Update to latest models

aws-sdk-python-automation · aws-sdk-python-automation · commit c441f30e74ce · 2025-01-10T19:04:24.000Z
diff --git a/.changes/next-release/api-change-redshift-73037.json b/.changes/next-release/api-change-redshift-73037.json
@@ -0,0 +1,5 @@
+{
+  "type": "api-change",
+  "category": "``redshift``",
+  "description": "Additions to the PubliclyAccessible and Encrypted parameters clarifying what the defaults are."
+}
diff --git a/.changes/next-release/api-change-securitylake-39404.json b/.changes/next-release/api-change-securitylake-39404.json
@@ -0,0 +1,5 @@
+{
+  "type": "api-change",
+  "category": "``securitylake``",
+  "description": "Doc only update for ServiceName that fixes several customer-reported issues"
+}
diff --git a/.changes/next-release/api-change-sts-81550.json b/.changes/next-release/api-change-sts-81550.json
@@ -0,0 +1,5 @@
+{
+  "type": "api-change",
+  "category": "``sts``",
+  "description": "Fixed typos in the descriptions."
+}
diff --git a/botocore/data/redshift/2012-12-01/service-2.json b/botocore/data/redshift/2012-12-01/service-2.json
@@ -3271,7 +3271,7 @@
         },
         "PubliclyAccessible":{
           "shape":"Boolean",
-          "documentation":"<p>A boolean value that, if <code>true</code>, indicates that the cluster can be accessed from a public network.</p>"
+          "documentation":"<p>A boolean value that, if <code>true</code>, indicates that the cluster can be accessed from a public network.</p> <p>Default: false</p>"
         },
         "Encrypted":{
           "shape":"Boolean",
@@ -4267,11 +4267,11 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. </p>"
+          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. </p> <p>Default: false</p>"
         },
         "Encrypted":{
           "shape":"BooleanOptional",
-          "documentation":"<p>If <code>true</code>, the data in the cluster is encrypted at rest. </p> <p>Default: false</p>"
+          "documentation":"<p>If <code>true</code>, the data in the cluster is encrypted at rest. If you set the value on this parameter to <code>false</code>, the request will fail.</p> <p>Default: true</p>"
         },
         "HsmClientCertificateIdentifier":{
           "shape":"String",
@@ -8622,7 +8622,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. Only clusters in VPCs can be set to be publicly available.</p>"
+          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. Only clusters in VPCs can be set to be publicly available.</p> <p>Default: false</p>"
         },
         "ElasticIp":{
           "shape":"String",
@@ -10385,7 +10385,7 @@
         },
         "PubliclyAccessible":{
           "shape":"BooleanOptional",
-          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. </p>"
+          "documentation":"<p>If <code>true</code>, the cluster can be accessed from a public network. </p> <p>Default: false</p>"
         },
         "OwnerAccount":{
           "shape":"String",
diff --git a/botocore/data/securitylake/2018-05-10/service-2.json b/botocore/data/securitylake/2018-05-10/service-2.json
@@ -108,7 +108,7 @@
         {"shape":"ConflictException"},
         {"shape":"ThrottlingException"}
       ],
-      "documentation":"<p>Automatically enables Amazon Security Lake for new member accounts in your organization. Security Lake is not automatically enabled for any existing member accounts in your organization.</p>"
+      "documentation":"<p>Automatically enables Amazon Security Lake for new member accounts in your organization. Security Lake is not automatically enabled for any existing member accounts in your organization.</p> <p>This operation merges the new data lake organization configuration with the existing configuration for Security Lake in your organization. If you want to create a new data lake organization configuration, you must delete the existing one using <a href=\"https://docs.aws.amazon.com/security-lake/latest/APIReference/API_DeleteDataLakeOrganizationConfiguration.html\">DeleteDataLakeOrganizationConfiguration</a>.</p>"
     },
     "CreateSubscriber":{
       "name":"CreateSubscriber",
@@ -815,7 +815,7 @@
         },
         "eventClasses":{
           "shape":"OcsfEventClassList",
-          "documentation":"<p>The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:</p> <ul> <li> <p> <code>ACCESS_ACTIVITY</code> </p> </li> <li> <p> <code>FILE_ACTIVITY</code> </p> </li> <li> <p> <code>KERNEL_ACTIVITY</code> </p> </li> <li> <p> <code>KERNEL_EXTENSION</code> </p> </li> <li> <p> <code>MEMORY_ACTIVITY</code> </p> </li> <li> <p> <code>MODULE_ACTIVITY</code> </p> </li> <li> <p> <code>PROCESS_ACTIVITY</code> </p> </li> <li> <p> <code>REGISTRY_KEY_ACTIVITY</code> </p> </li> <li> <p> <code>REGISTRY_VALUE_ACTIVITY</code> </p> </li> <li> <p> <code>RESOURCE_ACTIVITY</code> </p> </li> <li> <p> <code>SCHEDULED_JOB_ACTIVITY</code> </p> </li> <li> <p> <code>SECURITY_FINDING</code> </p> </li> <li> <p> <code>ACCOUNT_CHANGE</code> </p> </li> <li> <p> <code>AUTHENTICATION</code> </p> </li> <li> <p> <code>AUTHORIZATION</code> </p> </li> <li> <p> <code>ENTITY_MANAGEMENT_AUDIT</code> </p> </li> <li> <p> <code>DHCP_ACTIVITY</code> </p> </li> <li> <p> <code>NETWORK_ACTIVITY</code> </p> </li> <li> <p> <code>DNS_ACTIVITY</code> </p> </li> <li> <p> <code>FTP_ACTIVITY</code> </p> </li> <li> <p> <code>HTTP_ACTIVITY</code> </p> </li> <li> <p> <code>RDP_ACTIVITY</code> </p> </li> <li> <p> <code>SMB_ACTIVITY</code> </p> </li> <li> <p> <code>SSH_ACTIVITY</code> </p> </li> <li> <p> <code>CONFIG_STATE</code> </p> </li> <li> <p> <code>INVENTORY_INFO</code> </p> </li> <li> <p> <code>EMAIL_ACTIVITY</code> </p> </li> <li> <p> <code>API_ACTIVITY</code> </p> </li> <li> <p> <code>CLOUD_API</code> </p> </li> </ul>"
