@aws-sdk/client-ram 3.312.0 → 3.316.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (97) hide show
  1. package/README.md +76 -5
  2. package/dist-cjs/RAM.js +47 -350
  3. package/dist-cjs/commands/CreatePermissionCommand.js +45 -0
  4. package/dist-cjs/commands/CreatePermissionVersionCommand.js +45 -0
  5. package/dist-cjs/commands/DeletePermissionCommand.js +45 -0
  6. package/dist-cjs/commands/DeletePermissionVersionCommand.js +45 -0
  7. package/dist-cjs/commands/ListPermissionAssociationsCommand.js +45 -0
  8. package/dist-cjs/commands/ListReplacePermissionAssociationsWorkCommand.js +45 -0
  9. package/dist-cjs/commands/PromotePermissionCreatedFromPolicyCommand.js +45 -0
  10. package/dist-cjs/commands/ReplacePermissionAssociationsCommand.js +45 -0
  11. package/dist-cjs/commands/SetDefaultPermissionVersionCommand.js +45 -0
  12. package/dist-cjs/commands/index.js +9 -0
  13. package/dist-cjs/endpoint/ruleset.js +3 -3
  14. package/dist-cjs/models/models_0.js +104 -1
  15. package/dist-cjs/pagination/ListPermissionAssociationsPaginator.js +29 -0
  16. package/dist-cjs/pagination/ListReplacePermissionAssociationsWorkPaginator.js +29 -0
  17. package/dist-cjs/pagination/index.js +2 -0
  18. package/dist-cjs/protocols/Aws_restJson1.js +1404 -756
  19. package/dist-es/RAM.js +47 -350
  20. package/dist-es/commands/CreatePermissionCommand.js +41 -0
  21. package/dist-es/commands/CreatePermissionVersionCommand.js +41 -0
  22. package/dist-es/commands/DeletePermissionCommand.js +41 -0
  23. package/dist-es/commands/DeletePermissionVersionCommand.js +41 -0
  24. package/dist-es/commands/ListPermissionAssociationsCommand.js +41 -0
  25. package/dist-es/commands/ListReplacePermissionAssociationsWorkCommand.js +41 -0
  26. package/dist-es/commands/PromotePermissionCreatedFromPolicyCommand.js +41 -0
  27. package/dist-es/commands/ReplacePermissionAssociationsCommand.js +41 -0
  28. package/dist-es/commands/SetDefaultPermissionVersionCommand.js +41 -0
  29. package/dist-es/commands/index.js +9 -0
  30. package/dist-es/endpoint/ruleset.js +3 -3
  31. package/dist-es/models/models_0.js +97 -0
  32. package/dist-es/pagination/ListPermissionAssociationsPaginator.js +25 -0
  33. package/dist-es/pagination/ListReplacePermissionAssociationsWorkPaginator.js +25 -0
  34. package/dist-es/pagination/index.js +2 -0
  35. package/dist-es/protocols/Aws_restJson1.js +1327 -698
  36. package/dist-types/RAM.d.ts +114 -113
  37. package/dist-types/RAMClient.d.ts +15 -7
  38. package/dist-types/commands/AcceptResourceShareInvitationCommand.d.ts +16 -12
  39. package/dist-types/commands/AssociateResourceShareCommand.d.ts +19 -14
  40. package/dist-types/commands/AssociateResourceSharePermissionCommand.d.ts +9 -7
  41. package/dist-types/commands/CreatePermissionCommand.d.ts +109 -0
  42. package/dist-types/commands/CreatePermissionVersionCommand.d.ts +106 -0
  43. package/dist-types/commands/CreateResourceShareCommand.d.ts +19 -13
  44. package/dist-types/commands/DeletePermissionCommand.d.ts +91 -0
  45. package/dist-types/commands/DeletePermissionVersionCommand.d.ts +96 -0
  46. package/dist-types/commands/DeleteResourceShareCommand.d.ts +19 -14
  47. package/dist-types/commands/DisassociateResourceShareCommand.d.ts +19 -13
  48. package/dist-types/commands/DisassociateResourceSharePermissionCommand.d.ts +14 -11
  49. package/dist-types/commands/EnableSharingWithAwsOrganizationCommand.d.ts +14 -11
  50. package/dist-types/commands/GetPermissionCommand.d.ts +9 -7
  51. package/dist-types/commands/GetResourcePoliciesCommand.d.ts +10 -6
  52. package/dist-types/commands/GetResourceShareAssociationsCommand.d.ts +13 -8
  53. package/dist-types/commands/GetResourceShareInvitationsCommand.d.ts +14 -8
  54. package/dist-types/commands/GetResourceSharesCommand.d.ts +11 -6
  55. package/dist-types/commands/ListPendingInvitationResourcesCommand.d.ts +15 -9
  56. package/dist-types/commands/ListPermissionAssociationsCommand.d.ts +91 -0
  57. package/dist-types/commands/ListPermissionVersionsCommand.d.ts +11 -7
  58. package/dist-types/commands/ListPermissionsCommand.d.ts +9 -5
  59. package/dist-types/commands/ListPrincipalsCommand.d.ts +10 -6
  60. package/dist-types/commands/ListReplacePermissionAssociationsWorkCommand.d.ts +84 -0
  61. package/dist-types/commands/ListResourceSharePermissionsCommand.d.ts +11 -7
  62. package/dist-types/commands/ListResourceTypesCommand.d.ts +7 -4
  63. package/dist-types/commands/ListResourcesCommand.d.ts +11 -7
  64. package/dist-types/commands/PromotePermissionCreatedFromPolicyCommand.d.ts +119 -0
  65. package/dist-types/commands/PromoteResourceShareCreatedFromPolicyCommand.d.ts +34 -14
  66. package/dist-types/commands/RejectResourceShareInvitationCommand.d.ts +16 -12
  67. package/dist-types/commands/ReplacePermissionAssociationsCommand.d.ts +108 -0
  68. package/dist-types/commands/SetDefaultPermissionVersionCommand.d.ts +92 -0
  69. package/dist-types/commands/TagResourceCommand.d.ts +17 -11
  70. package/dist-types/commands/UntagResourceCommand.d.ts +14 -5
  71. package/dist-types/commands/UpdateResourceShareCommand.d.ts +13 -11
  72. package/dist-types/commands/index.d.ts +9 -0
  73. package/dist-types/endpoint/EndpointParameters.d.ts +1 -1
  74. package/dist-types/models/models_0.d.ts +1286 -195
  75. package/dist-types/pagination/ListPermissionAssociationsPaginator.d.ts +7 -0
  76. package/dist-types/pagination/ListReplacePermissionAssociationsWorkPaginator.d.ts +7 -0
  77. package/dist-types/pagination/index.d.ts +2 -0
  78. package/dist-types/protocols/Aws_restJson1.d.ts +81 -0
  79. package/dist-types/ts3.4/RAM.d.ts +167 -1
  80. package/dist-types/ts3.4/RAMClient.d.ts +54 -0
  81. package/dist-types/ts3.4/commands/CreatePermissionCommand.d.ts +37 -0
  82. package/dist-types/ts3.4/commands/CreatePermissionVersionCommand.d.ts +41 -0
  83. package/dist-types/ts3.4/commands/DeletePermissionCommand.d.ts +37 -0
  84. package/dist-types/ts3.4/commands/DeletePermissionVersionCommand.d.ts +41 -0
  85. package/dist-types/ts3.4/commands/ListPermissionAssociationsCommand.d.ts +41 -0
  86. package/dist-types/ts3.4/commands/ListReplacePermissionAssociationsWorkCommand.d.ts +41 -0
  87. package/dist-types/ts3.4/commands/PromotePermissionCreatedFromPolicyCommand.d.ts +41 -0
  88. package/dist-types/ts3.4/commands/ReplacePermissionAssociationsCommand.d.ts +41 -0
  89. package/dist-types/ts3.4/commands/SetDefaultPermissionVersionCommand.d.ts +41 -0
  90. package/dist-types/ts3.4/commands/index.d.ts +9 -0
  91. package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts +1 -1
  92. package/dist-types/ts3.4/models/models_0.d.ts +234 -19
  93. package/dist-types/ts3.4/pagination/ListPermissionAssociationsPaginator.d.ts +11 -0
  94. package/dist-types/ts3.4/pagination/ListReplacePermissionAssociationsWorkPaginator.d.ts +11 -0
  95. package/dist-types/ts3.4/pagination/index.d.ts +2 -0
  96. package/dist-types/ts3.4/protocols/Aws_restJson1.d.ts +108 -0
  97. package/package.json +6 -6
package/dist-types/models/models_0.d.ts CHANGED
@@ -5,7 +5,7 @@ import { RAMServiceException as __BaseException } from "./RAMServiceException";
5
5
  */
6
6
  export interface AcceptResourceShareInvitationRequest {
7
7
  /**
8
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the invitation that you want to accept.</p>
8
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the invitation that you want to accept.</p>
9
9
  */
10
10
  resourceShareInvitationArn: string | undefined;
11
11
  /**
@@ -17,6 +17,9 @@ export interface AcceptResourceShareInvitationRequest {
17
17
  * value.</a>.</p>
18
18
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
19
19
  * you.</p>
20
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
21
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
22
+ * error.</p>
20
23
  */
21
24
  clientToken?: string;
22
25
  }
@@ -49,11 +52,11 @@ export declare const ResourceShareAssociationStatus: {
49
52
  export type ResourceShareAssociationStatus = (typeof ResourceShareAssociationStatus)[keyof typeof ResourceShareAssociationStatus];
50
53
  /**
51
54
  * @public
52
- * <p>Describes an association with a resource share and either a principal or a resource.</p>
55
+ * <p>Describes an association between a resource share and either a principal or a resource.</p>
53
56
  */
54
57
  export interface ResourceShareAssociation {
55
58
  /**
56
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share.</p>
59
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share.</p>
57
60
  */
58
61
  resourceShareArn?: string;
59
62
  /**
@@ -64,7 +67,7 @@ export interface ResourceShareAssociation {
64
67
  * <p>The associated entity. This can be either of the following:</p>
65
68
  * <ul>
66
69
  * <li>
67
- * <p>For a resource association, this is the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource.</p>
70
+ * <p>For a resource association, this is the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource.</p>
68
71
  * </li>
69
72
  * <li>
70
73
  * <p>For principal associations, this is one of the following:</p>
@@ -73,7 +76,7 @@ export interface ResourceShareAssociation {
73
76
  * <p>The ID of an Amazon Web Services account</p>
74
77
  * </li>
75
78
  * <li>
76
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an organization in Organizations</p>
79
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an organization in Organizations</p>
77
80
  * </li>
78
81
  * <li>
79
82
  * <p>The ARN of an organizational unit (OU) in Organizations</p>
@@ -135,7 +138,7 @@ export type ResourceShareInvitationStatus = (typeof ResourceShareInvitationStatu
135
138
  */
136
139
  export interface ResourceShareInvitation {
137
140
  /**
138
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the invitation.</p>
141
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the invitation.</p>
139
142
  */
140
143
  resourceShareInvitationArn?: string;
141
144
  /**
@@ -143,7 +146,7 @@ export interface ResourceShareInvitation {
143
146
  */
144
147
  resourceShareName?: string;
145
148
  /**
146
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share</p>
149
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share</p>
147
150
  */
148
151
  resourceShareArn?: string;
149
152
  /**
@@ -169,7 +172,7 @@ export interface ResourceShareInvitation {
169
172
  */
170
173
  resourceShareAssociations?: ResourceShareAssociation[];
171
174
  /**
172
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the IAM user or role that received the invitation.</p>
175
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the IAM user or role that received the invitation.</p>
173
176
  */
174
177
  receiverArn?: string;
175
178
  }
@@ -191,9 +194,9 @@ export interface AcceptResourceShareInvitationResponse {
191
194
  }
192
195
  /**
193
196
  * @public
194
- * <p>The client token input parameter was matched one used with a previous call to the
195
- * operation, but at least one of the other input parameters is different from the previous
196
- * call.</p>
197
+ * <p>The operation failed because the client token input parameter matched one that was
198
+ * used with a previous call to the operation, but at least one of the other input
199
+ * parameters is different from the previous call.</p>
197
200
  */
198
201
  export declare class IdempotentParameterMismatchException extends __BaseException {
199
202
  readonly name: "IdempotentParameterMismatchException";
@@ -205,7 +208,7 @@ export declare class IdempotentParameterMismatchException extends __BaseExceptio
205
208
  }
206
209
  /**
207
210
  * @public
208
- * <p>The client token is not valid.</p>
211
+ * <p>The operation failed because the specified client token isn't valid.</p>
209
212
  */
210
213
  export declare class InvalidClientTokenException extends __BaseException {
211
214
  readonly name: "InvalidClientTokenException";
@@ -217,7 +220,8 @@ export declare class InvalidClientTokenException extends __BaseException {
217
220
  }
218
221
  /**
219
222
  * @public
220
- * <p>The format of an Amazon Resource Name (ARN) is not valid.</p>
223
+ * <p>The operation failed because the specified <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> has a format that isn't
224
+ * valid.</p>
221
225
  */
222
226
  export declare class MalformedArnException extends __BaseException {
223
227
  readonly name: "MalformedArnException";
@@ -229,7 +233,7 @@ export declare class MalformedArnException extends __BaseException {
229
233
  }
230
234
  /**
231
235
  * @public
232
- * <p>The requested operation is not permitted.</p>
236
+ * <p>The operation failed because the requested operation isn't permitted.</p>
233
237
  */
234
238
  export declare class OperationNotPermittedException extends __BaseException {
235
239
  readonly name: "OperationNotPermittedException";
@@ -241,7 +245,7 @@ export declare class OperationNotPermittedException extends __BaseException {
241
245
  }
242
246
  /**
243
247
  * @public
244
- * <p>The specified invitation was already accepted.</p>
248
+ * <p>The operation failed because the specified invitation was already accepted.</p>
245
249
  */
246
250
  export declare class ResourceShareInvitationAlreadyAcceptedException extends __BaseException {
247
251
  readonly name: "ResourceShareInvitationAlreadyAcceptedException";
@@ -253,7 +257,7 @@ export declare class ResourceShareInvitationAlreadyAcceptedException extends __B
253
257
  }
254
258
  /**
255
259
  * @public
256
- * <p>The specified invitation was already rejected.</p>
260
