AWS Backup now supports customer-managed keys (CMK) for logically air-gapped vaults, enabling customers to maintain full control over their encryption key lifecycle. This feature helps organizations meet specific internal governance requirements or external regulatory compliance standards.

Provides NoLongerSupportedException error message
Support for New Data Prep Experience
IdentityStore API: added new KMSExceptionReason fields to the Exception object; added multiple new fields to the User APIs - UserStatus, Birthdate, Website and Photos; added multiple new metadata fields for User, Groups and Membership APIs - CreatedAt, CreatedBy, UpdatedAt and UpdatedBy.
Add Amazon EC2 R8a instance types
Adds support for tagging APIs for S3 Tables
New field totalActiveErrors added to getFindingsStatistics response.
Amazon S3 Vectors provides cost-effective, elastic, and durable vector storage for queries based on semantic meaning and similarity.
Added NodeProvisioningMode parameter to UpdateCluster API to determine how instance provisioning is handled during cluster operations; in Continuous mode. Added VpcId field in UpdateDomain request for SageMaker Unified Studio domains with no VPC to add a customer VPC.
Amazon GameLift Servers now supports game builds that use the Windows 2022 operating system.
Added support for Conditional Questions in Evaluation Forms. Introduced Auto Evaluation capability for Evaluation Forms and Contact Evaluations. Added new API operations: SearchEvaluationForms and SearchContactEvaluations.

Author: aws-sdk-cpp-automation

VERSION

@@ -1 +1 @@
-1.11.684
+1.11.685

generated/src/aws-cpp-sdk-accessanalyzer/include/aws/accessanalyzer/AccessAnalyzerClient.h

@@ -16,29 +16,35 @@ namespace AccessAnalyzer {
 /**
  * <p>Identity and Access Management Access Analyzer helps you to set, verify, and
  * refine your IAM policies by providing a suite of capabilities. Its features
- * include findings for external and unused access, basic and custom policy checks
- * for validating policies, and policy generation to generate fine-grained
- * policies. To start using IAM Access Analyzer to identify external or unused
- * access, you first need to create an analyzer.</p> <p> <b>External access
- * analyzers</b> help identify potential risks of accessing resources by enabling
- * you to identify any resource policies that grant access to an external
- * principal. It does this by using logic-based reasoning to analyze resource-based
- * policies in your Amazon Web Services environment. An external principal can be
- * another Amazon Web Services account, a root user, an IAM user or role, a
- * federated user, an Amazon Web Services service, or an anonymous user. You can
- * also use IAM Access Analyzer to preview public and cross-account access to your
- * resources before deploying permissions changes.</p> <p> <b>Unused access
- * analyzers</b> help identify potential identity access risks by enabling you to
- * identify unused IAM roles, unused access keys, unused console passwords, and IAM
- * principals with unused service and action-level permissions.</p> <p>Beyond
- * findings, IAM Access Analyzer provides basic and custom policy checks to
- * validate IAM policies before deploying permissions changes. You can use policy
- * generation to refine permissions by attaching a policy generated using access
- * activity logged in CloudTrail logs. </p> <p>This guide describes the IAM Access
- * Analyzer operations that you can call programmatically. For general information
- * about IAM Access Analyzer, see <a
- * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Identity
- * and Access Management Access Analyzer</a> in the <b>IAM User Guide</b>.</p>
+ * include findings for external, internal, and unused access, basic and custom
+ * policy checks for validating policies, and policy generation to generate
+ * fine-grained policies. To start using IAM Access Analyzer to identify external,
+ * internal, or unused access, you first need to create an analyzer.</p> <p>
+ * <b>External access analyzers</b> help you identify potential risks of accessing
+ * resources by enabling you to identify any resource policies that grant access to
+ * an external principal. It does this by using logic-based reasoning to analyze
+ * resource-based policies in your Amazon Web Services environment. An external
+ * principal can be another Amazon Web Services account, a root user, an IAM user
+ * or role, a federated user, an Amazon Web Services service, or an anonymous user.
+ * You can also use IAM Access Analyzer to preview public and cross-account access
+ * to your resources before deploying permissions changes.</p> <p> <b>Internal
+ * access analyzers</b> help you identify which principals within your organization
+ * or account have access to selected resources. This analysis supports
+ * implementing the principle of least privilege by ensuring that your specified
+ * resources can only be accessed by the intended principals within your
+ * organization.</p> <p> <b>Unused access analyzers</b> help you identify potential
+ * identity access risks by enabling you to identify unused IAM roles, unused
+ * access keys, unused console passwords, and IAM principals with unused service
+ * and action-level permissions.</p> <p>Beyond findings, IAM Access Analyzer
+ * provides basic and custom policy checks to validate IAM policies before
+ * deploying permissions changes. You can use policy generation to refine
+ * permissions by attaching a policy generated using access activity logged in
+ * CloudTrail logs. </p> <p>This guide describes the IAM Access Analyzer operations
+ * that you can call programmatically. For general information about IAM Access
+ * Analyzer, see <a
+ * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/what-is-access-analyzer.html">Using
+ * Identity and Access Management Access Analyzer</a> in the <b>IAM User
+ * Guide</b>.</p>
  */
 class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonClient,
                                                     public Aws::Client::ClientWithAsyncTemplateMethods<AccessAnalyzerClient> {
@@ -437,7 +443,8 @@ class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonC
   }
 