+          "documentation":"<p>The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see the <a href=\"https://docs.aws.amazon.com/security-lake/latest/userguide/adding-custom-sources.html#ocsf-eventclass\">Amazon Security Lake User Guide</a>.</p>"
         },
         "sourceName":{
           "shape":"CustomLogSourceName",
@@ -1290,7 +1290,7 @@
         },
         "eventClasses":{
           "shape":"OcsfEventClassList",
-          "documentation":"<p>The Open Cybersecurity Schema Framework (OCSF) event classes which describes the type of data that the custom source will send to Security Lake. The supported event classes are:</p> <ul> <li> <p> <code>ACCESS_ACTIVITY</code> </p> </li> <li> <p> <code>FILE_ACTIVITY</code> </p> </li> <li> <p> <code>KERNEL_ACTIVITY</code> </p> </li> <li> <p> <code>KERNEL_EXTENSION</code> </p> </li> <li> <p> <code>MEMORY_ACTIVITY</code> </p> </li> <li> <p> <code>MODULE_ACTIVITY</code> </p> </li> <li> <p> <code>PROCESS_ACTIVITY</code> </p> </li> <li> <p> <code>REGISTRY_KEY_ACTIVITY</code> </p> </li> <li> <p> <code>REGISTRY_VALUE_ACTIVITY</code> </p> </li> <li> <p> <code>RESOURCE_ACTIVITY</code> </p> </li> <li> <p> <code>SCHEDULED_JOB_ACTIVITY</code> </p> </li> <li> <p> <code>SECURITY_FINDING</code> </p> </li> <li> <p> <code>ACCOUNT_CHANGE</code> </p> </li> <li> <p> <code>AUTHENTICATION</code> </p> </li> <li> <p> <code>AUTHORIZATION</code> </p> </li> <li> <p> <code>ENTITY_MANAGEMENT_AUDIT</code> </p> </li> <li> <p> <code>DHCP_ACTIVITY</code> </p> </li> <li> <p> <code>NETWORK_ACTIVITY</code> </p> </li> <li> <p> <code>DNS_ACTIVITY</code> </p> </li> <li> <p> <code>FTP_ACTIVITY</code> </p> </li> <li> <p> <code>HTTP_ACTIVITY</code> </p> </li> <li> <p> <code>RDP_ACTIVITY</code> </p> </li> <li> <p> <code>SMB_ACTIVITY</code> </p> </li> <li> <p> <code>SSH_ACTIVITY</code> </p> </li> <li> <p> <code>CONFIG_STATE</code> </p> </li> <li> <p> <code>INVENTORY_INFO</code> </p> </li> <li> <p> <code>EMAIL_ACTIVITY</code> </p> </li> <li> <p> <code>API_ACTIVITY</code> </p> </li> <li> <p> <code>CLOUD_API</code> </p> </li> </ul>"
+          "documentation":"<p>The Open Cybersecurity Schema Framework (OCSF) event classes describes the type of data that the custom source will send to Security Lake. For the list of supported event classes, see <a href=\"https://docs.aws.amazon.com/security-lake/latest/userguide/adding-custom-sources.html#ocsf-eventclass.html\">Supported OCSF Event classes</a> in the Amazon Security Lake User Guide.</p>"
         },
         "sourceName":{
           "shape":"String",
diff --git a/botocore/data/sts/2011-06-15/service-2.json b/botocore/data/sts/2011-06-15/service-2.json
@@ -92,7 +92,7 @@
         {"shape":"RegionDisabledException"},
         {"shape":"ExpiredTokenException"}
       ],
-      "documentation":"<p>Returns a set of short term credentials you can use to perform privileged tasks in a member account.</p> <p>Before you can launch a privileged session, you must have enabled centralized root access in your organization. For steps to enable this feature, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html\">Centralize root access for member accounts</a> in the <i>IAM User Guide</i>.</p> <note> <p>The global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints\">Endpoints</a>.</p> </note> <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html\">Track privileged tasks in CloudTrail</a> in the <i>IAM User Guide</i>.</p>"
+      "documentation":"<p>Returns a set of short term credentials you can use to perform privileged tasks on a member account in your organization.</p> <p>Before you can launch a privileged session, you must have centralized root access in your organization. For steps to enable this feature, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-enable-root-access.html\">Centralize root access for member accounts</a> in the <i>IAM User Guide</i>.</p> <note> <p>The STS global endpoint is not supported for AssumeRoot. You must send this request to a Regional STS endpoint. For more information, see <a href=\"https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html#sts-endpoints\">Endpoints</a>.</p> </note> <p>You can track AssumeRoot in CloudTrail logs to determine what actions were performed in a session. For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-track-privileged-tasks.html\">Track privileged tasks in CloudTrail</a> in the <i>IAM User Guide</i>.</p>"
