This release adds support for TAMS server integration with MediaConvert inputs.

July 2025 doc-only updates for Systems Manager.
Updated error handling for RegisterOrganizationAdminAccount API to properly translate TooManyExceptions to HTTP 429 status code. This enhancement improves error handling consistency and provides clearer feedback when request limits are exceeded.
CloudWatchLogs launches GetLogObject API with streaming support for efficient log data retrieval. Logs added support for new AccountPolicy type METRIC_EXTRACTION_POLICY. For more information, see CloudWatch Logs API documentation
Added IP Visibility support for managed dedicated pools. Enhanced GetDedicatedIp and GetDedicatedIps APIs to return managed IP addresses.
Add AWS Outposts API to surface customer billing information

Author: aws-sdk-cpp-automation

VERSION

@@ -1 +1 @@
-1.11.607
+1.11.608

generated/src/aws-cpp-sdk-logs/include/aws/logs/CloudWatchLogsClient.h

@@ -1827,6 +1827,43 @@ namespace CloudWatchLogs
             return SubmitAsync(&CloudWatchLogsClient::GetLogGroupFields, request, handler, context);
         }
 
+        /**
+         * <p>Retrieves a large logging object (LLO) and streams it back. This API is used
+         * to fetch the content of large portions of log events that have been ingested
+         * through the PutOpenTelemetryLogs API. When log events contain fields that would
+         * cause the total event size to exceed 1MB, CloudWatch Logs automatically
+         * processes up to 10 fields, starting with the largest fields. Each field is
+         * truncated as needed to keep the total event size as close to 1MB as possible.
+         * The excess portions are stored as Large Log Objects (LLOs) and these fields are
+         * processed separately and LLO reference system fields (in the format
+         * <code>@ptr.$[path.to.field]</code>) are added. The path in the reference field
+         * reflects the original JSON structure where the large field was located. For
+         * example, this could be <code>@ptr.$['input']['message']</code>,
+         * <code>@ptr.$['AAA']['BBB']['CCC']['DDD']</code>, <code>@ptr.$['AAA']</code>, or
+         * any other path matching your log structure.</p><p><h3>See Also:</h3>   <a
+         * href="http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/GetLogObject">AWS
+         * API Reference</a></p>
+         */
+        virtual Model::GetLogObjectOutcome GetLogObject(Model::GetLogObjectRequest& request) const;
+
+        /**
+         * A Callable wrapper for GetLogObject that returns a future to the operation so that it can be executed in parallel to other requests.
+         */
+        template<typename GetLogObjectRequestT = Model::GetLogObjectRequest>
+        Model::GetLogObjectOutcomeCallable GetLogObjectCallable(GetLogObjectRequestT& request) const
+        {
+            return SubmitCallable(&CloudWatchLogsClient::GetLogObject, request);
+        }
+
+        /**
+         * An Async wrapper for GetLogObject that queues the request into a thread executor and triggers associated callback when operation has finished.
+         */
+        template<typename GetLogObjectRequestT = Model::GetLogObjectRequest>
+        void GetLogObjectAsync(GetLogObjectRequestT& request, const GetLogObjectResponseReceivedHandler& handler, const std::shared_ptr<const Aws::Client::AsyncCallerContext>& context = nullptr) const
+        {
+            return SubmitAsync(&CloudWatchLogsClient::GetLogObject, request, handler, context);
+        }
+
         /**
          * <p>Retrieves all of the fields and values of a single log event. All fields are
          * retrieved, even if the original query that produced the
@@ -2105,17 +2142,20 @@ namespace CloudWatchLogs
 
