secretsmanager/client_api.rb

@@ -32,6 +32,7 @@ module Aws::SecretsManager
     DescribeSecretRequest = Shapes::StructureShape.new(name: 'DescribeSecretRequest')
     DescribeSecretResponse = Shapes::StructureShape.new(name: 'DescribeSecretResponse')
     DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
+    DurationType = Shapes::StringShape.new(name: 'DurationType')
     EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
     ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
     ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
@@ -99,6 +100,7 @@ module Aws::SecretsManager
     RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
     RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
     RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
+    ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
     SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
     SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
     SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
@@ -368,6 +370,7 @@ module Aws::SecretsManager
     RotateSecretRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken"=>true}))
     RotateSecretRequest.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
     RotateSecretRequest.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
+    RotateSecretRequest.add_member(:rotate_immediately, Shapes::ShapeRef.new(shape: BooleanType, location_name: "RotateImmediately", metadata: {"box"=>true}))
     RotateSecretRequest.struct_class = Types::RotateSecretRequest
 
     RotateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -376,6 +379,8 @@ module Aws::SecretsManager
     RotateSecretResponse.struct_class = Types::RotateSecretResponse
 
     RotationRulesType.add_member(:automatically_after_days, Shapes::ShapeRef.new(shape: AutomaticallyRotateAfterDaysType, location_name: "AutomaticallyAfterDays", metadata: {"box"=>true}))
+    RotationRulesType.add_member(:duration, Shapes::ShapeRef.new(shape: DurationType, location_name: "Duration"))
+    RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
     RotationRulesType.struct_class = Types::RotationRulesType
 
     SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -517,6 +522,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
 
       api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -652,6 +658,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
         o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
 
       api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
@@ -753,6 +760,7 @@ module Aws::SecretsManager
         o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
         o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
         o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
+        o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
       end)
 
       api.add_operation(:update_secret_version_stage, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-secretsmanager/types.rb

@@ -956,7 +956,7 @@ module Aws::SecretsManager
       include Aws::Structure
     end
 
-    # The parameter name is invalid value.
+    # The parameter name or value is invalid.
     #
     # @!attribute [rw] message
     #   @return [String]
@@ -1634,7 +1634,10 @@ module Aws::SecretsManager
     #         rotation_lambda_arn: "RotationLambdaARNType",
     #         rotation_rules: {
     #           automatically_after_days: 1,
+    #           duration: "DurationType",
+    #           schedule_expression: "ScheduleExpressionType",
     #         },
+    #         rotate_immediately: false,
     #       }
     #
     # @!attribute [rw] secret_id
@@ -1682,13 +1685,32 @@ module Aws::SecretsManager
     #   A structure that defines the rotation configuration for this secret.
     #   @return [Types::RotationRulesType]
     #
+    # @!attribute [rw] rotate_immediately
+    #   Specifies whether to rotate the secret immediately or wait until the
+    #   next scheduled rotation window. The rotation schedule is defined in
+    #   RotateSecretRequest$RotationRules.
+    #
+    #   If you don't immediately rotate the secret, Secrets Manager tests
+    #   the rotation configuration by running the [ `testSecret` step][1] of
+    #   the Lambda rotation function. The test creates an `AWSPENDING`
+    #   version of the secret and then removes it.
+    #
+    #   If you don't specify this value, then by default, Secrets Manager
+    #   rotates the secret immediately.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
+    #   @return [Boolean]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
     #
     class RotateSecretRequest < Struct.new(
       :secret_id,
       :client_request_token,
       :rotation_lambda_arn,
-      :rotation_rules)
+      :rotation_rules,
+      :rotate_immediately)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1722,32 +1744,79 @@ module Aws::SecretsManager
     #
     #       {
     #         automatically_after_days: 1,
+    #         duration: "DurationType",
+    #         schedule_expression: "ScheduleExpressionType",
     #       }
     #
     # @!attribute [rw] automatically_after_days
-    #   Specifies the number of days between automatic scheduled rotations
-    #   of the secret.
-    #
-    #   Secrets Manager schedules the next rotation when the previous one is
-    #   complete. Secrets Manager schedules the date by adding the rotation
-    #   interval (number of days) to the actual date of the last rotation.
-    #   The service chooses the hour within that 24-hour date window
-    #   randomly. The minute is also chosen somewhat randomly, but weighted
-    #   towards the top of the hour and influenced by a variety of factors
-    #   that help distribute load.
+    #   The number of days between automatic scheduled rotations of the
+    #   secret. You can use this value to check that your secret meets your
+    #   compliance guidelines for how often secrets must be rotated.
+    #
+    #   In `DescribeSecret` and `ListSecrets`, this value is calculated from
+    #   the rotation schedule after every successful rotation. In
+    #   `RotateSecret`, you can set the rotation schedule in `RotationRules`
+    #   with `AutomaticallyAfterDays` or `ScheduleExpression`, but not both.
     #   @return [Integer]
     #
+    # @!attribute [rw] duration
+    #   The length of the rotation window in hours, for example `3h` for a
+    #   three hour window. Secrets Manager rotates your secret at any time
+    #   during this window. The window must not go into the next UTC day. If
+    #   you don't specify this value, the window automatically ends at the
+    #   end of the UTC day. The window begins according to the
+    #   `ScheduleExpression`. For more information, including examples, see
+    #   [Schedule expressions in Secrets Manager rotation][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
+    # @!attribute [rw] schedule_expression
+    #   A `cron()` or `rate()` expression that defines the schedule for
+    #   rotating your secret. Secrets Manager rotation schedules use UTC
+    #   time zone.
+    #
+    #   Secrets Manager `rate()` expressions represent the interval in days
+    #   that you want to rotate your secret, for example `rate(10 days)`. If
+    #   you use a `rate()` expression, the rotation window opens at
+    #   midnight, and Secrets Manager rotates your secret any time that day
+    #   after midnight. You can set a `Duration` to shorten the rotation
+    #   window.
+    #
+    #   You can use a `cron()` expression to create rotation schedules that
+    #   are more detailed than a rotation interval. For more information,
+    #   including examples, see [Schedule expressions in Secrets Manager
+    #   rotation][1]. If you use a `cron()` expression, Secrets Manager
+    #   rotates your secret any time during that day after the window opens.
+    #   For example, `cron(0 8 1 * ? *)` represents a rotation window that
+    #   occurs on the first day of every month beginning at 8:00 AM UTC.
+    #   Secrets Manager rotates the secret any time that day after 8:00 AM.
+    #   You can set a `Duration` to shorten the rotation window.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation
     #
     class RotationRulesType < Struct.new(
-      :automatically_after_days)
+      :automatically_after_days,
+      :duration,
+      :schedule_expression)
       SENSITIVE = []
       include Aws::Structure
     end
 
