|
5 | 5 | "endpointPrefix":"firehose", |
6 | 6 | "jsonVersion":"1.1", |
7 | 7 | "protocol":"json", |
| 8 | + "protocols":["json"], |
8 | 9 | "serviceAbbreviation":"Firehose", |
9 | 10 | "serviceFullName":"Amazon Kinesis Firehose", |
10 | 11 | "serviceId":"Firehose", |
|
130 | 131 | {"shape":"LimitExceededException"}, |
131 | 132 | {"shape":"InvalidKMSResourceException"} |
132 | 133 | ], |
133 | | - "documentation":"<p>Enables server-side encryption (SSE) for the delivery stream. </p> <p>This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to <code>ENABLING</code>, and then to <code>ENABLED</code>. The encryption status of a delivery stream is the <code>Status</code> property in <a>DeliveryStreamEncryptionConfiguration</a>. If the operation fails, the encryption status changes to <code>ENABLING_FAILED</code>. You can continue to read and write data to your delivery stream while the encryption status is <code>ENABLING</code>, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to <code>ENABLED</code> before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements <a>PutRecordOutput$Encrypted</a> and <a>PutRecordBatchOutput$Encrypted</a>, respectively.</p> <p>To check the encryption status of a delivery stream, use <a>DescribeDeliveryStream</a>.</p> <p>Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type <code>CUSTOMER_MANAGED_CMK</code>, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type <code>CUSTOMER_MANAGED_CMK</code>, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant.</p> <p>For the KMS grant creation to be successful, Firehose APIs <code>StartDeliveryStreamEncryption</code> and <code>CreateDeliveryStream</code> should not be called with session credentials that are more than 6 hours old.</p> <p>If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get <code>ENABLING_FAILED</code>, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK.</p> <p>If the encryption status of your delivery stream is <code>ENABLING_FAILED</code>, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations.</p> <p>You can enable SSE for a delivery stream only if it's a delivery stream that uses <code>DirectPut</code> as its source. </p> <p>The <code>StartDeliveryStreamEncryption</code> and <code>StopDeliveryStreamEncryption</code> operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call <code>StartDeliveryStreamEncryption</code> 13 times and <code>StopDeliveryStreamEncryption</code> 12 times for the same delivery stream in a 24-hour period.</p>" |
| 134 | + "documentation":"<p>Enables server-side encryption (SSE) for the delivery stream. </p> <p>This operation is asynchronous. It returns immediately. When you invoke it, Firehose first sets the encryption status of the stream to <code>ENABLING</code>, and then to <code>ENABLED</code>. The encryption status of a delivery stream is the <code>Status</code> property in <a>DeliveryStreamEncryptionConfiguration</a>. If the operation fails, the encryption status changes to <code>ENABLING_FAILED</code>. You can continue to read and write data to your delivery stream while the encryption status is <code>ENABLING</code>, but the data is not encrypted. It can take up to 5 seconds after the encryption status changes to <code>ENABLED</code> before all records written to the delivery stream are encrypted. To find out whether a record or a batch of records was encrypted, check the response elements <a>PutRecordOutput$Encrypted</a> and <a>PutRecordBatchOutput$Encrypted</a>, respectively.</p> <p>To check the encryption status of a delivery stream, use <a>DescribeDeliveryStream</a>.