String requestId
String errorCode
AmazonServiceException.ErrorType errorType
AmazonServiceException.ErrorType
String errorMessage
int statusCode
String serviceName
Map<K,V> httpHeaders
byte[] rawResponse
String proxyHost
String extraInfo
boolean autoConstruct
boolean autoConstruct
List<E> actions
A list of actions for the access permissions. Any strings that can be used as an action in an IAM policy can be used in the list of actions to check.
List<E> resources
A list of resources for the access permissions. Any strings that can be used as a resource in an IAM policy can be used in the list of resources to check.
String id
The unique ID for the access preview.
String analyzerArn
The ARN of the analyzer used to generate the access preview.
Map<K,V> configurations
A map of resource ARNs for the proposed resource configuration.
Date createdAt
The time at which the access preview was created.
String status
The status of the access preview.
Creating
- The access preview creation is in progress.
Completed
- The access preview is complete. You can preview findings for external access to the
resource.
Failed
- The access preview creation has failed.
AccessPreviewStatusReason statusReason
Provides more details about the current status of the access preview.
For example, if the creation of the access preview fails, a Failed
status is returned. This failure
can be due to an internal issue with the analysis or due to an invalid resource configuration.
String id
The ID of the access preview finding. This ID uniquely identifies the element in the list of access preview findings and is not related to the finding ID in Access Analyzer.
String existingFindingId
The existing ID of the finding in IAM Access Analyzer, provided only for existing findings.
String existingFindingStatus
The existing status of the finding, provided only for existing findings.
Map<K,V> principal
The external principal that has access to a resource within the zone of trust.
List<E> action
The action in the analyzed policy statement that an external principal has permission to perform.
Map<K,V> condition
The condition in the analyzed policy statement that resulted in a finding.
String resource
The resource that an external principal has access to. This is the resource associated with the access preview.
Boolean isPublic
Indicates whether the policy that generated the finding allows public access to the resource.
String resourceType
The type of the resource that can be accessed in the finding.
Date createdAt
The time at which the access preview finding was created.
String changeType
Provides context on how the access preview finding compares to existing access identified in IAM Access Analyzer.
New
- The finding is for newly-introduced access.
Unchanged
- The preview finding is an existing finding that would remain unchanged.
Changed
- The preview finding is an existing finding with a change in status.
For example, a Changed
finding with preview status Resolved
and existing status
Active
indicates the existing Active
finding would become Resolved
as a
result of the proposed permissions change.
String status
The preview status of the finding. This is what the status of the finding would be after permissions deployment.
For example, a Changed
finding with preview status Resolved
and existing status
Active
indicates the existing Active
finding would become Resolved
as a
result of the proposed permissions change.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.
String error
An error.
List<E> sources
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
String code
The reason code for the current status of the access preview.
String id
The unique ID for the access preview.
String analyzerArn
The ARN of the analyzer used to generate the access preview.
Date createdAt
The time at which the access preview was created.
String status
The status of the access preview.
Creating
- The access preview creation is in progress.
Completed
- The access preview is complete and previews the findings for external access to the
resource.
Failed
- The access preview creation has failed.
AccessPreviewStatusReason statusReason
String resourceArn
The ARN of the resource that was analyzed.
String resourceType
The type of the resource that was analyzed.
Date createdAt
The time at which the finding was created.
Date analyzedAt
The time at which the resource was analyzed.
Date updatedAt
The time at which the finding was updated.
Boolean isPublic
Indicates whether the policy that generated the finding grants public access to the resource.
List<E> actions
The actions that an external principal is granted permission to use by the policy that generated the finding.
List<E> sharedVia
Indicates how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
String status
The current status of the finding generated from the analyzed resource.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource.
String error
An error message.
UnusedAccessConfiguration unusedAccess
Specifies the configuration of an unused access analyzer for an Amazon Web Services organization or account. External access analyzers do not support any configuration.
String arn
The ARN of the analyzer.
String name
The name of the analyzer.
String type
The type of analyzer, which corresponds to the zone of trust chosen for the analyzer.
Date createdAt
A timestamp for the time at which the analyzer was created.
String lastResourceAnalyzed
The resource that was most recently analyzed by the analyzer.
Date lastResourceAnalyzedAt
The time at which the most recently analyzed resource was analyzed.
Map<K,V> tags
The tags added to the analyzer.
String status
The status of the analyzer. An Active
analyzer successfully monitors supported resources and
generates new findings. The analyzer is Disabled
when a user action, such as removing trusted access
for Identity and Access Management Access Analyzer from Organizations, causes the analyzer to stop generating new
findings. The status is Creating
when the analyzer creation is in progress and Failed
when the analyzer creation has failed.
StatusReason statusReason
The statusReason
provides more details about the current status of the analyzer. For example, if the
creation for the analyzer fails, a Failed
status is returned. For an analyzer with organization as
the type, this failure can be due to an issue with creating the service-linked roles required in the member
accounts of the Amazon Web Services organization.
AnalyzerConfiguration configuration
Specifies whether the analyzer is an external access or unused access analyzer.
String jobId
The JobId
that is returned by the StartPolicyGeneration
operation. The
JobId
can be used with GetGeneratedPolicy
to retrieve the generated policies or used
with CancelPolicyGeneration
to cancel the policy generation request.
String policyDocument
The JSON policy document to use as the content for the policy.
List<E> access
An access object containing the permissions that shouldn't be granted by the specified policy. If only actions are specified, IAM Access Analyzer checks for access of the actions on all resources in the policy. If only resources are specified, then IAM Access Analyzer checks which actions have access to the specified resources. If both actions and resources are specified, then IAM Access Analyzer checks which of the specified actions have access to the specified resources.
String policyType
The type of policy. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
String result
The result of the check for whether the access is allowed. If the result is PASS
, the specified
policy doesn't allow any of the specified permissions in the access object. If the result is FAIL
,
the specified policy might allow some or all of the permissions in the access object.
String message
The message indicating whether the specified access is allowed.
List<E> reasons
A description of the reasoning of the result.
String newPolicyDocument
The JSON policy document to use as the content for the updated policy.
String existingPolicyDocument
The JSON policy document to use as the content for the existing policy.
String policyType
The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
String result
The result of the check for new access. If the result is PASS
, no new access is allowed by the
updated policy. If the result is FAIL
, the updated policy might allow new access.
String message
The message indicating whether the updated policy allows new access.
List<E> reasons
A description of the reasoning of the result.
String policyDocument
The JSON policy document to evaluate for public access.
String resourceType
The type of resource to evaluate for public access. For example, to check for public access to Amazon S3 buckets,
you can choose AWS::S3::Bucket
for the resource type.
For resource types not supported as valid values, IAM Access Analyzer will return an error.
String result
The result of the check for public access to the specified resource type. If the result is PASS
, the
policy doesn't allow public access to the specified resource type. If the result is FAIL
, the policy
might allow public access to the specified resource type.
String message
The message indicating whether the specified policy allows public access to resources.
List<E> reasons
A list of reasons why the specified resource policy grants public access for the resource type.
List<E> trails
A Trail
object that contains settings for a trail.
String accessRole
The ARN of the service role that IAM Access Analyzer uses to access your CloudTrail trail and service last accessed information.
Date startTime
The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
Date endTime
The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
List<E> trailProperties
A TrailProperties
object that contains settings for trail properties.
Date startTime
The start of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp before this time are not considered to generate a policy.
Date endTime
The end of the time range for which IAM Access Analyzer reviews your CloudTrail events. Events with a timestamp after this time are not considered to generate a policy. If this is not included in the request, the default value is the current time.
EbsSnapshotConfiguration ebsSnapshot
The access control configuration is for an Amazon EBS volume snapshot.
EcrRepositoryConfiguration ecrRepository
The access control configuration is for an Amazon ECR repository.
IamRoleConfiguration iamRole
The access control configuration is for an IAM role.
EfsFileSystemConfiguration efsFileSystem
The access control configuration is for an Amazon EFS file system.
KmsKeyConfiguration kmsKey
The access control configuration is for a KMS key.
RdsDbClusterSnapshotConfiguration rdsDbClusterSnapshot
The access control configuration is for an Amazon RDS DB cluster snapshot.
RdsDbSnapshotConfiguration rdsDbSnapshot
The access control configuration is for an Amazon RDS DB snapshot.
SecretsManagerSecretConfiguration secretsManagerSecret
The access control configuration is for a Secrets Manager secret.
S3BucketConfiguration s3Bucket
The access control configuration is for an Amazon S3 bucket.
SnsTopicConfiguration snsTopic
The access control configuration is for an Amazon SNS topic
SqsQueueConfiguration sqsQueue
The access control configuration is for an Amazon SQS queue.
S3ExpressDirectoryBucketConfiguration s3ExpressDirectoryBucket
The access control configuration is for an Amazon S3 directory bucket.
DynamodbStreamConfiguration dynamodbStream
The access control configuration is for a DynamoDB stream.
DynamodbTableConfiguration dynamodbTable
The access control configuration is for a DynamoDB table or index.
String analyzerArn
The ARN
of the account analyzer used to generate the access preview. You can only create an access preview for
analyzers with an Account
type and Active
status.
Map<K,V> configurations
Access control configuration for your resource that is used to generate the access preview. The access preview includes findings for external access allowed to the resource with the proposed access control configuration. The configuration must contain exactly one element.
String clientToken
A client token.
String id
The unique ID for the access preview.
String analyzerName
The name of the analyzer to create.
String type
The type of analyzer to create. Only ACCOUNT
, ORGANIZATION
,
ACCOUNT_UNUSED_ACCESS
, and ORGANIZATION_UNUSED_ACCESS
analyzers are supported. You can
create only one analyzer per account per Region. You can create up to 5 analyzers per organization per Region.
List<E> archiveRules
Specifies the archive rules to add for the analyzer. Archive rules automatically archive findings that meet the criteria you define for the rule.
Map<K,V> tags
An array of key-value pairs to apply to the analyzer.
String clientToken
A client token.
AnalyzerConfiguration configuration
Specifies the configuration of the analyzer. If the analyzer is an unused access analyzer, the specified scope of unused access is used for the configuration. If the analyzer is an external access analyzer, this field is not used.
String arn
The ARN of the analyzer that was created by the request.
List<E> eq
An "equals" operator to match for the filter used to create the rule.
List<E> neq
A "not equals" operator to match for the filter used to create the rule.
List<E> contains
A "contains" operator to match for the filter used to create the rule.
Boolean exists
An "exists" operator to match for the filter used to create the rule.
String streamPolicy
The proposed resource policy defining who can access or manage the DynamoDB stream.
String tablePolicy
The proposed resource policy defining who can access or manage the DynamoDB table.
List<E> userIds
The IDs of the Amazon Web Services accounts that have access to the Amazon EBS volume snapshot.
If the configuration is for an existing Amazon EBS volume snapshot and you do not specify the
userIds
, then the access preview uses the existing shared userIds
for the snapshot.
If the access preview is for a new resource and you do not specify the userIds
, then the access
preview considers the snapshot without any userIds
.
To propose deletion of existing shared accountIds
, you can specify an empty list for
userIds
.
List<E> groups
The groups that have access to the Amazon EBS volume snapshot. If the value all
is specified, then
the Amazon EBS volume snapshot is public.
If the configuration is for an existing Amazon EBS volume snapshot and you do not specify the groups
, then the access preview uses the existing shared groups
for the snapshot.
If the access preview is for a new resource and you do not specify the groups
, then the access
preview considers the snapshot without any groups
.
To propose deletion of existing shared groups
, you can specify an empty list for groups
.
String kmsKeyId
The KMS key identifier for an encrypted Amazon EBS volume snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If the configuration is for an existing Amazon EBS volume snapshot and you do not specify the
kmsKeyId
, or you specify an empty string, then the access preview uses the existing
kmsKeyId
of the snapshot.
If the access preview is for a new resource and you do not specify the kmsKeyId
, the access preview
considers the snapshot as unencrypted.
String repositoryPolicy
The JSON repository policy text to apply to the Amazon ECR repository. For more information, see Private repository policy examples in the Amazon ECR User Guide.
String fileSystemPolicy
The JSON policy definition to apply to the Amazon EFS file system. For more information on the elements that make up a file system policy, see Amazon EFS Resource-based policies.
List<E> action
The action in the analyzed policy statement that an external principal has permission to use.
Map<K,V> condition
The condition in the analyzed policy statement that resulted in an external access finding.
Boolean isPublic
Specifies whether the external access finding is public.
Map<K,V> principal
The external principal that has access to a resource within the zone of trust.
List<E> sources
The sources of the external access finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
String id
The ID of the finding.
Map<K,V> principal
The external principal that has access to a resource within the zone of trust.
List<E> action
The action in the analyzed policy statement that an external principal has permission to use.
String resource
The resource that an external principal has access to.
Boolean isPublic
Indicates whether the policy that generated the finding allows public access to the resource.
String resourceType
The type of the resource identified in the finding.
Map<K,V> condition
The condition in the analyzed policy statement that resulted in a finding.
Date createdAt
The time at which the finding was generated.
Date analyzedAt
The time at which the resource was analyzed.
Date updatedAt
The time at which the finding was updated.
String status
The current status of the finding.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource.
String error
An error.
List<E> sources
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
ExternalAccessDetails externalAccessDetails
The details for an external access analyzer finding.
UnusedPermissionDetails unusedPermissionDetails
The details for an unused access analyzer finding with an unused permission finding type.
UnusedIamUserAccessKeyDetails unusedIamUserAccessKeyDetails
The details for an unused access analyzer finding with an unused IAM user access key finding type.
UnusedIamRoleDetails unusedIamRoleDetails
The details for an unused access analyzer finding with an unused IAM role finding type.
UnusedIamUserPasswordDetails unusedIamUserPasswordDetails
The details for an unused access analyzer finding with an unused IAM user password finding type.
String type
Indicates the type of access that generated the finding.
FindingSourceDetail detail
Includes details about how the access that generated the finding is granted. This is populated for Amazon S3 bucket findings.
String accessPointArn
The ARN of the access point that generated the finding. The ARN format depends on whether the ARN represents an access point or a multi-region access point.
String accessPointAccount
The account of the cross-account access point that generated the finding.
String id
The ID of the finding.