         /**
          * <p>Creates an account-level data protection policy, subscription filter policy,
-         * or field index policy that applies to all log groups or a subset of log groups
-         * in the account.</p> <p>To use this operation, you must be signed on with the
-         * correct permissions depending on the type of policy that you are creating.</p>
-         * <ul> <li> <p>To create a data protection policy, you must have the
-         * <code>logs:PutDataProtectionPolicy</code> and <code>logs:PutAccountPolicy</code>
-         * permissions.</p> </li> <li> <p>To create a subscription filter policy, you must
-         * have the <code>logs:PutSubscriptionFilter</code> and
-         * <code>logs:PutAccountPolicy</code> permissions.</p> </li> <li> <p>To create a
-         * transformer policy, you must have the <code>logs:PutTransformer</code> and
-         * <code>logs:PutAccountPolicy</code> permissions.</p> </li> <li> <p>To create a
-         * field index policy, you must have the <code>logs:PutIndexPolicy</code> and
+         * field index policy, transformer policy, or metric extraction policy that applies
+         * to all log groups or a subset of log groups in the account.</p> <p>To use this
+         * operation, you must be signed on with the correct permissions depending on the
+         * type of policy that you are creating.</p> <ul> <li> <p>To create a data
+         * protection policy, you must have the <code>logs:PutDataProtectionPolicy</code>
+         * and <code>logs:PutAccountPolicy</code> permissions.</p> </li> <li> <p>To create
+         * a subscription filter policy, you must have the
+         * <code>logs:PutSubscriptionFilter</code> and <code>logs:PutAccountPolicy</code>
+         * permissions.</p> </li> <li> <p>To create a transformer policy, you must have the
+         * <code>logs:PutTransformer</code> and <code>logs:PutAccountPolicy</code>
+         * permissions.</p> </li> <li> <p>To create a field index policy, you must have the
+         * <code>logs:PutIndexPolicy</code> and <code>logs:PutAccountPolicy</code>
+         * permissions.</p> </li> <li> <p>To create a metric extraction policy, you must
+         * have the <code>logs:PutMetricExtractionPolicy</code> and
          * <code>logs:PutAccountPolicy</code> permissions.</p> </li> </ul> <p> <b>Data
          * protection policy</b> </p> <p>A data protection policy can help safeguard
          * sensitive data that's ingested by your log groups by auditing and masking the
@@ -2245,8 +2285,53 @@ namespace CloudWatchLogs
          * instead of <code>PutAccountPolicy</code>. If you do so, that log group will use
          * only that log-group level policy, and will ignore the account-level policy that
          * you create with <a
-         * href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html">PutAccountPolicy</a>.</p><p><h3>See
-         * Also:</h3>   <a
+         * href="https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html">PutAccountPolicy</a>.</p>
+         * <p> <b>Metric extraction policy</b> </p> <p>A metric extraction policy controls
+         * whether CloudWatch Metrics can be created through the Embedded Metrics Format
+         * (EMF) for log groups in your account. By default, EMF metric creation is enabled
+         * for all log groups. You can use metric extraction policies to disable EMF metric
+         * creation for your entire account or specific log groups.</p> <p>When a policy
+         * disables EMF metric creation for a log group, log events in the EMF format are
+         * still ingested, but no CloudWatch Metrics are created from them.</p> 
+         * <p>Creating a policy disables metrics for AWS features that use EMF to create
+         * metrics, such as CloudWatch Container Insights and CloudWatch Application
+         * Signals. To prevent turning off those features by accident, we recommend that
+         * you exclude the underlying log-groups through a selection-criteria such as
+         * <code>LogGroupNamePrefix NOT IN ["/aws/containerinsights",
+         * "/aws/ecs/containerinsights", "/aws/application-signals/data"]</code>.</p>
+         *  <p>Each account can have either one account-level metric extraction
+         * policy that applies to all log groups, or up to 5 policies that are each scoped
+         * to a subset of log groups with the <code>selectionCriteria</code> parameter. The
+         * selection criteria supports filtering by <code>LogGroupName</code> and
+         * <code>LogGroupNamePrefix</code> using the operators <code>IN</code> and
+         * <code>NOT IN</code>. You can specify up to 50 values in each <code>IN</code> or
+         * <code>NOT IN</code> list.</p> <p>The selection criteria can be specified in
+         * these formats:</p> <p> <code>LogGroupName IN ["log-group-1",
+         * "log-group-2"]</code> </p> <p> <code>LogGroupNamePrefix NOT IN ["/aws/prefix1",
+         * "/aws/prefix2"]</code> </p> <p>If you have multiple account-level metric
+         * extraction policies with selection criteria, no two of them can have overlapping
+         * criteria. For example, if you have one policy with selection criteria
+         * <code>LogGroupNamePrefix IN ["my-log"]</code>, you can't have another metric
+         * extraction policy with selection criteria <code>LogGroupNamePrefix IN
+         * ["/my-log-prod"]</code> or <code>LogGroupNamePrefix IN ["/my-logging"]</code>,
+         * as the set of log groups matching these prefixes would be a subset of the log
+         * groups matching the first policy's prefix, creating an overlap.</p> <p>When
+         * using <code>NOT IN</code>, only one policy with this operator is allowed per
+         * account.</p> <p>When combining policies with <code>IN</code> and <code>NOT
+         * IN</code> operators, the overlap check ensures that policies don't have
+         * conflicting effects. Two policies with <code>IN</code> and <code>NOT IN</code>
+         * operators do not overlap if and only if every value in the <code>IN
+         * </code>policy is completely contained within some value in the <code>NOT
+         * IN</code> policy. For example:</p> <ul> <li> <p>If you have a <code>NOT
+         * IN</code> policy for prefix <code>"/aws/lambda"</code>, you can create an
+         * <code>IN</code> policy for the exact log group name
+         * <code>"/aws/lambda/function1"</code> because the set of log groups matching
+         * <code>"/aws/lambda/function1"</code> is a subset of the log groups matching
+         * <code>"/aws/lambda"</code>.</p> </li> <li> <p>If you have a <code>NOT IN</code>
+         * policy for prefix <code>"/aws/lambda"</code>, you cannot create an
+         * <code>IN</code> policy for prefix <code>"/aws"</code> because the set of log
+         * groups matching <code>"/aws"</code> is not a subset of the log groups matching
+         * <code>"/aws/lambda"</code>.</p> </li> </ul><p><h3>See Also:</h3>   <a
          * href="http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/PutAccountPolicy">AWS
          * API Reference</a></p>
          */

