The types of costs that are included in this COST budget.
USAGE, RI_UTILIZATION, RI_COVERAGE, Savings_Plans_Utilization, and Savings_Plans_Coverage budgets do not have CostTypes.
The types of costs that are included in this COST budget.
USAGE, RI_UTILIZATION, RI_COVERAGE, SAVINGS_PLANS_UTILIZATION, and SAVINGS_PLANS_COVERAGE budgets do not have CostTypes.
The length of time until a budget resets the actual and forecasted spend. DAILY is available only for RI_UTILIZATION, RI_COVERAGE, Savings_Plans_Utilization, and Savings_Plans_Coverage budgets.
The length of time until a budget resets the actual and forecasted spend.
" }, "TimePeriod":{ "shape":"TimePeriod", @@ -318,7 +318,7 @@ "documentation":"The last time that you updated this budget.
" } }, - "documentation":"Represents the output of the CreateBudget operation. The content consists of the detailed metadata and data file information, and the current status of the budget object.
This is the ARN pattern for a budget:
arn:aws:budgetservice::AccountId:budget/budgetName
Represents the output of the CreateBudget operation. The content consists of the detailed metadata and data file information, and the current status of the budget object.
This is the ARN pattern for a budget:
arn:aws:budgets::AccountId:budget/budgetName
The type of a budget. It must be one of the following types:
COST, USAGE, RI_UTILIZATION, or RI_COVERAGE.
The type of a budget. It must be one of the following types:
COST, USAGE, RI_UTILIZATION, RI_COVERAGE, SAVINGS_PLANS_UTILIZATION, or SAVINGS_PLANS_COVERAGE.
The amount of cost, usage, or RI units that you have used.
" + "documentation":"The amount of cost, usage, RI units, or Savings Plans units that you have used.
" }, "ForecastedSpend":{ "shape":"Spend", - "documentation":"The amount of cost, usage, or RI units that you are forecasted to use.
" + "documentation":"The amount of cost, usage, RI units, or Savings Plans units that you are forecasted to use.
" } }, - "documentation":"The spend objects that are associated with this budget. The actualSpend tracks how much you've used, cost, usage, or RI units, and the forecastedSpend tracks how much you are predicted to spend if your current usage remains steady.
For example, if it is the 20th of the month and you have spent 50 dollars on Amazon EC2, your actualSpend is 50 USD, and your forecastedSpend is 75 USD.
The spend objects that are associated with this budget. The actualSpend tracks how much you've used, cost, usage, RI units, or Savings Plans units and the forecastedSpend tracks how much you are predicted to spend based on your historical usage profile.
For example, if it is the 20th of the month and you have spent 50 dollars on Amazon EC2, your actualSpend is 50 USD, and your forecastedSpend is 75 USD.
Specifies whether a budget uses the amortized rate.
The default value is false.
The types of cost that are included in a COST budget, such as tax and subscriptions.
USAGE, RI_UTILIZATION, and RI_COVERAGE budgets do not have CostTypes.
The types of cost that are included in a COST budget, such as tax and subscriptions.
USAGE, RI_UTILIZATION, RI_COVERAGE, SAVINGS_PLANS_UTILIZATION, and SAVINGS_PLANS_COVERAGE budgets do not have CostTypes.
The threshold that is associated with a notification. Thresholds are always a percentage.
" + "documentation":"The threshold that is associated with a notification. Thresholds are always a percentage, and many customers find value being alerted between 50% - 200% of the budgeted amount. The maximum limit for your threshold is 1,000,000% above the budgeted amount.
" }, "ThresholdType":{ "shape":"ThresholdType", @@ -930,7 +930,7 @@ "documentation":"Whether this notification is in alarm. If a budget notification is in the ALARM state, you have passed the set threshold for the budget.
A notification that is associated with a budget. A budget can have up to five notifications.
Each notification must have at least one subscriber. A notification can have one SNS subscriber and up to 10 email subscribers, for a total of 11 subscribers.
For example, if you have a budget for 200 dollars and you want to be notified when you go over 160 dollars, create a notification with the following parameters:
A notificationType of ACTUAL
A thresholdType of PERCENTAGE
A comparisonOperator of GREATER_THAN
A notification threshold of 80
A notification that is associated with a budget. A budget can have up to ten notifications.
Each notification must have at least one subscriber. A notification can have one SNS subscriber and up to 10 email subscribers, for a total of 11 subscribers.
For example, if you have a budget for 200 dollars and you want to be notified when you go over 160 dollars, create a notification with the following parameters:
A notificationType of ACTUAL
A thresholdType of PERCENTAGE
A comparisonOperator of GREATER_THAN
A notification threshold of 80
The threshold of a notification. It must be a number between 0 and 1,000,000,000.
", - "max":1000000000, + "max":40000000000, "min":0 }, "NotificationType":{ @@ -975,7 +975,7 @@ "type":"list", "member":{"shape":"NotificationWithSubscribers"}, "documentation":"A list of notifications, each with a list of subscribers.
", - "max":5 + "max":10 }, "Notifications":{ "type":"list", diff --git a/botocore/data/ec2/2016-11-15/service-2.json b/botocore/data/ec2/2016-11-15/service-2.json index c3f8ffd9fb..ce4ae863b4 100644 --- a/botocore/data/ec2/2016-11-15/service-2.json +++ b/botocore/data/ec2/2016-11-15/service-2.json @@ -23692,6 +23692,13 @@ "t3a.large", "t3a.xlarge", "t3a.2xlarge", + "t4g.nano", + "t4g.micro", + "t4g.small", + "t4g.medium", + "t4g.large", + "t4g.xlarge", + "t4g.2xlarge", "m1.small", "m1.medium", "m1.large", diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index bf1d1e7e3b..8213641ebc 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -4486,6 +4486,7 @@ "ap-south-1" : { }, "ap-southeast-1" : { }, "ap-southeast-2" : { }, + "ca-central-1" : { }, "eu-central-1" : { }, "eu-west-1" : { }, "eu-west-2" : { }, diff --git a/botocore/data/kafka/2018-11-14/paginators-1.json b/botocore/data/kafka/2018-11-14/paginators-1.json index ddc3b3d4ba..b890941bb0 100644 --- a/botocore/data/kafka/2018-11-14/paginators-1.json +++ b/botocore/data/kafka/2018-11-14/paginators-1.json @@ -35,6 +35,12 @@ "output_token": "NextToken", "limit_key": "MaxResults", "result_key": "KafkaVersions" + }, + "ListScramSecrets": { + "input_token": "NextToken", + "output_token": "NextToken", + "limit_key": "MaxResults", + "result_key": "SecretArnList" } } } diff --git a/botocore/data/kafka/2018-11-14/service-2.json b/botocore/data/kafka/2018-11-14/service-2.json index da58825134..b91e698d52 100644 --- a/botocore/data/kafka/2018-11-14/service-2.json +++ b/botocore/data/kafka/2018-11-14/service-2.json @@ -12,6 +12,44 @@ "signatureVersion": "v4" }, "operations": { + "BatchAssociateScramSecret" : { + "name" : "BatchAssociateScramSecret", + "http" : { + "method" : "POST", + "requestUri" : "/v1/clusters/{clusterArn}/scram-secrets", + "responseCode" : 200 + }, + "input" : { + "shape" : "BatchAssociateScramSecretRequest" + }, + "output" : { + "shape" : "BatchAssociateScramSecretResponse", + "documentation": "\n200 response
\n " + }, + "errors" : [ { + "shape" : "BadRequestException", + "documentation" : "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, { + "shape" : "UnauthorizedException", + "documentation" : "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, { + "shape" : "InternalServerErrorException", + "documentation" : "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, { + "shape" : "ForbiddenException", + "documentation" : "\nAccess forbidden. Check your credentials and then retry your request.
\n " + }, { + "shape" : "NotFoundException", + "documentation" : "\nThe resource could not be found due to incorrect input. Correct the input, then retry the request.
\n " + }, { + "shape" : "ServiceUnavailableException", + "documentation" : "\n503 response
\n " + }, { + "shape" : "TooManyRequestsException", + "documentation" : "\n429 response
\n " + } ], + "documentation" : "\nAssociates one or more Scram Secrets with an Amazon MSK cluster.
\n " + }, "CreateCluster": { "name": "CreateCluster", "http": { @@ -331,6 +369,44 @@ ], "documentation": "\nReturns a description of this revision of the configuration.
\n " }, + "BatchDisassociateScramSecret" : { + "name" : "BatchDisassociateScramSecret", + "http" : { + "method" : "PATCH", + "requestUri" : "/v1/clusters/{clusterArn}/scram-secrets", + "responseCode" : 200 + }, + "input" : { + "shape" : "BatchDisassociateScramSecretRequest" + }, + "output" : { + "shape" : "BatchDisassociateScramSecretResponse", + "documentation": "\n200 response
\n " + }, + "errors" : [ { + "shape" : "BadRequestException", + "documentation" : "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, { + "shape" : "UnauthorizedException", + "documentation" : "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, { + "shape" : "InternalServerErrorException", + "documentation" : "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, { + "shape" : "ForbiddenException", + "documentation" : "\nAccess forbidden. Check your credentials and then retry your request.
\n " + }, { + "shape" : "NotFoundException", + "documentation" : "\nThe resource could not be found due to incorrect input. Correct the input, then retry the request.