Map<K,V> principal
The external principal that has access to a resource within the zone of trust.
List<E> action
The action in the analyzed policy statement that an external principal has permission to use.
String resource
The resource that the external principal has access to.
Boolean isPublic
Indicates whether the finding reports a resource that has a policy that allows public access.
String resourceType
The type of the resource that the external principal has access to.
Map<K,V> condition
The condition in the analyzed policy statement that resulted in a finding.
Date createdAt
The time at which the finding was created.
Date analyzedAt
The time at which the resource-based policy that generated the finding was analyzed.
Date updatedAt
The time at which the finding was most recently updated.
String status
The status of the finding.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource.
String error
The error that resulted in an Error finding.
List<E> sources
The sources of the finding. This indicates how the access that generated the finding is granted. It is populated for Amazon S3 bucket findings.
Date analyzedAt
The time at which the resource-based policy or IAM entity that generated the finding was analyzed.
Date createdAt
The time at which the finding was created.
String error
The error that resulted in an Error finding.
String id
The ID of the finding.
String resource
The resource that the external principal has access to.
String resourceType
The type of the resource that the external principal has access to.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource.
String status
The status of the finding.
Date updatedAt
The time at which the finding was most recently updated.
String findingType
The type of the external access or unused access finding.
String policy
The text to use as the content for the new policy. The policy is created using the CreatePolicy action.
Boolean isComplete
This value is set to true
if the generated policy contains all possible actions for a service that
IAM Access Analyzer identified from the CloudTrail trail that you specified, and false
otherwise.
String principalArn
The ARN of the IAM entity (user or role) for which you are generating a policy.
CloudTrailProperties cloudTrailProperties
Lists details about the Trail
used to generated policy.
GeneratedPolicyProperties properties
A GeneratedPolicyProperties
object that contains properties of the generated policy.
List<E> generatedPolicies
The text to use as the content for the new policy. The policy is created using the CreatePolicy action.
String analyzerArn
The ARN of the analyzer used to generate the finding recommendation.
String id
The unique ID for the finding recommendation.
String accessPreviewId
The unique ID for the access preview.
String analyzerArn
The ARN of the analyzer used to generate the access preview.
AccessPreview accessPreview
An object that contains information about the access preview.
String analyzerArn
The ARN of the analyzer to retrieve information from.
String resourceArn
The ARN of the resource to retrieve information about.
AnalyzedResource resource
An AnalyzedResource
object that contains information that IAM Access Analyzer found when it analyzed
the resource.
String analyzerName
The name of the analyzer retrieved.
AnalyzerSummary analyzer
An AnalyzerSummary
object that contains information about the analyzer.
ArchiveRuleSummary archiveRule
String analyzerArn
The ARN of the analyzer used to generate the finding recommendation.
String id
The unique ID for the finding recommendation.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token used for pagination of results returned.
Date startedAt
The time at which the retrieval of the finding recommendation was started.
Date completedAt
The time at which the retrieval of the finding recommendation was completed.
String nextToken
A token used for pagination of results returned.
RecommendationError error
Detailed information about the reason that the retrieval of a recommendation for the finding failed.
String resourceArn
The ARN of the resource of the finding.
List<E> recommendedSteps
A group of recommended steps for the finding.
String recommendationType
The type of recommendation for the finding.
String status
The status of the retrieval of the finding recommendation.
String analyzerArn
The ARN of the analyzer that generated the finding.
String id
The ID of the finding to retrieve.
Finding finding
A finding
object that contains finding details.
String analyzerArn
The ARN of the analyzer that generated the finding.
String id
The ID of the finding to retrieve.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token used for pagination of results returned.
Date analyzedAt
The time at which the resource-based policy or IAM entity that generated the finding was analyzed.
Date createdAt
The time at which the finding was created.
String error
An error.
String id
The ID of the finding to retrieve.
String nextToken
A token used for pagination of results returned.
String resource
The resource that generated the finding.
String resourceType
The type of the resource identified in the finding.
String resourceOwnerAccount
Tye Amazon Web Services account ID that owns the resource.
String status
The status of the finding.
Date updatedAt
The time at which the finding was updated.
List<E> findingDetails
A localized message that explains the finding and provides guidance on how to address it.
String findingType
The type of the finding. For external access analyzers, the type is ExternalAccess
. For unused
access analyzers, the type can be UnusedIAMRole
, UnusedIAMUserAccessKey
,
UnusedIAMUserPassword
, or UnusedPermission
.
String jobId
The JobId
that is returned by the StartPolicyGeneration
operation. The
JobId
can be used with GetGeneratedPolicy
to retrieve the generated policies or used
with CancelPolicyGeneration
to cancel the policy generation request.
Boolean includeResourcePlaceholders
The level of detail that you want to generate. You can specify whether to generate policies with placeholders for resource ARNs for actions that support resource level granularity in policies.
For example, in the resource section of a policy, you can receive a placeholder such as
"Resource":"arn:aws:s3:::${BucketName}"
instead of "*"
.
Boolean includeServiceLevelTemplate
The level of detail that you want to generate. You can specify whether to generate service-level policies.
IAM Access Analyzer uses iam:servicelastaccessed
to identify services that have been used recently
to create this service-level template.
JobDetails jobDetails
A GeneratedPolicyDetails
object that contains details about the generated policy.
GeneratedPolicyResult generatedPolicyResult
A GeneratedPolicyResult
object that contains the generated policies and associated details.
String trustPolicy
The proposed trust policy for the IAM role.
Integer retryAfterSeconds
The seconds to wait to retry.
String jobId
The JobId
that is returned by the StartPolicyGeneration
operation. The
JobId
can be used with GetGeneratedPolicy
to retrieve the generated policies or used
with CancelPolicyGeneration
to cancel the policy generation request.
String status
The status of the job request.
Date startedOn
A timestamp of when the job was started.
Date completedOn
A timestamp of when the job was completed.
JobError jobError
The job error for the policy generation request.
List<E> operations
A list of operations that the grant permits.
String granteePrincipal
The principal that is given permission to perform the operations that the grant permits.
String retiringPrincipal
The principal that is given permission to retire the grant by using RetireGrant operation.
KmsGrantConstraints constraints
Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.
String issuingAccount
The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.
Map<K,V> encryptionContextEquals
A list of key-value pairs that must match the encryption context in the cryptographic operation request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
Map<K,V> encryptionContextSubset
A list of key-value pairs that must be included in the encryption context of the cryptographic operation request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
Map<K,V> keyPolicies
Resource policy configuration for the KMS key. The only valid value for the name of the key policy is
default
. For more information, see Default key
policy.
List<E> grants
A list of proposed grant configurations for the KMS key. If the proposed grant configuration is for an existing key, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the key.
String accessPreviewId
The unique ID for the access preview.
String analyzerArn
The ARN of the analyzer used to generate the access.
Map<K,V> filter
Criteria to filter the returned findings.
String nextToken
A token used for pagination of results returned.
Integer maxResults
The maximum number of results to return in the response.
String analyzerArn
The ARN of the analyzer used to generate the access preview.
String nextToken
A token used for pagination of results returned.
Integer maxResults
The maximum number of results to return in the response.
String analyzerArn
The ARN of the analyzer to retrieve a list of analyzed resources from.
String resourceType
The type of resource.
String nextToken
A token used for pagination of results returned.
Integer maxResults
The maximum number of results to return in the response.
String analyzerArn
The ARN of the analyzer to retrieve findings from.
Map<K,V> filter
A filter to match for the findings to return.
SortCriteria sort
The sort order for the findings returned.
String nextToken
A token used for pagination of results returned.
Integer maxResults
The maximum number of results to return in the response.
String analyzerArn
The ARN of the analyzer to retrieve findings from.
Map<K,V> filter
A filter to match for the findings to return.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token used for pagination of results returned.
SortCriteria sort
String principalArn
The ARN of the IAM entity (user or role) for which you are generating a policy. Use this with
ListGeneratedPolicies
to filter the results to only include results for a specific principal.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token used for pagination of results returned.
String resourceArn
The ARN of the resource to retrieve tags from.
VpcConfiguration vpcConfiguration
InternetConfiguration internetConfiguration
The configuration for the Amazon S3 access point or multi-region access point with an Internet
origin.
String jobId
The JobId
that is returned by the StartPolicyGeneration
operation. The
JobId
can be used with GetGeneratedPolicy
to retrieve the generated policies or used
with CancelPolicyGeneration
to cancel the policy generation request.
String principalArn
The ARN of the IAM entity (user or role) for which you are generating a policy.
String status
The status of the policy generation request.
Date startedOn
A timestamp of when the policy generation started.
Date completedOn
A timestamp of when the policy generation was completed.
String principalArn
The ARN of the IAM entity (user or role) for which you are generating a policy.
List<E> accountIds
The Amazon Web Services account IDs that have access to the manual Amazon RDS DB cluster snapshot. If the value
all
is specified, then the Amazon RDS DB cluster snapshot is public and can be copied or restored by
all Amazon Web Services accounts.
If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not specify the
accountIds
in RdsDbClusterSnapshotAttributeValue
, then the access preview uses the
existing shared accountIds
for the snapshot.
If the access preview is for a new resource and you do not specify the specify the accountIds
in
RdsDbClusterSnapshotAttributeValue
, then the access preview considers the snapshot without any
attributes.
To propose deletion of existing shared accountIds
, you can specify an empty list for
accountIds
in the RdsDbClusterSnapshotAttributeValue
.
Map<K,V> attributes
The names and values of manual DB cluster snapshot attributes. Manual DB cluster snapshot attributes are used to
authorize other Amazon Web Services accounts to restore a manual DB cluster snapshot. The only valid value for
AttributeName
for the attribute map is restore
String kmsKeyId
The KMS key identifier for an encrypted Amazon RDS DB cluster snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If the configuration is for an existing Amazon RDS DB cluster snapshot and you do not specify the
kmsKeyId
, or you specify an empty string, then the access preview uses the existing
kmsKeyId
of the snapshot.
If the access preview is for a new resource and you do not specify the specify the kmsKeyId
, then
the access preview considers the snapshot as unencrypted.
List<E> accountIds
The Amazon Web Services account IDs that have access to the manual Amazon RDS DB snapshot. If the value
all
is specified, then the Amazon RDS DB snapshot is public and can be copied or restored by all
Amazon Web Services accounts.
If the configuration is for an existing Amazon RDS DB snapshot and you do not specify the accountIds
in RdsDbSnapshotAttributeValue
, then the access preview uses the existing shared
accountIds
for the snapshot.
If the access preview is for a new resource and you do not specify the specify the accountIds
in
RdsDbSnapshotAttributeValue
, then the access preview considers the snapshot without any attributes.
To propose deletion of an existing shared accountIds
, you can specify an empty list for
accountIds
in the RdsDbSnapshotAttributeValue
.
Map<K,V> attributes
The names and values of manual DB snapshot attributes. Manual DB snapshot attributes are used to authorize other
Amazon Web Services accounts to restore a manual DB snapshot. The only valid value for attributeName
for the attribute map is restore.
String kmsKeyId
The KMS key identifier for an encrypted Amazon RDS DB snapshot. The KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key.
If the configuration is for an existing Amazon RDS DB snapshot and you do not specify the kmsKeyId
,
or you specify an empty string, then the access preview uses the existing kmsKeyId
of the snapshot.
If the access preview is for a new resource and you do not specify the specify the kmsKeyId
, then
the access preview considers the snapshot as unencrypted.
UnusedPermissionsRecommendedStep unusedPermissionsRecommendedStep
A recommended step for an unused permissions finding.
String accessPointPolicy
The access point or multi-region access point policy.
S3PublicAccessBlockConfiguration publicAccessBlock
The proposed S3PublicAccessBlock
configuration to apply to this Amazon S3 access point or
multi-region access point.
NetworkOriginConfiguration networkOrigin
The proposed Internet
and VpcConfiguration
to apply to this Amazon S3 access point.
VpcConfiguration
does not apply to multi-region access points. If the access preview is for a new
resource and neither is specified, the access preview uses Internet
for the network origin. If the
access preview is for an existing resource and neither is specified, the access preview uses the exiting network
origin.
String permission
The permissions being granted.
AclGrantee grantee
The grantee to whom you’re assigning access rights.
String bucketPolicy
The proposed bucket policy for the Amazon S3 bucket.
List<E> bucketAclGrants
The proposed list of ACL grants for the Amazon S3 bucket. You can propose up to 100 ACL grants per bucket. If the proposed grant configuration is for an existing bucket, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the bucket.
S3PublicAccessBlockConfiguration bucketPublicAccessBlock
The proposed block public access configuration for the Amazon S3 bucket.
Map<K,V> accessPoints
The configuration of Amazon S3 access points or multi-region access points for the bucket. You can propose up to 10 new access points per bucket.
String bucketPolicy
The proposed bucket policy for the Amazon S3 directory bucket.
String topicPolicy
The JSON policy text that defines who can access an Amazon SNS topic. For more information, see Example cases for Amazon SNS access control in the Amazon SNS Developer Guide.
String queuePolicy
The proposed resource policy for the Amazon SQS queue.
PolicyGenerationDetails policyGenerationDetails
Contains the ARN of the IAM entity (user or role) for which you are generating a policy.
CloudTrailDetails cloudTrailDetails
A CloudTrailDetails
object that contains details about a Trail
that you want to analyze
to generate policies.
String clientToken
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. Idempotency ensures that an API request completes only once. With an idempotent request, if the original request completes successfully, the subsequent retries with the same client token return the result from the original successful request and they have no additional effect.
If you do not specify a client token, one is automatically generated by the Amazon Web Services SDK.
String jobId
The JobId
that is returned by the StartPolicyGeneration
operation. The
JobId
can be used with GetGeneratedPolicy
to retrieve the generated policies or used
with CancelPolicyGeneration
to cancel the policy generation request.
String analyzerArn
The ARN of the analyzer to use to scan the policies applied to the specified resource.
String resourceArn
The ARN of the resource to scan.
String resourceOwnerAccount
The Amazon Web Services account ID that owns the resource. For most Amazon Web Services resources, the owning account is the account in which the resource was created.
String code
The reason code for the current status of the analyzer.
Integer retryAfterSeconds
The seconds to wait to retry.