     },
     "DecodeAuthorizationMessage":{
       "name":"DecodeAuthorizationMessage",
@@ -221,7 +221,7 @@
         },
         "SourceIdentity":{
           "shape":"sourceIdentityType",
-          "documentation":"<p>The source identity specified by the principal that is calling the <code>AssumeRole</code> operation. The source identity value persists across <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining\">chained role</a> sessions.</p> <p>You can require users to specify a source identity when they assume a role. You do this by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity\"> <code>sts:SourceIdentity</code> </a> condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the <code>aws:SourceIdentity</code> condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html\">Monitor and control actions taken with assumed roles</a> in the <i>IAM User Guide</i>.</p> <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-. You cannot use a value that begins with the text <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>"
+          "documentation":"<p>The source identity specified by the principal that is calling the <code>AssumeRole</code> operation. The source identity value persists across <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-role-chaining\">chained role</a> sessions.</p> <p>You can require users to specify a source identity when they assume a role. You do this by using the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html#condition-keys-sourceidentity\"> <code>sts:SourceIdentity</code> </a> condition key in a role trust policy. You can use source identity information in CloudTrail logs to determine who took actions with a role. You can use the <code>aws:SourceIdentity</code> condition key to further control access to Amazon Web Services resources based on the value of source identity. For more information about using source identity, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html\">Monitor and control actions taken with assumed roles</a> in the <i>IAM User Guide</i>.</p> <p>The regex used to validate this parameter is a string of characters consisting of upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: +=,.@-. You cannot use a value that begins with the text <code>aws:</code>. This prefix is reserved for Amazon Web Services internal use.</p>"
         },
         "ProvidedContexts":{
           "shape":"ProvidedContextsListType",
@@ -345,7 +345,7 @@
         },
         "WebIdentityToken":{
           "shape":"clientTokenType",
-          "documentation":"<p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an <code>AssumeRoleWithWebIdentity</code> call. Timestamps in the token must be formatted as either an integer or a long integer. Only tokens with RSA algorithms (RS256) are supported.</p>"
+          "documentation":"<p>The OAuth 2.0 access token or OpenID Connect ID token that is provided by the identity provider. Your application must get this token by authenticating the user who is using your application with a web identity provider before the application makes an <code>AssumeRoleWithWebIdentity</code> call. Timestamps in the token must be formatted as either an integer or a long integer. Tokens must be signed using either RSA keys (RS256, RS384, or RS512) or ECDSA keys (ES256, ES384, or ES512).</p>"
         },
         "ProviderId":{
           "shape":"urlType",
@@ -412,7 +412,7 @@
         },
         "TaskPolicyArn":{
           "shape":"PolicyDescriptorType",
-          "documentation":"<p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions. You can add additional customer managed policies to further limit the permissions for the root session.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials\">IAMAuditRootUserCredentials</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword\">IAMCreateRootUserPassword</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials\">IAMDeleteRootUserCredentials</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy\">S3UnlockBucketPolicy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy\">SQSUnlockQueuePolicy</a> </p> </li> </ul>"
+          "documentation":"<p>The identity based policy that scopes the session to the privileged tasks that can be performed. You can use one of following Amazon Web Services managed policies to scope root session actions.</p> <ul> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMAuditRootUserCredentials\">IAMAuditRootUserCredentials</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMCreateRootUserPassword\">IAMCreateRootUserPassword</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-IAMDeleteRootUserCredentials\">IAMDeleteRootUserCredentials</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-S3UnlockBucketPolicy\">S3UnlockBucketPolicy</a> </p> </li> <li> <p> <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/security-iam-awsmanpol.html#security-iam-awsmanpol-SQSUnlockQueuePolicy\">SQSUnlockQueuePolicy</a> </p> </li> </ul>"
         },
         "DurationSeconds":{
           "shape":"RootDurationSecondsType",
