Amazon Elastic Compute Cloud Update: Added support for ModifyInstanceMetadataDefaults and GetInstanceMetadataDefaults to set Instance Metadata Service account defaults

Author: AWS

.changes/next-release/feature-AmazonElasticComputeCloud-589573e.json

@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon Elastic Compute Cloud",
+    "contributor": "",
+    "description": "Added support for ModifyInstanceMetadataDefaults and GetInstanceMetadataDefaults to set Instance Metadata Service account defaults"
+}

services/ec2/src/main/resources/codegen-resources/service-2.json

@@ -4377,6 +4377,16 @@
       "output":{"shape":"GetImageBlockPublicAccessStateResult"},
       "documentation":"<p>Gets the current state of <i>block public access for AMIs</i> at the account level in the specified Amazon Web Services Region.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/sharingamis-intro.html#block-public-access-to-amis\">Block public access to your AMIs</a> in the <i>Amazon EC2 User Guide</i>.</p>"
     },
+    "GetInstanceMetadataDefaults":{
+      "name":"GetInstanceMetadataDefaults",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"GetInstanceMetadataDefaultsRequest"},
+      "output":{"shape":"GetInstanceMetadataDefaultsResult"},
+      "documentation":"<p>Gets the default instance metadata service (IMDS) settings that are set at the account level in the specified Amazon Web Services&#x2028; Region.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence\">Order of precedence for instance metadata options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+    },
     "GetInstanceTypesFromInstanceRequirements":{
       "name":"GetInstanceTypesFromInstanceRequirements",
       "http":{
@@ -4983,6 +4993,16 @@
       "output":{"shape":"ModifyInstanceMaintenanceOptionsResult"},
       "documentation":"<p>Modifies the recovery behavior of your instance to disable simplified automatic recovery or set the recovery behavior to default. The default configuration will not enable simplified automatic recovery for an unsupported instance type. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-recover.html#instance-configuration-recovery\">Simplified automatic recovery</a>.</p>"
     },
+    "ModifyInstanceMetadataDefaults":{
+      "name":"ModifyInstanceMetadataDefaults",
+      "http":{
+        "method":"POST",
+        "requestUri":"/"
+      },
+      "input":{"shape":"ModifyInstanceMetadataDefaultsRequest"},
+      "output":{"shape":"ModifyInstanceMetadataDefaultsResult"},
+      "documentation":"<p>Modifies the default instance metadata service (IMDS) settings at the account level in the specified Amazon Web Services&#x2028; Region.</p> <note> <p>To remove a parameter's account-level default setting, specify <code>no-preference</code>. At instance launch, the value will come from the AMI, or from the launch parameter if specified. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence\">Order of precedence for instance metadata options</a> in the <i>Amazon EC2 User Guide</i>.</p> </note>"
+    },
     "ModifyInstanceMetadataOptions":{
       "name":"ModifyInstanceMetadataOptions",
       "http":{
@@ -9432,6 +9452,7 @@
       ]
     },
     "BoxedDouble":{"type":"double"},
+    "BoxedInteger":{"type":"integer"},
     "BundleId":{"type":"string"},
     "BundleIdStringList":{
       "type":"list",
@@ -16502,6 +16523,22 @@
         "locationName":"item"
       }
     },
+    "DefaultInstanceMetadataEndpointState":{
+      "type":"string",
+      "enum":[
+        "disabled",
+        "enabled",
+        "no-preference"
+      ]
+    },
+    "DefaultInstanceMetadataTagsState":{
+      "type":"string",
+      "enum":[
+        "disabled",
+        "enabled",
+        "no-preference"
+      ]
+    },
     "DefaultNetworkCardIndex":{"type":"integer"},
     "DefaultRouteTableAssociationValue":{
       "type":"string",
@@ -30705,6 +30742,25 @@
         }
       }
     },
+    "GetInstanceMetadataDefaultsRequest":{
+      "type":"structure",
+      "members":{
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "GetInstanceMetadataDefaultsResult":{
+      "type":"structure",
+      "members":{
+        "AccountLevel":{
+          "shape":"InstanceMetadataDefaultsResponse",
+          "documentation":"<p>The account-level default IMDS settings.</p>",
+          "locationName":"accountLevel"
+        }
+      }
+    },
     "GetInstanceTypesFromInstanceRequirementsRequest":{
       "type":"structure",
       "required":[
@@ -32916,7 +32972,7 @@
         },
         "ImageOwnerAlias":{
