|
394 | 394 | "DescribeVpcEndpointConnectionNotifications": "<p>Describes the connection notifications for VPC endpoints and VPC endpoint services.</p>", |
395 | 395 | "DescribeVpcEndpointConnections": "<p>Describes the VPC endpoint connections to your VPC endpoint services, including any endpoints that are pending your acceptance.</p>", |
396 | 396 | "DescribeVpcEndpointServiceConfigurations": "<p>Describes the VPC endpoint service configurations in your account (your services).</p>", |
397 | | - "DescribeVpcEndpointServicePermissions": "<p>Describes the principals (service consumers) that are permitted to discover your VPC endpoint service.</p>", |
| 397 | + "DescribeVpcEndpointServicePermissions": "<p>Describes the principals (service consumers) that are permitted to discover your VPC endpoint service. Principal ARNs with path components aren't supported.</p>", |
398 | 398 | "DescribeVpcEndpointServices": "<p>Describes available services to which you can create a VPC endpoint.</p> <p>When the service provider and the consumer have different accounts in multiple Availability Zones, and the consumer views the VPC endpoint service information, the response only includes the common Availability Zones. For example, when the service provider account uses <code>us-east-1a</code> and <code>us-east-1c</code> and the consumer uses <code>us-east-1a</code> and <code>us-east-1b</code>, the response includes the VPC endpoint services in the common Availability Zone, <code>us-east-1a</code>.</p>", |
399 | 399 | "DescribeVpcEndpoints": "<p>Describes your VPC endpoints. The default is to describe all your VPC endpoints. Alternatively, you can specify specific VPC endpoint IDs or filter the results to include only the VPC endpoints that match specific criteria.</p>", |
400 | 400 | "DescribeVpcPeeringConnections": "<p>Describes your VPC peering connections. The default is to describe all your VPC peering connections. Alternatively, you can specify specific VPC peering connection IDs or filter the results to include only the VPC peering connections that match specific criteria.</p>", |
|
595 | 595 | "ModifyVpcEndpointConnectionNotification": "<p>Modifies a connection notification for VPC endpoint or VPC endpoint service. You can change the SNS topic for the notification, or the events for which to be notified. </p>", |
596 | 596 | "ModifyVpcEndpointServiceConfiguration": "<p>Modifies the attributes of the specified VPC endpoint service configuration.</p> <p>If you set or modify the private DNS name, you must prove that you own the private DNS domain name.</p>", |
597 | 597 | "ModifyVpcEndpointServicePayerResponsibility": "<p>Modifies the payer responsibility for your VPC endpoint service.</p>", |
598 | | - "ModifyVpcEndpointServicePermissions": "<p>Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service.</p> <p>If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.</p>", |
| 598 | + "ModifyVpcEndpointServicePermissions": "<p>Modifies the permissions for your VPC endpoint service. You can add or remove permissions for service consumers (Amazon Web Services accounts, users, and IAM roles) to connect to your endpoint service. Principal ARNs with path components aren't supported.</p> <p>If you grant permissions to all principals, the service is public. Any users who know the name of a public service can send a request to attach an endpoint. If the service does not require manual approval, attachments are automatically approved.</p>", |
599 | 599 | "ModifyVpcPeeringConnectionOptions": "<p>Modifies the VPC peering connection options on one side of a VPC peering connection.</p> <p>If the peered VPCs are in the same Amazon Web Services account, you can enable DNS resolution for queries from the local VPC. This ensures that queries from the local VPC resolve to private IP addresses in the peer VPC. This option is not available if the peered VPCs are in different Amazon Web Services accounts or different Regions. For peered VPCs in different Amazon Web Services accounts, each Amazon Web Services account owner must initiate a separate request to modify the peering connection options. For inter-region peering connections, you must use the Region for the requester VPC to modify the requester VPC peering options and the Region for the accepter VPC to modify the accepter VPC peering options. To verify which VPCs are the accepter and the requester for a VPC peering connection, use the <a>DescribeVpcPeeringConnections</a> command.</p>", |
