cdk-docker-image-deployment 0.0.145 → 0.0.147
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +4 -4
- package/lib/destination.js +1 -1
- package/lib/docker-image-deployment.js +1 -1
- package/lib/source.js +1 -1
- package/node_modules/@types/aws-lambda/README.md +1 -1
- package/node_modules/@types/aws-lambda/package.json +3 -3
- package/node_modules/@types/aws-lambda/trigger/amplify-resolver.d.ts +5 -3
- package/node_modules/aws-sdk/CHANGELOG.md +14 -1
- package/node_modules/aws-sdk/README.md +1 -1
- package/node_modules/aws-sdk/apis/ec2-2016-11-15.min.json +1721 -1253
- package/node_modules/aws-sdk/apis/ec2-2016-11-15.paginators.json +24 -0
- package/node_modules/aws-sdk/apis/m2-2021-04-28.min.json +40 -29
- package/node_modules/aws-sdk/apis/s3-2006-03-01.examples.json +163 -163
- package/node_modules/aws-sdk/apis/s3control-2018-08-20.min.json +23 -1
- package/node_modules/aws-sdk/apis/sagemaker-2017-07-24.min.json +541 -534
- package/node_modules/aws-sdk/clients/ec2.d.ts +544 -14
- package/node_modules/aws-sdk/clients/eventbridge.d.ts +21 -21
- package/node_modules/aws-sdk/clients/m2.d.ts +10 -0
- package/node_modules/aws-sdk/clients/polly.d.ts +1 -1
- package/node_modules/aws-sdk/clients/redshiftserverless.d.ts +16 -16
- package/node_modules/aws-sdk/clients/sagemaker.d.ts +28 -1
- package/node_modules/aws-sdk/clients/sts.d.ts +4 -4
- package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js +1 -1
- package/node_modules/aws-sdk/dist/aws-sdk-react-native.js +6 -6
- package/node_modules/aws-sdk/dist/aws-sdk.js +1723 -1231
- package/node_modules/aws-sdk/dist/aws-sdk.min.js +73 -72
- package/node_modules/aws-sdk/lib/core.js +1 -1
- package/node_modules/aws-sdk/package.json +1 -1
- package/package.json +5 -5
|
@@ -372,11 +372,11 @@ declare class EventBridge extends Service {
|
|
|
372
372
|
*/
|
|
373
373
|
putRule(callback?: (err: AWSError, data: EventBridge.Types.PutRuleResponse) => void): Request<EventBridge.Types.PutRuleResponse, AWSError>;
|
|
374
374
|
/**
|
|
375
|
-
* Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. Targets are the resources that are invoked when a rule is triggered. Each rule can have up to five (5) targets associated with it at one time. You can configure the following as targets for Events: API destination API Gateway Batch job queue CloudWatch group CodeBuild project CodePipeline EC2 CreateSnapshot API call EC2 Image Builder EC2 RebootInstances API call EC2 StopInstances API call EC2 TerminateInstances API call ECS task Event bus in a different account or Region Event bus in the same account and Region Firehose delivery stream Glue workflow Incident Manager response plan Inspector assessment template Kinesis stream Lambda function Redshift cluster SageMaker Pipeline SNS topic SQS queue Step Functions state machine Systems Manager Automation Systems Manager OpsItem Systems Manager Run Command Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call. For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field. To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway
|
|
375
|
+
* Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. Targets are the resources that are invoked when a rule is triggered. Each rule can have up to five (5) targets associated with it at one time. You can configure the following as targets for Events: API destination API Gateway Batch job queue CloudWatch group CodeBuild project CodePipeline EC2 CreateSnapshot API call EC2 Image Builder EC2 RebootInstances API call EC2 StopInstances API call EC2 TerminateInstances API call ECS task Event bus in a different account or Region Event bus in the same account and Region Firehose delivery stream Glue workflow Incident Manager response plan Inspector assessment template Kinesis stream Lambda function Redshift cluster Redshift Serverless workgroup SageMaker Pipeline SNS topic SQS queue Step Functions state machine Systems Manager Automation Systems Manager OpsItem Systems Manager Run Command Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call. For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field. To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide. If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing. Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account. If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide. For more information about enabling cross-account events, see PutPermission. Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event: If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target). If Input is specified in the form of valid JSON, then the matched event is overridden with this constant. If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed). If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target. When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation. When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect. This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
|
|
376
376
|
*/
|
|
377
377
|
putTargets(params: EventBridge.Types.PutTargetsRequest, callback?: (err: AWSError, data: EventBridge.Types.PutTargetsResponse) => void): Request<EventBridge.Types.PutTargetsResponse, AWSError>;
|
|
378
378
|
/**
|
|
379
|
-
* Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. Targets are the resources that are invoked when a rule is triggered. Each rule can have up to five (5) targets associated with it at one time. You can configure the following as targets for Events: API destination API Gateway Batch job queue CloudWatch group CodeBuild project CodePipeline EC2 CreateSnapshot API call EC2 Image Builder EC2 RebootInstances API call EC2 StopInstances API call EC2 TerminateInstances API call ECS task Event bus in a different account or Region Event bus in the same account and Region Firehose delivery stream Glue workflow Incident Manager response plan Inspector assessment template Kinesis stream Lambda function Redshift cluster SageMaker Pipeline SNS topic SQS queue Step Functions state machine Systems Manager Automation Systems Manager OpsItem Systems Manager Run Command Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call. For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field. To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway
|
|
379
|
+