   /**
-   * <p>Retrieves information about a resource that was analyzed.</p><p><h3>See
+   * <p>Retrieves information about a resource that was analyzed.</p>  <p>This
+   * action is supported only for external access analyzers.</p> <p><h3>See
    * Also:</h3>   <a
    * href="http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetAnalyzedResource">AWS
    * API Reference</a></p>
@@ -522,7 +529,9 @@ class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonC
    * <p>Retrieves information about the specified finding. GetFinding and
    * GetFindingV2 both use <code>access-analyzer:GetFinding</code> in the
    * <code>Action</code> element of an IAM policy statement. You must have permission
-   * to perform the <code>access-analyzer:GetFinding</code> action.</p><p><h3>See
+   * to perform the <code>access-analyzer:GetFinding</code> action.</p>
+   * <p>GetFinding is supported only for external access analyzers. You must use
+   * GetFindingV2 for internal and unused access analyzers.</p> <p><h3>See
    * Also:</h3>   <a
    * href="http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/GetFinding">AWS
    * API Reference</a></p>
@@ -802,7 +811,9 @@ class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonC
    * <code>access-analyzer:ListFindings</code> action.</p> <p>To learn about filter
    * keys that you can use to retrieve a list of findings, see <a
    * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/access-analyzer-reference-filter-keys.html">IAM
-   * Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p><p><h3>See
+   * Access Analyzer filter keys</a> in the <b>IAM User Guide</b>.</p>
+   * <p>ListFindings is supported only for external access analyzers. You must use
+   * ListFindingsV2 for internal and unused access analyzers.</p> <p><h3>See
    * Also:</h3>   <a
    * href="http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/ListFindings">AWS
    * API Reference</a></p>
@@ -943,7 +954,8 @@ class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonC
 
   /**
    * <p>Immediately starts a scan of the policies applied to the specified
-   * resource.</p><p><h3>See Also:</h3>   <a
+   * resource.</p>  <p>This action is supported only for external access
+   * analyzers.</p> <p><h3>See Also:</h3>   <a
    * href="http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/StartResourceScan">AWS
    * API Reference</a></p>
    */
@@ -1019,7 +1031,8 @@ class AWS_ACCESSANALYZER_API AccessAnalyzerClient : public Aws::Client::AWSJsonC
   }
 
   /**
-   * <p>Modifies the configuration of an existing analyzer.</p><p><h3>See Also:</h3>
+   * <p>Modifies the configuration of an existing analyzer.</p>  <p>This action
+   * is not supported for external access analyzers.</p> <p><h3>See Also:</h3>
    * <a
    * href="http://docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/UpdateAnalyzer">AWS
    * API Reference</a></p>

generated/src/aws-cpp-sdk-accessanalyzer/include/aws/accessanalyzer/model/AnalyzerSummary.h

