cdk-lambda-subminute 2.0.396 → 2.0.398
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +3 -3
- package/lib/cdk-lambda-subminute.js +3 -3
- package/node_modules/aws-sdk/README.md +11 -16
- package/node_modules/aws-sdk/apis/appconfig-2019-10-09.min.json +9 -1
- package/node_modules/aws-sdk/apis/ec2-2016-11-15.min.json +9 -1
- package/node_modules/aws-sdk/apis/grafana-2020-08-18.min.json +82 -75
- package/node_modules/aws-sdk/apis/imagebuilder-2019-12-02.min.json +6 -0
- package/node_modules/aws-sdk/apis/payment-cryptography-data-2022-02-03.min.json +83 -62
- package/node_modules/aws-sdk/apis/rds-2014-10-31.min.json +61 -50
- package/node_modules/aws-sdk/apis/verifiedpermissions-2021-12-01.min.json +88 -22
- package/node_modules/aws-sdk/apis/wafv2-2019-07-29.min.json +106 -106
- package/node_modules/aws-sdk/clients/appconfig.d.ts +24 -14
- package/node_modules/aws-sdk/clients/dynamodb.d.ts +4 -4
- package/node_modules/aws-sdk/clients/ec2.d.ts +17 -9
- package/node_modules/aws-sdk/clients/grafana.d.ts +26 -9
- package/node_modules/aws-sdk/clients/imagebuilder.d.ts +11 -3
- package/node_modules/aws-sdk/clients/lambda.d.ts +46 -46
- package/node_modules/aws-sdk/clients/mwaa.d.ts +1 -1
- package/node_modules/aws-sdk/clients/paymentcryptographydata.d.ts +68 -36
- package/node_modules/aws-sdk/clients/rds.d.ts +20 -10
- package/node_modules/aws-sdk/clients/redshift.d.ts +15 -15
- package/node_modules/aws-sdk/clients/snowball.d.ts +1 -1
- package/node_modules/aws-sdk/clients/verifiedpermissions.d.ts +75 -26
- package/node_modules/aws-sdk/clients/wafv2.d.ts +14 -13
- package/node_modules/aws-sdk/clients/workspaces.d.ts +5 -5
- package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js +1 -1
- package/node_modules/aws-sdk/dist/aws-sdk-react-native.js +9 -9
- package/node_modules/aws-sdk/dist/aws-sdk.js +73 -54
- package/node_modules/aws-sdk/dist/aws-sdk.min.js +67 -67
- package/node_modules/aws-sdk/lib/core.js +1 -1
- package/node_modules/aws-sdk/lib/dynamodb/document_client.d.ts +2 -2
- package/node_modules/aws-sdk/package.json +3 -2
- package/node_modules/aws-sdk/scripts/warn-maintenance-mode.js +14 -0
- package/package.json +3 -3
|
@@ -12,19 +12,19 @@ declare class PaymentCryptographyData extends Service {
|
|
|
12
12
|
constructor(options?: PaymentCryptographyData.Types.ClientConfiguration)
|
|
13
13
|
config: Config & PaymentCryptographyData.Types.ClientConfiguration;
|
|
14
14
|
/**
|
|
15
|
-
* Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT
|
|
15
|
+
* Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide. You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate. For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: EncryptData GetPublicCertificate ImportKey
|
|
16
16
|
*/
|
|
17
17
|
decryptData(params: PaymentCryptographyData.Types.DecryptDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.DecryptDataOutput) => void): Request<PaymentCryptographyData.Types.DecryptDataOutput, AWSError>;
|
|
18
18
|
/**
|
|
19
|
-
* Decrypts ciphertext data to plaintext using symmetric, asymmetric, or DUKPT
|
|
19
|
+
* Decrypts ciphertext data to plaintext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Decrypt data in the Amazon Web Services Payment Cryptography User Guide. You can use an encryption key generated within Amazon Web Services Payment Cryptography, or you can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Decrypt. In asymmetric decryption, Amazon Web Services Payment Cryptography decrypts the ciphertext using the private component of the asymmetric encryption key pair. For data encryption outside of Amazon Web Services Payment Cryptography, you can export the public component of the asymmetric key pair by calling GetPublicCertificate. For symmetric and DUKPT decryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV decryption, Amazon Web Services Payment Cryptography supports TDES algorithms. For asymmetric decryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the ciphertext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the ciphertext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: EncryptData GetPublicCertificate ImportKey
|
|
20
20
|
*/
|
|
21
21
|
decryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.DecryptDataOutput) => void): Request<PaymentCryptographyData.Types.DecryptDataOutput, AWSError>;
|
|
22
22
|
/**
|
|
23
|
-
* Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT
|
|
23
|
+
* Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide. You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey. For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: DecryptData GetPublicCertificate ImportKey ReEncryptData
|
|
24
24
|
*/
|
|
25
25
|
encryptData(params: PaymentCryptographyData.Types.EncryptDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.EncryptDataOutput) => void): Request<PaymentCryptographyData.Types.EncryptDataOutput, AWSError>;
|
|
26
26
|
/**
|
|
27
|
-
