This release adds support for securely sharing with AWS service principals.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/ram/ram-2018-01-04.api.json

@@ -135,6 +135,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"ResourceShareLimitExceededException"},
         {"shape":"TagPolicyViolationException"},
+        {"shape":"TagLimitExceededException"},
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ]
@@ -688,7 +689,8 @@
         "resourceShareArn":{"shape":"String"},
         "resourceArns":{"shape":"ResourceArnList"},
         "principals":{"shape":"PrincipalArnOrIdList"},
-        "clientToken":{"shape":"String"}
+        "clientToken":{"shape":"String"},
+        "sources":{"shape":"SourceArnOrAccountList"}
       }
     },
     "AssociateResourceShareResponse":{
@@ -767,7 +769,8 @@
         "tags":{"shape":"TagList"},
         "allowExternalPrincipals":{"shape":"Boolean"},
         "clientToken":{"shape":"String"},
-        "permissionArns":{"shape":"PermissionArnList"}
+        "permissionArns":{"shape":"PermissionArnList"},
+        "sources":{"shape":"SourceArnOrAccountList"}
       }
     },
     "CreateResourceShareResponse":{
@@ -883,7 +886,8 @@
         "resourceShareArn":{"shape":"String"},
         "resourceArns":{"shape":"ResourceArnList"},
         "principals":{"shape":"PrincipalArnOrIdList"},
-        "clientToken":{"shape":"String"}
+        "clientToken":{"shape":"String"},
+        "sources":{"shape":"SourceArnOrAccountList"}
       }
     },
     "DisassociateResourceShareResponse":{
@@ -1764,6 +1768,10 @@
         "clientToken":{"shape":"String"}
       }
     },
+    "SourceArnOrAccountList":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
     "String":{"type":"string"},
     "Tag":{
       "type":"structure",

generator/ServiceModels/ram/ram-2018-01-04.docs.json

@@ -834,6 +834,14 @@
       "refs": {
       }
     },
+    "SourceArnOrAccountList": {
+      "base": null,
+      "refs": {
+        "AssociateResourceShareRequest$sources": "<p>Specifies from which source accounts the service principal has access to the resources in this resource share.</p>",
+        "CreateResourceShareRequest$sources": "<p>Specifies from which source accounts the service principal has access to the resources in this resource share.</p>",
+        "DisassociateResourceShareRequest$sources": "<p>Specifies from which source accounts the service principal no longer has access to the resources in this resource share.</p>"
+      }
+    },
     "String": {
       "base": null,
       "refs": {
@@ -882,7 +890,7 @@
         "GetResourcePoliciesRequest$nextToken": "<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>",
         "GetResourcePoliciesResponse$nextToken": "<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>",
         "GetResourceShareAssociationsRequest$resourceArn": "<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of a resource whose resource shares you want to retrieve.</p> <p>You cannot specify this parameter if the association type is <code>PRINCIPAL</code>.</p>",
-        "GetResourceShareAssociationsRequest$principal": "<p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of an individual IAM user or role.</p> <p>You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>",
+        "GetResourceShareAssociationsRequest$principal": "<p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of an individual IAM role or user.</p> <p>You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>",
         "GetResourceShareAssociationsRequest$nextToken": "<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>",
         "GetResourceShareAssociationsResponse$nextToken": "<p>If present, this value indicates that more output is available than is included in the current response. Use this value in the <code>NextToken</code> request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the <code>NextToken</code> response element comes back as <code>null</code>. This indicates that this is the last page of results.</p>",
         "GetResourceShareInvitationsRequest$nextToken": "<p>Specifies that you want to receive the next page of results. Valid only if you received a <code>NextToken</code> response in the previous request. If you did, it indicates that more output is available. Set this parameter to the value provided by the previous call's <code>NextToken</code> response to request the next page of results.</p>",
@@ -1002,6 +1010,7 @@
         "SetDefaultPermissionVersionRequest$permissionArn": "<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of the customer managed permission whose default version you want to change.</p>",
         "SetDefaultPermissionVersionRequest$clientToken": "<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p> <p>If you retry the operation with the same <code>ClientToken</code>, but with different parameters, the retry fails with an <code>IdempotentParameterMismatch</code> error.</p>",
         "SetDefaultPermissionVersionResponse$clientToken": "<p>The idempotency identifier associated with this request. If you want to repeat the same operation in an idempotent manner then you must include this value in the <code>clientToken</code> request parameter of that later call. All other parameters must also have the same values that you used in the first call.</p>",
+        "SourceArnOrAccountList$member": null,
         "TagLimitExceededException$message": null,
         "TagPolicyViolationException$message": null,
         "TagResourceRequest$resourceShareArn": "<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of the resource share that you want to add tags to. You must specify <i>either</i> <code>resourceShareArn</code>, or <code>resourceArn</code>, but not both.</p>",