</p> <p>Even if encryption is currently enabled for a delivery stream, you can still invoke this operation on it to change the ARN of the CMK or both its type and ARN. If you invoke this method to change the CMK, and the old CMK is of type <code>CUSTOMER_MANAGED_CMK</code>, Firehose schedules the grant it had on the old CMK for retirement. If the new CMK is of type <code>CUSTOMER_MANAGED_CMK</code>, Firehose creates a grant that enables it to use the new CMK to encrypt and decrypt data and to manage the grant.</p> <p>For the KMS grant creation to be successful, the Firehose API operations <code>StartDeliveryStreamEncryption</code> and <code>CreateDeliveryStream</code> should not be called with session credentials that are more than 6 hours old.</p> <p>If a delivery stream already has encryption enabled and then you invoke this operation to change the ARN of the CMK or both its type and ARN and you get <code>ENABLING_FAILED</code>, this only means that the attempt to change the CMK failed. In this case, encryption remains enabled with the old CMK.</p> <p>If the encryption status of your delivery stream is <code>ENABLING_FAILED</code>, you can invoke this operation again with a valid CMK. The CMK must be enabled and the key policy mustn't explicitly deny the permission for Firehose to invoke KMS encrypt and decrypt operations.</p> <p>You can enable SSE for a delivery stream only if it's a delivery stream that uses <code>DirectPut</code> as its source. </p> <p>The <code>StartDeliveryStreamEncryption</code> and <code>StopDeliveryStreamEncryption</code> operations have a combined limit of 25 calls per delivery stream per 24 hours. For example, you reach the limit if you call <code>StartDeliveryStreamEncryption</code> 13 times and <code>StopDeliveryStreamEncryption</code> 12 times for the same delivery stream in a 24-hour period.</p>" |
134 | 135 | }, |
135 | 136 | "StopDeliveryStreamEncryption":{ |
136 | 137 | "name":"StopDeliveryStreamEncryption", |
|
1842 | 1843 | "CloudWatchLoggingOptions":{"shape":"CloudWatchLoggingOptions"}, |
1843 | 1844 | "RequestConfiguration":{ |
1844 | 1845 | "shape":"HttpEndpointRequestConfiguration", |
1845 | | - "documentation":"<p>The configuration of the requeste sent to the HTTP endpoint specified as the destination.</p>" |
| 1846 | + "documentation":"<p>The configuration of the request sent to the HTTP endpoint that is specified as the destination.</p>" |
1846 | 1847 | }, |
1847 | 1848 | "ProcessingConfiguration":{"shape":"ProcessingConfiguration"}, |
1848 | 1849 | "RoleARN":{ |
|
1857 | 1858 | "shape":"HttpEndpointS3BackupMode", |
1858 | 1859 | "documentation":"<p>Describes the S3 bucket backup options for the data that Firehose delivers to the HTTP endpoint destination. You can back up all documents (<code>AllData</code>) or only the documents that Firehose could not deliver to the specified HTTP endpoint destination (<code>FailedDataOnly</code>).</p>" |
1859 | 1860 | }, |
1860 | | - "S3Configuration":{"shape":"S3DestinationConfiguration"} |
| 1861 | + "S3Configuration":{"shape":"S3DestinationConfiguration"}, |
| 1862 | + "SecretsManagerConfiguration":{ |
| 1863 | + "shape":"SecretsManagerConfiguration", |
| 1864 | + "documentation":"<p> The configuration that defines how you access secrets for HTTP Endpoint destination. </p>" |
| 1865 | + } |
1861 | 1866 | }, |
1862 | 1867 | "documentation":"<p>Describes the configuration of the HTTP endpoint destination.</p>" |
1863 | 1868 | }, |
|
1890 | 1895 | "shape":"HttpEndpointS3BackupMode", |
1891 | 1896 | "documentation":"<p>Describes the S3 bucket backup options for the data that Kinesis Firehose delivers to the HTTP endpoint destination. You can back up all documents (<code>AllData</code>) or only the documents that Firehose could not deliver to the specified HTTP endpoint destination (<code>FailedDataOnly</code>).</p>" |
1892 | 1897 | }, |
1893 | | - "S3DestinationDescription":{"shape":"S3DestinationDescription"} |