+ * <p>The operation failed because the specified invitation was already rejected.</p>
257
261
  */
258
262
  export declare class ResourceShareInvitationAlreadyRejectedException extends __BaseException {
259
263
  readonly name: "ResourceShareInvitationAlreadyRejectedException";
@@ -265,7 +269,8 @@ export declare class ResourceShareInvitationAlreadyRejectedException extends __B
265
269
  }
266
270
  /**
267
271
  * @public
268
- * <p>The specified Amazon Resource Name (ARN) for an invitation was not found.</p>
272
+ * <p>The operation failed because the specified <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> for an invitation was not
273
+ * found.</p>
269
274
  */
270
275
  export declare class ResourceShareInvitationArnNotFoundException extends __BaseException {
271
276
  readonly name: "ResourceShareInvitationArnNotFoundException";
@@ -277,7 +282,8 @@ export declare class ResourceShareInvitationArnNotFoundException extends __BaseE
277
282
  }
278
283
  /**
279
284
  * @public
280
- * <p>The specified invitation is expired.</p>
285
+ * <p>The operation failed because the specified invitation is past its expiration date and
286
+ * time.</p>
281
287
  */
282
288
  export declare class ResourceShareInvitationExpiredException extends __BaseException {
283
289
  readonly name: "ResourceShareInvitationExpiredException";
@@ -289,7 +295,8 @@ export declare class ResourceShareInvitationExpiredException extends __BaseExcep
289
295
  }
290
296
  /**
291
297
  * @public
292
- * <p>The service could not respond to the request due to an internal problem.</p>
298
+ * <p>The operation failed because the service could not respond to the request due to an
299
+ * internal problem. Try again later.</p>
293
300
  */
294
301
  export declare class ServerInternalException extends __BaseException {
295
302
  readonly name: "ServerInternalException";
@@ -301,7 +308,7 @@ export declare class ServerInternalException extends __BaseException {
301
308
  }
302
309
  /**
303
310
  * @public
304
- * <p>The service is not available.</p>
311
+ * <p>The operation failed because the service isn't available. Try again later.</p>
305
312
  */
306
313
  export declare class ServiceUnavailableException extends __BaseException {
307
314
  readonly name: "ServiceUnavailableException";
@@ -316,7 +323,7 @@ export declare class ServiceUnavailableException extends __BaseException {
316
323
  */
317
324
  export interface AssociateResourceShareRequest {
318
325
  /**
319
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share that you want to add principals or resources
326
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to add principals or resources
320
327
  * to.</p>
321
328
  */
322
329
  resourceShareArn: string | undefined;
@@ -337,7 +344,7 @@ export interface AssociateResourceShareRequest {
337
344
  * </p>
338
345
  * </li>
339
346
  * <li>
340
- * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example:
347
+ * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an organization in Organizations, for example:
341
348
  * <code>organizations::123456789012:organization/o-exampleorgid</code>
342
349
  * </p>
343
350
  * </li>
@@ -373,6 +380,9 @@ export interface AssociateResourceShareRequest {
373
380
  * value.</a>.</p>
374
381
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
375
382
  * you.</p>
383
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
384
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
385
+ * error.</p>
376
386
  */
377
387
  clientToken?: string;
378
388
  }
@@ -394,7 +404,7 @@ export interface AssociateResourceShareResponse {
394
404
  }
395
405
  /**
396
406
  * @public
397
- * <p>A parameter is not valid.</p>
407
+ * <p>The operation failed because a parameter you specified isn't valid.</p>
398
408
  */
399
409
  export declare class InvalidParameterException extends __BaseException {
400
410
  readonly name: "InvalidParameterException";
@@ -406,7 +416,8 @@ export declare class InvalidParameterException extends __BaseException {
406
416
  }
407
417
  /**
408
418
  * @public
409
- * <p>The requested state transition is not valid.</p>
419
+ * <p>The operation failed because the requested operation isn't valid for the resource
420
+ * share in its current state.</p>
410
421
  */
411
422
  export declare class InvalidStateTransitionException extends __BaseException {
412
423
  readonly name: "InvalidStateTransitionException";
@@ -418,7 +429,9 @@ export declare class InvalidStateTransitionException extends __BaseException {
418
429
  }
419
430
  /**
420
431
  * @public
421
- * <p>This request would exceed the limit for resource shares for your account.</p>
432
+ * <p>The operation failed because it would exceed the limit for resource shares for your account. To
433
+ * view the limits for your Amazon Web Services account, see the <a href="https://console.aws.amazon.com/servicequotas/home/services/ram/quotas">RAM page in the Service Quotas
434
+ * console</a>.</p>
422
435
  */
423
436
  export declare class ResourceShareLimitExceededException extends __BaseException {
424
437
  readonly name: "ResourceShareLimitExceededException";
@@ -430,8 +443,8 @@ export declare class ResourceShareLimitExceededException extends __BaseException
430
443
  }
431
444
  /**
432
445
  * @public
433
- * <p>You exceeded the rate at which you are allowed to perform this operation. Please try
434
- * again later.</p>
446
+ * <p>The operation failed because it exceeded the rate at which you are allowed to perform
447
+ * this operation. Please try again later.</p>
435
448
  */
436
449
  export declare class ThrottlingException extends __BaseException {
437
450
  readonly name: "ThrottlingException";
@@ -443,7 +456,7 @@ export declare class ThrottlingException extends __BaseException {
443
456
  }
444
457
  /**
445
458
  * @public
446
- * <p>A specified resource was not found.</p>
459
+ * <p>The operation failed because a specified resource couldn't be found.</p>
447
460
  */
448
461
  export declare class UnknownResourceException extends __BaseException {
449
462
  readonly name: "UnknownResourceException";
@@ -458,21 +471,21 @@ export declare class UnknownResourceException extends __BaseException {
458
471
  */
459
472
  export interface AssociateResourceSharePermissionRequest {
460
473
  /**
461
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share to which you want to add or replace
474
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share to which you want to add or replace
462
475
  * permissions.</p>
463
476
  */
464
477
  resourceShareArn: string | undefined;
465
478
  /**
466
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the RAM permission to associate with the resource share.
479
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the RAM permission to associate with the resource share.
467
480
  * To find the ARN for a permission, use either the <a>ListPermissions</a> operation or go to the <a href="https://console.aws.amazon.com/ram/home#Permissions:">Permissions library</a> page in the RAM console and
468
481
  * then choose the name of the permission. The ARN is displayed on the detail page.</p>
469
482
  */
470
483
  permissionArn: string | undefined;
471
484
  /**
472
- * <p>Specifies whether the specified permission should replace or add to the existing
473
- * permission associated with the resource share. Use <code>true</code> to replace the current
474
- * permissions. Use <code>false</code> to add the permission to the current permission. The
475
- * default value is <code>false</code>.</p>
485
+ * <p>Specifies whether the specified permission should replace the existing permission
486
+ * associated with the resource share. Use <code>true</code> to replace the current permissions. Use
487
+ * <code>false</code> to add the permission to a resource share that currently doesn't
488
+ * have a permission. The default value is <code>false</code>.</p>
476
489
  * <note>
477
490
  * <p>A resource share can have only one permission per resource type. If a resource share already has a
478
491
  * permission for the specified resource type and you don't set <code>replace</code> to
@@ -490,25 +503,535 @@ export interface AssociateResourceSharePermissionRequest {
490
503
  * value.</a>.</p>
491
504
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
492
505
  * you.</p>
506
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
507
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
508
+ * error.</p>
493
509
  */
494
510
  clientToken?: string;
495
511
  /**
496
- * <p>Specifies the version of the RAM permission to associate with the resource share. If you don't
497
- * specify this parameter, the operation uses the version designated as the default. You
498
- * can use the <a>ListPermissionVersions</a> operation to discover the available
499
- * versions of a permission.</p>
512
+ * <p>Specifies the version of the RAM permission to associate with the resource share. You can
513
+ * specify <i>only</i> the version that is currently set as the default
514
+ * version for the permission. If you also set the <code>replace</code> pararameter to
515
+ * <code>true</code>, then this operation updates an outdated version of the permission
516
+ * to the current default version.</p>
517
+ * <note>
518
+ * <p>You don't need to specify this parameter because the default behavior is to use
519
+ * the version that is currently set as the default version for the permission. This
520
+ * parameter is supported for backwards compatibility.</p>
521
+ * </note>
522
+ */
523
+ permissionVersion?: number;
524
+ }
525
+ /**
526
+ * @public
527
+ */
528
+ export interface AssociateResourceSharePermissionResponse {
529
+ /**
530
+ * <p>A return value of <code>true</code> indicates that the request succeeded.
531
+ * A value of <code>false</code> indicates that the request failed.</p>
532
+ */
533
+ returnValue?: boolean;
534
+ /**
535
+ * <p>The idempotency identifier associated with this request. If you
536
+ * want to repeat the same operation in an idempotent manner then you must include this
537
+ * value in the <code>clientToken</code> request parameter of that later call. All other
538
+ * parameters must also have the same values that you used in the first call.</p>
539
+ */
540
+ clientToken?: string;
541
+ }
542
+ /**
543
+ * @public
544
+ * <p>A structure containing a tag. A tag is metadata that you can attach to your resources
545
+ * to help organize and categorize them. You can also use them to help you secure your
546
+ * resources. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Controlling access to Amazon Web Services resources
547
+ * using tags</a>.</p>
548
+ * <p>For more information about tags, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the
549
+ * <i>Amazon Web Services General Reference Guide</i>.</p>
550
+ */
551
+ export interface Tag {
552
+ /**
553
+ * <p>The key, or name, attached to the tag. Every tag must have a key. Key names are case
554
+ * sensitive.</p>
555
+ */
556
+ key?: string;
557
+ /**
558
+ * <p>The string value attached to the tag. The value can be an empty string. Key values are
559
+ * case sensitive.</p>
560
+ */
561
+ value?: string;
562
+ }
563
+ /**
564
+ * @public
565
+ */
566
+ export interface CreatePermissionRequest {
567
+ /**
568
+ * <p>Specifies the name of the customer managed permission. The name must be unique within the
569
+ * Amazon Web Services Region.</p>
570
+ */
571
+ name: string | undefined;
572
+ /**
573
+ * <p>Specifies the name of the resource type that this customer managed permission applies to.</p>
574
+ * <p>The format is
575
+ * <code>
576
+ * <i><service-code></i>:<i><resource-type></i>
577
+ * </code>
578
+ * and is not case sensitive. For example, to specify an Amazon EC2 Subnet, you can use the
579
+ * string <code>ec2:subnet</code>. To see the list of valid values for this parameter,
580
+ * query the <a>ListResourceTypes</a> operation.</p>
581
+ */
582
+ resourceType: string | undefined;
583
+ /**
584
+ * <p>A string in JSON format string that contains the following elements of a
585
+ * resource-based policy:</p>
586
+ * <ul>
587
+ * <li>
588
+ * <p>
589
+ * <b>Effect</b>: must be set to
590
+ * <code>ALLOW</code>.</p>
591
+ * </li>
592
+ * <li>
593
+ * <p>
594
+ * <b>Action</b>: specifies the actions that are
595
+ * allowed by this customer managed permission. The list must contain only actions that are supported by
596
+ * the specified resource type. For a list of all actions supported by each
597
+ * resource type, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html">Actions, resources, and condition keys for Amazon Web Services services</a> in the
598
+ * <i>Identity and Access Management User Guide</i>.</p>
599
+ * </li>
600
+ * <li>
601
+ * <p>
602
+ * <b>Condition</b>: (optional) specifies conditional
603
+ * parameters that must evaluate to true when a user attempts an action for that
604
+ * action to be allowed. For more information about the Condition element, see
605
+ * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html">IAM
606
+ * policies: Condition element</a> in the <i>Identity and Access Management User
607
+ * Guide</i>.</p>
608
+ * </li>
609
+ * </ul>
610
+ * <p>This template can't include either the <code>Resource</code> or
611
+ * <code>Principal</code> elements. Those are both filled in by RAM when it instantiates
612
+ * the resource-based policy on each resource shared using this managed permission. The
613
+ * <code>Resource</code> comes from the ARN of the specific resource that you are sharing.
