From 2a35303eb92794ac2bccc5ff2ef381c085c196a9 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 18 Sep 2024 01:56:27 +0000 Subject: [PATCH] Update services based on release-2024-09-17 of AWS Go SDK Reference: https://github.com/aws/aws-sdk-go-v2/releases/tag/release-2024-09-17 --- .latest-tag-aws-sdk-go | 2 +- src/aws_ecr.erl | 3 + src/aws_lambda.erl | 334 +++++++++++++++++++++++++++++++++++++++++ src/aws_ssm.erl | 28 ++-- 4 files changed, 355 insertions(+), 12 deletions(-) diff --git a/.latest-tag-aws-sdk-go b/.latest-tag-aws-sdk-go index 394f373b..7d0a264e 100644 --- a/.latest-tag-aws-sdk-go +++ b/.latest-tag-aws-sdk-go @@ -1 +1 @@ -release-2024-09-16 +release-2024-09-17 diff --git a/src/aws_ecr.erl b/src/aws_ecr.erl index 1b671348..03009421 100644 --- a/src/aws_ecr.erl +++ b/src/aws_ecr.erl @@ -582,8 +582,10 @@ %% enhanced_image_scan_finding() :: #{ %% <<"awsAccountId">> => string(), %% <<"description">> => string(), +%% <<"exploitAvailable">> => string(), %% <<"findingArn">> => string(), %% <<"firstObservedAt">> => non_neg_integer(), +%% <<"fixAvailable">> => string(), %% <<"lastObservedAt">> => non_neg_integer(), %% <<"packageVulnerabilityDetails">> => package_vulnerability_details(), %% <<"remediation">> => remediation(), @@ -842,6 +844,7 @@ %% <<"arch">> => string(), %% <<"epoch">> => integer(), %% <<"filePath">> => string(), +%% <<"fixedInVersion">> => string(), %% <<"name">> => string(), %% <<"packageManager">> => string(), %% <<"release">> => string(), diff --git a/src/aws_lambda.erl b/src/aws_lambda.erl index a22cf616..45692c8e 100644 --- a/src/aws_lambda.erl +++ b/src/aws_lambda.erl @@ -127,6 +127,8 @@ delete_layer_version/5, delete_provisioned_concurrency_config/3, delete_provisioned_concurrency_config/4, + delete_resource_policy/3, + delete_resource_policy/4, get_account_settings/1, get_account_settings/3, get_account_settings/4, @@ -175,6 +177,12 @@ get_provisioned_concurrency_config/3, get_provisioned_concurrency_config/5, get_provisioned_concurrency_config/6, + get_public_access_block_config/2, + get_public_access_block_config/4, + get_public_access_block_config/5, + get_resource_policy/2, + get_resource_policy/4, + get_resource_policy/5, get_runtime_management_config/2, get_runtime_management_config/4, get_runtime_management_config/5, @@ -234,6 +242,10 @@ put_function_recursion_config/4, put_provisioned_concurrency_config/3, put_provisioned_concurrency_config/4, + put_public_access_block_config/3, + put_public_access_block_config/4, + put_resource_policy/3, + put_resource_policy/4, put_runtime_management_config/3, put_runtime_management_config/4, remove_layer_version_permission/5, @@ -396,6 +408,13 @@ %% } -type remove_layer_version_permission_request() :: #{binary() => any()}. + +%% Example: +%% get_public_access_block_config_response() :: #{ +%% <<"PublicAccessBlockConfig">> => public_access_block_config() +%% } +-type get_public_access_block_config_response() :: #{binary() => any()}. + %% Example: %% delete_function_code_signing_config_request() :: #{} -type delete_function_code_signing_config_request() :: #{}. @@ -454,6 +473,10 @@ %% } -type policy_length_exceeded_exception() :: #{binary() => any()}. +%% Example: +%% get_public_access_block_config_request() :: #{} +-type get_public_access_block_config_request() :: #{}. + %% Example: %% list_provisioned_concurrency_configs_response() :: #{ @@ -519,6 +542,13 @@ -type create_alias_request() :: #{binary() => any()}. +%% Example: +%% put_public_access_block_config_request() :: #{ +%% <<"PublicAccessBlockConfig">> := public_access_block_config() +%% } +-type put_public_access_block_config_request() :: #{binary() => any()}. + + %% Example: %% resource_in_use_exception() :: #{ %% <<"Message">> => string(), @@ -652,6 +682,14 @@ %% } -type delete_function_url_config_request() :: #{binary() => any()}. + +%% Example: +%% get_resource_policy_response() :: #{ +%% <<"Policy">> => string(), +%% <<"RevisionId">> => string() +%% } +-type get_resource_policy_response() :: #{binary() => any()}. + %% Example: %% get_function_recursion_config_request() :: #{} -type get_function_recursion_config_request() :: #{}. @@ -938,6 +976,13 @@ -type delete_code_signing_config_request() :: #{}. +%% Example: +%% put_public_access_block_config_response() :: #{ +%% <<"PublicAccessBlockConfig">> => public_access_block_config() +%% } +-type put_public_access_block_config_response() :: #{binary() => any()}. + + %% Example: %% create_function_url_config_response() :: #{ %% <<"AuthType">> => list(any()), @@ -1185,6 +1230,14 @@ -type account_limit() :: #{binary() => any()}. +%% Example: +%% public_access_block_config() :: #{ +%% <<"BlockPublicPolicy">> => boolean(), +%% <<"RestrictPublicResource">> => boolean() +%% } +-type public_access_block_config() :: #{binary() => any()}. + + %% Example: %% update_function_event_invoke_config_request() :: #{ %% <<"DestinationConfig">> => destination_config(), @@ -1247,6 +1300,10 @@ %% } -type put_provisioned_concurrency_config_response() :: #{binary() => any()}. +%% Example: +%% get_resource_policy_request() :: #{} +-type get_resource_policy_request() :: #{}. + %% Example: %% filter() :: #{ @@ -1424,6 +1481,14 @@ -type invoke_with_response_stream_complete_event() :: #{binary() => any()}. +%% Example: +%% put_resource_policy_request() :: #{ +%% <<"Policy">> := string(), +%% <<"RevisionId">> => string() +%% } +-type put_resource_policy_request() :: #{binary() => any()}. + + %% Example: %% kms_not_found_exception() :: #{ %% <<"Message">> => string(), @@ -1696,6 +1761,14 @@ -type update_function_configuration_request() :: #{binary() => any()}. +%% Example: +%% put_resource_policy_response() :: #{ +%% <<"Policy">> => string(), +%% <<"RevisionId">> => string() +%% } +-type put_resource_policy_response() :: #{binary() => any()}. + + %% Example: %% get_function_code_signing_config_response() :: #{ %% <<"CodeSigningConfigArn">> => string(), @@ -1745,6 +1818,21 @@ -type vpc_config_response() :: #{binary() => any()}. +%% Example: +%% public_policy_exception() :: #{ +%% <<"Message">> => string(), +%% <<"Type">> => string() +%% } +-type public_policy_exception() :: #{binary() => any()}. + + +%% Example: +%% delete_resource_policy_request() :: #{ +%% <<"RevisionId">> => string() +%% } +-type delete_resource_policy_request() :: #{binary() => any()}. + + %% Example: %% ec2_unexpected_exception() :: #{ %% <<"EC2ErrorCode">> => string(), @@ -2140,6 +2228,14 @@ resource_not_found_exception() | too_many_requests_exception(). +-type delete_resource_policy_errors() :: + resource_conflict_exception() | + precondition_failed_exception() | + service_exception() | + invalid_parameter_value_exception() | + resource_not_found_exception() | + too_many_requests_exception(). + -type get_account_settings_errors() :: service_exception() | too_many_requests_exception(). @@ -2234,6 +2330,18 @@ resource_not_found_exception() | too_many_requests_exception(). +-type get_public_access_block_config_errors() :: + service_exception() | + invalid_parameter_value_exception() | + resource_not_found_exception() | + too_many_requests_exception(). + +-type get_resource_policy_errors() :: + service_exception() | + invalid_parameter_value_exception() | + resource_not_found_exception() | + too_many_requests_exception(). + -type get_runtime_management_config_errors() :: service_exception() | invalid_parameter_value_exception() | @@ -2430,6 +2538,23 @@ resource_not_found_exception() | too_many_requests_exception(). +-type put_public_access_block_config_errors() :: + resource_conflict_exception() | + service_exception() | + invalid_parameter_value_exception() | + resource_not_found_exception() | + too_many_requests_exception(). + +-type put_resource_policy_errors() :: + resource_conflict_exception() | + precondition_failed_exception() | + public_policy_exception() | + service_exception() | + invalid_parameter_value_exception() | + resource_not_found_exception() | + too_many_requests_exception() | + policy_length_exceeded_exception(). + -type put_runtime_management_config_errors() :: resource_conflict_exception() | service_exception() | @@ -3367,6 +3492,43 @@ delete_provisioned_concurrency_config(Client, FunctionName, Input0, Options0) -> {Query_, Input} = aws_request:build_headers(QueryMapping, Input2), request(Client, Method, Path, Query_, CustomHeaders ++ Headers, Input, Options, SuccessStatusCode). +%% @doc Deletes a resource-based policy: +%% https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html +%% from a function. +-spec delete_resource_policy(aws_client:aws_client(), binary() | list(), delete_resource_policy_request()) -> + {ok, undefined, tuple()} | + {error, any()} | + {error, delete_resource_policy_errors(), tuple()}. +delete_resource_policy(Client, ResourceArn, Input) -> + delete_resource_policy(Client, ResourceArn, Input, []). + +-spec delete_resource_policy(aws_client:aws_client(), binary() | list(), delete_resource_policy_request(), proplists:proplist()) -> + {ok, undefined, tuple()} | + {error, any()} | + {error, delete_resource_policy_errors(), tuple()}. +delete_resource_policy(Client, ResourceArn, Input0, Options0) -> + Method = delete, + Path = ["/2024-09-16/resource-policy/", aws_util:encode_uri(ResourceArn), ""], + SuccessStatusCode = 204, + {SendBodyAsBinary, Options1} = proplists_take(send_body_as_binary, Options0, false), + {ReceiveBodyAsBinary, Options2} = proplists_take(receive_body_as_binary, Options1, false), + Options = [{send_body_as_binary, SendBodyAsBinary}, + {receive_body_as_binary, ReceiveBodyAsBinary}, + {append_sha256_content_hash, false} + | Options2], + + Headers = [], + Input1 = Input0, + + CustomHeaders = [], + Input2 = Input1, + + QueryMapping = [ + {<<"RevisionId">>, <<"RevisionId">>} + ], + {Query_, Input} = aws_request:build_headers(QueryMapping, Input2), + request(Client, Method, Path, Query_, CustomHeaders ++ Headers, Input, Options, SuccessStatusCode). + %% @doc Retrieves details about your account's limits: %% https://docs.aws.amazon.com/lambda/latest/dg/limits.html and usage in an %% Amazon Web Services Region. @@ -4032,6 +4194,82 @@ get_provisioned_concurrency_config(Client, FunctionName, Qualifier, QueryMap, He request(Client, get, Path, Query_, Headers, undefined, Options, SuccessStatusCode). +%% @doc Retrieve the public-access settings for a function. +-spec get_public_access_block_config(aws_client:aws_client(), binary() | list()) -> + {ok, get_public_access_block_config_response(), tuple()} | + {error, any()} | + {error, get_public_access_block_config_errors(), tuple()}. +get_public_access_block_config(Client, ResourceArn) + when is_map(Client) -> + get_public_access_block_config(Client, ResourceArn, #{}, #{}). + +-spec get_public_access_block_config(aws_client:aws_client(), binary() | list(), map(), map()) -> + {ok, get_public_access_block_config_response(), tuple()} | + {error, any()} | + {error, get_public_access_block_config_errors(), tuple()}. +get_public_access_block_config(Client, ResourceArn, QueryMap, HeadersMap) + when