@@ -75,8 +75,7 @@ class AnalyzerSummary {
 
   ///@{
   /**
-   * <p>The type of analyzer, which corresponds to the zone of trust chosen for the
-   * analyzer.</p>
+   * <p>The type represents the zone of trust or scope for the analyzer.</p>
    */
   inline Type GetType() const { return m_type; }
   inline bool TypeHasBeenSet() const { return m_typeHasBeenSet; }
@@ -146,7 +145,12 @@ class AnalyzerSummary {
 
   ///@{
   /**
-   * <p>The tags added to the analyzer.</p>
+   * <p>An array of key-value pairs applied to the analyzer. The key-value pairs
+   * consist of the set of Unicode letters, digits, whitespace, <code>_</code>,
+   * <code>.</code>, <code>/</code>, <code>=</code>, <code>+</code>, and
+   * <code>-</code>.</p> <p>The tag key is a value that is 1 to 128 characters in
+   * length and cannot be prefixed with <code>aws:</code>.</p> <p>The tag value is a
+   * value that is 0 to 256 characters in length.</p>
    */
   inline const Aws::Map<Aws::String, Aws::String>& GetTags() const { return m_tags; }
   inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; }
@@ -215,7 +219,12 @@ class AnalyzerSummary {
   ///@{
   /**
    * <p>Specifies if the analyzer is an external access, unused access, or internal
-   * access analyzer.</p>
+   * access analyzer. The <a
+   * href="https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_GetAnalyzer.html">GetAnalyzer</a>
+   * action includes this property in its response if a configuration is specified,
+   * while the <a
+   * href="https://docs.aws.amazon.com/access-analyzer/latest/APIReference/API_ListAnalyzers.html">ListAnalyzers</a>
+   * action omits it.</p>
    */
   inline const AnalyzerConfiguration& GetConfiguration() const { return m_configuration; }
   inline bool ConfigurationHasBeenSet() const { return m_configurationHasBeenSet; }

generated/src/aws-cpp-sdk-accessanalyzer/include/aws/accessanalyzer/model/ResourceTypeDetails.h

@@ -61,12 +61,31 @@ class ResourceTypeDetails {
     return *this;
   }
   ///@}
+
+  ///@{
+  /**
+   * <p>The total number of active errors for the resource type.</p>
+   */
+  inline int GetTotalActiveErrors() const { return m_totalActiveErrors; }
+  inline bool TotalActiveErrorsHasBeenSet() const { return m_totalActiveErrorsHasBeenSet; }
+  inline void SetTotalActiveErrors(int value) {
+    m_totalActiveErrorsHasBeenSet = true;
+    m_totalActiveErrors = value;
+  }
+  inline ResourceTypeDetails& WithTotalActiveErrors(int value) {
+    SetTotalActiveErrors(value);
+    return *this;
+  }
+  ///@}
  private:
   int m_totalActivePublic{0};
   bool m_totalActivePublicHasBeenSet = false;
 
   int m_totalActiveCrossAccount{0};
   bool m_totalActiveCrossAccountHasBeenSet = false;
+
+  int m_totalActiveErrors{0};
+  bool m_totalActiveErrorsHasBeenSet = false;
 };
 
 }  // namespace Model

generated/src/aws-cpp-sdk-accessanalyzer/source/model/ResourceTypeDetails.cpp

@@ -26,6 +26,10 @@ ResourceTypeDetails& ResourceTypeDetails::operator=(JsonView jsonValue) {
     m_totalActiveCrossAccount = jsonValue.GetInteger("totalActiveCrossAccount");
     m_totalActiveCrossAccountHasBeenSet = true;
   }
+  if (jsonValue.ValueExists("totalActiveErrors")) {
+    m_totalActiveErrors = jsonValue.GetInteger("totalActiveErrors");
+    m_totalActiveErrorsHasBeenSet = true;
+  }
   return *this;
 }
 
@@ -40,6 +44,10 @@ JsonValue ResourceTypeDetails::Jsonize() const {
     payload.WithInteger("totalActiveCrossAccount", m_totalActiveCrossAccount);
   }
 