\n " + }, { + "shape" : "ServiceUnavailableException", + "documentation" : "\n503 response
\n " + }, { + "shape" : "TooManyRequestsException", + "documentation" : "\n429 response
\n " + } ], + "documentation" : "\nDisassociates one or more Scram Secrets from an Amazon MSK cluster.
\n " + }, "GetBootstrapBrokers": { "name": "GetBootstrapBrokers", "http": { @@ -631,6 +707,44 @@ ], "documentation": "\nReturns a list of the broker nodes in the cluster.
\n " }, + "ListScramSecrets" : { + "name" : "ListScramSecrets", + "http" : { + "method" : "GET", + "requestUri" : "/v1/clusters/{clusterArn}/scram-secrets", + "responseCode" : 200 + }, + "input" : { + "shape" : "ListScramSecretsRequest" + }, + "output" : { + "shape" : "ListScramSecretsResponse", + "documentation": "\n200 response
\n " + }, + "errors" : [ { + "shape" : "BadRequestException", + "documentation" : "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " + }, { + "shape" : "UnauthorizedException", + "documentation" : "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " + }, { + "shape" : "InternalServerErrorException", + "documentation" : "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " + }, { + "shape" : "ForbiddenException", + "documentation" : "\nAccess forbidden. Check your credentials and then retry your request.
\n " + }, { + "shape" : "NotFoundException", + "documentation" : "\nThe resource could not be found due to incorrect input. Correct the input, then retry the request.
\n " + }, { + "shape" : "ServiceUnavailableException", + "documentation" : "\n503 response
\n " + }, { + "shape" : "TooManyRequestsException", + "documentation" : "\n429 response
\n " + } ], + "documentation" : "\nReturns a list of the Scram Secrets associated with an Amazon MSK cluster.
\n " + }, "ListTagsForResource": { "name": "ListTagsForResource", "http": { @@ -981,24 +1095,57 @@ }, "errors" : [ { "shape" : "ServiceUnavailableException", - "documentation" : "\nHTTP Status Code 503: Service Unavailable. Retrying your request in some time might resolve the issue.
\n " + "documentation" : "\n503 response
\n " }, { "shape" : "BadRequestException", - "documentation" : "\nHTTP Status Code 400: Bad request due to incorrect input. Correct your request and then retry it.
\n " + "documentation" : "\nThe request isn't valid because the input is incorrect. Correct your input and then submit it again.
\n " }, { "shape" : "UnauthorizedException", - "documentation" : "\nHTTP Status Code 401: Unauthorized request. The provided credentials couldn't be validated.
\n " + "documentation" : "\nThe request is not authorized. The provided credentials couldn't be validated.
\n " }, { "shape" : "InternalServerErrorException", - "documentation" : "\nHTTP Status Code 500: Unexpected internal server error. Retrying your request might resolve the issue.
\n " + "documentation" : "\nThere was an unexpected internal server error. Retrying your request might resolve the issue.
\n " }, { "shape" : "ForbiddenException", - "documentation" : "\nHTTP Status Code 403: Access forbidden. Correct your credentials and then retry your request.
\n " + "documentation" : "\nAccess forbidden. Check your credentials and then retry your request.
\n " } ], "documentation" : "\nUpdates the monitoring settings for the cluster. You can use this operation to specify which Apache Kafka metrics you want Amazon MSK to send to Amazon CloudWatch. You can also specify settings for open monitoring with Prometheus.
\n " } }, "shapes": { + "BatchAssociateScramSecretRequest" : { + "type" : "structure", + "members" : { + "ClusterArn" : { + "shape" : "__string", + "location" : "uri", + "locationName" : "clusterArn", + "documentation" : "\nThe Amazon Resource Name (ARN) of the cluster to be updated.
\n " + }, + "SecretArnList" : { + "shape" : "__listOf__string", + "locationName" : "secretArnList", + "documentation" : "\nList of AWS Secrets Manager secret ARNs.
\n " + } + }, + "documentation" : "\nAssociates sasl scram secrets to cluster.
\n ", + "required" : [ "ClusterArn", "SecretArnList" ] + }, + "BatchAssociateScramSecretResponse" : { + "type" : "structure", + "members" : { + "ClusterArn" : { + "shape" : "__string", + "locationName" : "clusterArn", + "documentation" : "\nThe Amazon Resource Name (ARN) of the cluster.
\n " + }, + "UnprocessedScramSecrets" : { + "shape" : "__listOfUnprocessedScramSecret", + "locationName" : "unprocessedScramSecrets", + "documentation" : "\nList of errors when associating secrets to cluster.
\n " + } + } + }, "BadRequestException": { "type": "structure", "members": { @@ -1155,16 +1302,21 @@ }, "documentation": "\nInformation about the current software installed on the cluster.
\n " }, - "ClientAuthentication": { - "type": "structure", - "members": { + "ClientAuthentication" : { + "type" : "structure", + "members" : { + "Sasl" : { + "shape" : "Sasl", + "locationName" : "sasl", + "documentation" : "\nDetails for ClientAuthentication using SASL.
\n " + }, "Tls": { "shape": "Tls", "locationName": "tls", "documentation": "\nDetails for ClientAuthentication using TLS.
\n " } }, - "documentation": "\nIncludes all client authentication information.
\n " + "documentation" : "\nIncludes all client authentication information.
\n " }, "ClientBroker": { "type": "string", @@ -1878,6 +2030,39 @@ } } }, + "BatchDisassociateScramSecretRequest" : { + "type" : "structure", + "members" : { + "ClusterArn" : { + "shape" : "__string", + "location" : "uri", + "locationName" : "clusterArn", + "documentation" : "\nThe Amazon Resource Name (ARN) of the cluster to be updated.
\n " + }, + "SecretArnList" : { + "shape" : "__listOf__string", + "locationName" : "secretArnList", + "documentation" : "\nList of AWS Secrets Manager secret ARNs.
\n " + } + }, + "documentation" : "\nDisassociates sasl scram secrets to cluster.
\n ", + "required" : [ "ClusterArn", "SecretArnList" ] + }, + "BatchDisassociateScramSecretResponse" : { + "type" : "structure", + "members" : { + "ClusterArn" : { + "shape" : "__string", + "locationName" : "clusterArn", + "documentation" : "\nThe Amazon Resource Name (ARN) of the cluster.
\n " + }, + "UnprocessedScramSecrets" : { + "shape" : "__listOfUnprocessedScramSecret", + "locationName" : "unprocessedScramSecrets", + "documentation" : "\nList of errors when disassociating secrets to cluster.
\n " + } + } + }, "EBSStorageInfo": { "type": "structure", "members": { @@ -2036,6 +2221,11 @@ "shape": "__string", "locationName": "bootstrapBrokerStringTls", "documentation": "\nA string containing one or more DNS names (or IP) and TLS port pairs.
\n " + }, + "BootstrapBrokerStringSaslScram": { + "shape": "__string", + "locationName": "bootstrapBrokerStringSaslScram", + "documentation": "\nA string containing one or more DNS names (or IP) and Sasl Scram port pairs.
\n " } } }, @@ -2323,6 +2513,45 @@ } } }, + "ListScramSecretsRequest" : { + "type" : "structure", + "members" : { + "ClusterArn" : { + "shape" : "__string", + "location" : "uri", + "locationName" : "clusterArn", + "documentation" : "\nThe arn of the cluster.
\n " + }, + "MaxResults" : { + "shape" : "MaxResults", + "location" : "querystring", + "locationName" : "maxResults", + "documentation" : "\nThe maxResults of the query.
\n " + }, + "NextToken" : { + "shape" : "__string", + "location" : "querystring", + "locationName" : "nextToken", + "documentation" : "\nThe nextToken of the query.
\n " + } + }, + "required" : [ "ClusterArn" ] + }, + "ListScramSecretsResponse" : { + "type" : "structure", + "members" : { + "NextToken" : { + "shape" : "__string", + "locationName" : "nextToken", + "documentation" : "\nPaginated results marker.
\n " + }, + "SecretArnList" : { + "shape" : "__listOf__string", + "locationName" : "secretArnList", + "documentation" : "\nThe list of scram secrets associated with the cluster.
\n " + } + } + }, "ListTagsForResourceRequest": { "type": "structure", "members": { @@ -2512,7 +2741,7 @@ "BrokerIds" : { "shape" : "__listOf__string", "locationName" : "brokerIds", - "documentation" : "\nThe list of broker IDs to be rebooted.
\n " + "documentation" : "\nThe list of broker IDs to be rebooted. The reboot-broker operation supports rebooting one broker at a time.
\n " }, "ClusterArn" : { "shape" : "__string", @@ -2557,6 +2786,28 @@ }, "required" : [ "Enabled" ] }, + "Sasl" : { + "type" : "structure", + "members" : { + "Scram" : { + "shape" : "Scram", + "locationName" : "scram", + "documentation" : "\nDetails for SASL/SCRAM client authentication.
\n " + } + }, + "documentation" : "\nDetails for client authentication using SASL.
\n " + }, + "Scram" : { + "type" : "structure", + "members" : { + "Enabled" : { + "shape" : "__boolean", + "locationName" : "enabled", + "documentation" : "\nSASL/SCRAM authentication is enabled or not.
\n " + } + }, + "documentation" : "\nDetails for SASL/SCRAM client authentication.