is_map(Client), is_map(QueryMap), is_map(HeadersMap) -> + get_public_access_block_config(Client, ResourceArn, QueryMap, HeadersMap, []). + +-spec get_public_access_block_config(aws_client:aws_client(), binary() | list(), map(), map(), proplists:proplist()) -> + {ok, get_public_access_block_config_response(), tuple()} | + {error, any()} | + {error, get_public_access_block_config_errors(), tuple()}. +get_public_access_block_config(Client, ResourceArn, QueryMap, HeadersMap, Options0) + when is_map(Client), is_map(QueryMap), is_map(HeadersMap), is_list(Options0) -> + Path = ["/2024-09-16/public-access-block/", aws_util:encode_uri(ResourceArn), ""], + SuccessStatusCode = 200, + {SendBodyAsBinary, Options1} = proplists_take(send_body_as_binary, Options0, false), + {ReceiveBodyAsBinary, Options2} = proplists_take(receive_body_as_binary, Options1, false), + Options = [{send_body_as_binary, SendBodyAsBinary}, + {receive_body_as_binary, ReceiveBodyAsBinary} + | Options2], + + Headers = [], + + Query_ = [], + + request(Client, get, Path, Query_, Headers, undefined, Options, SuccessStatusCode). + +%% @doc Retrieves the resource-based policy: +%% https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html +%% attached to a function. +-spec get_resource_policy(aws_client:aws_client(), binary() | list()) -> + {ok, get_resource_policy_response(), tuple()} | + {error, any()} | + {error, get_resource_policy_errors(), tuple()}. +get_resource_policy(Client, ResourceArn) + when is_map(Client) -> + get_resource_policy(Client, ResourceArn, #{}, #{}). + +-spec get_resource_policy(aws_client:aws_client(), binary() | list(), map(), map()) -> + {ok, get_resource_policy_response(), tuple()} | + {error, any()} | + {error, get_resource_policy_errors(), tuple()}. +get_resource_policy(Client, ResourceArn, QueryMap, HeadersMap) + when is_map(Client), is_map(QueryMap), is_map(HeadersMap) -> + get_resource_policy(Client, ResourceArn, QueryMap, HeadersMap, []). + +-spec get_resource_policy(aws_client:aws_client(), binary() | list(), map(), map(), proplists:proplist()) -> + {ok, get_resource_policy_response(), tuple()} | + {error, any()} | + {error, get_resource_policy_errors(), tuple()}. +get_resource_policy(Client, ResourceArn, QueryMap, HeadersMap, Options0) + when is_map(Client), is_map(QueryMap), is_map(HeadersMap), is_list(Options0) -> + Path = ["/2024-09-16/resource-policy/", aws_util:encode_uri(ResourceArn), ""], + SuccessStatusCode = 200, + {SendBodyAsBinary, Options1} = proplists_take(send_body_as_binary, Options0, false), + {ReceiveBodyAsBinary, Options2} = proplists_take(receive_body_as_binary, Options1, false), + Options = [{send_body_as_binary, SendBodyAsBinary}, + {receive_body_as_binary, ReceiveBodyAsBinary} + | Options2], + + Headers = [], + + Query_ = [], + + request(Client, get, Path, Query_, Headers, undefined, Options, SuccessStatusCode). + %% @doc Retrieves the runtime management configuration for a function's %% version. %% @@ -5209,6 +5447,102 @@ put_provisioned_concurrency_config(Client, FunctionName, Input0, Options0) -> {Query_, Input} = aws_request:build_headers(QueryMapping, Input2), request(Client, Method, Path, Query_, CustomHeaders ++ Headers, Input, Options, SuccessStatusCode). +%% @doc Configure your function's public-access settings. +%% +%% To control public access to a Lambda function, you can choose whether to +%% allow the creation of +%% resource-based policies: +%% https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html +%% that +%% allow public access to that function. You can also block public access to +%% a function, even if it has an existing resource-based +%% policy that allows it. +-spec