* Encrypts plaintext data to ciphertext using symmetric, asymmetric, or DUKPT
|
|
27
|
+
* Encrypts plaintext data to ciphertext using a symmetric (TDES, AES), asymmetric (RSA), or derived (DUKPT or EMV) encryption key scheme. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide. You can generate an encryption key within Amazon Web Services Payment Cryptography by calling CreateKey. You can import your own encryption key by calling ImportKey. For this operation, the key must have KeyModesOfUse set to Encrypt. In asymmetric encryption, plaintext is encrypted using public component. You can import the public component of an asymmetric key pair created outside Amazon Web Services Payment Cryptography by calling ImportKey. For symmetric and DUKPT encryption, Amazon Web Services Payment Cryptography supports TDES and AES algorithms. For EMV encryption, Amazon Web Services Payment Cryptography supports TDES algorithms.For asymmetric encryption, Amazon Web Services Payment Cryptography supports RSA. When you use TDES or TDES DUKPT, the plaintext data length must be a multiple of 8 bytes. For AES or AES DUKPT, the plaintext data length must be a multiple of 16 bytes. For RSA, it sould be equal to the key size unless padding is enabled. To encrypt using DUKPT, you must already have a BDK (Base Derivation Key) key in your account with KeyModesOfUse set to DeriveKey, or you can generate a new DUKPT key by calling CreateKey. To encrypt using EMV, you must already have an IMK (Issuer Master Key) key in your account with KeyModesOfUse set to DeriveKey. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: DecryptData GetPublicCertificate ImportKey ReEncryptData
|
|
28
28
|
*/
|
|
29
29
|
encryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.EncryptDataOutput) => void): Request<PaymentCryptographyData.Types.EncryptDataOutput, AWSError>;
|
|
30
30
|
/**
|
|
@@ -36,11 +36,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
36
36
|
*/
|
|
37
37
|
generateCardValidationData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateCardValidationDataOutput) => void): Request<PaymentCryptographyData.Types.GenerateCardValidationDataOutput, AWSError>;
|
|
38
38
|
/**
|
|
39
|
-
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation
|
|
39
|
+
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision. You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: VerifyMac
|
|
40
40
|
*/
|
|
41
41
|
generateMac(params: PaymentCryptographyData.Types.GenerateMacInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateMacOutput) => void): Request<PaymentCryptographyData.Types.GenerateMacOutput, AWSError>;
|
|
42
42
|
/**
|
|
43
|
-
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation
|
|
43
|
+
* Generates a Message Authentication Code (MAC) cryptogram within Amazon Web Services Payment Cryptography. You can use this operation to authenticate card-related data by using known data values to generate MAC for data validation between the sending and receiving parties. This operation uses message data, a secret encryption key and MAC algorithm to generate a unique MAC value for transmission. The receiving party of the MAC must use the same message data, secret encryption key and MAC algorithm to reproduce another MAC value for comparision. You can use this operation to generate a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. The MAC generation encryption key must have valid values for KeyUsage such as TR31_M7_HMAC_KEY for HMAC generation, and they key must have KeyModesOfUse set to Generate and Verify. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: VerifyMac
|
|
44
44
|
*/
|
|
45
45
|
generateMac(callback?: (err: AWSError, data: PaymentCryptographyData.Types.GenerateMacOutput) => void): Request<PaymentCryptographyData.Types.GenerateMacOutput, AWSError>;
|
|
46
46
|
/**
|
|
@@ -60,11 +60,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
60
60
|
*/
|
|
61
61
|
reEncryptData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.ReEncryptDataOutput) => void): Request<PaymentCryptographyData.Types.ReEncryptDataOutput, AWSError>;
|
|
62
62
|
/**
|
|
63
|
-
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT
|
|
63
|
+
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT translations. The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GeneratePinData VerifyPinData
|
|
64
64
|
*/
|
|
65
65
|
translatePinData(params: PaymentCryptographyData.Types.TranslatePinDataInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.TranslatePinDataOutput) => void): Request<PaymentCryptographyData.Types.TranslatePinDataOutput, AWSError>;
|
|
66
66
|
/**
|
|
67
|
-
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT
|
|
67
|
+