generator/ServiceModels/ram/ram-2018-01-04.normal.json

@@ -140,6 +140,7 @@
         {"shape":"OperationNotPermittedException"},
         {"shape":"ResourceShareLimitExceededException"},
         {"shape":"TagPolicyViolationException"},
+        {"shape":"TagLimitExceededException"},
         {"shape":"ServerInternalException"},
         {"shape":"ServiceUnavailableException"}
       ],
@@ -767,6 +768,10 @@
         "clientToken":{
           "shape":"String",
           "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p> <p>If you retry the operation with the same <code>ClientToken</code>, but with different parameters, the retry fails with an <code>IdempotentParameterMismatch</code> error.</p>"
+        },
+        "sources":{
+          "shape":"SourceArnOrAccountList",
+          "documentation":"<p>Specifies from which source accounts the service principal has access to the resources in this resource share.</p>"
         }
       }
     },
@@ -931,6 +936,10 @@
         "permissionArns":{
           "shape":"PermissionArnList",
           "documentation":"<p>Specifies the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Names (ARNs)</a> of the RAM permission to associate with the resource share. If you do not specify an ARN for the permission, RAM automatically attaches the default version of the permission for each resource type. You can associate only one permission with each resource type included in the resource share.</p>"
+        },
+        "sources":{
+          "shape":"SourceArnOrAccountList",
+          "documentation":"<p>Specifies from which source accounts the service principal has access to the resources in this resource share.</p>"
         }
       }
     },
@@ -1111,6 +1120,10 @@
         "clientToken":{
           "shape":"String",
           "documentation":"<p>Specifies a unique, case-sensitive identifier that you provide to ensure the idempotency of the request. This lets you safely retry the request without accidentally performing the same operation a second time. Passing the same value to a later call to an operation requires that you also pass the same value for all other parameters. We recommend that you use a <a href=\"https://wikipedia.org/wiki/Universally_unique_identifier\">UUID type of value.</a>.</p> <p>If you don't provide this value, then Amazon Web Services generates a random one for you.</p> <p>If you retry the operation with the same <code>ClientToken</code>, but with different parameters, the retry fails with an <code>IdempotentParameterMismatch</code> error.</p>"
+        },
+        "sources":{
+          "shape":"SourceArnOrAccountList",
+          "documentation":"<p>Specifies from which source accounts the service principal no longer has access to the resources in this resource share.</p>"
         }
       }
     },
@@ -1217,7 +1230,7 @@
         },
         "principal":{
           "shape":"String",
-          "documentation":"<p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of an individual IAM user or role.</p> <p>You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>"
+          "documentation":"<p>Specifies the ID of the principal whose resource shares you want to retrieve. This can be an Amazon Web Services account ID, an organization ID, an organizational unit ID, or the <a href=\"https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html\">Amazon Resource Name (ARN)</a> of an individual IAM role or user.</p> <p>You cannot specify this parameter if the association type is <code>RESOURCE</code>.</p>"
         },
         "associationStatus":{
           "shape":"ResourceShareAssociationStatus",
@@ -2620,6 +2633,10 @@
         }
       }
     },
+    "SourceArnOrAccountList":{
+      "type":"list",
+      "member":{"shape":"String"}
+    },
     "String":{"type":"string"},
     "Tag":{
       "type":"structure",

sdk/src/Services/RAM/Generated/Model/AssociateResourceShareRequest.cs

@@ -41,6 +41,7 @@ public partial class AssociateResourceShareRequest : AmazonRAMRequest
         private List<string> _principals = new List<string>();
         private List<string> _resourceArns = new List<string>();
         private string _resourceShareArn;
+        private List<string> _sources = new List<string>();
 
         /// <summary>
         /// Gets and sets the property ClientToken. 
@@ -174,5 +175,24 @@ internal bool IsSetResourceShareArn()
             return this._resourceShareArn != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property Sources. 
+        /// <para>
+        /// Specifies from which source accounts the service principal has access to the resources
+        /// in this resource share.
+        /// </para>
+        /// </summary>
+        public List<string> Sources
+        {
+            get { return this._sources; }
+            set { this._sources = value; }
+        }
+
+        // Check to see if Sources property is set
+        internal bool IsSetSources()
+        {
+            return this._sources != null && this._sources.Count > 0; 
+        }
+
     }
 }

sdk/src/Services/RAM/Generated/Model/CreateResourceShareRequest.cs

@@ -50,6 +50,7 @@ public partial class CreateResourceShareRequest : AmazonRAMRequest
         private List<string> _permissionArns = new List<string>();
         private List<string> _principals = new List<string>();
         private List<string> _resourceArns = new List<string>();
+        private List<string> _sources = new List<string>();
         private List<Tag> _tags = new List<Tag>();
 