generated/src/aws-cpp-sdk-logs/include/aws/logs/CloudWatchLogsServiceClientModel.h

@@ -189,6 +189,7 @@ namespace Aws
       class GetLogAnomalyDetectorRequest;
       class GetLogEventsRequest;
       class GetLogGroupFieldsRequest;
+      class GetLogObjectRequest;
       class GetLogRecordRequest;
       class GetQueryResultsRequest;
       class GetTransformerRequest;
@@ -279,6 +280,7 @@ namespace Aws
       typedef Aws::Utils::Outcome<GetLogAnomalyDetectorResult, CloudWatchLogsError> GetLogAnomalyDetectorOutcome;
       typedef Aws::Utils::Outcome<GetLogEventsResult, CloudWatchLogsError> GetLogEventsOutcome;
       typedef Aws::Utils::Outcome<GetLogGroupFieldsResult, CloudWatchLogsError> GetLogGroupFieldsOutcome;
+      typedef Aws::Utils::Outcome<Aws::NoResult, CloudWatchLogsError> GetLogObjectOutcome;
       typedef Aws::Utils::Outcome<GetLogRecordResult, CloudWatchLogsError> GetLogRecordOutcome;
       typedef Aws::Utils::Outcome<GetQueryResultsResult, CloudWatchLogsError> GetQueryResultsOutcome;
       typedef Aws::Utils::Outcome<GetTransformerResult, CloudWatchLogsError> GetTransformerOutcome;
@@ -369,6 +371,7 @@ namespace Aws
       typedef std::future<GetLogAnomalyDetectorOutcome> GetLogAnomalyDetectorOutcomeCallable;
       typedef std::future<GetLogEventsOutcome> GetLogEventsOutcomeCallable;
       typedef std::future<GetLogGroupFieldsOutcome> GetLogGroupFieldsOutcomeCallable;
+      typedef std::future<GetLogObjectOutcome> GetLogObjectOutcomeCallable;
       typedef std::future<GetLogRecordOutcome> GetLogRecordOutcomeCallable;
       typedef std::future<GetQueryResultsOutcome> GetQueryResultsOutcomeCallable;
       typedef std::future<GetTransformerOutcome> GetTransformerOutcomeCallable;
@@ -462,6 +465,7 @@ namespace Aws
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetLogAnomalyDetectorRequest&, const Model::GetLogAnomalyDetectorOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetLogAnomalyDetectorResponseReceivedHandler;
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetLogEventsRequest&, const Model::GetLogEventsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetLogEventsResponseReceivedHandler;
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetLogGroupFieldsRequest&, const Model::GetLogGroupFieldsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetLogGroupFieldsResponseReceivedHandler;
+    typedef std::function<void(const CloudWatchLogsClient*, const Model::GetLogObjectRequest&, const Model::GetLogObjectOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetLogObjectResponseReceivedHandler;
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetLogRecordRequest&, const Model::GetLogRecordOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetLogRecordResponseReceivedHandler;
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetQueryResultsRequest&, const Model::GetQueryResultsOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetQueryResultsResponseReceivedHandler;
     typedef std::function<void(const CloudWatchLogsClient*, const Model::GetTransformerRequest&, const Model::GetTransformerOutcome&, const std::shared_ptr<const Aws::Client::AsyncCallerContext>&) > GetTransformerResponseReceivedHandler;