* Translates encrypted PIN block from and to ISO 9564 formats 0,1,3,4. For more information, see Translate PIN data in the Amazon Web Services Payment Cryptography User Guide. PIN block translation involves changing the encrytion of PIN block from one encryption key to another encryption key and changing PIN block format from one to another without PIN block data leaving Amazon Web Services Payment Cryptography. The encryption key transformation can be from PEK (Pin Encryption Key) to BDK (Base Derivation Key) for DUKPT or from BDK for DUKPT to PEK. Amazon Web Services Payment Cryptography supports TDES and AES key derivation type for DUKPT translations. The allowed combinations of PIN block format translations are guided by PCI. It is important to note that not all encrypted PIN block formats (example, format 1) require PAN (Primary Account Number) as input. And as such, PIN block format that requires PAN (example, formats 0,3,4) cannot be translated to a format (format 1) that does not require a PAN for generation. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Amazon Web Services Payment Cryptography currently supports ISO PIN block 4 translation for PIN block built using legacy PAN length. That is, PAN is the right most 12 digits excluding the check digits. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GeneratePinData VerifyPinData
|
|
68
68
|
*/
|
|
69
69
|
translatePinData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.TranslatePinDataOutput) => void): Request<PaymentCryptographyData.Types.TranslatePinDataOutput, AWSError>;
|
|
70
70
|
/**
|
|
@@ -84,11 +84,11 @@ declare class PaymentCryptographyData extends Service {
|
|
|
84
84
|
*/
|
|
85
85
|
verifyCardValidationData(callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyCardValidationDataOutput) => void): Request<PaymentCryptographyData.Types.VerifyCardValidationDataOutput, AWSError>;
|
|
86
86
|
/**
|
|
87
|
-
* Verifies a Message Authentication Code (MAC). You can use this operation
|
|
87
|
+
* Verifies a Message Authentication Code (MAC). You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GenerateMac
|
|
88
88
|
*/
|
|
89
89
|
verifyMac(params: PaymentCryptographyData.Types.VerifyMacInput, callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyMacOutput) => void): Request<PaymentCryptographyData.Types.VerifyMacOutput, AWSError>;
|
|
90
90
|
/**
|
|
91
|
-
* Verifies a Message Authentication Code (MAC). You can use this operation
|
|
91
|
+
* Verifies a Message Authentication Code (MAC). You can use this operation to verify MAC for message data authentication such as . In this operation, you must use the same message data, secret encryption key and MAC algorithm that was used to generate MAC. You can use this operation to verify a DUPKT, CMAC, HMAC or EMV MAC by setting generation attributes and algorithm to the associated values. For information about valid keys for this operation, see Understanding key attributes and Key types for specific data operations in the Amazon Web Services Payment Cryptography User Guide. Cross-account use: This operation can't be used across different Amazon Web Services accounts. Related operations: GenerateMac
|
|
92
92
|
*/
|
|
93
93
|
verifyMac(callback?: (err: AWSError, data: PaymentCryptographyData.Types.VerifyMacOutput) => void): Request<PaymentCryptographyData.Types.VerifyMacOutput, AWSError>;
|
|
94
94
|
/**
|
|
@@ -257,11 +257,11 @@ declare namespace PaymentCryptographyData {
|
|
|
257
257
|
*/
|
|
258
258
|
KeyArn: KeyArn;
|
|
259
259
|
/**
|
|
260
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
260
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
261
261
|
*/
|
|
262
262
|
KeyCheckValue: KeyCheckValue;
|
|
263
263
|
/**
|
|
264
|
-
* The decrypted plaintext data.
|
|
264
|
+
* The decrypted plaintext data in hexBinary format.
|
|
265
265
|
*/
|
|
266
266
|
PlainText: HexEvenLengthBetween16And4096;
|
|
267
267
|
}
|
|
@@ -314,7 +314,7 @@ declare namespace PaymentCryptographyData {
|
|
|
314
314
|
*/
|
|
315
315
|
DukptKeyVariant?: DukptKeyVariant;
|
|
316
316
|
/**
|
|
317
|
-
* An input
|
|
317
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
318
318
|
*/
|
|
319
319
|
InitializationVector?: HexLength16Or32;
|
|
320
320
|
/**
|
|
@@ -322,7 +322,7 @@ declare namespace PaymentCryptographyData {
|
|
|
322
322
|
*/
|
|
323
323
|
KeySerialNumber: HexLengthBetween10And24;
|
|
324
324
|
/**
|
|
325
|
-
* The block cipher
|
|
325
|
+
* The block cipher method to use for encryption. The default is CBC.
|
|
326
326
|
*/
|
|
327
327
|
Mode?: DukptEncryptionMode;
|
|
328
328
|
}
|
|
@@ -364,6 +364,34 @@ declare namespace PaymentCryptographyData {
|
|
|
364
364
|
*/
|
|
365
365
|
ServiceCode: NumberLengthEquals3;
|
|
366
366
|
}
|
|
367
|
+
export interface EmvEncryptionAttributes {
|
|
368
|
+
/**
|
|
369
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
370
|
+
*/
|
|
371
|
+
InitializationVector?: HexLength16Or32;
|
|
372
|
+
/**
|
|
373
|
+
* The EMV derivation mode to use for ICC master key derivation as per EMV version 4.3 book 2.
|
|
374
|
+
*/
|
|
375
|
+
MajorKeyDerivationMode: EmvMajorKeyDerivationMode;
|
|
376
|
+
/**
|
|
377
|
+
* The block cipher method to use for encryption.