614
+ * The <code>Principal</code> comes from the list of identities added to the resource
615
+ * share.</p>
616
+ */
617
+ policyTemplate: string | undefined;
618
+ /**
619
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
620
+ * ensure the idempotency of the request. This lets you safely retry the request without
621
+ * accidentally performing the same operation a second time. Passing the same value to a
622
+ * later call to an operation requires that you also pass the same value for all other
623
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
624
+ * value.</a>.</p>
625
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
626
+ * you.</p>
627
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
628
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
629
+ * error.</p>
630
+ */
631
+ clientToken?: string;
632
+ /**
633
+ * <p>Specifies a list of one or more tag key and value pairs to attach to the
634
+ * permission.</p>
635
+ */
636
+ tags?: Tag[];
637
+ }
638
+ /**
639
+ * @public
640
+ * @enum
641
+ */
642
+ export declare const PermissionFeatureSet: {
643
+ readonly CREATED_FROM_POLICY: "CREATED_FROM_POLICY";
644
+ readonly PROMOTING_TO_STANDARD: "PROMOTING_TO_STANDARD";
645
+ readonly STANDARD: "STANDARD";
646
+ };
647
+ /**
648
+ * @public
649
+ */
650
+ export type PermissionFeatureSet = (typeof PermissionFeatureSet)[keyof typeof PermissionFeatureSet];
651
+ /**
652
+ * @public
653
+ * @enum
654
+ */
655
+ export declare const PermissionType: {
656
+ readonly AWS_MANAGED: "AWS_MANAGED";
657
+ readonly CUSTOMER_MANAGED: "CUSTOMER_MANAGED";
658
+ };
659
+ /**
660
+ * @public
661
+ */
662
+ export type PermissionType = (typeof PermissionType)[keyof typeof PermissionType];
663
+ /**
664
+ * @public
665
+ * <p>Information about an RAM permission.</p>
666
+ */
667
+ export interface ResourceSharePermissionSummary {
668
+ /**
669
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the permission you want information about.</p>
670
+ */
671
+ arn?: string;
672
+ /**
673
+ * <p>The version of the permission associated with this resource share.</p>
674
+ */
675
+ version?: string;
676
+ /**
677
+ * <p>Specifies whether the version of the managed permission used by this resource share is the default version for
678
+ * this managed permission.</p>
679
+ */
680
+ defaultVersion?: boolean;
681
+ /**
682
+ * <p>The name of this managed permission.</p>
683
+ */
684
+ name?: string;
685
+ /**
686
+ * <p>The type of resource to which this permission applies. This takes the form of:
687
+ * <code>service-code</code>:<code>resource-code</code>, and is case-insensitive. For
688
+ * example, an Amazon EC2 Subnet would be represented by the string
689
+ * <code>ec2:subnet</code>.</p>
690
+ */
691
+ resourceType?: string;
692
+ /**
693
+ * <p>The current status of the permission.</p>
694
+ */
695
+ status?: string;
696
+ /**
697
+ * <p>The date and time when the permission was created.</p>
698
+ */
699
+ creationTime?: Date;
700
+ /**
701
+ * <p>The date and time when the permission was last updated.</p>
702
+ */
703
+ lastUpdatedTime?: Date;
704
+ /**
705
+ * <p>Specifies whether the managed permission associated with this resource share is the default managed permission for all
706
+ * resources of this resource type.</p>
707
+ */
708
+ isResourceTypeDefault?: boolean;
709
+ /**
710
+ * <p>The type of managed permission. This can be one of the following values:</p>
711
+ * <ul>
712
+ * <li>
713
+ * <p>
714
+ * <code>AWS_MANAGED</code> – Amazon Web Services created and manages this
715
+ * managed permission. You can associate it with your resource shares, but you can't modify it.</p>
716
+ * </li>
717
+ * <li>
718
+ * <p>
719
+ * <code>CUSTOMER_MANAGED</code> – You, or another principal in
720
+ * your account created this managed permission. You can associate it with your resource shares and create
721
+ * new versions that have different permissions.</p>
722
+ * </li>
723
+ * </ul>
724
+ */
725
+ permissionType?: PermissionType | string;
726
+ /**
727
+ * <p>Indicates what features are available for this resource share. This parameter can have one of
728
+ * the following values:</p>
729
+ * <ul>
730
+ * <li>
731
+ * <p>
732
+ * <b>STANDARD</b> – A resource share that supports all
733
+ * functionality. These resource shares are visible to all principals you share the resource share with.
734
+ * You can modify these resource shares in RAM using the console or APIs. This resource share might
735
+ * have been created by RAM, or it might have been <b>CREATED_FROM_POLICY</b> and then promoted.</p>
736
+ * </li>
737
+ * <li>
738
+ * <p>
739
+ * <b>CREATED_FROM_POLICY</b> – The customer
740
+ * manually shared a resource by attaching a resource-based policy. That policy did
741
+ * not match any existing managed permissions, so RAM created this customer managed permission automatically on the
742
+ * customer's behalf based on the attached policy document. This type of resource share
743
+ * is visible only to the Amazon Web Services account that created it. You can't modify it in
744
+ * RAM unless you promote it. For more information,
745
+ * see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
746
+ * </li>
747
+ * <li>
748
+ * <p>
749
+ * <b>PROMOTING_TO_STANDARD</b> – This
750
+ * resource share was originally <code>CREATED_FROM_POLICY</code>, but the customer ran
751
+ * the <a>PromoteResourceShareCreatedFromPolicy</a> and that operation
752
+ * is still in progress. This value changes to <code>STANDARD</code> when
753
+ * complete.</p>
754
+ * </li>
755
+ * </ul>
756
+ */
757
+ featureSet?: PermissionFeatureSet | string;
758
+ /**
759
+ * <p>A list of the tag key value pairs currently attached to the permission.</p>
760
+ */
761
+ tags?: Tag[];
762
+ }
763
+ /**
764
+ * @public
765
+ */
766
+ export interface CreatePermissionResponse {
767
+ /**
768
+ * <p>A structure with information about this customer managed permission.</p>
769
+ */
770
+ permission?: ResourceSharePermissionSummary;
771
+ /**
772
+ * <p>The idempotency identifier associated with this request. If you
773
+ * want to repeat the same operation in an idempotent manner then you must include this
774
+ * value in the <code>clientToken</code> request parameter of that later call. All other
775
+ * parameters must also have the same values that you used in the first call.</p>
776
+ */
777
+ clientToken?: string;
778
+ }
779
+ /**
780
+ * @public
781
+ * <p>The operation failed because a policy you specified isn't valid.</p>
782
+ */
783
+ export declare class InvalidPolicyException extends __BaseException {
784
+ readonly name: "InvalidPolicyException";
785
+ readonly $fault: "client";
786
+ /**
787
+ * @internal
788
+ */
789
+ constructor(opts: __ExceptionOptionType<InvalidPolicyException, __BaseException>);
790
+ }
791
+ /**
792
+ * @public
793
+ * <p>The operation failed because the policy template that you provided isn't valid.</p>
794
+ */
795
+ export declare class MalformedPolicyTemplateException extends __BaseException {
796
+ readonly name: "MalformedPolicyTemplateException";
797
+ readonly $fault: "client";
798
+ /**
799
+ * @internal
800
+ */
801
+ constructor(opts: __ExceptionOptionType<MalformedPolicyTemplateException, __BaseException>);
802
+ }
803
+ /**
804
+ * @public
805
+ * <p>The operation failed because a permission with the specified name already exists in
806
+ * the requested Amazon Web Services Region. Choose a different name.</p>
807
+ */
808
+ export declare class PermissionAlreadyExistsException extends __BaseException {
809
+ readonly name: "PermissionAlreadyExistsException";
810
+ readonly $fault: "client";
811
+ /**
812
+ * @internal
813
+ */
814
+ constructor(opts: __ExceptionOptionType<PermissionAlreadyExistsException, __BaseException>);
815
+ }
816
+ /**
817
+ * @public
818
+ * <p>The operation failed because it would exceed the maximum number of permissions you can
819
+ * create in each Amazon Web Services Region. To view the limits for your Amazon Web Services account, see the <a href="https://console.aws.amazon.com/servicequotas/home/services/ram/quotas">RAM page in the
820
+ * Service Quotas console</a>.</p>
821
+ */
822
+ export declare class PermissionLimitExceededException extends __BaseException {
823
+ readonly name: "PermissionLimitExceededException";
824
+ readonly $fault: "client";
825
+ /**
826
+ * @internal
827
+ */
828
+ constructor(opts: __ExceptionOptionType<PermissionLimitExceededException, __BaseException>);
829
+ }
830
+ /**
831
+ * @public
832
+ */
833
+ export interface CreatePermissionVersionRequest {
834
+ /**
835
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the customer managed permission you're creating a new version for.</p>
836
+ */
837
+ permissionArn: string | undefined;
838
+ /**
839
+ * <p>A string in JSON format string that contains the following elements of a
840
+ * resource-based policy:</p>
841
+ * <ul>
842
+ * <li>
843
+ * <p>
844
+ * <b>Effect</b>: must be set to
845
+ * <code>ALLOW</code>.</p>
846
+ * </li>
847
+ * <li>
848
+ * <p>
849
+ * <b>Action</b>: specifies the actions that are
850
+ * allowed by this customer managed permission. The list must contain only actions that are supported by
851
+ * the specified resource type. For a list of all actions supported by each
852
+ * resource type, see <a href="https://docs.aws.amazon.com/service-authorization/latest/reference/reference_policies_actions-resources-contextkeys.html">Actions, resources, and condition keys for Amazon Web Services services</a> in the
853
+ * <i>Identity and Access Management User Guide</i>.</p>
854
+ * </li>
855
+ * <li>
856
+ * <p>
857
+ * <b>Condition</b>: (optional) specifies conditional
858
+ * parameters that must evaluate to true when a user attempts an action for that
859
+ * action to be allowed. For more information about the Condition element, see
860
+ * <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_condition.html">IAM
861
+ * policies: Condition element</a> in the <i>Identity and Access Management User
862
+ * Guide</i>.</p>
863
+ * </li>
864
+ * </ul>
865
+ * <p>This template can't include either the <code>Resource</code> or
866
+ * <code>Principal</code> elements. Those are both filled in by RAM when it instantiates
867
+ * the resource-based policy on each resource shared using this managed permission. The
868
+ * <code>Resource</code> comes from the ARN of the specific resource that you are sharing.
