+ * If the service, or any of its operations require Bearer Token Authorization, then the SDK will default to this + * token provider to retrieve the token to use for authorization. + *
+ * This provider works in conjunction with the + * {@code software.amazon.awssdk.core.client.config.SdkAdvancedClientOption.TOKEN_SIGNER} set on the client. By + * default it is {@link software.amazon.awssdk.auth.token.signer.aws.BearerTokenSigner}. + */ + default B tokenProvider(SdkTokenProvider tokenProvider) { + return tokenProvider((IdentityProvider) tokenProvider); + } + + /** + * Set the token provider to use for bearer token authorization. This is optional, if none is provided, the SDK will + * use {@link software.amazon.awssdk.auth.token.credentials.aws.DefaultAwsTokenProvider}. + *
+ * If the service, or any of its operations require Bearer Token Authorization, then the SDK will default to this + * token provider to retrieve the token to use for authorization. + *
+ * This provider works in conjunction with the
+ * {@code software.amazon.awssdk.core.client.config.SdkAdvancedClientOption.TOKEN_SIGNER} set on the client. By
+ * default it is {@link software.amazon.awssdk.auth.token.signer.aws.BearerTokenSigner}.
+ */
+ default B tokenProvider(IdentityProvider tokenProvider) {
+ throw new UnsupportedOperationException();
+ }
+}
diff --git a/codegen/src/test/resources/software/amazon/awssdk/codegen/poet/builder/test-query-client-builder-class.java b/codegen/src/test/resources/software/amazon/awssdk/codegen/poet/builder/test-query-client-builder-class.java
index 5e7c97377b7..7b477cc3df0 100644
--- a/codegen/src/test/resources/software/amazon/awssdk/codegen/poet/builder/test-query-client-builder-class.java
+++ b/codegen/src/test/resources/software/amazon/awssdk/codegen/poet/builder/test-query-client-builder-class.java
@@ -11,6 +11,8 @@
import software.amazon.awssdk.auth.token.signer.aws.BearerTokenSigner;
import software.amazon.awssdk.awscore.client.builder.AwsDefaultClientBuilder;
import software.amazon.awssdk.awscore.client.config.AwsClientOption;
+import software.amazon.awssdk.awscore.endpoints.AccountIdEndpointMode;
+import software.amazon.awssdk.awscore.endpoints.AccountIdEndpointModeResolver;
import software.amazon.awssdk.core.SdkPlugin;
import software.amazon.awssdk.core.client.config.SdkAdvancedClientOption;
import software.amazon.awssdk.core.client.config.SdkClientConfiguration;
@@ -82,8 +84,9 @@ protected final SdkClientConfiguration finalizeServiceConfiguration(SdkClientCon
}
return result.build();
});
- builder.option(SdkClientOption.EXECUTION_INTERCEPTORS, interceptors).option(SdkClientOption.CLIENT_CONTEXT_PARAMS,
- clientContextParams.build());
+ builder.option(SdkClientOption.EXECUTION_INTERCEPTORS, interceptors)
+ .option(SdkClientOption.CLIENT_CONTEXT_PARAMS, clientContextParams.build())
+ .option(AwsClientOption.ACCOUNT_ID_ENDPOINT_MODE, resolveAccountIdEndpointMode(config));
return builder.build();
}
@@ -110,6 +113,11 @@ public B stringContextParam(String stringContextParam) {
return thisBuilder();
}
+ public B accountIdEndpointMode(AccountIdEndpointMode accountIdEndpointMode) {
+ clientConfiguration.option(AwsClientOption.ACCOUNT_ID_ENDPOINT_MODE, accountIdEndpointMode);
+ return thisBuilder();
+ }
+
private IdentityProvider defaultTokenProvider() {
return DefaultAwsTokenProvider.create();
}
@@ -138,6 +146,17 @@ private List
+ * This should be accessed via {@link AnonymousCredentialsProvider#resolveCredentials()}.
*/
// TODO(sra-identity-and-auth): Check if this static member can be removed after cleanup
@SdkInternalApi
@@ -53,12 +55,14 @@ public final class AwsBasicCredentials implements AwsCredentials,
private final String secretAccessKey;
private final boolean validateCredentials;
private final String providerName;
+ private final String accountId;
private AwsBasicCredentials(Builder builder) {
this.accessKeyId = trimToNull(builder.accessKeyId);
this.secretAccessKey = trimToNull(builder.secretAccessKey);
this.validateCredentials = builder.validateCredentials;
this.providerName = builder.providerName;
+ this.accountId = builder.accountId;
if (builder.validateCredentials) {
Validate.notNull(this.accessKeyId, "Access key ID cannot be blank.");
@@ -77,6 +81,7 @@ protected AwsBasicCredentials(String accessKeyId, String secretAccessKey) {
this.secretAccessKey = trimToNull(secretAccessKey);
this.validateCredentials = false;
this.providerName = null;
+ this.accountId = null;
}
public static Builder builder() {
@@ -88,7 +93,7 @@ public static Builder builder() {
*
* @param accessKeyId The AWS access key, used to identify the user interacting with AWS.
* @param secretAccessKey The AWS secret access key, used to authenticate the user interacting with AWS.
- * */
+ */
public static AwsBasicCredentials create(String accessKeyId, String secretAccessKey) {
return builder().accessKeyId(accessKeyId)
.secretAccessKey(secretAccessKey)
@@ -119,11 +124,20 @@ public Optional The MIME type of the document contained in the wrapper object. The byte value of the file to upload, encoded as a Base-64 string. The file name of the document contained in the wrapper object. This property contains the document to chat with, along with its attributes. The identifier, contentType, and data of the external source wrapper object. The S3 location of the external source wrapper object. The source type of the external source wrapper object. The unique external source of the content contained in the wrapper object. Contain the textPromptTemplate string for the external source wrapper object. Contains the generation configuration of the external source wrapper object. The prompt used with the external source wrapper object with the retrieveAndGenerate function. The modelArn used with the external source wrapper object in the retrieveAndGenerate function. The document used with the external source wrapper object in the retrieveAndGenerate function. The configurations of the external source wrapper object in the retrieveAndGenerate function. Contains configurations for response generation based on the knowledge base query results. This data type is used in the following API operations: The configuration used with the external source wrapper object in the retrieveAndGenerate function. Contains details about the resource being queried. The file location of the S3 wrapper object. The unique wrapper object of the document from the S3 location. Retrieves cost and usage metrics with resources for your account. You can specify which cost and usage-related metric, such as This is an opt-in only feature. You can enable this feature from the Cost Explorer Settings page. For information about how to access the Settings page, see Controlling Access for Cost Explorer in the Billing and Cost Management User Guide. Retrieves cost and usage metrics with resources for your account. You can specify which cost and usage-related metric, such as Hourly granularity is only available for EC2-Instances (Elastic Compute Cloud) resource-level data. All other resource-level data is available at daily granularity. This is an opt-in only feature. You can enable this feature from the Cost Explorer Settings page. For information about how to access the Settings page, see Controlling Access for Cost Explorer in the Billing and Cost Management User Guide. The ID for this specific recommendation. The ID for the recommendation. The timestamp for when Amazon Web Services made this recommendation. The timestamp for when Amazon Web Services made the recommendation. Additional metadata that might be applicable to the recommendation. Information about this specific recommendation, such as the timestamp for when Amazon Web Services made a specific recommendation. Information about a recommendation, such as the timestamp for when Amazon Web Services made a specific recommendation. The ID for this specific recommendation. The ID for the recommendation. The timestamp for when Amazon Web Services made this recommendation. The timestamp for when Amazon Web Services made the recommendation. The number of days of previous usage that Amazon Web Services considers when making this recommendation. The number of days of previous usage that Amazon Web Services considers when making the recommendation. Additional metadata that might be applicable to the recommendation. Metadata for this recommendation set. Metadata for a recommendation set. The additional encryption context of the browser settings. A list of web portal ARNs that this browser settings is associated with. The ARN of the browser settings. The customer managed key used to encrypt sensitive information in the browser settings. The browser settings resource that can be associated with a web portal. Once associated with a web portal, browser settings control how the browser will behave once a user starts a streaming session for the web portal. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The identity provider details. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: The identity provider details. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The type of authentication integration points used when signing into the web portal. Defaults to The type of authentication integration points used when signing into the web portal. Defaults to A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The name of the web portal. This is not visible to users who log into the web portal. The type and resources of the underlying instance. The maximum number of concurrent sessions for the portal. The tags to add to the web portal. A tag is a key-value pair. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The identity provider details. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: The identity provider details. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: The additional encryption context of the IP access settings. A list of web portal ARNs that this IP access settings resource is associated with. The creation date timestamp of the IP access settings. The customer managed key used to encrypt sensitive information in the IP access settings. The description of the IP access settings. The additional encryption context of the portal. The type of authentication integration points used when signing into the web portal. Defaults to The type of authentication integration points used when signing into the web portal. Defaults to The creation date of the web portal. The customer managed key used to encrypt sensitive information in the portal. The name of the web portal. The type and resources of the underlying instance. The ARN of the IP access settings. The maximum number of concurrent sessions for the portal. The ARN of the network settings that is associated with the web portal. The type of authentication integration points used when signing into the web portal. Defaults to The type of authentication integration points used when signing into the web portal. Defaults to The name of the web portal. The type and resources of the underlying instance. The ARN of the IP access settings. The maximum number of concurrent sessions for the portal. The ARN of the network settings that is associated with the web portal. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token returns the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The details of the identity provider. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: The details of the identity provider. The following list describes the provider detail keys for each identity provider type. For Google and Login with Amazon: For Facebook: For Sign in with Apple: For OIDC providers: For SAML providers: A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The type of authentication integration points used when signing into the web portal. Defaults to The type of authentication integration points used when signing into the web portal. Defaults to The name of the web portal. This is not visible to users who log into the web portal. The type and resources of the underlying instance. The maximum number of concurrent sessions for the portal. The ARN of the web portal. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the AWS SDK. A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, subsequent retries with the same client token return the result from the original successful request. If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK. The additional encryption context of the user settings. A list of web portal ARNs that this user settings is associated with. Specifies whether the user can copy text from the streaming session to the local device. The customer managed key used to encrypt sensitive information in the user settings. The amount of time that a streaming session remains active after users disconnect. The Amazon Resource Name (ARN) of the RDS for Oracle or Microsoft SQL Server DB instance. For example, The Amazon Resource Name (ARN) of the RDS for Oracle or Microsoft SQL Server DB instance. For example, A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency. The deletion policy for the requested data source Contains metadata about where the data source is stored. The time at which the data source was created. The deletion policy for the data source. Contains details about how the data source is stored. The description of the data source. The details of the failure reasons related to the data source. The unique identifier of the knowledge base to which the data source belongs. The Amazon Resource Name (ARN) of the bucket that contains the data source. The account ID for the owner of the S3 bucket. A list of S3 prefixes that define the object containing the data sources. For more information, see Organizing objects using prefixes. The data deletion policy of the updated data source. Contains details about the storage configuration of the data source. Retrieve Performance Insights metrics for a set of data sources over a time period. You can provide specific dimension groups and dimensions, and provide aggregation and filtering criteria for each group. Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned. Retrieve Performance Insights metrics for a set of data sources over a time period. You can provide specific dimension groups and dimensions, and provide filtering criteria for each group. You must specify an aggregate function for each metric. Each response element returns a maximum of 500 bytes. For larger elements, such as SQL statements, only the first 500 bytes are returned. An array of one or more queries to perform. Each query must specify a Performance Insights metric, and can optionally specify aggregation and filtering criteria. An array of one or more queries to perform. Each query must specify a Performance Insights metric and specify an aggregate function, and you can provide filtering criteria. You must append the aggregate function to the metric. For example, to find the average for the metric The name of a Performance Insights metric to be measured. Valid values for The counter metrics listed in Performance Insights operating system counters in the Amazon Aurora User Guide. If the number of active sessions is less than an internal Performance Insights threshold, The name of a Performance Insights metric to be measured. Valid values for The counter metrics listed in Performance Insights operating system counters in the Amazon Aurora User Guide. The counter metrics listed in Performance Insights operating system counters in the Amazon RDS User Guide. If the number of active sessions is less than an internal Performance Insights threshold, One or more filters to apply in the request. Restrictions: Any number of filters by the same dimension, as specified in the A single filter for any other dimension in this dimension group. A single query to be processed. You must provide the metric to query. If no other parameters are specified, Performance Insights returns all data points for the specified metric. Optionally, you can request that the data points be aggregated by dimension group ( A single query to be processed. You must provide the metric to query and append an aggregate function to the metric. For example, to find the average for the metric The name of a Performance Insights metric to be measured. Valid values for The counter metrics listed in Performance Insights operating system counters in the Amazon Aurora User Guide. If the number of active sessions is less than an internal Performance Insights threshold, The name of a Performance Insights metric to be measured. Valid values for The counter metrics listed in Performance Insights operating system counters in the Amazon Aurora User Guide. The counter metrics listed in Performance Insights operating system counters in the Amazon RDS User Guide. If the number of active sessions is less than an internal Performance Insights threshold, Creates a custom set of DHCP options. After you create a DHCP option set, you associate it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly launched instances in the VPC use this set of DHCP options. The following are the individual DHCP options you can specify. For more information, see DHCP options sets in the Amazon VPC User Guide. Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP option set is associated with a VPC that has instances running operating systems that treat the value as a single domain, specify only one domain name. Creates a custom set of DHCP options. After you create a DHCP option set, you associate it with a VPC. After you associate a DHCP option set with a VPC, all existing and newly launched instances in the VPC use this set of DHCP options. The following are the individual DHCP options you can specify. For more information, see DHCP options sets in the Amazon VPC User Guide. Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP option set is associated with a VPC that has instances running operating systems that treat the value as a single domain, specify only one domain name. Creates a launch template. A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide. If you want to clone an existing launch template as the basis for creating a new launch template, you can use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide. Creates a launch template. A launch template contains the parameters to launch an instance. When you launch an instance using RunInstances, you can specify a launch template instead of providing the launch parameters in the request. For more information, see Launch an instance from a launch template in the Amazon Elastic Compute Cloud User Guide. To clone an existing launch template as the basis for a new launch template, use the Amazon EC2 console. The API, SDKs, and CLI do not support cloning a template. For more information, see Create a launch template from an existing launch template in the Amazon Elastic Compute Cloud User Guide. Creates a new version of a launch template. You can specify an existing version of launch template from which to base the new version. Launch template versions are numbered in the order in which they are created. You cannot specify, change, or replace the numbering of launch template versions. Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes any changes you require. For more information, see Modify a launch template (manage launch template versions) in the Amazon Elastic Compute Cloud User Guide. Creates a new version of a launch template. You must specify an existing launch template, either by name or ID. You can determine whether the new version inherits parameters from a source version, and add or overwrite parameters as needed. Launch template versions are numbered in the order in which they are created. You can't specify, change, or replace the numbering of launch template versions. Launch templates are immutable; after you create a launch template, you can't modify it. Instead, you can create a new version of the launch template that includes the changes that you require. For more information, see Modify a launch template (manage launch template versions) in the Amazon Elastic Compute Cloud User Guide. Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you. The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions. Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified images (AMIs, AKIs, and ARIs) available to you or all of the images available to you. The images available to you include public images, private images that you own, and private images owned by other Amazon Web Services accounts for which you have explicit launch permissions. Recently deregistered images appear in the returned results for a short interval and then return empty results. After all instances that reference a deregistered AMI are terminated, specifying the ID of the image will eventually return an error indicating that the AMI ID cannot be found. We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified instances or all instances. If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully. If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output. Recently terminated instances might appear in the returned results. This interval is usually less than one hour. If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified instances or all instances. If you specify instance IDs, the output includes information for only the specified instances. If you specify filters, the output includes information for only those instances that meet the filter criteria. If you do not specify instance IDs or filters, the output includes information for all instances, which can affect performance. We recommend that you use pagination to ensure that the operation returns quickly and successfully. If you specify an instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not included in the output. Recently terminated instances might appear in the returned results. This interval is usually less than one hour. If you describe instances in the rare case where an Availability Zone is experiencing a service disruption and you specify instance IDs that are in the affected zone, or do not specify any instance IDs at all, the call fails. If you describe instances and specify only instance IDs that are in an unaffected zone, the call works normally. We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes one or more of your network interfaces. If you have a large number of network interfaces, the operation fails unless you use pagination or one of the following filters: Describes one or more of your network interfaces. If you have a large number of network interfaces, the operation fails unless you use pagination or one of the following filters: We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you. The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions. The create volume permissions fall into the following categories: public: The owner of the snapshot granted create volume permissions for the snapshot to the explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account. implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns. The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions. If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results. If you specify one or more snapshot owners using the If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination. To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide. Describes the specified EBS snapshots available to you or all of the EBS snapshots available to you. The snapshots available to you include public snapshots, private snapshots that you own, and private snapshots owned by other Amazon Web Services accounts for which you have explicit create volume permissions. The create volume permissions fall into the following categories: public: The owner of the snapshot granted create volume permissions for the snapshot to the explicit: The owner of the snapshot granted create volume permissions to a specific Amazon Web Services account. implicit: An Amazon Web Services account has implicit create volume permissions for all snapshots it owns. The list of snapshots returned can be filtered by specifying snapshot IDs, snapshot owners, or Amazon Web Services accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots for which you have create volume permissions. If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have access, it is not included in the returned results. If you specify one or more snapshot owners using the If you specify a list of restorable users, only snapshots with create snapshot permissions for those users are returned. You can specify Amazon Web Services account IDs (if you own the snapshots), If you are describing a long list of snapshots, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination. To get the state of fast snapshot restores for a snapshot, use DescribeFastSnapshotRestores. For more information about EBS snapshots, see Amazon EBS snapshots in the Amazon EBS User Guide. We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. Describes the specified tags for your EC2 resources. For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified tags for your EC2 resources. For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide. We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified EBS volumes or all of your EBS volumes. If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination. For more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Describes the specified EBS volumes or all of your EBS volumes. If you are describing a long list of volumes, we recommend that you paginate the output to make the list more manageable. For more information, see