String cloudTrailArn
Specifies the ARN of the trail. The format of a trail ARN is
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
.
List<E> regions
A list of regions to get CloudTrail data from and analyze to generate a policy.
Boolean allRegions
Possible values are true
or false
. If set to true
, IAM Access Analyzer
retrieves CloudTrail data from all regions to analyze and generate a policy.
String cloudTrailArn
Specifies the ARN of the trail. The format of a trail ARN is
arn:aws:cloudtrail:us-east-2:123456789012:trail/MyTrail
.
List<E> regions
A list of regions to get CloudTrail data from and analyze to generate a policy.
Boolean allRegions
Possible values are true
or false
. If set to true
, IAM Access Analyzer
retrieves CloudTrail data from all regions to analyze and generate a policy.
Integer unusedAccessAge
The specified access age in days for which to generate findings for unused access. For example, if you specify 90 days, the analyzer will generate findings for IAM entities within the accounts of the selected organization for any access that hasn't been used in 90 or more days since the analyzer's last scan. You can choose a value between 1 and 180 days.
Date lastAccessed
The time at which the role was last accessed.
Date lastAccessed
The time at which the password was last accessed.
List<E> actions
A list of unused actions for which the unused access finding was generated.
String serviceNamespace
The namespace of the Amazon Web Services service that contains the unused actions.
Date lastAccessed
The time at which the permission was last accessed.
Date policyUpdatedAt
The time at which the existing policy for the unused permissions finding was last updated.
String recommendedAction
A recommendation of whether to create or detach a policy for an unused permissions finding.
String recommendedPolicy
If the recommended action for the unused permissions finding is to replace the existing policy, the contents of
the recommended policy to replace the policy specified in the existingPolicyId
field.
String existingPolicyId
If the recommended action for the unused permissions finding is to detach a policy, the ID of an existing policy to be detached.
String analyzerName
The name of the analyzer to update the archive rules for.
String ruleName
The name of the rule to update.
Map<K,V> filter
A filter to match for the rules to update. Only rules that match the filter are updated.
String clientToken
A client token.
String analyzerArn
The ARN of the analyzer that generated the findings to update.
String status
The state represents the action to take to update the finding Status. Use ARCHIVE
to change an
Active finding to an Archived finding. Use ACTIVE
to change an Archived finding to an Active
finding.
List<E> ids
The IDs of the findings to update.
String resourceArn
The ARN of the resource identified in the finding.
String clientToken
A client token.
String findingDetails
A localized message that explains the finding and provides guidance on how to address it.
String findingType
The impact of the finding.
Security warnings report when the policy allows access that we consider overly permissive.
Errors report when a part of the policy is not functional.
Warnings report non-security issues when a policy does not conform to policy writing best practices.
Suggestions recommend stylistic improvements in the policy that do not impact access.
String issueCode
The issue code provides an identifier of the issue associated with this finding.
String learnMoreLink
A link to additional documentation about the type of finding.
List<E> locations
The list of locations in the policy document that are related to the finding. The issue code provides a summary of an issue identified by the finding.
String locale
The locale to use for localizing the findings.
Integer maxResults
The maximum number of results to return in the response.
String nextToken
A token used for pagination of results returned.
String policyDocument
The JSON policy document to use as the content for the policy.
String policyType
The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Service control policies (SCPs) are a type of organization policy attached to an Amazon Web Services organization, organizational unit (OU), or an account.
String validatePolicyResourceType
The type of resource to attach to your resource policy. Specify a value for the policy validation resource type
only if the policy type is RESOURCE_POLICY
. For example, to validate a resource policy to attach to
an Amazon S3 bucket, you can choose AWS::S3::Bucket
for the policy validation resource type.
For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.
String vpcId
If this field is specified, this access point will only allow connections from the specified VPC ID.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
This operation can only be called from the management account or the delegated administrator account of an organization for a member account.
The management account can't specify its own AccountId
.
String otp
The OTP code sent to the PrimaryEmail
specified on the StartPrimaryEmailUpdate
API
call.
String primaryEmail
The new primary email address for use with the specified account. This must match the PrimaryEmail
from the StartPrimaryEmailUpdate
API call.
String status
Retrieves the status of the accepted primary email update request.
String alternateContactType
The type of alternate contact.
String emailAddress
The email address associated with this alternate contact.
String name
The name associated with this alternate contact.
String phoneNumber
The phone number associated with this alternate contact.
String title
The title associated with this alternate contact.
String addressLine1
The first line of the primary contact address.
String addressLine2
The second line of the primary contact address, if any.
String addressLine3
The third line of the primary contact address, if any.
String city
The city of the primary contact address.
String companyName
The name of the company associated with the primary contact information, if any.
String countryCode
The ISO-3166 two-letter country code for the primary contact address.
String districtOrCounty
The district or county of the primary contact address, if any.
String fullName
The full name of the primary contact address.
String phoneNumber
The phone number of the primary contact information. The number will be validated and, in some countries, checked for activation.
String postalCode
The postal code of the primary contact address.
String stateOrRegion
The state or region of the primary contact address. If the mailing address is within the United States (US), the
value in this field can be either a two character state code (for example, NJ
) or the full state
name (for example, New Jersey
). This field is required in the following countries: US
,
CA
, GB
, DE
, JP
, IN
, and BR
.
String websiteUrl
The URL of the website associated with the primary contact information, if any.
String accountId
Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation.
If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation.
To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
; it must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String alternateContactType
Specifies which of the alternate contacts to delete.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String regionName
Specifies the Region-code for a given Region name (for example, af-south-1
). When you disable a
Region, Amazon Web Services performs actions to deactivate that Region in your account, such as destroying IAM
resources in the Region. This process takes a few minutes for most accounts, but this can take several hours. You
cannot enable the Region until the disabling process is fully completed.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String regionName
Specifies the Region-code for a given Region name (for example, af-south-1
). When you enable a
Region, Amazon Web Services performs actions to prepare your account in that Region, such as distributing your
IAM resources to the Region. This process takes a few minutes for most accounts, but it can take several hours.
You cannot use the Region until this process is complete. Furthermore, you cannot disable the Region until the
enabling process is fully completed.
String accountId
Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation.
If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation.
To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
; it must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String alternateContactType
Specifies which alternate contact you want to retrieve.
AlternateContact alternateContact
A structure that contains the details for the specified alternate contact.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
ContactInformation contactInformation
Contains the details of the primary contact information associated with an Amazon Web Services account.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
This operation can only be called from the management account or the delegated administrator account of an organization for a member account.
The management account can't specify its own AccountId
.
String primaryEmail
Retrieves the primary email address associated with the specified account.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String regionName
Specifies the Region-code for a given Region name (for example, af-south-1
). This function will
return the status of whatever Region you pass into this parameter.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
Integer maxResults
The total number of items to return in the command’s output. If the total number of items available is more than
the value specified, a NextToken
is provided in the command’s output. To resume pagination, provide
the NextToken
value in the starting-token
argument of a subsequent command. Do not use
the NextToken
response element directly outside of the Amazon Web Services CLI. For usage examples,
see Pagination in the Amazon Web
Services Command Line Interface User Guide.
String nextToken
A token used to specify where to start paginating. This is the NextToken
from a previously truncated
response. For usage examples, see Pagination in the Amazon Web
Services Command Line Interface User Guide.
List<E> regionOptStatusContains
A list of Region statuses (Enabling, Enabled, Disabling, Disabled, Enabled_by_default) to use to filter the list of Regions for a given account. For example, passing in a value of ENABLING will only return a list of Regions with a Region status of ENABLING.
String nextToken
If there is more data to be returned, this will be populated. It should be passed into the
next-token
request parameter of list-regions
.
List<E> regions
This is a list of Regions for a given account, or if the filtered parameter was used, a list of Regions that
match the filter criteria set in the filter
parameter.
String accountId
Specifies the 12 digit account ID number of the Amazon Web Services account that you want to access or modify with this operation.
If you do not specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation.
To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account, and the specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
; it must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, then don't specify this parameter, and call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
String alternateContactType
Specifies which alternate contact you want to create or update.
String emailAddress
Specifies an email address for the alternate contact.
String name
Specifies a name for the alternate contact.
String phoneNumber
Specifies a phone number for the alternate contact.
String title
Specifies a title for the alternate contact.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. If you don't specify this parameter, it defaults to the Amazon Web Services account of the identity used to call the operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
The management account can't specify its own AccountId
. It must call the operation in standalone
context by not including the AccountId
parameter.
To call this operation on an account that is not a member of an organization, don't specify this parameter. Instead, call the operation using an identity belonging to the account whose contacts you wish to retrieve or modify.
ContactInformation contactInformation
Contains the details of the primary contact information associated with an Amazon Web Services account.
String accountId
Specifies the 12-digit account ID number of the Amazon Web Services account that you want to access or modify with this operation. To use this parameter, the caller must be an identity in the organization's management account or a delegated administrator account. The specified account ID must be a member account in the same organization. The organization must have all features enabled, and the organization must have trusted access enabled for the Account Management service, and optionally a delegated admin account assigned.
This operation can only be called from the management account or the delegated administrator account of an organization for a member account.
The management account can't specify its own AccountId
.
String primaryEmail
The new primary email address (also known as the root user email address) to use in the specified account.
String status
The status of the primary email update request.
AccessMethod accessMethod
The type and format of AccessDescription
information.
GeneralName accessLocation
The location of AccessDescription
information.
String customObjectIdentifier
An object identifier (OID) specifying the AccessMethod
. The OID must satisfy the regular expression
shown below. For more information, see NIST's definition of Object Identifier (OID).
String accessMethodType
Specifies the AccessMethod
.
Extensions extensions
Specifies X.509 extension information for a certificate.
ASN1Subject subject
String country
Two-digit code that specifies the country in which the certificate subject located.
String organization
Legal name of the organization with which the certificate subject is affiliated.
String organizationalUnit
A subdivision or unit of the organization (such as sales or finance) with which the certificate subject is affiliated.
String distinguishedNameQualifier
Disambiguating information for the certificate subject.
String state
State in which the subject of the certificate is located.
String commonName
For CA and end-entity certificates in a private PKI, the common name (CN) can be any string within the length limit.
Note: In publicly trusted certificates, the common name must be a fully qualified domain name (FQDN) associated with the certificate subject.
String serialNumber
The certificate serial number.
String locality
The locality (such as a city or town) in which the certificate subject is located.
String title
A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the certificate subject.
String surname
Family name. In the US and the UK, for example, the surname of an individual is ordered last. In Asian cultures the surname is typically ordered first.
String givenName
First name.
String initials
Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the first letter of the Surname.
String pseudonym
Typically a shortened version of a longer GivenName. For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth, Liz, or Eliza.
String generationQualifier
Typically a qualifier appended to the name of an individual. Examples include Jr. for junior, Sr. for senior, and III for third.
List<E> customAttributes
Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of which consists of an object identifier (OID) and a value. For more information, see NIST’s definition of Object Identifier (OID).
Custom attributes cannot be used in combination with standard attributes.
String arn
Amazon Resource Name (ARN) for your private certificate authority (CA). The format is
12345678-1234-1234-1234-123456789012
.
String ownerAccount
The Amazon Web Services account ID that owns the certificate authority.
Date createdAt
Date and time at which your private CA was created.
Date lastStateChangeAt
Date and time at which your private CA was last updated.
String type
Type of your private CA.
String serial
Serial number of your private CA.
String status
Status of your private CA.
Date notBefore
Date and time before which your private CA certificate is not valid.
Date notAfter
Date and time after which your private CA certificate is not valid.
String failureReason
Reason the request to create your private CA failed.
CertificateAuthorityConfiguration certificateAuthorityConfiguration
Your private CA configuration.
RevocationConfiguration revocationConfiguration
Information about the Online Certificate Status Protocol (OCSP) configuration or certificate revocation list (CRL) created and maintained by your private CA.
Date restorableUntil
The period during which a deleted CA can be restored. For more information, see the
PermanentDeletionTimeInDays
parameter of the DeleteCertificateAuthorityRequest action.
String keyStorageSecurityStandard
Defines a cryptographic key management compliance standard used for handling CA keys.
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must explicitly
specify this parameter and value when creating a CA in that Region. Specifying a different value (or no value)
results in an InvalidArgsException
with the message
"A certificate authority cannot be created in this region with the specified security standard."
String usageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.
String keyAlgorithm
Type of the public key algorithm and size, in bits, of the key pair that your CA creates when it issues a certificate. When you create a subordinate CA, you must use a key algorithm supported by the parent CA.
String signingAlgorithm
Name of the algorithm your private CA uses to sign certificate requests.
This parameter should not be confused with the SigningAlgorithm
parameter used to sign certificates
when they are issued.
ASN1Subject subject
Structure that contains X.500 distinguished name information for your private CA.
CsrExtensions csrExtensions
Specifies information to be added to the extension section of the certificate signing request (CSR).
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the CA to be audited. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String s3BucketName
The name of the S3 bucket that will contain the audit report.
String auditReportResponseFormat
The format in which to create the report. This can be either JSON or CSV.
CertificateAuthorityConfiguration certificateAuthorityConfiguration
Name and bit size of the private key algorithm, the name of the signing algorithm, and X.500 certificate subject information.
RevocationConfiguration revocationConfiguration
Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. The default is for both certificate validation mechanisms to be disabled.
The following requirements apply to revocation configurations.
A configuration disabling CRLs or OCSP must contain only the Enabled=False
parameter, and will fail
if other parameters such as CustomCname
or ExpirationInDays
are included.
In a CRL configuration, the S3BucketName
parameter must conform to Amazon S3 bucket naming
rules.
A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
For more information, see the OcspConfiguration and CrlConfiguration types.
String certificateAuthorityType
The type of the certificate authority.
String idempotencyToken
Custom string that can be used to distinguish between calls to the CreateCertificateAuthority action. Idempotency tokens for CreateCertificateAuthority time out after five minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency token within five minutes, Amazon Web Services Private CA recognizes that you are requesting only certificate authority and will issue only one. If you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple certificate authorities.
String keyStorageSecurityStandard
Specifies a cryptographic key management compliance standard used for handling CA keys.
Default: FIPS_140_2_LEVEL_3_OR_HIGHER
Some Amazon Web Services Regions do not support the default. When creating a CA in these Regions, you must
provide FIPS_140_2_LEVEL_2_OR_HIGHER
as the argument for KeyStorageSecurityStandard
.