869
+ * The <code>Principal</code> comes from the list of identities added to the resource
870
+ * share.</p>
871
+ */
872
+ policyTemplate: string | undefined;
873
+ /**
874
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
875
+ * ensure the idempotency of the request. This lets you safely retry the request without
876
+ * accidentally performing the same operation a second time. Passing the same value to a
877
+ * later call to an operation requires that you also pass the same value for all other
878
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
879
+ * value.</a>.</p>
880
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
881
+ * you.</p>
882
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
883
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
884
+ * error.</p>
885
+ */
886
+ clientToken?: string;
887
+ }
888
+ /**
889
+ * @public
890
+ * @enum
891
+ */
892
+ export declare const PermissionStatus: {
893
+ readonly ATTACHABLE: "ATTACHABLE";
894
+ readonly DELETED: "DELETED";
895
+ readonly DELETING: "DELETING";
896
+ readonly UNATTACHABLE: "UNATTACHABLE";
897
+ };
898
+ /**
899
+ * @public
900
+ */
901
+ export type PermissionStatus = (typeof PermissionStatus)[keyof typeof PermissionStatus];
902
+ /**
903
+ * @public
904
+ * <p>Information about a RAM managed permission.</p>
905
+ */
906
+ export interface ResourceSharePermissionDetail {
907
+ /**
908
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of this RAM managed permission.</p>
909
+ */
910
+ arn?: string;
911
+ /**
912
+ * <p>The version of the permission described in this response.</p>
913
+ */
914
+ version?: string;
915
+ /**
916
+ * <p>Specifies whether the version of the permission represented in this response is the
917
+ * default version for this permission.</p>
918
+ */
919
+ defaultVersion?: boolean;
920
+ /**
921
+ * <p>The name of this permission.</p>
922
+ */
923
+ name?: string;
924
+ /**
925
+ * <p>The resource type to which this permission applies.</p>
926
+ */
927
+ resourceType?: string;
928
+ /**
929
+ * <p>The permission's effect and actions in JSON format. The <code>effect</code> indicates
930
+ * whether the specified actions are allowed or denied. The <code>actions</code> list the
931
+ * operations to which the principal is granted or denied access.</p>
932
+ */
933
+ permission?: string;
934
+ /**
935
+ * <p>The date and time when the permission was created.</p>
936
+ */
937
+ creationTime?: Date;
938
+ /**
939
+ * <p>The date and time when the permission was last updated.</p>
940
+ */
941
+ lastUpdatedTime?: Date;
942
+ /**
943
+ * <p>Specifies whether the version of the permission represented in this response is the
944
+ * default version for all resources of this resource type.</p>
945
+ */
946
+ isResourceTypeDefault?: boolean;
947
+ /**
948
+ * <p>The type of managed permission. This can be one of the following values:</p>
949
+ * <ul>
950
+ * <li>
951
+ * <p>
952
+ * <code>AWS_MANAGED</code> – Amazon Web Services created and manages this
953
+ * managed permission. You can associate it with your resource shares, but you can't modify it.</p>
954
+ * </li>
955
+ * <li>
956
+ * <p>
957
+ * <code>CUSTOMER_MANAGED</code> – You, or another principal in
958
+ * your account created this managed permission. You can associate it with your resource shares and create
959
+ * new versions that have different permissions.</p>
960
+ * </li>
961
+ * </ul>
962
+ */
963
+ permissionType?: PermissionType | string;
964
+ /**
965
+ * <p>Indicates what features are available for this resource share. This parameter can have one of
966
+ * the following values:</p>
967
+ * <ul>
968
+ * <li>
969
+ * <p>
970
+ * <b>STANDARD</b> – A resource share that supports all
971
+ * functionality. These resource shares are visible to all principals you share the resource share with.
972
+ * You can modify these resource shares in RAM using the console or APIs. This resource share might
973
+ * have been created by RAM, or it might have been <b>CREATED_FROM_POLICY</b> and then promoted.</p>
974
+ * </li>
975
+ * <li>
976
+ * <p>
977
+ * <b>CREATED_FROM_POLICY</b> – The customer
978
+ * manually shared a resource by attaching a resource-based policy. That policy did
979
+ * not match any existing managed permissions, so RAM created this customer managed permission automatically on the
980
+ * customer's behalf based on the attached policy document. This type of resource share
981
+ * is visible only to the Amazon Web Services account that created it. You can't modify it in
982
+ * RAM unless you promote it. For more information,
983
+ * see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
984
+ * </li>
985
+ * <li>
986
+ * <p>
987
+ * <b>PROMOTING_TO_STANDARD</b> – This
988
+ * resource share was originally <code>CREATED_FROM_POLICY</code>, but the customer ran
989
+ * the <a>PromoteResourceShareCreatedFromPolicy</a> and that operation
990
+ * is still in progress. This value changes to <code>STANDARD</code> when
991
+ * complete.</p>
992
+ * </li>
993
+ * </ul>
994
+ */
995
+ featureSet?: PermissionFeatureSet | string;
996
+ /**
997
+ * <p>The current status of the association between the permission and the resource share.
998
+ * The following are the possible values:</p>
999
+ * <ul>
1000
+ * <li>
1001
+ * <p>
1002
+ * <code>ATTACHABLE</code> – This permission or version can be associated
1003
+ * with resource shares.</p>
1004
+ * </li>
1005
+ * <li>
1006
+ * <p>
1007
+ * <code>UNATTACHABLE</code> – This permission or version can't
1008
+ * currently be associated with resource shares.</p>
1009
+ * </li>
1010
+ * <li>
1011
+ * <p>
1012
+ * <code>DELETING</code> – This permission or version is in the process of
1013
+ * being deleted.</p>
1014
+ * </li>
1015
+ * <li>
1016
+ * <p>
1017
+ * <code>DELETED</code> – This permission or version is deleted.</p>
1018
+ * </li>
1019
+ * </ul>
500
1020
  */
501
- permissionVersion?: number;
1021
+ status?: PermissionStatus | string;
1022
+ /**
1023
+ * <p>The tag key and value pairs attached to the resource share.</p>
1024
+ */
1025
+ tags?: Tag[];
502
1026
  }
503
1027
  /**
504
1028
  * @public
505
1029
  */
506
- export interface AssociateResourceSharePermissionResponse {
1030
+ export interface CreatePermissionVersionResponse {
507
1031
  /**
508
- * <p>A return value of <code>true</code> indicates that the request succeeded.
509
- * A value of <code>false</code> indicates that the request failed.</p>
1032
+ * <p>Information about a RAM managed permission.</p>
510
1033
  */
511
- returnValue?: boolean;
1034
+ permission?: ResourceSharePermissionDetail;
512
1035
  /**
513
1036
  * <p>The idempotency identifier associated with this request. If you
514
1037
  * want to repeat the same operation in an idempotent manner then you must include this
@@ -519,24 +1042,17 @@ export interface AssociateResourceSharePermissionResponse {
519
1042
  }
520
1043
  /**
521
1044
  * @public
522
- * <p>A structure containing a tag. A tag is metadata that you can attach to your resources
523
- * to help organize and categorize them. You can also use them to help you secure your
524
- * resources. For more information, see <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access_tags.html">Controlling access to Amazon Web Services resources
525
- * using tags</a>.</p>
526
- * <p>For more information about tags, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the
527
- * <i>Amazon Web Services General Reference Guide</i>.</p>
1045
+ * <p>The operation failed because it would exceed the limit for the number of versions you
1046
+ * can have for a permission. To view the limits for your Amazon Web Services account, see the <a href="https://console.aws.amazon.com/servicequotas/home/services/ram/quotas">RAM page in the
1047
+ * Service Quotas console</a>.</p>
528
1048
  */
529
- export interface Tag {
530
- /**
531
- * <p>The key, or name, attached to the tag. Every tag must have a key. Key names are case
532
- * sensitive.</p>
533
- */
534
- key?: string;
1049
+ export declare class PermissionVersionsLimitExceededException extends __BaseException {
1050
+ readonly name: "PermissionVersionsLimitExceededException";
1051
+ readonly $fault: "client";
535
1052
  /**
536
- * <p>The string value attached to the tag. The value can be an empty string. Key values are
537
- * case sensitive.</p>
1053
+ * @internal
538
1054
  */
539
- value?: string;
1055
+ constructor(opts: __ExceptionOptionType<PermissionVersionsLimitExceededException, __BaseException>);
540
1056
  }
541
1057
  /**
542
1058
  * @public
@@ -560,7 +1076,7 @@ export interface CreateResourceShareRequest {
560
1076
  * </p>
561
1077
  * </li>
562
1078
  * <li>
563
- * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example:
1079
+ * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an organization in Organizations, for example:
564
1080
  * <code>organizations::123456789012:organization/o-exampleorgid</code>
565
1081
  * </p>
566
1082
  * </li>
@@ -609,6 +1125,9 @@ export interface CreateResourceShareRequest {
609
1125
  * value.</a>.</p>
610
1126
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
611
1127
  * you.</p>
1128
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1129
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1130
+ * error.</p>
612
1131
  */
613
1132
  clientToken?: string;
614
1133
  /**
@@ -653,7 +1172,7 @@ export type ResourceShareStatus = (typeof ResourceShareStatus)[keyof typeof Reso
653
1172
  */
654
1173
  export interface ResourceShare {
655
1174
  /**
656
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share</p>
1175
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share</p>
657
1176
  */
658
1177
  resourceShareArn?: string;
659
1178
  /**
@@ -667,6 +1186,19 @@ export interface ResourceShare {
667
1186
  /**
668
1187
  * <p>Indicates whether principals outside your organization in Organizations can be associated
669
1188
  * with a resource share.</p>
1189
+ * <ul>
1190
+ * <li>
1191
+ * <p>
1192
+ * <code>True</code> – the resource share can be shared with any
1193
+ * Amazon Web Services account.</p>
1194
+ * </li>
1195
+ * <li>
1196
+ * <p>
1197
+ * <code>False</code> – the resource share can be shared with only
1198
+ * accounts in the same organization as the account that owns the resource
1199
+ * share.</p>
1200
+ * </li>
1201
+ * </ul>
670
1202
  */
671
1203
  allowExternalPrincipals?: boolean;
672
1204
  /**
@@ -690,25 +1222,33 @@ export interface ResourceShare {
690
1222
  */
691
1223
  lastUpdatedTime?: Date;
692
1224
  /**
693
- * <p>Indicates how the resource share was created. Possible values include:</p>
1225
+ * <p>Indicates what features are available for this resource share. This parameter can have one of
1226
+ * the following values:</p>
694
1227
  * <ul>
695
1228
  * <li>
696
1229
  * <p>
697
- * <code>CREATED_FROM_POLICY</code> - Indicates that the resource share was created from an
698
- * Identity and Access Management (IAM) resource-based permission policy attached to the resource.
699
- * This type of resource share is visible only to the Amazon Web Services account that created it. You
700
- * can't modify it in RAM unless you promote it. For more information, see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
1230
+ * <b>STANDARD</b> A resource share that supports all
1231
+ * functionality. These resource shares are visible to all principals you share the resource share with.