Pagination. For more information about EBS volumes, see Amazon EBS volumes in the Amazon EBS User Guide. We strongly recommend using only paginated requests. Unpaginated requests are susceptible to throttling and timeouts. The order of the elements in the response, including those within nested structures, might vary. Applications should not assume the elements appear in a particular order. Cancels the deprecation of the specified AMI. For more information, see Deprecate an AMI in the Amazon EC2 User Guide. Disables deregistration protection for an AMI. When deregistration protection is disabled, the AMI can be deregistered. If you chose to include a 24-hour cooldown period when you enabled deregistration protection for the AMI, then, when you disable deregistration protection, you won’t immediately be able to deregister the AMI. For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide. Enables deprecation of the specified AMI at the specified date and time. For more information, see Deprecate an AMI in the Amazon EC2 User Guide. Enables deregistration protection for an AMI. When deregistration protection is enabled, the AMI can't be deregistered. To allow the AMI to be deregistered, you must first disable deregistration protection using DisableImageDeregistrationProtection. For more information, see Protect an AMI from deregistration in the Amazon EC2 User Guide. The key of the Amazon S3 object ey where the certificate, certificate chain, and encrypted private key bundle is stored. The object key is formated as follows: The key of the Amazon S3 object where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: The ID of the KMS customer master key (CMK) used to encrypt the private key. The ID of the KMS key used to encrypt the private key. The tags to apply to the launch template on creation. To tag the launch template, the resource type must be To specify the tags for the resources that are created when an instance is launched, you must use the The tags to apply to the launch template on creation. To tag the launch template, the resource type must be To specify the tags for the resources that are created when an instance is launched, you must use the The ID of the launch template. You must specify either the The ID of the launch template. You must specify either the launch template ID or the launch template name, but not both. The name of the launch template. You must specify the The name of the launch template. You must specify either the launch template ID or the launch template name, but not both. The version number of the launch template version on which to base the new version. The new version inherits the same launch parameters as the source version, except for parameters that you specify in The version of the launch template on which to base the new version. Snapshots applied to the block device mapping are ignored when creating a new version unless they are explicitly included. If you specify this parameter, the new version inherits the launch parameters from the source version. If you specify additional launch parameters for the new version, they overwrite any corresponding launch parameters inherited from the source version. If you omit this parameter, the new version contains only the launch parameters that you specify for the new version. The ID of the launch template. You must specify either the The ID of the launch template. You must specify either the launch template ID or the launch template name, but not both. The name of the launch template. You must specify either the The name of the launch template. You must specify either the launch template ID or the launch template name, but not both. The ID of the launch template. You must specify either the The ID of the launch template. You must specify either the launch template ID or the launch template name, but not both. The name of the launch template. You must specify either the The name of the launch template. You must specify either the launch template ID or the launch template name, but not both. The ID of the launch template. To describe one or more versions of a specified launch template, you must specify either the To describe all the latest or default launch template versions in your account, you must omit this parameter. The ID of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template ID or the launch template name, but not both. To describe all the latest or default launch template versions in your account, you must omit this parameter. The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the To describe all the latest or default launch template versions in your account, you must omit this parameter. The name of the launch template. To describe one or more versions of a specified launch template, you must specify either the launch template name or the launch template ID, but not both. To describe all the latest or default launch template versions in your account, you must omit this parameter. Information about one or more network interfaces. Information about the network interfaces. The filters. The filters. The ID of the AMI. Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is Returns The ID of the AMI. If Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is Returns The ID of the instance that the AMI was created from if the AMI was created using CreateImage. This field only appears if the AMI was created using CreateImage. Indicates whether deregistration protection is enabled for the AMI. The date and time, in ISO 8601 date-time format, when the AMI was last used to launch an EC2 instance. When the AMI is used to launch an instance, there is a 24-hour delay before that usage is reported. Describes an image. If Indicates whether deregistration protection is enabled for the AMI. Describes an image attribute. The ID of the launch template. You must specify the The ID of the launch template. You must specify either the launch template ID or the launch template name, but not both. The name of the launch template. You must specify the The name of the launch template. You must specify either the launch template ID or the launch template name, but not both. The launch template version number, If the value is If the value is Default: The default version of the launch template. The launch template version number, A value of A value of Default: The default version of the launch template. The launch template to use. You must specify either the launch template ID or launch template name in the request, but not both. Describes the launch template to use. The ID of the launch template. You must specify either the The ID of the launch template. You must specify either the launch template ID or the launch template name, but not both. The name of the launch template. You must specify either the The name of the launch template. You must specify either the launch template ID or the launch template name, but not both. The launch template to use to launch the instances. Any parameters that you specify in RunInstances override the same parameters in the launch template. You can specify either the name or ID of a launch template, but not both. The launch template. Any additional parameters that you specify for the new instance overwrite the corresponding parameters included in the launch template. Invokes the specified Bedrock model to run inference using the input provided in the request body. You use InvokeModel to run inference for text models, image models, and embedding models. For more information, see Run inference in the Bedrock User Guide. For example requests, see Examples (after the Errors section). Invokes the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. You use model inference to generate text, images, and embeddings. For example code, see Invoke model code examples in the Amazon Bedrock User Guide. This operation requires permission for the Invoke the specified Bedrock model to run inference using the input provided. Return the response in a stream. For more information, see Run inference in the Bedrock User Guide. For an example request and response, see Examples (after the Errors section). Invoke the specified Amazon Bedrock model to run inference using the prompt and inference parameters provided in the request body. The response is returned in a stream. To see if a model supports streaming, call GetFoundationModel and check the The CLI doesn't support For example code, see Invoke model with streaming code example in the Amazon Bedrock User Guide. This operation requires permissions to perform the Input data in the format specified in the content-type request header. To see the format and content of this field for different models, refer to Inference parameters. The prompt and inference parameters in the format specified in the Identifier of the model. The unique identifier of the model to invoke to run inference. The If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide. If you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide. If you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide. Specifies whether to enable or disable the Bedrock trace. If enabled, you can see the full Bedrock trace. The unique identifier of the guardrail that you want to use. If you don't provide a value, no guardrail is applied to the invocation. An error will be thrown in the following situations. You don't provide a guardrail identifier but you specify the You enable the guardrail but the You provide a guardrail identifier, but The version number for the guardrail. The value can also be Inference response from the model in the format specified in the content-type header field. To see the format and content of this field for different models, refer to Inference parameters. Inference response from the model in the format specified in the Inference input in the format specified by the content-type. To see the format and content of this field for different models, refer to Inference parameters. The prompt and inference parameters in the format specified in the Id of the model to invoke using the streaming request. The unique identifier of the model to invoke to run inference. The If you use a base model, specify the model ID or its ARN. For a list of model IDs for base models, see Amazon Bedrock base model IDs (on-demand throughput) in the Amazon Bedrock User Guide. If you use a provisioned model, specify the ARN of the Provisioned Throughput. For more information, see Run inference using a Provisioned Throughput in the Amazon Bedrock User Guide. If you use a custom model, first purchase Provisioned Throughput for it. Then specify the ARN of the resulting provisioned model. For more information, see Use a custom model in Amazon Bedrock in the Amazon Bedrock User Guide. Specifies whether to enable or disable the Bedrock trace. If enabled, you can see the full Bedrock trace. The unique identifier of the guardrail that you want to use. If you don't provide a value, no guardrail is applied to the invocation. An error is thrown in the following situations. You don't provide a guardrail identifier but you specify the You enable the guardrail but the You provide a guardrail identifier, but The version number for the guardrail. The value can also be Inference response from the model in the format specified by Content-Type. To see the format and content of this field for different models, refer to Inference parameters. Inference response from the model in the format specified by the The original message. An error occurred while streaming the response. An error occurred while streaming the response. Retry your request. Content included in the response. An internal server error occurred. Retry your request. An error occurred while streaming the response. Retry your request. Input validation failed. Check your request parameters and retry the request. The number or frequency of requests exceeds the limit. Resubmit your request later. The request took too long to process. Processing time exceeded the model timeout length. Definition of content in the response stream. Describes the API operations for running inference using Bedrock models. Describes the API operations for running inference using Amazon Bedrock models. API operation for creating and managing Amazon Bedrock automatic model evaluation jobs and model evaluation jobs that use human workers. To learn more about the requirements for creating a model evaluation job see, Model evaluations. Creates a guardrail to block topics and to filter out harmful content. Specify a Specify messages for when the guardrail successfully blocks a prompt or a model response in the Specify topics for the guardrail to deny in the Give a Specify (Optional) Provide up to five prompts that you would categorize as belonging to the topic in the Specify filter strengths for the harmful