Failure to do this results in an InvalidArgsException
with the message,
"A certificate authority cannot be created in this region with the specified security standard."
For information about security standard support in various Regions, see Storage and security compliance of Amazon Web Services Private CA private keys.
List<E> tags
Key-value pairs that will be attached to the new private CA. You can associate up to 50 tags with a private CA. For information using tags with IAM to manage permissions, see Controlling Access Using IAM Tags.
String usageMode
Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days.
The default value is GENERAL_PURPOSE.
String certificateAuthorityArn
If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the ARN by calling the ListCertificateAuthorities action. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String principal
The Amazon Web Services service or identity that receives the permission. At this time, the only valid principal
is acm.amazonaws.com
.
String sourceAccount
The ID of the calling account.
List<E> actions
The actions that the specified Amazon Web Services service principal can use. These include
IssueCertificate
, GetCertificate
, and ListPermissions
.
Boolean enabled
Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the CreateCertificateAuthority action or for an existing CA when you call the UpdateCertificateAuthority action.
Integer expirationInDays
Validity period of the CRL in days.
String customCname
Name inserted into the certificate CRL Distribution Points extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.
The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
String s3BucketName
Name of the S3 bucket that contains the CRL. If you do not provide a value for the CustomCname argument, the name of your S3 bucket is placed into the CRL Distribution Points extension of the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket policy that allows Amazon Web Services Private CA to write the CRL to your bucket.
The S3BucketName
parameter must conform to the S3 bucket naming rules.
String s3ObjectAcl
Determines whether the CRL will be publicly readable or privately held in the CRL Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket can access the CRL, and your PKI clients may need an alternative method of access.
If no value is specified, the default is PUBLIC_READ
.
Note: This default can cause CA creation to fail in some circumstances. If you have have enabled the Block
Public Access (BPA) feature in your S3 account, then you must specify the value of this parameter as
BUCKET_OWNER_FULL_CONTROL
, and not doing so results in an error. If you have disabled BPA in S3,
then you can specify either BUCKET_OWNER_FULL_CONTROL
or PUBLIC_READ
as the value.
For more information, see Blocking public access to the S3 bucket.
CrlDistributionPointExtensionConfiguration crlDistributionPointExtensionConfiguration
Configures the behavior of the CRL Distribution Point extension for certificates issued by your certificate authority. If this field is not provided, then the CRl Distribution Point Extension will be present and contain the default CRL URL.
Boolean omitExtension
Configures whether the CRL Distribution Point extension should be populated with the default URL to the CRL. If
set to true
, then the CDP extension will not be present in any certificates issued by that CA unless
otherwise specified through CSR or API passthrough.
Only set this if you have another way to distribute the CRL Distribution Points ffor certificates issued by your CA, such as the Matter Distributed Compliance Ledger
This configuration cannot be enabled with a custom CNAME set.
KeyUsage keyUsage
Indicates the purpose of the certificate and of the key contained in the certificate.
List<E> subjectInformationAccess
For CA certificates, provides a path to additional information pertaining to the CA, such as revocation and policy. For more information, see Subject Information Access in RFC 5280.
String objectIdentifier
Specifies the object identifier (OID) of the X.509 extension. For more information, see the Global OID reference database.
String value
Specifies the base64-encoded value of the X.509 extension.
Boolean critical
Specifies the critical flag of the X.509 extension.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
Integer permanentDeletionTimeInDays
The number of days to make a CA restorable after it has been deleted. This can be anywhere from 7 to 30 days, with 30 being the default.
String certificateAuthorityArn
The Amazon Resource Number (ARN) of the private CA that issued the permissions. You can find the CA's ARN by calling the ListCertificateAuthorities action. This must have the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String principal
The Amazon Web Services service or identity that will have its CA permissions revoked. At this time, the only
valid service principal is acm.amazonaws.com
String sourceAccount
The Amazon Web Services account that calls this action.
String resourceArn
The Amazon Resource Number (ARN) of the private CA that will have its policy deleted. You can find the CA's ARN
by calling the ListCertificateAuthorities action. The ARN value must have the form
arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab
.
String certificateAuthorityArn
The Amazon Resource Name (ARN) of the private CA. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String auditReportId
The report ID returned by calling the CreateCertificateAuthorityAuditReport action.
String auditReportStatus
Specifies whether report creation is in progress, has succeeded, or has failed.
String s3BucketName
Name of the S3 bucket that contains the report.
String s3Key
S3 key that uniquely identifies the report file in your S3 bucket.
Date createdAt
The date and time at which the report was created.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
CertificateAuthority certificateAuthority
A CertificateAuthority structure that contains information about your private CA.
List<E> certificatePolicies
Contains a sequence of one or more policy information terms, each of which consists of an object identifier (OID) and optional qualifiers. For more information, see NIST's definition of Object Identifier (OID).
In an end-entity certificate, these terms indicate the policy under which the certificate was issued and the purposes for which it may be used. In a CA certificate, these terms limit the set of policies for certification paths that include this certificate.
List<E> extendedKeyUsage
Specifies additional purposes for which the certified public key may be used other than basic purposes indicated
in the KeyUsage
extension.
KeyUsage keyUsage
List<E> subjectAlternativeNames
The subject alternative name extension allows identities to be bound to the subject of the certificate. These identities may be included in addition to or in place of the identity in the subject field of the certificate.
List<E> customExtensions
Contains a sequence of one or more X.509 extensions, each of which consists of an object identifier (OID), a base64-encoded value, and the critical flag. For more information, see the Global OID reference database.
OtherName otherName
Represents GeneralName
using an OtherName
object.
String rfc822Name
Represents GeneralName
as an RFC 822
email address.
String dnsName
Represents GeneralName
as a DNS name.
ASN1Subject directoryName
EdiPartyName ediPartyName
Represents GeneralName
as an EdiPartyName
object.
String uniformResourceIdentifier
Represents GeneralName
as a URI.
String ipAddress
Represents GeneralName
as an IPv4 or IPv6 address.
String registeredId
Represents GeneralName
as an object identifier (OID).
String certificateAuthorityArn
The Amazon Resource Name (ARN) of your private CA. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String certificate
Base64-encoded certificate authority (CA) certificate.
String certificateChain
Base64-encoded certificate chain that includes any intermediate certificates and chains up to root certificate that you used to sign your private CA certificate. The chain does not include your private CA certificate. If this is a root CA, the value will be null.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
String csr
The base64 PEM-encoded certificate signing request (CSR) for your private CA certificate.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
.
String certificateArn
The ARN of the issued certificate. The ARN contains the certificate serial number and must be in the following form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
String resourceArn
The Amazon Resource Number (ARN) of the private CA that will have its policy retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities action.
</p>
String policy
The policy attached to the private CA as a JSON document.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
ByteBuffer certificate
The PEM-encoded certificate for a private CA. This may be a self-signed certificate in the case of a root CA, or it may be signed by another CA that you control.
ByteBuffer certificateChain
A PEM-encoded file that contains all of your certificates, other than the certificate you're importing, chaining up to your root CA. Your Amazon Web Services Private CA-hosted or on-premises root certificate is the last in the chain, and each certificate in the chain signs the one preceding.
This parameter must be supplied when you import a subordinate CA. When you import a root CA, there is no chain.
ApiPassthrough apiPassthrough
Specifies X.509 certificate information to be included in the issued certificate. An APIPassthrough
or APICSRPassthrough
template variant must be selected, or else this parameter is ignored. For more
information about using these templates, see Understanding Certificate
Templates.
If conflicting or duplicate certificate information is supplied during certificate issuance, Amazon Web Services Private CA applies order of operation rules to determine what information is used.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
ByteBuffer csr
The certificate signing request (CSR) for the certificate you want to issue. As an example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA private key.
openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
If you have a configuration file, you can then use the following OpenSSL command. The usr_cert
block
in the configuration file contains your X509 version 3 extensions.
openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem -out csr/test_cert_.csr
Note: A CSR must provide either a subject name or a subject alternative name or the request will be rejected.
String signingAlgorithm
The name of the algorithm that will be used to sign the certificate to be issued.
This parameter should not be confused with the SigningAlgorithm
parameter used to sign a CSR in the
CreateCertificateAuthority
action.
The specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key.
String templateArn
Specifies a custom configuration template to use when issuing a certificate. If this parameter is not provided,
Amazon Web Services Private CA defaults to the EndEntityCertificate/V1
template. For CA
certificates, you should choose the shortest path length that meets your needs. The path length is indicated by
the PathLenN portion of the ARN, where N is the CA depth.
Note: The CA depth configured on a subordinate CA certificate must not exceed the limit set by its parents in the CA hierarchy.
For a list of TemplateArn
values supported by Amazon Web Services Private CA, see Understanding Certificate
Templates.
Validity validity
Information describing the end of the validity period of the certificate. This parameter sets the “Not After” date for the certificate.
Certificate validity is the period of time during which a certificate is valid. Validity can be expressed as an explicit date and time when the certificate expires, or as a span of time after issuance, stated in days, months, or years. For more information, see Validity in RFC 5280.
This value is unaffected when ValidityNotBefore
is also specified. For example, if
Validity
is set to 20 days in the future, the certificate will expire 20 days from issuance time
regardless of the ValidityNotBefore
value.
The end of the validity period configured on a certificate must not exceed the limit set on its parents in the CA hierarchy.
Validity validityNotBefore
Information describing the start of the validity period of the certificate. This parameter sets the “Not Before" date for the certificate.
By default, when issuing a certificate, Amazon Web Services Private CA sets the "Not Before" date to the issuance
time minus 60 minutes. This compensates for clock inconsistencies across computer systems. The
ValidityNotBefore
parameter can be used to customize the “Not Before” value.
Unlike the Validity
parameter, the ValidityNotBefore
parameter is optional.
The ValidityNotBefore
value is expressed as an explicit date and time, using the
Validity
type value ABSOLUTE
. For more information, see Validity in this API
reference and Validity in RFC 5280.
String idempotencyToken
Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after five minutes. Therefore, if you call IssueCertificate multiple times with the same idempotency token within five minutes, Amazon Web Services Private CA recognizes that you are requesting only one certificate and will issue only one. If you change the idempotency token for each call, Amazon Web Services Private CA recognizes that you are requesting multiple certificates.
String certificateArn
The Amazon Resource Name (ARN) of the issued certificate and the certificate serial number. This is of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
Boolean digitalSignature
Key can be used for digital signing.
Boolean nonRepudiation
Key can be used for non-repudiation.
Boolean keyEncipherment
Key can be used to encipher data.
Boolean dataEncipherment
Key can be used to decipher data.
Boolean keyAgreement
Key can be used in a key-agreement protocol.
Boolean keyCertSign
Key can be used to sign certificates.
Boolean cRLSign
Key can be used to sign CRLs.
Boolean encipherOnly
Key can be used only to encipher data.
Boolean decipherOnly
Key can be used only to decipher data.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response on
each page. If additional items exist beyond the number you specify, the NextToken
element is sent in
the response. Use this NextToken
value in a subsequent request to retrieve additional items.
Although the maximum value is 1000, the action only returns a maximum of 100 items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated
results. Set it to the value of the NextToken
parameter from the response you just received.
String resourceOwner
Use this parameter to filter the returned set of certificate authorities based on their owner. The default is SELF.
Integer maxResults
When paginating results, use this parameter to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
When paginating results, use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
String certificateAuthorityArn
The Amazon Resource Number (ARN) of the private CA to inspect. You can find the ARN by calling the ListCertificateAuthorities action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
You can
get a private CA's ARN by running the ListCertificateAuthorities action.
String nextToken
When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
List<E> permissions
Summary information about each permission assigned by the specified private CA, including the action enabled, the policy provided, and the time of creation.
Integer maxResults
Use this parameter when paginating results to specify the maximum number of items to return in the response. If additional items exist beyond the number you specify, the NextToken element is sent in the response. Use this NextToken value in a subsequent request to retrieve additional items.
String nextToken
Use this parameter when paginating results in a subsequent request after you receive a response with truncated results. Set it to the value of NextToken from the response you just received.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
Boolean enabled
Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating certificate revocation status.
String ocspCustomCname
By default, Amazon Web Services Private CA injects an Amazon Web Services domain into certificates being validated by the Online Certificate Status Protocol (OCSP). A customer can alternatively use this object to define a CNAME specifying a customized OCSP domain.
The content of a Canonical Name (CNAME) record must conform to RFC2396 restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as "http://" or "https://".
For more information, see Customizing Online Certificate Status Protocol (OCSP) in the Amazon Web Services Private Certificate Authority User Guide.
String certificateAuthorityArn
The Amazon Resource Number (ARN) of the private CA from which the permission was issued.
Date createdAt
The time at which the permission was created.
String principal
The Amazon Web Services service or entity that holds the permission. At this time, the only valid principal is
acm.amazonaws.com
.
String sourceAccount
The ID of the account that assigned the permission.
List<E> actions
The private CA actions that can be performed by the designated Amazon Web Services service.
String policy
The name of the policy that is associated with the permission.
String certPolicyId
Specifies the object identifier (OID) of the certificate policy under which the certificate was issued. For more information, see NIST's definition of Object Identifier (OID).
List<E> policyQualifiers
Modifies the given CertPolicyId
with a qualifier. Amazon Web Services Private CA supports the
certification practice statement (CPS) qualifier.
String resourceArn
The Amazon Resource Number (ARN) of the private CA to associate with the policy. The ARN of the CA can be found by calling the ListCertificateAuthorities action.
String policy
The path and file name of a JSON-formatted IAM policy to attach to the specified private CA resource. If this
policy does not contain all required statements or if it includes any statement that is not allowed, the
PutPolicy
action returns an InvalidPolicyException
. For information about IAM policy
and statement structure, see Overview of
JSON Policies.
String cpsUri
Contains a pointer to a certification practice statement (CPS) published by the CA.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
CrlConfiguration crlConfiguration
Configuration of the certificate revocation list (CRL), if any, maintained by your private CA. A CRL is typically updated approximately 30 minutes after a certificate is revoked. If for any reason a CRL update fails, Amazon Web Services Private CA makes further attempts every 15 minutes.