\n " + }, "NodeInfo": { "type": "structure", "members": { @@ -2735,6 +2986,27 @@ "httpStatusCode": 401 } }, + "UnprocessedScramSecret" : { + "type" : "structure", + "members" : { + "ErrorCode" : { + "shape" : "__string", + "locationName" : "errorCode", + "documentation" : "\nError code for associate/disassociate failure.
\n " + }, + "ErrorMessage" : { + "shape" : "__string", + "locationName" : "errorMessage", + "documentation" : "\nError message for associate/disassociate failure.
\n " + }, + "SecretArn" : { + "shape" : "__string", + "locationName" : "secretArn", + "documentation" : "\nAWS Secrets Manager secret ARN.
\n " + } + }, + "documentation" : "\nError info for scram secret associate/disassociate failure.
\n " + }, "UntagResourceRequest": { "type": "structure", "members": { @@ -3115,6 +3387,12 @@ "shape": "NodeInfo" } }, + "__listOfUnprocessedScramSecret" : { + "type" : "list", + "member" : { + "shape" : "UnprocessedScramSecret" + } + }, "__listOf__string": { "type": "list", "member": { diff --git a/botocore/data/kendra/2019-02-03/service-2.json b/botocore/data/kendra/2019-02-03/service-2.json index 09d5e6289f..1f4fb26861 100644 --- a/botocore/data/kendra/2019-02-03/service-2.json +++ b/botocore/data/kendra/2019-02-03/service-2.json @@ -313,7 +313,7 @@ {"shape":"ServiceQuotaExceededException"}, {"shape":"InternalServerException"} ], - "documentation":"Searches an active index. Use this API to search your documents using query. The Query operation enables to do faceted search and to filter results based on document attributes.
It also enables you to provide user context that Amazon Kendra uses to enforce document access control in the search results.
Amazon Kendra searches your index for text content and question and answer (FAQ) content. By default the response contains three types of results.
Relevant passages
Matching FAQs
Relevant documents
You can specify that the query return only one type of result using the QueryResultTypeConfig parameter.
Searches an active index. Use this API to search your documents using query. The Query operation enables to do faceted search and to filter results based on document attributes.
It also enables you to provide user context that Amazon Kendra uses to enforce document access control in the search results.
Amazon Kendra searches your index for text content and question and answer (FAQ) content. By default the response contains three types of results.
Relevant passages
Matching FAQs
Relevant documents
You can specify that the query return only one type of result using the QueryResultTypeConfig parameter.
Each query returns the 100 most relevant results.
" }, "StartDataSourceSyncJob":{ "name":"StartDataSourceSyncJob", @@ -916,7 +916,7 @@ }, "Edition":{ "shape":"IndexEdition", - "documentation":"The Amazon Kendra edition to use for the index. Choose DEVELOPER_EDITION for indexes intended for development, testing, or proof of concept. Use ENTERPRISE_EDITION for your production databases. Once you set the edition for an index, it can't be changed.
The Amazon Kendra edition to use for the index. Choose DEVELOPER_EDITION for indexes intended for development, testing, or proof of concept. Use ENTERPRISE_EDITION for your production databases. Once you set the edition for an index, it can't be changed.
The Edition parameter is optional. If you don't supply a value, the default is ENTERPRISE_EDITION.
The key for the facet values. This is the same as the DocumentAttributeKey provided in the query.
The data type of the facet value. This is the same as the type defined for the index field when it was created.
" + }, "DocumentAttributeValueCountPairs":{ "shape":"DocumentAttributeValueCountPairList", "documentation":"An array of key/value pairs, where the key is the value of the attribute and the count is the number of documents that share the key value.
" @@ -2347,7 +2351,7 @@ }, "TotalNumberOfResults":{ "shape":"Integer", - "documentation":"The number of items returned by the search. Use this to determine when you have requested the last set of results.
" + "documentation":"The total number of items found by the search; however, you can only retrieve up to 100 items. For example, if the search found 192 items, you can only retrieve the first 100 of the items.
" } } }, @@ -2388,7 +2392,7 @@ }, "ScoreAttributes":{ "shape":"ScoreAttributes", - "documentation":"Indicates the confidence that Amazon Kendra has that a result matches the query that you provided. Each result is placed into a bin that indicates the confidence, VERY_HIGH, HIGH, and MEDIUM. You can use the score to determine if a response meets the confidence needed for your application.
Confidence scores are only returned for results with the Type field set to QUESTION_ANSWER or ANSWER. This field is not returned if the Type field is set to DOCUMENT.
Indicates the confidence that Amazon Kendra has that a result matches the query that you provided. Each result is placed into a bin that indicates the confidence, VERY_HIGH, HIGH, MEDIUM and LOW. You can use the score to determine if a response meets the confidence needed for your application.
The field is only set to LOW when the Type field is set to DOCUMENT and Amazon Kendra is not confident that the result matches the query.
A single query result.
A query result contains information about a document returned by the query. This includes the original location of the document, a list of attributes assigned to the document, and relevant text from the document that satisfies the query.
" @@ -2826,7 +2830,8 @@ "enum":[ "VERY_HIGH", "HIGH", - "MEDIUM" + "MEDIUM", + "LOW" ] }, "Search":{ diff --git a/botocore/data/medialive/2017-10-14/service-2.json b/botocore/data/medialive/2017-10-14/service-2.json index d4baf15b85..9bfdcd9c73 100644 --- a/botocore/data/medialive/2017-10-14/service-2.json +++ b/botocore/data/medialive/2017-10-14/service-2.json @@ -2452,12 +2452,14 @@ }, "AribDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Arib Destination Settings" }, "AribSourceSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Arib Source Settings" }, "AudioChannelMapping": { @@ -2760,7 +2762,7 @@ "Tracks": { "shape": "__listOfAudioTrack", "locationName": "tracks", - "documentation": "Selects one or more unique audio tracks from within an mp4 source." + "documentation": "Selects one or more unique audio tracks from within a source." } }, "documentation": "Audio Track Selection", @@ -3565,7 +3567,8 @@ }, "ColorSpacePassthroughSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Passthrough applies no color space conversion to the output" }, "ConflictException": { @@ -4209,7 +4212,8 @@ }, "DeleteInputResponse": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Placeholder documentation for DeleteInputResponse" }, "DeleteInputSecurityGroupRequest": { @@ -4229,7 +4233,8 @@ }, "DeleteInputSecurityGroupResponse": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Placeholder documentation for DeleteInputSecurityGroupResponse" }, "DeleteMultiplexProgramRequest": { @@ -4479,7 +4484,8 @@ }, "DeleteScheduleResponse": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Placeholder documentation for DeleteScheduleResponse" }, "DeleteTagsRequest": { @@ -5703,7 +5709,7 @@ "FontFamily": { "shape": "__string", "locationName": "fontFamily", - "documentation": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to \"monospaced\". (If styleControl is set to exclude, the font family is always set to \"monospaced\".)\n\nYou specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size.\n\n- Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as “Arial”), or a generic font family (such as “serif”), or “default” (to let the downstream player choose the font).\n- Leave blank to set the family to “monospace”." + "documentation": "Specifies the font family to include in the font data attached to the EBU-TT captions. Valid only if styleControl is set to include. If you leave this field empty, the font family is set to \"monospaced\". (If styleControl is set to exclude, the font family is always set to \"monospaced\".)\n\nYou specify only the font family. All other style information (color, bold, position and so on) is copied from the input captions. The size is always set to 100% to allow the downstream player to choose the size.\n\n- Enter a list of font families, as a comma-separated list of font names, in order of preference. The name can be a font family (such as \u201cArial\u201d), or a generic font family (such as \u201cserif\u201d), or \u201cdefault\u201d (to let the downstream player choose the font).\n- Leave blank to set the family to \u201cmonospace\u201d." }, "StyleControl": { "shape": "EbuTtDDestinationStyleControl", @@ -5739,12 +5745,14 @@ }, "EmbeddedDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Embedded Destination Settings" }, "EmbeddedPlusScte20DestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Embedded Plus Scte20 Destination Settings" }, "EmbeddedScte20Detection": { @@ -5783,7 +5791,8 @@ }, "Empty": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Placeholder documentation for Empty" }, "EncoderSettings": { @@ -6014,7 +6023,7 @@ "Destination": { "shape": "OutputLocationRef", "locationName": "destination", - "documentation": "The destination for the frame capture files. Either the URI for an Amazon S3 bucket and object, plus a file name prefix (for example, s3ssl://sportsDelivery/highlights/20180820/curling_) or the URI for a MediaStore container, plus a file name prefix (for example, mediastoressl://sportsDelivery/20180820/curling_). The final file names consist of the prefix from the destination field (for example, \"curling_\") + name modifier + the counter (5 digits, starting from 00001) + extension (which is always .jpg). For example, curlingLow.00001.jpg" + "documentation": "The destination for the frame capture files. Either the URI for an Amazon S3 bucket and object, plus a file name prefix (for example, s3ssl://sportsDelivery/highlights/20180820/curling-) or the URI for a MediaStore container, plus a file name prefix (for example, mediastoressl://sportsDelivery/20180820/curling-). The final file names consist of the prefix from the destination field (for example, \"curling-\") + name modifier + the counter (5 digits, starting from 00001) + extension (which is always .jpg). For example, curling-low.00001.jpg" } }, "documentation": "Frame Capture Group Settings", @@ -7133,7 +7142,7 @@ "IndexNSegments": { "shape": "__integerMin3", "locationName": "indexNSegments", - "documentation": "Applies only if Mode field is LIVE. Specifies the maximum number of segments in the media manifest file. After this maximum, older segments are removed from the media manifest. This number must be less than or equal to the Keep Segments field." + "documentation": "Applies only if Mode field is LIVE.