+  if (m_totalActiveErrorsHasBeenSet) {
+    payload.WithInteger("totalActiveErrors", m_totalActiveErrors);
+  }
+
   return payload;
 }
 

generated/src/aws-cpp-sdk-backup/include/aws/backup/model/BackupVaultListMember.h

@@ -5,6 +5,7 @@
 
 #pragma once
 #include <aws/backup/Backup_EXPORTS.h>
+#include <aws/backup/model/EncryptionKeyType.h>
 #include <aws/backup/model/VaultState.h>
 #include <aws/backup/model/VaultType.h>
 #include <aws/core/utils/DateTime.h>
@@ -280,6 +281,24 @@ class BackupVaultListMember {
     return *this;
   }
   ///@}
+
+  ///@{
+  /**
+   * <p>The type of encryption key used for the backup vault. Valid values are
+   * CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web
+   * Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.</p>
+   */
+  inline EncryptionKeyType GetEncryptionKeyType() const { return m_encryptionKeyType; }
+  inline bool EncryptionKeyTypeHasBeenSet() const { return m_encryptionKeyTypeHasBeenSet; }
+  inline void SetEncryptionKeyType(EncryptionKeyType value) {
+    m_encryptionKeyTypeHasBeenSet = true;
+    m_encryptionKeyType = value;
+  }
+  inline BackupVaultListMember& WithEncryptionKeyType(EncryptionKeyType value) {
+    SetEncryptionKeyType(value);
+    return *this;
+  }
+  ///@}
  private:
   Aws::String m_backupVaultName;
   bool m_backupVaultNameHasBeenSet = false;
@@ -316,6 +335,9 @@ class BackupVaultListMember {
 
   Aws::Utils::DateTime m_lockDate{};
   bool m_lockDateHasBeenSet = false;
+
+  EncryptionKeyType m_encryptionKeyType{EncryptionKeyType::NOT_SET};
+  bool m_encryptionKeyTypeHasBeenSet = false;
 };
 
 }  // namespace Model

generated/src/aws-cpp-sdk-backup/include/aws/backup/model/CreateLogicallyAirGappedBackupVaultRequest.h

@@ -125,6 +125,26 @@ class CreateLogicallyAirGappedBackupVaultRequest : public BackupRequest {
     return *this;
   }
   ///@}
+
+  ///@{
+  /**
+   * <p>The ARN of the customer-managed KMS key to use for encrypting the logically
+   * air-gapped backup vault. If not specified, the vault will be encrypted with an
+   * Amazon Web Services-owned key managed by Amazon Web Services Backup.</p>
+   */
+  inline const Aws::String& GetEncryptionKeyArn() const { return m_encryptionKeyArn; }
+  inline bool EncryptionKeyArnHasBeenSet() const { return m_encryptionKeyArnHasBeenSet; }
+  template <typename EncryptionKeyArnT = Aws::String>
+  void SetEncryptionKeyArn(EncryptionKeyArnT&& value) {
+    m_encryptionKeyArnHasBeenSet = true;
+    m_encryptionKeyArn = std::forward<EncryptionKeyArnT>(value);
+  }
+  template <typename EncryptionKeyArnT = Aws::String>
+  CreateLogicallyAirGappedBackupVaultRequest& WithEncryptionKeyArn(EncryptionKeyArnT&& value) {
+    SetEncryptionKeyArn(std::forward<EncryptionKeyArnT>(value));
+    return *this;
+  }
+  ///@}
  private:
   Aws::String m_backupVaultName;
   bool m_backupVaultNameHasBeenSet = false;
@@ -140,6 +160,9 @@ class CreateLogicallyAirGappedBackupVaultRequest : public BackupRequest {
 
   long long m_maxRetentionDays{0};
   bool m_maxRetentionDaysHasBeenSet = false;
+
+  Aws::String m_encryptionKeyArn;
+  bool m_encryptionKeyArnHasBeenSet = false;
 };
 
 }  // namespace Model

generated/src/aws-cpp-sdk-backup/include/aws/backup/model/CreateRestoreTestingSelectionResult.h

