feat(client-dsql): Add support for resource-based policies for Aurora DSQL clusters. This will enable you to implement Block Public Access (BPA) which will help restrict access to your Aurora DSQL public or VPC endpoints.

Author: awstools

clients/client-dsql/README.md

@@ -223,6 +223,14 @@ DeleteCluster
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/DeleteClusterCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/DeleteClusterCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/DeleteClusterCommandOutput/)
 
+</details>
+<details>
+<summary>
+DeleteClusterPolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/DeleteClusterPolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/DeleteClusterPolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/DeleteClusterPolicyCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -231,6 +239,14 @@ GetCluster
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/GetClusterCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/GetClusterCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/GetClusterCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetClusterPolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/GetClusterPolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/GetClusterPolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/GetClusterPolicyCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -255,6 +271,14 @@ ListTagsForResource
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/ListTagsForResourceCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/ListTagsForResourceCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/ListTagsForResourceCommandOutput/)
 
+</details>
+<details>
+<summary>
+PutClusterPolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dsql/command/PutClusterPolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/PutClusterPolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dsql/Interface/PutClusterPolicyCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-dsql/src/DSQL.ts

@@ -12,7 +12,17 @@ import {
   DeleteClusterCommandInput,
   DeleteClusterCommandOutput,
 } from "./commands/DeleteClusterCommand";
+import {
+  DeleteClusterPolicyCommand,
+  DeleteClusterPolicyCommandInput,
+  DeleteClusterPolicyCommandOutput,
+} from "./commands/DeleteClusterPolicyCommand";
 import { GetClusterCommand, GetClusterCommandInput, GetClusterCommandOutput } from "./commands/GetClusterCommand";
+import {
+  GetClusterPolicyCommand,
+  GetClusterPolicyCommandInput,
+  GetClusterPolicyCommandOutput,
+} from "./commands/GetClusterPolicyCommand";
 import {
   GetVpcEndpointServiceNameCommand,
   GetVpcEndpointServiceNameCommandInput,
@@ -28,6 +38,11 @@ import {
   ListTagsForResourceCommandInput,
   ListTagsForResourceCommandOutput,
 } from "./commands/ListTagsForResourceCommand";
+import {
+  PutClusterPolicyCommand,
+  PutClusterPolicyCommandInput,
+  PutClusterPolicyCommandOutput,
+} from "./commands/PutClusterPolicyCommand";
 import { TagResourceCommand, TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import {
   UntagResourceCommand,
@@ -44,10 +59,13 @@ import { DSQLClient, DSQLClientConfig } from "./DSQLClient";
 const commands = {
   CreateClusterCommand,
   DeleteClusterCommand,
+  DeleteClusterPolicyCommand,
   GetClusterCommand,
+  GetClusterPolicyCommand,
   GetVpcEndpointServiceNameCommand,
   ListClustersCommand,
   ListTagsForResourceCommand,
+  PutClusterPolicyCommand,
   TagResourceCommand,
   UntagResourceCommand,
   UpdateClusterCommand,
@@ -77,6 +95,23 @@ export interface DSQL {
     cb: (err: any, data?: DeleteClusterCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DeleteClusterPolicyCommand}
+   */
+  deleteClusterPolicy(
+    args: DeleteClusterPolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DeleteClusterPolicyCommandOutput>;
+  deleteClusterPolicy(
+    args: DeleteClusterPolicyCommandInput,
+    cb: (err: any, data?: DeleteClusterPolicyCommandOutput) => void
+  ): void;
+  deleteClusterPolicy(
+    args: DeleteClusterPolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DeleteClusterPolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetClusterCommand}
    */
@@ -88,6 +123,23 @@ export interface DSQL {
     cb: (err: any, data?: GetClusterCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetClusterPolicyCommand}
+   */
+  getClusterPolicy(
+    args: GetClusterPolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetClusterPolicyCommandOutput>;
+  getClusterPolicy(
+    args: GetClusterPolicyCommandInput,
+    cb: (err: any, data?: GetClusterPolicyCommandOutput) => void
+  ): void;
+  getClusterPolicy(
+    args: GetClusterPolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetClusterPolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link GetVpcEndpointServiceNameCommand}
    */
@@ -134,6 +186,23 @@ export interface DSQL {
     cb: (err: any, data?: ListTagsForResourceCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link PutClusterPolicyCommand}
+   */
+  putClusterPolicy(
+    args: PutClusterPolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<PutClusterPolicyCommandOutput>;
+  putClusterPolicy(
+    args: PutClusterPolicyCommandInput,
+    cb: (err: any, data?: PutClusterPolicyCommandOutput) => void
+  ): void;
+  putClusterPolicy(
+    args: PutClusterPolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: PutClusterPolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link TagResourceCommand}
    */