* Adds the specified targets to the specified rule, or updates the targets if they are already associated with the rule. Targets are the resources that are invoked when a rule is triggered. Each rule can have up to five (5) targets associated with it at one time. You can configure the following as targets for Events: API destination API Gateway Batch job queue CloudWatch group CodeBuild project CodePipeline EC2 CreateSnapshot API call EC2 Image Builder EC2 RebootInstances API call EC2 StopInstances API call EC2 TerminateInstances API call ECS task Event bus in a different account or Region Event bus in the same account and Region Firehose delivery stream Glue workflow Incident Manager response plan Inspector assessment template Kinesis stream Lambda function Redshift cluster Redshift Serverless workgroup SageMaker Pipeline SNS topic SQS queue Step Functions state machine Systems Manager Automation Systems Manager OpsItem Systems Manager Run Command Creating rules with built-in targets is supported only in the Amazon Web Services Management Console. The built-in targets are EC2 CreateSnapshot API call, EC2 RebootInstances API call, EC2 StopInstances API call, and EC2 TerminateInstances API call. For some target types, PutTargets provides target-specific parameters. If the target is a Kinesis data stream, you can optionally specify which shard the event goes to by using the KinesisParameters argument. To invoke a command on multiple EC2 instances with one rule, you can use the RunCommandParameters field. To be able to make API calls against the resources that you own, Amazon EventBridge needs the appropriate permissions. For Lambda and Amazon SNS resources, EventBridge relies on resource-based policies. For EC2 instances, Kinesis Data Streams, Step Functions state machines and API Gateway APIs, EventBridge relies on IAM roles that you specify in the RoleARN argument in PutTargets. For more information, see Authentication and Access Control in the Amazon EventBridge User Guide. If another Amazon Web Services account is in the same region and has granted you permission (using PutPermission), you can send events to that account. Set that account's event bus as a target of the rules in your account. To send the matched events to the other account, specify that account's event bus as the Arn value when you run PutTargets. If your account sends events to another account, your account is charged for each sent event. Each event sent to another account is charged as a custom event. The account receiving the event is not charged. For more information, see Amazon EventBridge Pricing. Input, InputPath, and InputTransformer are not available with PutTarget if the target is an event bus of a different Amazon Web Services account. If you are setting the event bus of another account as the target, and that account granted permission to your account through an organization instead of directly by the account ID, then you must specify a RoleArn with proper permissions in the Target structure. For more information, see Sending and Receiving Events Between Amazon Web Services Accounts in the Amazon EventBridge User Guide. For more information about enabling cross-account events, see PutPermission. Input, InputPath, and InputTransformer are mutually exclusive and optional parameters of a target. When a rule is triggered due to a matched event: If none of the following arguments are specified for a target, then the entire event is passed to the target in JSON format (unless the target is Amazon EC2 Run Command or Amazon ECS task, in which case nothing from the event is passed to the target). If Input is specified in the form of valid JSON, then the matched event is overridden with this constant. If InputPath is specified in the form of JSONPath (for example, $.detail), then only the part of the event specified in the path is passed to the target (for example, only the detail part of the event is passed). If InputTransformer is specified, then one or more specified JSONPaths are extracted from the event and used as values in a template that you specify as the input to the target. When you specify InputPath or InputTransformer, you must use JSON dot notation, not bracket notation. When you add targets to a rule and the associated rule triggers soon after, new or updated targets might not be immediately invoked. Allow a short period of time for changes to take effect. This action can partially fail if too many requests are made at the same time. If that happens, FailedEntryCount is non-zero in the response and each entry in FailedEntries provides the ID of the failed target and the error code.
|
|
380
380
|
*/
|
|
381
381
|
putTargets(callback?: (err: AWSError, data: EventBridge.Types.PutTargetsResponse) => void): Request<EventBridge.Types.PutTargetsResponse, AWSError>;
|
|
382
382
|
/**
|
|
@@ -672,7 +672,7 @@ declare namespace EventBridge {
|
|
|
672
672
|
*/
|
|
673
673
|
StateReason?: ConnectionStateReason;
|
|
674
674
|
/**
|
|
675
|
-
* The authorization type specified for the connection.
|
|
675
|
+
* The authorization type specified for the connection. OAUTH tokens are refreshed when a 401 or 407 response is returned.
|
|
676
676
|
*/
|
|
677
677
|
AuthorizationType?: ConnectionAuthorizationType;
|
|
678
678
|
/**
|
|
@@ -969,7 +969,7 @@ declare namespace EventBridge {
|
|
|
969
969
|
*/
|
|
970
970
|
Description?: ConnectionDescription;
|
|
971
971
|
/**
|
|
972
|
-
* The type of authorization to use for the connection.
|
|
972
|
+
* The type of authorization to use for the connection. OAUTH tokens are refreshed when a 401 or 407 response is returned.
|
|
973
973
|
*/
|
|
974
974
|
AuthorizationType: ConnectionAuthorizationType;
|
|
975
975
|
/**
|
|
@@ -1009,7 +1009,7 @@ declare namespace EventBridge {
|
|
|
1009
1009
|
*/
|
|
1010
1010
|
RoutingConfig: RoutingConfig;
|
|
1011
1011
|
/**
|
|
1012
|
-
* Enable or disable event replication.
|
|
1012
|
+
* Enable or disable event replication. The default state is ENABLED which means you must supply a RoleArn. If you don't have a RoleArn or you don't want event replication enabled, set the state to DISABLED.
|
|
1013
1013
|
*/
|
|
1014
1014
|
ReplicationConfig?: ReplicationConfig;
|
|
1015
1015
|
/**
|
|
@@ -1053,7 +1053,7 @@ declare namespace EventBridge {
|
|
|
1053
1053
|
}
|
|
1054
1054
|
export interface CreateEventBusRequest {
|
|
1055
1055
|
/**
|
|
1056
|
-
* The name of the new event bus.
|
|
1056
|
+
* The name of the new event bus. Custom event bus names can't contain the / character, but you can use the / character in partner event bus names. In addition, for partner event buses, the name must exactly match the name of the partner event source that this event bus is matched to. You can't use the name default for a custom event bus, as this name is already used for your account's default event bus.
|
|
1057
1057
|
*/
|
|
1058
1058
|
Name: EventBusName;
|
|
1059
1059
|
/**
|
|
@@ -1700,7 +1700,7 @@ declare namespace EventBridge {
|
|
|
1700
1700
|
*/
|
|
1701
1701
|
RoutingConfig?: RoutingConfig;
|
|
1702
1702
|
/**
|
|
1703
|
-
* Whether event replication was enabled or disabled for this endpoint.
|
|
1703
|
+
* Whether event replication was enabled or disabled for this endpoint. The default state is ENABLED which means you must supply a RoleArn. If you don't have a RoleArn or you don't want event replication enabled, set the state to DISABLED.
|
|
1704
1704
|
*/
|
|
1705
1705
|
ReplicationConfig?: ReplicationConfig;
|
|
1706
1706
|
/**
|
|
@@ -1712,7 +1712,7 @@ declare namespace EventBridge {
|
|
|
1712
1712
|
*/
|
|
1713
1713
|
RoleArn?: IamRoleArn;
|
|
1714
1714
|
/**
|
|
1715
|
-
* The URL subdomain of the endpoint. For example, if the URL for Endpoint is abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo.
|
|
1715
|
+
* The URL subdomain of the endpoint. For example, if the URL for Endpoint is https://abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo.
|
|
1716
1716
|
*/
|
|
1717
1717
|
EndpointId?: EndpointId;
|
|
1718
1718
|
/**
|
|
@@ -1822,15 +1822,15 @@ declare namespace EventBridge {
|
|
|
1822
1822
|
export type HomeRegion = string;
|
|
1823
1823
|
export interface HttpParameters {
|
|
1824
1824
|
/**
|
|
1825
|
-
* The path parameter values to be used to populate API Gateway
|
|
1825
|
+
* The path parameter values to be used to populate API Gateway API or EventBridge ApiDestination path wildcards ("*").