| 1898 | + "S3DestinationDescription":{"shape":"S3DestinationDescription"}, |
| 1899 | + "SecretsManagerConfiguration":{ |
| 1900 | + "shape":"SecretsManagerConfiguration", |
| 1901 | + "documentation":"<p> The configuration that defines how you access secrets for HTTP Endpoint destination. </p>" |
| 1902 | + } |
1894 | 1903 | }, |
1895 | 1904 | "documentation":"<p>Describes the HTTP endpoint destination.</p>" |
1896 | 1905 | }, |
|
1923 | 1932 | "shape":"HttpEndpointS3BackupMode", |
1924 | 1933 | "documentation":"<p>Describes the S3 bucket backup options for the data that Kinesis Firehose delivers to the HTTP endpoint destination. You can back up all documents (<code>AllData</code>) or only the documents that Firehose could not deliver to the specified HTTP endpoint destination (<code>FailedDataOnly</code>).</p>" |
1925 | 1934 | }, |
1926 | | - "S3Update":{"shape":"S3DestinationUpdate"} |
| 1935 | + "S3Update":{"shape":"S3DestinationUpdate"}, |
| 1936 | + "SecretsManagerConfiguration":{ |
| 1937 | + "shape":"SecretsManagerConfiguration", |
| 1938 | + "documentation":"<p> The configuration that defines how you access secrets for HTTP Endpoint destination. </p>" |
| 1939 | + } |
1927 | 1940 | }, |
1928 | 1941 | "documentation":"<p>Updates the specified HTTP endpoint destination.</p>" |
1929 | 1942 | }, |
|
2404 | 2417 | "documentation":"<p>Indicates the version of row format to output. The possible values are <code>V1</code> and <code>V2</code>. The default is <code>V1</code>.</p>" |
2405 | 2418 | } |
2406 | 2419 | }, |
2407 | | - "documentation":"<p>A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see <a href=\"https://parquet.apache.org/documentation/latest/\">Apache Parquet</a>.</p>" |
| 2420 | + "documentation":"<p>A serializer to use for converting data to the Parquet format before storing it in Amazon S3. For more information, see <a href=\"https://parquet.apache.org/docs/\">Apache Parquet</a>.</p>" |
2408 | 2421 | }, |
2409 | 2422 | "ParquetWriterVersion":{ |
2410 | 2423 | "type":"string", |
|
2639 | 2652 | "RoleARN", |
2640 | 2653 | "ClusterJDBCURL", |
2641 | 2654 | "CopyCommand", |
2642 | | - "Username", |
2643 | | - "Password", |
2644 | 2655 | "S3Configuration" |
2645 | 2656 | ], |
2646 | 2657 | "members":{ |
|
2687 | 2698 | "CloudWatchLoggingOptions":{ |
2688 | 2699 | "shape":"CloudWatchLoggingOptions", |
2689 | 2700 | "documentation":"<p>The CloudWatch logging options for your delivery stream.</p>" |
| 2701 | + }, |
| 2702 | + "SecretsManagerConfiguration":{ |
| 2703 | + "shape":"SecretsManagerConfiguration", |
| 2704 | + "documentation":"<p> The configuration that defines how you access secrets for Amazon Redshift. </p>" |
2690 | 2705 | } |
2691 | 2706 | }, |
2692 | 2707 | "documentation":"<p>Describes the configuration of a destination in Amazon Redshift.</p>" |
|
2697 | 2712 | "RoleARN", |
2698 | 2713 | "ClusterJDBCURL", |
2699 | 2714 | "CopyCommand", |
2700 | | - "Username", |
2701 | 2715 | "S3DestinationDescription" |
2702 | 2716 | ], |
2703 | 2717 | "members":{ |
|
2740 | 2754 | "CloudWatchLoggingOptions":{ |
2741 | 2755 | "shape":"CloudWatchLoggingOptions", |
2742 | 2756 | "documentation":"<p>The Amazon CloudWatch logging options for your delivery stream.</p>" |
| 2757 | + }, |
| 2758 | + "SecretsManagerConfiguration":{ |
| 2759 | + "shape":"SecretsManagerConfiguration", |
| 2760 | + "documentation":"<p> The configuration that defines how you access secrets for Amazon Redshift. </p>" |
2743 | 2761 | } |
2744 | 2762 | }, |
2745 | 2763 | "documentation":"<p>Describes a destination in Amazon Redshift.</p>" |
|
2790 | 2808 | "CloudWatchLoggingOptions":{ |
2791 | 2809 | "shape":"CloudWatchLoggingOptions", |