OcspConfiguration ocspConfiguration
Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained by your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes to reflect the new status.
String certificateAuthorityArn
Amazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
String certificateSerial
Serial number of the certificate to be revoked. This must be in hexadecimal format. You can retrieve the serial number by calling GetCertificate with the Amazon Resource Name (ARN) of the certificate you want and the ARN of your private CA. The GetCertificate action retrieves the certificate in the PEM format. You can use the following OpenSSL command to list the certificate in text format and copy the hexadecimal serial number.
openssl x509 -in file_path -text -noout
You can also copy the serial number from the console or use the DescribeCertificate action in the Certificate Manager API Reference.
String revocationReason
Specifies why you revoked the certificate.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
List<E> tags
List of tags to be associated with the CA.
String certificateAuthorityArn
The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
List<E> tags
List of tags to be removed from the CA.
String certificateAuthorityArn
Amazon Resource Name (ARN) of the private CA that issued the certificate to be revoked. This must be of the form:
arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
RevocationConfiguration revocationConfiguration
Contains information to enable Online Certificate Status Protocol (OCSP) support, to enable a certificate revocation list (CRL), to enable both, or to enable neither. If this parameter is not supplied, existing capibilites remain unchanged. For more information, see the OcspConfiguration and CrlConfiguration types.
The following requirements apply to revocation configurations.
A configuration disabling CRLs or OCSP must contain only the Enabled=False
parameter, and will fail
if other parameters such as CustomCname
or ExpirationInDays
are included.
In a CRL configuration, the S3BucketName
parameter must conform to Amazon S3 bucket naming
rules.
A configuration containing a custom Canonical Name (CNAME) parameter for CRLs or OCSP must conform to RFC2396 restrictions on the use of special characters in a CNAME.
In a CRL or OCSP configuration, the value of a CNAME parameter must not include a protocol prefix such as "http://" or "https://".
String status
Status of your private CA.
Long value
A long integer interpreted according to the value of Type
, below.
String type
Determines how Amazon Web Services Private CA interprets the Value
parameter, an integer.
Supported validity types include those listed below. Type definitions with values include a sample input value
and the resulting output.
END_DATE
: The specific date and time when the certificate will expire, expressed using UTCTime
(YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. When UTCTime is used, if the year field (YY) is
greater than or equal to 50, the year is interpreted as 19YY. If the year field is less than 50, the year is
interpreted as 20YY.
Sample input value: 491231235959 (UTCTime format)
Output expiration date/time: 12/31/2049 23:59:59
ABSOLUTE
: The specific date and time when the validity of a certificate will start or expire,
expressed in seconds since the Unix Epoch.
Sample input value: 2524608000
Output expiration date/time: 01/01/2050 00:00:00
DAYS
, MONTHS
, YEARS
: The relative time from the moment of issuance until
the certificate will expire, expressed in days, months, or years.
Example if DAYS
, issued on 10/12/2020 at 12:34:54 UTC:
Sample input value: 90
Output expiration date: 01/10/2020 12:34:54 UTC
The minimum validity duration for a certificate using relative time (DAYS
) is one day. The minimum
validity for a certificate using absolute time (ABSOLUTE
or END_DATE
) is one second.
String appId
The unique ID of the Amplify app.
String appArn
The Amazon Resource Name (ARN) of the Amplify app.
String name
The name for the Amplify app.
Map<K,V> tags
The tag for the Amplify app.
String description
The description for the Amplify app.
String repository
The Git repository for the Amplify app.
String platform
The platform for the Amplify app. For a static app, set the platform type to WEB
. For a dynamic
server-side rendered (SSR) app, set the platform type to WEB_COMPUTE
. For an app requiring Amplify
Hosting's original SSR support only, set the platform type to WEB_DYNAMIC
.
Date createTime
Creates a date and time for the Amplify app.
Date updateTime
Updates the date and time for the Amplify app.
String iamServiceRoleArn
The AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) of the Amplify app.
Map<K,V> environmentVariables
The environment variables for the Amplify app.
For a list of the environment variables that are accessible to Amplify by default, see Amplify Environment variables in the Amplify Hosting User Guide.
String defaultDomain
The default domain for the Amplify app.
Boolean enableBranchAutoBuild
Enables the auto-building of branches for the Amplify app.
Boolean enableBranchAutoDeletion
Automatically disconnect a branch in the Amplify console when you delete a branch from your Git repository.
Boolean enableBasicAuth
Enables basic authorization for the Amplify app's branches.
String basicAuthCredentials
The basic authorization credentials for branches for the Amplify app. You must base64-encode the authorization
credentials and provide them in the format user:password
.
List<E> customRules
Describes the custom redirect and rewrite rules for the Amplify app.
ProductionBranch productionBranch
Describes the information about a production branch of the Amplify app.
String buildSpec
Describes the content of the build specification (build spec) for the Amplify app.
String customHeaders
Describes the custom HTTP headers for the Amplify app.
Boolean enableAutoBranchCreation
Enables automated branch creation for the Amplify app.
List<E> autoBranchCreationPatterns
Describes the automated branch creation glob patterns for the Amplify app.
AutoBranchCreationConfig autoBranchCreationConfig
Describes the automated branch creation configuration for the Amplify app.
String repositoryCloneMethod
This is for internal use.
The Amplify service uses this parameter to specify the authentication protocol to use to access the Git
repository for an Amplify app. Amplify specifies TOKEN
for a GitHub repository, SIGV4
for an Amazon Web Services CodeCommit repository, and SSH
for GitLab and Bitbucket repositories.
String stage
Describes the current stage for the autocreated branch.
String framework
The framework for the autocreated branch.
Boolean enableAutoBuild
Enables auto building for the autocreated branch.
Map<K,V> environmentVariables
The environment variables for the autocreated branch.
String basicAuthCredentials
The basic authorization credentials for the autocreated branch. You must base64-encode the authorization
credentials and provide them in the format user:password
.
Boolean enableBasicAuth
Enables basic authorization for the autocreated branch.
Boolean enablePerformanceMode
Enables performance mode for the branch.
Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
String buildSpec
The build specification (build spec) for the autocreated branch.
Boolean enablePullRequestPreview
Enables pull request previews for the autocreated branch.
String pullRequestEnvironmentName
The Amplify environment name for the pull request.
String stackArn
The Amazon Resource Name (ARN) for the CloudFormation stack.
String backendEnvironmentArn
The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
String environmentName
The name for a backend environment that is part of an Amplify app.
String stackName
The AWS CloudFormation stack name of a backend environment.
String deploymentArtifacts
The name of deployment artifacts.
Date createTime
The creation date and time for a backend environment that is part of an Amplify app.
Date updateTime
The last updated date and time for a backend environment that is part of an Amplify app.
String branchArn
The Amazon Resource Name (ARN) for a branch that is part of an Amplify app.
String branchName
The name for the branch that is part of an Amplify app.
String description
The description for the branch that is part of an Amplify app.
Map<K,V> tags
The tag for the branch of an Amplify app.
String stage
The current stage for the branch that is part of an Amplify app.
String displayName
The display name for the branch. This is used as the default domain prefix.
Boolean enableNotification
Enables notifications for a branch that is part of an Amplify app.
Date createTime
The creation date and time for a branch that is part of an Amplify app.
Date updateTime
The last updated date and time for a branch that is part of an Amplify app.
Map<K,V> environmentVariables
The environment variables specific to a branch of an Amplify app.
Boolean enableAutoBuild
Enables auto-building on push for a branch of an Amplify app.
List<E> customDomains
The custom domains for a branch of an Amplify app.
String framework
The framework for a branch of an Amplify app.
String activeJobId
The ID of the active job for a branch of an Amplify app.
String totalNumberOfJobs
The total number of jobs that are part of an Amplify app.
Boolean enableBasicAuth
Enables basic authorization for a branch of an Amplify app.
Boolean enablePerformanceMode
Enables performance mode for the branch.
Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
String thumbnailUrl
The thumbnail URL for the branch of an Amplify app.
String basicAuthCredentials
The basic authorization credentials for a branch of an Amplify app. You must base64-encode the authorization
credentials and provide them in the format user:password
.
String buildSpec
The build specification (build spec) content for the branch of an Amplify app.
String ttl
The content Time to Live (TTL) for the website in seconds.
List<E> associatedResources
A list of custom resources that are linked to this branch.
Boolean enablePullRequestPreview
Enables pull request previews for the branch.
String pullRequestEnvironmentName
The Amplify environment name for the pull request.
String destinationBranch
The destination branch if the branch is a pull request branch.
String sourceBranch
The source branch if the branch is a pull request branch.
String backendEnvironmentArn
The Amazon Resource Name (ARN) for a backend environment that is part of an Amplify app.
This property is available to Amplify Gen 1 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
Backend backend
String type
The type of SSL/TLS certificate that you want to use.
Specify AMPLIFY_MANAGED
to use the default certificate that Amplify provisions for you.
Specify CUSTOM
to use your own certificate that you have already added to Certificate Manager in
your Amazon Web Services account. Make sure you request (or import) the certificate in the US East (N. Virginia)
Region (us-east-1). For more information about using ACM, see Importing certificates into
Certificate Manager in the ACM User guide .
String customCertificateArn
The Amazon resource name (ARN) for a custom certificate that you have already added to Certificate Manager in your Amazon Web Services account.
This field is required only when the certificate type is CUSTOM
.
String certificateVerificationDNSRecord
The DNS record for certificate verification.
String type
The certificate type.
Specify AMPLIFY_MANAGED
to use the default certificate that Amplify provisions for you.
Specify CUSTOM
to use your own certificate that you have already added to Certificate Manager in
your Amazon Web Services account. Make sure you request (or import) the certificate in the US East (N. Virginia)
Region (us-east-1). For more information about using ACM, see Importing certificates into
Certificate Manager in the ACM User guide.
String customCertificateArn
The Amazon resource name (ARN) for the custom certificate that you have already added to Certificate Manager in your Amazon Web Services account.
This field is required only when the certificate type is CUSTOM
.
String name
The name of the Amplify app.
String description
The description of the Amplify app.
String repository
The Git repository for the Amplify app.
String platform
The platform for the Amplify app. For a static app, set the platform type to WEB
. For a dynamic
server-side rendered (SSR) app, set the platform type to WEB_COMPUTE
. For an app requiring Amplify
Hosting's original SSR support only, set the platform type to WEB_DYNAMIC
.
String iamServiceRoleArn
The AWS Identity and Access Management (IAM) service role for an Amplify app.
String oauthToken
The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key using SSH cloning. The OAuth token is not stored.
Use oauthToken
for repository providers other than GitHub, such as Bitbucket or CodeCommit. To
authorize access to GitHub as your repository provider, use accessToken
.
You must specify either oauthToken
or accessToken
when you create a new app.
Existing Amplify apps deployed from a GitHub repository using OAuth continue to work with CI/CD. However, we strongly recommend that you migrate these apps to use the GitHub App. For more information, see Migrating an existing OAuth app to the Amplify GitHub App in the Amplify User Guide .
String accessToken
The personal access token for a GitHub repository for an Amplify app. The personal access token is used to authorize access to a GitHub repository using the Amplify GitHub App. The token is not stored.
Use accessToken
for GitHub repositories only. To authorize access to a repository provider such as
Bitbucket or CodeCommit, use oauthToken
.
You must specify either accessToken
or oauthToken
when you create a new app.
Existing Amplify apps deployed from a GitHub repository using OAuth continue to work with CI/CD. However, we strongly recommend that you migrate these apps to use the GitHub App. For more information, see Migrating an existing OAuth app to the Amplify GitHub App in the Amplify User Guide .
Map<K,V> environmentVariables
The environment variables map for an Amplify app.
For a list of the environment variables that are accessible to Amplify by default, see Amplify Environment variables in the Amplify Hosting User Guide.
Boolean enableBranchAutoBuild
Enables the auto building of branches for an Amplify app.
Boolean enableBranchAutoDeletion
Automatically disconnects a branch in the Amplify console when you delete a branch from your Git repository.
Boolean enableBasicAuth
Enables basic authorization for an Amplify app. This will apply to all branches that are part of this app.
String basicAuthCredentials
The credentials for basic authorization for an Amplify app. You must base64-encode the authorization credentials
and provide them in the format user:password
.
List<E> customRules
The custom rewrite and redirect rules for an Amplify app.
Map<K,V> tags
The tag for an Amplify app.
String buildSpec
The build specification (build spec) for an Amplify app.
String customHeaders
The custom HTTP headers for an Amplify app.
Boolean enableAutoBranchCreation
Enables automated branch creation for an Amplify app.
List<E> autoBranchCreationPatterns
The automated branch creation glob patterns for an Amplify app.
AutoBranchCreationConfig autoBranchCreationConfig
The automated branch creation configuration for an Amplify app.
App app
BackendEnvironment backendEnvironment
Describes the backend environment for an Amplify app.
String appId
The unique ID for an Amplify app.
String branchName
The name for the branch.
String description
The description for the branch.
String stage
Describes the current stage for the branch.
String framework
The framework for the branch.
Boolean enableNotification
Enables notifications for the branch.
Boolean enableAutoBuild
Enables auto building for the branch.
Map<K,V> environmentVariables
The environment variables for the branch.
String basicAuthCredentials
The basic authorization credentials for the branch. You must base64-encode the authorization credentials and
provide them in the format user:password
.
Boolean enableBasicAuth
Enables basic authorization for the branch.
Boolean enablePerformanceMode
Enables performance mode for the branch.
Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
Map<K,V> tags
The tag for the branch.
String buildSpec
The build specification (build spec) for the branch.
String ttl
The content Time To Live (TTL) for the website in seconds.
String displayName
The display name for a branch. This is used as the default domain prefix.
Boolean enablePullRequestPreview
Enables pull request previews for this branch.
String pullRequestEnvironmentName
The Amplify environment name for the pull request.
String backendEnvironmentArn
The Amazon Resource Name (ARN) for a backend environment that is part of a Gen 1 Amplify app.
This field is available to Amplify Gen 1 apps only where the backend is created using Amplify Studio or the Amplify command line interface (CLI).
Backend backend
The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
Branch branch
Describes the branch for an Amplify app, which maps to a third-party repository branch.
String appId
The unique ID for an Amplify app.