|
|
1826
1826
|
*/
|
|
1827
1827
|
PathParameterValues?: PathParameterList;
|
|
1828
1828
|
/**
|
|
1829
|
-
* The headers that need to be sent as part of request invoking the API Gateway
|
|
1829
|
+
* The headers that need to be sent as part of request invoking the API Gateway API or EventBridge ApiDestination.
|
|
1830
1830
|
*/
|
|
1831
1831
|
HeaderParameters?: HeaderParametersMap;
|
|
1832
1832
|
/**
|
|
1833
|
-
* The query string keys/values that need to be sent as part of request invoking the API Gateway
|
|
1833
|
+
* The query string keys/values that need to be sent as part of request invoking the API Gateway API or EventBridge ApiDestination.
|
|
1834
1834
|
*/
|
|
1835
1835
|
QueryStringParameters?: QueryStringParametersMap;
|
|
1836
1836
|
}
|
|
@@ -1842,7 +1842,7 @@ declare namespace EventBridge {
|
|
|
1842
1842
|
*/
|
|
1843
1843
|
InputPathsMap?: TransformerPaths;
|
|
1844
1844
|
/**
|
|
1845
|
-
* Input template where you specify placeholders that will be filled with the values of the keys from InputPathsMap to customize the data sent to the target. Enclose each InputPathsMaps value in brackets: <value>
|
|
1845
|
+
* Input template where you specify placeholders that will be filled with the values of the keys from InputPathsMap to customize the data sent to the target. Enclose each InputPathsMaps value in brackets: <value> If InputTemplate is a JSON object (surrounded by curly braces), the following restrictions apply: The placeholder cannot be used as an object key. The following example shows the syntax for using InputPathsMap and InputTemplate. "InputTransformer": { "InputPathsMap": {"instance": "$.detail.instance","status": "$.detail.status"}, "InputTemplate": "<instance> is in state <status>" } To have the InputTemplate include quote marks within a JSON string, escape each quote marks with a slash, as in the following example: "InputTransformer": { "InputPathsMap": {"instance": "$.detail.instance","status": "$.detail.status"}, "InputTemplate": "<instance> is in state \"<status>\"" } The InputTemplate can also be valid JSON with varibles in quotes or out, as in the following example: "InputTransformer": { "InputPathsMap": {"instance": "$.detail.instance","status": "$.detail.status"}, "InputTemplate": '{"myInstance": <instance>,"myStatus": "<instance> is in state \"<status>\""}' }
|
|
1846
1846
|
*/
|
|
1847
1847
|
InputTemplate: TransformerInput;
|
|
1848
1848
|
}
|
|
@@ -2285,7 +2285,7 @@ declare namespace EventBridge {
|
|
|
2285
2285
|
*/
|
|
2286
2286
|
Entries: PutEventsRequestEntryList;
|
|
2287
2287
|
/**
|
|
2288
|
-
* The URL subdomain of the endpoint. For example, if the URL for Endpoint is abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo. When using Java, you must include auth-crt on the class path.
|
|
2288
|
+
* The URL subdomain of the endpoint. For example, if the URL for Endpoint is https://abcde.veo.endpoints.event.amazonaws.com, then the EndpointId is abcde.veo. When using Java, you must include auth-crt on the class path.
|
|
2289
2289
|
*/
|
|
2290
2290
|
EndpointId?: EndpointId;
|
|
2291
2291
|
}
|
|
@@ -2303,7 +2303,7 @@ declare namespace EventBridge {
|
|
|
2303
2303
|
*/
|
|
2304
2304
|
Resources?: EventResourceList;
|
|
2305
2305
|
/**
|
|
2306
|
-
* Free-form string used to decide what fields to expect in the event detail.
|
|
2306
|
+
* Free-form string, with a maximum of 128 characters, used to decide what fields to expect in the event detail.
|
|
2307
2307
|
*/
|
|
2308
2308
|
DetailType?: String;
|
|
2309
2309
|
/**
|
|
@@ -2326,7 +2326,7 @@ declare namespace EventBridge {
|
|
|
2326
2326
|
*/
|
|
2327
2327
|
FailedEntryCount?: Integer;
|
|
2328
2328
|
/**
|
|
2329
|
-
* The successfully and unsuccessfully ingested events results. If the ingestion was successful, the entry has the event ID in it. Otherwise, you can use the error code and error message to identify the problem with the entry.
|
|
2329
|
+
* The successfully and unsuccessfully ingested events results. If the ingestion was successful, the entry has the event ID in it. Otherwise, you can use the error code and error message to identify the problem with the entry. For each record, the index of the response element is the same as the index in the request array.
|
|
2330
2330
|
*/
|
|
2331
2331
|
Entries?: PutEventsResultEntryList;
|
|
2332
2332
|
}
|
|
@@ -2365,7 +2365,7 @@ declare namespace EventBridge {
|
|
|
2365
2365
|
*/
|
|
2366
2366
|
Resources?: EventResourceList;
|
|
2367
2367
|
/**
|
|
2368
|
-
* A free-form string used to decide what fields to expect in the event detail.
|
|
2368
|
+
* A free-form string, with a maximum of 128 characters, used to decide what fields to expect in the event detail.
|
|
2369
2369
|
*/
|
|
2370
2370
|
DetailType?: String;
|
|
2371
2371
|
/**
|
|
@@ -2435,7 +2435,7 @@ declare namespace EventBridge {
|
|
|
2435
2435
|
*/
|
|
2436
2436
|
ScheduleExpression?: ScheduleExpression;
|
|
2437
2437
|
/**
|
|
2438
|
-
* The event pattern. For more information, see EventBridge event patterns in the Amazon EventBridge User Guide.
|
|
2438
|
+
* The event pattern. For more information, see Amazon EventBridge event patterns in the Amazon EventBridge User Guide.
|
|
2439
2439
|
*/
|
|
2440
2440
|
EventPattern?: EventPattern;
|
|
2441
2441
|
/**
|
|
@@ -2517,7 +2517,7 @@ declare namespace EventBridge {
|
|
|
2517
2517
|
*/
|
|
2518
2518
|
Database: Database;
|
|
2519
2519
|
/**
|
|
2520
|
-
* The database user name. Required when authenticating using temporary credentials.
|
|
2520
|
+
* The database user name. Required when authenticating using temporary credentials. Do not provide this parameter when connecting to a Redshift Serverless workgroup.