2792 | 2810 | "documentation":"<p>The Amazon CloudWatch logging options for your delivery stream.</p>" |
| 2811 | + }, |
| 2812 | + "SecretsManagerConfiguration":{ |
| 2813 | + "shape":"SecretsManagerConfiguration", |
| 2814 | + "documentation":"<p> The configuration that defines how you access secrets for Amazon Redshift. </p>" |
2793 | 2815 | } |
2794 | 2816 | }, |
2795 | 2817 | "documentation":"<p>Describes an update for a destination in Amazon Redshift.</p>" |
|
3021 | 3043 | }, |
3022 | 3044 | "documentation":"<p>Specifies the schema to which you want Firehose to configure your data before it writes it to Amazon S3. This parameter is required if <code>Enabled</code> is set to true.</p>" |
3023 | 3045 | }, |
| 3046 | + "SecretARN":{ |
| 3047 | + "type":"string", |
| 3048 | + "max":2048, |
| 3049 | + "min":1, |
| 3050 | + "pattern":"arn:.*" |
| 3051 | + }, |
| 3052 | + "SecretsManagerConfiguration":{ |
| 3053 | + "type":"structure", |
| 3054 | + "required":["Enabled"], |
| 3055 | + "members":{ |
| 3056 | + "SecretARN":{ |
| 3057 | + "shape":"SecretARN", |
| 3058 | + "documentation":"<p>The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the delivery stream and role as Firehose supports cross-account secret access. This parameter is required when <b>Enabled</b> is set to <code>True</code>.</p>" |
| 3059 | + }, |
| 3060 | + "RoleARN":{ |
| 3061 | + "shape":"RoleARN", |
| 3062 | + "documentation":"<p> Specifies the role that Firehose assumes when calling the Secrets Manager API operation. When you provide the role, it overrides any destination specific role defined in the destination configuration. If you do not provide the then we use the destination specific role. This parameter is required for Splunk. </p>" |
| 3063 | + }, |
| 3064 | + "Enabled":{ |
| 3065 | + "shape":"BooleanObject", |
| 3066 | + "documentation":"<p>Specifies whether you want to use the the secrets manager feature. When set as <code>True</code> the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to <code>False</code> Firehose falls back to the credentials in the destination configuration.</p>" |
| 3067 | + } |
| 3068 | + }, |
| 3069 | + "documentation":"<p>The structure that defines how Firehose accesses the secret.</p>" |
| 3070 | + }, |
3024 | 3071 | "SecurityGroupIdList":{ |
3025 | 3072 | "type":"list", |
3026 | 3073 | "member":{"shape":"NonEmptyStringWithoutWhitespace"}, |
|
3089 | 3136 | "type":"structure", |
3090 | 3137 | "required":[ |
3091 | 3138 | "AccountUrl", |
3092 | | - "PrivateKey", |
3093 | | - "User", |
3094 | 3139 | "Database", |
3095 | 3140 | "Schema", |
3096 | 3141 | "Table", |
|
3160 | 3205 | "shape":"SnowflakeS3BackupMode", |
3161 | 3206 | "documentation":"<p>Choose an S3 backup mode</p>" |
3162 | 3207 | }, |
3163 | | - "S3Configuration":{"shape":"S3DestinationConfiguration"} |
| 3208 | + "S3Configuration":{"shape":"S3DestinationConfiguration"}, |
| 3209 | + "SecretsManagerConfiguration":{ |
| 3210 | + "shape":"SecretsManagerConfiguration", |
| 3211 | + "documentation":"<p> The configuration that defines how you access secrets for Snowflake. </p>" |
| 3212 | + } |
3164 | 3213 | }, |
3165 | 3214 | "documentation":"<p>Configure Snowflake destination</p>" |
3166 | 3215 | }, |
|
3221 | 3270 | "shape":"SnowflakeS3BackupMode", |
3222 | 3271 | "documentation":"<p>Choose an S3 backup mode</p>" |
3223 | 3272 | }, |
3224 | | - "S3DestinationDescription":{"shape":"S3DestinationDescription"} |
| 3273 | + "S3DestinationDescription":{"shape":"S3DestinationDescription"}, |
| 3274 | + "SecretsManagerConfiguration":{ |
| 3275 | + "shape":"SecretsManagerConfiguration", |
| 3276 | + "documentation":"<p> The configuration that defines how you access secrets for Snowflake. </p>" |
| 3277 | + } |
3225 | 3278 | }, |
