aws-sdk-secretsmanager 1.55.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 99fc2c2363aa6d21002711d003ee38e38a7ae19a76241052cffacd2a52b75c44
4
- data.tar.gz: 18652eb739c40dfb70e1fde31df707ee00c0240de29a463887aa98ebe50b8f96
3
+ metadata.gz: afae56189aaced0447f70b316c9844c9f8e3cead9190a1ce1acf53cb4e7377fa
4
+ data.tar.gz: 2555cf8b9f69fe0da5c886e40c5fd2ba3081f0556767c3dbfb7c5ca4f1bf20b8
5
5
  SHA512:
6
- metadata.gz: a994a9da89e78e6dbeda365153f0395a26da133f96f1139cf615a2b12b61a78e93cbb8643bd86bac0ae2aa071e01afb8e1c99336213bdd4448f0774bd5c9bf29
7
- data.tar.gz: 27d3a83d680e4d05ed663ef1b30b530f0ee62a4f90a475f1d99c8937c5ab8b950d2a8cf5a7a36503a46b80baa987d530c876137e155ffc31cf3284c4971da97d
6
+ metadata.gz: 3bd0e26570f843f7578b8ea81690bafec69fd4d1bbb5ec100077f55520ca696b30db864ea8cff35bf06ccd993a42698911480117dd347d152e1df11ffce2eead
7
+ data.tar.gz: d2af4d31855f4af44298037b00b853fd581e7f5b3bc88a78b90983bb6e044dcd96a964bd4f91288dc25dc5c026ce91a606a715cace97a3f3bfbfad7bf4ed030f
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.56.0 (2022-01-28)
5
+ ------------------
6
+
7
+ * Feature - Feature are ready to release on Jan 28th
8
+
4
9
  1.55.0 (2021-12-21)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.55.0
1
+ 1.56.0
@@ -372,6 +372,15 @@ module Aws::SecretsManager
372
372
  #
373
373
  # </note>
374
374
  #
375
+ # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For
376
+ # more information, see [ IAM policy actions for Secrets Manager][1] and
377
+ # [Authentication and access control in Secrets Manager][2].
378
+ #
379
+ #
380
+ #
381
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
382
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
383
+ #
375
384
  # @option params [required, String] :secret_id
376
385
  # The ARN or name of the secret.
377
386
  #
@@ -451,9 +460,15 @@ module Aws::SecretsManager
451
460
  # to encrypt the secret, and you must create and use a customer managed
452
461
  # KMS key.
453
462
  #
463
+ # <b>Required permissions: </b> `secretsmanager:CreateSecret`. For more
464
+ # information, see [ IAM policy actions for Secrets Manager][2] and
465
+ # [Authentication and access control in Secrets Manager][3].
466
+ #
454
467
  #
455
468
  #
456
469
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html
470
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
471
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
457
472
  #
458
473
  # @option params [required, String] :name
459
474
  # The name of the new secret.
@@ -687,6 +702,15 @@ module Aws::SecretsManager
687
702
  # Deletes the resource-based permission policy attached to the secret.
688
703
  # To attach a policy to a secret, use PutResourcePolicy.
689
704
  #
705
+ # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`.
706
+ # For more information, see [ IAM policy actions for Secrets Manager][1]
707
+ # and [Authentication and access control in Secrets Manager][2].
708
+ #
709
+ #
710
+ #
711
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
712
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
713
+ #
690
714
  # @option params [required, String] :secret_id
691
715
  # The ARN or name of the secret to delete the attached resource-based
692
716
  # policy for.
@@ -756,9 +780,15 @@ module Aws::SecretsManager
756
780
  # secret value. To access that information, first cancel the deletion
757
781
  # with RestoreSecret and then retrieve the information.
758
782
  #
783
+ # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more
784
+ # information, see [ IAM policy actions for Secrets Manager][2] and
785
+ # [Authentication and access control in Secrets Manager][3].
786
+ #
759
787
  #
760
788
  #
761
789
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html
790
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
791
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
762
792
  #
763
793
  # @option params [required, String] :secret_id
764
794
  # The ARN or name of the secret to delete.
@@ -843,6 +873,15 @@ module Aws::SecretsManager
843
873
  # secret value. Secrets Manager only returns fields that have a value in
844
874
  # the response.
845
875
  #
876
+ # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For
877
+ # more information, see [ IAM policy actions for Secrets Manager][1] and
878
+ # [Authentication and access control in Secrets Manager][2].