|
|
2521
2521
|
*/
|
|
2522
2522
|
DbUser?: DbUser;
|
|
2523
2523
|
/**
|
|
@@ -2864,7 +2864,7 @@ declare namespace EventBridge {
|
|
|
2864
2864
|
*/
|
|
2865
2865
|
Input?: TargetInput;
|
|
2866
2866
|
/**
|
|
2867
|
-
* The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. You
|
|
2867
|
+
* The value of the JSONPath that is used for extracting part of the matched event when passing it to the target. You may use JSON dot notation or bracket notation. For more information about JSON paths, see JSONPath.
|
|
2868
2868
|
*/
|
|
2869
2869
|
InputPath?: TargetInputPath;
|
|
2870
2870
|
/**
|
|
@@ -2892,7 +2892,7 @@ declare namespace EventBridge {
|
|
|
2892
2892
|
*/
|
|
2893
2893
|
SqsParameters?: SqsParameters;
|
|
2894
2894
|
/**
|
|
2895
|
-
* Contains the HTTP parameters to use when the target is a API Gateway
|
|
2895
|
+
* Contains the HTTP parameters to use when the target is a API Gateway endpoint or EventBridge ApiDestination. If you specify an API Gateway API or EventBridge ApiDestination as a target, you can use this parameter to specify headers, path parameters, and query string keys/values as part of your target invoking request. If you're using ApiDestinations, the corresponding Connection can also have these values configured. In case of any conflicting keys, values from the Connection take precedence.
|
|
2896
2896
|
*/
|
|
2897
2897
|
HttpParameters?: HttpParameters;
|
|
2898
2898
|
/**
|
|
@@ -3147,7 +3147,7 @@ declare namespace EventBridge {
|
|
|
3147
3147
|
*/
|
|
3148
3148
|
Description?: EndpointDescription;
|
|
3149
3149
|
/**
|
|
3150
|
-
* Configure the routing policy, including the health check and secondary Region
|
|
3150
|
+
* Configure the routing policy, including the health check and secondary Region.
|
|
3151
3151
|
*/
|
|
3152
3152
|
RoutingConfig?: RoutingConfig;
|
|
3153
3153
|
/**
|
|
@@ -380,6 +380,7 @@ declare namespace M2 {
|
|
|
380
380
|
* The unique identifier of the application that hosts this batch job.
|
|
381
381
|
*/
|
|
382
382
|
applicationId: Identifier;
|
|
383
|
+
batchJobIdentifier?: BatchJobIdentifier;
|
|
383
384
|
/**
|
|
384
385
|
* The timestamp when this batch job execution ended.
|
|
385
386
|
*/
|
|
@@ -400,6 +401,10 @@ declare namespace M2 {
|
|
|
400
401
|
* The type of a particular batch job execution.
|
|
401
402
|
*/
|
|
402
403
|
jobType?: BatchJobType;
|
|
404
|
+
/**
|
|
405
|
+
*
|
|
406
|
+
*/
|
|
407
|
+
returnCode?: String;
|
|
403
408
|
/**
|
|
404
409
|
* The timestamp when a particular batch job execution started.
|
|
405
410
|
*/
|
|
@@ -1059,6 +1064,7 @@ declare namespace M2 {
|
|
|
1059
1064
|
* The identifier of the application.
|
|
1060
1065
|
*/
|
|
1061
1066
|
applicationId: Identifier;
|
|
1067
|
+
batchJobIdentifier?: BatchJobIdentifier;
|
|
1062
1068
|
/**
|
|
1063
1069
|
* The timestamp when the batch job execution ended.
|
|
1064
1070
|
*/
|
|
@@ -1083,6 +1089,10 @@ declare namespace M2 {
|
|
|
1083
1089
|
* The user for the job.
|
|
1084
1090
|
*/
|
|
1085
1091
|
jobUser?: String100;
|
|
1092
|
+
/**
|
|
1093
|
+
*
|
|
1094
|
+
*/
|
|
1095
|
+
returnCode?: String;
|
|
1086
1096
|
/**
|
|
1087
1097
|
* The timestamp when the batch job execution started.
|
|
1088
1098
|
*/
|
|
@@ -488,7 +488,7 @@ declare namespace Polly {
|
|
|
488
488
|
*/
|
|
489
489
|
SupportedEngines?: EngineList;
|
|
490
490
|
}
|
|
491
|
-
export type VoiceId = "Aditi"|"Amy"|"Astrid"|"Bianca"|"Brian"|"Camila"|"Carla"|"Carmen"|"Celine"|"Chantal"|"Conchita"|"Cristiano"|"Dora"|"Emma"|"Enrique"|"Ewa"|"Filiz"|"Gabrielle"|"Geraint"|"Giorgio"|"Gwyneth"|"Hans"|"Ines"|"Ivy"|"Jacek"|"Jan"|"Joanna"|"Joey"|"Justin"|"Karl"|"Kendra"|"Kevin"|"Kimberly"|"Lea"|"Liv"|"Lotte"|"Lucia"|"Lupe"|"Mads"|"Maja"|"Marlene"|"Mathieu"|"Matthew"|"Maxim"|"Mia"|"Miguel"|"Mizuki"|"Naja"|"Nicole"|"Olivia"|"Penelope"|"Raveena"|"Ricardo"|"Ruben"|"Russell"|"Salli"|"Seoyeon"|"Takumi"|"Tatyana"|"Vicki"|"Vitoria"|"Zeina"|"Zhiyu"|"Aria"|"Ayanda"|"Arlet"|"Hannah"|"Arthur"|"Daniel"|"Liam"|"Pedro"|"Kajal"|"Hiujin"|"Laura"|"Elin"|"Ida"|"Suvi"|"Ola"|"Hala"|string;
|
|
491
|
+
export type VoiceId = "Aditi"|"Amy"|"Astrid"|"Bianca"|"Brian"|"Camila"|"Carla"|"Carmen"|"Celine"|"Chantal"|"Conchita"|"Cristiano"|"Dora"|"Emma"|"Enrique"|"Ewa"|"Filiz"|"Gabrielle"|"Geraint"|"Giorgio"|"Gwyneth"|"Hans"|"Ines"|"Ivy"|"Jacek"|"Jan"|"Joanna"|"Joey"|"Justin"|"Karl"|"Kendra"|"Kevin"|"Kimberly"|"Lea"|"Liv"|"Lotte"|"Lucia"|"Lupe"|"Mads"|"Maja"|"Marlene"|"Mathieu"|"Matthew"|"Maxim"|"Mia"|"Miguel"|"Mizuki"|"Naja"|"Nicole"|"Olivia"|"Penelope"|"Raveena"|"Ricardo"|"Ruben"|"Russell"|"Salli"|"Seoyeon"|"Takumi"|"Tatyana"|"Vicki"|"Vitoria"|"Zeina"|"Zhiyu"|"Aria"|"Ayanda"|"Arlet"|"Hannah"|"Arthur"|"Daniel"|"Liam"|"Pedro"|"Kajal"|"Hiujin"|"Laura"|"Elin"|"Ida"|"Suvi"|"Ola"|"Hala"|"Andres"|"Sergio"|"Remi"|"Adriano"|"Thiago"|string;
|
|
492
492
|
export type VoiceList = Voice[];
|
|
493
493
|
export type VoiceName = string;
|
|
494
494
|
/**
|
|
@@ -268,11 +268,11 @@ declare class RedshiftServerless extends Service {
|
|
|
268
268
|
*/
|
|
269
269
|
restoreFromSnapshot(callback?: (err: AWSError, data: RedshiftServerless.Types.RestoreFromSnapshotResponse) => void): Request<RedshiftServerless.Types.RestoreFromSnapshotResponse, AWSError>;
|
|
270
270
|
/**
|
|
271
|
-
* Restores a table from a snapshot to your Amazon Redshift Serverless instance.