@@ -84,7 +84,8 @@ class CreateRestoreTestingSelectionResult {
   ///@{
   /**
    * <p>The name of the restore testing selection for the related restore testing
-   * plan.</p>
+   * plan.</p> <p>The name cannot be changed after creation. The name consists of
+   * only alphanumeric characters and underscores. Maximum length is 50.</p>
    */
   inline const Aws::String& GetRestoreTestingSelectionName() const { return m_restoreTestingSelectionName; }
   template <typename RestoreTestingSelectionNameT = Aws::String>

generated/src/aws-cpp-sdk-backup/include/aws/backup/model/DescribeBackupVaultResult.h

@@ -5,6 +5,7 @@
 
 #pragma once
 #include <aws/backup/Backup_EXPORTS.h>
+#include <aws/backup/model/EncryptionKeyType.h>
 #include <aws/backup/model/LatestMpaApprovalTeamUpdate.h>
 #include <aws/backup/model/VaultState.h>
 #include <aws/backup/model/VaultType.h>
@@ -333,6 +334,23 @@ class DescribeBackupVaultResult {
   }
   ///@}
 
+  ///@{
+  /**
+   * <p>The type of encryption key used for the backup vault. Valid values are
+   * CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web
+   * Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.</p>
+   */
+  inline EncryptionKeyType GetEncryptionKeyType() const { return m_encryptionKeyType; }
+  inline void SetEncryptionKeyType(EncryptionKeyType value) {
+    m_encryptionKeyTypeHasBeenSet = true;
+    m_encryptionKeyType = value;
+  }
+  inline DescribeBackupVaultResult& WithEncryptionKeyType(EncryptionKeyType value) {
+    SetEncryptionKeyType(value);
+    return *this;
+  }
+  ///@}
+
   ///@{
 
   inline const Aws::String& GetRequestId() const { return m_requestId; }
@@ -396,6 +414,9 @@ class DescribeBackupVaultResult {
   LatestMpaApprovalTeamUpdate m_latestMpaApprovalTeamUpdate;
   bool m_latestMpaApprovalTeamUpdateHasBeenSet = false;
 
+  EncryptionKeyType m_encryptionKeyType{EncryptionKeyType::NOT_SET};
+  bool m_encryptionKeyTypeHasBeenSet = false;
+
   Aws::String m_requestId;
   bool m_requestIdHasBeenSet = false;
 };

generated/src/aws-cpp-sdk-backup/include/aws/backup/model/DescribeRecoveryPointResult.h

@@ -6,6 +6,7 @@
 #pragma once
 #include <aws/backup/Backup_EXPORTS.h>
 #include <aws/backup/model/CalculatedLifecycle.h>
+#include <aws/backup/model/EncryptionKeyType.h>
 #include <aws/backup/model/IndexStatus.h>
 #include <aws/backup/model/Lifecycle.h>
 #include <aws/backup/model/RecoveryPointCreator.h>
@@ -563,6 +564,23 @@ class DescribeRecoveryPointResult {
   }
   ///@}
 
+  ///@{
+  /**
+   * <p>The type of encryption key used for the recovery point. Valid values are
+   * CUSTOMER_MANAGED_KMS_KEY for customer-managed keys or Amazon Web
+   * Services_OWNED_KMS_KEY for Amazon Web Services-owned keys.</p>
+   */
+  inline EncryptionKeyType GetEncryptionKeyType() const { return m_encryptionKeyType; }
+  inline void SetEncryptionKeyType(EncryptionKeyType value) {
+    m_encryptionKeyTypeHasBeenSet = true;
+    m_encryptionKeyType = value;
+  }
+  inline DescribeRecoveryPointResult& WithEncryptionKeyType(EncryptionKeyType value) {
+    SetEncryptionKeyType(value);
+    return *this;
+  }
+  ///@}
+
   ///@{
 
   inline const Aws::String& GetRequestId() const { return m_requestId; }
@@ -659,6 +677,9 @@ class DescribeRecoveryPointResult {
   Aws::String m_indexStatusMessage;
   bool m_indexStatusMessageHasBeenSet = false;
 
+  EncryptionKeyType m_encryptionKeyType{EncryptionKeyType::NOT_SET};
+  bool m_encryptionKeyTypeHasBeenSet = false;
+
   Aws::String m_requestId;
   bool m_requestIdHasBeenSet = false;
 };