lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.55.0 vs lib/aws-sdk-secretsmanager/client.rb in aws-sdk-secretsmanager-1.56.0

- old
+ new

@@ -370,10 +370,19 @@ # new version to see if it should be deleted. You can delete a version # by removing all staging labels from it. # # </note> # + # <b>Required permissions: </b> `secretsmanager:CancelRotateSecret`. For + # more information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -449,13 +458,19 @@ # If the secret is in a different Amazon Web Services account from the # credentials calling the API, then you can't use `aws/secretsmanager` # to encrypt the secret, and you must create and use a customer managed # KMS key. # + # <b>Required permissions: </b> `secretsmanager:CreateSecret`. For more + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_create-basic-secret.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :name # The name of the new secret. # # The secret name can contain ASCII letters, numbers, and the following @@ -685,10 +700,19 @@ end # Deletes the resource-based permission policy attached to the secret. # To attach a policy to a secret, use PutResourcePolicy. # + # <b>Required permissions: </b> `secretsmanager:DeleteResourcePolicy`. + # For more information, see [ IAM policy actions for Secrets Manager][1] + # and [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret to delete the attached resource-based # policy for. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -754,13 +778,19 @@ # # In a secret scheduled for deletion, you cannot access the encrypted # secret value. To access that information, first cancel the deletion # with RestoreSecret and then retrieve the information. # + # <b>Required permissions: </b> `secretsmanager:DeleteSecret`. For more + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_delete-secret.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to delete. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -841,10 +871,19 @@ # Retrieves the details of a secret. It does not include the encrypted # secret value. Secrets Manager only returns fields that have a value in # the response. # + # <b>Required permissions: </b> `secretsmanager:DescribeSecret`. For + # more information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -925,10 +964,12 @@ # resp.description #=> String # resp.kms_key_id #=> String # resp.rotation_enabled #=> Boolean # resp.rotation_lambda_arn #=> String # resp.rotation_rules.automatically_after_days #=> Integer + # resp.rotation_rules.duration #=> String + # resp.rotation_rules.schedule_expression #=> String # resp.last_rotated_date #=> Time # resp.last_changed_date #=> Time # resp.last_accessed_date #=> Time # resp.deleted_date #=> Time # resp.tags #=> Array @@ -958,10 +999,19 @@ # Generates a random password. We recommend that you specify the maximum # length and include every character type that the system you are # generating a password for can support. # + # <b>Required permissions: </b> `secretsmanager:GetRandomPassword`. For + # more information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [Integer] :password_length # The length of the password. If you don't include this parameter, the # default length is 32 characters. # # @option params [String] :exclude_characters @@ -1046,13 +1096,19 @@ # Retrieves the JSON text of the resource-based policy document attached # to the secret. For more information about permissions policies # attached to a secret, see [Permissions policies attached to a # secret][1]. # + # <b>Required permissions: </b> `secretsmanager:GetResourcePolicy`. For + # more information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to retrieve the attached resource-based # policy for. # @@ -1104,21 +1160,26 @@ # Retrieves the contents of the encrypted fields `SecretString` or # `SecretBinary` from the specified version of a secret, whichever # contains content. # - # For information about retrieving the secret value in the console, see - # [Retrieve secrets][1]. + # We recommend that you cache your secret values by using client-side + # caching. Caching secrets improves speed and reduces your costs. For + # more information, see [Cache secrets for your applications][1]. # - # To run this command, you must have `secretsmanager:GetSecretValue` - # permissions. If the secret is encrypted using a customer-managed key - # instead of the Amazon Web Services managed key `aws/secretsmanager`, - # then you also need `kms:Decrypt` permissions for that key. + # <b>Required permissions: </b> `secretsmanager:GetSecretValue`. If the + # secret is encrypted using a customer-managed key instead of the Amazon + # Web Services managed key `aws/secretsmanager`, then you also need + # `kms:Decrypt` permissions for that key. For more information, see [ + # IAM policy actions for Secrets Manager][2] and [Authentication and + # access control in Secrets Manager][3]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to retrieve. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1214,15 +1275,19 @@ # To list the secrets in the account, use ListSecrets. # # To get the secret value from `SecretString` or `SecretBinary`, call # GetSecretValue. # - # **Minimum permissions** + # <b>Required permissions: </b> `secretsmanager:ListSecretVersionIds`. + # For more information, see [ IAM policy actions for Secrets Manager][1] + # and [Authentication and access control in Secrets Manager][2]. # - # To run this command, you must have - # `secretsmanager:ListSecretVersionIds` permissions. # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret whose versions you want to list. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -1331,18 +1396,19 @@ # GetSecretValue. # # For information about finding secrets in the console, see [Enhanced # search capabilities for secrets in Secrets Manager][1]. # - # **Minimum permissions** + # <b>Required permissions: </b> `secretsmanager:ListSecrets`. For more + # information, see [ IAM policy actions for Secrets Manager][2] and + # [Authentication and access control in Secrets Manager][3]. # - # To run this command, you must have `secretsmanager:ListSecrets` - # permissions. # # - # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/manage_search-secret.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [Integer] :max_results # The number of results to include in the response. # # If there are more results available, in the response, Secrets Manager @@ -1425,10 +1491,12 @@ # resp.secret_list[0].description #=> String # resp.secret_list[0].kms_key_id #=> String # resp.secret_list[0].rotation_enabled #=> Boolean # resp.secret_list[0].rotation_lambda_arn #=> String # resp.secret_list[0].rotation_rules.automatically_after_days #=> Integer + # resp.secret_list[0].rotation_rules.duration #=> String + # resp.secret_list[0].rotation_rules.schedule_expression #=> String # resp.secret_list[0].last_rotated_date #=> Time # resp.secret_list[0].last_changed_date #=> Time # resp.secret_list[0].last_accessed_date #=> Time # resp.secret_list[0].deleted_date #=> Time # resp.secret_list[0].tags #=> Array @@ -1456,14 +1524,19 @@ # [Authentication and access control for Secrets Manager][1] # # For information about attaching a policy in the console, see [Attach a # permissions policy to a secret][2]. # + # <b>Required permissions: </b> `secretsmanager:PutResourcePolicy`. For + # more information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][1]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-based-policies.html + # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions # # @option params [required, String] :secret_id # The ARN or name of the secret to attach the resource-based policy. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1556,10 +1629,19 @@ # you specify the same secret data, the operation succeeds but does # nothing. However, if the secret data is different, then the operation # fails because you can't modify an existing version; you can only # create new ones. # + # <b>Required permissions: </b> `secretsmanager:PutSecretValue`. For + # more information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret to add a new version to. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -1697,10 +1779,20 @@ end # For a secret that is replicated to other Regions, deletes the secret # replicas from the Regions you specify. # + # <b>Required permissions: </b> + # `secretsmanager:RemoveRegionsFromReplication`. For more information, + # see [ IAM policy actions for Secrets Manager][1] and [Authentication + # and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret. # # @option params [required, Array<String>] :remove_replica_regions # The Regions of the replicas to remove. @@ -1736,13 +1828,20 @@ req.send_request(options) end # Replicates the secret to a new Regions. See [Multi-Region secrets][1]. # + # <b>Required permissions: </b> + # `secretsmanager:ReplicateSecretToRegions`. For more information, see [ + # IAM policy actions for Secrets Manager][2] and [Authentication and + # access control in Secrets Manager][3]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/create-manage-multi-region-secrets.html + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or name of the secret to replicate. # # @option params [required, Array<Types::ReplicaRegionType>] :add_replica_regions @@ -1791,10 +1890,19 @@ # Cancels the scheduled deletion of a secret by removing the # `DeletedDate` time stamp. You can access a secret again after it has # been restored. # + # <b>Required permissions: </b> `secretsmanager:RestoreSecret`. For more + # information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret to restore. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -1862,18 +1970,23 @@ # If the `AWSPENDING` staging label is present but not attached to the # same version as `AWSCURRENT`, then any later invocation of # `RotateSecret` assumes that a previous rotation request is still in # progress and returns an error. # - # To run this command, you must have `secretsmanager:RotateSecret` - # permissions and `lambda:InvokeFunction` permissions on the function - # specified in the secret's metadata. + # <b>Required permissions: </b> `secretsmanager:RotateSecret`. For more + # information, see [ IAM policy actions for Secrets Manager][3] and + # [Authentication and access control in Secrets Manager][4]. You also + # need `lambda:InvokeFunction` permissions on the rotation function. For + # more information, see [ Permissions for rotation][5]. # # # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets.html # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html + # [3]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [4]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [5]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html # # @option params [required, String] :secret_id # The ARN or name of the secret to rotate. # # For an ARN, we recommend that you specify a complete ARN rather than a @@ -1910,10 +2023,27 @@ # The ARN of the Lambda rotation function that can rotate the secret. # # @option params [Types::RotationRulesType] :rotation_rules # A structure that defines the rotation configuration for this