aws-sdk-states 1.72.0 → 1.74.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 00b08b5d202e5c0093830505b4a551cac636fa117a152a1054dc770d6c903cd9
-  data.tar.gz: cbeb07668ca62a8913633fab31f9826830e6e4ece09d998a8f712d9bc34d386b
+  metadata.gz: 280bc3a3690d2f119e28faab199246d6ff9e1a53d2b2830624c350ce68ceeee1
+  data.tar.gz: a1e42b4aaaf0333fb5f83c85adec8f8a6048989a53c493f9b3950d1da44caa80
 SHA512:
-  metadata.gz: a9a0c27a5c2dca0adce50d7b6faabde4ea722072c460f13ef8f4707f6c648cfc3fa51c39c9268a6e667d6be1e175d58932d3a94149d187153e88c59c9e0f14e5
-  data.tar.gz: d672c5864b66d8c7bdbe86ebb2ae6d00d256cadfc991e5f2cb5197563bdf79491f85d12662cdc814b33f18b32bb410b1c930c1f980e3c7a747002c6456a59cb2
+  metadata.gz: 8f474820a604d9f323be7060e28eaeba152a2489bfb5906406e1cd01d7eb7f762df17b87224589cb9d4abf2b91b786d5f639afab812073f6c6171e292fabdac0
+  data.tar.gz: a2fad035f367bb5b52509180730a50c8b00c62cccfe96766cf2b83982322d98d50333f40b717f1754dbb03e70cf308c66c7702c68ef463579e6c4da14cc2b824

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.74.0 (2024-08-29)
+------------------
+
+* Feature - This release adds support for static analysis to ValidateStateMachineDefinition API, which can now return optional WARNING diagnostics for semantic errors on the definition of an Amazon States Language (ASL) state machine.
+
+1.73.0 (2024-07-25)
+------------------
+
+* Feature - This release adds support to customer managed KMS key encryption in AWS Step Functions.
+
 1.72.0 (2024-07-02)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.72.0
+1.74.0

data/lib/aws-sdk-states/client.rb

@@ -495,6 +495,9 @@ module Aws::States
     #   [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html
     #   [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_iam-tags.html
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   Settings to configure server-side encryption.
+    #
     # @return [Types::CreateActivityOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateActivityOutput#activity_arn #activity_arn} => String
@@ -510,6 +513,11 @@ module Aws::States
     #         value: "TagValue",
     #       },
     #     ],
+    #     encryption_configuration: {
+    #       kms_key_id: "KmsKeyId",
+    #       kms_data_key_reuse_period_seconds: 1,
+    #       type: "AWS_OWNED_KEY", # required, accepts AWS_OWNED_KEY, CUSTOMER_MANAGED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -536,6 +544,13 @@ module Aws::States
     # If you set the `publish` parameter of this API action to `true`, it
     # publishes version `1` as the first revision of the state machine.
     #
+    # For additional control over security, you can encrypt your data using
+    # a **customer-managed key** for Step Functions state machines. You can
+    # configure a symmetric KMS key and data key reuse period when creating
+    # or updating a **State Machine**. The execution history and state
+    # machine definition will be encrypted with the key applied to the State
+    # Machine.
+    #
     # <note markdown="1"> This operation is eventually consistent. The results are best effort
     # and may not reflect very recent updates and changes.
     #
@@ -544,13 +559,13 @@ module Aws::States
     # <note markdown="1"> `CreateStateMachine` is an idempotent API. Subsequent requests won’t
     # create a duplicate resource if it was already created.
     # `CreateStateMachine`'s idempotency check is based on the state
-    # machine `name`, `definition`, `type`, `LoggingConfiguration`, and
-    # `TracingConfiguration`. The check is also based on the `publish` and
-    # `versionDescription` parameters. If a following request has a
-    # different `roleArn` or `tags`, Step Functions will ignore these
-    # differences and treat it as an idempotent request of the previous. In
-    # this case, `roleArn` and `tags` will not be updated, even if they are
-    # different.
+    # machine `name`, `definition`, `type`, `LoggingConfiguration`,
+    # `TracingConfiguration`, and `EncryptionConfiguration` The check is
+    # also based on the `publish` and `versionDescription` parameters. If a
+    # following request has a different `roleArn` or `tags`, Step Functions
+    # will ignore these differences and treat it as an idempotent request of
+    # the previous. In this case, `roleArn` and `tags` will not be updated,
+    # even if they are different.