categories defined in Amazon Bedrock in the Specify the category in the Specify the strength of the filter for prompts in the (Optional) For security, include the ARN of a KMS key in the (Optional) Attach any tags to the guardrail in the Creates a version of the guardrail. Use this API to create a snapshot of the guardrail when you are satisfied with a configuration, or to compare the configuration with another version. Creates a fine-tuning job to customize a base model. You specify the base foundation model and the location of the training data. After the model-customization job completes successfully, your custom model resource will be ready to use. Training data contains input and output text for each record in a JSONL format. Optionally, you can specify validation data in the same format as the training data. Amazon Bedrock returns validation loss metrics and output generations after the job completes. Model-customization jobs are asynchronous and the completion time depends on the base model and the training/validation data size. To monitor a job, use the For more information, see Custom models in the Bedrock User Guide. Creates a fine-tuning job to customize a base model. You specify the base foundation model and the location of the training data. After the model-customization job completes successfully, your custom model resource will be ready to use. Amazon Bedrock returns validation loss metrics and output generations after the job completes. For information on the format of training and validation data, see Prepare the datasets. Model-customization jobs are asynchronous and the completion time depends on the base model and the training/validation data size. To monitor a job, use the For more information, see Custom models in the Amazon Bedrock User Guide. Creates a provisioned throughput with dedicated capacity for a foundation model or a fine-tuned model. For more information, see Provisioned throughput in the Bedrock User Guide. Creates dedicated throughput for a base or custom model with the model units and for the duration that you specify. For pricing details, see Amazon Bedrock Pricing. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. Deletes a custom model that you created earlier. For more information, see Custom models in the Bedrock User Guide. Deletes a custom model that you created earlier. For more information, see Custom models in the Amazon Bedrock User Guide. Deletes a guardrail. To delete a guardrail, only specify the ARN of the guardrail in the To delete a version of a guardrail, specify the ARN of the guardrail in the Deletes a provisioned throughput. For more information, see Provisioned throughput in the Bedrock User Guide. Deletes a Provisioned Throughput. You can't delete a Provisioned Throughput before the commitment term is over. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. Get the properties associated with a Amazon Bedrock custom model that you have created.For more information, see Custom models in the Bedrock User Guide. Get the properties associated with a Amazon Bedrock custom model that you have created.For more information, see Custom models in the Amazon Bedrock User Guide. Retrieves the properties associated with a model evaluation job, including the status of the job. For more information, see Model evaluations. Get details about a Amazon Bedrock foundation model. Gets details about a guardrail. If you don't specify a version, the response returns details for the Retrieves the properties associated with a model-customization job, including the status of the job. For more information, see Custom models in the Bedrock User Guide. Retrieves the properties associated with a model-customization job, including the status of the job. For more information, see Custom models in the Amazon Bedrock User Guide. Get details for a provisioned throughput. For more information, see Provisioned throughput in the Bedrock User Guide. Returns details for a Provisioned Throughput. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. Returns a list of the custom models that you have created with the For more information, see Custom models in the Bedrock User Guide. Returns a list of the custom models that you have created with the For more information, see Custom models in the Amazon Bedrock User Guide. Lists model evaluation jobs. List of Amazon Bedrock foundation models that you can use. For more information, see Foundation models in the Bedrock User Guide. Lists Amazon Bedrock foundation models that you can use. You can filter the results with the request parameters. For more information, see Foundation models in the Amazon Bedrock User Guide. Lists details about all the guardrails in an account. To list the You can set the maximum number of results to return in a response in the Returns a list of model customization jobs that you have submitted. You can filter the jobs to return based on one or more criteria. For more information, see Custom models in the Bedrock User Guide. Returns a list of model customization jobs that you have submitted. You can filter the jobs to return based on one or more criteria. For more information, see Custom models in the Amazon Bedrock User Guide. List the provisioned capacities. For more information, see Provisioned throughput in the Bedrock User Guide. Lists the Provisioned Throughputs in the account. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. List the tags associated with the specified resource. For more information, see Tagging resources in the Bedrock User Guide. List the tags associated with the specified resource. For more information, see Tagging resources in the Amazon Bedrock User Guide. Set the configuration values for model invocation logging. Stops an in progress model evaluation job. Stops an active model customization job. For more information, see Custom models in the Bedrock User Guide. Stops an active model customization job. For more information, see Custom models in the Amazon Bedrock User Guide. Associate tags with a resource. For more information, see Tagging resources in the Bedrock User Guide. Associate tags with a resource. For more information, see Tagging resources in the Amazon Bedrock User Guide. Remove one or more tags from a resource. For more information, see Tagging resources in the Bedrock User Guide. Remove one or more tags from a resource. For more information, see Tagging resources in the Amazon Bedrock User Guide. Updates a guardrail with the values you specify. Specify a Specify messages for when the guardrail successfully blocks a prompt or a model response in the Specify topics for the guardrail to deny in the Give a Specify (Optional) Provide up to five prompts that you would categorize as belonging to the topic in the Specify filter strengths for the harmful categories defined in Amazon Bedrock in the Specify the category in the Specify the strength of the filter for prompts in the (Optional) For security, include the ARN of a KMS key in the (Optional) Attach any tags to the guardrail in the Update a provisioned throughput. For more information, see Provisioned throughput in the Bedrock User Guide. Updates the name or associated model for a Provisioned Throughput. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. Specifies the required elements for an automatic model evaluation job. Use to specify a automatic model evaluation job. The The role ARN. The role Amazon Resource Name (ARN). The name of the model evaluation job. Model evaluation job names must unique with your AWS account, and your account's AWS region. A description of the model evaluation job. A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency. The Amazon Resource Name (ARN) of an IAM service role that Amazon Bedrock can assume to perform tasks on your behalf. The service role must have Amazon Bedrock as the service principal, and provide access to any Amazon S3 buckets specified in the Specify your customer managed key ARN that will be used to encrypt your model evaluation job. Tags to attach to the model evaluation job. Specifies whether the model evaluation job is automatic or uses human worker. Specify the models you want to use in your model evaluation job. Automatic model evaluation jobs support a single model, and model evaluation job that use human workers support two models. An object that defines where the results of model evaluation job will be saved in Amazon S3. The ARN of the model evaluation job. The name to give the guardrail. A description of the guardrail. The topic policies to configure for the guardrail. The content filter policies to configure for the guardrail. The word policy you configure for the guardrail. The sensitive information policy to configure for the guardrail. The message to return when the guardrail blocks a prompt. The message to return when the guardrail blocks a model response. The ARN of the KMS key that you use to encrypt the guardrail. The tags that you want to attach to the guardrail. A unique, case-sensitive identifier to ensure that the API request completes no more than once. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency in the Amazon S3 User Guide. The unique identifier of the guardrail that was created. The ARN of the guardrail that was created. The version of the guardrail that was created. This value should be 1. The time at which the guardrail was created. The unique identifier of the guardrail. A description of the guardrail version. A unique, case-sensitive identifier to ensure that the API request completes no more than once. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency in the Amazon S3 User Guide. The unique identifier of the guardrail. The number of the version of the guardrail. Enter a unique name for the fine-tuning job. A name for the fine-tuning job. Enter a name for the custom model. A name for the resulting custom model. The Amazon Resource Name (ARN) of an IAM role that Amazon Bedrock can assume to perform tasks on your behalf. For example, during model training, Amazon Bedrock needs your permission to read input data from an S3 bucket, write model artifacts to an S3 bucket. To pass this role to Amazon Bedrock, the caller of this API must have the The Amazon Resource Name (ARN) of an IAM service role that Amazon Bedrock can assume to perform tasks on your behalf. For example, during model training, Amazon Bedrock needs your permission to read input data from an S3 bucket, write model artifacts to an S3 bucket. To pass this role to Amazon Bedrock, the caller of this API must have the Unique token value that you can provide. The GetModelCustomizationJob response includes the same token value. A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency. Assign tags to the job. Tags to attach to the job. Assign tags to the custom model. Tags to attach to the resulting custom model. Parameters related to tuning the model. Parameters related to tuning the model. For details on the format for different models, see Custom model hyperparameters. ARN of the fine tuning job Amazon Resource Name (ARN) of the fine tuning job Unique token value that you can provide. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. A unique, case-sensitive identifier to ensure that the API request completes no more than one time. If this token matches a previous request, Amazon Bedrock ignores the request, but does not return an error. For more information, see Ensuring idempotency in the Amazon S3 User Guide. Number of model units to allocate. Number of model units to allocate. A model unit delivers a specific throughput level for the specified model. The throughput level of a model unit specifies the total number of input and output tokens that it can process and generate within a span of one minute. By default, your account has no model units for purchasing Provisioned Throughputs with commitment. You must first visit the Amazon Web Services support center to request MUs. For model unit quotas, see Provisioned Throughput quotas in the Amazon Bedrock User Guide. For more information about what an MU specifies, contact your Amazon Web Services account manager. Unique name for this provisioned throughput. The name for this Provisioned Throughput. Name or ARN of the model to associate with this provisioned throughput. The Amazon Resource Name (ARN) or name of the model to associate with this Provisioned Throughput. For a list of models for which you can purchase Provisioned Throughput, see Amazon Bedrock model IDs for purchasing Provisioned Throughput in the Amazon Bedrock User Guide. Commitment duration requested for the provisioned throughput. The commitment duration requested for the Provisioned Throughput. Billing occurs hourly and is discounted for longer commitment terms. To request a no-commit Provisioned Throughput, omit this field. Custom models support all levels of commitment. To see which base models support no commitment, see Supported regions and models for Provisioned Throughput in the Amazon Bedrock User Guide Tags to associate with this provisioned throughput. Tags to associate with this Provisioned Throughput. The ARN for this provisioned throughput. The Amazon Resource Name (ARN) for this Provisioned Throughput. The ARN of the custom model. The Amazon Resource Name (ARN) of the custom model. The base model ARN. The base model Amazon Resource Name (ARN). The unique identifier of the guardrail. The version of the guardrail. The ARN or name of the provisioned throughput. The Amazon Resource Name (ARN) or name of the Provisioned Throughput. The model ARN. The ARN of the Amazon Bedrock model specified. Each Amazon Bedrock support different inference parameters that change how the model behaves during inference. Contains the ARN of the Amazon Bedrock models specified in your model evaluation job. Each Amazon Bedrock model supports different The Used to specify an automated model evaluation job. See Used to specify a model evaluation job that uses human workers.See Used to specify either a Used to specify supported built-in prompt datasets. Valid values are For custom prompt datasets, you must specify the location in Amazon S3 where the prompt dataset is saved. Used to specify the name of a built-in prompt dataset and optionally, the Amazon S3 bucket where a custom prompt dataset is saved. The S3 URI of the S3 bucket specified in the job. The location in Amazon S3 where your prompt dataset is stored. The task type you want the model to carry out. Specifies the prompt dataset. The names of the metrics used. For automated model evaluation jobs valid values are Defines the built-in prompt datasets, built-in metric names and custom metric names, and the task type. Used to specify the models. Used to define the models you want used in your model evaluation job. Automated model evaluation jobs support only a single model. In a human-based model evaluation job, your annotator can compare the responses for up to two different models. Defines the Amazon Bedrock model and inference parameters you want used. Defines the models used in the model evaluation job. The Amazon S3 URI where the results of model evaluation job are saved. The Amazon S3 location where the results of your model evaluation job are saved. The Amazon Resource Name (ARN) of the model evaluation job. The name of the model evaluation job. The current status of the model evaluation job. When the model evaluation job was created. The type, either human or automatic, of model evaluation job. What task type was used in the model evaluation job. The Amazon Resource Names (ARNs) of the model(s) used in the model evaluation job. A summary of the model evaluation job. The model Amazon Resource Name (ARN). The model identifier. he model's provider name. The model's provider name. The ARN of the foundation model. The Amazon Resource Name (ARN) of the foundation model. The model Id of the foundation model. The model ID of the foundation model. Name or ARN of the custom model. Name or Amazon Resource Name (ARN) of the custom model. ARN associated with this model. Amazon Resource Name (ARN) associated with this model. Job ARN associated with this model. Job Amazon Resource Name (ARN) associated with this model. ARN of the base model. Amazon Resource Name (ARN) of the base model. Hyperparameter values associated with this model. Hyperparameter values associated with this model. For details on the format for different models, see Custom model hyperparameters. Information about the training dataset. Contains information about the training dataset. Contains information about the validation dataset. Output data configuration associated with this custom model. The training metrics from the job creation. Contains training metrics from the job creation. The Amazon Resource Name (ARN) of the model evaluation job. The name of the model evaluation job. The status of the model evaluation job. The Amazon Resource Name (ARN) of the model evaluation job. The description of the model evaluation job. The Amazon Resource Name (ARN) of the IAM service role used in the model evaluation job. The Amazon Resource Name (ARN) of the customer managed key specified when the model evaluation job was created. The type of model evaluation job. Contains details about the type of model evaluation job, the metrics used, the task type selected, the datasets used, and any custom metrics you defined. Details about the models you specified in your model evaluation job. Amazon S3 location for where output data is saved. When the model evaluation job was created. When the model evaluation job was last modified. An array of strings the specify why the model evaluation job has failed. Identifier for the customization job. The unique identifier of the guardrail for which to get details. The version of the guardrail for which to get details. If you don't specify a version, the response returns details for the The ARN of the customization job. The name of the guardrail. The name of the customization job. The description of the guardrail. The name of the output model. The unique identifier of the guardrail. The ARN of the output model. The ARN of the guardrail that was created. The version of the guardrail. The status of the guardrail. The topic policy that was configured for the guardrail. The content policy that was configured for the guardrail. The word policy that was configured for the guardrail. The sensitive information policy that was configured for the guardrail. The date and time at which the guardrail was created. The date and time at which the guardrail was updated. Appears if the Appears if the The message that the guardrail returns when it blocks a prompt. The message that the guardrail returns when it blocks a model response. The ARN of the KMS key that encrypts the guardrail. Identifier for the customization job. The Amazon Resource Name (ARN) of the customization job. The name of the customization job. The name of the output model. The Amazon Resource Name (ARN) of the output model. The token that you specified in the CreateCustomizationJob request. The token that you specified in the The ARN of the IAM role. The Amazon Resource Name (ARN) of the IAM role. ARN of the base model. Amazon Resource Name (ARN) of the base model. The hyperparameter values for the job. For information about hyperparameters for specific models, see Guidelines for model customization. The hyperparameter values for the job. For details on the format for different models, see Custom model hyperparameters. Contains information about the training dataset. Contains information about the validation dataset. Output data configuration The custom model is encrypted at rest using this key. Contains training metrics from the job creation. The loss metric for each validator that you provided in the createjob request. VPC configuration for the custom model job. The current configuration values. The Amazon Resource Name (ARN) or name of the Provisioned Throughput. The number of model units allocated to this Provisioned Throughput. The number of model units that was requested for this Provisioned Throughput. The name of the Provisioned Throughput. The Amazon Resource Name (ARN) of the Provisioned Throughput. The Amazon Resource Name (ARN) of the model associated with this Provisioned Throughput. The Amazon Resource Name (ARN) of the model requested to be associated to this Provisioned Throughput. This value differs from the The Amazon Resource Name (ARN) of the base model for which the Provisioned Throughput was created, or of the base model that the custom model for which the Provisioned Throughput was created was customized. The status of the Provisioned Throughput. The timestamp of the creation time for this Provisioned Throughput. The timestamp of the last time that this Provisioned Throughput was modified. A failure message for any issues that occurred during creation, updating, or deletion of the Provisioned Throughput. Commitment duration of the Provisioned Throughput. The timestamp for when the commitment term for the Provisioned Throughput expires. The harmful category that the content filter is applied to. The strength of the content filter to apply to prompts. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces. The strength of the content filter to apply to model responses. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces. Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs. Hate – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin). Insults – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying. Sexual – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex. Violence – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing. Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence. For more information, see Guardrails content filters. This data type is used in the following API operations: The harmful category that the content filter is applied to. The strength of the content filter to apply to prompts. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces. The strength of the content filter to apply to model responses. As you increase the filter strength, the likelihood of filtering harmful content increases and the probability of seeing harmful content in your application reduces. Contains filter strengths for harmful content. Guardrails support the following content filters to detect and filter harmful user inputs and FM-generated outputs. Hate – Describes language or a statement that discriminates, criticizes, insults, denounces, or dehumanizes a person or group on the basis of an identity (such as race, ethnicity, gender, religion, sexual orientation, ability, and national origin). Insults – Describes language or a statement that includes demeaning, humiliating, mocking, insulting, or belittling language. This type of language is also labeled as bullying. Sexual – Describes language or a statement that indicates sexual interest, activity, or arousal using direct or indirect references to body parts, physical traits, or sex. Violence – Describes language or a statement that includes glorification of or threats to inflict physical pain, hurt, or injury toward a person, group or thing. Content filtering depends on the confidence classification of user inputs and FM responses across each of the four harmful categories. All input and output statements are classified into one of four confidence levels (NONE, LOW, MEDIUM, HIGH) for each harmful category. For example, if a statement is classified as Hate with HIGH confidence, the likelihood of the statement representing hateful content is high. A single statement can be classified across multiple categories with varying confidence levels. For example, a single statement can be classified as Hate with HIGH confidence, Insults with LOW confidence, Sexual with NONE confidence, and Violence with MEDIUM confidence. For more information, see Guardrails content filters. This data type is used in the following API operations: Contains the type of the content filter and how strongly it should apply to prompts and model responses. Contains details about how to handle harmful content. This data type is used in the following API operations: Contains the type of the content filter and how strongly it should apply to prompts and model responses. Contains details about how to handle harmful content. This data type is used in the following API operations: ManagedWords$type The managed word type that was configured for the guardrail. (For now, we only offer profanity word list) The managed word list that was configured for the guardrail. (This is a list of words that are pre-defined and managed by Guardrails only.) The managed word type to configure for the guardrail. The managed word list to configure for the guardrail. The type of PII entity. For example, Social Security Number. The configured guardrail action when PII entity is detected. The PII entity configured for the guardrail. Configure guardrail type when the PII entity is detected. Configure guardrail action when the PII entity is detected. The PII entity to configure for the guardrail. The name of the regular expression for the guardrail. The description of the regular expression for the guardrail. The pattern of the regular expression configured for the guardrail. The action taken when a match to the regular expression is detected. The regular expression configured for the guardrail. The name of the regular expression to configure for the guardrail. The description of the regular expression to configure for the guardrail. The regular expression pattern to configure for the guardrail. The guardrail action