\n\nSpecifies the maximum number of segments in the media manifest file. After this maximum, older segments are removed from the media manifest. This number must be smaller than the number in the Keep Segments field." }, "InputLossAction": { "shape": "InputLossActionForHlsOut", @@ -7153,7 +7162,7 @@ "KeepSegments": { "shape": "__integerMin1", "locationName": "keepSegments", - "documentation": "Applies only if Mode field is LIVE. Specifies the number of media segments (.ts files) to retain in the destination directory." + "documentation": "Applies only if Mode field is LIVE.\n\nSpecifies the number of media segments to retain in the destination directory. This number should be bigger than indexNSegments (Num segments). We recommend (value = (2 x indexNsegments) + 1).\n\nIf this \"keep segments\" number is too low, the following might happen: the player is still reading a media manifest file that lists this segment, but that segment has been removed from the destination directory (as directed by indexNSegments). This situation would result in a 404 HTTP error on the player." }, "KeyFormat": { "shape": "__string", @@ -7558,7 +7567,8 @@ }, "ImmediateModeScheduleActionStartSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Settings to configure an action so that it occurs as soon as possible." }, "Input": { @@ -8496,7 +8506,8 @@ "URL_PULL", "MP4_FILE", "MEDIACONNECT", - "INPUT_DEVICE" + "INPUT_DEVICE", + "AWS_CDI" ], "documentation": "Placeholder documentation for InputType" }, @@ -8913,7 +8924,7 @@ "shape": "__string", "location": "querystring", "locationName": "codec", - "documentation": "Filter by codec, 'AVC', 'HEVC', 'MPEG2', or 'AUDIO'" + "documentation": "Filter by codec, 'AVC', 'HEVC', 'MPEG2', 'AUDIO', or 'LINK'" }, "Duration": { "shape": "__string", @@ -9015,7 +9026,7 @@ "shape": "__string", "location": "querystring", "locationName": "codec", - "documentation": "Filter by codec, 'AVC', 'HEVC', 'MPEG2', or 'AUDIO'" + "documentation": "Filter by codec, 'AVC', 'HEVC', 'MPEG2', 'AUDIO', or 'LINK'" }, "MaxResults": { "shape": "MaxResults", @@ -9332,7 +9343,7 @@ "BufferModel": { "shape": "M2tsBufferModel", "locationName": "bufferModel", - "documentation": "If set to multiplex, use multiplex buffer model for accurate interleaving. Setting to bufferModel to none can lead to lower latency, but low-memory devices may not be able to play back the stream without interruptions." + "documentation": "Controls the timing accuracy for output network traffic. Leave as MULTIPLEX to ensure accurate network packet timing. Or set to NONE, which might result in lower latency but will result in more variability in output network packet timing. This variability might cause interruptions, jitter, or bursty behavior in your playback or receiving devices." }, "CcDescriptor": { "shape": "M2tsCcDescriptor", @@ -9708,7 +9719,8 @@ }, "MediaPackageOutputSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Media Package Output Settings" }, "Mp2CodingMode": { @@ -9942,7 +9954,8 @@ }, "MultiplexGroupSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Multiplex Group Settings" }, "MultiplexMediaConnectOutputDestinationSettings": { @@ -10620,7 +10633,8 @@ }, "PassThroughSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Pass Through Settings" }, "PauseStateScheduleActionSettings": { @@ -10784,12 +10798,14 @@ }, "Rec601Settings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Rec601 Settings" }, "Rec709Settings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Rec709 Settings" }, "RemixSettings": { @@ -10919,7 +10935,8 @@ "MPEG2", "AVC", "HEVC", - "AUDIO" + "AUDIO", + "LINK" ] }, "ReservationMaximumBitrate": { @@ -11071,7 +11088,8 @@ }, "RtmpCaptionInfoDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Rtmp Caption Info Destination Settings" }, "RtmpGroupSettings": { @@ -11252,7 +11270,8 @@ }, "ScheduleDeleteResultModel": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Result of a schedule deletion." }, "ScheduleDescribeResultModel": { @@ -11284,7 +11303,8 @@ }, "Scte20PlusEmbeddedDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Scte20 Plus Embedded Destination Settings" }, "Scte20SourceSettings": { @@ -11305,7 +11325,8 @@ }, "Scte27DestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Scte27 Destination Settings" }, "Scte27SourceSettings": { @@ -11683,7 +11704,8 @@ }, "SmpteTtDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Smpte Tt Destination Settings" }, "StandardHlsSettings": { @@ -12175,7 +12197,8 @@ }, "TeletextDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Teletext Destination Settings" }, "TeletextSourceSettings": { @@ -13033,7 +13056,7 @@ "RespondToAfd": { "shape": "VideoDescriptionRespondToAfd", "locationName": "respondToAfd", - "documentation": "Indicates how to respond to the AFD values in the input stream. RESPOND causes input video to be clipped, depending on the AFD value, input display aspect ratio, and output display aspect ratio, and (except for FRAME_CAPTURE codec) includes the values in the output. PASSTHROUGH (does not apply to FRAME_CAPTURE codec) ignores the AFD values and includes the values in the output, so input video is not clipped. NONE ignores the AFD values and does not include the values through to the output, so input video is not clipped." + "documentation": "Indicates how MediaLive will respond to the AFD values that might be in the input video. If you do not know what AFD signaling is, or if your downstream system has not given you guidance, choose PASSTHROUGH.\nRESPOND: MediaLive clips the input video using a formula that uses the AFD values (configured in afdSignaling ), the input display aspect ratio, and the output display aspect ratio. MediaLive also includes the AFD values in the output, unless the codec for this encode is FRAME_CAPTURE.\nPASSTHROUGH: MediaLive ignores the AFD values and does not clip the video. But MediaLive does include the values in the output.\nNONE: MediaLive does not clip the input video and does not include the AFD values in the output" }, "ScalingBehavior": { "shape": "VideoDescriptionScalingBehavior", @@ -13149,28 +13172,10 @@ }, "WebvttDestinationSettings": { "type": "structure", - "members": {}, + "members": { + }, "documentation": "Webvtt Destination Settings" }, - "AcceptHeader": { - "type": "string", - "enum": [ - "image/jpeg" - ], - "documentation": "The HTTP Accept header. Indicates the requested type for the thumbnail." - }, - "ContentType": { - "type": "string", - "enum": [ - "image/jpeg" - ], - "documentation": "Specifies the media type of the thumbnail." - }, - "InputDeviceThumbnail": { - "type": "blob", - "streaming": true, - "description": "The binary data for the thumbnail that the Link device has most recently sent to MediaLive." - }, "__boolean": { "type": "boolean", "documentation": "Placeholder documentation for __boolean" @@ -13872,6 +13877,25 @@ "timestampFormat": "unixTimestamp", "documentation": "Placeholder documentation for __timestampUnix" }, + "InputDeviceThumbnail": { + "type": "blob", + "streaming": true, + "documentation": "The binary data for the thumbnail that the Link device has most recently sent to MediaLive." + }, + "AcceptHeader": { + "type": "string", + "enum": [ + "image/jpeg" + ], + "documentation": "The HTTP Accept header. Indicates the requested type fothe thumbnail." + }, + "ContentType": { + "type": "string", + "enum": [ + "image/jpeg" + ], + "documentation": "Specifies the media type of the thumbnail." + }, "__timestamp": { "type": "timestamp", "documentation": "Placeholder documentation for __timestamp" diff --git a/botocore/data/organizations/2016-11-28/service-2.json b/botocore/data/organizations/2016-11-28/service-2.json index 5ac3eb832b..21828d04a9 100644 --- a/botocore/data/organizations/2016-11-28/service-2.json +++ b/botocore/data/organizations/2016-11-28/service-2.json @@ -34,7 +34,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"AccessDeniedForDependencyException"} ], - "documentation":"Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
This operation can be called only by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake permission. If you enabled all features in the organization, the user must also have the iam:CreateServiceLinkedRole permission so that AWS Organizations can create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the master account.
For more information about invitations, see Inviting an AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" + "documentation":"Sends a response to the originator of a handshake agreeing to the action proposed by the handshake request.
This operation can be called only by the following principals when they also have the relevant IAM permissions:
Invitation to join or Approve all features request handshakes: only a principal from the member account.
The user who calls the API for an invitation to join must have the organizations:AcceptHandshake permission. If you enabled all features in the organization, the user must also have the iam:CreateServiceLinkedRole permission so that AWS Organizations can create the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
Enable all features final confirmation handshake: only a principal from the master account.
For more information about invitations, see Inviting an AWS Account to Join Your Organization in the AWS Organizations User Guide. For more information about requests to enable all features in the organization, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
After you accept a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" }, "AttachPolicy":{ "name":"AttachPolicy", @@ -78,7 +78,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" + "documentation":"Cancels a handshake. Canceling a handshake sets the handshake state to CANCELED.