879
+ #
880
+ #
881
+ #
882
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
883
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
884
+ #
846
885
  # @option params [required, String] :secret_id
847
886
  # The ARN or name of the secret.
848
887
  #
@@ -927,6 +966,8 @@ module Aws::SecretsManager
927
966
  # resp.rotation_enabled #=> Boolean
928
967
  # resp.rotation_lambda_arn #=> String
929
968
  # resp.rotation_rules.automatically_after_days #=> Integer
969
+ # resp.rotation_rules.duration #=> String
970
+ # resp.rotation_rules.schedule_expression #=> String
930
971
  # resp.last_rotated_date #=> Time
931
972
  # resp.last_changed_date #=> Time
932
973
  # resp.last_accessed_date #=> Time
@@ -960,6 +1001,15 @@ module Aws::SecretsManager
960
1001
  # length and include every character type that the system you are
961
1002
  # generating a password for can support.
962
1003
  #
1004
+ # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For
1005
+ # more information, see [ IAM policy actions for Secrets Manager][1] and
1006
+ # [Authentication and access control in Secrets Manager][2].
1007
+ #
1008
+ #
1009
+ #
1010
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1011
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1012
+ #
963
1013
  # @option params [Integer] :password_length
964
1014
  # The length of the password. If you don't include this parameter, the
965
1015
  # default length is 32 characters.
@@ -1048,9 +1098,15 @@ module Aws::SecretsManager
1048
1098
  # attached to a secret, see [Permissions policies attached to a
1049
1099
  # secret][1].
1050
1100
  #
1101
+ # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For
1102
+ # more information, see [ IAM policy actions for Secrets Manager][2] and
1103
+ # [Authentication and access control in Secrets Manager][3].
1104
+ #
1051
1105
  #
1052
1106
  #
1053
1107
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html
1108
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1109
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1054
1110
  #
1055
1111
  # @option params [required, String] :secret_id
1056
1112
  # The ARN or name of the secret to retrieve the attached resource-based
@@ -1106,17 +1162,22 @@ module Aws::SecretsManager
1106
1162
  # `SecretBinary` from the specified version of a secret, whichever
1107
1163
  # contains content.
1108
1164
  #
1109
- # For information about retrieving the secret value in the console, see
1110
- # [Retrieve secrets][1].
1165
+ # We recommend that you cache your secret values by using client-side
1166
+ # caching. Caching secrets improves speed and reduces your costs. For
1167
+ # more information, see [Cache secrets for your applications][1].
1111
1168
  #
1112
- # To run this command, you must have `secretsmanager:GetSecretValue`
1113
- # permissions. If the secret is encrypted using a customer-managed key
1114
- # instead of the Amazon Web Services managed key `aws/secretsmanager`,
1115
- # then you also need `kms:Decrypt` permissions for that key.
1169
+ # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the
1170
+ # secret is encrypted using a customer-managed key instead of the Amazon
1171
+ # Web Services managed key `aws/secretsmanager`, then you also need
1172
+ # `kms:Decrypt` permissions for that key. For more information, see [
1173
+ # IAM policy actions for Secrets Manager][2] and [Authentication and
1174
+ # access control in Secrets Manager][3].
1116
1175
  #
1117
1176
  #
1118
1177
  #
1119
1178
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html
1179
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1180
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1120
1181
  #
1121
1182
  # @option params [required, String] :secret_id
1122
1183
  # The ARN or name of the secret to retrieve.
@@ -1216,10 +1277,14 @@ module Aws::SecretsManager
1216
1277
  # To get the secret value from `SecretString` or `SecretBinary`, call
1217
1278
  # GetSecretValue.
1218
1279
  #
1219
- # **Minimum permissions**
1280
+ # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`.
1281
+ # For more information, see [ IAM policy actions for Secrets Manager][1]
1282
+ # and [Authentication and access control in Secrets Manager][2].
1220
1283
  #
1221
- # To run this command, you must have
1222
- # `secretsmanager:ListSecretVersionIds` permissions.
