docs(client-secrets-manager): Doc only update for Secrets Manager that fixes several customer-reported issues.

awstools · awstools · commit f9c6096c8bba · 2022-05-11T18:16:51.000Z
diff --git a/clients/client-secrets-manager/src/SecretsManager.ts b/clients/client-secrets-manager/src/SecretsManager.ts
@@ -154,15 +154,16 @@ export class SecretsManager extends SecretsManagerClient {
   /**
    * <p>Turns off automatic rotation, and if a rotation is currently in
    *       progress, cancels the rotation.</p>
+   *          <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
+   *       labels in an unexpected state. You might
+   *       need to remove the staging label <code>AWSPENDING</code> from the partially created version.
+   *       You also need to determine whether to roll back to the previous version of the secret
+   *       by moving the staging label <code>AWSCURRENT</code> to the version that has <code>AWSPENDING</code>.
+   *       To determine
+   *       which version has a specific staging label, call <a>ListSecretVersionIds</a>. Then use
+   *      <a>UpdateSecretVersionStage</a> to change staging labels.
+   *      For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
    *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
-   *          <note>
-   *             <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
-   *         labels in an unexpected state. Depending on the step of the rotation in progress, you might
-   *         need to remove the staging label <code>AWSPENDING</code> from the partially created version, specified
-   *         by the <code>VersionId</code> response value. We recommend you also evaluate the partially rotated
-   *         new version to see if it should be deleted. You can delete a version by removing all staging labels
-   *         from it.</p>
-   *          </note>
    *          <p>
    *             <b>Required permissions: </b>
    *             <code>secretsmanager:CancelRotateSecret</code>.
@@ -304,14 +305,23 @@ export class SecretsManager extends SecretsManagerClient {
    *       The default recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to
    *       the secret that specifies the end of the recovery window. At the end of the recovery window,
    *       Secrets Manager deletes the secret permanently.</p>
-   *          <p>For information about deleting a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html</a>. </p>
+   *          <p>You can't delete a primary secret that is replicated to other Regions. You must first delete the
+   *     replicas using <a>RemoveRegionsFromReplication</a>, and then delete the primary secret.
+   *     When you delete a replica, it is deleted immediately.</p>
+   *          <p>You can't directly delete a version of a secret. Instead, you remove all staging labels
+   *     from the version using <a>UpdateSecretVersionStage</a>. This marks the version as deprecated,
+   *     and then Secrets Manager can automatically delete the version in the background.</p>
+   *          <p>To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm
+   *     to alert you to any attempts to access a secret during the recovery window. For more information,
+   *     see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html">
+   *     Monitor secrets scheduled for deletion</a>.</p>
    *          <p>Secrets Manager performs the permanent secret deletion at the end of the waiting period as a
    *         background task with low priority. There is no guarantee of a specific time after the
    *         recovery window for the permanent delete to occur.</p>
    *          <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to
    *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
-   *          <p>In a secret scheduled for deletion, you cannot access the encrypted secret value.
-   *       To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
+   *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value.
+   *       You must first cancel the deletion with <a>RestoreSecret</a> and then you can retrieve the secret.</p>
    *          <p>
    *             <b>Required permissions: </b>
    *             <code>secretsmanager:DeleteSecret</code>.
@@ -517,8 +527,7 @@ export class SecretsManager extends SecretsManagerClient {
    *          <p>To list the versions of a secret, use <a>ListSecretVersionIds</a>.</p>
    *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
    *       call <a>GetSecretValue</a>.</p>
-   *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Enhanced search capabilities
-   *       for secrets in Secrets Manager</a>.</p>
+   *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
    *          <p>
    *             <b>Required permissions: </b>
    *             <code>secretsmanager:ListSecrets</code>.
@@ -550,10 +559,10 @@ export class SecretsManager extends SecretsManagerClient {
   }
 