|
|
378
|
+
*/
|
|
379
|
+
Mode?: EmvEncryptionMode;
|
|
380
|
+
/**
|
|
381
|
+
* A number that identifies and differentiates payment cards with the same Primary Account Number (PAN).
|
|
382
|
+
*/
|
|
383
|
+
PanSequenceNumber: HexLengthEquals2;
|
|
384
|
+
/**
|
|
385
|
+
* The Primary Account Number (PAN), a unique identifier for a payment credit or debit card and associates the card to a specific account holder.
|
|
386
|
+
*/
|
|
387
|
+
PrimaryAccountNumber: NumberLengthBetween12And19;
|
|
388
|
+
/**
|
|
389
|
+
* The derivation value used to derive the ICC session key. It is typically the application transaction counter value padded with zeros or previous ARQC value padded with zeros as per EMV version 4.3 book 2.
|
|
390
|
+
*/
|
|
391
|
+
SessionDerivationData: HexLengthEquals16;
|
|
392
|
+
}
|
|
393
|
+
export type EmvEncryptionMode = "ECB"|"CBC"|string;
|
|
394
|
+
export type EmvMajorKeyDerivationMode = "EMV_OPTION_A"|"EMV_OPTION_B"|string;
|
|
367
395
|
export interface EncryptDataInput {
|
|
368
396
|
/**
|
|
369
397
|
* The encryption key type and attributes for plaintext encryption.
|
|
@@ -374,7 +402,7 @@ declare namespace PaymentCryptographyData {
|
|
|
374
402
|
*/
|
|
375
403
|
KeyIdentifier: KeyArnOrKeyAliasType;
|
|
376
404
|
/**
|
|
377
|
-
* The plaintext to be encrypted.
|
|
405
|
+
* The plaintext to be encrypted. For encryption using asymmetric keys, plaintext data length is constrained by encryption key strength that you define in KeyAlgorithm and padding type that you define in AsymmetricEncryptionAttributes. For more information, see Encrypt data in the Amazon Web Services Payment Cryptography User Guide.
|
|
378
406
|
*/
|
|
379
407
|
PlainText: HexEvenLengthBetween16And4064;
|
|
380
408
|
}
|
|
@@ -388,13 +416,17 @@ declare namespace PaymentCryptographyData {
|
|
|
388
416
|
*/
|
|
389
417
|
KeyArn: KeyArn;
|
|
390
418
|
/**
|
|
391
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
419
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
392
420
|
*/
|
|
393
421
|
KeyCheckValue?: KeyCheckValue;
|
|
394
422
|
}
|
|
395
423
|
export interface EncryptionDecryptionAttributes {
|
|
396
424
|
Asymmetric?: AsymmetricEncryptionAttributes;
|
|
397
425
|
Dukpt?: DukptEncryptionAttributes;
|
|
426
|
+
/**
|
|
427
|
+
* Parameters for plaintext encryption using EMV keys.
|
|
428
|
+
*/
|
|
429
|
+
Emv?: EmvEncryptionAttributes;
|
|
398
430
|
/**
|
|
399
431
|
* Parameters that are required to perform encryption and decryption using symmetric keys.
|
|
400
432
|
*/
|
|
@@ -425,7 +457,7 @@ declare namespace PaymentCryptographyData {
|
|
|
425
457
|
*/
|
|
426
458
|
KeyArn: KeyArn;
|
|
427
459
|
/**
|
|
428
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
460
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
429
461
|
*/
|
|
430
462
|
KeyCheckValue: KeyCheckValue;
|
|
431
463
|
/**
|
|
@@ -447,7 +479,7 @@ declare namespace PaymentCryptographyData {
|
|
|
447
479
|
*/
|
|
448
480
|
MacLength?: IntegerRangeBetween4And16;
|
|
449
481
|
/**
|
|
450
|
-
* The data for which a MAC is under generation.
|
|
482
|
+
* The data for which a MAC is under generation. This value must be hexBinary.
|
|
451
483
|
*/
|
|
452
484
|
MessageData: HexEvenLengthBetween2And4096;
|
|
453
485
|
}
|
|
@@ -457,7 +489,7 @@ declare namespace PaymentCryptographyData {
|
|
|
457
489
|
*/
|
|
458
490
|
KeyArn: KeyArn;
|
|
459
491
|
/**
|
|
460
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
492
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
461
493
|
*/
|
|
462
494
|
KeyCheckValue: KeyCheckValue;
|
|
463
495
|
/**
|
|
@@ -501,7 +533,7 @@ declare namespace PaymentCryptographyData {
|
|
|
501
533
|
*/
|
|
502
534
|
EncryptionKeyArn: KeyArn;
|
|
503
535
|
/**
|
|
504
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
536
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
505
537
|
*/
|
|
506
538
|
EncryptionKeyCheckValue: KeyCheckValue;
|
|
507
539
|
/**
|
|
@@ -509,7 +541,7 @@ declare namespace PaymentCryptographyData {
|
|
|
509
541
|
*/
|
|
510
542
|
GenerationKeyArn: KeyArn;
|
|
511
543
|
/**
|
|
512
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
544
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
513
545
|
*/
|
|
514
546
|
GenerationKeyCheckValue: KeyCheckValue;
|
|
515
547
|
/**
|
|
@@ -676,7 +708,7 @@ declare namespace PaymentCryptographyData {
|
|
|
676
708
|
*/
|
|
677
709
|
DukptIso9797Algorithm1?: MacAlgorithmDukpt;
|
|
678
710
|
/**
|
|
679
|
-
* Parameters that are required for MAC generation or verification using DUKPT ISO 9797
|
|
711
|
+
* Parameters that are required for MAC generation or verification using DUKPT ISO 9797 algorithm3.