generated/src/aws-cpp-sdk-logs/include/aws/logs/model/FieldsData.h

@@ -0,0 +1,63 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#pragma once
+#include <aws/logs/CloudWatchLogs_EXPORTS.h>
+#include <aws/core/utils/Array.h>
+#include <utility>
+
+namespace Aws
+{
+namespace Utils
+{
+namespace Json
+{
+  class JsonValue;
+  class JsonView;
+} // namespace Json
+} // namespace Utils
+namespace CloudWatchLogs
+{
+namespace Model
+{
+
+  /**
+   * <p>A structure containing the extracted fields from a log event. These fields
+   * are extracted based on the log format and can be used for structured querying
+   * and analysis.</p><p><h3>See Also:</h3>   <a
+   * href="http://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/FieldsData">AWS API
+   * Reference</a></p>
+   */
+  class FieldsData
+  {
+  public:
+    AWS_CLOUDWATCHLOGS_API FieldsData() = default;
+    AWS_CLOUDWATCHLOGS_API FieldsData(Aws::Utils::Json::JsonView jsonValue);
+    AWS_CLOUDWATCHLOGS_API FieldsData& operator=(Aws::Utils::Json::JsonView jsonValue);
+    AWS_CLOUDWATCHLOGS_API Aws::Utils::Json::JsonValue Jsonize() const;
+
+
+    ///@{
+    /**
+     * <p>The actual log data content returned in the streaming response. This contains
+     * the fields and values of the log event in a structured format that can be parsed
+     * and processed by the client.</p>
+     */
+    inline const Aws::Utils::ByteBuffer& GetData() const { return m_data; }
+    inline bool DataHasBeenSet() const { return m_dataHasBeenSet; }
+    template<typename DataT = Aws::Utils::ByteBuffer>
+    void SetData(DataT&& value) { m_dataHasBeenSet = true; m_data = std::forward<DataT>(value); }
+    template<typename DataT = Aws::Utils::ByteBuffer>
+    FieldsData& WithData(DataT&& value) { SetData(std::forward<DataT>(value)); return *this;}
+    ///@}
+  private:
+
+    Aws::Utils::ByteBuffer m_data{};
+    bool m_dataHasBeenSet = false;
+  };
+
+} // namespace Model
+} // namespace CloudWatchLogs
+} // namespace Aws