1284
+ #
1285
+ #
1286
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1287
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1223
1288
  #
1224
1289
  # @option params [required, String] :secret_id
1225
1290
  # The ARN or name of the secret whose versions you want to list.
@@ -1333,14 +1398,15 @@ module Aws::SecretsManager
1333
1398
  # For information about finding secrets in the console, see [Enhanced
1334
1399
  # search capabilities for secrets in Secrets Manager][1].
1335
1400
  #
1336
- # **Minimum permissions**
1337
- #
1338
- # To run this command, you must have `secretsmanager:ListSecrets`
1339
- # permissions.
1401
+ # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more
1402
+ # information, see [ IAM policy actions for Secrets Manager][2] and
1403
+ # [Authentication and access control in Secrets Manager][3].
1340
1404
  #
1341
1405
  #
1342
1406
  #
1343
1407
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html
1408
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1409
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1344
1410
  #
1345
1411
  # @option params [Integer] :max_results
1346
1412
  # The number of results to include in the response.
@@ -1427,6 +1493,8 @@ module Aws::SecretsManager
1427
1493
  # resp.secret_list[0].rotation_enabled #=> Boolean
1428
1494
  # resp.secret_list[0].rotation_lambda_arn #=> String
1429
1495
  # resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer
1496
+ # resp.secret_list[0].rotation_rules.duration #=> String
1497
+ # resp.secret_list[0].rotation_rules.schedule_expression #=> String
1430
1498
  # resp.secret_list[0].last_rotated_date #=> Time
1431
1499
  # resp.secret_list[0].last_changed_date #=> Time
1432
1500
  # resp.secret_list[0].last_accessed_date #=> Time
@@ -1458,10 +1526,15 @@ module Aws::SecretsManager
1458
1526
  # For information about attaching a policy in the console, see [Attach a
1459
1527
  # permissions policy to a secret][2].
1460
1528
  #
1529
+ # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For
1530
+ # more information, see [ IAM policy actions for Secrets Manager][3] and
1531
+ # [Authentication and access control in Secrets Manager][1].
1532
+ #
1461
1533
  #
1462
1534
  #
1463
1535
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1464
1536
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html
1537
+ # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1465
1538
  #
1466
1539
  # @option params [required, String] :secret_id
1467
1540
  # The ARN or name of the secret to attach the resource-based policy.
@@ -1558,6 +1631,15 @@ module Aws::SecretsManager
1558
1631
  # fails because you can't modify an existing version; you can only
1559
1632
  # create new ones.
1560
1633
  #
1634
+ # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For
1635
+ # more information, see [ IAM policy actions for Secrets Manager][1] and
1636
+ # [Authentication and access control in Secrets Manager][2].
1637
+ #
1638
+ #
1639
+ #
1640
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1641
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1642
+ #
1561
1643
  # @option params [required, String] :secret_id
1562
1644
  # The ARN or name of the secret to add a new version to.
1563
1645
  #
@@ -1699,6 +1781,16 @@ module Aws::SecretsManager
1699
1781
  # For a secret that is replicated to other Regions, deletes the secret
1700
1782
  # replicas from the Regions you specify.
1701
1783
  #
1784
+ # <b>Required permissions: </b>
1785
+ # `secretsmanager:RemoveRegionsFromReplication`. For more information,
1786
+ # see [ IAM policy actions for Secrets Manager][1] and [Authentication
1787
+ # and access control in Secrets Manager][2].
1788
+ #
1789
+ #
1790
+ #
1791
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1792
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1793
+ #
1702
1794
  # @option params [required, String] :secret_id
1703
1795
  # The ARN or name of the secret.
1704
1796
  #
@@ -1738,9 +1830,16 @@ module Aws::SecretsManager
1738
1830
 
1739
1831
  # Replicates the secret to a new Regions. See [Multi-Region secrets][1].
1740
1832
  #
1833
+ # <b>Required permissions: </b>
1834
+ # `secretsmanager:ReplicateSecretToRegions`. For more information, see [
1835
+ # IAM policy actions for Secrets Manager][2] and [Authentication and
1836
+ # access control in Secrets Manager][3].
1837
+ #
1741
1838
  #
1742
1839
  #
1743
1840
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html
1841
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1842
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1744
1843
  #
1745
1844
  # @option params [required, String] :secret_id
1746
1845
  # The ARN or name of the secret to replicate.
@@ -1793,6 +1892,15 @@ module Aws::SecretsManager
1793
1892
  # `DeletedDate` time stamp. You can access a secret again after it has
1794
1893
  # been restored.
1795
1894
  #
1895
+ # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more
1896
+ # information, see [ IAM policy actions for Secrets Manager][1] and
1897
+ # [Authentication and access control in Secrets Manager][2].