to configure when matching regular expression is detected. The regular expression to configure for the guardrail. The list of PII entities configured for the guardrail. The list of regular expressions configured for the guardrail. Contains details about PII entities and regular expressions configured for the guardrail. A list of PII entities to configure to the guardrail. A list of regular expressions to configure to the guardrail. Contains details about PII entities and regular expressions to configure for the guardrail. The unique identifier of the guardrail. The ARN of the guardrail. The status of the guardrail. The name of the guardrail. A description of the guardrail. The version of the guardrail. The date and time at which the guardrail was created. The date and time at which the guardrail was last updated. Contains details about a guardrail. This data type is used in the following API operations: The name of the topic to deny. A definition of the topic to deny. A list of prompts, each of which is an example of a prompt that can be categorized as belonging to the topic. Specifies to deny the topic. Details about topics for the guardrail to identify and deny. This data type is used in the following API operations: The name of the topic to deny. A definition of the topic to deny. A list of prompts, each of which is an example of a prompt that can be categorized as belonging to the topic. Specifies to deny the topic. Details about topics for the guardrail to identify and deny. This data type is used in the following API operations: A list of policies related to topics that the guardrail should deny. Contains details about topics that the guardrail should identify and deny. This data type is used in the following API operations: A list of policies related to topics that the guardrail should deny. Contains details about topics that the guardrail should identify and deny. This data type is used in the following API operations: The current configuration values. Text of the word configured for the guardrail to block. A word configured for the guardrail. The ARN or name of the provisioned throughput. Text of the word configured for the guardrail to block. A word to configure for the guardrail. The current number of model units requested to be available for this provisioned throughput. A list of words configured for the guardrail. The desired number of model units that was requested to be available for this provisioned throughput. The name of the provisioned throughput. The ARN of the provisioned throughput. The ARN or name of the model associated with this provisioned throughput. The ARN of the new model to asssociate with this provisioned throughput. ARN of the foundation model. A list of managed words configured for the guardrail. Contains details about the word policy configured for the guardrail. A list of words to configure for the guardrail. Status of the provisioned throughput. A list of managed words to configure for the guardrail. Contains details about the word policy to configured for the guardrail. The parameters of the human workflow. The timestamp of the creation time for this provisioned throughput. A The timestamp of the last modified time of this provisioned throughput. Use to specify the metrics, task, and prompt dataset to be used in your model evaluation job. Specifies the custom metrics, how tasks will be rated, the flow definition ARN, and your custom prompt datasets. Model evaluation jobs use human workers only support the use of custom prompt datasets. To learn more about custom prompt datasets and the required format, see Custom prompt datasets. When you create custom metrics in The name of the metric. Your human evaluators will see this name in the evaluation UI. Failure message for any issues that the create operation encounters. An optional description of the metric. Use this parameter to provide more details about the metric. Commitment duration of the provisioned throughput. Choose how you want your human workers to evaluation your model. Valid values for rating methods are In a model evaluation job that uses human workers you must define the name of the metric, and how you want that metric rated The Amazon Resource Number (ARN) for the flow definition Commitment expiration time for the provisioned throughput. Instructions for the flow definition Contains Return custom models only if the base model ARN matches this parameter. Return custom models only if the base model Amazon Resource Name (ARN) matches this parameter. Return custom models only if the foundation model ARN matches this parameter. Return custom models only if the foundation model Amazon Resource Name (ARN) matches this parameter. A filter that includes model evaluation jobs created after the time specified. A filter that includes model evaluation jobs created prior to the time specified. Only return jobs where the status condition is met. Query parameter string for model evaluation job names. The maximum number of results to return. Continuation token from the previous response, for Amazon Bedrock to list the next set of results. Allows you to sort model evaluation jobs by when they were created. How you want the order of jobs sorted. Continuation token from the previous response, for Amazon Bedrock to list the next set of results. A summary of the model evaluation jobs. A Amazon Bedrock model provider. Return models belonging to the model provider that you specify. List by customization type. Return models that support the customization type that you specify. For more information, see Custom models in the Amazon Bedrock User Guide. List by output modality type. Return models that support the output modality that you specify. List by inference type. Return models that support the inference type that you specify. For more information, see Provisioned Throughput in the Amazon Bedrock User Guide. The unique identifier of the guardrail. The maximum number of results to return in the response. If there are more results than were returned in the response, the response returns a A list of objects, each of which contains details about a guardrail. If there are more results than were returned in the response, the response returns a Return provisioned capacities created after the specified time. A filter that returns Provisioned Throughputs created after the specified time. Return provisioned capacities created before the specified time. A filter that returns Provisioned Throughputs created before the specified time. Return the list of provisioned capacities that match the specified status. A filter that returns Provisioned Throughputs if their statuses matches the value that you specify. Return the list of provisioned capacities where their model ARN is equal to this parameter. A filter that returns Provisioned Throughputs whose model Amazon Resource Name (ARN) is equal to the value that you specify. Return the list of provisioned capacities if their name contains these characters. A filter that returns Provisioned Throughputs if their name contains the expression that you specify. THe maximum number of results to return in the response. THe maximum number of results to return in the response. If there are more results than the number you specified, the response returns a Continuation token from the previous response, for Amazon Bedrock to list the next set of results. If there are more results than the number you specified in the The field to sort by in the returned list of provisioned capacities. The field by which to sort the returned list of Provisioned Throughputs. Continuation token for the next request to list the next set of results. If there are more results than the number you specified in the List of summaries, one for each provisioned throughput in the response. A list of summaries, one for each Provisioned Throughput in the response. The ARN of the resource. The Amazon Resource Name (ARN) of the resource. Set to include embeddings data in the log delivery. Configuration fields for invokation logging. Configuration fields for invocation logging. ARN of the customization job. Amazon Resource Name (ARN) of the customization job. ARN of the base model. Amazon Resource Name (ARN) of the base model. ARN of the custom model. Amazon Resource Name (ARN) of the custom model. The name of the provisioned throughput. The name of the Provisioned Throughput. The ARN of the provisioned throughput. The Amazon Resource Name (ARN) of the Provisioned Throughput. The ARN of the model associated with this provisioned throughput. The Amazon Resource Name (ARN) of the model associated with the Provisioned Throughput. Desired model ARN. The Amazon Resource Name (ARN) of the model requested to be associated to this Provisioned Throughput. This value differs from the Foundation model ARN. The Amazon Resource Name (ARN) of the base model for which the Provisioned Throughput was created, or of the base model that the custom model for which the Provisioned Throughput was created was customized. The number of model units allocated. The number of model units allocated to the Provisioned Throughput. Desired model units. The number of model units that was requested to be allocated to the Provisioned Throughput. Status of the provisioned throughput. The status of the Provisioned Throughput. Commitment duration for the provisioned throughput. The duration for which the Provisioned Throughput was committed. Commitment expiration time for the provisioned throughput. The timestamp for when the commitment term of the Provisioned Throughput expires. The time that this provisioned throughput was created. The time that the Provisioned Throughput was created. The time that this provisioned throughput was last modified. The time that the Provisioned Throughput was last modified. Set of fields associated with a provisioned throughput. A summary of information about a Provisioned Throughput. This data type is used in the following API operations: The specified resource ARN was not found. Check the ARN and try your request again. The specified resource Amazon Resource Name (ARN) was not found. Check the Amazon Resource Name (ARN) and try your request again. The ARN of the model evaluation job you want to stop. The ARN of the resource to tag. The Amazon Resource Name (ARN) of the resource to tag. The ARN of the resource to untag. The Amazon Resource Name (ARN) of the resource to untag. The unique identifier of the guardrail A name for the guardrail. A description of the guardrail. The topic policy to configure for the guardrail. The content policy to configure for the guardrail. The word policy to configure for the guardrail. The sensitive information policy to configure for the guardrail. The message to return when the guardrail blocks a prompt. The message to return when the guardrail blocks a model response. The ARN of the KMS key with which to encrypt the guardrail. The unique identifier of the guardrail The ARN of the guardrail that was created. The version of the guardrail. The date and time at which the guardrail was updated. The ARN or name of the provisioned throughput to update. The Amazon Resource Name (ARN) or name of the Provisioned Throughput to update. The new name for this provisioned throughput. The new name for this Provisioned Throughput. The ARN of the new model to associate with this provisioned throughput. The Amazon Resource Name (ARN) of the new model to associate with this Provisioned Throughput. You can't specify this field if this Provisioned Throughput is associated with a base model. If this Provisioned Throughput is associated with a custom model, you can specify one of the following options: The base model from which the custom model was customized. Another custom model that was customized from the same base model as the custom model. VPC configuration. Describes the API operations for creating and managing Amazon Bedrock models. Describes the API operations for creating, managing, fine-turning, and evaluating Amazon Bedrock models.BlendedCosts or UsageQuantity, that you want the request to return. You can also filter and group your data by various dimensions, such as SERVICE or AZ, in a specific time range. For a complete list of valid dimensions, see the GetDimensionValues operation. Management account in an organization in Organizations have access to all member accounts. This API is currently available for the Amazon Elastic Compute Cloud – Compute service only.BlendedCosts or UsageQuantity, that you want the request to return. You can also filter and group your data by various dimensions, such as SERVICE or AZ, in a specific time range. For a complete list of valid dimensions, see the GetDimensionValues operation. Management account in an organization in Organizations have access to all member accounts.