     #
     #  </note>
     #
@@ -634,6 +649,9 @@ module Aws::States
     #   you set `versionDescription`, but `publish` to `false`, this API
     #   action throws `ValidationException`.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   Settings to configure server-side encryption.
+    #
     # @return [Types::CreateStateMachineOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateStateMachineOutput#state_machine_arn #state_machine_arn} => String
@@ -669,6 +687,11 @@ module Aws::States
     #     },
     #     publish: false,
     #     version_description: "VersionDescription",
+    #     encryption_configuration: {
+    #       kms_key_id: "KmsKeyId",
+    #       kms_data_key_reuse_period_seconds: 1,
+    #       type: "AWS_OWNED_KEY", # required, accepts AWS_OWNED_KEY, CUSTOMER_MANAGED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -960,6 +983,7 @@ module Aws::States
     #   * {Types::DescribeActivityOutput#activity_arn #activity_arn} => String
     #   * {Types::DescribeActivityOutput#name #name} => String
     #   * {Types::DescribeActivityOutput#creation_date #creation_date} => Time
+    #   * {Types::DescribeActivityOutput#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
     #
     # @example Request syntax with placeholder values
     #
@@ -972,6 +996,9 @@ module Aws::States
     #   resp.activity_arn #=> String
     #   resp.name #=> String
     #   resp.creation_date #=> Time
+    #   resp.encryption_configuration.kms_key_id #=> String
+    #   resp.encryption_configuration.kms_data_key_reuse_period_seconds #=> Integer
+    #   resp.encryption_configuration.type #=> String, one of "AWS_OWNED_KEY", "CUSTOMER_MANAGED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeActivity AWS API Documentation
     #
@@ -1008,6 +1035,13 @@ module Aws::States
     # @option params [required, String] :execution_arn
     #   The Amazon Resource Name (ARN) of the execution to describe.
     #
+    # @option params [String] :included_data
+    #   If your state machine definition is encrypted with a KMS key, callers
+    #   must have `kms:Decrypt` permission to decrypt the definition.
+    #   Alternatively, you can call DescribeStateMachine API with
+    #   `includedData = METADATA_ONLY` to get a successful response without
+    #   the encrypted definition.
+    #
     # @return [Types::DescribeExecutionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeExecutionOutput#execution_arn #execution_arn} => String
@@ -1035,6 +1069,7 @@ module Aws::States
     #
     #   resp = client.describe_execution({
     #     execution_arn: "Arn", # required
+    #     included_data: "ALL_DATA", # accepts ALL_DATA, METADATA_ONLY
     #   })
     #
     # @example Response structure
@@ -1200,6 +1235,21 @@ module Aws::States
     #   ARN and the version number separated by a colon (:). For example,
     #   `stateMachineARN:1`.
     #
+    # @option params [String] :included_data
+    #   If your state machine definition is encrypted with a KMS key, callers
+    #   must have `kms:Decrypt` permission to decrypt the definition.
+    #   Alternatively, you can call the API with `includedData =
+    #   METADATA_ONLY` to get a successful response without the encrypted
+    #   definition.
+    #
+    #   <note markdown="1"> When calling a labelled ARN for an encrypted state machine, the
+    #   `includedData = METADATA_ONLY` parameter will not apply because Step
+    #   Functions needs to decrypt the entire state machine definition to get
+    #   the Distributed Map state’s definition. In this case, the API caller
+    #   needs to have `kms:Decrypt` permission.