1898
+ #
1899
+ #
1900
+ #
1901
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1902
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1903
+ #
1796
1904
  # @option params [required, String] :secret_id
1797
1905
  # The ARN or name of the secret to restore.
1798
1906
  #
@@ -1864,14 +1972,19 @@ module Aws::SecretsManager
1864
1972
  # `RotateSecret` assumes that a previous rotation request is still in
1865
1973
  # progress and returns an error.
1866
1974
  #
1867
- # To run this command, you must have `secretsmanager:RotateSecret`
1868
- # permissions and `lambda:InvokeFunction` permissions on the function
1869
- # specified in the secret's metadata.
1975
+ # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more
1976
+ # information, see [ IAM policy actions for Secrets Manager][3] and
1977
+ # [Authentication and access control in Secrets Manager][4]. You also
1978
+ # need `lambda:InvokeFunction` permissions on the rotation function. For
1979
+ # more information, see [ Permissions for rotation][5].
1870
1980
  #
1871
1981
  #
1872
1982
  #
1873
1983
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html
1874
1984
  # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
1985
+ # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
1986
+ # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
1987
+ # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html
1875
1988
  #
1876
1989
  # @option params [required, String] :secret_id
1877
1990
  # The ARN or name of the secret to rotate.
@@ -1912,6 +2025,23 @@ module Aws::SecretsManager
1912
2025
  # @option params [Types::RotationRulesType] :rotation_rules
1913
2026
  # A structure that defines the rotation configuration for this secret.
1914
2027
  #
2028
+ # @option params [Boolean] :rotate_immediately
2029
+ # Specifies whether to rotate the secret immediately or wait until the
2030
+ # next scheduled rotation window. The rotation schedule is defined in
2031
+ # RotateSecretRequest$RotationRules.
2032
+ #
2033
+ # If you don't immediately rotate the secret, Secrets Manager tests the
2034
+ # rotation configuration by running the [ `testSecret` step][1] of the
2035
+ # Lambda rotation function. The test creates an `AWSPENDING` version of
2036
+ # the secret and then removes it.
2037
+ #
2038
+ # If you don't specify this value, then by default, Secrets Manager
2039
+ # rotates the secret immediately.
2040
+ #
2041
+ #
2042
+ #
2043
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
2044
+ #
1915
2045
  # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
1916
2046
  #
1917
2047
  # * {Types::RotateSecretResponse#arn #arn} => String
@@ -1926,7 +2056,10 @@ module Aws::SecretsManager
1926
2056
  # rotation_lambda_arn: "RotationLambdaARNType",
1927
2057
  # rotation_rules: {
1928
2058
  # automatically_after_days: 1,
2059
+ # duration: "DurationType",
2060
+ # schedule_expression: "ScheduleExpressionType",
1929
2061
  # },
2062
+ # rotate_immediately: false,
1930
2063
  # })
1931
2064
  #
1932
2065
  # @example Response structure
@@ -1950,6 +2083,16 @@ module Aws::SecretsManager
1950
2083
  # You must call this operation from the Region in which you want to
1951
2084
  # promote the replica to a primary secret.
1952
2085
  #
2086
+ # <b>Required permissions: </b>
2087
+ # `secretsmanager:StopReplicationToReplica`. For more information, see [
2088
+ # IAM policy actions for Secrets Manager][1] and [Authentication and
2089
+ # access control in Secrets Manager][2].
2090
+ #
2091
+ #
2092
+ #
2093
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2094
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2095
+ #
1953
2096
  # @option params [required, String] :secret_id
1954
2097
  # The ARN of the primary secret.
1955
2098
  #
@@ -2007,6 +2150,15 @@ module Aws::SecretsManager
2007
2150
  # operation would result in you losing your permissions for this secret,
2008
2151
  # then the operation is blocked and returns an Access Denied error.
2009
2152
  #
2153
+ # <b>Required permissions: </b> `secretsmanager:TagResource`. For more
2154
+ # information, see [ IAM policy actions for Secrets Manager][1] and
2155
+ # [Authentication and access control in Secrets Manager][2].
