@aws-sdk/client-secrets-manager 3.40.0 → 3.45.0

package/dist-types/commands/UpdateSecretVersionStageCommand.d.ts

@@ -7,14 +7,13 @@ export interface UpdateSecretVersionStageCommandInput extends UpdateSecretVersio
 export interface UpdateSecretVersionStageCommandOutput extends UpdateSecretVersionStageResponse, __MetadataBearer {
 }
 /**
- * <p>Modifies the staging labels attached to a version of a secret. Staging labels are used to
- *       track a version as it progresses through the secret rotation process. You can attach a staging
- *       label to only one version of a secret at a time. If a staging label to be added is already
- *       attached to another version, then it is moved--removed from the other version first and
- *       then attached to this one. For more information about staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/terms-concepts.html#term_staging-label">Staging
- *         Labels</a> in the <i>Amazon Web Services Secrets Manager User Guide</i>. </p>
+ * <p>Modifies the staging labels attached to a version of a secret. Secrets Manager uses staging labels to
+ *       track a version as it progresses through the secret rotation process. Each staging label can be
+ *       attached to only one version at a time. To add a staging label to a version when it is already
+ *       attached to another version, Secrets Manager first removes it from the other version first and
+ *       then attaches it to this one. For more information about versions and staging labels, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">Concepts: Version</a>. </p>
  *          <p>The staging labels that you specify in the <code>VersionStage</code> parameter are added
- *       to the existing list of staging labels--they don't replace it.</p>
+ *       to the existing list of staging labels for the version. </p>
  *          <p>You can move the <code>AWSCURRENT</code> staging label to this version by including it in this
  *       call.</p>
  *          <note>
@@ -23,27 +22,6 @@ export interface UpdateSecretVersionStageCommandOutput extends UpdateSecretVersi
  *          </note>
  *          <p>If this action results in the last label being removed from a version, then the version is
  *       considered to be 'deprecated' and can be deleted by Secrets Manager.</p>
- *          <p>
- *             <b>Minimum permissions</b>
- *          </p>
- *          <p>To run this command, you must have the following permissions:</p>
- *          <ul>
- *             <li>
- *                <p>secretsmanager:UpdateSecretVersionStage</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>To get the list of staging labels that are currently associated with a version of a
- *           secret, use <code>
- *                      <a>DescribeSecret</a>
- *                   </code> and examine the
- *             <code>SecretVersionsToStages</code> response value. </p>
- *             </li>
- *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -56,7 +34,7 @@ export interface UpdateSecretVersionStageCommandOutput extends UpdateSecretVersi
  *
  * @see {@link UpdateSecretVersionStageCommandInput} for command's `input` shape.
  * @see {@link UpdateSecretVersionStageCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class UpdateSecretVersionStageCommand extends $Command<UpdateSecretVersionStageCommandInput, UpdateSecretVersionStageCommandOutput, SecretsManagerClientResolvedConfig> {

package/dist-types/commands/ValidateResourcePolicyCommand.d.ts

@@ -7,15 +7,13 @@ export interface ValidateResourcePolicyCommandInput extends ValidateResourcePoli
 export interface ValidateResourcePolicyCommandOutput extends ValidateResourcePolicyResponse, __MetadataBearer {
 }
 /**
- * <p>Validates that the resource policy does not grant a wide range of IAM principals access to
- *       your secret. The JSON request string input and response output displays formatted code
- *       with white space and line breaks for better readability. Submit your input as a single line
- *       JSON string. A resource-based policy is optional for secrets.</p>
- *          <p>The API performs three checks when validating the secret:</p>
+ * <p>Validates that a resource policy does not grant a wide range of principals access to
+ *       your secret. A resource-based policy is optional for secrets.</p>
+ *          <p>The API performs three checks when validating the policy:</p>
  *          <ul>
  *             <li>
- *                <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your Resource Policy does not
- *           allow broad access to your secret.</p>
+ *                <p>Sends a call to <a href="https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/">Zelkova</a>, an automated reasoning engine, to ensure your resource policy does not
+ *           allow broad access to your secret, for example policies that use a wildcard for the principal.</p>
  *             </li>
  *             <li>
  *                <p>Checks for correct syntax in a policy.</p>
@@ -24,24 +22,6 @@ export interface ValidateResourcePolicyCommandOutput extends ValidateResourcePol
  *                <p>Verifies the policy does not lock out a caller.</p>
  *             </li>
  *          </ul>
- *
- *
- *          <p>
- *             <b>Minimum Permissions</b>
- *          </p>
- *          <p>You must have the permissions required to access the following APIs:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <code>secretsmanager:PutResourcePolicy</code>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <code>secretsmanager:ValidateResourcePolicy</code>
- *                </p>
- *             </li>
- *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -54,7 +34,7 @@ export interface ValidateResourcePolicyCommandOutput extends ValidateResourcePol
  *
  * @see {@link ValidateResourcePolicyCommandInput} for command's `input` shape.
  * @see {@link ValidateResourcePolicyCommandOutput} for command's `response` shape.
- * @see {@link SecretsManagerClientResolvedConfig | config} for command's `input` shape.
+ * @see {@link SecretsManagerClientResolvedConfig | config} for SecretsManagerClient's `config` shape.
  *
  */
 export declare class ValidateResourcePolicyCommand extends $Command<ValidateResourcePolicyCommandInput, ValidateResourcePolicyCommandOutput, SecretsManagerClientResolvedConfig> {