put_public_access_block_config(aws_client:aws_client(), binary() | list(), put_public_access_block_config_request()) -> + {ok, put_public_access_block_config_response(), tuple()} | + {error, any()} | + {error, put_public_access_block_config_errors(), tuple()}. +put_public_access_block_config(Client, ResourceArn, Input) -> + put_public_access_block_config(Client, ResourceArn, Input, []). + +-spec put_public_access_block_config(aws_client:aws_client(), binary() | list(), put_public_access_block_config_request(), proplists:proplist()) -> + {ok, put_public_access_block_config_response(), tuple()} | + {error, any()} | + {error, put_public_access_block_config_errors(), tuple()}. +put_public_access_block_config(Client, ResourceArn, Input0, Options0) -> + Method = put, + Path = ["/2024-09-16/public-access-block/", aws_util:encode_uri(ResourceArn), ""], + SuccessStatusCode = 200, + {SendBodyAsBinary, Options1} = proplists_take(send_body_as_binary, Options0, false), + {ReceiveBodyAsBinary, Options2} = proplists_take(receive_body_as_binary, Options1, false), + Options = [{send_body_as_binary, SendBodyAsBinary}, + {receive_body_as_binary, ReceiveBodyAsBinary}, + {append_sha256_content_hash, false} + | Options2], + + Headers = [], + Input1 = Input0, + + CustomHeaders = [], + Input2 = Input1, + + Query_ = [], + Input = Input2, + + request(Client, Method, Path, Query_, CustomHeaders ++ Headers, Input, Options, SuccessStatusCode). + +%% @doc Adds a resource-based policy: +%% https://docs.aws.amazon.com/lambda/latest/dg/access-control-resource-based.html +%% to a function. +%% +%% You can use resource-based policies to grant access to other +%% Amazon Web Services accounts: +%% https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-cross-account.html, +%% organizations: +%% https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-organization.html, +%% or +%% services: +%% https://docs.aws.amazon.com/lambda/latest/dg/permissions-function-services.html. +%% Resource-based policies +%% apply to a single function, version, or alias. +%% +%% Adding a resource-based policy using this API action replaces any existing +%% policy you've previously created. This means that if +%% you've previously added resource-based permissions to a function using +%% the `AddPermission' action, those +%% permissions will be overwritten by your new policy. +-spec put_resource_policy(aws_client:aws_client(), binary() | list(), put_resource_policy_request()) -> + {ok, put_resource_policy_response(), tuple()} | + {error, any()} | + {error, put_resource_policy_errors(), tuple()}. +put_resource_policy(Client, ResourceArn, Input) -> + put_resource_policy(Client, ResourceArn, Input, []). + +-spec put_resource_policy(aws_client:aws_client(), binary() | list(), put_resource_policy_request(), proplists:proplist()) -> + {ok, put_resource_policy_response(), tuple()} | + {error, any()} | + {error, put_resource_policy_errors(), tuple()}. +put_resource_policy(Client, ResourceArn, Input0, Options0) -> + Method = put, + Path = ["/2024-09-16/resource-policy/", aws_util:encode_uri(ResourceArn), ""], + SuccessStatusCode = 200, + {SendBodyAsBinary, Options1} = proplists_take(send_body_as_binary, Options0, false), + {ReceiveBodyAsBinary, Options2} = proplists_take(receive_body_as_binary, Options1, false), + Options = [{send_body_as_binary, SendBodyAsBinary}, + {receive_body_as_binary, ReceiveBodyAsBinary}, + {append_sha256_content_hash, false} + | Options2], + + Headers = [], + Input1 = Input0, + + CustomHeaders = [], + Input2 = Input1, + + Query_ = [], + Input = Input2, + + request(Client, Method, Path, Query_, CustomHeaders ++ Headers, Input, Options, SuccessStatusCode). + %% @doc Sets the runtime management configuration for a