|
|
680
712
|
*/
|
|
681
713
|
DukptIso9797Algorithm3?: MacAlgorithmDukpt;
|
|
682
714
|
/**
|
|
@@ -772,7 +804,7 @@ declare namespace PaymentCryptographyData {
|
|
|
772
804
|
*/
|
|
773
805
|
KeyArn: KeyArn;
|
|
774
806
|
/**
|
|
775
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
807
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
776
808
|
*/
|
|
777
809
|
KeyCheckValue: KeyCheckValue;
|
|
778
810
|
}
|
|
@@ -884,11 +916,11 @@ declare namespace PaymentCryptographyData {
|
|
|
884
916
|
}
|
|
885
917
|
export interface SymmetricEncryptionAttributes {
|
|
886
918
|
/**
|
|
887
|
-
* An input
|
|
919
|
+
* An input used to provide the intial state. If no value is provided, Amazon Web Services Payment Cryptography defaults it to zero.
|
|
888
920
|
*/
|
|
889
921
|
InitializationVector?: HexLength16Or32;
|
|
890
922
|
/**
|
|
891
|
-
* The block cipher
|
|
923
|
+
* The block cipher method to use for encryption.
|
|
892
924
|
*/
|
|
893
925
|
Mode: EncryptionMode;
|
|
894
926
|
/**
|
|
@@ -902,7 +934,7 @@ declare namespace PaymentCryptographyData {
|
|
|
902
934
|
*/
|
|
903
935
|
EncryptedPinBlock: HexEvenLengthBetween16And32;
|
|
904
936
|
/**
|
|
905
|
-
* The attributes and values to use for incoming DUKPT encryption key for PIN block
|
|
937
|
+
* The attributes and values to use for incoming DUKPT encryption key for PIN block translation.
|
|
906
938
|
*/
|
|
907
939
|
IncomingDukptAttributes?: DukptDerivationAttributes;
|
|
908
940
|
/**
|
|
@@ -910,7 +942,7 @@ declare namespace PaymentCryptographyData {
|
|
|
910
942
|
*/
|
|
911
943
|
IncomingKeyIdentifier: KeyArnOrKeyAliasType;
|
|
912
944
|
/**
|
|
913
|
-
* The format of the incoming PIN block data for
|
|
945
|
+
* The format of the incoming PIN block data for translation within Amazon Web Services Payment Cryptography.
|
|
914
946
|
*/
|
|
915
947
|
IncomingTranslationAttributes: TranslationIsoFormats;
|
|
916
948
|
/**
|
|
@@ -922,7 +954,7 @@ declare namespace PaymentCryptographyData {
|
|
|
922
954
|
*/
|
|
923
955
|
OutgoingKeyIdentifier: KeyArnOrKeyAliasType;
|
|
924
956
|
/**
|
|
925
|
-
* The format of the outgoing PIN block data after
|
|
957
|
+
* The format of the outgoing PIN block data after translation by Amazon Web Services Payment Cryptography.
|
|
926
958
|
*/
|
|
927
959
|
OutgoingTranslationAttributes: TranslationIsoFormats;
|
|
928
960
|
}
|
|
@@ -932,11 +964,11 @@ declare namespace PaymentCryptographyData {
|
|
|
932
964
|
*/
|
|
933
965
|
KeyArn: KeyArn;
|
|
934
966
|
/**
|
|
935
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
967
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
936
968
|
*/
|
|
937
969
|
KeyCheckValue: KeyCheckValue;
|
|
938
970
|
/**
|
|
939
|
-
* The
|
|
971
|
+
* The outgoing encrypted PIN block data after translation.
|
|
940
972
|
*/
|
|
941
973
|
PinBlock: HexLengthBetween16And32;
|
|
942
974
|
}
|
|
@@ -1002,7 +1034,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1002
1034
|
*/
|
|
1003
1035
|
KeyArn: KeyArn;
|
|
1004
1036
|
/**
|
|
1005
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1037
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1006
1038
|
*/
|
|
1007
1039
|
KeyCheckValue: KeyCheckValue;
|
|
1008
1040
|
}
|
|
@@ -1030,7 +1062,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1030
1062
|
*/
|
|
1031
1063
|
KeyArn: KeyArn;
|
|
1032
1064
|
/**
|
|
1033
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1065
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1034
1066
|
*/
|
|
1035
1067
|
KeyCheckValue: KeyCheckValue;
|
|
1036
1068
|
}
|
|
@@ -1048,7 +1080,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1048
1080
|
*/
|
|
1049
1081
|
MacLength?: IntegerRangeBetween4And16;
|
|
1050
1082
|
/**
|
|
1051
|
-
* The data on for which MAC is under verification.