String branchName
The name of the branch to use for the job.
Map<K,V> fileMap
An optional file map that contains the file name as the key and the file content md5 hash as the value. If this argument is provided, the service will generate a unique upload URL per file. Otherwise, the service will only generate a single upload URL for the zipped files.
String jobId
The job ID for this deployment. will supply to start deployment api.
Map<K,V> fileUploadUrls
When the fileMap
argument is provided in the request, fileUploadUrls
will contain a map
of file names to upload URLs.
String zipUploadUrl
When the fileMap
argument is not provided in the request, this zipUploadUrl
is
returned.
String appId
The unique ID for an Amplify app.
String domainName
The domain name for the domain association.
Boolean enableAutoSubDomain
Enables the automated creation of subdomains for branches.
List<E> subDomainSettings
The setting for the subdomain.
List<E> autoSubDomainCreationPatterns
Sets the branch patterns for automatic subdomain creation.
String autoSubDomainIAMRole
The required AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) for automatically creating subdomains.
CertificateSettings certificateSettings
The type of SSL/TLS certificate to use for your custom domain. If you don't specify a certificate type, Amplify uses the default certificate that it provisions and manages for you.
DomainAssociation domainAssociation
Describes the structure of a domain association, which associates a custom domain with an Amplify app.
Webhook webhook
Describes a webhook that connects repository events to an Amplify app.
String source
The source pattern for a URL rewrite or redirect rule.
String target
The target pattern for a URL rewrite or redirect rule.
String status
The status code for a URL rewrite or redirect rule.
Represents a 200 rewrite rule.
Represents a 301 (moved permanently) redirect rule. This and all future requests should be directed to the target URL.
Represents a 302 temporary redirect rule.
Represents a 404 redirect rule.
Represents a 404 rewrite rule.
String condition
The condition for a URL rewrite or redirect rule, such as a country code.
String appId
The unique ID for an Amplify app.
App app
BackendEnvironment backendEnvironment
Describes the backend environment for an Amplify app.
Branch branch
The branch for an Amplify app, which maps to a third-party repository branch.
DomainAssociation domainAssociation
JobSummary jobSummary
String webhookId
The unique ID for a webhook.
Webhook webhook
Describes a webhook that connects repository events to an Amplify app.
String domainAssociationArn
The Amazon Resource Name (ARN) for the domain association.
String domainName
The name of the domain.
Boolean enableAutoSubDomain
Enables the automated creation of subdomains for branches.
List<E> autoSubDomainCreationPatterns
Sets branch patterns for automatic subdomain creation.
String autoSubDomainIAMRole
The required AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) for automatically creating subdomains.
String domainStatus
The current status of the domain association.
String updateStatus
The status of the domain update operation that is currently in progress. The following list describes the valid update states.
The certificate is in the process of being updated.
Indicates that an Amplify managed certificate is in the process of being verified. This occurs during the creation of a custom domain or when a custom domain is updated to use a managed certificate.
Indicates that an Amplify custom certificate is in the process of being imported. This occurs during the creation of a custom domain or when a custom domain is updated to use a custom certificate.
Indicates that the subdomain or certificate changes are being propagated.
Amplify is waiting for CNAME records corresponding to subdomains to be propagated. If your custom domain is on Route 53, Amplify handles this for you automatically. For more information about custom domains, see Setting up custom domains in the Amplify Hosting User Guide.
The certificate has been associated with a domain.
The certificate has failed to be provisioned or associated, and there is no existing active certificate to roll back to.
String statusReason
Additional information that describes why the domain association is in the current state.
String certificateVerificationDNSRecord
The DNS record for certificate verification.
List<E> subDomains
The subdomains for the domain association.
Certificate certificate
Describes the SSL/TLS certificate for the domain association. This can be your own custom certificate or the default certificate that Amplify provisions for you.
If you are updating your domain to use a different certificate, certificate
points to the new
certificate that is being created instead of the current active certificate. Otherwise, certificate
points to the current active certificate.
Date startTime
The time at which the logs should start. The time range specified is inclusive of the start time.
Date endTime
The time at which the logs should end. The time range specified is inclusive of the end time.
String domainName
The name of the domain.
String appId
The unique ID for an Amplify app.
String logUrl
The pre-signed URL for the requested access logs.
String appId
The unique ID for an Amplify app.
App app
String artifactId
The unique ID for an artifact.
BackendEnvironment backendEnvironment
Describes the backend environment for an Amplify app.
Branch branch
DomainAssociation domainAssociation
Describes the structure of a domain association, which associates a custom domain with an Amplify app.
Job job
String webhookId
The unique ID for a webhook.
Webhook webhook
Describes the structure of a webhook.
JobSummary summary
Describes the summary for an execution job for an Amplify app.
List<E> steps
The execution steps for an execution job, for an Amplify app.
String jobArn
The Amazon Resource Name (ARN) for the job.
String jobId
The unique ID for the job.
String commitId
The commit ID from a third-party repository provider for the job.
String commitMessage
The commit message from a third-party repository provider for the job.
Date commitTime
The commit date and time for the job.
Date startTime
The start date and time for the job.
String status
The current status for the job.
Date endTime
The end date and time for the job.
String jobType
The type for the job. If the value is RELEASE
, the job was manually released from its source by
using the StartJob
API. If the value is RETRY
, the job was manually retried using the
StartJob
API. If the value is WEB_HOOK
, the job was automatically triggered by
webhooks.
String appId
The unique ID for an Amplify app.
String branchName
The name of a branch that is part of an Amplify app.
String jobId
The unique ID for a job.
String nextToken
A pagination token. Set to null to start listing artifacts from start. If a non-null pagination token is returned in a result, pass its value in here to list more artifacts.
Integer maxResults
The maximum number of records to list in a single response.
String appId
The unique ID for an Amplify app.
String environmentName
The name of the backend environment
String nextToken
A pagination token. Set to null to start listing backend environments from the start. If a non-null pagination token is returned in a result, pass its value in here to list more backend environments.
Integer maxResults
The maximum number of records to list in a single response.
String appId
The unique ID for an Amplify app.
String nextToken
A pagination token. Set to null to start listing branches from the start. If a non-null pagination token is returned in a result, pass its value in here to list more branches.
Integer maxResults
The maximum number of records to list in a single response.
String appId
The unique ID for an Amplify app.
String nextToken
A pagination token. Set to null to start listing apps from the start. If non-null, a pagination token is returned in a result. Pass its value in here to list more projects.
Integer maxResults
The maximum number of records to list in a single response.
String appId
The unique ID for an Amplify app.
String branchName
The name of the branch to use for the request.
String nextToken
A pagination token. Set to null to start listing steps from the start. If a non-null pagination token is returned in a result, pass its value in here to list more steps.
Integer maxResults
The maximum number of records to list in a single response.
String resourceArn
The Amazon Resource Name (ARN) to use to list tags.
String appId
The unique ID for an Amplify app.
String nextToken
A pagination token. Set to null to start listing webhooks from the start. If non-null,the pagination token is returned in a result. Pass its value in here to list more webhooks.
Integer maxResults
The maximum number of records to list in a single response.
String code
String appId
The unique ID for an Amplify app.
String branchName
The name of the branch to use for the job.
String jobId
The job ID for this deployment, generated by the create deployment request.
String sourceUrl
The source URL for this deployment, used when calling start deployment without create deployment. The source URL can be any HTTP GET URL that is publicly accessible and downloads a single .zip file.
JobSummary jobSummary
The summary for the job.
String appId
The unique ID for an Amplify app.
String branchName
The name of the branch to use for the job.
String jobId
The unique ID for an existing job. This is required if the value of jobType
is RETRY
.
String jobType
Describes the type for the job. The job type RELEASE
starts a new job with the latest change from
the specified branch. This value is available only for apps that are connected to a repository.
The job type RETRY
retries an existing job. If the job type value is RETRY
, the
jobId
is also required.
String jobReason
A descriptive reason for starting the job.
String commitId
The commit ID from a third-party repository provider for the job.
String commitMessage
The commit message from a third-party repository provider for the job.
Date commitTime
The commit date and time for the job.
JobSummary jobSummary
The summary for the job.
String stepName
The name of the execution step.
Date startTime
The start date and time of the execution step.
String status
The status of the execution step.
Date endTime
The end date and time of the execution step.
String logUrl
The URL to the logs for the execution step.
String artifactsUrl
The URL to the artifact for the execution step.
String testArtifactsUrl
The URL to the test artifact for the execution step.
String testConfigUrl
The URL to the test configuration for the execution step.
Map<K,V> screenshots
The list of screenshot URLs for the execution step, if relevant.
String statusReason
The reason for the current step status.
String context
The context for the current step. Includes a build image if the step is build.
JobSummary jobSummary
The summary for the job.
SubDomainSetting subDomainSetting
Describes the settings for the subdomain.
Boolean verified
The verified status of the subdomain
String dnsRecord
The DNS record for the subdomain.
String appId
The unique ID for an Amplify app.
String name
The name for an Amplify app.
String description
The description for an Amplify app.
String platform
The platform for the Amplify app. For a static app, set the platform type to WEB
. For a dynamic
server-side rendered (SSR) app, set the platform type to WEB_COMPUTE
. For an app requiring Amplify
Hosting's original SSR support only, set the platform type to WEB_DYNAMIC
.
String iamServiceRoleArn
The AWS Identity and Access Management (IAM) service role for an Amplify app.
Map<K,V> environmentVariables
The environment variables for an Amplify app.
Boolean enableBranchAutoBuild
Enables branch auto-building for an Amplify app.
Boolean enableBranchAutoDeletion
Automatically disconnects a branch in the Amplify console when you delete a branch from your Git repository.
Boolean enableBasicAuth
Enables basic authorization for an Amplify app.
String basicAuthCredentials
The basic authorization credentials for an Amplify app. You must base64-encode the authorization credentials and
provide them in the format user:password
.
List<E> customRules
The custom redirect and rewrite rules for an Amplify app.
String buildSpec
The build specification (build spec) for an Amplify app.
String customHeaders
The custom HTTP headers for an Amplify app.
Boolean enableAutoBranchCreation
Enables automated branch creation for an Amplify app.
List<E> autoBranchCreationPatterns
Describes the automated branch creation glob patterns for an Amplify app.
AutoBranchCreationConfig autoBranchCreationConfig
The automated branch creation configuration for an Amplify app.
String repository
The name of the Git repository for an Amplify app.
String oauthToken
The OAuth token for a third-party source control system for an Amplify app. The OAuth token is used to create a webhook and a read-only deploy key using SSH cloning. The OAuth token is not stored.
Use oauthToken
for repository providers other than GitHub, such as Bitbucket or CodeCommit.
To authorize access to GitHub as your repository provider, use accessToken
.
You must specify either oauthToken
or accessToken
when you update an app.
Existing Amplify apps deployed from a GitHub repository using OAuth continue to work with CI/CD. However, we strongly recommend that you migrate these apps to use the GitHub App. For more information, see Migrating an existing OAuth app to the Amplify GitHub App in the Amplify User Guide .
String accessToken
The personal access token for a GitHub repository for an Amplify app. The personal access token is used to authorize access to a GitHub repository using the Amplify GitHub App. The token is not stored.
Use accessToken
for GitHub repositories only. To authorize access to a repository provider such as
Bitbucket or CodeCommit, use oauthToken
.
You must specify either accessToken
or oauthToken
when you update an app.
Existing Amplify apps deployed from a GitHub repository using OAuth continue to work with CI/CD. However, we strongly recommend that you migrate these apps to use the GitHub App. For more information, see Migrating an existing OAuth app to the Amplify GitHub App in the Amplify User Guide .
App app
Represents the updated Amplify app.
String appId
The unique ID for an Amplify app.
String branchName
The name of the branch.
String description
The description for the branch.
String framework
The framework for the branch.
String stage
Describes the current stage for the branch.
Boolean enableNotification
Enables notifications for the branch.
Boolean enableAutoBuild
Enables auto building for the branch.
Map<K,V> environmentVariables
The environment variables for the branch.
String basicAuthCredentials
The basic authorization credentials for the branch. You must base64-encode the authorization credentials and
provide them in the format user:password
.
Boolean enableBasicAuth
Enables basic authorization for the branch.
Boolean enablePerformanceMode
Enables performance mode for the branch.
Performance mode optimizes for faster hosting performance by keeping content cached at the edge for a longer interval. When performance mode is enabled, hosting configuration or code changes can take up to 10 minutes to roll out.
String buildSpec
The build specification (build spec) for the branch.
String ttl
The content Time to Live (TTL) for the website in seconds.
String displayName
The display name for a branch. This is used as the default domain prefix.
Boolean enablePullRequestPreview
Enables pull request previews for this branch.
String pullRequestEnvironmentName
The Amplify environment name for the pull request.
String backendEnvironmentArn
The Amazon Resource Name (ARN) for a backend environment that is part of a Gen 1 Amplify app.
This field is available to Amplify Gen 1 apps only where the backend is created using Amplify Studio or the Amplify command line interface (CLI).
Backend backend
The backend for a Branch
of an Amplify app. Use for a backend created from an CloudFormation stack.
This field is available to Amplify Gen 2 apps only. When you deploy an application with Amplify Gen 2, you provision the app's backend infrastructure using Typescript code.
Branch branch
The branch for an Amplify app, which maps to a third-party repository branch.
String appId
The unique ID for an Amplify app.
String domainName
The name of the domain.
Boolean enableAutoSubDomain
Enables the automated creation of subdomains for branches.
List<E> subDomainSettings
Describes the settings for the subdomain.
List<E> autoSubDomainCreationPatterns
Sets the branch patterns for automatic subdomain creation.
String autoSubDomainIAMRole
The required AWS Identity and Access Management (IAM) service role for the Amazon Resource Name (ARN) for automatically creating subdomains.
CertificateSettings certificateSettings
The type of SSL/TLS certificate to use for your custom domain.
DomainAssociation domainAssociation
Describes a domain association, which associates a custom domain with an Amplify app.
Webhook webhook
Describes a webhook that connects repository events to an Amplify app.
String webhookArn
The Amazon Resource Name (ARN) for the webhook.
String webhookId
The ID of the webhook.
String webhookUrl
The URL of the webhook.
String branchName
The name for a branch that is part of an Amplify app.