2156
+ #
2157
+ #
2158
+ #
2159
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2160
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2161
+ #
2010
2162
  # @option params [required, String] :secret_id
2011
2163
  # The identifier for the secret to attach tags to. You can specify
2012
2164
  # either the Amazon Resource Name (ARN) or the friendly name of the
@@ -2081,6 +2233,15 @@ module Aws::SecretsManager
2081
2233
  # would result in you losing your permissions for this secret, then the
2082
2234
  # operation is blocked and returns an Access Denied error.
2083
2235
  #
2236
+ # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more
2237
+ # information, see [ IAM policy actions for Secrets Manager][1] and
2238
+ # [Authentication and access control in Secrets Manager][2].
2239
+ #
2240
+ #
2241
+ #
2242
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2243
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2244
+ #
2084
2245
  # @option params [required, String] :secret_id
2085
2246
  # The ARN or name of the secret.
2086
2247
  #
@@ -2172,9 +2333,18 @@ module Aws::SecretsManager
2172
2333
  # to encrypt the secret, and you must create and use a customer managed
2173
2334
  # key.
2174
2335
  #
2175
- # To run this command, you must have `secretsmanager:UpdateSecret`
2176
- # permissions. If you use a customer managed key, you must also have
2177
- # `kms:GenerateDataKey` and `kms:Decrypt` permissions .
2336
+ # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more
2337
+ # information, see [ IAM policy actions for Secrets Manager][1] and
2338
+ # [Authentication and access control in Secrets Manager][2]. If you use
2339
+ # a customer managed key, you must also have `kms:GenerateDataKey` and
2340
+ # `kms:Decrypt` permissions on the key. For more information, see [
2341
+ # Secret encryption and decryption][3].
2342
+ #
2343
+ #
2344
+ #
2345
+ # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2346
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2347
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html
2178
2348
  #
2179
2349
  # @option params [required, String] :secret_id
2180
2350
  # The ARN or name of the secret.
@@ -2350,9 +2520,16 @@ module Aws::SecretsManager
2350
2520
  # then the version is considered to be 'deprecated' and can be deleted
2351
2521
  # by Secrets Manager.
2352
2522
  #
2523
+ # <b>Required permissions: </b>
2524
+ # `secretsmanager:UpdateSecretVersionStage`. For more information, see [
2525
+ # IAM policy actions for Secrets Manager][2] and [Authentication and
2526
+ # access control in Secrets Manager][3].
2527
+ #
2353
2528
  #
2354
2529
  #
2355
2530
  # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version
2531
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2532
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2356
2533
  #
2357
2534
  # @option params [required, String] :secret_id
2358
2535
  # The ARN or the name of the secret with the version and staging
@@ -2477,9 +2654,15 @@ module Aws::SecretsManager
2477
2654
  #
2478
2655
  # * Verifies the policy does not lock out a caller.
2479
2656
  #
2657
+ # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`.
2658
+ # For more information, see [ IAM policy actions for Secrets Manager][2]
2659
+ # and [Authentication and access control in Secrets Manager][3].