         /// <summary>
@@ -219,6 +220,25 @@ internal bool IsSetResourceArns()
             return this._resourceArns != null && this._resourceArns.Count > 0; 
         }
 
+        /// <summary>
+        /// Gets and sets the property Sources. 
+        /// <para>
+        /// Specifies from which source accounts the service principal has access to the resources
+        /// in this resource share.
+        /// </para>
+        /// </summary>
+        public List<string> Sources
+        {
+            get { return this._sources; }
+            set { this._sources = value; }
+        }
+
+        // Check to see if Sources property is set
+        internal bool IsSetSources()
+        {
+            return this._sources != null && this._sources.Count > 0; 
+        }
+
         /// <summary>
         /// Gets and sets the property Tags. 
         /// <para>

sdk/src/Services/RAM/Generated/Model/DisassociateResourceShareRequest.cs

@@ -39,6 +39,7 @@ public partial class DisassociateResourceShareRequest : AmazonRAMRequest
         private List<string> _principals = new List<string>();
         private List<string> _resourceArns = new List<string>();
         private string _resourceShareArn;
+        private List<string> _sources = new List<string>();
 
         /// <summary>
         /// Gets and sets the property ClientToken. 
@@ -168,5 +169,24 @@ internal bool IsSetResourceShareArn()
             return this._resourceShareArn != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property Sources. 
+        /// <para>
+        /// Specifies from which source accounts the service principal no longer has access to
+        /// the resources in this resource share.
+        /// </para>
+        /// </summary>
+        public List<string> Sources
+        {
+            get { return this._sources; }
+            set { this._sources = value; }
+        }
+
+        // Check to see if Sources property is set
+        internal bool IsSetSources()
+        {
+            return this._sources != null && this._sources.Count > 0; 
+        }
+
     }
 }

sdk/src/Services/RAM/Generated/Model/GetResourceShareAssociationsRequest.cs

@@ -143,7 +143,7 @@ internal bool IsSetNextToken()
         /// Specifies the ID of the principal whose resource shares you want to retrieve. This
         /// can be an Amazon Web Services account ID, an organization ID, an organizational unit
         /// ID, or the <a href="https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html">Amazon
-        /// Resource Name (ARN)</a> of an individual IAM user or role.
+        /// Resource Name (ARN)</a> of an individual IAM role or user.
         /// </para>
         ///  
         /// <para>

sdk/src/Services/RAM/Generated/Model/Internal/MarshallTransformations/AssociateResourceShareRequestMarshaller.cs

@@ -99,6 +99,17 @@ public IRequest Marshall(AssociateResourceShareRequest publicRequest)
                     context.Writer.Write(publicRequest.ResourceShareArn);
                 }
 
+                if(publicRequest.IsSetSources())
+                {
+                    context.Writer.WritePropertyName("sources");
+                    context.Writer.WriteArrayStart();
+                    foreach(var publicRequestSourcesListValue in publicRequest.Sources)
+                    {
+                            context.Writer.Write(publicRequestSourcesListValue);
+                    }
+                    context.Writer.WriteArrayEnd();
+                }
+
                 writer.WriteObjectEnd();
                 string snippet = stringWriter.ToString();
                 request.Content = System.Text.Encoding.UTF8.GetBytes(snippet);

sdk/src/Services/RAM/Generated/Model/Internal/MarshallTransformations/CreateResourceShareRequestMarshaller.cs

@@ -116,6 +116,17 @@ public IRequest Marshall(CreateResourceShareRequest publicRequest)
                     context.Writer.WriteArrayEnd();
                 }
 
+                if(publicRequest.IsSetSources())
+                {
+                    context.Writer.WritePropertyName("sources");
+                    context.Writer.WriteArrayStart();
+                    foreach(var publicRequestSourcesListValue in publicRequest.Sources)
+                    {
+                            context.Writer.Write(publicRequestSourcesListValue);
+                    }
+                    context.Writer.WriteArrayEnd();
+                }
+
                 if(publicRequest.IsSetTags())
                 {
                     context.Writer.WritePropertyName("tags");

sdk/src/Services/RAM/Generated/Model/Internal/MarshallTransformations/CreateResourceShareResponseUnmarshaller.cs

@@ -122,6 +122,10 @@ public override AmazonServiceException UnmarshallException(JsonUnmarshallerConte
                 {
                     return ServiceUnavailableExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
                 }
+                if (errorResponse.Code != null && errorResponse.Code.Equals("TagLimitExceededException"))
+                {
+                    return TagLimitExceededExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);
+                }
                 if (errorResponse.Code != null && errorResponse.Code.Equals("TagPolicyViolationException"))
                 {
                     return TagPolicyViolationExceptionUnmarshaller.Instance.Unmarshall(contextCopy, errorResponse);