clients/client-dsql/src/DSQLClient.ts

@@ -55,7 +55,12 @@ import {
 } from "./auth/httpAuthSchemeProvider";
 import { CreateClusterCommandInput, CreateClusterCommandOutput } from "./commands/CreateClusterCommand";
 import { DeleteClusterCommandInput, DeleteClusterCommandOutput } from "./commands/DeleteClusterCommand";
+import {
+  DeleteClusterPolicyCommandInput,
+  DeleteClusterPolicyCommandOutput,
+} from "./commands/DeleteClusterPolicyCommand";
 import { GetClusterCommandInput, GetClusterCommandOutput } from "./commands/GetClusterCommand";
+import { GetClusterPolicyCommandInput, GetClusterPolicyCommandOutput } from "./commands/GetClusterPolicyCommand";
 import {
   GetVpcEndpointServiceNameCommandInput,
   GetVpcEndpointServiceNameCommandOutput,
@@ -65,6 +70,7 @@ import {
   ListTagsForResourceCommandInput,
   ListTagsForResourceCommandOutput,
 } from "./commands/ListTagsForResourceCommand";
+import { PutClusterPolicyCommandInput, PutClusterPolicyCommandOutput } from "./commands/PutClusterPolicyCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
 import { UntagResourceCommandInput, UntagResourceCommandOutput } from "./commands/UntagResourceCommand";
 import { UpdateClusterCommandInput, UpdateClusterCommandOutput } from "./commands/UpdateClusterCommand";
@@ -85,10 +91,13 @@ export { __Client };
 export type ServiceInputTypes =
   | CreateClusterCommandInput
   | DeleteClusterCommandInput
+  | DeleteClusterPolicyCommandInput
   | GetClusterCommandInput
+  | GetClusterPolicyCommandInput
   | GetVpcEndpointServiceNameCommandInput
   | ListClustersCommandInput
   | ListTagsForResourceCommandInput
+  | PutClusterPolicyCommandInput
   | TagResourceCommandInput
   | UntagResourceCommandInput
   | UpdateClusterCommandInput;
@@ -99,10 +108,13 @@ export type ServiceInputTypes =
 export type ServiceOutputTypes =
   | CreateClusterCommandOutput
   | DeleteClusterCommandOutput
+  | DeleteClusterPolicyCommandOutput
   | GetClusterCommandOutput
+  | GetClusterPolicyCommandOutput
   | GetVpcEndpointServiceNameCommandOutput
   | ListClustersCommandOutput
   | ListTagsForResourceCommandOutput
+  | PutClusterPolicyCommandOutput
   | TagResourceCommandOutput
   | UntagResourceCommandOutput
   | UpdateClusterCommandOutput;

clients/client-dsql/src/commands/CreateClusterCommand.ts

@@ -28,7 +28,7 @@ export interface CreateClusterCommandInput extends CreateClusterInput {}
 export interface CreateClusterCommandOutput extends CreateClusterOutput, __MetadataBearer {}
 
 /**
- * <p>The CreateCluster API allows you to create both single-region clusters and multi-Region
+ * <p>The CreateCluster API allows you to create both single-Region clusters and multi-Region
  *          clusters. With the addition of the <i>multiRegionProperties</i> parameter,
  *          you can create a cluster with witness Region support and establish peer relationships with
  *          clusters in other Regions during creation.</p>
@@ -55,7 +55,7 @@ export interface CreateClusterCommandOutput extends CreateClusterOutput, __Metad
  *             </dd>
  *             <dt>dsql:PutMultiRegionProperties</dt>
  *             <dd>
- *                <p>Permission to configure multi-region properties for a cluster.</p>
+ *                <p>Permission to configure multi-Region properties for a cluster.</p>
  *                <p>Resources: <code>arn:aws:dsql:region:account-id:cluster/*</code>
  *                </p>
  *             </dd>
@@ -114,6 +114,8 @@ export interface CreateClusterCommandOutput extends CreateClusterOutput, __Metad
  *       "STRING_VALUE",
  *     ],
  *   },
+ *   policy: "STRING_VALUE",
+ *   bypassPolicyLockoutSafetyCheck: true || false,
  * };
  * const command = new CreateClusterCommand(input);
  * const response = await client.send(command);