This operation can be called only from the account that originated the handshake. The recipient of the handshake can't cancel it, but can use DeclineHandshake instead. After a handshake is canceled, the recipient can no longer respond to that handshake.
After you cancel a handshake, it continues to appear in the results of relevant APIs for only 30 days. After that, it's deleted.
" }, "CreateAccount":{ "name":"CreateAccount", @@ -99,7 +99,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Creates an AWS account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS CloudTrail with AWS Organizations, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
This operation can be called only from the organization's master account.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact AWS Support.
Using CreateAccount to create multiple temporary accounts isn't recommended. You can only close an account from the Billing and Cost Management Console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an AWS Account in the AWS Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
Creates an AWS account that is automatically a member of the organization whose credentials made the request. This is an asynchronous request that AWS performs in the background. Because CreateAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS CloudTrail with AWS Organizations, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
The user who calls the API to create an account must have the organizations:CreateAccount permission. If you enabled all features in the organization, AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
AWS Organizations preconfigures the new member account with a role (named OrganizationAccountAccessRole by default) that grants users in the master account administrator permissions in the new member account. Principals in the master account can assume the role. AWS Organizations clones the company name and address information for the new account from the organization's master account.
This operation can be called only from the organization's master account.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account, such as a payment method and signing the end user license agreement (EULA) is not automatically collected. If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact AWS Support.
Using CreateAccount to create multiple temporary accounts isn't recommended. You can only close an account from the Billing and Cost Management Console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an AWS Account in the AWS Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
This action is available if all of the following are true:
You're authorized to create accounts in the AWS GovCloud (US) Region. For more information on the AWS GovCloud (US) Region, see the AWS GovCloud User Guide.
You already have an account in the AWS GovCloud (US) Region that is associated with your master account in the commercial Region.
You call this action from the master account of your organization in the commercial Region.
You have the organizations:CreateGovCloudAccount permission. AWS Organizations creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, but you should also do the following:
Verify that AWS CloudTrail is enabled to store logs.
Create an S3 bucket for AWS CloudTrail log storage.
For more information, see Verifying AWS CloudTrail Is Enabled in the AWS GovCloud User Guide.
You call this action from the master account of your organization in the commercial Region to create a standalone AWS account in the AWS GovCloud (US) Region. After the account is created, the master account of an organization in the AWS GovCloud (US) Region can invite it to that organization. For more information on inviting standalone accounts in the AWS GovCloud (US) to join an organization, see AWS Organizations in the AWS GovCloud User Guide.
Calling CreateGovCloudAccount is an asynchronous request that AWS performs in the background. Because CreateGovCloudAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS CloudTrail with Organizations, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
When you call the CreateGovCloudAccount action, you create two accounts: a standalone account in the AWS GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The account in the commercial Region is automatically a member of the organization whose credentials made the request. Both accounts are associated with the same email address.
A role is created in the new account in the commercial Region that allows the master account in the organization in the commercial Region to assume it. An AWS GovCloud (US) account is then created and associated with the commercial account that you just created. A role is created in the new AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account that is associated with the master account of the commercial organization. For more information and to view a diagram that explains how account access works, see AWS Organizations in the AWS GovCloud User Guide.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account is not automatically collected. This includes a payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact AWS Support.
Using CreateGovCloudAccount to create multiple temporary accounts isn't recommended. You can only close an account from the AWS Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an AWS Account in the AWS Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
This action is available if all of the following are true:
You're authorized to create accounts in the AWS GovCloud (US) Region. For more information on the AWS GovCloud (US) Region, see the AWS GovCloud User Guide.
You already have an account in the AWS GovCloud (US) Region that is associated with your master account in the commercial Region.
You call this action from the master account of your organization in the commercial Region.
You have the organizations:CreateGovCloudAccount permission.
AWS Organizations automatically creates the required service-linked role named AWSServiceRoleForOrganizations. For more information, see AWS Organizations and Service-Linked Roles in the AWS Organizations User Guide.
AWS automatically enables AWS CloudTrail for AWS GovCloud (US) accounts, but you should also do the following:
Verify that AWS CloudTrail is enabled to store logs.
Create an S3 bucket for AWS CloudTrail log storage.
For more information, see Verifying AWS CloudTrail Is Enabled in the AWS GovCloud User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission. The tags are attached to the commercial account associated with the GovCloud account, rather than the GovCloud account itself. To add tags to the GovCloud account, call the TagResource operation in the GovCloud Region after the new GovCloud account exists.
You call this action from the master account of your organization in the commercial Region to create a standalone AWS account in the AWS GovCloud (US) Region. After the account is created, the master account of an organization in the AWS GovCloud (US) Region can invite it to that organization. For more information on inviting standalone accounts in the AWS GovCloud (US) to join an organization, see AWS Organizations in the AWS GovCloud User Guide.
Calling CreateGovCloudAccount is an asynchronous request that AWS performs in the background. Because CreateGovCloudAccount operates asynchronously, it can return a successful completion message even though account initialization might still be in progress. You might need to wait a few minutes before you can successfully access the account. To check the status of the request, do one of the following:
Use the OperationId response element from this operation to provide as a parameter to the DescribeCreateAccountStatus operation.
Check the AWS CloudTrail log for the CreateAccountResult event. For information on using AWS CloudTrail with Organizations, see Monitoring the Activity in Your Organization in the AWS Organizations User Guide.
When you call the CreateGovCloudAccount action, you create two accounts: a standalone account in the AWS GovCloud (US) Region and an associated account in the commercial Region for billing and support purposes. The account in the commercial Region is automatically a member of the organization whose credentials made the request. Both accounts are associated with the same email address.
A role is created in the new account in the commercial Region that allows the master account in the organization in the commercial Region to assume it. An AWS GovCloud (US) account is then created and associated with the commercial account that you just created. A role is also created in the new AWS GovCloud (US) account that can be assumed by the AWS GovCloud (US) account that is associated with the master account of the commercial organization. For more information and to view a diagram that explains how account access works, see AWS Organizations in the AWS GovCloud User Guide.
For more information about creating accounts, see Creating an AWS Account in Your Organization in the AWS Organizations User Guide.
When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required for the account to operate as a standalone account is not automatically collected. This includes a payment method and signing the end user license agreement (EULA). If you must remove an account from your organization later, you can do so only after you provide the missing information. Follow the steps at To leave an organization as a member account in the AWS Organizations User Guide.
If you get an exception that indicates that you exceeded your account limits for the organization, contact AWS Support.
If you get an exception that indicates that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists, contact AWS Support.
Using CreateGovCloudAccount to create multiple temporary accounts isn't recommended. You can only close an account from the AWS Billing and Cost Management console, and you must be signed in as the root user. For information on the requirements and process for closing an account, see Closing an AWS Account in the AWS Organizations User Guide.
When you create a member account with this operation, you can choose whether to create the account with the IAM User and Role Access to Billing Information switch enabled. If you enable it, IAM users and roles that have appropriate permissions can view billing information for the account. If you disable it, only the account root user can access billing information. For information about how to disable this switch for an account, see Granting Access to Your Billing Information and Tools.
Creates an AWS organization. The account whose user is calling the CreateOrganization operation automatically becomes the master account of the new organization.
This operation must be called using credentials from the account that is to become the new organization's master account. The principal must also have the relevant IAM permissions.
By default (or if you set the FeatureSet parameter to ALL), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet parameter to CONSOLIDATED_BILLING\", no policy types are enabled by default, and you can't use organization policies
Creates an AWS organization. The account whose user is calling the CreateOrganization operation automatically becomes the master account of the new organization.
This operation must be called using credentials from the account that is to become the new organization's master account. The principal must also have the relevant IAM permissions.
By default (or if you set the FeatureSet parameter to ALL), the new organization is created with all features enabled and service control policies automatically enabled in the root. If you instead choose to create the organization supporting only the consolidated billing features by setting the FeatureSet parameter to CONSOLIDATED_BILLING\", no policy types are enabled by default, and you can't use organization policies
Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing Organizational Units in the AWS Organizations User Guide.
This operation can be called only from the organization's master account.
" + "documentation":"Creates an organizational unit (OU) within a root or parent OU. An OU is a container for accounts that enables you to organize your accounts to apply policies according to your business requirements. The number of levels deep that you can nest OUs is dependent upon the policy types enabled for that root. For service control policies, the limit is five.
For more information about OUs, see Managing Organizational Units in the AWS Organizations User Guide.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's master account.
" }, "CreatePolicy":{ "name":"CreatePolicy", @@ -184,7 +184,7 @@ {"shape":"TooManyRequestsException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account.
For more information about policies and their use, see Managing Organization Policies.
This operation can be called only from the organization's master account.
" + "documentation":"Creates a policy of a specified type that you can attach to a root, an organizational unit (OU), or an individual AWS account.
For more information about policies and their use, see Managing Organization Policies.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's master account.
" }, "DeclineHandshake":{ "name":"DeclineHandshake", @@ -339,7 +339,7 @@ {"shape":"InvalidInputException"}, {"shape":"UnsupportedAPIEndpointException"} ], - "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to policy types other than service control policies (SCPs).
For more information about policy inheritance, see How Policy Inheritance Works in the AWS Organizations User Guide.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" + "documentation":"Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.
This operation applies only to policy types other than service control policies (SCPs).