String description
The description for a webhook.
Date createTime
The create date and time for a webhook.
Date updateTime
Updates the date and time for a webhook.
String cognitoUserPoolId
The Amazon Cognito user pool ID, if Amazon Cognito was used as an authentication setting to access your data models.
String description
The API key description for API_KEY, if it was used as an authentication mechanism to access your data models.
Double expirationTime
The API key expiration time for API_KEY, if it was used as an authentication mechanism to access your data models.
String openIDAuthTTL
The expiry time for the OpenID authentication mechanism.
String openIDClientId
The clientID for openID, if openID was used as an authentication setting to access your data models.
String openIDIatTTL
The expiry time for the OpenID authentication mechanism.
String openIDIssueURL
The openID issuer URL, if openID was used as an authentication setting to access your data models.
String openIDProviderName
The OpenID provider name, if OpenID was used as an authentication mechanism to access your data models.
String mode
Describes the authentication mode.
BackendAPIAppSyncAuthSettings settings
Describes settings for the authentication mode.
String resolutionStrategy
The strategy for conflict resolution.
List<E> additionalAuthTypes
Additional authentication methods used to interact with your data models.
String apiName
The API name used to interact with the data model, configured as a part of your Amplify project.
BackendAPIConflictResolution conflictResolution
The conflict resolution strategy for your data stored in the data models.
BackendAPIAuthType defaultAuthType
The default authentication type for interacting with the configured data models in your Amplify project.
String service
The service used to provision and interact with the data model.
String transformSchema
The definition of the data model in the annotated transform of the GraphQL schema.
String clientId
Describes the client_id (also called Services ID) that comes from Apple.
String keyId
Describes the key_id that comes from Apple.
String privateKey
Describes the private_key that comes from Apple.
String teamId
Describes the team_id that comes from Apple.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String createTime
The time when the job was created.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String updateTime
The time when the job was last updated.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
BackendAPIResourceConfig resourceConfig
The resource configuration for this request.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String deliveryMethod
(DEPRECATED) Describes which mode to use (either SMS or email) to deliver messages to app users who want to recover their password.
EmailSettings emailSettings
(DEPRECATED) The configuration for the email sent when an app user forgets their password.
SmsSettings smsSettings
(DEPRECATED) The configuration for the SMS message sent when an app user forgets their password.
String domainPrefix
The domain prefix for your Amplify app.
String oAuthGrantType
The OAuth grant type that you use to allow app users to authenticate from your Amplify app.
List<E> oAuthScopes
List of OAuth-related flows used to allow your app users to authenticate from your Amplify app.
List<E> redirectSignInURIs
The redirected URI for signing in to your Amplify app.
List<E> redirectSignOutURIs
Redirect URLs that OAuth uses when a user signs out of an Amplify app.
SocialProviderSettings socialProviderSettings
The settings for using social providers to access your Amplify app.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
CreateBackendAuthResourceConfig resourceConfig
The resource configuration for this request object.
String resourceName
The name of this resource.
String authResources
Defines whether you want to configure only authentication or both authentication and authorization settings.
CreateBackendAuthIdentityPoolConfig identityPoolConfigs
Describes the authorization configuration for the Amazon Cognito identity pool, provisioned as a part of your auth resource in the Amplify project.
String service
Defines the service name to use when configuring an authentication resource in your Amplify project.
CreateBackendAuthUserPoolConfig userPoolConfigs
Describes authentication configuration for the Amazon Cognito user pool, provisioned as a part of your auth resource in the Amplify project.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
CreateBackendAuthForgotPasswordConfig forgotPassword
(DEPRECATED) Describes the forgotten password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
CreateBackendAuthMFAConfig mfa
Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.
CreateBackendAuthOAuthConfig oAuth
Describes the OAuth policy and rules for your Amazon Cognito user pool, configured as a part of your Amplify project.
CreateBackendAuthPasswordPolicyConfig passwordPolicy
Describes the password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
List<E> requiredSignUpAttributes
The required attributes to sign up new users in the user pool.
String signInMethod
Describes the sign-in methods that your Amplify app users use to log in using the Amazon Cognito user pool, configured as a part of your Amplify project.
String userPoolName
The Amazon Cognito user pool name.
CreateBackendAuthVerificationMessageConfig verificationMessage
Describes the email or SMS verification message for your Amazon Cognito user pool, configured as a part of your Amplify project.
String deliveryMethod
The type of verification message to send.
EmailSettings emailSettings
The settings for the email message.
SmsSettings smsSettings
The settings for the SMS message.
String appId
The app ID.
String appName
The name of the app.
String backendEnvironmentName
The name of the backend environment.
ResourceConfig resourceConfig
The resource configuration for creating a backend.
String resourceName
The name of the resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
CreateBackendStorageResourceConfig resourceConfig
The resource configuration for creating backend storage.
String resourceName
The name of the storage resource.
String bucketName
The name of the S3 bucket.
BackendStoragePermissions permissions
The authorization configuration for the storage S3 bucket.
String serviceName
The name of the storage service.
String appId
The app ID.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
BackendAPIResourceConfig resourceConfig
Defines the resource configuration for the data model in your Amplify project.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
Boolean isSuccess
Indicates whether the request succeeded or failed.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
BackendAPIResourceConfig resourceConfig
Defines the resource configuration for the data model in your Amplify project.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
BackendAPIResourceConfig resourceConfig
The resource configuration for this response object.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
CreateBackendAuthResourceConfig resourceConfig
The resource configuration for authorization requests to the backend of your Amplify project.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String createTime
The time when the job was created.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String updateTime
The time when the job was last updated.
String amplifyFeatureFlags
A stringified version of the cli.json file for your Amplify project.
String amplifyMetaConfig
A stringified version of the current configs for your Amplify project.
String appId
The app ID.
String appName
The name of the app.
List<E> backendEnvironmentList
A list of backend environments in an array.
String backendEnvironmentName
The name of the backend environment.
String error
If the request failed, this is the returned error.
String bucketName
The name of the S3 bucket.
Boolean imported
Returns True if the storage resource has been imported.
BackendStoragePermissions permissions
The authorization configuration for the storage S3 bucket.
String serviceName
The name of the storage service.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
GetBackendStorageResourceConfig resourceConfig
The resource configuration for the backend storage resource.
String resourceName
The name of the storage resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String identityPoolId
The ID of the Amazon Cognito identity pool.
String nativeClientId
The ID of the Amazon Cognito native client.
String userPoolId
The ID of the Amazon Cognito user pool.
String webClientId
The ID of the Amazon Cognito web client.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String jobId
The ID for the job.
Integer maxResults
The maximum number of results that you want in the response.
String nextToken
The token for the next set of results.
String operation
Filters the list of response objects to include only those with the specified operation name.
String status
Filters the list of response objects to include only those with the specified status.
String nextToken
Reserved for future use.
String awsCognitoIdentityPoolId
The Amazon Cognito identity pool ID used for the Amplify Admin UI login authorization.
String awsCognitoRegion
The AWS Region for the Amplify Admin UI login.
String awsUserPoolsId
The Amazon Cognito user pool ID used for Amplify Admin UI login authentication.
String awsUserPoolsWebClientId
The web client ID for the Amazon Cognito user pools.
String resourceType
The type of resource that is not found.
String appId
The app ID.
String error
If the request fails, this error is returned.
String smsMessage
The contents of the SMS message.
BackendAuthSocialProviderConfig facebook
BackendAuthSocialProviderConfig google
BackendAuthSocialProviderConfig loginWithAmazon
BackendAuthAppleProviderConfig signInWithApple
String limitType
The type of limit that was exceeded.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
BackendAPIResourceConfig resourceConfig
Defines the resource configuration for the data model in your Amplify project.
String resourceName
The name of this resource.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String deliveryMethod
(DEPRECATED) Describes which mode to use (either SMS or email) to deliver messages to app users that want to recover their password.
EmailSettings emailSettings
(DEPRECATED) The configuration for the email sent when an app user forgets their password.
SmsSettings smsSettings
(DEPRECATED) The configuration for the SMS message sent when an Amplify app user forgets their password.
Boolean unauthenticatedLogin
A boolean value that can be set to allow or disallow guest-level authorization into your Amplify app.
String domainPrefix
The Amazon Cognito domain prefix used to create a hosted UI for authentication.
String oAuthGrantType
The OAuth grant type to allow app users to authenticate from your Amplify app.
List<E> oAuthScopes
The list of OAuth-related flows that can allow users to authenticate from your Amplify app.
List<E> redirectSignInURIs
Redirect URLs that OAuth uses when a user signs in to an Amplify app.
List<E> redirectSignOutURIs
Redirect URLs that OAuth uses when a user signs out of an Amplify app.
SocialProviderSettings socialProviderSettings
Describes third-party social federation configurations for allowing your users to sign in with OAuth.
List<E> additionalConstraints
Describes additional constraints on password requirements to sign in to the auth resource, configured as a part of your Amplify project.
Double minimumLength
Describes the minimum length of the password required to sign in to the auth resource, configured as a part of your Amplify project.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
UpdateBackendAuthResourceConfig resourceConfig
The resource configuration for this request object.
String resourceName
The name of this resource.
String authResources
Defines the service name to use when configuring an authentication resource in your Amplify project.
UpdateBackendAuthIdentityPoolConfig identityPoolConfigs
Describes the authorization configuration for the Amazon Cognito identity pool, provisioned as a part of your auth resource in the Amplify project.
String service
Defines the service name to use when configuring an authentication resource in your Amplify project.
UpdateBackendAuthUserPoolConfig userPoolConfigs
Describes the authentication configuration for the Amazon Cognito user pool, provisioned as a part of your auth resource in the Amplify project.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
UpdateBackendAuthForgotPasswordConfig forgotPassword
(DEPRECATED) Describes the forgot password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
UpdateBackendAuthMFAConfig mfa
Describes whether to apply multi-factor authentication policies for your Amazon Cognito user pool configured as a part of your Amplify project.
UpdateBackendAuthOAuthConfig oAuth
Describes the OAuth policy and rules for your Amazon Cognito user pool, configured as a part of your Amplify project.
UpdateBackendAuthPasswordPolicyConfig passwordPolicy
Describes the password policy for your Amazon Cognito user pool, configured as a part of your Amplify project.
UpdateBackendAuthVerificationMessageConfig verificationMessage
Describes the email or SMS verification message for your Amazon Cognito user pool, configured as a part of your Amplify project.
String deliveryMethod
The type of verification message to send.
EmailSettings emailSettings
The settings for the email message.
SmsSettings smsSettings
The settings for the SMS message.
String appId
The app ID.
LoginAuthConfigReqObj loginAuthConfig
Describes the Amazon Cognito configuration for Admin UI access.
String appId
The app ID.
String backendManagerAppId
The app ID for the backend manager.
String error
If the request fails, this error is returned.
LoginAuthConfigReqObj loginAuthConfig
Describes the Amazon Cognito configurations for the Admin UI auth resource to log in with.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String jobId
The ID for the job.
String operation
Filters the list of response objects to include only those with the specified operation name.
String status
Filters the list of response objects to include only those with the specified status.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
String createTime
The time when the job was created.
String error
If the request fails, this error is returned.
String jobId
The ID for the job.
String operation
The name of the operation.
String status
The current status of the request.
String updateTime
The time when the job was last updated.
String appId
The app ID.
String backendEnvironmentName
The name of the backend environment.
UpdateBackendStorageResourceConfig resourceConfig
The resource configuration for updating backend storage.
String resourceName
The name of the storage resource.
BackendStoragePermissions permissions
The authorization configuration for the storage S3 bucket.
String serviceName
The name of the storage service.
ComponentProperty type
The type of navigation action. Valid values are url
and anchor
. This value is required
for a navigation action.
ComponentProperty url
The URL to the location to open. Specify this value for a navigation action.
ComponentProperty anchor
The HTML anchor link to the location to open. Specify this value for a navigation action.
ComponentProperty target
The element within the same component to modify when the action occurs.
ComponentProperty global
Specifies whether the user should be signed out globally. Specify this value for an auth sign out action.
String model
The name of the data model. Use when the action performs an operation on an Amplify DataStore model.
ComponentProperty id
The unique ID of the component that the ActionParameters
apply to.
Map<K,V> fields
A dictionary of key-value pairs mapping Amplify Studio properties to fields in a data model. Use when the action performs an operation on an Amplify DataStore model.
MutationActionSetStateParameter state
A key-value pair that specifies the state property name and its initial value.
GraphQLRenderConfig graphQLConfig
The configuration for an application using GraphQL APIs.
DataStoreRenderConfig dataStoreConfig
The configuration for an application using DataStore APIs.
NoApiRenderConfig noApiConfig
The configuration for an application with no API being used.
String name
Name of the dependency package.
String supportedVersion
Indicates the version of the supported dependency package.
Boolean isSemVer
Determines if the dependency package is using Semantic versioning. If set to true, it indicates that the dependency package uses Semantic versioning.
String reason
Indicates the reason to include the dependency package in your project code.
String dataType
The data type for the generic data field.
String dataTypeValue
The value of the data type for the generic data field.
Boolean required
Specifies whether the generic data field is required.
Boolean readOnly
Specifies whether the generic data field is read-only.
Boolean isArray
Specifies whether the generic data field is an array.
CodegenGenericDataRelationshipType relationship
The relationship of the generic data schema.
String type
The data relationship type.
String relatedModelName
The name of the related model in the data relationship.
List<E> relatedModelFields
The related model fields in the data relationship.
Boolean canUnlinkAssociatedModel
Specifies whether the relationship can unlink the associated model.
String relatedJoinFieldName
The name of the related join field in the data relationship.
String relatedJoinTableName
The name of the related join table in the data relationship.
String belongsToFieldOnRelatedModel
The value of the belongsTo
field on the related data model.
List<E> associatedFields
The associated fields of the data relationship.
Boolean isHasManyIndex
Specifies whether the @index
directive is supported for a hasMany
data relationship.
String id
The unique ID for the code generation job.
String appId
The ID of the Amplify app associated with the code generation job.
String environmentName
The name of the backend environment associated with the code generation job.
CodegenJobRenderConfig renderConfig
CodegenJobGenericDataSchema genericDataSchema
Boolean autoGenerateForms
Specifies whether to autogenerate forms in the code generation job.