|
|
271
|
+
* Restores a table from a snapshot to your Amazon Redshift Serverless instance. You can't use this operation to restore tables with interleaved sort keys.
|
|
272
272
|
*/
|
|
273
273
|
restoreTableFromSnapshot(params: RedshiftServerless.Types.RestoreTableFromSnapshotRequest, callback?: (err: AWSError, data: RedshiftServerless.Types.RestoreTableFromSnapshotResponse) => void): Request<RedshiftServerless.Types.RestoreTableFromSnapshotResponse, AWSError>;
|
|
274
274
|
/**
|
|
275
|
-
* Restores a table from a snapshot to your Amazon Redshift Serverless instance.
|
|
275
|
+
* Restores a table from a snapshot to your Amazon Redshift Serverless instance. You can't use this operation to restore tables with interleaved sort keys.
|
|
276
276
|
*/
|
|
277
277
|
restoreTableFromSnapshot(callback?: (err: AWSError, data: RedshiftServerless.Types.RestoreTableFromSnapshotResponse) => void): Request<RedshiftServerless.Types.RestoreTableFromSnapshotResponse, AWSError>;
|
|
278
278
|
/**
|
|
@@ -300,11 +300,11 @@ declare class RedshiftServerless extends Service {
|
|
|
300
300
|
*/
|
|
301
301
|
updateEndpointAccess(callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateEndpointAccessResponse) => void): Request<RedshiftServerless.Types.UpdateEndpointAccessResponse, AWSError>;
|
|
302
302
|
/**
|
|
303
|
-
* Updates a namespace with the specified settings.
|
|
303
|
+
* Updates a namespace with the specified settings. Unless required, you can't update multiple parameters in one request. For example, you must specify both adminUsername and adminUserPassword to update either field, but you can't update both kmsKeyId and logExports in a single request.
|
|
304
304
|
*/
|
|
305
305
|
updateNamespace(params: RedshiftServerless.Types.UpdateNamespaceRequest, callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateNamespaceResponse) => void): Request<RedshiftServerless.Types.UpdateNamespaceResponse, AWSError>;
|
|
306
306
|
/**
|
|
307
|
-
* Updates a namespace with the specified settings.
|
|
307
|
+
* Updates a namespace with the specified settings. Unless required, you can't update multiple parameters in one request. For example, you must specify both adminUsername and adminUserPassword to update either field, but you can't update both kmsKeyId and logExports in a single request.
|
|
308
308
|
*/
|
|
309
309
|
updateNamespace(callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateNamespaceResponse) => void): Request<RedshiftServerless.Types.UpdateNamespaceResponse, AWSError>;
|
|
310
310
|
/**
|
|
@@ -324,11 +324,11 @@ declare class RedshiftServerless extends Service {
|
|
|
324
324
|
*/
|
|
325
325
|
updateUsageLimit(callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateUsageLimitResponse) => void): Request<RedshiftServerless.Types.UpdateUsageLimitResponse, AWSError>;
|
|
326
326
|
/**
|
|
327
|
-
* Updates a workgroup with the specified configuration settings.
|
|
327
|
+
* Updates a workgroup with the specified configuration settings. You can't update multiple parameters in one request. For example, you can update baseCapacity or port in a single request, but you can't update both in the same request.
|
|
328
328
|
*/
|
|
329
329
|
updateWorkgroup(params: RedshiftServerless.Types.UpdateWorkgroupRequest, callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateWorkgroupResponse) => void): Request<RedshiftServerless.Types.UpdateWorkgroupResponse, AWSError>;
|
|
330
330
|
/**
|
|
331
|
-
* Updates a workgroup with the specified configuration settings.
|
|
331
|
+
* Updates a workgroup with the specified configuration settings. You can't update multiple parameters in one request. For example, you can update baseCapacity or port in a single request, but you can't update both in the same request.
|
|
332
332
|
*/
|
|
333
333
|
updateWorkgroup(callback?: (err: AWSError, data: RedshiftServerless.Types.UpdateWorkgroupResponse) => void): Request<RedshiftServerless.Types.UpdateWorkgroupResponse, AWSError>;
|
|
334
334
|
}
|
|
@@ -338,7 +338,7 @@ declare namespace RedshiftServerless {
|
|
|
338
338
|
export type Boolean = boolean;
|
|
339
339
|
export interface ConfigParameter {
|
|
340
340
|
/**
|
|
341
|
-
* The key of the parameter. The options are datestyle, enable_user_activity_logging, query_group, search_path, and
|
|
341
|
+
* The key of the parameter. The options are auto_mv, datestyle, enable_case_sensitivity_identifier, enable_user_activity_logging, query_group, search_path, and query monitoring metrics that let you define performance boundaries. For more information about query monitoring rules and available metrics, see Query monitoring metrics for Amazon Redshift Serverless.
|
|
342
342
|
*/
|
|
343
343
|
parameterKey?: ParameterKey;
|
|
344
344
|
/**
|
|
@@ -497,7 +497,7 @@ declare namespace RedshiftServerless {
|
|
|
497
497
|
*/
|
|
498
498
|
baseCapacity?: Integer;
|
|
499
499
|
/**
|
|
500
|
-
* An array of parameters to set for
|
|
500
|
+
* An array of parameters to set for advanced control over a database. The options are auto_mv, datestyle, enable_case_sensitivity_identifier, enable_user_activity_logging, query_group, search_path, and query monitoring metrics that let you define performance boundaries. For more information about query monitoring rules and available metrics, see Query monitoring metrics for Amazon Redshift Serverless.