+    #
+    #    </note>
+    #
     # @return [Types::DescribeStateMachineOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeStateMachineOutput#state_machine_arn #state_machine_arn} => String
@@ -1214,11 +1264,13 @@ module Aws::States
     #   * {Types::DescribeStateMachineOutput#label #label} => String
     #   * {Types::DescribeStateMachineOutput#revision_id #revision_id} => String
     #   * {Types::DescribeStateMachineOutput#description #description} => String
+    #   * {Types::DescribeStateMachineOutput#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_state_machine({
     #     state_machine_arn: "Arn", # required
+    #     included_data: "ALL_DATA", # accepts ALL_DATA, METADATA_ONLY
     #   })
     #
     # @example Response structure
@@ -1238,6 +1290,9 @@ module Aws::States
     #   resp.label #=> String
     #   resp.revision_id #=> String
     #   resp.description #=> String
+    #   resp.encryption_configuration.kms_key_id #=> String
+    #   resp.encryption_configuration.kms_data_key_reuse_period_seconds #=> Integer
+    #   resp.encryption_configuration.type #=> String, one of "AWS_OWNED_KEY", "CUSTOMER_MANAGED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeStateMachine AWS API Documentation
     #
@@ -1319,6 +1374,13 @@ module Aws::States
     #   The Amazon Resource Name (ARN) of the execution you want state machine
     #   information for.
     #
+    # @option params [String] :included_data
+    #   If your state machine definition is encrypted with a KMS key, callers
+    #   must have `kms:Decrypt` permission to decrypt the definition.
+    #   Alternatively, you can call the API with `includedData =
+    #   METADATA_ONLY` to get a successful response without the encrypted
+    #   definition.
+    #
     # @return [Types::DescribeStateMachineForExecutionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::DescribeStateMachineForExecutionOutput#state_machine_arn #state_machine_arn} => String
@@ -1331,11 +1393,13 @@ module Aws::States
     #   * {Types::DescribeStateMachineForExecutionOutput#map_run_arn #map_run_arn} => String
     #   * {Types::DescribeStateMachineForExecutionOutput#label #label} => String
     #   * {Types::DescribeStateMachineForExecutionOutput#revision_id #revision_id} => String
+    #   * {Types::DescribeStateMachineForExecutionOutput#encryption_configuration #encryption_configuration} => Types::EncryptionConfiguration
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.describe_state_machine_for_execution({
     #     execution_arn: "Arn", # required
+    #     included_data: "ALL_DATA", # accepts ALL_DATA, METADATA_ONLY
     #   })
     #
     # @example Response structure
@@ -1353,6 +1417,9 @@ module Aws::States
     #   resp.map_run_arn #=> String
     #   resp.label #=> String
     #   resp.revision_id #=> String
+    #   resp.encryption_configuration.kms_key_id #=> String
+    #   resp.encryption_configuration.kms_data_key_reuse_period_seconds #=> Integer
+    #   resp.encryption_configuration.type #=> String, one of "AWS_OWNED_KEY", "CUSTOMER_MANAGED_KMS_KEY"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/DescribeStateMachineForExecution AWS API Documentation
     #
@@ -2279,6 +2346,13 @@ module Aws::States
     # and optionally Task states using the [job run][2] pattern to report
     # that the task identified by the `taskToken` failed.
     #
+    # For an execution with encryption enabled, Step Functions will encrypt
+    # the error and cause fields using the KMS key for the execution role.
+    #
+    # A caller can mark a task as fail without using any KMS permissions in
+    # the execution role if the caller provides a null value for both
+    # `error` and `cause` fields because no data needs to be encrypted.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/step-functions/latest/dg/connect-to-resource.html#connect-wait-token
@@ -2621,6 +2695,13 @@ module Aws::States
     #   Passes the X-Ray trace header. The trace header can also be passed in
     #   the request payload.
     #
+    # @option params [String] :included_data
+    #   If your state machine definition is encrypted with a KMS key, callers
+    #   must have `kms:Decrypt` permission to decrypt the definition.
+    #   Alternatively, you can call the API with `includedData =
+    #   METADATA_ONLY` to get a successful response without the encrypted
+    #   definition.
+    #
     # @return [Types::StartSyncExecutionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::StartSyncExecutionOutput#execution_arn #execution_arn} => String
@@ -2645,6 +2726,7 @@ module Aws::States
     #     name: "Name",
     #     input: "SensitiveData",
     #     trace_header: "TraceHeader",
+    #     included_data: "ALL_DATA", # accepts ALL_DATA, METADATA_ONLY
     #   })
     #
     # @example Response structure
@@ -2678,6 +2760,13 @@ module Aws::States
     #
     # This API action is not supported by `EXPRESS` state machines.
     #
+    # For an execution with encryption enabled, Step Functions will encrypt
+    # the error and cause fields using the KMS key for the execution role.