|
|
1083
|
+
* The data on for which MAC is under verification. This value must be hexBinary.
|
|
1052
1084
|
*/
|
|
1053
1085
|
MessageData: HexEvenLengthBetween2And4096;
|
|
1054
1086
|
/**
|
|
@@ -1062,7 +1094,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1062
1094
|
*/
|
|
1063
1095
|
KeyArn: KeyArn;
|
|
1064
1096
|
/**
|
|
1065
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1097
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1066
1098
|
*/
|
|
1067
1099
|
KeyCheckValue: KeyCheckValue;
|
|
1068
1100
|
}
|
|
@@ -1106,7 +1138,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1106
1138
|
*/
|
|
1107
1139
|
EncryptionKeyArn: KeyArn;
|
|
1108
1140
|
/**
|
|
1109
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1141
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1110
1142
|
*/
|
|
1111
1143
|
EncryptionKeyCheckValue: KeyCheckValue;
|
|
1112
1144
|
/**
|
|
@@ -1114,7 +1146,7 @@ declare namespace PaymentCryptographyData {
|
|
|
1114
1146
|
*/
|
|
1115
1147
|
VerificationKeyArn: KeyArn;
|
|
1116
1148
|
/**
|
|
1117
|
-
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography
|
|
1149
|
+
* The key check value (KCV) of the encryption key. The KCV is used to check if all parties holding a given key have the same key or to detect that a key has changed. Amazon Web Services Payment Cryptography computes the KCV according to the CMAC specification.
|
|
1118
1150
|
*/
|
|
1119
1151
|
VerificationKeyCheckValue: KeyCheckValue;
|
|
1120
1152
|
}
|
|
@@ -1741,6 +1741,7 @@ declare namespace RDS {
|
|
|
1741
1741
|
* The storage type for the DB cluster.
|
|
1742
1742
|
*/
|
|
1743
1743
|
StorageType?: String;
|
|
1744
|
+
CertificateDetails?: CertificateDetails;
|
|
1744
1745
|
}
|
|
1745
1746
|
export interface ConnectionPoolConfiguration {
|
|
1746
1747
|
/**
|
|
@@ -2175,7 +2176,7 @@ declare namespace RDS {
|
|
|
2175
2176
|
*/
|
|
2176
2177
|
AllocatedStorage?: IntegerOptional;
|
|
2177
2178
|
/**
|
|
2178
|
-
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1 When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.
|
|
2179
|
+
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. This setting is required to create a Multi-AZ DB cluster. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 | io2 | gp3 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1 When you create an Aurora DB cluster with the storage type set to aurora-iopt1, the storage type is returned in the response. The storage type isn't returned when you set it to aurora.
|
|
2179
2180
|
*/
|
|
2180
2181
|
StorageType?: String;
|
|
2181
2182
|
/**
|
|
@@ -2235,6 +2236,10 @@ declare namespace RDS {
|
|
|
2235
2236
|
* Specifies whether read replicas can forward write operations to the writer DB instance in the DB cluster. By default, write operations aren't allowed on reader DB instances. Valid for: Aurora DB clusters only
|
|
2236
2237
|
*/
|
|
2237
2238
|
EnableLocalWriteForwarding?: BooleanOptional;
|
|
2239
|
+
/**
|
|
2240
|
+
* The CA certificate identifier to use for the DB cluster's server certificate. For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide. Valid for Cluster Type: Multi-AZ DB clusters
|
|
2241
|
+
*/
|
|
2242
|
+
CACertificateIdentifier?: String;
|
|
2238
2243
|
/**
|
|
2239
2244
|
* The ID of the region that contains the source for the read replica.