2660
+ #
2480
2661
  #
2481
2662
  #
2482
2663
  # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/
2664
+ # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions
2665
+ # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html
2483
2666
  #
2484
2667
  # @option params [String] :secret_id
2485
2668
  # This field is reserved for internal use.
@@ -2552,7 +2735,7 @@ module Aws::SecretsManager
2552
2735
  params: params,
2553
2736
  config: config)
2554
2737
  context[:gem_name] = 'aws-sdk-secretsmanager'
2555
- context[:gem_version] = '1.55.0'
2738
+ context[:gem_version] = '1.56.0'
2556
2739
  Seahorse::Client::Request.new(handlers, context)
2557
2740
  end
2558
2741
 
@@ -32,6 +32,7 @@ module Aws::SecretsManager
32
32
  DescribeSecretRequest = Shapes::StructureShape.new(name: 'DescribeSecretRequest')
33
33
  DescribeSecretResponse = Shapes::StructureShape.new(name: 'DescribeSecretResponse')
34
34
  DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
35
+ DurationType = Shapes::StringShape.new(name: 'DurationType')
35
36
  EncryptionFailure = Shapes::StructureShape.new(name: 'EncryptionFailure')
36
37
  ErrorMessage = Shapes::StringShape.new(name: 'ErrorMessage')
37
38
  ExcludeCharactersType = Shapes::StringShape.new(name: 'ExcludeCharactersType')
@@ -99,6 +100,7 @@ module Aws::SecretsManager
99
100
  RotationEnabledType = Shapes::BooleanShape.new(name: 'RotationEnabledType')
100
101
  RotationLambdaARNType = Shapes::StringShape.new(name: 'RotationLambdaARNType')
101
102
  RotationRulesType = Shapes::StructureShape.new(name: 'RotationRulesType')
103
+ ScheduleExpressionType = Shapes::StringShape.new(name: 'ScheduleExpressionType')
102
104
  SecretARNType = Shapes::StringShape.new(name: 'SecretARNType')
103
105
  SecretBinaryType = Shapes::BlobShape.new(name: 'SecretBinaryType')
104
106
  SecretIdType = Shapes::StringShape.new(name: 'SecretIdType')
@@ -368,6 +370,7 @@ module Aws::SecretsManager
368
370
  RotateSecretRequest.add_member(:client_request_token, Shapes::ShapeRef.new(shape: ClientRequestTokenType, location_name: "ClientRequestToken", metadata: {"idempotencyToken"=>true}))
369
371
  RotateSecretRequest.add_member(:rotation_lambda_arn, Shapes::ShapeRef.new(shape: RotationLambdaARNType, location_name: "RotationLambdaARN"))
370
372
  RotateSecretRequest.add_member(:rotation_rules, Shapes::ShapeRef.new(shape: RotationRulesType, location_name: "RotationRules"))
373
+ RotateSecretRequest.add_member(:rotate_immediately, Shapes::ShapeRef.new(shape: BooleanType, location_name: "RotateImmediately", metadata: {"box"=>true}))
371
374
  RotateSecretRequest.struct_class = Types::RotateSecretRequest
372
375
 
373
376
  RotateSecretResponse.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -376,6 +379,8 @@ module Aws::SecretsManager
376
379
  RotateSecretResponse.struct_class = Types::RotateSecretResponse
377
380
 
378
381
  RotationRulesType.add_member(:automatically_after_days, Shapes::ShapeRef.new(shape: AutomaticallyRotateAfterDaysType, location_name: "AutomaticallyAfterDays", metadata: {"box"=>true}))
382
+ RotationRulesType.add_member(:duration, Shapes::ShapeRef.new(shape: DurationType, location_name: "Duration"))
383
+ RotationRulesType.add_member(:schedule_expression, Shapes::ShapeRef.new(shape: ScheduleExpressionType, location_name: "ScheduleExpression"))
379
384
  RotationRulesType.struct_class = Types::RotationRulesType
380
385
 
381
386
  SecretListEntry.add_member(:arn, Shapes::ShapeRef.new(shape: SecretARNType, location_name: "ARN"))
@@ -517,6 +522,7 @@ module Aws::SecretsManager
517
522
  o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
518
523
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
519
524
  o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
525
+ o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
520
526
  end)
521
527
 
522
528
  api.add_operation(:delete_resource_policy, Seahorse::Model::Operation.new.tap do |o|
@@ -652,6 +658,7 @@ module Aws::SecretsManager
652
658
  o.errors << Shapes::ShapeRef.new(shape: ResourceExistsException)
653
659
  o.errors << Shapes::ShapeRef.new(shape: ResourceNotFoundException)
654
660
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
661
+ o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
655
662
  end)
656
663
 
657
664
  api.add_operation(:remove_regions_from_replication, Seahorse::Model::Operation.new.tap do |o|
@@ -753,6 +760,7 @@ module Aws::SecretsManager
753
760
  o.errors << Shapes::ShapeRef.new(shape: MalformedPolicyDocumentException)
754
761
  o.errors << Shapes::ShapeRef.new(shape: InternalServiceError)
755
762
  o.errors << Shapes::ShapeRef.new(shape: PreconditionNotMetException)
763
+ o.errors << Shapes::ShapeRef.new(shape: DecryptionFailure)
756
764
  end)
757
765
 
758
766
  api.add_operation(:update_secret_version_stage, Seahorse::Model::Operation.new.tap do |o|
@@ -956,7 +956,7 @@ module Aws::SecretsManager
956
956
  include Aws::Structure
957
957
  end
958
958
 
959
- # The parameter name is invalid value.
959
+ # The parameter name or value is invalid.