1232
+ * You can modify these resource shares in RAM using the console or APIs. This resource share might
1233
+ * have been created by RAM, or it might have been <b>CREATED_FROM_POLICY</b> and then promoted.</p>
701
1234
  * </li>
702
1235
  * <li>
703
1236
  * <p>
704
- * <code>PROMOTING_TO_STANDARD</code> - The resource share is in the process of being
705
- * promoted. For more information, see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
1237
+ * <b>CREATED_FROM_POLICY</b> The customer
1238
+ * manually shared a resource by attaching a resource-based policy. That policy did
1239
+ * not match any existing managed permissions, so RAM created this customer managed permission automatically on the
1240
+ * customer's behalf based on the attached policy document. This type of resource share
1241
+ * is visible only to the Amazon Web Services account that created it. You can't modify it in
1242
+ * RAM unless you promote it. For more information,
1243
+ * see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
706
1244
  * </li>
707
1245
  * <li>
708
1246
  * <p>
709
- * <code>STANDARD</code> - Indicates that the resource share was created in RAM using the
710
- * console or APIs. These resource shares are visible to all principals you share the resource share
711
- * with. You can modify these resource shares in RAM using the console or APIs.</p>
1247
+ * <b>PROMOTING_TO_STANDARD</b> This
1248
+ * resource share was originally <code>CREATED_FROM_POLICY</code>, but the customer ran
1249
+ * the <a>PromoteResourceShareCreatedFromPolicy</a> and that operation
1250
+ * is still in progress. This value changes to <code>STANDARD</code> when
1251
+ * complete.</p>
712
1252
  * </li>
713
1253
  * </ul>
714
1254
  */
@@ -732,7 +1272,8 @@ export interface CreateResourceShareResponse {
732
1272
  }
733
1273
  /**
734
1274
  * @public
735
- * <p>The specified tag key is a reserved word and can't be used.</p>
1275
+ * <p>The operation failed because the specified tag key is a reserved word and can't be
1276
+ * used.</p>
736
1277
  */
737
1278
  export declare class TagPolicyViolationException extends __BaseException {
738
1279
  readonly name: "TagPolicyViolationException";
@@ -742,12 +1283,111 @@ export declare class TagPolicyViolationException extends __BaseException {
742
1283
  */
743
1284
  constructor(opts: __ExceptionOptionType<TagPolicyViolationException, __BaseException>);
744
1285
  }
1286
+ /**
1287
+ * @public
1288
+ */
1289
+ export interface DeletePermissionRequest {
1290
+ /**
1291
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the customer managed permission that you want to delete.</p>
1292
+ */
1293
+ permissionArn: string | undefined;
1294
+ /**
1295
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
1296
+ * ensure the idempotency of the request. This lets you safely retry the request without
1297
+ * accidentally performing the same operation a second time. Passing the same value to a
1298
+ * later call to an operation requires that you also pass the same value for all other
1299
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
1300
+ * value.</a>.</p>
1301
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
1302
+ * you.</p>
1303
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1304
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1305
+ * error.</p>
1306
+ */
1307
+ clientToken?: string;
1308
+ }
1309
+ /**
1310
+ * @public
1311
+ */
1312
+ export interface DeletePermissionResponse {
1313
+ /**
1314
+ * <p>A boolean that indicates whether the delete operations succeeded.</p>
1315
+ */
1316
+ returnValue?: boolean;
1317
+ /**
1318
+ * <p>The idempotency identifier associated with this request. If you
1319
+ * want to repeat the same operation in an idempotent manner then you must include this
1320
+ * value in the <code>clientToken</code> request parameter of that later call. All other
1321
+ * parameters must also have the same values that you used in the first call.</p>
1322
+ */
1323
+ clientToken?: string;
1324
+ /**
1325
+ * <p>This operation is performed asynchronously, and this response parameter indicates the
1326
+ * current status.</p>
1327
+ */
1328
+ permissionStatus?: PermissionStatus | string;
1329
+ }
1330
+ /**
1331
+ * @public
1332
+ */
1333
+ export interface DeletePermissionVersionRequest {
1334
+ /**
1335
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the permission with the version you want to delete.</p>
1336
+ */
1337
+ permissionArn: string | undefined;
1338
+ /**
1339
+ * <p>Specifies the version number to delete.</p>
1340
+ * <p>You can't delete the default version for a customer managed permission.</p>
1341
+ * <p>You can't delete a version if it's the only version of the permission. You must either
1342
+ * first create another version, or delete the permission completely.</p>
1343
+ * <p>You can't delete a version if it is attached to any resource shares. If the version is
1344
+ * the default, you must first use <a>SetDefaultPermissionVersion</a> to set a
1345
+ * different version as the default for the customer managed permission, and then use <a>AssociateResourceSharePermission</a> to update your resource shares to use
1346
+ * the new default version.</p>
1347
+ */
1348
+ permissionVersion: number | undefined;
1349
+ /**
1350
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
1351
+ * ensure the idempotency of the request. This lets you safely retry the request without
1352
+ * accidentally performing the same operation a second time. Passing the same value to a
1353
+ * later call to an operation requires that you also pass the same value for all other
1354
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
1355
+ * value.</a>.</p>
1356
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
1357
+ * you.</p>
1358
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1359
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1360
+ * error.</p>
1361
+ */
1362
+ clientToken?: string;
1363
+ }
1364
+ /**
1365
+ * @public
1366
+ */
1367
+ export interface DeletePermissionVersionResponse {
1368
+ /**
1369
+ * <p>A boolean value that indicates whether the operation is successful.</p>
1370
+ */
1371
+ returnValue?: boolean;
1372
+ /**
1373
+ * <p>The idempotency identifier associated with this request. If you
1374
+ * want to repeat the same operation in an idempotent manner then you must include this
1375
+ * value in the <code>clientToken</code> request parameter of that later call. All other
1376
+ * parameters must also have the same values that you used in the first call.</p>
1377
+ */
1378
+ clientToken?: string;
1379
+ /**
1380
+ * <p>This operation is performed asynchronously, and this response parameter indicates the
1381
+ * current status.</p>
1382
+ */
1383
+ permissionStatus?: PermissionStatus | string;
1384
+ }
745
1385
  /**
746
1386
  * @public
747
1387
  */
748
1388
  export interface DeleteResourceShareRequest {
749
1389
  /**
750
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share to delete.</p>
1390
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share to delete.</p>
751
1391
  */
752
1392
  resourceShareArn: string | undefined;
753
1393
  /**
@@ -759,6 +1399,9 @@ export interface DeleteResourceShareRequest {
759
1399
  * value.</a>.</p>
760
1400
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
761
1401
  * you.</p>
1402
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1403
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1404
+ * error.</p>
762
1405
  */
763
1406
  clientToken?: string;
764
1407
  }
@@ -784,13 +1427,14 @@ export interface DeleteResourceShareResponse {
784
1427
  */
785
1428
  export interface DisassociateResourceShareRequest {
786
1429
  /**
787
- * <p>Specifies <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share that you want to remove resources from.</p>
1430
+ * <p>Specifies <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to remove resources or principals
1431
+ * from.</p>
788
1432
  */
789
1433
  resourceShareArn: string | undefined;
790
1434
  /**
791
1435
  * <p>Specifies a list of <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Names (ARNs)</a> for one or more resources that you want to remove from
792
1436
  * the resource share. After the operation runs, these resources are no longer shared with principals
793
- * outside of the Amazon Web Services account that created the resources.</p>
1437
+ * associated with the resource share.</p>
794
1438
  */
795
1439
  resourceArns?: string[];
796
1440
  /**
@@ -803,7 +1447,7 @@ export interface DisassociateResourceShareRequest {
803
1447
  * </p>
804
1448
  * </li>
805
1449
  * <li>
806
- * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example:
1450
+ * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an organization in Organizations, for example:
807
1451
  * <code>organizations::123456789012:organization/o-exampleorgid</code>
808
1452
  * </p>
809
1453
  * </li>
@@ -839,6 +1483,9 @@ export interface DisassociateResourceShareRequest {
839
1483
  * value.</a>.</p>
840
1484
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
841
1485
  * you.</p>
1486
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1487
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1488
+ * error.</p>
842
1489
  */
843
1490
  clientToken?: string;
844
1491
  }
@@ -847,7 +1494,7 @@ export interface DisassociateResourceShareRequest {
847
1494
  */
848
1495
  export interface DisassociateResourceShareResponse {
849
1496
  /**
850
- * <p>An array of objects that contain information about the updated associations for this
1497
+ * <p>An array of objects with information about the updated associations for this
851
1498
  * resource share.</p>
852
1499
  */
853
1500
  resourceShareAssociations?: ResourceShareAssociation[];
@@ -864,12 +1511,12 @@ export interface DisassociateResourceShareResponse {
864
1511
  */
865
1512
  export interface DisassociateResourceSharePermissionRequest {
866
1513
  /**
867
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share from which you want to disassociate a permission.</p>
1514
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to remove the managed permission from.</p>
868
1515
  */
869
1516
  resourceShareArn: string | undefined;
870
1517
  /**
871
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the permission to disassociate from the resource share. Changes to permissions
872
- * take effect immediately.</p>
1518
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission to disassociate from the resource share. Changes to permissions take
1519
+ * effect immediately.</p>
873
1520
  */
874
1521
  permissionArn: string | undefined;
875
1522
  /**
@@ -881,6 +1528,9 @@ export interface DisassociateResourceSharePermissionRequest {
881
1528
  * value.</a>.</p>
882
1529
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
883
1530
  * you.</p>
1531
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
1532
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
1533
+ * error.</p>
884
1534
  */
885
1535
  clientToken?: string;
886
1536
  }
@@ -921,69 +1571,24 @@ export interface EnableSharingWithAwsOrganizationResponse {
921
1571
  */
922
1572
  export interface GetPermissionRequest {
923
1573
  /**
924
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the permission whose contents you want to retrieve.
1574
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the permission whose contents you want to retrieve.
925
1575
  * To find the ARN for a permission, use either the <a>ListPermissions</a> operation or go to the <a href="https://console.aws.amazon.com/ram/home#Permissions:">Permissions library</a> page in the RAM console and
926
1576
  * then choose the name of the permission. The ARN is displayed on the detail page.</p>
927
1577
  */
928
1578
  permissionArn: string | undefined;
929
1579
  /**
930
- * <p>Specifies identifier for the version of the RAM permission to retrieve. If you don't
931
- * specify this parameter, the operation retrieves the default version.</p>
1580
+ * <p>Specifies the version number of the RAM permission to retrieve. If you don't specify
1581
+ * this parameter, the operation retrieves the default version.</p>
1582
+ * <p>To see the list of available versions, use <a>ListPermissionVersions</a>.</p>
932
1583
  */
933
1584
  permissionVersion?: number;
934
1585
  }
935
- /**
936
- * @public
937
- * <p>Information about an RAM permission.</p>
938
- */
939
- export interface ResourceSharePermissionDetail {
940
- /**
941
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of this RAM permission.</p>
942
- */
943
- arn?: string;
944
- /**
945
- * <p>The version of the permission represented in this structure.</p>
946
- */
947
- version?: string;
948
- /**
949
- * <p>Specifies whether the version of the permission represented in this structure is the
950
- * default version for this permission.</p>
951
- */
952
- defaultVersion?: boolean;
953
- /**
954
- * <p>The name of this permission.</p>
955
- */
956
- name?: string;
957
- /**
958
- * <p>The resource type to which this permission applies.</p>
959
- */
960
- resourceType?: string;
961
- /**
962
- * <p>The permission's effect and actions in JSON format. The <code>effect</code> indicates
963
- * whether the specified actions are allowed or denied. The <code>actions</code> list the
964
- * operations to which the principal is granted or denied access.</p>
965
- */
966
- permission?: string;
967
- /**
968
- * <p>The date and time when the permission was created.</p>
969
- */
970
- creationTime?: Date;
971
- /**
972
- * <p>The date and time when the permission was last updated.</p>
973
- */
974
- lastUpdatedTime?: Date;
975
- /**
976
- * <p>Specifies whether the version of the permission represented in this structure is the
977
- * default version for all resources of this resource type.</p>
978
- */
979
- isResourceTypeDefault?: boolean;
980
- }
981
1586
  /**
982
1587
  * @public
983
1588
  */
984
1589
  export interface GetPermissionResponse {
985
1590
  /**
986
- * <p>An object that contains information about the permission.</p>
1591
+ * <p>An object with details about the permission.</p>
987
1592
  */
988
1593
  permission?: ResourceSharePermissionDetail;
989
1594
  }
@@ -1039,7 +1644,9 @@ export interface GetResourcePoliciesResponse {
1039
1644
  }
1040
1645
  /**
1041
1646
  * @public
1042
- * <p>The specified value for <code>NextToken</code> is not valid.</p>
1647
+ * <p>The operation failed because the specified value for <code>NextToken</code> isn't
1648
+ * valid. You must specify a value you received in the <code>NextToken</code> response of a
1649
+ * previous call to this operation.</p>
1043
1650
  */
1044
1651
  export declare class InvalidNextTokenException extends __BaseException {
1045
1652
  readonly name: "InvalidNextTokenException";
@@ -1051,7 +1658,7 @@ export declare class InvalidNextTokenException extends __BaseException {
1051
1658
  }
1052
1659
  /**
1053
1660
  * @public
1054
- * <p>The specified Amazon Resource Name (ARN) was not found.</p>
1661
+ * <p>The operation failed because the specified <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> was not found.</p>
1055
1662
  */
1056
1663
  export declare class ResourceArnNotFoundException extends __BaseException {
1057
1664
  readonly name: "ResourceArnNotFoundException";
@@ -1071,13 +1678,13 @@ export interface GetResourceShareAssociationsRequest {
1071
1678
  * <ul>
1072
1679
  * <li>
1073
1680
  * <p>
1074