|
|
2240
2245
|
*/
|
|
@@ -2291,7 +2296,7 @@ declare namespace RDS {
|
|
|
2291
2296
|
*/
|
|
2292
2297
|
DBInstanceIdentifier: String;
|
|
2293
2298
|
/**
|
|
2294
|
-
* The amount of storage in gibibytes (GiB) to allocate for the DB instance. This setting doesn't apply to Amazon Aurora DB instances. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. Amazon RDS Custom Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. Provisioned IOPS storage (io1): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. RDS for Db2 Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp3): Must be an integer from 20 to
|
|
2299
|
+
* The amount of storage in gibibytes (GiB) to allocate for the DB instance. This setting doesn't apply to Amazon Aurora DB instances. Aurora cluster volumes automatically grow as the amount of data in your database increases, though you are only charged for the space that you use in an Aurora cluster volume. Amazon RDS Custom Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. Provisioned IOPS storage (io1, io2): Must be an integer from 40 to 65536 for RDS Custom for Oracle, 16384 for RDS Custom for SQL Server. RDS for Db2 Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp3): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. RDS for MariaDB Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. Magnetic storage (standard): Must be an integer from 5 to 3072. RDS for MySQL Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. Magnetic storage (standard): Must be an integer from 5 to 3072. RDS for Oracle Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. Magnetic storage (standard): Must be an integer from 10 to 3072. RDS for PostgreSQL Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Must be an integer from 20 to 65536. Provisioned IOPS storage (io1, io2): Must be an integer from 100 to 65536. Magnetic storage (standard): Must be an integer from 5 to 3072. RDS for SQL Server Constraints to the amount of storage for each storage type are the following: General Purpose (SSD) storage (gp2, gp3): Enterprise and Standard editions: Must be an integer from 20 to 16384. Web and Express editions: Must be an integer from 20 to 16384. Provisioned IOPS storage (io1, io2): Enterprise and Standard editions: Must be an integer from 100 to 16384. Web and Express editions: Must be an integer from 100 to 16384. Magnetic storage (standard): Enterprise and Standard editions: Must be an integer from 20 to 1024. Web and Express editions: Must be an integer from 20 to 1024.
|
|
2295
2300
|
*/
|
|
2296
2301
|
AllocatedStorage?: IntegerOptional;
|
|
2297
2302
|
/**
|
|
@@ -2391,7 +2396,7 @@ declare namespace RDS {
|
|
|
2391
2396
|
*/
|
|
2392
2397
|
DBClusterIdentifier?: String;
|
|
2393
2398
|
/**
|
|
2394
|
-
* The storage type to associate with the DB instance. If you specify io1 or gp3, you must also include a value for the Iops parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: gp2 | gp3 | io1 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2.
|
|
2399
|
+
* The storage type to associate with the DB instance. If you specify io1, io2, or gp3, you must also include a value for the Iops parameter. This setting doesn't apply to Amazon Aurora DB instances. Storage is managed by the DB cluster. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2.
|
|
2395
2400
|
*/
|
|
2396
2401
|
StorageType?: String;
|
|
2397
2402
|
/**
|
|
@@ -2586,7 +2591,7 @@ declare namespace RDS {
|
|
|
2586
2591
|
*/
|
|
2587
2592
|
VpcSecurityGroupIds?: VpcSecurityGroupIdList;
|
|
2588
2593
|
/**
|
|
2589
|
-
* The storage type to associate with the read replica. If you specify io1 or gp3, you must also include a value for the Iops parameter. Valid Values: gp2 | gp3 | io1 | standard Default: io1 if the Iops parameter is specified. Otherwise, gp2.
|
|
2594
|
+
* The storage type to associate with the read replica. If you specify io1, io2, or gp3, you must also include a value for the Iops parameter. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1 if the Iops parameter is specified. Otherwise, gp2.
|
|
2590
2595
|
*/
|
|
2591
2596
|
StorageType?: String;
|
|
2592
2597
|
/**
|
|
@@ -3347,6 +3352,7 @@ declare namespace RDS {
|
|
|
3347
3352
|
* The storage throughput for the DB cluster. The throughput is automatically set based on the IOPS that you provision, and is not configurable. This setting is only for non-Aurora Multi-AZ DB clusters.
|
|
3348
3353
|
*/
|
|
3349
3354
|
StorageThroughput?: IntegerOptional;
|
|
3355
|
+
CertificateDetails?: CertificateDetails;
|
|
3350
3356
|
}
|
|
3351
3357
|
export interface DBClusterAutomatedBackup {
|
|
3352
3358
|
/**
|
|
@@ -7425,7 +7431,7 @@ declare namespace RDS {
|
|
|
7425
7431
|
*/
|
|
7426
7432
|
AllocatedStorage?: IntegerOptional;
|
|
7427
7433
|
/**
|
|
7428
|
-
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1
|
|
7434
|
+
* The storage type to associate with the DB cluster. For information on storage types for Aurora DB clusters, see Storage configurations for Amazon Aurora DB clusters. For information on storage types for Multi-AZ DB clusters, see Settings for creating Multi-AZ DB clusters. When specified for a Multi-AZ DB cluster, a value for the Iops parameter is required. Valid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters Valid Values: Aurora DB clusters - aurora | aurora-iopt1 Multi-AZ DB clusters - io1 | io2 | gp3 Default: Aurora DB clusters - aurora Multi-AZ DB clusters - io1