|
|
501
501
|
*/
|
|
502
502
|
configParameters?: ConfigParameterList;
|
|
503
503
|
/**
|
|
@@ -1477,19 +1477,19 @@ declare namespace RedshiftServerless {
|
|
|
1477
1477
|
}
|
|
1478
1478
|
export interface UpdateNamespaceRequest {
|
|
1479
1479
|
/**
|
|
1480
|
-
* The password of the administrator for the first database created in the namespace.
|
|
1480
|
+
* The password of the administrator for the first database created in the namespace. This parameter must be updated together with adminUsername.
|
|
1481
1481
|
*/
|
|
1482
1482
|
adminUserPassword?: DbPassword;
|
|
1483
1483
|
/**
|
|
1484
|
-
* The username of the administrator for the first database created in the namespace.
|
|
1484
|
+
* The username of the administrator for the first database created in the namespace. This parameter must be updated together with adminUserPassword.
|
|
1485
1485
|
*/
|
|
1486
1486
|
adminUsername?: DbUser;
|
|
1487
1487
|
/**
|
|
1488
|
-
* The Amazon Resource Name (ARN) of the IAM role to set as a default in the namespace.
|
|
1488
|
+
* The Amazon Resource Name (ARN) of the IAM role to set as a default in the namespace. This parameter must be updated together with iamRoles.
|
|
1489
1489
|
*/
|
|
1490
1490
|
defaultIamRoleArn?: String;
|
|
1491
1491
|
/**
|
|
1492
|
-
* A list of IAM roles to associate with the namespace.
|
|
1492
|
+
* A list of IAM roles to associate with the namespace. This parameter must be updated together with defaultIamRoleArn.
|
|
1493
1493
|
*/
|
|
1494
1494
|
iamRoles?: IamRoleArnList;
|
|
1495
1495
|
/**
|
|
@@ -1501,7 +1501,7 @@ declare namespace RedshiftServerless {
|
|
|
1501
1501
|
*/
|
|
1502
1502
|
logExports?: LogExportList;
|
|
1503
1503
|
/**
|
|
1504
|
-
* The name of the namespace.
|
|
1504
|
+
* The name of the namespace to update. You can't update the name of a namespace once it is created.
|
|
1505
1505
|
*/
|
|
1506
1506
|
namespaceName: NamespaceName;
|
|
1507
1507
|
}
|
|
@@ -1553,7 +1553,7 @@ declare namespace RedshiftServerless {
|
|
|
1553
1553
|
*/
|
|
1554
1554
|
baseCapacity?: Integer;
|
|
1555
1555
|
/**
|
|
1556
|
-
* An array of parameters to set for advanced control over a database. The options are datestyle, enable_user_activity_logging, query_group, search_path, and
|
|
1556
|
+
* An array of parameters to set for advanced control over a database. The options are auto_mv, datestyle, enable_case_sensitivity_identifier, enable_user_activity_logging, query_group, search_path, and query monitoring metrics that let you define performance boundaries. For more information about query monitoring rules and available metrics, see Query monitoring metrics for Amazon Redshift Serverless.
|
|
1557
1557
|
*/
|
|
1558
1558
|
configParameters?: ConfigParameterList;
|
|
1559
1559
|
/**
|
|
@@ -1577,7 +1577,7 @@ declare namespace RedshiftServerless {
|
|
|
1577
1577
|
*/
|
|
1578
1578
|
subnetIds?: SubnetIdList;
|
|
1579
1579
|
/**
|
|
1580
|
-
* The name of the workgroup to update.
|
|
1580
|
+
* The name of the workgroup to update. You can't update the name of a workgroup once it is created.
|
|
1581
1581
|
*/
|
|
1582
1582
|
workgroupName: WorkgroupName;
|
|
1583
1583
|
}
|
|
@@ -1655,7 +1655,7 @@ declare namespace RedshiftServerless {
|
|
|
1655
1655
|
*/
|
|
1656
1656
|
baseCapacity?: Integer;
|
|
1657
1657
|
/**
|
|
1658
|
-
* An array of parameters to set for
|
|
1658
|
+
* An array of parameters to set for advanced control over a database. The options are auto_mv, datestyle, enable_case_sensitivity_identifier, enable_user_activity_logging, query_group, , search_path, and query monitoring metrics that let you define performance boundaries. For more information about query monitoring rules and available metrics, see Query monitoring metrics for Amazon Redshift Serverless.
|
|
1659
1659
|
*/
|
|
1660
1660
|
configParameters?: ConfigParameterList;
|
|
1661
1661
|
/**
|
|
@@ -12052,6 +12052,10 @@ declare namespace SageMaker {
|
|
|
12052
12052
|
* Defines the model configuration.
|
|
12053
12053
|
*/
|
|
12054
12054
|
ModelConfiguration: ModelConfiguration;
|
|
12055
|
+
/**
|
|
12056
|
+
* The recommendation ID which uniquely identifies each recommendation.
|
|
12057
|
+
*/
|
|
12058
|
+
RecommendationId?: String;
|
|
12055
12059
|
}
|
|
12056
12060
|
export type InferenceRecommendations = InferenceRecommendation[];
|
|
12057
12061
|
export interface InferenceRecommendationsJob {
|
|
@@ -16008,6 +16012,10 @@ declare namespace SageMaker {
|
|
|
16008
16012
|
* Defines the environment parameters that includes key, value types, and values.
|
|
16009
16013
|
*/
|
|
16010
16014
|
EnvironmentParameters?: EnvironmentParameters;
|
|
16015
|
+
/**
|
|
16016
|
+
* The name of the compilation job used to create the recommended model artifacts.
|
|
16017
|
+
*/
|
|
16018
|
+
CompilationJobName?: RecommendationJobCompilationJobName;
|
|
16011
16019
|
}
|
|
16012
16020
|
export interface ModelDashboardEndpoint {
|
|
16013
16021
|
/**
|
|
@@ -18688,6 +18696,7 @@ declare namespace SageMaker {
|
|
|
18688
18696
|
export type RealtimeInferenceInstanceTypes = ProductionVariantInstanceType[];
|
|
18689
18697
|
export type RecommendationFailureReason = string;
|
|
18690
18698
|
export type RecommendationJobArn = string;
|
|
18699
|
+
export type RecommendationJobCompilationJobName = string;
|
|
18691
18700
|
export interface RecommendationJobCompiledOutputConfig {
|
|
18692
18701
|
/**
|
|
18693
18702
|
* Identifies the Amazon S3 bucket where you want SageMaker to store the compiled model artifacts.