generated/src/aws-cpp-sdk-logs/include/aws/logs/model/GetLogObjectHandler.h

@@ -0,0 +1,82 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#pragma once
+#include <aws/core/utils/HashingUtils.h>
+#include <aws/core/utils/event/EventStreamHandler.h>
+#include <aws/core/client/AWSError.h>
+#include <aws/logs/CloudWatchLogs_EXPORTS.h>
+#include <aws/logs/CloudWatchLogsErrors.h>
+
+#include <aws/logs/model/GetLogObjectInitialResponse.h>
+#include <aws/logs/model/FieldsData.h>
+
+namespace Aws
+{
+namespace CloudWatchLogs
+{
+namespace Model
+{
+    enum class GetLogObjectEventType
+    {
+        INITIAL_RESPONSE,
+        FIELDS,
+        UNKNOWN
+    };
+
+    class GetLogObjectHandler : public Aws::Utils::Event::EventStreamHandler
+    {
+        typedef std::function<void(const GetLogObjectInitialResponse&)> GetLogObjectInitialResponseCallback;
+        typedef std::function<void(const GetLogObjectInitialResponse&, const Utils::Event::InitialResponseType)> GetLogObjectInitialResponseCallbackEx;
+        typedef std::function<void(const FieldsData&)> FieldsDataCallback;
+        typedef std::function<void(const Aws::Client::AWSError<CloudWatchLogsErrors>& error)> ErrorCallback;
+
+    public:
+        AWS_CLOUDWATCHLOGS_API GetLogObjectHandler();
+        AWS_CLOUDWATCHLOGS_API GetLogObjectHandler& operator=(const GetLogObjectHandler&) = default;
+        AWS_CLOUDWATCHLOGS_API GetLogObjectHandler(const GetLogObjectHandler&) = default;
+
+        AWS_CLOUDWATCHLOGS_API virtual void OnEvent() override;
+
+        ///@{
+        /**
+         * Sets an initial response callback. This callback gets called on the initial GetLogObject Operation response.
+         *   This can be either "initial-response" decoded event frame or decoded HTTP headers received on connection.
+         *   This callback may get called more than once (i.e. on connection headers received and then on the initial-response event received).
+         * @param callback
+         */
+        inline void SetInitialResponseCallbackEx(const GetLogObjectInitialResponseCallbackEx& callback) { m_onInitialResponse = callback; }
+        /**
+         * Sets an initial response callback (a legacy one that does not distinguish whether response originates from headers or from the event).
+         */
+        inline void SetInitialResponseCallback(const GetLogObjectInitialResponseCallback& noArgCallback)
+        {
+            m_onInitialResponse = [noArgCallback](const GetLogObjectInitialResponse& rs, const Utils::Event::InitialResponseType) { return noArgCallback(rs); };
+        }
+        ///@}
+        inline void SetFieldsDataCallback(const FieldsDataCallback& callback) { m_onFieldsData = callback; }
+        inline void SetOnErrorCallback(const ErrorCallback& callback) { m_onError = callback; }
+
+        inline GetLogObjectInitialResponseCallbackEx& GetInitialResponseCallbackEx() { return m_onInitialResponse; }
+
+    private:
+        AWS_CLOUDWATCHLOGS_API void HandleEventInMessage();
+        AWS_CLOUDWATCHLOGS_API void HandleErrorInMessage();
+        AWS_CLOUDWATCHLOGS_API void MarshallError(const Aws::String& errorCode, const Aws::String& errorMessage);
+
+        GetLogObjectInitialResponseCallbackEx m_onInitialResponse;
+        FieldsDataCallback m_onFieldsData;
+        ErrorCallback m_onError;
+    };
+
+namespace GetLogObjectEventMapper
+{
+    AWS_CLOUDWATCHLOGS_API GetLogObjectEventType GetGetLogObjectEventTypeForName(const Aws::String& name);
+
+    AWS_CLOUDWATCHLOGS_API Aws::String GetNameForGetLogObjectEventType(GetLogObjectEventType value);
+} // namespace GetLogObjectEventMapper
+} // namespace Model
+} // namespace CloudWatchLogs
+} // namespace Aws

generated/src/aws-cpp-sdk-logs/include/aws/logs/model/GetLogObjectInitialResponse.h

@@ -0,0 +1,38 @@
+/**
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * SPDX-License-Identifier: Apache-2.0.
+ */
+
+#pragma once
+#include <aws/logs/CloudWatchLogs_EXPORTS.h>
+#include <aws/core/http/HttpTypes.h>
+
+namespace Aws
+{
+namespace Utils
+{
+namespace Json
+{
+  class JsonValue;
+  class JsonView;
+} // namespace Json
+} // namespace Utils
+namespace CloudWatchLogs
+{
+namespace Model
+{
+
+  class GetLogObjectInitialResponse
+  {
+  public:
+    AWS_CLOUDWATCHLOGS_API GetLogObjectInitialResponse() = default;
+    AWS_CLOUDWATCHLOGS_API GetLogObjectInitialResponse(Aws::Utils::Json::JsonView jsonValue);
+    AWS_CLOUDWATCHLOGS_API GetLogObjectInitialResponse& operator=(Aws::Utils::Json::JsonView jsonValue);
+    AWS_CLOUDWATCHLOGS_API GetLogObjectInitialResponse(const Http::HeaderValueCollection& responseHeaders);
+    AWS_CLOUDWATCHLOGS_API Aws::Utils::Json::JsonValue Jsonize() const;
+
+  };
+
+} // namespace Model
+} // namespace CloudWatchLogs
+} // namespace Aws