600 | 600 | "ModifyVpcTenancy": "<p>Modifies the instance tenancy attribute of the specified VPC. You can change the instance tenancy attribute of a VPC to <code>default</code> only. You cannot change the instance tenancy attribute to <code>dedicated</code>.</p> <p>After you modify the tenancy of the VPC, any new instances that you launch into the VPC have a tenancy of <code>default</code>, unless you specify otherwise during launch. The tenancy of any existing instances in the VPC is not affected.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html\">Dedicated Instances</a> in the <i>Amazon EC2 User Guide</i>.</p>", |
601 | 601 | "ModifyVpnConnection": "<p>Modifies the customer gateway or the target gateway of an Amazon Web Services Site-to-Site VPN connection. To modify the target gateway, the following migration options are available:</p> <ul> <li> <p>An existing virtual private gateway to a new virtual private gateway</p> </li> <li> <p>An existing virtual private gateway to a transit gateway</p> </li> <li> <p>An existing transit gateway to a new transit gateway</p> </li> <li> <p>An existing transit gateway to a virtual private gateway</p> </li> </ul> <p>Before you perform the migration to the new gateway, you must configure the new gateway. Use <a>CreateVpnGateway</a> to create a virtual private gateway, or <a>CreateTransitGateway</a> to create a transit gateway.</p> <p>This step is required when you migrate from a virtual private gateway with static routes to a transit gateway. </p> <p>You must delete the static routes before you migrate to the new gateway.</p> <p>Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.</p> <p>After you migrate to the new gateway, you might need to modify your VPC route table. Use <a>CreateRoute</a> and <a>DeleteRoute</a> to make the changes described in <a href=\"https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing\">Update VPC route tables</a> in the <i>Amazon Web Services Site-to-Site VPN User Guide</i>.</p> <p>When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the Amazon Web Services Site-to-Site VPN connection. Use <a>CreateTransitGatewayRoute</a> to add the routes.</p> <p> If you deleted VPN static routes, you must add the static routes to the transit gateway route table.</p> <p>After you perform this operation, the VPN endpoint's IP addresses on the Amazon Web Services side and the tunnel options remain intact. Your Amazon Web Services Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.</p>", |
|
2234 | 2234 | "ClientConnectResponseOptions$Enabled": "<p>Indicates whether client connect options are enabled.</p>", |
2235 | 2235 | "ClientLoginBannerOptions$Enabled": "<p>Enable or disable a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p> <p>Valid values: <code>true | false</code> </p> <p>Default value: <code>false</code> </p>", |
2236 | 2236 | "ClientLoginBannerResponseOptions$Enabled": "<p>Current state of text banner feature.</p> <p>Valid values: <code>true | false</code> </p>", |
| 2237 | + "ClientRouteEnforcementOptions$Enforced": "<p>Enable or disable the client route enforcement feature.</p> <p>Valid values: <code>true | false</code> </p> <p>Default value: <code>false</code> </p>", |
| 2238 | + "ClientRouteEnforcementResponseOptions$Enforced": "<p>Status of the client route enforcement feature.</p> <p>Valid values: <code>true | false</code> </p> <p>Default value: <code>false</code> </p>", |
2237 | 2239 | "ClientVpnEndpoint$SplitTunnel": "<p>Indicates whether split-tunnel is enabled in the Client VPN endpoint.</p> <p>For information about split-tunnel VPN endpoints, see <a href=\"https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html\">Split-Tunnel Client VPN endpoint</a> in the <i>Client VPN Administrator Guide</i>.</p>", |
2238 | 2240 | "ClientVpnEndpoint$DisconnectOnSessionTimeout": "<p>Indicates whether the client VPN session is disconnected after the maximum <code>sessionTimeoutHours</code> is reached. If <code>true</code>, users are prompted to reconnect client VPN. If <code>false</code>, client VPN attempts to reconnect automatically. The default value is <code>false</code>.</p>", |