     # A structure that contains the details about a secret. It does not
     # include the encrypted `SecretString` and `SecretBinary` values. To get
-    # those values, use the GetSecretValue operation.
+    # those values, use [GetSecretValue][1] .
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
     #
     # @!attribute [rw] arn
     #   The Amazon Resource Name (ARN) of the secret.
@@ -1778,7 +1847,11 @@ module Aws::SecretsManager
     # @!attribute [rw] rotation_lambda_arn
     #   The ARN of an Amazon Web Services Lambda function invoked by Secrets
     #   Manager to rotate and expire the secret either automatically per the
-    #   schedule or manually by a call to RotateSecret.
+    #   schedule or manually by a call to [ `RotateSecret` ][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
     #   @return [String]
     #
     # @!attribute [rw] rotation_rules
@@ -1805,13 +1878,23 @@ module Aws::SecretsManager
     #   The date and time the deletion of the secret occurred. Not present
     #   on active secrets. The secret can be recovered until the number of
     #   days in the recovery window has passed, as specified in the
-    #   `RecoveryWindowInDays` parameter of the DeleteSecret operation.
+    #   `RecoveryWindowInDays` parameter of the [ `DeleteSecret` ][1]
+    #   operation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html
     #   @return [Time]
     #
     # @!attribute [rw] tags
     #   The list of user-defined tags associated with the secret. To add
-    #   tags to a secret, use TagResource. To remove tags, use
-    #   UntagResource.
+    #   tags to a secret, use [ `TagResource` ][1]. To remove tags, use [
+    #   `UntagResource` ][2].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html
+    #   [2]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html
     #   @return [Array<Types::Tag>]
     #
     # @!attribute [rw] secret_versions_to_stages

data/lib/aws-sdk-secretsmanager.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
 # @!group service
 module Aws::SecretsManager
 
-  GEM_VERSION = '1.55.0'
+  GEM_VERSION = '1.56.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-secretsmanager
 version: !ruby/object:Gem::Version
-  version: 1.55.0
+  version: 1.56.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-12-21 00:00:00.000000000 Z
+date: 2022-01-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core