clients/client-dsql/src/commands/DeleteClusterPolicyCommand.ts

@@ -0,0 +1,116 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { DSQLClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DSQLClient";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { DeleteClusterPolicyInput, DeleteClusterPolicyOutput } from "../models/models_0";
+import { de_DeleteClusterPolicyCommand, se_DeleteClusterPolicyCommand } from "../protocols/Aws_restJson1";
+
+/**
+ * @public
+ */
+export type { __MetadataBearer };
+export { $Command };
+/**
+ * @public
+ *
+ * The input for {@link DeleteClusterPolicyCommand}.
+ */
+export interface DeleteClusterPolicyCommandInput extends DeleteClusterPolicyInput {}
+/**
+ * @public
+ *
+ * The output of {@link DeleteClusterPolicyCommand}.
+ */
+export interface DeleteClusterPolicyCommandOutput extends DeleteClusterPolicyOutput, __MetadataBearer {}
+
+/**
+ * <p>Deletes the resource-based policy attached to a cluster. This removes all access permissions defined by the policy, reverting to default access controls.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { DSQLClient, DeleteClusterPolicyCommand } from "@aws-sdk/client-dsql"; // ES Modules import
+ * // const { DSQLClient, DeleteClusterPolicyCommand } = require("@aws-sdk/client-dsql"); // CommonJS import
+ * // import type { DSQLClientConfig } from "@aws-sdk/client-dsql";
+ * const config = {}; // type is DSQLClientConfig
+ * const client = new DSQLClient(config);
+ * const input = { // DeleteClusterPolicyInput
+ *   identifier: "STRING_VALUE", // required
+ *   expectedPolicyVersion: "STRING_VALUE",
+ *   clientToken: "STRING_VALUE",
+ * };
+ * const command = new DeleteClusterPolicyCommand(input);
+ * const response = await client.send(command);
+ * // { // DeleteClusterPolicyOutput
+ * //   policyVersion: "STRING_VALUE", // required
+ * // };
+ *
+ * ```
+ *
+ * @param DeleteClusterPolicyCommandInput - {@link DeleteClusterPolicyCommandInput}
+ * @returns {@link DeleteClusterPolicyCommandOutput}
+ * @see {@link DeleteClusterPolicyCommandInput} for command's `input` shape.
+ * @see {@link DeleteClusterPolicyCommandOutput} for command's `response` shape.
+ * @see {@link DSQLClientResolvedConfig | config} for DSQLClient's `config` shape.
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>The submitted action has conflicts.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The resource could not be found.</p>
+ *
+ * @throws {@link ValidationException} (client fault)
+ *  <p>The input failed to satisfy the constraints specified by an Amazon Web Services service.</p>
+ *
+ * @throws {@link AccessDeniedException} (client fault)
+ *  <p>You do not have sufficient access to perform this action.</p>
+ *
+ * @throws {@link InternalServerException} (server fault)
+ *  <p>The request processing has failed because of an unknown error, exception or
+ *          failure.</p>
+ *
+ * @throws {@link ThrottlingException} (client fault)
+ *  <p>The request was denied due to request throttling.</p>
+ *
+ * @throws {@link DSQLServiceException}
+ * <p>Base exception class for all service exceptions from DSQL service.</p>
+ *
+ *
+ * @public
+ */
+export class DeleteClusterPolicyCommand extends $Command
+  .classBuilder<
+    DeleteClusterPolicyCommandInput,
+    DeleteClusterPolicyCommandOutput,
+    DSQLClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep(commonParams)
+  .m(function (this: any, Command: any, cs: any, config: DSQLClientResolvedConfig, o: any) {
+    return [
+      getSerdePlugin(config, this.serialize, this.deserialize),
+      getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+  })
+  .s("DSQL", "DeleteClusterPolicy", {})
+  .n("DSQLClient", "DeleteClusterPolicyCommand")
+  .f(void 0, void 0)
+  .ser(se_DeleteClusterPolicyCommand)
+  .de(de_DeleteClusterPolicyCommand)
+  .build() {
+  /** @internal type navigation helper, not in runtime. */
+  protected declare static __types: {
+    api: {
+      input: DeleteClusterPolicyInput;
+      output: DeleteClusterPolicyOutput;
+    };
+    sdk: {
+      input: DeleteClusterPolicyCommandInput;
+      output: DeleteClusterPolicyCommandOutput;
+    };
+  };
+}