   /**
-   * <p>Lists the versions for a secret. </p>
+   * <p>Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions
+   *     of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">
+   *     Secrets Manager concepts: Versions</a>.</p>
    *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
-   *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
-   *       call <a>GetSecretValue</a>.</p>
    *          <p>
    *             <b>Required permissions: </b>
    *             <code>secretsmanager:ListSecretVersionIds</code>.
diff --git a/clients/client-secrets-manager/src/commands/CancelRotateSecretCommand.ts b/clients/client-secrets-manager/src/commands/CancelRotateSecretCommand.ts
@@ -25,15 +25,16 @@ export interface CancelRotateSecretCommandOutput extends CancelRotateSecretRespo
 /**
  * <p>Turns off automatic rotation, and if a rotation is currently in
  *       progress, cancels the rotation.</p>
+ *          <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
+ *       labels in an unexpected state. You might
+ *       need to remove the staging label <code>AWSPENDING</code> from the partially created version.
+ *       You also need to determine whether to roll back to the previous version of the secret
+ *       by moving the staging label <code>AWSCURRENT</code> to the version that has <code>AWSPENDING</code>.
+ *       To determine
+ *       which version has a specific staging label, call <a>ListSecretVersionIds</a>. Then use
+ *      <a>UpdateSecretVersionStage</a> to change staging labels.
+ *      For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html">How rotation works</a>.</p>
  *          <p>To turn on automatic rotation again, call <a>RotateSecret</a>.</p>
- *          <note>
- *             <p>If you cancel a rotation in progress, it can leave the <code>VersionStage</code>
- *         labels in an unexpected state. Depending on the step of the rotation in progress, you might
- *         need to remove the staging label <code>AWSPENDING</code> from the partially created version, specified
- *         by the <code>VersionId</code> response value. We recommend you also evaluate the partially rotated
- *         new version to see if it should be deleted. You can delete a version by removing all staging labels
- *         from it.</p>
- *          </note>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:CancelRotateSecret</code>.
diff --git a/clients/client-secrets-manager/src/commands/DeleteSecretCommand.ts b/clients/client-secrets-manager/src/commands/DeleteSecretCommand.ts
@@ -28,14 +28,23 @@ export interface DeleteSecretCommandOutput extends DeleteSecretResponse, __Metad
  *       The default recovery window is 30 days. Secrets Manager attaches a <code>DeletionDate</code> stamp to
  *       the secret that specifies the end of the recovery window. At the end of the recovery window,
  *       Secrets Manager deletes the secret permanently.</p>
- *          <p>For information about deleting a secret in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html">https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html</a>. </p>
+ *          <p>You can't delete a primary secret that is replicated to other Regions. You must first delete the
+ *     replicas using <a>RemoveRegionsFromReplication</a>, and then delete the primary secret.
+ *     When you delete a replica, it is deleted immediately.</p>
+ *          <p>You can't directly delete a version of a secret. Instead, you remove all staging labels
+ *     from the version using <a>UpdateSecretVersionStage</a>. This marks the version as deprecated,
+ *     and then Secrets Manager can automatically delete the version in the background.</p>
+ *          <p>To determine whether an application still uses a secret, you can create an Amazon CloudWatch alarm
+ *     to alert you to any attempts to access a secret during the recovery window. For more information,
+ *     see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/monitoring_cloudwatch_deleted-secrets.html">
+ *     Monitor secrets scheduled for deletion</a>.</p>
  *          <p>Secrets Manager performs the permanent secret deletion at the end of the waiting period as a
  *         background task with low priority. There is no guarantee of a specific time after the
  *         recovery window for the permanent delete to occur.</p>
  *          <p>At any time before recovery window ends, you can use <a>RestoreSecret</a> to
  *       remove the <code>DeletionDate</code> and cancel the deletion of the secret.</p>
- *          <p>In a secret scheduled for deletion, you cannot access the encrypted secret value.
- *       To access that information, first cancel the deletion with <a>RestoreSecret</a> and then retrieve the information.</p>
+ *          <p>When a secret is scheduled for deletion, you cannot retrieve the secret value.
+ *       You must first cancel the deletion with <a>RestoreSecret</a> and then you can retrieve the secret.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:DeleteSecret</code>.
diff --git a/clients/client-secrets-manager/src/commands/ListSecretVersionIdsCommand.ts b/clients/client-secrets-manager/src/commands/ListSecretVersionIdsCommand.ts
@@ -23,10 +23,10 @@ export interface ListSecretVersionIdsCommandInput extends ListSecretVersionIdsRe
 export interface ListSecretVersionIdsCommandOutput extends ListSecretVersionIdsResponse, __MetadataBearer {}
 
 /**
- * <p>Lists the versions for a secret. </p>
+ * <p>Lists the versions of a secret. Secrets Manager uses staging labels to indicate the different versions
+ *     of a secret. For more information, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version">
+ *     Secrets Manager concepts: Versions</a>.</p>
  *          <p>To list the secrets in the account, use <a>ListSecrets</a>.</p>
- *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
- *       call <a>GetSecretValue</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ListSecretVersionIds</code>.
diff --git a/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts b/clients/client-secrets-manager/src/commands/ListSecretsCommand.ts
@@ -28,8 +28,7 @@ export interface ListSecretsCommandOutput extends ListSecretsResponse, __Metadat
  *          <p>To list the versions of a secret, use <a>ListSecretVersionIds</a>.</p>
  *          <p>To get the secret value from <code>SecretString</code> or <code>SecretBinary</code>,
  *       call <a>GetSecretValue</a>.</p>
- *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Enhanced search capabilities
- *       for secrets in Secrets Manager</a>.</p>
+ *          <p>For information about finding secrets in the console, see <a href="https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html">Find secrets in Secrets Manager</a>.</p>
  *          <p>
  *             <b>Required permissions: </b>
  *             <code>secretsmanager:ListSecrets</code>.
diff --git a/codegen/sdk-codegen/aws-models/secrets-manager.json b/codegen/sdk-codegen/aws-models/secrets-manager.json