2239 | 2241 | "CloudWatchLogOptions$LogEnabled": "<p>Status of VPN tunnel logging feature. Default value is <code>False</code>.</p> <p>Valid values: <code>True</code> | <code>False</code> </p>", |
|
3979 | 3981 | "ClientVpnEndpoint$ClientLoginBannerOptions": "<p>Options for enabling a customizable text banner that will be displayed on Amazon Web Services provided clients when a VPN session is established.</p>" |
3980 | 3982 | } |
3981 | 3983 | }, |
| 3984 | + "ClientRouteEnforcementOptions": { |
| 3985 | + "base": "<p>Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.</p> <p>Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.</p>", |
| 3986 | + "refs": { |
| 3987 | + "CreateClientVpnEndpointRequest$ClientRouteEnforcementOptions": "<p>Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.</p> <p>Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.</p>", |
| 3988 | + "ModifyClientVpnEndpointRequest$ClientRouteEnforcementOptions": "<p>Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.</p> <p>Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.</p>" |
| 3989 | + } |
| 3990 | + }, |
| 3991 | + "ClientRouteEnforcementResponseOptions": { |
| 3992 | + "base": "<p>The current status of client route enforcement. The state will either be <code>true</code> (enabled) or <code>false</code> (disabled).</p>", |
| 3993 | + "refs": { |
| 3994 | + "ClientVpnEndpoint$ClientRouteEnforcementOptions": "<p>Client route enforcement is a feature of the Client VPN service that helps enforce administrator defined routes on devices connected through the VPN. T his feature helps improve your security posture by ensuring that network traffic originating from a connected client is not inadvertently sent outside the VPN tunnel.</p> <p>Client route enforcement works by monitoring the route table of a connected device for routing policy changes to the VPN connection. If the feature detects any VPN routing policy modifications, it will automatically force an update to the route table, reverting it back to the expected route configurations.</p>" |
| 3995 | + } |
| 3996 | + }, |
3982 | 3997 | "ClientSecretType": { |
3983 | 3998 | "base": null, |
3984 | 3999 | "refs": { |
|
5755 | 5770 | "base": null, |
5756 | 5771 | "refs": { |
5757 | 5772 | "ModifyTransitGatewayOptions$DefaultRouteTableAssociation": "<p>Enable or disable automatic association with the default association route table.</p>", |
5758 | | - "TransitGatewayOptions$DefaultRouteTableAssociation": "<p>Indicates whether resource attachments are automatically associated with the default association route table.</p>", |
| 5773 | + "TransitGatewayOptions$DefaultRouteTableAssociation": "<p>Indicates whether resource attachments are automatically associated with the default association route table. Enabled by default. If <code>defaultRouteTableAssociation</code> is set to <code>enable</code>, Amazon Web Services Transit Gateway will create the default transit gateway route table.</p>", |
5759 | 5774 | "TransitGatewayRequestOptions$DefaultRouteTableAssociation": "<p>Enable or disable automatic association with the default association route table. Enabled by default.</p>" |
5760 | 5775 | } |
5761 | 5776 | }, |
5762 | 5777 | "DefaultRouteTablePropagationValue": { |
5763 | 5778 | "base": null, |
5764 | 5779 | "refs": { |
5765 | 5780 | "ModifyTransitGatewayOptions$DefaultRouteTablePropagation": "<p>Enable or disable automatic propagation of routes to the default propagation route table.</p>", |
5766 | | - "TransitGatewayOptions$DefaultRouteTablePropagation": "<p>Indicates whether resource attachments automatically propagate routes to the default propagation route table.</p>", |
| 5781 | + "TransitGatewayOptions$DefaultRouteTablePropagation": "<p>Indicates whether resource attachments automatically propagate routes to the default propagation route table. Enabled by default. If <code>defaultRouteTablePropagation</code> is set to <code>enable</code>, Amazon Web Services Transit Gateway will create the default transit gateway route table.</p>", |
5767 | 5782 | "TransitGatewayRequestOptions$DefaultRouteTablePropagation": "<p>Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default.</p>" |
5768 | 5783 | } |
5769 | 5784 | }, |
|
0 commit comments