For more information about policy inheritance, see How Policy Inheritance Works in the AWS Organizations User Guide.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" }, "DescribeHandshake":{ "name":"DescribeHandshake", @@ -433,7 +433,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".
This operation can be called only from the organization's master account.
" + "documentation":"Detaches a policy from a target root, organizational unit (OU), or account.
If the policy being detached is a service control policy (SCP), the changes to permissions for AWS Identity and Access Management (IAM) users and roles in affected accounts are immediate.
Every root, OU, and account must have at least one SCP attached. If you want to replace the default FullAWSAccess policy with an SCP that limits the permissions that can be delegated, you must attach the replacement SCP before you can remove the default SCP. This is the authorization strategy of an \"allow list\". If you instead attach a second SCP and leave the FullAWSAccess SCP still attached, and specify \"Effect\": \"Deny\" in the second SCP to override the \"Effect\": \"Allow\" in the FullAWSAccess policy (or any other attached SCP), you're using the authorization strategy of a \"deny list\".
This operation can be called only from the organization's master account.
" }, "DisableAWSServiceAccess":{ "name":"DisableAWSServiceAccess", @@ -475,7 +475,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that AWS performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's master account.
To view the status of available policy types in the organization, use DescribeOrganization.
" + "documentation":"Disables an organizational policy type in a root. A policy of a certain type can be attached to entities in a root only if that type is enabled in the root. After you perform this operation, you no longer can attach policies of the specified type to that root or to any organizational unit (OU) or account in that root. You can undo this by using the EnablePolicyType operation.
This is an asynchronous request that AWS performs in the background. If you disable a policy type for a root, it still appears enabled for the organization if all features are enabled for the organization. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's master account.
To view the status of available policy types in the organization, use DescribeOrganization.
" }, "EnableAWSServiceAccess":{ "name":"EnableAWSServiceAccess", @@ -513,7 +513,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that AWS Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains \"Action\": \"ENABLE_ALL_FEATURES\". This completes the change.
After you enable all features in your organization, the master account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The master account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's master account.
" + "documentation":"Enables all features in an organization. This enables the use of organization policies that can restrict the services and actions that can be called in each account. Until you enable all features, you have access only to consolidated billing, and you can't use any of the advanced account administration features that AWS Organizations supports. For more information, see Enabling All Features in Your Organization in the AWS Organizations User Guide.
This operation is required only for organizations that were created explicitly with only the consolidated billing features enabled. Calling this operation sends a handshake to every invited account in the organization. The feature set change can be finalized and the additional features enabled only after all administrators in the invited accounts approve the change by accepting the handshake.
After you enable all features, you can separately enable or disable individual policy types in a root using EnablePolicyType and DisablePolicyType. To see the status of policy types in a root, use ListRoots.
After all invited member accounts accept the handshake, you finalize the feature set change by accepting the handshake that contains \"Action\": \"ENABLE_ALL_FEATURES\". This completes the change.
After you enable all features in your organization, the master account in the organization can apply policies on all member accounts. These policies can restrict what users and even administrators in those accounts can do. The master account can apply policies that prevent accounts from leaving the organization. Ensure that your account administrators are aware of this.
This operation can be called only from the organization's master account.
" }, "EnablePolicyType":{ "name":"EnablePolicyType", @@ -537,7 +537,7 @@ {"shape":"UnsupportedAPIEndpointException"}, {"shape":"PolicyChangesInProgressException"} ], - "documentation":"Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that AWS performs in the background. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's master account.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.
" + "documentation":"Enables a policy type in a root. After you enable a policy type in a root, you can attach policies of that type to the root, any organizational unit (OU), or account in that root. You can undo this by using the DisablePolicyType operation.
This is an asynchronous request that AWS performs in the background. AWS recommends that you first use ListRoots to see the status of policy types for a specified root, and then use this operation.
This operation can be called only from the organization's master account.
You can enable a policy type in a root only if that policy type is available in the organization. To view the status of available policy types in the organization, use DescribeOrganization.
" }, "InviteAccountToOrganization":{ "name":"InviteAccountToOrganization", @@ -554,12 +554,13 @@ {"shape":"ConcurrentModificationException"}, {"shape":"HandshakeConstraintViolationException"}, {"shape":"DuplicateHandshakeException"}, + {"shape":"ConstraintViolationException"}, {"shape":"InvalidInputException"}, {"shape":"FinalizingOrganizationException"}, {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Sends an invitation to another account to join your organization as a member account. AWS Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
You can invite AWS accounts only from the same seller as the master account. For example, if your organization's master account was created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and AWS or from any other AWS seller. For more information, see Consolidated Billing in India.
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact AWS Support.
This operation can be called only from the organization's master account.
" + "documentation":"Sends an invitation to another account to join your organization as a member account. AWS Organizations sends email on your behalf to the email address that is associated with the other account's owner. The invitation is implemented as a Handshake whose details are in the response.
You can invite AWS accounts only from the same seller as the master account. For example, if your organization's master account was created by Amazon Internet Services Pvt. Ltd (AISPL), an AWS seller in India, you can invite only other AISPL accounts to your organization. You can't combine accounts from AISPL and AWS or from any other AWS seller. For more information, see Consolidated Billing in India.
If you receive an exception that indicates that you exceeded your account limits for the organization or that the operation failed because your organization is still initializing, wait one hour and then try again. If the error persists after an hour, contact AWS Support.
If the request includes tags, then the requester must have the organizations:TagResource permission.
This operation can be called only from the organization's master account.
" }, "LeaveOrganization":{ "name":"LeaveOrganization", @@ -578,7 +579,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the master account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
The master account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
Choose a support plan
Provide and verify the required contact information
Provide a current payment method
AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
You can leave an organization only after you enable IAM user access to billing in your account. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
Removes a member account from its parent organization. This version of the operation is performed by the account that wants to leave. To remove a member account as a user in the master account, use RemoveAccountFromOrganization instead.
This operation can be called only from a member account in the organization.
The master account in an organization with all features enabled can set service control policies (SCPs) that can restrict what administrators of member accounts can do. This includes preventing them from successfully calling LeaveOrganization and leaving the organization.
You can leave an organization as a member account only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For each account that you want to make standalone, you must perform the following steps. If any of the steps are already completed for this account, that step doesn't appear.
Choose a support plan
Provide and verify the required contact information
Provide a current payment method
AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. Follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
You can leave an organization only after you enable IAM user access to billing in your account. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.
List the AWS services for which the specified account is a delegated administrator.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" + "documentation":"List the AWS services for which the specified account is a delegated administrator.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" }, "ListHandshakesForAccount":{ "name":"ListHandshakesForAccount", @@ -779,7 +780,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
In the current release, a child can have only a single parent.
Lists the root or organizational units (OUs) that serve as the immediate parent of the specified child OU or account. This operation, along with ListChildren enables you to traverse the tree structure that makes up this root.
Always check the NextToken response parameter for a null value when calling a List* operation. These operations can occasionally return an empty set of results even when there are more results available. The NextToken response parameter value is null only when there are no more results to display.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
In the current release, a child can have only a single parent.
Lists tags for the specified resource.
Currently, you can list tags on an account in AWS Organizations.
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" + "documentation":"Lists tags that are attached to the specified resource.
You can attach tags to the following resources in AWS Organizations.
AWS account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's master account or by a member account that is a delegated administrator for an AWS service.
" }, "ListTargetsForPolicy":{ "name":"ListTargetsForPolicy", @@ -932,7 +933,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's master account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
This operation can be called only from the organization's master account. Member accounts can remove themselves with LeaveOrganization instead.
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For an account that you want to make standalone, you must choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To remove an account that doesn't yet have this information, you must sign in as the member account and follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
Removes the specified account from the organization.
The removed account becomes a standalone account that isn't a member of any organization. It's no longer subject to any policies and is responsible for its own bill payments. The organization's master account is no longer charged for any expenses accrued by the member account after it's removed from the organization.
This operation can be called only from the organization's master account. Member accounts can remove themselves with LeaveOrganization instead.
You can remove an account from your organization only if the account is configured with the information required to operate as a standalone account. When you create an account in an organization using the AWS Organizations console, API, or CLI commands, the information required of standalone accounts is not automatically collected. For an account that you want to make standalone, you must choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not free tier) AWS activity that occurs while the account isn't attached to an organization. To remove an account that doesn't yet have this information, you must sign in as the member account and follow the steps at To leave an organization when all required account information has not yet been provided in the AWS Organizations User Guide.
After the account leaves the organization, all tags that were attached to the account object in the organization are deleted. AWS accounts outside of an organization do not support tags.
Adds one or more tags to the specified resource.
Currently, you can tag and untag accounts in AWS Organizations.
This operation can be called only from the organization's master account.
" + "documentation":"Adds one or more tags to the specified resource.
Currently, you can attach tags to the following resources in AWS Organizations.
AWS account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's master account.
" }, "UntagResource":{ "name":"UntagResource", @@ -970,7 +971,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Removes a tag from the specified resource.
Currently, you can tag and untag accounts in AWS Organizations.
This operation can be called only from the organization's master account.
" + "documentation":"Removes any tags with the specified keys from the specified resource.
You can attach tags to the following resources in AWS Organizations.
AWS account
Organization root
Organizational unit (OU)
Policy (any type)
This operation can be called only from the organization's master account.