CodegenFeatureFlags features
String status
The status of the code generation job.
String statusMessage
The customized status message for the code generation job.
CodegenJobAsset asset
The CodegenJobAsset
to use for the code generation job.
Map<K,V> tags
One or more key-value pairs to use when tagging the code generation job.
Date createdAt
The time that the code generation job was created.
Date modifiedAt
The time that the code generation job was modified.
List<E> dependencies
Lists the dependency packages that may be required for the project code to run.
String downloadUrl
The URL to use to access the asset.
String dataSourceType
The type of the data source for the schema. Currently, the only valid value is an Amplify DataStore
.
Map<K,V> models
The name of a CodegenGenericDataModel
.
Map<K,V> enums
The name of a CodegenGenericDataEnum
.
Map<K,V> nonModels
The name of a CodegenGenericDataNonModel
.
ReactStartCodegenJobData react
The name of the ReactStartCodegenJobData
object.
String appId
The unique ID of the Amplify app associated with the code generation job.
String environmentName
The name of the backend environment associated with the code generation job.
String id
The unique ID for the code generation job summary.
Date createdAt
The time that the code generation job summary was created.
Date modifiedAt
The time that the code generation job summary was modified.
String appId
The unique ID of the Amplify app associated with the component.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String sourceId
The unique ID of the component in its original source system, such as Figma.
String id
The unique ID of the component.
String name
The name of the component.
String componentType
The type of the component. This can be an Amplify custom UI component or another custom component.
Map<K,V> properties
Describes the component's properties. You can't specify tags
as a valid property for
properties
.
List<E> children
A list of the component's ComponentChild
instances.
List<E> variants
A list of the component's variants. A variant is a unique style configuration of a main component.
Map<K,V> overrides
Describes the component's properties that can be overriden in a customized instance of the component. You can't
specify tags
as a valid property for overrides
.
Map<K,V> bindingProperties
The information to connect a component's properties to data at runtime. You can't specify tags
as a
valid property for bindingProperties
.
Map<K,V> collectionProperties
The data binding configuration for the component's properties. Use this for a collection component. You can't
specify tags
as a valid property for collectionProperties
.
Date createdAt
The time that the component was created.
Date modifiedAt
The time that the component was modified.
Map<K,V> tags
One or more key-value pairs to use when tagging the component.
Map<K,V> events
Describes the events that can be raised on the component. Use for the workflow feature in Amplify Studio that allows you to bind events and actions to components.
String schemaVersion
The schema version of the component when it was imported.
String type
The property type.
ComponentBindingPropertiesValueProperties bindingProperties
Describes the properties to customize with data at runtime.
String defaultValue
The default value of the property.
String model
An Amplify DataStore model.
String field
The field to bind the data to.
List<E> predicates
A list of predicates for binding a component's properties to data.
String userAttribute
An authenticated user attribute.
String bucket
An Amazon S3 bucket.
String key
The storage key for an Amazon S3 bucket.
String defaultValue
The default value to assign to the property.
String slotName
The name of a component slot.
String componentType
The type of the child component.
String name
The name of the child component.
Map<K,V> properties
Describes the properties of the child component. You can't specify tags
as a valid property for
properties
.
List<E> children
The list of ComponentChild
instances for this component.
Map<K,V> events
Describes the events that can be raised on the child component. Use for the workflow feature in Amplify Studio that allows you to bind events and actions to components.
String sourceId
The unique ID of the child component in its original source system, such as Figma.
String property
The name of the conditional property.
String field
The name of a field. Specify this when the property is a data model.
String operator
The operator to use to perform the evaluation, such as eq
to represent equals.
String operand
The value of the property to evaluate.
ComponentProperty then
The value to assign to the property if the condition is met.
ComponentProperty elseValue
The value to assign to the property if the condition is not met.
String operandType
The type of the property to evaluate.
String model
The name of the data model to use to bind data to a component.
List<E> sort
Describes how to sort the component's properties.
Predicate predicate
Represents the conditional logic to use when binding data to a component. Use this property to retrieve only a subset of the data in a collection.
List<E> identifiers
A list of IDs to use to bind data to a component. Use this property to bind specifically chosen data, rather than data retrieved from a query.
String action
The action to perform when a specific event is raised.
ActionParameters parameters
Describes information about the action.
String bindingEvent
Binds an event to an action on a component. When you specify a bindingEvent
, the event is called
when the action is performed.
String value
The value to assign to the component property.
ComponentPropertyBindingProperties bindingProperties
The information to bind the component property to data at runtime.
ComponentPropertyBindingProperties collectionBindingProperties
The information to bind the component property to data at runtime. Use this for collection components.
String defaultValue
The default value to assign to the component property.
String model
The data model to use to assign a value to the component property.
Map<K,V> bindings
The information to bind the component property to form data.
String event
An event that occurs in your app. Use this for workflow data binding.
String userAttribute
An authenticated user attribute to use to assign a value to the component property.
List<E> concat
A list of component properties to concatenate to create the value to assign to this component property.
ComponentConditionProperty condition
The conditional expression to use to assign a value to the component property.
Boolean configured
Specifies whether the user configured the property in Amplify Studio after importing it.
String type
The component type.
String importedValue
The default value assigned to the property when the component is imported into an app.
String componentName
The name of the component that is affected by an event.
String property
The name of the component's property that is affected by an event.
String appId
The unique ID of the Amplify app associated with the component.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String id
The unique ID of the component.
String name
The name of the component.
String componentType
The component type.
Map<K,V> variantValues
The combination of variants that comprise this variant. You can't specify tags
as a valid property
for variantValues
.
Map<K,V> overrides
The properties of the component variant that can be overriden when customizing an instance of the component. You
can't specify tags
as a valid property for overrides
.
String name
The name of the component
String sourceId
The unique ID of the component in its original source system, such as Figma.
String componentType
The component type. This can be an Amplify custom UI component or another custom component.
Map<K,V> properties
Describes the component's properties.
List<E> children
A list of child components that are instances of the main component.
List<E> variants
A list of the unique variants of this component.
Map<K,V> overrides
Describes the component properties that can be overriden to customize an instance of the component.
Map<K,V> bindingProperties
The data binding information for the component's properties.
Map<K,V> collectionProperties
The data binding configuration for customizing a component's properties. Use this for a collection component.
Map<K,V> tags
One or more key-value pairs to use when tagging the component data.
Map<K,V> events
The event configuration for the component. Use for the workflow feature in Amplify Studio that allows you to bind events and actions to components.
String schemaVersion
The schema version of the component when it was imported.
String appId
The unique ID of the Amplify app to associate with the component.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String clientToken
The unique client token.
CreateComponentData componentToCreate
Represents the configuration of the component to create.
Component entity
Describes the configuration of the new component.
String name
The name of the form.
FormDataTypeConfig dataType
The type of data source to use to create the form.
String formActionType
Specifies whether to perform a create or update action on the form.
Map<K,V> fields
The configuration information for the form's fields.
FormStyle style
The configuration for the form's style.
Map<K,V> sectionalElements
The configuration information for the visual helper elements for the form. These elements are not associated with any data.
String schemaVersion
The schema version of the form.
FormCTA cta
The FormCTA
object that stores the call to action configuration for the form.
Map<K,V> tags
One or more key-value pairs to use when tagging the form data.
String labelDecorator
Specifies an icon or decoration to display on the form.
String appId
The unique ID of the Amplify app to associate with the form.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String clientToken
The unique client token.
CreateFormData formToCreate
Represents the configuration of the form to create.
Form entity
Describes the configuration of the new form.
String name
The name of the theme.
List<E> values
A list of key-value pairs that defines the properties of the theme.
List<E> overrides
Describes the properties that can be overriden to customize an instance of the theme.
Map<K,V> tags
One or more key-value pairs to use when tagging the theme data.
String appId
The unique ID of the Amplify app associated with the theme.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String clientToken
The unique client token.
CreateThemeData themeToCreate
Represents the configuration of the theme to create.
Theme entity
Describes the configuration of the new theme.
String provider
The third-party provider for the token. The only valid value is figma
.
ExchangeCodeForTokenRequestBody request
Describes the configuration of the request.
String label
The label for the field.
FieldPosition position
Specifies the field position.
Boolean excluded
Specifies whether to hide a field.
FieldInputConfig inputType
Describes the configuration for the default input value to display for a field.
List<E> validations
The validations to perform on the value in the field.
String type
The input type for the field.
Boolean required
Specifies a field that requires input.
Boolean readOnly
Specifies a read only field.
String placeholder
The text to display as a placeholder for the field.
String defaultValue
The default value for the field.
String descriptiveText
The text to display to describe the field.
Boolean defaultChecked
Specifies whether a field has a default value.
String defaultCountryCode
The default country code for a phone number.
ValueMappings valueMappings
The information to use to customize the input fields with data at runtime.
String name
The name of the field.
Float minValue
The minimum value to display for the field.
Float maxValue
The maximum value to display for the field.
Float step
The stepping increment for a numeric value in a field.
String value
The value for the field.
Boolean isArray
Specifies whether to render the field as an array. This property is ignored if the dataSourceType
for the form is a Data Store.
FileUploaderFieldConfig fileUploaderConfig
The configuration for the file uploader field.
String accessLevel
The access level to assign to the uploaded files in the Amazon S3 bucket where they are stored. The valid values
for this property are private
, protected
, or public
. For detailed
information about the permissions associated with each access level, see File access levels in the
Amplify documentation.
List<E> acceptedFileTypes
The file types that are allowed to be uploaded by the file uploader. Provide this information in an array of strings specifying the valid file extensions.
Boolean showThumbnails
Specifies whether to display or hide the image preview after selecting a file for upload. The default value is
true
to display the image preview.
Boolean isResumable
Allows the file upload operation to be paused and resumed. The default value is false
.
When isResumable
is set to true
, the file uploader uses a multipart upload to break the
files into chunks before upload. The progress of the upload isn't continuous, because the file uploader uploads a
chunk at a time.
Integer maxFileCount
Specifies the maximum number of files that can be selected to upload. The default value is an unlimited number of files.
Integer maxSize
The maximum file size in bytes that the file uploader will accept. The default value is an unlimited file size.
String appId
The unique ID of the Amplify app associated with the form.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String id
The unique ID of the form.
String name
The name of the form.
String formActionType
The operation to perform on the specified form.
FormStyle style
Stores the configuration for the form's style.
FormDataTypeConfig dataType
The type of data source to use to create the form.
Map<K,V> fields
Stores the information about the form's fields.
Map<K,V> sectionalElements
Stores the visual helper elements for the form that are not associated with any data.
String schemaVersion
The schema version of the form when it was imported.
Map<K,V> tags
One or more key-value pairs to use when tagging the form.
FormCTA cta
Stores the call to action configuration for the form.
String labelDecorator
Specifies an icon or decoration to display on the form.
Boolean excluded
Specifies whether the button is visible on the form.
String children
Describes the button's properties.
FieldPosition position
The position of the button.
String position
The position of the button.
FormButton clear
Displays a clear button.
FormButton cancel
Displays a cancel button.
FormButton submit
Displays a submit button.
String type
The property type.
FormInputBindingPropertiesValueProperties bindingProperties
Describes the properties to customize with data at runtime.
String model
An Amplify DataStore model.
String value
The value to assign to the input field.
FormInputValuePropertyBindingProperties bindingProperties
The information to bind fields to data at runtime.
List<E> concat
A list of form properties to concatenate to create the value to assign to this field property.
FormStyleConfig horizontalGap
The spacing for the horizontal gap.
FormStyleConfig verticalGap
The spacing for the vertical gap.
FormStyleConfig outerPadding
The size of the outer padding for the form.
String appId
The unique ID for the app associated with the form summary.
FormDataTypeConfig dataType
The form's data source type.
String environmentName
The name of the backend environment that is part of the Amplify app.
String formActionType
The type of operation to perform on the form.
String id
The ID of the form.
String name
The name of the form.
CodegenJob job
The configuration settings for the code generation job.
Component component
Represents the configuration settings for the component.
Form form
Represents the configuration settings for the form.
Theme theme
Represents the configuration settings for the theme.
String typesFilePath
The path to the GraphQL types file, relative to the component output directory.
String queriesFilePath
The path to the GraphQL queries file, relative to the component output directory.
String mutationsFilePath
The path to the GraphQL mutations file, relative to the component output directory.
String subscriptionsFilePath
The path to the GraphQL subscriptions file, relative to the component output directory.
String fragmentsFilePath
The path to the GraphQL fragments file, relative to the component output directory.
String appId
The unique ID for the Amplify app.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String nextToken
The token to request the next page of results.
Integer maxResults
The maximum number of jobs to retrieve.
String appId
The unique ID for the Amplify app.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String nextToken
The token to request the next page of results.
Integer maxResults
The maximum number of components to retrieve.
String appId
The unique ID for the Amplify app.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String nextToken
The token to request the next page of results.
Integer maxResults
The maximum number of forms to retrieve.
String resourceArn
The Amazon Resource Name (ARN) to use to list tags.
String appId
The unique ID for the Amplify app.
String environmentName
The name of the backend environment that is a part of the Amplify app.
String nextToken
The token to request the next page of results.
Integer maxResults
The maximum number of theme results to return in the response.
String componentName
The name of the component that is being modified.
String property
The name of the component property to apply the state configuration to.
ComponentProperty set
The state configuration to assign to the property.
List<E> or
A list of predicates to combine logically.
List<E> and
A list of predicates to combine logically.
String field
The field to query.
String operator
The operator to use to perform the evaluation.
String operand
The value to use when performing the evaluation.
String operandType
The type of value to use when performing the evaluation.
String newValue
The new information to store.
String appId
The unique ID for the Amplify app.
String environmentName
The name of the backend environment that is part of the Amplify app.
String featureName
The name of the feature associated with the metadata.
PutMetadataFlagBody body
The metadata information to store.
String module
The JavaScript module type.
String target
The ECMAScript specification to use.
String script
The file type to use for a JavaScript project.
Boolean renderTypeDeclarations
Specifies whether the code generation job should render type declaration files.
Boolean inlineSourceMap
Specifies whether the code generation job should render inline source maps.
ApiConfiguration apiConfiguration
The API configuration for the code generation job.
Map<