- * <code>PRINCIPAL</code> – list the principals that are associated with
1075
- * the specified resource share.</p>
1681
+ * <code>PRINCIPAL</code> – list the principals whose associations you
1682
+ * want to see.</p>
1076
1683
  * </li>
1077
1684
  * <li>
1078
1685
  * <p>
1079
- * <code>RESOURCE</code> – list the resources that are associated with the
1080
- * specified resource share.</p>
1686
+ * <code>RESOURCE</code> – list the resources whose associations you want
1687
+ * to see.</p>
1081
1688
  * </li>
1082
1689
  * </ul>
1083
1690
  */
@@ -1088,21 +1695,21 @@ export interface GetResourceShareAssociationsRequest {
1088
1695
  */
1089
1696
  resourceShareArns?: string[];
1090
1697
  /**
1091
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource whose resource shares you want to retrieve.</p>
1698
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of a resource whose resource shares you want to retrieve.</p>
1092
1699
  * <p>You cannot specify this parameter if the association type is
1093
1700
  * <code>PRINCIPAL</code>.</p>
1094
1701
  */
1095
1702
  resourceArn?: string;
1096
1703
  /**
1097
1704
  * <p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an
1098
- * Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an
1705
+ * Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an
1099
1706
  * individual IAM user or role.</p>
1100
1707
  * <p>You cannot specify this parameter if the association type is
1101
1708
  * <code>RESOURCE</code>.</p>
1102
1709
  */
1103
1710
  principal?: string;
1104
1711
  /**
1105
- * <p>Specifies that you want to retrieve only associations with this status.</p>
1712
+ * <p>Specifies that you want to retrieve only associations that have this status.</p>
1106
1713
  */
1107
1714
  associationStatus?: ResourceShareAssociationStatus | string;
1108
1715
  /**
@@ -1197,7 +1804,8 @@ export interface GetResourceShareInvitationsResponse {
1197
1804
  }
1198
1805
  /**
1199
1806
  * @public
1200
- * <p>The specified value for <code>MaxResults</code> is not valid.</p>
1807
+ * <p>The operation failed because the specified value for <code>MaxResults</code> isn't
1808
+ * valid.</p>
1201
1809
  */
1202
1810
  export declare class InvalidMaxResultsException extends __BaseException {
1203
1811
  readonly name: "InvalidMaxResultsException";
@@ -1300,10 +1908,15 @@ export interface GetResourceSharesRequest {
1300
1908
  */
1301
1909
  maxResults?: number;
1302
1910
  /**
1303
- * <p>Specifies that you want to retrieve details of only those resource shares that use the RAM
1304
- * permission with this <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a>.</p>
1911
+ * <p>Specifies that you want to retrieve details of only those resource shares that use the managed permission with
1912
+ * this <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a>.</p>
1305
1913
  */
1306
1914
  permissionArn?: string;
1915
+ /**
1916
+ * <p>Specifies that you want to retrieve details for only those resource shares that use the
1917
+ * specified version of the managed permission.</p>
1918
+ */
1919
+ permissionVersion?: number;
1307
1920
  }
1308
1921
  /**
1309
1922
  * @public
@@ -1340,7 +1953,7 @@ export type ResourceRegionScopeFilter = (typeof ResourceRegionScopeFilter)[keyof
1340
1953
  */
1341
1954
  export interface ListPendingInvitationResourcesRequest {
1342
1955
  /**
1343
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the invitation. You can use <a>GetResourceShareInvitations</a> to find the ARN of the invitation.</p>
1956
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the invitation. You can use <a>GetResourceShareInvitations</a> to find the ARN of the invitation.</p>
1344
1957
  */
1345
1958
  resourceShareInvitationArn: string | undefined;
1346
1959
  /**
@@ -1420,21 +2033,22 @@ export type ResourceStatus = (typeof ResourceStatus)[keyof typeof ResourceStatus
1420
2033
  */
1421
2034
  export interface Resource {
1422
2035
  /**
1423
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource.</p>
2036
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource.</p>
1424
2037
  */
1425
2038
  arn?: string;
1426
2039
  /**
1427
2040
  * <p>The resource type. This takes the form of:
1428
- * <code>service-code</code>:<code>resource-code</code>
1429
- * </p>
2041
+ * <code>service-code</code>:<code>resource-code</code>, and is case-insensitive. For
2042
+ * example, an Amazon EC2 Subnet would be represented by the string
2043
+ * <code>ec2:subnet</code>.</p>
1430
2044
  */
1431
2045
  type?: string;
1432
2046
  /**
1433
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share this resource is associated with.</p>
2047
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share this resource is associated with.</p>
1434
2048
  */
1435
2049
  resourceShareArn?: string;
1436
2050
  /**
1437
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource group. This value is available only if the resource is
2051
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource group. This value is available only if the resource is
1438
2052
  * part of a resource group.</p>
1439
2053
  */
1440
2054
  resourceGroupArn?: string;
@@ -1451,7 +2065,8 @@ export interface Resource {
1451
2065
  */
1452
2066
  creationTime?: Date;
1453
2067
  /**
1454
- * <p>The date an time when the association was last updated.</p>
2068
+ * <p>The date an time when the association between the resource and the resource share was
2069
+ * last updated.</p>
1455
2070
  */
1456
2071
  lastUpdatedTime?: Date;
1457
2072
  /**
@@ -1492,7 +2107,7 @@ export interface ListPendingInvitationResourcesResponse {
1492
2107
  }
1493
2108
  /**
1494
2109
  * @public
1495
- * <p>A required input parameter is missing.</p>
2110
+ * <p>The operation failed because a required input parameter is missing.</p>
1496
2111
  */
1497
2112
  export declare class MissingRequiredParameterException extends __BaseException {
1498
2113
  readonly name: "MissingRequiredParameterException";
@@ -1505,14 +2120,40 @@ export declare class MissingRequiredParameterException extends __BaseException {
1505
2120
  /**
1506
2121
  * @public
1507
2122
  */
1508
- export interface ListPermissionsRequest {
2123
+ export interface ListPermissionAssociationsRequest {
1509
2124
  /**
1510
- * <p>Specifies that you want to list permissions for only the specified resource type. For
1511
- * example, to list only permissions that apply to EC2 subnets, specify
1512
- * <code>ec2:Subnet</code>. You can use the <a>ListResourceTypes</a>
1513
- * operation to get the specific string required.</p>
2125
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission.</p>
2126
+ */
2127
+ permissionArn?: string;
2128
+ /**
2129
+ * <p>Specifies that you want to list only those associations with resource shares that use this
2130
+ * version of the managed permission. If you don't provide a value for this parameter, then the operation
2131
+ * returns information about associations with resource shares that use any version of the
2132
+ * managed permission.</p>
2133
+ */
2134
+ permissionVersion?: number;
2135
+ /**
2136
+ * <p>Specifies that you want to list only those associations with resource shares that match this
2137
+ * status.</p>
2138
+ */
2139
+ associationStatus?: ResourceShareAssociationStatus | string;
2140
+ /**
2141
+ * <p>Specifies that you want to list only those associations with resource shares that include at
2142
+ * least one resource of this resource type.</p>
1514
2143
  */
1515
2144
  resourceType?: string;
2145
+ /**
2146
+ * <p>Specifies that you want to list only those associations with resource shares that have a
2147
+ * <code>featureSet</code> with this value.</p>
2148
+ */
2149
+ featureSet?: PermissionFeatureSet | string;
2150
+ /**
2151
+ * <p>When <code>true</code>, specifies that you want to list only those associations with
2152
+ * resource shares that use the default version of the specified managed permission.</p>
2153
+ * <p>When <code>false</code> (the default value), lists associations with resource shares that use
2154
+ * any version of the specified managed permission.</p>
2155
+ */
2156
+ defaultVersion?: boolean;
1516
2157
  /**
1517
2158
  * <p>Specifies that you want to receive the next page of results. Valid
1518
2159
  * only if you received a <code>NextToken</code> response in the previous request. If you
@@ -1536,48 +2177,175 @@ export interface ListPermissionsRequest {
1536
2177
  }
1537
2178
  /**
1538
2179
  * @public
1539
- * <p>Information about an RAM permission that is associated with a resource share and any of its
1540
- * resources of a specified type.</p>
2180
+ * <p>An object that describes a managed permission associated with a resource share.</p>
1541
2181
  */
1542
- export interface ResourceSharePermissionSummary {
2182
+ export interface AssociatedPermission {
1543
2183
  /**
1544
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the permission you want information about.</p>
2184
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the associated managed permission.</p>
1545
2185
  */
1546
2186
  arn?: string;
1547
2187
  /**
1548
- * <p>The version of the permission represented in this structure.</p>
2188
+ * <p>The version of the permission currently associated with the resource share.</p>
1549
2189
  */
1550
- version?: string;
2190
+ permissionVersion?: string;
1551
2191
  /**
1552
- * <p>Specifies whether the version of the permission represented in this structure is the
1553
- * default version for this permission.</p>
2192
+ * <p>Indicates whether the associated resource share is using the default version of the
2193
+ * permission.</p>
1554
2194
  */
1555
2195
  defaultVersion?: boolean;
1556
2196
  /**
1557
- * <p>The name of this permission.</p>
1558
- */
1559
- name?: string;
1560
- /**
1561
- * <p>The type of resource to which this permission applies.</p>
2197
+ * <p>The resource type to which this permission applies.</p>
1562
2198
  */
1563
2199
  resourceType?: string;
1564
2200
  /**
1565
- * <p>The current status of the permission.</p>
2201
+ * <p>The current status of the association between the permission and the resource share.
2202
+ * The following are the possible values:</p>
2203
+ * <ul>
2204
+ * <li>
2205
+ * <p>
2206
+ * <code>ATTACHABLE</code> – This permission or version can be associated
2207
+ * with resource shares.</p>
2208
+ * </li>
2209
+ * <li>
2210
+ * <p>
2211
+ * <code>UNATTACHABLE</code> – This permission or version can't
2212
+ * currently be associated with resource shares.</p>
2213
+ * </li>
2214
+ * <li>
2215
+ * <p>
2216
+ * <code>DELETING</code> – This permission or version is in the process of
2217
+ * being deleted.</p>
2218
+ * </li>
2219
+ * <li>
2220
+ * <p>
2221
+ * <code>DELETED</code> – This permission or version is deleted.</p>
2222
+ * </li>
2223
+ * </ul>
1566
2224
  */
1567
2225
  status?: string;
1568
2226
  /**
1569
- * <p>The date and time when the permission was created.</p>
2227
+ * <p>Indicates what features are available for this resource share. This parameter can have one of
2228
+ * the following values:</p>
2229
+ * <ul>
2230
+ * <li>
2231
+ * <p>
2232
+ * <b>STANDARD</b> – A resource share that supports all
2233
+ * functionality. These resource shares are visible to all principals you share the resource share with.
2234
+ * You can modify these resource shares in RAM using the console or APIs. This resource share might
2235
+ * have been created by RAM, or it might have been <b>CREATED_FROM_POLICY</b> and then promoted.</p>
2236
+ * </li>
2237
+ * <li>
2238
+ * <p>
2239
+ * <b>CREATED_FROM_POLICY</b> – The customer
2240
+ * manually shared a resource by attaching a resource-based policy. That policy did
2241
+ * not match any existing managed permissions, so RAM created this customer managed permission automatically on the
2242
+ * customer's behalf based on the attached policy document. This type of resource share
2243
+ * is visible only to the Amazon Web Services account that created it. You can't modify it in
2244
+ * RAM unless you promote it. For more information,
2245
+ * see <a>PromoteResourceShareCreatedFromPolicy</a>.</p>
2246
+ * </li>
2247
+ * <li>
2248
+ * <p>
2249
+ * <b>PROMOTING_TO_STANDARD</b> – This
2250
+ * resource share was originally <code>CREATED_FROM_POLICY</code>, but the customer ran
2251
+ * the <a>PromoteResourceShareCreatedFromPolicy</a> and that operation
2252
+ * is still in progress. This value changes to <code>STANDARD</code> when
2253
+ * complete.</p>
2254
+ * </li>
2255
+ * </ul>
2256
+ */
2257
+ featureSet?: PermissionFeatureSet | string;
2258
+ /**
2259
+ * <p>The date and time when the association between the permission and the resource share
2260
+ * was last updated.</p>
2261
+ */
2262
+ lastUpdatedTime?: Date;
2263
+ /**
2264
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of a resource share associated with this permission.</p>
2265
+ */
2266
+ resourceShareArn?: string;
2267
+ }
2268
+ /**
2269
+ * @public
2270
+ */
2271
+ export interface ListPermissionAssociationsResponse {
2272
+ /**
2273
+ * <p>A structure with information about this customer managed permission.</p>
2274
+ */
2275
+ permissions?: AssociatedPermission[];
2276
+ /**
2277
+ * <p>If present, this value indicates that more output is available than
2278
+ * is included in the current response. Use this value in the <code>NextToken</code>
2279
+ * request parameter in a subsequent call to the operation to get the next part of the
2280
+ * output. You should repeat this until the <code>NextToken</code> response element comes
2281
+ * back as <code>null</code>. This indicates that this is the last page of results.</p>
2282
+ */
2283
+ nextToken?: string;
2284
+ }
2285
+ /**
2286
+ * @public
2287
+ * @enum
2288
+ */
2289
+ export declare const PermissionTypeFilter: {
2290
+ readonly ALL: "ALL";
2291
+ readonly AWS_MANAGED: "AWS_MANAGED";
2292
+ readonly CUSTOMER_MANAGED: "CUSTOMER_MANAGED";
2293
+ };
2294
+ /**
2295
+ * @public
2296
+ */
2297
+ export type PermissionTypeFilter = (typeof PermissionTypeFilter)[keyof typeof PermissionTypeFilter];
2298
+ /**
2299
+ * @public
2300
+ */
2301
+ export interface ListPermissionsRequest {
2302
+ /**
2303
+ * <p>Specifies that you want to list only those permissions that apply to the specified
2304
+ * resource type. This parameter is not case sensitive.</p>
2305
+ * <p>For example, to list only permissions that apply to Amazon EC2 subnets, specify
2306
+ * <code>ec2:subnet</code>. You can use the <a>ListResourceTypes</a>
2307
+ * operation to get the specific string required.</p>
2308
+ */
2309
+ resourceType?: string;
2310
+ /**
2311
+ * <p>Specifies that you want to receive the next page of results. Valid
2312
+ * only if you received a <code>NextToken</code> response in the previous request. If you
2313
+ * did, it indicates that more output is available. Set this parameter to the value
2314
+ * provided by the previous call's <code>NextToken</code> response to request the
2315
+ * next page of results.</p>
1570
2316
  */
1571
- creationTime?: Date;
2317
+ nextToken?: string;
1572
2318
  /**
1573
- * <p>The date and time when the permission was last updated.</p>
2319
+ * <p>Specifies the total number of results that you want included on each page
2320
+ * of the response. If you do not include this parameter, it defaults to a value that is
2321
+ * specific to the operation. If additional items exist beyond the number you specify, the
2322
+ * <code>NextToken</code> response element is returned with a value (not null).