function's %% version. %% diff --git a/src/aws_ssm.erl b/src/aws_ssm.erl index 678676d5..60056d97 100644 --- a/src/aws_ssm.erl +++ b/src/aws_ssm.erl @@ -1864,6 +1864,7 @@ %% <<"Parameters">> => map(), %% <<"Tags">> => list(tag()()), %% <<"TargetLocations">> => list(target_location()()), +%% <<"TargetLocationsURL">> => string(), %% <<"TargetMaps">> => list(map()()), %% <<"TargetParameterName">> => string(), %% <<"Targets">> => list(target()()) @@ -2000,6 +2001,7 @@ %% <<"ExecutedBy">> => string(), %% <<"MaxConcurrency">> => string(), %% <<"CurrentAction">> => string(), +%% <<"TargetLocationsURL">> => string(), %% <<"CurrentStepName">> => string(), %% <<"Outputs">> => map(), %% <<"ResolvedTargets">> => resolved_targets(), @@ -3731,11 +3733,16 @@ %% Example: %% target_location() :: #{ %% <<"Accounts">> => list(string()()), +%% <<"ExcludeAccounts">> => list(string()()), %% <<"ExecutionRoleName">> => string(), +%% <<"IncludeChildOrganizationUnits">> => boolean(), %% <<"Regions">> => list(string()()), %% <<"TargetLocationAlarmConfiguration">> => alarm_configuration(), %% <<"TargetLocationMaxConcurrency">> => string(), -%% <<"TargetLocationMaxErrors">> => string() +%% <<"TargetLocationMaxErrors">> => string(), +%% <<"Targets">> => list(target()()), +%% <<"TargetsMaxConcurrency">> => string(), +%% <<"TargetsMaxErrors">> => string() %% } -type target_location() :: #{binary() => any()}. @@ -4055,6 +4062,7 @@ %% <<"Runbooks">> => list(runbook()()), %% <<"ScheduledTime">> => non_neg_integer(), %% <<"Target">> => string(), +%% <<"TargetLocationsURL">> => string(), %% <<"TargetMaps">> => list(map()()), %% <<"TargetParameterName">> => string(), %% <<"Targets">> => list(target()()), @@ -6230,12 +6238,10 @@ cancel_maintenance_window_execution(Client, Input, Options) %% ID when installing SSM Agent on machines in your hybrid environment. For %% more information about %% requirements for managing on-premises machines using Systems Manager, see -%% Setting up -%% Amazon Web Services Systems Manager for hybrid and multicloud -%% environments: -%% https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managedinstances.html -%% in the -%% Amazon Web Services Systems Manager User Guide. +%% Using Amazon Web Services Systems Manager in +%% hybrid and multicloud environments: +%% https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-hybrid-multicloud.html +%% in the Amazon Web Services Systems Manager User Guide. %% %% Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and %% on-premises servers and VMs that are @@ -6329,7 +6335,7 @@ create_association_batch(Client, Input, Options) %% information about %% supported schemas, features, and syntax, see Amazon Web Services Systems %% Manager Documents: -%% https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-ssm-docs.html +%% https://docs.aws.amazon.com/systems-manager/latest/userguide/documents.html %% in the %% Amazon Web Services Systems Manager User Guide. -spec create_document(aws_client:aws_client(), create_document_request()) -> @@ -6460,9 +6466,9 @@ create_patch_baseline(Client, Input, Options) %% `SyncToDestination' type to %% synchronize Inventory data from multiple Amazon Web Services Regions to a %% single Amazon Simple Storage Service (Amazon S3) bucket. For more -%% information, see Configuring resource data -%% sync for Inventory: -%% https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-datasync.html +%% information, see Creatinga a +%% resource data sync for Inventory: +%% https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html %% in the Amazon Web Services Systems Manager User Guide. %% %% You can configure Systems Manager Explorer to use the `SyncFromSource'