+    #
+    # A caller can stop an execution without using any KMS permissions in
+    # the execution role if the caller provides a null value for both
+    # `error` and `cause` fields because no data needs to be encrypted.
+    #
     # @option params [required, String] :execution_arn
     #   The Amazon Resource Name (ARN) of the execution to stop.
     #
@@ -2981,10 +3070,10 @@ module Aws::States
     end
 
     # Updates an existing state machine by modifying its `definition`,
-    # `roleArn`, or `loggingConfiguration`. Running executions will continue
-    # to use the previous `definition` and `roleArn`. You must include at
-    # least one of `definition` or `roleArn` or you will receive a
-    # `MissingRequiredParameter` error.
+    # `roleArn`, `loggingConfiguration`, or `EncryptionConfiguration`.
+    # Running executions will continue to use the previous `definition` and
+    # `roleArn`. You must include at least one of `definition` or `roleArn`
+    # or you will receive a `MissingRequiredParameter` error.
     #
     # A qualified state machine ARN refers to a *Distributed Map state*
     # defined within a state machine. For example, the qualified state
@@ -3079,6 +3168,9 @@ module Aws::States
     #   You can only specify the `versionDescription` parameter if you've set
     #   `publish` to `true`.
     #
+    # @option params [Types::EncryptionConfiguration] :encryption_configuration
+    #   Settings to configure server-side encryption.
+    #
     # @return [Types::UpdateStateMachineOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateStateMachineOutput#update_date #update_date} => Time
@@ -3107,6 +3199,11 @@ module Aws::States
     #     },
     #     publish: false,
     #     version_description: "VersionDescription",
+    #     encryption_configuration: {
+    #       kms_key_id: "KmsKeyId",
+    #       kms_data_key_reuse_period_seconds: 1,
+    #       type: "AWS_OWNED_KEY", # required, accepts AWS_OWNED_KEY, CUSTOMER_MANAGED_KMS_KEY
+    #     },
     #   })
     #
     # @example Response structure
@@ -3241,26 +3338,44 @@ module Aws::States
     #   The target type of state machine for this definition. The default is
     #   `STANDARD`.
     #
+    # @option params [String] :severity
+    #   Minimum level of diagnostics to return. `ERROR` returns only `ERROR`
+    #   diagnostics, whereas `WARNING` returns both `WARNING` and `ERROR`
+    #   diagnostics. The default is `ERROR`.
+    #
+    # @option params [Integer] :max_results
+    #   The maximum number of diagnostics that are returned per call. The
+    #   default and maximum value is 100. Setting the value to 0 will also use
+    #   the default of 100.
+    #
+    #   If the number of diagnostics returned in the response exceeds
+    #   `maxResults`, the value of the `truncated` field in the response will
+    #   be set to `true`.
+    #
     # @return [Types::ValidateStateMachineDefinitionOutput] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::ValidateStateMachineDefinitionOutput#result #result} => String
     #   * {Types::ValidateStateMachineDefinitionOutput#diagnostics #diagnostics} => Array&lt;Types::ValidateStateMachineDefinitionDiagnostic&gt;
+    #   * {Types::ValidateStateMachineDefinitionOutput#truncated #truncated} => Boolean
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.validate_state_machine_definition({
     #     definition: "Definition", # required
     #     type: "STANDARD", # accepts STANDARD, EXPRESS
+    #     severity: "ERROR", # accepts ERROR, WARNING
+    #     max_results: 1,
     #   })
     #
     # @example Response structure
     #
     #   resp.result #=> String, one of "OK", "FAIL"
     #   resp.diagnostics #=> Array
-    #   resp.diagnostics[0].severity #=> String, one of "ERROR"
+    #   resp.diagnostics[0].severity #=> String, one of "ERROR", "WARNING"
     #   resp.diagnostics[0].code #=> String
     #   resp.diagnostics[0].message #=> String
     #   resp.diagnostics[0].location #=> String
+    #   resp.truncated #=> Boolean
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/states-2016-11-23/ValidateStateMachineDefinition AWS API Documentation
     #
@@ -3284,7 +3399,7 @@ module Aws::States
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-states'
-      context[:gem_version] = '1.72.0'
+      context[:gem_version] = '1.74.0'
       Seahorse::Client::Request.new(handlers, context)
     end