2323
+ * Include the specified value as the <code>NextToken</code> request parameter in the next
2324
+ * call to the operation to get the next part of the results. Note that the service might
2325
+ * return fewer results than the maximum even when there are more results available. You
2326
+ * should check <code>NextToken</code> after every operation to ensure that you receive all
2327
+ * of the results.</p>
1574
2328
  */
1575
- lastUpdatedTime?: Date;
2329
+ maxResults?: number;
1576
2330
  /**
1577
- * <p>Specifies whether the version of the permission represented in this structure is the
1578
- * default version for all resources of this resource type.</p>
2331
+ * <p>Specifies that you want to list only permissions of this type:</p>
2332
+ * <ul>
2333
+ * <li>
2334
+ * <p>
2335
+ * <code>AWS</code> – returns only Amazon Web Services managed permissions.</p>
2336
+ * </li>
2337
+ * <li>
2338
+ * <p>
2339
+ * <code>LOCAL</code> – returns only customer managed permissions</p>
2340
+ * </li>
2341
+ * <li>
2342
+ * <p>
2343
+ * <code>ALL</code> – returns both Amazon Web Services managed permissions and customer managed permissions.</p>
2344
+ * </li>
2345
+ * </ul>
2346
+ * <p>If you don't specify this parameter, the default is <code>All</code>.</p>
1579
2347
  */
1580
- isResourceTypeDefault?: boolean;
2348
+ permissionType?: PermissionTypeFilter | string;
1581
2349
  }
1582
2350
  /**
1583
2351
  * @public
@@ -1601,7 +2369,7 @@ export interface ListPermissionsResponse {
1601
2369
  */
1602
2370
  export interface ListPermissionVersionsRequest {
1603
2371
  /**
1604
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the RAM permission whose versions you want to list. You
2372
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the RAM permission whose versions you want to list. You
1605
2373
  * can use the <code>permissionVersion</code> parameter on the <a>AssociateResourceSharePermission</a> operation to specify a non-default
1606
2374
  * version to attach.</p>
1607
2375
  */
@@ -1671,7 +2439,7 @@ export interface ListPrincipalsRequest {
1671
2439
  resourceOwner: ResourceOwner | string | undefined;
1672
2440
  /**
1673
2441
  * <p>Specifies that you want to list principal information for the resource share with the specified
1674
- * <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a>.</p>
2442
+ * <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a>.</p>
1675
2443
  */
1676
2444
  resourceArn?: string;
1677
2445
  /**
@@ -1683,7 +2451,7 @@ export interface ListPrincipalsRequest {
1683
2451
  * </p>
1684
2452
  * </li>
1685
2453
  * <li>
1686
- * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of an organization in Organizations, for example:
2454
+ * <p>An <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of an organization in Organizations, for example:
1687
2455
  * <code>organizations::123456789012:organization/o-exampleorgid</code>
1688
2456
  * </p>
1689
2457
  * </li>
@@ -1749,11 +2517,11 @@ export interface ListPrincipalsRequest {
1749
2517
  */
1750
2518
  export interface Principal {
1751
2519
  /**
1752
- * <p>The ID of the principal.</p>
2520
+ * <p>The ID of the principal that can be associated with a resource share.</p>
1753
2521
  */
1754
2522
  id?: string;
1755
2523
  /**
1756
- * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of a resource share the principal is associated with.</p>
2524
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of a resource share the principal is associated with.</p>
1757
2525
  */
1758
2526
  resourceShareArn?: string;
1759
2527
  /**
@@ -1761,12 +2529,25 @@ export interface Principal {
1761
2529
  */
1762
2530
  creationTime?: Date;
1763
2531
  /**
1764
- * <p>The date and time when the association was last updated.</p>
2532
+ * <p>The date and time when the association between the resource share and the principal
2533
+ * was last updated.</p>
1765
2534
  */
1766
2535
  lastUpdatedTime?: Date;
1767
2536
  /**
1768
- * <p>Indicates whether the principal belongs to the same organization in Organizations as the
1769
- * Amazon Web Services account that owns the resource share.</p>
2537
+ * <p>Indicates the relationship between the Amazon Web Services account the principal belongs to and the
2538
+ * account that owns the resource share:</p>
2539
+ * <ul>
2540
+ * <li>
2541
+ * <p>
2542
+ * <code>True</code> – The two accounts belong to same
2543
+ * organization.</p>
2544
+ * </li>
2545
+ * <li>
2546
+ * <p>
2547
+ * <code>False</code> – The two accounts do not belong to the same
2548
+ * organization.</p>
2549
+ * </li>
2550
+ * </ul>
1770
2551
  */
1771
2552
  external?: boolean;
1772
2553
  }
@@ -1789,7 +2570,137 @@ export interface ListPrincipalsResponse {
1789
2570
  }
1790
2571
  /**
1791
2572
  * @public
1792
- * <p>The specified resource type is not valid.</p>
2573
+ * @enum
2574
+ */
2575
+ export declare const ReplacePermissionAssociationsWorkStatus: {
2576
+ readonly COMPLETED: "COMPLETED";
2577
+ readonly FAILED: "FAILED";
2578
+ readonly IN_PROGRESS: "IN_PROGRESS";
2579
+ };
2580
+ /**
2581
+ * @public
2582
+ */
2583
+ export type ReplacePermissionAssociationsWorkStatus = (typeof ReplacePermissionAssociationsWorkStatus)[keyof typeof ReplacePermissionAssociationsWorkStatus];
2584
+ /**
2585
+ * @public
2586
+ */
2587
+ export interface ListReplacePermissionAssociationsWorkRequest {
2588
+ /**
2589
+ * <p>A list of IDs. These values come from the <code>id</code>field of the
2590
+ * <code>replacePermissionAssociationsWork</code>structure returned by the <a>ReplacePermissionAssociations</a> operation. </p>
2591
+ */
2592
+ workIds?: string[];
2593
+ /**
2594
+ * <p>Specifies that you want to see only the details about requests with a status that
2595
+ * matches this value.</p>
2596
+ */
2597
+ status?: ReplacePermissionAssociationsWorkStatus | string;
2598
+ /**
2599
+ * <p>Specifies that you want to receive the next page of results. Valid
2600
+ * only if you received a <code>NextToken</code> response in the previous request. If you
2601
+ * did, it indicates that more output is available. Set this parameter to the value
2602
+ * provided by the previous call's <code>NextToken</code> response to request the
2603
+ * next page of results.</p>
2604
+ */
2605
+ nextToken?: string;
2606
+ /**
2607
+ * <p>Specifies the total number of results that you want included on each page
2608
+ * of the response. If you do not include this parameter, it defaults to a value that is
2609
+ * specific to the operation. If additional items exist beyond the number you specify, the
2610
+ * <code>NextToken</code> response element is returned with a value (not null).
2611
+ * Include the specified value as the <code>NextToken</code> request parameter in the next
2612
+ * call to the operation to get the next part of the results. Note that the service might
2613
+ * return fewer results than the maximum even when there are more results available. You
2614
+ * should check <code>NextToken</code> after every operation to ensure that you receive all
2615
+ * of the results.</p>
2616
+ */
2617
+ maxResults?: number;
2618
+ }
2619
+ /**
2620
+ * @public
2621
+ * <p>A structure that represents the background work that RAM performs when you invoke
2622
+ * the <a>ReplacePermissionAssociations</a> operation.</p>
2623
+ */
2624
+ export interface ReplacePermissionAssociationsWork {
2625
+ /**
2626
+ * <p>The unique identifier for the background task associated with one <a>ReplacePermissionAssociations</a> request.</p>
2627
+ */
2628
+ id?: string;
2629
+ /**
2630
+ * <p>The <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission that this background task is replacing.</p>
2631
+ */
2632
+ fromPermissionArn?: string;
2633
+ /**
2634
+ * <p>The version of the managed permission that this background task is replacing.</p>
2635
+ */
2636
+ fromPermissionVersion?: string;
2637
+ /**
2638
+ * <p>The ARN of the managed permission that this background task is associating with the resource shares in place
2639
+ * of the managed permission and version specified in <code>fromPermissionArn</code> and
2640
+ * <code>fromPermissionVersion</code>.</p>
2641
+ */
2642
+ toPermissionArn?: string;
2643
+ /**
2644
+ * <p>The version of the managed permission that this background task is associating with the resource shares. This
2645
+ * is always the version that is currently the default for this managed permission.</p>
2646
+ */
2647
+ toPermissionVersion?: string;
2648
+ /**
2649
+ * <p>Specifies the current status of the background tasks for the specified ID. The output
2650
+ * is one of the following strings:</p>
2651
+ * <ul>
2652
+ * <li>
2653
+ * <p>
2654
+ * <code>IN_PROGRESS</code>
2655
+ * </p>
2656
+ * </li>
2657
+ * <li>
2658
+ * <p>
2659
+ * <code>COMPLETED</code>
2660
+ * </p>
2661
+ * </li>
2662
+ * <li>
2663
+ * <p>
2664
+ * <code>FAILED</code>
2665
+ * </p>
2666
+ * </li>
2667
+ * </ul>
2668
+ */
2669
+ status?: ReplacePermissionAssociationsWorkStatus | string;
2670
+ /**
2671
+ * <p>Specifies the reason for a <code>FAILED</code> status. This field is present only when
2672
+ * there <code>status</code> is <code>FAILED</code>.</p>
2673
+ */
2674
+ statusMessage?: string;
2675
+ /**
2676
+ * <p>The date and time when this asynchronous background task was created.</p>
2677
+ */
2678
+ creationTime?: Date;
2679
+ /**
2680
+ * <p>The date and time when the status of this background task was last updated.</p>
2681
+ */
2682
+ lastUpdatedTime?: Date;
2683
+ }
2684
+ /**
2685
+ * @public
2686
+ */
2687
+ export interface ListReplacePermissionAssociationsWorkResponse {
2688
+ /**
2689
+ * <p>An array of data structures that provide details of the matching work IDs.</p>
2690
+ */
2691
+ replacePermissionAssociationsWorks?: ReplacePermissionAssociationsWork[];
2692
+ /**
2693
+ * <p>If present, this value indicates that more output is available than
2694
+ * is included in the current response. Use this value in the <code>NextToken</code>
2695
+ * request parameter in a subsequent call to the operation to get the next part of the
2696
+ * output. You should repeat this until the <code>NextToken</code> response element comes
2697
+ * back as <code>null</code>. This indicates that this is the last page of results.</p>
2698
+ */
2699
+ nextToken?: string;
2700
+ }
2701
+ /**
2702
+ * @public
2703
+ * <p>The operation failed because the specified resource type isn't valid.</p>
1793
2704
  */
1794
2705
  export declare class InvalidResourceTypeException extends __BaseException {
1795
2706
  readonly name: "InvalidResourceTypeException";
@@ -1910,7 +2821,7 @@ export interface ListResourcesResponse {
1910
2821
  */
1911
2822
  export interface ListResourceSharePermissionsRequest {
1912
2823
  /**
1913
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share for which you want to retrieve the associated
2824
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share for which you want to retrieve the associated
1914
2825
  * permissions.</p>
1915
2826
  */
1916
2827
  resourceShareArn: string | undefined;
@@ -2007,7 +2918,10 @@ export interface ListResourceTypesRequest {
2007
2918
  */
2008
2919
  export interface ServiceNameAndResourceType {
2009
2920
  /**
2010
- * <p>The type of the resource.</p>
2921
+ * <p>The type of the resource. This takes the form of:
2922
+ * <code>service-code</code>:<code>resource-code</code>, and is case-insensitive. For
2923
+ * example, an Amazon EC2 Subnet would be represented by the string
2924
+ * <code>ec2:subnet</code>.</p>
2011
2925
  */
2012
2926
  resourceType?: string;
2013
2927
  /**
@@ -2050,12 +2964,56 @@ export interface ListResourceTypesResponse {
2050
2964
  */
2051
2965
  nextToken?: string;
2052
2966
  }
2967
+ /**
2968
+ * @public
2969
+ */
2970
+ export interface PromotePermissionCreatedFromPolicyRequest {
2971
+ /**
2972
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the <code>CREATED_FROM_POLICY</code> permission that you
2973
+ * want to promote. You can get this <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> by calling the <a>ListResourceSharePermissions</a> operation.</p>