|
|
@@ -18723,7 +18732,12 @@ declare namespace SageMaker {
|
|
|
18723
18732
|
* A list of the instance types that are used to generate inferences in real-time.
|
|
18724
18733
|
*/
|
|
18725
18734
|
SupportedInstanceTypes?: RecommendationJobSupportedInstanceTypes;
|
|
18735
|
+
/**
|
|
18736
|
+
* Specifies the name and shape of the expected data inputs for your trained model with a JSON dictionary form. This field is used for optimizing your model using SageMaker Neo. For more information, see DataInputConfig.
|
|
18737
|
+
*/
|
|
18738
|
+
DataInputConfig?: RecommendationJobDataInputConfig;
|
|
18726
18739
|
}
|
|
18740
|
+
export type RecommendationJobDataInputConfig = string;
|
|
18727
18741
|
export type RecommendationJobDescription = string;
|
|
18728
18742
|
export interface RecommendationJobInferenceBenchmark {
|
|
18729
18743
|
Metrics?: RecommendationMetrics;
|
|
@@ -18738,7 +18752,7 @@ declare namespace SageMaker {
|
|
|
18738
18752
|
/**
|
|
18739
18753
|
* The Amazon Resource Name (ARN) of a versioned model package.
|
|
18740
18754
|
*/
|
|
18741
|
-
ModelPackageVersionArn
|
|
18755
|
+
ModelPackageVersionArn?: ModelPackageArn;
|
|
18742
18756
|
/**
|
|
18743
18757
|
* Specifies the maximum duration of the job, in seconds.>
|
|
18744
18758
|
*/
|
|
@@ -18771,6 +18785,10 @@ declare namespace SageMaker {
|
|
|
18771
18785
|
* Inference Recommender provisions SageMaker endpoints with access to VPC in the inference recommendation job.
|
|
18772
18786
|
*/
|
|
18773
18787
|
VpcConfig?: RecommendationJobVpcConfig;
|
|
18788
|
+
/**
|
|
18789
|
+
* The name of the created model.
|
|
18790
|
+
*/
|
|
18791
|
+
ModelName?: ModelName;
|
|
18774
18792
|
}
|
|
18775
18793
|
export type RecommendationJobName = string;
|
|
18776
18794
|
export interface RecommendationJobOutputConfig {
|
|
@@ -18848,6 +18866,14 @@ declare namespace SageMaker {
|
|
|
18848
18866
|
* The expected model latency at maximum invocation per minute for the instance.
|
|
18849
18867
|
*/
|
|
18850
18868
|
ModelLatency: Integer;
|
|
18869
|
+
/**
|
|
18870
|
+
* The expected CPU utilization at maximum invocations per minute for the instance. NaN indicates that the value is not available.
|
|
18871
|
+
*/
|
|
18872
|
+
CpuUtilization?: UtilizationMetric;
|
|
18873
|
+
/**
|
|
18874
|
+
* The expected memory utilization at maximum invocations per minute for the instance. NaN indicates that the value is not available.
|
|
18875
|
+
*/
|
|
18876
|
+
MemoryUtilization?: UtilizationMetric;
|
|
18851
18877
|
}
|
|
18852
18878
|
export type RecommendationStepType = "BENCHMARK"|string;
|
|
18853
18879
|
export type RecordWrapper = "None"|"RecordIO"|string;
|
|
@@ -21604,6 +21630,7 @@ declare namespace SageMaker {
|
|
|
21604
21630
|
*/
|
|
21605
21631
|
CanvasAppSettings?: CanvasAppSettings;
|
|
21606
21632
|
}
|
|
21633
|
+
export type UtilizationMetric = number;
|
|
21607
21634
|
export type ValidationFraction = number;
|
|
21608
21635
|
export type VariantName = string;
|
|
21609
21636
|
export interface VariantProperty {
|
|
@@ -12,11 +12,11 @@ declare class STS extends Service {
|
|
|
12
12
|
constructor(options?: STS.Types.ClientConfiguration)
|
|
13
13
|
config: Config & STS.Types.ClientConfiguration;
|
|
14
14
|
/**
|
|
15
|
-
* Returns a set of temporary security credentials that you can use to access Amazon Web Services resources
|
|
15
|
+
* Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. Permissions The temporary security credentials created by AssumeRole can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken API operations. (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide. When you create a role, you create two policies: A role trust policy that specifies who can assume the role and a permissions policy that specifies what can be done with the role. You specify the trusted principal who is allowed to assume the role in the role trust policy. To assume a role from a different account, your Amazon Web Services account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account. A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. To allow a user to assume a role in the same account, you can do either of the following: Attach a policy to the user that allows the user to call AssumeRole (as long as the role's trust policy trusts the account). Add the user as a principal directly in the role's trust policy. You can do either because the role’s trust policy acts as an IAM resource-based policy. When a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide. An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide. You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example. "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide. To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.
|
|
16
16
|
*/
|
|
17
17
|
assumeRole(params: STS.Types.AssumeRoleRequest, callback?: (err: AWSError, data: STS.Types.AssumeRoleResponse) => void): Request<STS.Types.AssumeRoleResponse, AWSError>;
|
|
18
18
|
/**
|
|
19
|
-
* Returns a set of temporary security credentials that you can use to access Amazon Web Services resources
|
|
19
|
+
* Returns a set of temporary security credentials that you can use to access Amazon Web Services resources. These temporary credentials consist of an access key ID, a secret access key, and a security token. Typically, you use AssumeRole within your account or for cross-account access. For a comparison of AssumeRole with other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. Permissions The temporary security credentials created by AssumeRole can be used to make API calls to any Amazon Web Services service with the following exception: You cannot call the Amazon Web Services STS GetFederationToken or GetSessionToken API operations. (Optional) You can pass inline or managed session policies to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Passing policies to this operation returns new temporary credentials. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. You can use the role's temporary credentials in subsequent Amazon Web Services API calls to access resources in the account that owns the role. You cannot use session policies to grant more permissions than those allowed by the identity-based policy of the role that is being assumed. For more information, see Session Policies in the IAM User Guide. When you create a role, you create two policies: A role trust policy that specifies who can assume the role and a permissions policy that specifies what can be done with the role. You specify the trusted principal who is allowed to assume the role in the role trust policy. To assume a role from a different account, your Amazon Web Services account must be trusted by the role. The trust relationship is defined in the role's trust policy when the role is created. That trust policy states which accounts are allowed to delegate that access to users in the account. A user who wants to access a role in a different account must also have permissions that are delegated from the user account administrator. The administrator must attach a policy that allows the user to call AssumeRole for the ARN of the role in the other account. To allow a user to assume a role in the same account, you can do either of the following: Attach a policy to the user that allows the user to call AssumeRole (as long as the role's trust policy trusts the account). Add the user as a principal directly in the role's trust policy. You can do either because the role’s trust policy acts as an IAM resource-based policy. When a resource-based policy grants access to a principal in the same account, no additional identity-based policy is required. For more information about trust policies and resource-based policies, see IAM Policies in the IAM User Guide. Tags (Optional) You can pass tag key-value pairs to your session. These tags are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide. An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide. You can set the session tags as transitive. Transitive tags persist during role chaining. For more information, see Chaining Roles with Session Tags in the IAM User Guide. Using MFA with AssumeRole (Optional) You can include multi-factor authentication (MFA) information when you call AssumeRole. This is useful for cross-account scenarios to ensure that the user that assumes the role has been authenticated with an Amazon Web Services MFA device. In that scenario, the trust policy of the role being assumed includes a condition that tests for MFA authentication. If the caller does not include valid MFA information, the request to assume the role is denied. The condition in a trust policy that tests for MFA authentication might look like the following example. "Condition": {"Bool": {"aws:MultiFactorAuthPresent": true}} For more information, see Configuring MFA-Protected API Access in the IAM User Guide guide. To use MFA with AssumeRole, you pass values for the SerialNumber and TokenCode parameters. The SerialNumber value identifies the user's hardware or virtual MFA device. The TokenCode is the time-based one-time password (TOTP) that the MFA device produces.