           "shape":"String",
-          "documentation":"<p>The Amazon Web Services account alias (for example, <code>amazon</code>, <code>self</code>) or the Amazon Web Services account ID of the AMI owner.</p>",
+          "documentation":"<p>The owner alias (<code>amazon</code> | <code>aws-marketplace</code>).</p>",
           "locationName":"imageOwnerAlias"
         },
         "Name":{
@@ -35055,6 +35111,32 @@
         "targeted"
       ]
     },
+    "InstanceMetadataDefaultsResponse":{
+      "type":"structure",
+      "members":{
+        "HttpTokens":{
+          "shape":"HttpTokensState",
+          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> – IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.</p> </li> <li> <p> <code>required</code> – IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.</p> </li> </ul>",
+          "locationName":"httpTokens"
+        },
+        "HttpPutResponseHopLimit":{
+          "shape":"BoxedInteger",
+          "documentation":"<p>The maximum number of hops that the metadata token can travel.</p>",
+          "locationName":"httpPutResponseHopLimit"
+        },
+        "HttpEndpoint":{
+          "shape":"InstanceMetadataEndpointState",
+          "documentation":"<p>Indicates whether the IMDS endpoint for an instance is enabled or disabled. When disabled, the instance metadata can't be accessed.</p>",
+          "locationName":"httpEndpoint"
+        },
+        "InstanceMetadataTags":{
+          "shape":"InstanceMetadataTagsState",
+          "documentation":"<p>Indicates whether access to instance tags from the instance metadata is enabled or disabled. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a> in the <i>Amazon EC2 User Guide</i>.</p>",
+          "locationName":"instanceMetadataTags"
+        }
+      },
+      "documentation":"<p>The default instance metadata service (IMDS) settings that were set at the account level in the specified Amazon Web Services&#x2028; Region.</p>"
+    },
     "InstanceMetadataEndpointState":{
       "type":"string",
       "enum":[
@@ -35067,11 +35149,11 @@
       "members":{
         "HttpTokens":{
           "shape":"HttpTokensState",
-          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.</p> </li> </ul> <p>Default: If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code>, the default is <code>required</code>.</p>"
+          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.</p> </li> </ul> <p>Default:</p> <ul> <li> <p>If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code> and the account level default is set to <code>no-preference</code>, the default is <code>required</code>.</p> </li> <li> <p>If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code>, but the account level default is set to <code>V1 or V2</code>, the default is <code>optional</code>.</p> </li> </ul> <p>The default value can also be affected by other combinations of parameters. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence\">Order of precedence for instance metadata options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         },
         "HttpPutResponseHopLimit":{
           "shape":"Integer",
-          "documentation":"<p>The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.</p> <p>Default: 1</p> <p>Possible values: Integers from 1 to 64</p>"
+          "documentation":"<p>The maximum number of hops that the metadata token can travel.</p> <p>Possible values: Integers from 1 to 64</p>"
         },
         "HttpEndpoint":{
           "shape":"InstanceMetadataEndpointState",
@@ -35098,12 +35180,12 @@
         },
         "HttpTokens":{
           "shape":"HttpTokensState",
-          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.</p> </li> </ul>",
+          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.</p> </li> </ul>",
           "locationName":"httpTokens"
         },
         "HttpPutResponseHopLimit":{
           "shape":"Integer",
-          "documentation":"<p>The desired HTTP PUT response hop limit for instance metadata requests. The larger the number, the further instance metadata requests can travel.</p> <p>Default: <code>1</code> </p> <p>Possible values: Integers from <code>1</code> to <code>64</code> </p>",
+          "documentation":"<p>The maximum number of hops that the metadata token can travel.</p> <p>Possible values: Integers from <code>1</code> to <code>64</code> </p>",
           "locationName":"httpPutResponseHopLimit"
         },
         "HttpEndpoint":{
@@ -41542,6 +41624,14 @@
       "documentation":"<p>The minimum and maximum amount of memory, in MiB.</p>"