"
+ "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout (boolean) optional
"
},
"identityProviderName":{
"shape":"IdentityProviderName",
@@ -1646,7 +1658,7 @@
},
"clientToken":{
"shape":"ClientToken",
- "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout (boolean) optional IDPInit (boolean) optional RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256 EncryptedResponses (boolean) optional Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
"
+ "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout optional
"
},
"identityProviderName":{
"shape":"IdentityProviderName",
@@ -2475,6 +2495,14 @@
"max":60,
"min":0
},
+ "InstanceType":{
+ "type":"string",
+ "enum":[
+ "standard.regular",
+ "standard.large",
+ "standard.xlarge"
+ ]
+ },
"InternalServerException":{
"type":"structure",
"members":{
@@ -2495,6 +2523,10 @@
"type":"structure",
"required":["ipAccessSettingsArn"],
"members":{
+ "additionalEncryptionContext":{
+ "shape":"EncryptionContextMap",
+ "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout (boolean) optional IDPInit (boolean) optional RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256 EncryptedResponses (boolean) optional Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.
"
+ "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout (boolean) optional
"
},
"identityProviderName":{
"shape":"IdentityProviderName",
@@ -3453,7 +3519,7 @@
"members":{
"clientToken":{
"shape":"ClientToken",
- "documentation":"
client_id client_secret authorize_scopes
client_id client_secret authorize_scopes api_version
client_id team_id key_id private_key authorize_scopes
client_id client_secret attributes_request_method oidc_issuer authorize_scopes authorize_url if not available from discovery URL specified by oidc_issuer key token_url if not available from discovery URL specified by oidc_issuer key attributes_url if not available from discovery URL specified by oidc_issuer key jwks_uri if not available from discovery URL specified by oidc_issuer key
MetadataFile OR MetadataURL IDPSignout (boolean) optional IDPInit (boolean) optional RequestSigningAlgorithm (string) optional - Only accepts rsa-sha256 EncryptedResponses (boolean) optional Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM_Identity_Center web portals are authenticated through AWS IAM Identity Center (successor to AWS Single Sign-On). They provide additional features, such as IdP-initiated authentication. Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.Standard.Standard web portals are authenticated directly through your identity provider. You need to call CreateIdentityProvider to integrate your identity provider with your web portal. User and group access to your web portal is controlled through your identity provider.IAM Identity Center web portals are authenticated through IAM Identity Center (successor to Single Sign-On). Identity sources (including external identity provider integration), plus user and group access to your web portal, can be configured in the IAM Identity Center.arn:aws:rds:us-east-1:12345667890:instance:my-orcl-db.arn:aws:rds:us-east-1:12345667890:db:my-orcl-db.db.load you must use db.load.avg. Valid values for aggregate functions include .avg, .min, .max, and .sum.Metric are:
db.load.avg - A scaled representation of the number of active sessions for the database engine.db.sampledload.avg - The raw number of active sessions for the database engine.db.load.avg and db.sampledload.avg are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with db.load.avg showing the scaled values, db.sampledload.avg showing the raw values, and db.sampledload.avg less than db.load.avg. For most use cases, you can query db.load.avg only.Metric are:
db.load.avg - A scaled representation of the number of active sessions for the database engine.db.sampledload.avg - The raw number of active sessions for the database engine.db.load.avg and db.sampledload.avg are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with db.load.avg showing the scaled values, db.sampledload.avg showing the raw values, and db.sampledload.avg less than db.load.avg. For most use cases, you can query db.load.avg only.
"
}
},
- "documentation":"GroupBy parameter.GroupBy), and return only those data points that match your criteria (Filter).db.load you must use db.load.avg. Valid values for aggregate functions include .avg, .min, .max, and .sum. If no other parameters are specified, Performance Insights returns all data points for the specified metric. Optionally, you can request that the data points be aggregated by dimension group (GroupBy), and return only those data points that match your criteria (Filter).Metric are:
db.load.avg - A scaled representation of the number of active sessions for the database engine.db.sampledload.avg - The raw number of active sessions for the database engine.db.load.avg and db.sampledload.avg are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with db.load.avg showing the scaled values, db.sampledload.avg showing the raw values, and db.sampledload.avg less than db.load.avg. For most use cases, you can query db.load.avg only. Metric are:
db.load.avg - A scaled representation of the number of active sessions for the database engine.db.sampledload.avg - The raw number of active sessions for the database engine.db.load.avg and db.sampledload.avg are the same value. If the number of active sessions is greater than the internal threshold, Performance Insights samples the active sessions, with db.load.avg showing the scaled values, db.sampledload.avg showing the raw values, and db.sampledload.avg less than db.load.avg. For most use cases, you can query db.load.avg only.
"
+ "documentation":"domain-name - If you're using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you're using AmazonProvidedDNS in any other Region, specify region.compute.internal. Otherwise, specify a custom domain name. This value is used to complete unqualified DNS hostnames.domain-name-servers - The IP addresses of up to four DNS servers, or AmazonProvidedDNS. To specify multiple domain name servers in a single parameter, separate the IP addresses using commas. To have your instances receive custom DNS hostnames as specified in domain-name, you must specify a custom DNS server.ntp-servers - The IP addresses of up to eight Network Time Protocol (NTP) servers (four IPv4 addresses and four IPv6 addresses).netbios-name-servers - The IP addresses of up to four NetBIOS name servers.netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2. Broadcast and multicast are not supported. For more information about NetBIOS node types, see RFC 2132.ipv6-preferred-lease-time - A value (in seconds, minutes, hours, or years) for how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. Acceptable values are between 140 and 2147483647 seconds (approximately 68 years). If no value is entered, the default lease time is 140 seconds. If you use long-term addressing for EC2 instances, you can increase the lease time and avoid frequent lease renewal requests. Lease renewal typically occurs when half of the lease time has elapsed.
"
},
"CreateEgressOnlyInternetGateway":{
"name":"CreateEgressOnlyInternetGateway",
@@ -816,7 +816,7 @@
},
"input":{"shape":"CreateLaunchTemplateRequest"},
"output":{"shape":"CreateLaunchTemplateResult"},
- "documentation":"domain-name - If you're using AmazonProvidedDNS in us-east-1, specify ec2.internal. If you're using AmazonProvidedDNS in any other Region, specify region.compute.internal. Otherwise, specify a custom domain name. This value is used to complete unqualified DNS hostnames.domain-name-servers - The IP addresses of up to four DNS servers, or AmazonProvidedDNS. To specify multiple domain name servers in a single parameter, separate the IP addresses using commas. To have your instances receive custom DNS hostnames as specified in domain-name, you must specify a custom DNS server.ntp-servers - The IP addresses of up to eight Network Time Protocol (NTP) servers (four IPv4 addresses and four IPv6 addresses).netbios-name-servers - The IP addresses of up to four NetBIOS name servers.netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2. Broadcast and multicast are not supported. For more information about NetBIOS node types, see RFC 2132.ipv6-address-preferred-lease-time - A value (in seconds, minutes, hours, or years) for how frequently a running instance with an IPv6 assigned to it goes through DHCPv6 lease renewal. Acceptable values are between 140 and 2147483647 seconds (approximately 68 years). If no value is entered, the default lease time is 140 seconds. If you use long-term addressing for EC2 instances, you can increase the lease time and avoid frequent lease renewal requests. Lease renewal typically occurs when half of the lease time has elapsed.group-id, mac-address, private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id.group-id, mac-address, private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id.
all group. All Amazon Web Services accounts have create volume permissions for these snapshots.OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.self for snapshots for which you own or have explicit permissions, or all for public snapshots.
all group. All Amazon Web Services accounts have create volume permissions for these snapshots.OwnerIds option, only snapshots from the specified owners and for which you have access are returned. The results can include the Amazon Web Services account IDs of the specified owners, amazon for snapshots owned by Amazon, or self for snapshots that you own.self for snapshots for which you own or have explicit permissions, or all for public snapshots.role_arn/certificate_arn. role_arn/certificate_arn. launch-template.TagSpecifications parameter in the launch template data structure.launch-template.TagSpecifications parameter in the launch template data structure.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.LaunchTemplateData. Snapshots applied to the block device mapping are ignored when creating a new version unless they are explicitly included.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.
",
+ "documentation":"key - The tag key.resource-id - The ID of the resource.resource-type - The resource type (customer-gateway | dedicated-host | dhcp-options | elastic-ip | fleet | fpga-image | host-reservation | image | instance | internet-gateway | key-pair | launch-template | natgateway | network-acl | network-interface | placement-group | reserved-instances | route-table | security-group | snapshot | spot-instances-request | subnet | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-peering-connection | vpn-connection | vpn-gateway).tag:<key> - The key/value combination of the tag. For example, specify \"tag:Owner\" for the filter name and \"TeamA\" for the filter value to find resources with the tag \"Owner=TeamA\".value - The tag value.