|
|
20
20
|
*/
|
|
21
21
|
assumeRole(callback?: (err: AWSError, data: STS.Types.AssumeRoleResponse) => void): Request<STS.Types.AssumeRoleResponse, AWSError>;
|
|
22
22
|
/**
|
|
@@ -60,11 +60,11 @@ declare class STS extends Service {
|
|
|
60
60
|
*/
|
|
61
61
|
getCallerIdentity(callback?: (err: AWSError, data: STS.Types.GetCallerIdentityResponse) => void): Request<STS.Types.GetCallerIdentityResponse, AWSError>;
|
|
62
62
|
/**
|
|
63
|
-
* Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide. Session duration The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service
|
|
63
|
+
* Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide. Session duration The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service with the following exceptions: You cannot call any IAM operations using the CLI or the Amazon Web Services API. This limitation does not apply to console sessions. You cannot call any STS operations except GetCallerIdentity. You can use temporary credentials for single sign-on (SSO) to the console. You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker. You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies. Tags (Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.
|
|
64
64
|
*/
|
|
65
65
|
getFederationToken(params: STS.Types.GetFederationTokenRequest, callback?: (err: AWSError, data: STS.Types.GetFederationTokenResponse) => void): Request<STS.Types.GetFederationTokenResponse, AWSError>;
|
|
66
66
|
/**
|
|
67
|
-
* Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide. Session duration The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service
|
|
67
|
+
* Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and a security token) for a federated user. A typical use is in a proxy application that gets temporary security credentials on behalf of distributed applications inside a corporate network. You must call the GetFederationToken operation using the long-term security credentials of an IAM user. As a result, this call is appropriate in contexts where those credentials can be safely stored, usually in a server-based application. For a comparison of GetFederationToken with the other API operations that produce temporary credentials, see Requesting Temporary Security Credentials and Comparing the Amazon Web Services STS API operations in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. You can also call GetFederationToken using the security credentials of an Amazon Web Services account root user, but we do not recommend it. Instead, we recommend that you create an IAM user for the purpose of the proxy application. Then attach a policy to the IAM user that limits federated users to only the actions and resources that they need to access. For more information, see IAM Best Practices in the IAM User Guide. Session duration The temporary credentials are valid for the specified duration, from 900 seconds (15 minutes) up to a maximum of 129,600 seconds (36 hours). The default session duration is 43,200 seconds (12 hours). Temporary credentials obtained by using the Amazon Web Services account root user credentials have a maximum duration of 3,600 seconds (1 hour). Permissions You can use the temporary credentials created by GetFederationToken in any Amazon Web Services service with the following exceptions: You cannot call any IAM operations using the CLI or the Amazon Web Services API. This limitation does not apply to console sessions. You cannot call any STS operations except GetCallerIdentity. You can use temporary credentials for single sign-on (SSO) to the console. You must pass an inline or managed session policy to this operation. You can pass a single JSON policy document to use as an inline session policy. You can also specify up to 10 managed policy Amazon Resource Names (ARNs) to use as managed session policies. The plaintext that you use for both inline and managed session policies can't exceed 2,048 characters. Though the session policy parameters are optional, if you do not pass a policy, then the resulting federated user session has no permissions. When you pass session policies, the session permissions are the intersection of the IAM user policies and the session policies that you pass. This gives you a way to further restrict the permissions for a federated user. You cannot use session policies to grant more permissions than those that are defined in the permissions policy of the IAM user. For more information, see Session Policies in the IAM User Guide. For information about using GetFederationToken to create temporary security credentials, see GetFederationToken—Federation Through a Custom Identity Broker. You can use the credentials to access a resource that has a resource-based policy. If that policy specifically references the federated user session in the Principal element of the policy, the session has the permissions allowed by the policy. These permissions are granted in addition to the permissions granted by the session policies. Tags (Optional) You can pass tag key-value pairs to your session. These are called session tags. For more information about session tags, see Passing Session Tags in STS in the IAM User Guide. You can create a mobile-based or browser-based app that can authenticate users using a web identity provider like Login with Amazon, Facebook, Google, or an OpenID Connect-compatible identity provider. In this case, we recommend that you use Amazon Cognito or AssumeRoleWithWebIdentity. For more information, see Federation Through a Web-based Identity Provider in the IAM User Guide. An administrator must grant you the permissions necessary to pass session tags. The administrator can also create granular permissions to allow you to pass only specific session tags. For more information, see Tutorial: Using Tags for Attribute-Based Access Control in the IAM User Guide. Tag key–value pairs are not case sensitive, but case is preserved. This means that you cannot have separate Department and department tag keys. Assume that the user that you are federating has the Department=Marketing tag and you pass the department=engineering session tag. Department and department are not saved as separate tags, and the session tag passed in the request takes precedence over the user tag.
|
|
68
68
|
*/
|
|
69
69
|
getFederationToken(callback?: (err: AWSError, data: STS.Types.GetFederationTokenResponse) => void): Request<STS.Types.GetFederationTokenResponse, AWSError>;
|
|
70
70
|
/**
|