     },
     "MemorySize":{"type":"long"},
+    "MetadataDefaultHttpTokensState":{
+      "type":"string",
+      "enum":[
+        "optional",
+        "required",
+        "no-preference"
+      ]
+    },
     "MetricPoint":{
       "type":"structure",
       "members":{
@@ -42367,6 +42457,41 @@
         }
       }
     },
+    "ModifyInstanceMetadataDefaultsRequest":{
+      "type":"structure",
+      "members":{
+        "HttpTokens":{
+          "shape":"MetadataDefaultHttpTokensState",
+          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> – IMDSv2 is optional, which means that you can use either IMDSv2 or IMDSv1.</p> </li> <li> <p> <code>required</code> – IMDSv2 is required, which means that IMDSv1 is disabled, and you must use IMDSv2.</p> </li> </ul>"
+        },
+        "HttpPutResponseHopLimit":{
+          "shape":"BoxedInteger",
+          "documentation":"<p>The maximum number of hops that the metadata token can travel.</p> <p>Minimum: <code>1</code> </p> <p>Maximum: <code>64</code> </p>"
+        },
+        "HttpEndpoint":{
+          "shape":"DefaultInstanceMetadataEndpointState",
+          "documentation":"<p>Enables or disables the IMDS endpoint on an instance. When disabled, the instance metadata can't be accessed.</p>"
+        },
+        "InstanceMetadataTags":{
+          "shape":"DefaultInstanceMetadataTagsState",
+          "documentation":"<p>Enables or disables access to an instance's tags from the instance metadata. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#work-with-tags-in-IMDS\">Work with instance tags using the instance metadata</a> in the <i>Amazon EC2 User Guide</i>.</p>"
+        },
+        "DryRun":{
+          "shape":"Boolean",
+          "documentation":"<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        }
+      }
+    },
+    "ModifyInstanceMetadataDefaultsResult":{
+      "type":"structure",
+      "members":{
+        "Return":{
+          "shape":"Boolean",
+          "documentation":"<p>If the request succeeds, the response returns <code>true</code>. If the request fails, no response is returned, and instead an error message is returned.</p>",
+          "locationName":"return"
+        }
+      }
+    },
     "ModifyInstanceMetadataOptionsRequest":{
       "type":"structure",
       "required":["InstanceId"],
@@ -42377,7 +42502,7 @@
         },
         "HttpTokens":{
           "shape":"HttpTokensState",
-          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.</p> </li> </ul> <p>Default: If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code>, the default is <code>required</code>.</p>"
+          "documentation":"<p>Indicates whether IMDSv2 is required.</p> <ul> <li> <p> <code>optional</code> - IMDSv2 is optional. You can choose whether to send a session token in your instance metadata retrieval requests. If you retrieve IAM role credentials without a session token, you receive the IMDSv1 role credentials. If you retrieve IAM role credentials using a valid session token, you receive the IMDSv2 role credentials.</p> </li> <li> <p> <code>required</code> - IMDSv2 is required. You must send a session token in your instance metadata retrieval requests. With this option, retrieving the IAM role credentials always returns IMDSv2 credentials; IMDSv1 credentials are not available.</p> </li> </ul> <p>Default:</p> <ul> <li> <p>If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code> and the account level default is set to <code>no-preference</code>, the default is <code>required</code>.</p> </li> <li> <p>If the value of <code>ImdsSupport</code> for the Amazon Machine Image (AMI) for your instance is <code>v2.0</code>, but the account level default is set to <code>V1 or V2</code>, the default is <code>optional</code>.</p> </li> </ul> <p>The default value can also be affected by other combinations of parameters. For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-options.html#instance-metadata-options-order-of-precedence\">Order of precedence for instance metadata options</a> in the <i>Amazon EC2 User Guide</i>.</p>"
         },
         "HttpPutResponseHopLimit":{
           "shape":"Integer",
@@ -52356,7 +52481,7 @@
         },
         "MaxResults":{
           "shape":"TransitGatewayMaxResults",
-          "documentation":"<p>The maximum number of routes to return.</p>"
+          "documentation":"<p>The maximum number of routes to return. If a value is not provided, the default is 1000.</p>"
         },
         "DryRun":{
           "shape":"Boolean",