2974
+ */
2975
+ permissionArn: string | undefined;
2976
+ /**
2977
+ * <p>Specifies a name for the promoted customer managed permission.</p>
2978
+ */
2979
+ name: string | undefined;
2980
+ /**
2981
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
2982
+ * ensure the idempotency of the request. This lets you safely retry the request without
2983
+ * accidentally performing the same operation a second time. Passing the same value to a
2984
+ * later call to an operation requires that you also pass the same value for all other
2985
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
2986
+ * value.</a>.</p>
2987
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
2988
+ * you.</p>
2989
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
2990
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
2991
+ * error.</p>
2992
+ */
2993
+ clientToken?: string;
2994
+ }
2995
+ /**
2996
+ * @public
2997
+ */
2998
+ export interface PromotePermissionCreatedFromPolicyResponse {
2999
+ /**
3000
+ * <p>Information about an RAM permission.</p>
3001
+ */
3002
+ permission?: ResourceSharePermissionSummary;
3003
+ /**
3004
+ * <p>The idempotency identifier associated with this request. If you
3005
+ * want to repeat the same operation in an idempotent manner then you must include this
3006
+ * value in the <code>clientToken</code> request parameter of that later call. All other
3007
+ * parameters must also have the same values that you used in the first call.</p>
3008
+ */
3009
+ clientToken?: string;
3010
+ }
2053
3011
  /**
2054
3012
  * @public
2055
3013
  */
2056
3014
  export interface PromoteResourceShareCreatedFromPolicyRequest {
2057
3015
  /**
2058
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share to promote.</p>
3016
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share to promote.</p>
2059
3017
  */
2060
3018
  resourceShareArn: string | undefined;
2061
3019
  }
@@ -2069,12 +3027,25 @@ export interface PromoteResourceShareCreatedFromPolicyResponse {
2069
3027
  */
2070
3028
  returnValue?: boolean;
2071
3029
  }
3030
+ /**
3031
+ * @public
3032
+ * <p>There isn't an existing managed permission defined in RAM that has the same IAM permissions as
3033
+ * the resource-based policy attached to the resource. You should first run <a>PromotePermissionCreatedFromPolicy</a> to create that managed permission.</p>
3034
+ */
3035
+ export declare class UnmatchedPolicyPermissionException extends __BaseException {
3036
+ readonly name: "UnmatchedPolicyPermissionException";
3037
+ readonly $fault: "client";
3038
+ /**
3039
+ * @internal
3040
+ */
3041
+ constructor(opts: __ExceptionOptionType<UnmatchedPolicyPermissionException, __BaseException>);
3042
+ }
2072
3043
  /**
2073
3044
  * @public
2074
3045
  */
2075
3046
  export interface RejectResourceShareInvitationRequest {
2076
3047
  /**
2077
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the invitation that you want to reject.</p>
3048
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the invitation that you want to reject.</p>
2078
3049
  */
2079
3050
  resourceShareInvitationArn: string | undefined;
2080
3051
  /**
@@ -2086,6 +3057,9 @@ export interface RejectResourceShareInvitationRequest {
2086
3057
  * value.</a>.</p>
2087
3058
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
2088
3059
  * you.</p>
3060
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
3061
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
3062
+ * error.</p>
2089
3063
  */
2090
3064
  clientToken?: string;
2091
3065
  }
@@ -2107,7 +3081,106 @@ export interface RejectResourceShareInvitationResponse {
2107
3081
  }
2108
3082
  /**
2109
3083
  * @public
2110
- * <p>This request would exceed the limit for tags for your account.</p>
3084
+ */
3085
+ export interface ReplacePermissionAssociationsRequest {
3086
+ /**
3087
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission that you want to replace.</p>
3088
+ */
3089
+ fromPermissionArn: string | undefined;
3090
+ /**
3091
+ * <p>Specifies that you want to updated the permissions for only those resource shares that use the
3092
+ * specified version of the managed permission.</p>
3093
+ */
3094
+ fromPermissionVersion?: number;
3095
+ /**
3096
+ * <p>Specifies the ARN of the managed permission that you want to associate with resource
3097
+ * shares in place of the one specified by <code>fromPerssionArn</code> and
3098
+ * <code>fromPermissionVersion</code>.</p>
3099
+ * <p>The operation always associates the version that is currently the default for the
3100
+ * specified managed permission.</p>
3101
+ */
3102
+ toPermissionArn: string | undefined;
3103
+ /**
3104
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
3105
+ * ensure the idempotency of the request. This lets you safely retry the request without
3106
+ * accidentally performing the same operation a second time. Passing the same value to a
3107
+ * later call to an operation requires that you also pass the same value for all other
3108
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
3109
+ * value.</a>.</p>
3110
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
3111
+ * you.</p>
3112
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
3113
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
3114
+ * error.</p>
3115
+ */
3116
+ clientToken?: string;
3117
+ }
3118
+ /**
3119
+ * @public
3120
+ */
3121
+ export interface ReplacePermissionAssociationsResponse {
3122
+ /**
3123
+ * <p>Specifies a data structure that you can use to track the asynchronous tasks that RAM
3124
+ * performs to complete this operation. You can use the <a>ListReplacePermissionAssociationsWork</a> operation and pass the
3125
+ * <code>id</code> value returned in this structure.</p>
3126
+ */
3127
+ replacePermissionAssociationsWork?: ReplacePermissionAssociationsWork;
3128
+ /**
3129
+ * <p>The idempotency identifier associated with this request. If you
3130
+ * want to repeat the same operation in an idempotent manner then you must include this
3131
+ * value in the <code>clientToken</code> request parameter of that later call. All other
3132
+ * parameters must also have the same values that you used in the first call.</p>
3133
+ */
3134
+ clientToken?: string;
3135
+ }
3136
+ /**
3137
+ * @public
3138
+ */
3139
+ export interface SetDefaultPermissionVersionRequest {
3140
+ /**
3141
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the customer managed permission whose default version you want to change.</p>
3142
+ */
3143
+ permissionArn: string | undefined;
3144
+ /**
3145
+ * <p>Specifies the version number that you want to designate as the default for customer managed permission. To
3146
+ * see a list of all available version numbers, use <a>ListPermissionVersions</a>.</p>
3147
+ */
3148
+ permissionVersion: number | undefined;
3149
+ /**
3150
+ * <p>Specifies a unique, case-sensitive identifier that you provide to
3151
+ * ensure the idempotency of the request. This lets you safely retry the request without
3152
+ * accidentally performing the same operation a second time. Passing the same value to a
3153
+ * later call to an operation requires that you also pass the same value for all other
3154
+ * parameters. We recommend that you use a <a href="https://wikipedia.org/wiki/Universally_unique_identifier">UUID type of
3155
+ * value.</a>.</p>
3156
+ * <p>If you don't provide this value, then Amazon Web Services generates a random one for
3157
+ * you.</p>
3158
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
3159
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
3160
+ * error.</p>
3161
+ */
3162
+ clientToken?: string;
3163
+ }
3164
+ /**
3165
+ * @public
3166
+ */
3167
+ export interface SetDefaultPermissionVersionResponse {
3168
+ /**
3169
+ * <p>A boolean value that indicates whether the operation was successful.</p>
3170
+ */
3171
+ returnValue?: boolean;
3172
+ /**
3173
+ * <p>The idempotency identifier associated with this request. If you
3174
+ * want to repeat the same operation in an idempotent manner then you must include this
3175
+ * value in the <code>clientToken</code> request parameter of that later call. All other
3176
+ * parameters must also have the same values that you used in the first call.</p>
3177
+ */
3178
+ clientToken?: string;
3179
+ }
3180
+ /**
3181
+ * @public
3182
+ * <p>The operation failed because it would exceed the limit for tags for your
3183
+ * Amazon Web Services account.</p>
2111
3184
  */
2112
3185
  export declare class TagLimitExceededException extends __BaseException {
2113
3186
  readonly name: "TagLimitExceededException";
@@ -2122,14 +3195,22 @@ export declare class TagLimitExceededException extends __BaseException {
2122
3195
  */
2123
3196
  export interface TagResourceRequest {
2124
3197
  /**
2125
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share that you want to add tags to.</p>
3198
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to add tags to. You must specify
3199
+ * <i>either</i>
3200
+ * <code>resourceShareArn</code>, or <code>resourceArn</code>, but not both.</p>
2126
3201
  */
2127
- resourceShareArn: string | undefined;
3202
+ resourceShareArn?: string;
2128
3203
  /**
2129
3204
  * <p>A list of one or more tag key and value pairs. The tag key must be present and not be
2130
3205
  * an empty string. The tag value must be present but can be an empty string.</p>
2131
3206
  */
2132
3207
  tags: Tag[] | undefined;
3208
+ /**
3209
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission that you want to add tags to. You must specify
3210
+ * <i>either</i>
3211
+ * <code>resourceArn</code>, or <code>resourceShareArn</code>, but not both.</p>
3212
+ */
3213
+ resourceArn?: string;
2133
3214
  }
2134
3215
  /**
2135
3216
  * @public
@@ -2141,14 +3222,21 @@ export interface TagResourceResponse {
2141
3222
  */
2142
3223
  export interface UntagResourceRequest {
2143
3224
  /**
2144
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share that you want to remove tags from. The tags are
2145
- * removed from the resource share, not the resources in the resource share.</p>
3225
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to remove tags from. The tags are
3226
+ * removed from the resource share, not the resources in the resource share. You must specify either
3227
+ * <code>resourceShareArn</code>, or <code>resourceArn</code>, but not both.</p>
2146
3228
  */
2147
- resourceShareArn: string | undefined;
3229
+ resourceShareArn?: string;
2148
3230
  /**
2149
3231
  * <p>Specifies a list of one or more tag keys that you want to remove.</p>
2150
3232
  */
2151
3233
  tagKeys: string[] | undefined;
3234
+ /**
3235
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the managed permission that you want to remove tags from. You must
3236
+ * specify either <code>resourceArn</code>, or <code>resourceShareArn</code>, but not
3237
+ * both.</p>
3238
+ */
3239
+ resourceArn?: string;
2152
3240
  }
2153
3241
  /**
2154
3242
  * @public
@@ -2160,7 +3248,7 @@ export interface UntagResourceResponse {
2160
3248
  */
2161
3249
  export interface UpdateResourceShareRequest {
2162
3250
  /**
2163
- * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resoure Name (ARN)</a> of the resource share that you want to modify.</p>
3251
+ * <p>Specifies the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon Resource Name (ARN)</a> of the resource share that you want to modify.</p>
2164
3252
  */
2165
3253
  resourceShareArn: string | undefined;
2166
3254
  /**
@@ -2181,6 +3269,9 @@ export interface UpdateResourceShareRequest {
2181
3269
  * value.</a>.</p>
2182
3270
  * <p>If you don't provide this value, then Amazon Web Services generates a random one for
2183
3271
  * you.</p>
3272
+ * <p>If you retry the operation with the same <code>ClientToken</code>, but with
3273
+ * different parameters, the retry fails with an <code>IdempotentParameterMismatch</code>
3274
+ * error.</p>
2184
3275
  */
2185
3276
  clientToken?: string;
2186
3277
  }