960
960
  #
961
961
  # @!attribute [rw] message
962
962
  # @return [String]
@@ -1634,7 +1634,10 @@ module Aws::SecretsManager
1634
1634
  # rotation_lambda_arn: "RotationLambdaARNType",
1635
1635
  # rotation_rules: {
1636
1636
  # automatically_after_days: 1,
1637
+ # duration: "DurationType",
1638
+ # schedule_expression: "ScheduleExpressionType",
1637
1639
  # },
1640
+ # rotate_immediately: false,
1638
1641
  # }
1639
1642
  #
1640
1643
  # @!attribute [rw] secret_id
@@ -1682,13 +1685,32 @@ module Aws::SecretsManager
1682
1685
  # A structure that defines the rotation configuration for this secret.
1683
1686
  # @return [Types::RotationRulesType]
1684
1687
  #
1688
+ # @!attribute [rw] rotate_immediately
1689
+ # Specifies whether to rotate the secret immediately or wait until the
1690
+ # next scheduled rotation window. The rotation schedule is defined in
1691
+ # RotateSecretRequest$RotationRules.
1692
+ #
1693
+ # If you don't immediately rotate the secret, Secrets Manager tests
1694
+ # the rotation configuration by running the [ `testSecret` step][1] of
1695
+ # the Lambda rotation function. The test creates an `AWSPENDING`
1696
+ # version of the secret and then removes it.
1697
+ #
1698
+ # If you don't specify this value, then by default, Secrets Manager
1699
+ # rotates the secret immediately.
1700
+ #
1701
+ #
1702
+ #
1703
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html
1704
+ # @return [Boolean]
1705
+ #
1685
1706
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotateSecretRequest AWS API Documentation
1686
1707
  #
1687
1708
  class RotateSecretRequest < Struct.new(
1688
1709
  :secret_id,
1689
1710
  :client_request_token,
1690
1711
  :rotation_lambda_arn,
1691
- :rotation_rules)
1712
+ :rotation_rules,
1713
+ :rotate_immediately)
1692
1714
  SENSITIVE = []
1693
1715
  include Aws::Structure
1694
1716
  end
@@ -1722,32 +1744,79 @@ module Aws::SecretsManager
1722
1744
  #
1723
1745
  # {
1724
1746
  # automatically_after_days: 1,
1747
+ # duration: "DurationType",
1748
+ # schedule_expression: "ScheduleExpressionType",
1725
1749
  # }
1726
1750
  #
1727
1751
  # @!attribute [rw] automatically_after_days
1728
- # Specifies the number of days between automatic scheduled rotations
1729
- # of the secret.
1730
- #
1731
- # Secrets Manager schedules the next rotation when the previous one is
1732
- # complete. Secrets Manager schedules the date by adding the rotation
1733
- # interval (number of days) to the actual date of the last rotation.
1734
- # The service chooses the hour within that 24-hour date window
1735
- # randomly. The minute is also chosen somewhat randomly, but weighted
1736
- # towards the top of the hour and influenced by a variety of factors
1737
- # that help distribute load.
1752
+ # The number of days between automatic scheduled rotations of the
1753
+ # secret. You can use this value to check that your secret meets your
1754
+ # compliance guidelines for how often secrets must be rotated.
1755
+ #
1756
+ # In `DescribeSecret` and `ListSecrets`, this value is calculated from
1757
+ # the rotation schedule after every successful rotation. In
1758
+ # `RotateSecret`, you can set the rotation schedule in `RotationRules`
1759
+ # with `AutomaticallyAfterDays` or `ScheduleExpression`, but not both.
1738
1760
  # @return [Integer]
1739
1761
  #
1762
+ # @!attribute [rw] duration
1763
+ # The length of the rotation window in hours, for example `3h` for a
1764
+ # three hour window. Secrets Manager rotates your secret at any time
1765
+ # during this window. The window must not go into the next UTC day. If
1766
+ # you don't specify this value, the window automatically ends at the
1767
+ # end of the UTC day. The window begins according to the
1768
+ # `ScheduleExpression`. For more information, including examples, see
1769
+ # [Schedule expressions in Secrets Manager rotation][1].
1770
+ #
1771
+ #
1772
+ #
1773
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
1774
+ # @return [String]
1775
+ #
1776
+ # @!attribute [rw] schedule_expression
1777
+ # A `cron()` or `rate()` expression that defines the schedule for
1778
+ # rotating your secret. Secrets Manager rotation schedules use UTC
1779
+ # time zone.