" }, "UpdateOrganizationalUnit":{ "name":"UpdateOrganizationalUnit", @@ -990,7 +991,7 @@ {"shape":"ServiceException"}, {"shape":"TooManyRequestsException"} ], - "documentation":"Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
This operation can be called only from the organization's master account.
" + "documentation":"Renames the specified organizational unit (OU). The ID and ARN don't change. The child OUs and accounts remain in place, and any attached policies of the OU remain attached.
This operation can be called only from the organization's master account.
" }, "UpdatePolicy":{ "name":"UpdatePolicy", @@ -1344,6 +1345,10 @@ "IamUserAccessToBilling":{ "shape":"IAMUserAccessToBilling", "documentation":"If set to ALLOW, the new account enables IAM users to access account billing information if they have the required permissions. If set to DENY, only the root user of the new account can access account billing information. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
If you don't specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
A list of tags that you want to attach to the newly created account. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags for an account, then the entire request fails and the account is not created.
If set to ALLOW, the new linked account in the commercial Region enables IAM users to access account billing information if they have the required permissions. If set to DENY, only the root user of the new account can access account billing information. For more information, see Activating Access to the Billing and Cost Management Console in the AWS Billing and Cost Management User Guide.
If you don't specify this parameter, the value defaults to ALLOW, and IAM users and roles with the required permissions can access billing information for the new account.
A list of tags that you want to attach to the newly created account. These tags are attached to the commercial account associated with the GovCloud account, and not to the GovCloud account itself. To add tags to the actual GovCloud account, call the TagResource operation in the GovCloud region after the new GovCloud account exists.
For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags for an account, then the entire request fails and the account is not created.
The friendly name to assign to the new OU.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A list of tags that you want to attach to the newly created OU. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags for an OU, then the entire request fails and the OU is not created.
The type of policy to create. You can specify one of the following values:
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A list of tags that you want to attach to the newly created policy. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
If any one of the tags is invalid or if you exceed the allowed number of tags for a policy, then the entire request fails and the policy is not created.
When you're signed in as the master account, specify the ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.
" + "documentation":"When you're signed in as the master account, specify the ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.
" } } }, @@ -2222,7 +2239,7 @@ "Message":{"shape":"ExceptionMessage"}, "Reason":{"shape":"InvalidInputExceptionReason"} }, - "documentation":"The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_ENUM: You specified an invalid value.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
The requested operation failed because you provided invalid values for one or more of the request parameters. This exception includes a reason that contains additional information about the violated limit:
Some of the reasons in the following list might not be applicable to this specific API or operation.
DUPLICATE_TAG_KEY: Tag keys must be unique among the tags attached to the same entity.
IMMUTABLE_POLICY: You specified a policy that is managed by AWS and can't be modified.
INPUT_REQUIRED: You must include a value for all required parameters.
INVALID_ENUM: You specified an invalid value.
INVALID_ENUM_POLICY_TYPE: You specified an invalid policy type string.
INVALID_FULL_NAME_TARGET: You specified a full name that contains invalid characters.
INVALID_LIST_MEMBER: You provided a list to a parameter that contains at least one invalid value.
INVALID_PAGINATION_TOKEN: Get the value for the NextToken parameter from the response to a previous call of the operation.
INVALID_PARTY_TYPE_TARGET: You specified the wrong type of entity (account, organization, or email) as a party.
INVALID_PATTERN: You provided a value that doesn't match the required pattern.
INVALID_PATTERN_TARGET_ID: You specified a policy target ID that doesn't match the required pattern.
INVALID_ROLE_NAME: You provided a role name that isn't valid. A role name can't begin with the reserved prefix AWSServiceRoleFor.
INVALID_SYNTAX_ORGANIZATION_ARN: You specified an invalid Amazon Resource Name (ARN) for the organization.
INVALID_SYNTAX_POLICY_ID: You specified an invalid policy ID.
INVALID_SYSTEM_TAGS_PARAMETER: You specified a tag key that is a system tag. You can’t add, edit, or delete system tag keys because they're reserved for AWS use. System tags don’t count against your tags per resource limit.
MAX_FILTER_LIMIT_EXCEEDED: You can specify only one filter parameter for the operation.
MAX_LENGTH_EXCEEDED: You provided a string parameter that is longer than allowed.
MAX_VALUE_EXCEEDED: You provided a numeric parameter that has a larger value than allowed.
MIN_LENGTH_EXCEEDED: You provided a string parameter that is shorter than allowed.
MIN_VALUE_EXCEEDED: You provided a numeric parameter that has a smaller value than allowed.
MOVING_ACCOUNT_BETWEEN_DIFFERENT_ROOTS: You can move an account only between entities in the same root.
TARGET_NOT_SUPPORTED: You can't perform the specified operation on that target entity.
UNRECOGNIZED_SERVICE_PRINCIPAL: You specified a service principal that isn't recognized.
The identifier (ID) of the AWS account that you want to invite to join your organization. This is a JSON object that contains the following elements:
{ \"Type\": \"ACCOUNT\", \"Id\": \"< account id number >\" }
If you use the AWS CLI, you can submit this as a single string, similar to the following example:
--target Id=123456789012,Type=ACCOUNT
If you specify \"Type\": \"ACCOUNT\", you must provide the AWS account ID number as the Id. If you specify \"Type\": \"EMAIL\", you must specify the email address that is associated with the account.
--target Id=diego@example.com,Type=EMAIL
The identifier (ID) of the AWS account that you want to invite to join your organization. This is a JSON object that contains the following elements:
{ \"Type\": \"ACCOUNT\", \"Id\": \"< account id number >\" }
If you use the AWS CLI, you can submit this as a single string, similar to the following example:
--target Id=123456789012,Type=ACCOUNT
If you specify \"Type\": \"ACCOUNT\", you must provide the AWS account ID number as the Id. If you specify \"Type\": \"EMAIL\", you must specify the email address that is associated with the account.
--target Id=diego@example.com,Type=EMAIL
Additional information that you want to include in the generated email to the recipient account owner.
" + }, + "Tags":{ + "shape":"Tags", + "documentation":"A list of tags that you want to attach to the account when it becomes a member of the organization. For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null. For more information about tagging, see Tagging AWS Organizations resources in the AWS Organizations User Guide.
Any tags in the request are checked for compliance with any applicable tag policies when the request is made. The request is rejected if the tags in the request don't match the requirements of the policy at that time. Tag policy compliance is not checked again when the invitation is accepted and the tags are actually attached to the account. That means that if the tag policy changes between the invitation and the acceptance, then that tags could potentially be non-compliant.
If any one of the tags is invalid or if you exceed the allowed number of tags for an account, then the entire request fails and invitations are not sent.
The ID of the resource that you want to retrieve tags for.
" + "documentation":"The ID of the resource with the tags to list.
You can specify any of the following taggable resources.
AWS account – specify the account ID number.
Organizational unit – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz
Root – specify the root ID that begins with r- and looks similar to: r-1a2b
Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
The string value that's associated with the key of the tag. You can set the value of a tag to an empty string, but you can't set the value of a tag to null.
" } }, - "documentation":"A custom key-value pair associated with a resource such as an account within your organization.
" + "documentation":"A custom key-value pair associated with a resource within your organization.
You can attach tags to any of the following organization resources.
AWS account
Organizational unit (OU)
Organization root
Policy
The tag to add to the specified resource. You must specify both a tag key and value. You can set the value of a tag to an empty string, but you can't set it to null.
" + "documentation":"A list of tags to add to the specified resource.
You can specify any of the following taggable resources.
AWS account – specify the account ID number.
Organizational unit – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz
Root – specify the root ID that begins with r- and looks similar to: r-1a2b
Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
For each tag in the list, you must specify both a tag key and a value. You can set the value to an empty string, but you can't set it to null.
If any one of the tags is invalid or if you exceed the allowed number of tags for an account user, then the entire request fails and the account is not created.
We can't find a root, OU, or account with the TargetId that you specified.
We can't find a root, OU, account, or policy with the TargetId that you specified.
The ID of the resource to remove the tag from.
" + "documentation":"The ID of the resource to remove a tag from.
You can specify any of the following taggable resources.
AWS account – specify the account ID number.
Organizational unit – specify the OU ID that begins with ou- and looks similar to: ou-1a2b-34uvwxyz
Root – specify the root ID that begins with r- and looks similar to: r-1a2b
Policy – specify the policy ID that begins with p- andlooks similar to: p-12abcdefg3
The tag to remove from the specified resource.
" + "documentation":"The list of keys for tags to remove from the specified resource.