",
"locationName":"Filter"
},
"MaxResults":{
@@ -26162,6 +26182,30 @@
}
}
},
+ "DisableImageDeregistrationProtectionRequest":{
+ "type":"structure",
+ "required":["ImageId"],
+ "members":{
+ "ImageId":{
+ "shape":"ImageId",
+ "documentation":"key - The tag key.resource-id - The ID of the resource.resource-type - The resource type. For a list of possible values, see TagSpecification.tag:<key> - The key/value combination of the tag. For example, specify \"tag:Owner\" for the filter name and \"TeamA\" for the filter value to find resources with the tag \"Owner=TeamA\".value - The tag value.DryRunOperation. Otherwise, it is UnauthorizedOperation.true if the request succeeds; otherwise, it returns an error.true, enforces deregistration protection for 24 hours after deregistration protection is disabled.DryRunOperation. Otherwise, it is UnauthorizedOperation.true if the request succeeds; otherwise, it returns an error.lastLaunchedTime data is available starting April 2017.v2.0, it indicates that IMDSv2 is specified in the AMI. Instances launched from this AMI will have HttpTokens automatically set to required so that, by default, the instance requires that IMDSv2 is used when requesting instance metadata. In addition, HttpPutResponseHopLimit is set to 2. For more information, see Configure the AMI in the Amazon EC2 User Guide.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.$Latest, or $Default.$Latest, Amazon EC2 uses the latest version of the launch template.$Default, Amazon EC2 uses the default version of the launch template.$Latest, or $Default.$Latest uses the latest version of the launch template.$Default uses the default version of the launch template.LaunchTemplateId or the LaunchTemplateName, but not both.LaunchTemplateName or the LaunchTemplateId, but not both.bedrock:InvokeModel action.responseStreamingSupported field in the response.InvokeModelWithResponseStream.bedrock:InvokeModelWithResponseStream action. contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.modelId to provide depends on the type of model that you use:
",
"location":"uri",
"locationName":"modelId"
+ },
+ "trace":{
+ "shape":"Trace",
+ "documentation":"
",
+ "location":"header",
+ "locationName":"X-Amzn-Bedrock-GuardrailIdentifier"
+ },
+ "guardrailVersion":{
+ "shape":"GuardrailVersion",
+ "documentation":"amazon-bedrock-guardrailConfig field in the request body.contentType isn't application/json.guardrailVersion isn't specified.DRAFT.contentType header. To see the format and content of the request and response bodies for different models, refer to Inference parameters.contentType in the header. To see the format and content of the request and response bodies for different models, refer to Inference parameters. For more information, see Run inference in the Bedrock User Guide.modelId to provide depends on the type of model that you use:
",
"location":"uri",
"locationName":"modelId"
+ },
+ "trace":{
+ "shape":"Trace",
+ "documentation":"
",
+ "location":"header",
+ "locationName":"X-Amzn-Bedrock-GuardrailIdentifier"
+ },
+ "guardrailVersion":{
+ "shape":"GuardrailVersion",
+ "documentation":"amazon-bedrock-guardrailConfig field in the request body.contentType isn't application/json.guardrailVersion isn't specified.DRAFT.contentType header. To see the format and content of this field for different models, refer to Inference parameters.
"
+ },
+ "CreateGuardrailVersion":{
+ "name":"CreateGuardrailVersion",
+ "http":{
+ "method":"POST",
+ "requestUri":"/guardrails/{guardrailIdentifier}",
+ "responseCode":202
+ },
+ "input":{"shape":"CreateGuardrailVersionRequest"},
+ "output":{"shape":"CreateGuardrailVersionResponse"},
+ "errors":[
+ {"shape":"ResourceNotFoundException"},
+ {"shape":"AccessDeniedException"},
+ {"shape":"ValidationException"},
+ {"shape":"ConflictException"},
+ {"shape":"InternalServerException"},
+ {"shape":"ServiceQuotaExceededException"},
+ {"shape":"ThrottlingException"}
+ ],
+ "documentation":"name and optional description.blockedInputMessaging and blockedOutputsMessaging fields.topicPolicyConfig object. Each GuardrailTopicConfig object in the topicsConfig list pertains to one topic.
name and description so that the guardrail can properly identify the topic.DENY in the type field.examples list.contentPolicyConfig object. Each GuardrailContentFilterConfig object in the filtersConfig list pertains to a harmful category. For more information, see Content filters. For more information about the fields in a content filter, see GuardrailContentFilterConfig.
type field.inputStrength field and for model responses in the strength field of the GuardrailContentFilterConfig.kmsKeyId field.tags object. For more information, see Tag resources.GetModelCustomizationJob operation to retrieve the job status.GetModelCustomizationJob operation to retrieve the job status.
",
"idempotent":true
},
"DeleteModelInvocationLoggingConfiguration":{
@@ -109,7 +191,7 @@
{"shape":"InternalServerException"},
{"shape":"ThrottlingException"}
],
- "documentation":"guardrailIdentifier field. If you delete a guardrail, all of its versions will be deleted.guardrailIdentifier field and the version in the guardrailVersion field.DRAFT version.CreateModelCustomizationJob operation.CreateModelCustomizationJob operation.DRAFT version of all your guardrails, don't specify the guardrailIdentifier field. To list all versions of a guardrail, specify the ARN of the guardrail in the guardrailIdentifier field.maxResults field. If there are more results than the number you set, the response returns a nextToken that you can send in another ListGuardrails request to see the next batch of results.
",
+ "idempotent":true
},
"UpdateProvisionedModelThroughput":{
"name":"UpdateProvisionedModelThroughput",
@@ -377,7 +570,7 @@
{"shape":"InternalServerException"},
{"shape":"ThrottlingException"}
],
- "documentation":"name and optional description.blockedInputMessaging and blockedOutputsMessaging fields.topicPolicyConfig object. Each GuardrailTopicConfig object in the topicsConfig list pertains to one topic.
name and description so that the guardrail can properly identify the topic.DENY in the type field.examples list.contentPolicyConfig object. Each GuardrailContentFilterConfig object in the filtersConfig list pertains to a harmful category. For more information, see Content filters. For more information about the fields in a content filter, see GuardrailContentFilterConfig.
type field.inputStrength field and for model responses in the strength field of the GuardrailContentFilterConfig.kmsKeyId field.tags object. For more information, see Tag resources.EvaluationDatasetMetricConfig object is used to specify the prompt datasets, task type, and metric names.EvaluationConfig object. To pass this role to Amazon Bedrock, the caller of this API must have the iam:PassRole permission. To learn more about the required permissions, see Required permissions.iam:PassRole permission. iam:PassRole permission. inferenceParams. To learn more about supported inference parameters for Amazon Bedrock models, see Inference parameters for foundation models.inferenceParams are specified using JSON. To successfully insert JSON as string make sure that all quotations are properly escaped. For example, \"temperature\":\"0.25\" key value pair would need to be formatted as \\\"temperature\\\":\\\"0.25\\\" to successfully accepted in the request.AutomatedEvaluationConfig to view the required parameters.HumanEvaluationConfig to view the required parameters.AutomatedEvaluationConfig or HumanEvaluationConfig object.Builtin.Bold, Builtin.BoolQ, Builtin.NaturalQuestions, Builtin.Gigaword, Builtin.RealToxicityPrompts, Builtin.TriviaQa, Builtin.T-Rex, Builtin.WomensEcommerceClothingReviews and Builtin.Wikitext2.\"Builtin.Accuracy\", \"Builtin.Robustness\", and \"Builtin.Toxicity\". In human-based model evaluation jobs the array of strings must match the name parameter specified in HumanEvaluationCustomMetric. DRAFT version.status is FAILED. A list of reasons for why the guardrail failed to be created, updated, versioned, or deleted.status of the guardrail is FAILED. A list of recommendations to carry out before retrying the request.CreateCustomizationJob request.modelArn if updating hasn't completed.
HumanEvaluationCustomMetric object. It contains the names the metrics, how the metrics are to be evaluated, an optional description.HumanEvaluationCustomMetric you must specify the metric's name. The list of names specified in the HumanEvaluationCustomMetric array, must match the metricNames array of strings specified in EvaluationDatasetMetricConfig. For example, if in the HumanEvaluationCustomMetric array your specified the names \"accuracy\", \"toxicity\", \"readability\" as custom metrics then the metricNames array would need to look like the following [\"accuracy\", \"toxicity\", \"readability\"] in EvaluationDatasetMetricConfig.ThumbsUpDown, IndividualLikertScale,ComparisonLikertScale, ComparisonChoice, and ComparisonRank ratingMethod, and an optional description of the metric.SageMakerFlowDefinition object. The object is used to specify the prompt dataset, task type, rating method and metric names.nextToken that you can send in another ListGuardrails request to see the next batch of results.nextToken that you can send in another ListGuardrails request to see the next batch of results.nextToken value. To see the next batch of results, send the nextToken value in another list request.maxResults field, the response returns a nextToken value. To see the next batch of results, specify the nextToken value in this field.maxResults field, this value is returned. To see the next batch of results, include this value in the nextToken field in another list request.modelArn if updating hasn't completed.
"
}
}
},
@@ -2108,5 +3949,5 @@
"documentation":"