1780
+ #
1781
+ # Secrets Manager `rate()` expressions represent the interval in days
1782
+ # that you want to rotate your secret, for example `rate(10 days)`. If
1783
+ # you use a `rate()` expression, the rotation window opens at
1784
+ # midnight, and Secrets Manager rotates your secret any time that day
1785
+ # after midnight. You can set a `Duration` to shorten the rotation
1786
+ # window.
1787
+ #
1788
+ # You can use a `cron()` expression to create rotation schedules that
1789
+ # are more detailed than a rotation interval. For more information,
1790
+ # including examples, see [Schedule expressions in Secrets Manager
1791
+ # rotation][1]. If you use a `cron()` expression, Secrets Manager
1792
+ # rotates your secret any time during that day after the window opens.
1793
+ # For example, `cron(0 8 1 * ? *)` represents a rotation window that
1794
+ # occurs on the first day of every month beginning at 8:00 AM UTC.
1795
+ # Secrets Manager rotates the secret any time that day after 8:00 AM.
1796
+ # You can set a `Duration` to shorten the rotation window.
1797
+ #
1798
+ #
1799
+ #
1800
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_schedule.html
1801
+ # @return [String]
1802
+ #
1740
1803
  # @see http://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/RotationRulesType AWS API Documentation
1741
1804
  #
1742
1805
  class RotationRulesType < Struct.new(
1743
- :automatically_after_days)
1806
+ :automatically_after_days,
1807
+ :duration,
1808
+ :schedule_expression)
1744
1809
  SENSITIVE = []
1745
1810
  include Aws::Structure
1746
1811
  end
1747
1812
 
1748
1813
  # A structure that contains the details about a secret. It does not
1749
1814
  # include the encrypted `SecretString` and `SecretBinary` values. To get
1750
- # those values, use the GetSecretValue operation.
1815
+ # those values, use [GetSecretValue][1] .
1816
+ #
1817
+ #
1818
+ #
1819
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html
1751
1820
  #
1752
1821
  # @!attribute [rw] arn
1753
1822
  # The Amazon Resource Name (ARN) of the secret.
@@ -1778,7 +1847,11 @@ module Aws::SecretsManager
1778
1847
  # @!attribute [rw] rotation_lambda_arn
1779
1848
  # The ARN of an Amazon Web Services Lambda function invoked by Secrets
1780
1849
  # Manager to rotate and expire the secret either automatically per the
1781
- # schedule or manually by a call to RotateSecret.
1850
+ # schedule or manually by a call to [ `RotateSecret` ][1].
1851
+ #
1852
+ #
1853
+ #
1854
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_RotateSecret.html
1782
1855
  # @return [String]
1783
1856
  #
1784
1857
  # @!attribute [rw] rotation_rules
@@ -1805,13 +1878,23 @@ module Aws::SecretsManager
1805
1878
  # The date and time the deletion of the secret occurred. Not present
1806
1879
  # on active secrets. The secret can be recovered until the number of
1807
1880
  # days in the recovery window has passed, as specified in the
1808
- # `RecoveryWindowInDays` parameter of the DeleteSecret operation.
1881
+ # `RecoveryWindowInDays` parameter of the [ `DeleteSecret` ][1]
1882
+ # operation.
1883
+ #
1884
+ #
1885
+ #
1886
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_DeleteSecret.html
1809
1887
  # @return [Time]
1810
1888
  #
1811
1889
  # @!attribute [rw] tags
1812
1890
  # The list of user-defined tags associated with the secret. To add
1813
- # tags to a secret, use TagResource. To remove tags, use
1814
- # UntagResource.
1891
+ # tags to a secret, use [ `TagResource` ][1]. To remove tags, use [
1892
+ # `UntagResource` ][2].
1893
+ #
1894
+ #
1895
+ #
1896
+ # [1]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_TagResource.html
1897
+ # [2]: https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_UntagResource.html
1815
1898
  # @return [Array<Types::Tag>]
1816
1899
  #
1817
1900
  # @!attribute [rw] secret_versions_to_stages
@@ -48,6 +48,6 @@ require_relative 'aws-sdk-secretsmanager/customizations'
48
48
  # @!group service
49
49
  module Aws::SecretsManager
50
50
 
51
- GEM_VERSION = '1.55.0'
51
+ GEM_VERSION = '1.56.0'
52
52
 
53
53
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-secretsmanager
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.55.0
4
+ version: 1.56.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-21 00:00:00.000000000 Z
11
+ date: 2022-01-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core