" } } }, diff --git a/botocore/data/sagemaker/2017-07-24/service-2.json b/botocore/data/sagemaker/2017-07-24/service-2.json index 30d24f313d..7b2181e54e 100644 --- a/botocore/data/sagemaker/2017-07-24/service-2.json +++ b/botocore/data/sagemaker/2017-07-24/service-2.json @@ -3013,11 +3013,11 @@ }, "Image":{ "shape":"ContainerImage", - "documentation":"The Amazon EC2 Container Registry (Amazon ECR) path where inference code is stored. If you are using your own custom algorithm instead of an algorithm provided by Amazon SageMaker, the inference code must meet Amazon SageMaker requirements. Amazon SageMaker supports both registry/repository[:tag] and registry/repository[@digest] image path formats. For more information, see Using Your Own Algorithms with Amazon SageMaker
The path where inference code is stored. This can be either in Amazon EC2 Container Registry or in a Docker registry that is accessible from the same VPC that you configure for your endpoint. If you are using your own custom algorithm instead of an algorithm provided by Amazon SageMaker, the inference code must meet Amazon SageMaker requirements. Amazon SageMaker supports both registry/repository[:tag] and registry/repository[@digest] image path formats. For more information, see Using Your Own Algorithms with Amazon SageMaker
Specifies whether the model container is in Amazon ECR or a private Docker registry in your Amazon Virtual Private Cloud (VPC). For information about storing containers in a private Docker registry, see Use a Private Docker Registry for Real-Time Inference Containers
" + "documentation":"Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC). For information about storing containers in a private Docker registry, see Use a Private Docker Registry for Real-Time Inference Containers
" }, "Mode":{ "shape":"ContainerMode", @@ -7580,11 +7580,11 @@ }, "TaskAvailabilityLifetimeInSeconds":{ "shape":"FlowDefinitionTaskAvailabilityLifetimeInSeconds", - "documentation":"The length of time that a task remains available for labeling by human workers.
" + "documentation":"The length of time that a task remains available for review by human workers.
" }, "TaskTimeLimitInSeconds":{ "shape":"FlowDefinitionTaskTimeLimitInSeconds", - "documentation":"The amount of time that a worker has to complete a task.
" + "documentation":"The amount of time that a worker has to complete a task. The default value is 3,600 seconds (1 hour)
" }, "TaskKeywords":{ "shape":"FlowDefinitionTaskKeywords", @@ -8133,10 +8133,10 @@ "members":{ "RepositoryAccessMode":{ "shape":"RepositoryAccessMode", - "documentation":"Set this to one of the following values:
Platform - The model image is hosted in Amazon ECR.
VPC - The model image is hosted in a private Docker registry in your VPC.
Set this to one of the following values:
Platform - The model image is hosted in Amazon ECR.
Vpc - The model image is hosted in a private Docker registry in your VPC.
Specifies whether the model container is in Amazon ECR or a private Docker registry in your Amazon Virtual Private Cloud (VPC).
" + "documentation":"Specifies whether the model container is in Amazon ECR or a private Docker registry accessible from your Amazon Virtual Private Cloud (VPC).
" }, "ImageDigest":{ "type":"string", @@ -8448,7 +8448,7 @@ }, "InitialActiveLearningModelArn":{ "shape":"ModelArn", - "documentation":"At the end of an auto-label job Amazon SageMaker Ground Truth sends the Amazon Resource Nam (ARN) of the final model used for auto-labeling. You can use this model as the starting point for subsequent similar jobs by providing the ARN of the model here.
" + "documentation":"At the end of an auto-label job Ground Truth sends the Amazon Resource Name (ARN) of the final model used for auto-labeling. You can use this model as the starting point for subsequent similar jobs by providing the ARN of the model here.
" }, "LabelingJobResourceConfig":{ "shape":"LabelingJobResourceConfig", @@ -8478,9 +8478,13 @@ "S3DataSource":{ "shape":"LabelingJobS3DataSource", "documentation":"The Amazon S3 location of the input data objects.
" + }, + "SnsDataSource":{ + "shape":"LabelingJobSnsDataSource", + "documentation":"An Amazon SNS data source used for streaming labeling jobs.
" } }, - "documentation":"Provides information about the location of input data.
" + "documentation":"Provides information about the location of input data.
You must specify at least one of the following: S3DataSource or SnsDataSource.
Use SnsDataSource to specify an SNS input topic for a streaming labeling job. If you do not specify and SNS input topic ARN, Ground Truth will create a one-time labeling job.
Use S3DataSource to specify an input manifest file for both streaming and one-time labeling jobs. Adding an S3DataSource is optional if you use SnsDataSource to create a streaming labeling job.
The AWS Key Management Service ID of the key used to encrypt the output data, if any.
If you use a KMS key ID or an alias of your master key, the Amazon SageMaker execution role must include permissions to call kms:Encrypt. If you don't provide a KMS key ID, Amazon SageMaker uses the default KMS key for Amazon S3 for your role's account. Amazon SageMaker uses server-side encryption with KMS-managed keys for LabelingJobOutputConfig. If you use a bucket policy with an s3:PutObject permission that only allows objects with server-side encryption, set the condition key of s3:x-amz-server-side-encryption to \"aws:kms\". For more information, see KMS-Managed Encryption Keys in the Amazon Simple Storage Service Developer Guide.
The KMS key policy must grant permission to the IAM role that you specify in your CreateLabelingJob request. For more information, see Using Key Policies in AWS KMS in the AWS Key Management Service Developer Guide.
An Amazon Simple Notification Service (Amazon SNS) output topic ARN.
When workers complete labeling tasks, Ground Truth will send labeling task output data to the SNS output topic you specify here.
You must provide a value for this parameter if you provide an Amazon SNS input topic in SnsDataSource in InputConfig.
Output configuration information for a labeling job.
" @@ -8593,6 +8601,17 @@ }, "documentation":"The Amazon S3 location of the input data objects.
" }, + "LabelingJobSnsDataSource":{ + "type":"structure", + "required":["SnsTopicArn"], + "members":{ + "SnsTopicArn":{ + "shape":"SnsTopicArn", + "documentation":"The Amazon SNS input topic Amazon Resource Name (ARN). Specify the ARN of the input topic you will use to send new data objects to a streaming labeling job.
If you specify an input topic for SnsTopicArn in InputConfig, you must specify a value for SnsTopicArn in OutputConfig.
An Amazon SNS data source used for streaming labeling jobs.
" + }, "LabelingJobStatus":{ "type":"string", "enum":[ @@ -12877,6 +12896,11 @@ "type":"string", "pattern":"UserName" }, + "SnsTopicArn":{ + "type":"string", + "max":2048, + "pattern":"arn:aws[a-z\\-]*:sns:[a-z0-9\\-]*:[0-9]{12}:[a-zA-Z0-9_.-]*" + }, "SortBy":{ "type":"string", "enum":[ diff --git a/botocore/data/transcribe/2017-10-26/service-2.json b/botocore/data/transcribe/2017-10-26/service-2.json index cd6b90de0c..bbeb179404 100644 --- a/botocore/data/transcribe/2017-10-26/service-2.json +++ b/botocore/data/transcribe/2017-10-26/service-2.json @@ -905,6 +905,7 @@ } } }, + "IdentifiedLanguageScore":{"type":"float"}, "InputDataConfig":{ "type":"structure", "required":[ @@ -1039,6 +1040,11 @@ }, "documentation":"The structure used to describe a custom language model.
" }, + "LanguageOptions":{ + "type":"list", + "member":{"shape":"LanguageCode"}, + "min":2 + }, "LimitExceededException":{ "type":"structure", "members":{ @@ -1630,7 +1636,6 @@ "type":"structure", "required":[ "TranscriptionJobName", - "LanguageCode", "Media" ], "members":{ @@ -1677,6 +1682,14 @@ "ContentRedaction":{ "shape":"ContentRedaction", "documentation":"An object that contains the request parameters for content redaction.
" + }, + "IdentifyLanguage":{ + "shape":"Boolean", + "documentation":"Set this field to true to enable automatic language identification. Automatic language identification is disabled by default. You receive a BadRequestException error if you enter a value for a LanguageCode.
An object containing a list of languages that might be present in your collection of audio files. Automatic language identification chooses a language that best matches the source audio from that list.
" } } }, @@ -1766,6 +1779,18 @@ "ContentRedaction":{ "shape":"ContentRedaction", "documentation":"An object that describes content redaction settings for the transcription job.
" + }, + "IdentifyLanguage":{ + "shape":"Boolean", + "documentation":"A value that shows if automatic language identification was enabled for a transcription job.
" + }, + "LanguageOptions":{ + "shape":"LanguageOptions", + "documentation":"An object that shows the optional array of languages inputted for transcription jobs with automatic language identification enabled.
" + }, + "IdentifiedLanguageScore":{ + "shape":"IdentifiedLanguageScore", + "documentation":"The score that Amazon Transcribe gives for the predominant language that it identified in your collection of source audio files. This score reflects the confidence that the language that Amazon Transcribe identified is the correct language.
" } }, "documentation":"Describes an asynchronous transcription job that was created with the StartTranscriptionJob operation.
The content redaction settings of the transcription job.
" }, - "ModelSettings":{"shape":"ModelSettings"} + "ModelSettings":{"shape":"ModelSettings"}, + "IdentifyLanguage":{ + "shape":"Boolean", + "documentation":"Whether automatic language identification was enabled for a transcription job.
" + }, + "IdentifiedLanguageScore":{ + "shape":"IdentifiedLanguageScore", + "documentation":"A value between zero and one that Amazon Transcribe assigned to the language it identified in the source audio. A higher score indicates that Amazon Transcribe is more confident in the language it identified.
" + } }, "documentation":"Provides a summary of information about a transcription job.
" }, diff --git a/docs/source/conf.py b/docs/source/conf.py index d6bcce822b..16ac3eee90 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -54,7 +54,7 @@ # The short X.Y version. version = '1.17.' # The full version, including alpha/beta/rc tags. -release = '1.17.61' +release = '1.17.62' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.