3226 | 3279 | "documentation":"<p>Optional Snowflake destination description</p>" |
3227 | 3280 | }, |
|
3286 | 3339 | "shape":"SnowflakeS3BackupMode", |
3287 | 3340 | "documentation":"<p>Choose an S3 backup mode</p>" |
3288 | 3341 | }, |
3289 | | - "S3Update":{"shape":"S3DestinationUpdate"} |
| 3342 | + "S3Update":{"shape":"S3DestinationUpdate"}, |
| 3343 | + "SecretsManagerConfiguration":{ |
| 3344 | + "shape":"SecretsManagerConfiguration", |
| 3345 | + "documentation":"<p> Describes the Secrets Manager configuration in Snowflake. </p>" |
| 3346 | + } |
3290 | 3347 | }, |
3291 | 3348 | "documentation":"<p>Update to configuration settings</p>" |
3292 | 3349 | }, |
|
3430 | 3487 | "required":[ |
3431 | 3488 | "HECEndpoint", |
3432 | 3489 | "HECEndpointType", |
3433 | | - "HECToken", |
3434 | 3490 | "S3Configuration" |
3435 | 3491 | ], |
3436 | 3492 | "members":{ |
|
3473 | 3529 | "BufferingHints":{ |
3474 | 3530 | "shape":"SplunkBufferingHints", |
3475 | 3531 | "documentation":"<p>The buffering options. If no value is specified, the default values for Splunk are used.</p>" |
| 3532 | + }, |
| 3533 | + "SecretsManagerConfiguration":{ |
| 3534 | + "shape":"SecretsManagerConfiguration", |
| 3535 | + "documentation":"<p> The configuration that defines how you access secrets for Splunk. </p>" |
3476 | 3536 | } |
3477 | 3537 | }, |
3478 | 3538 | "documentation":"<p>Describes the configuration of a destination in Splunk.</p>" |
|
3519 | 3579 | "BufferingHints":{ |
3520 | 3580 | "shape":"SplunkBufferingHints", |
3521 | 3581 | "documentation":"<p>The buffering options. If no value is specified, the default values for Splunk are used.</p>" |
| 3582 | + }, |
| 3583 | + "SecretsManagerConfiguration":{ |
| 3584 | + "shape":"SecretsManagerConfiguration", |
| 3585 | + "documentation":"<p> The configuration that defines how you access secrets for Splunk. </p>" |
3522 | 3586 | } |
3523 | 3587 | }, |
3524 | 3588 | "documentation":"<p>Describes a destination in Splunk.</p>" |
|
3565 | 3629 | "BufferingHints":{ |
3566 | 3630 | "shape":"SplunkBufferingHints", |
3567 | 3631 | "documentation":"<p>The buffering options. If no value is specified, the default values for Splunk are used.</p>" |
| 3632 | + }, |
| 3633 | + "SecretsManagerConfiguration":{ |
| 3634 | + "shape":"SecretsManagerConfiguration", |
| 3635 | + "documentation":"<p> The configuration that defines how you access secrets for Splunk. </p>" |
3568 | 3636 | } |
3569 | 3637 | }, |
3570 | 3638 | "documentation":"<p>Describes an update for a destination in Splunk.</p>" |
|
3776 | 3844 | }, |
3777 | 3845 | "SnowflakeDestinationUpdate":{ |
3778 | 3846 | "shape":"SnowflakeDestinationUpdate", |
3779 | | - "documentation":"<p>Update to the Snowflake destination condiguration settings</p>" |
| 3847 | + "documentation":"<p>Update to the Snowflake destination configuration settings.</p>" |
3780 | 3848 | } |
3781 | 3849 | } |
3782 | 3850 | }, |
|
3844 | 3912 | "documentation":"<p>The details of the VPC of the Amazon ES destination.</p>" |
3845 | 3913 | } |
3846 | 3914 | }, |
3847 | | - "documentation":"<fullname>Amazon Data Firehose</fullname> <note> <p>Amazon Data Firehose was previously known as Amazon Kinesis Data Firehose.</p> </note> <p>Amazon Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other supportd destinations.</p>" |
| 3915 | + "documentation":"<fullname>Amazon Data Firehose</fullname> <note> <p>Amazon Data Firehose was previously known as Amazon Kinesis Data Firehose.</p> </note> <p>Amazon Data Firehose is a fully managed service that delivers real-time streaming data to destinations such as Amazon Simple Storage Service (Amazon S3), Amazon OpenSearch Service, Amazon Redshift, Splunk, and various other supported destinations.</p>" |
3848 | 3916 | } |
0 commit comments