|
|
7429
7435
|
*/
|
|
7430
7436
|
StorageType?: String;
|
|
7431
7437
|
/**
|
|
@@ -7493,6 +7499,10 @@ declare namespace RDS {
|
|
|
7493
7499
|
* Specifies whether to enable Aurora Limitless Database. You must enable Aurora Limitless Database to create a DB shard group. Valid for: Aurora DB clusters only
|
|
7494
7500
|
*/
|
|
7495
7501
|
EnableLimitlessDatabase?: BooleanOptional;
|
|
7502
|
+
/**
|
|
7503
|
+
* The CA certificate identifier to use for the DB cluster's server certificate. For more information, see Using SSL/TLS to encrypt a connection to a DB instance in the Amazon RDS User Guide. Valid for Cluster Type: Multi-AZ DB clusters
|
|
7504
|
+
*/
|
|
7505
|
+
CACertificateIdentifier?: String;
|
|
7496
7506
|
}
|
|
7497
7507
|
export interface ModifyDBClusterParameterGroupMessage {
|
|
7498
7508
|
/**
|
|
@@ -7610,7 +7620,7 @@ declare namespace RDS {
|
|
|
7610
7620
|
*/
|
|
7611
7621
|
NewDBInstanceIdentifier?: String;
|
|
7612
7622
|
/**
|
|
7613
|
-
* The storage type to associate with the DB instance. If you specify
|
|
7623
|
+
* The storage type to associate with the DB instance. If you specify io1, io2, or gp3 you must also include a value for the Iops parameter. If you choose to migrate your DB instance from using standard storage to using Provisioned IOPS, or from using Provisioned IOPS to using standard storage, the process can take time. The duration of the migration depends on several factors such as database load, storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if any), and the number of prior scale storage operations. Typical migration times are under 24 hours, but the process can take up to several days in some cases. During the migration, the DB instance is available for use, but might experience performance degradation. While the migration takes place, nightly backups for the instance are suspended. No other Amazon RDS operations can take place for the instance, including modifying the instance, rebooting the instance, deleting the instance, creating a read replica for the instance, and creating a DB snapshot of the instance. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2.
|
|
7614
7624
|
*/
|
|
7615
7625
|
StorageType?: String;
|
|
7616
7626
|
/**
|
|
@@ -9616,7 +9626,7 @@ declare namespace RDS {
|
|
|
9616
9626
|
OptionGroupName?: String;
|
|
9617
9627
|
Tags?: TagList;
|
|
9618
9628
|
/**
|
|
9619
|
-
* Specifies the storage type to be associated with the DB instance. Valid Values: gp2 | gp3 | io1 | standard If you specify io1 or gp3, you must also include a value for the Iops parameter. Default: io1 if the Iops parameter is specified, otherwise gp2
|
|
9629
|
+
* Specifies the storage type to be associated with the DB instance. Valid Values: gp2 | gp3 | io1 | io2 | standard If you specify io1, io2, or gp3, you must also include a value for the Iops parameter. Default: io1 if the Iops parameter is specified, otherwise gp2
|
|
9620
9630
|
*/
|
|
9621
9631
|
StorageType?: String;
|
|
9622
9632
|
/**
|
|
@@ -9817,7 +9827,7 @@ declare namespace RDS {
|
|
|
9817
9827
|
*/
|
|
9818
9828
|
Tags?: TagList;
|
|
9819
9829
|
/**
|
|
9820
|
-
* Specifies the storage type to be associated with the DB instance. Valid Values: gp2 | gp3 | io1 | standard If you specify io1 or gp3, you must also include a value for the Iops parameter. Default: io1 if the Iops parameter is specified; otherwise gp2
|
|
9830
|
+
* Specifies the storage type to be associated with the DB instance. Valid Values: gp2 | gp3 | io1 | io2 | standard If you specify io1, io2, or gp3, you must also include a value for the Iops parameter. Default: io1 if the Iops parameter is specified; otherwise gp2
|
|
9821
9831
|
*/
|
|
9822
9832
|
StorageType?: String;
|
|
9823
9833
|
/**
|
|
@@ -9991,7 +10001,7 @@ declare namespace RDS {
|
|
|
9991
10001
|
CopyTagsToSnapshot?: BooleanOptional;
|
|
9992
10002
|
Tags?: TagList;
|
|
9993
10003
|
/**
|
|
9994
|
-
* The storage type to associate with the DB instance. Valid Values: gp2 | gp3 | io1 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2. Constraints: If you specify io1 or gp3, you must also include a value for the Iops parameter.
|
|
10004
|
+
* The storage type to associate with the DB instance. Valid Values: gp2 | gp3 | io1 | io2 | standard Default: io1, if the Iops parameter is specified. Otherwise, gp2. Constraints: If you specify io1, io2, or gp3, you must also include a value for the Iops parameter.
|
|
9995
10005
|
*/
|
|
9996
10006
|
StorageType?: String;
|
|
9997
10007
|
/**
|
|
@@ -10726,7 +10736,7 @@ declare namespace RDS {
|
|
|
10726
10736
|
}
|
|
10727
10737
|
export interface ValidStorageOptions {
|
|
10728
10738
|
/**
|
|
10729
|
-
* The valid storage types for your DB instance. For example: gp2, gp3, io1.
|
|
10739
|
+
* The valid storage types for your DB instance. For example: gp2, gp3, io1, io2.
|
|
10730
10740
|
*/
|
|
10731
10741
|
StorageType?: String;
|
|
10732
10742
|
/**
|