secret. # + # @option params [Boolean] :rotate_immediately + # Specifies whether to rotate the secret immediately or wait until the + # next scheduled rotation window. The rotation schedule is defined in + # RotateSecretRequest$RotationRules. + # + # If you don't immediately rotate the secret, Secrets Manager tests the + # rotation configuration by running the [ `testSecret` step][1] of the + # Lambda rotation function. The test creates an `AWSPENDING` version of + # the secret and then removes it. + # + # If you don't specify this value, then by default, Secrets Manager + # rotates the secret immediately. + # + # + # + # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotate-secrets_how.html + # # @return [Types::RotateSecretResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # # * {Types::RotateSecretResponse#arn #arn} => String # * {Types::RotateSecretResponse#name #name} => String # * {Types::RotateSecretResponse#version_id #version_id} => String @@ -1924,11 +2054,14 @@ # secret_id: "SecretIdType", # required # client_request_token: "ClientRequestTokenType", # rotation_lambda_arn: "RotationLambdaARNType", # rotation_rules: { # automatically_after_days: 1, + # duration: "DurationType", + # schedule_expression: "ScheduleExpressionType", # }, + # rotate_immediately: false, # }) # # @example Response structure # # resp.arn #=> String @@ -1948,10 +2081,20 @@ # promotes the replica to a primary secret in the replica Region. # # You must call this operation from the Region in which you want to # promote the replica to a primary secret. # + # <b>Required permissions: </b> + # `secretsmanager:StopReplicationToReplica`. For more information, see [ + # IAM policy actions for Secrets Manager][1] and [Authentication and + # access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN of the primary secret. # # @return [Types::StopReplicationToReplicaResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods: # @@ -2005,10 +2148,19 @@ # If you use tags as part of your security strategy, then adding or # removing a tag can change permissions. If successfully completing this # operation would result in you losing your permissions for this secret, # then the operation is blocked and returns an Access Denied error. # + # <b>Required permissions: </b> `secretsmanager:TagResource`. For more + # information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The identifier for the secret to attach tags to. You can specify # either the Amazon Resource Name (ARN) or the friendly name of the # secret. # @@ -2079,10 +2231,19 @@ # If you use tags as part of your security strategy, then removing a tag # can change permissions. If successfully completing this operation # would result in you losing your permissions for this secret, then the # operation is blocked and returns an Access Denied error. # + # <b>Required permissions: </b> `secretsmanager:UntagResource`. For more + # information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. + # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -2170,14 +2331,23 @@ # If the secret is in a different Amazon Web Services account from the # credentials calling the API, then you can't use `aws/secretsmanager` # to encrypt the secret, and you must create and use a customer managed # key. # - # To run this command, you must have `secretsmanager:UpdateSecret` - # permissions. If you use a customer managed key, you must also have - # `kms:GenerateDataKey` and `kms:Decrypt` permissions . + # <b>Required permissions: </b> `secretsmanager:UpdateSecret`. For more + # information, see [ IAM policy actions for Secrets Manager][1] and + # [Authentication and access control in Secrets Manager][2]. If you use + # a customer managed key, you must also have `kms:GenerateDataKey` and + # `kms:Decrypt` permissions on the key. For more information, see [ + # Secret encryption and decryption][3]. # + # + # + # [1]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [2]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/security-encryption.html + # # @option params [required, String] :secret_id # The ARN or name of the secret. # # For an ARN, we recommend that you specify a complete ARN rather than a # partial ARN. @@ -2348,13 +2518,20 @@ # # If this action results in the last label being removed from a version, # then the version is considered to be 'deprecated' and can be deleted # by Secrets Manager. # + # <b>Required permissions: </b> + # `secretsmanager:UpdateSecretVersionStage`. For more information, see [ + # IAM policy actions for Secrets Manager][2] and [Authentication and + # access control in Secrets Manager][3]. # # + # # [1]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/getting-started.html#term_version + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [required, String] :secret_id # The ARN or the name of the secret with the version and staging # labelsto modify. # @@ -2475,13 +2652,19 @@ # # * Checks for correct syntax in a policy. # # * Verifies the policy does not lock out a caller. # + # <b>Required permissions: </b> `secretsmanager:ValidateResourcePolicy`. + # For more information, see [ IAM policy actions for Secrets Manager][2] + # and [Authentication and access control in Secrets Manager][3]. # # + # # [1]: https://aws.amazon.com/blogs/security/protect-sensitive-data-in-the-cloud-with-automated-reasoning-zelkova/ + # [2]: https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecretsmanager.html#awssecretsmanager-actions-as-permissions + # [3]: https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html # # @option params [String] :secret_id # This field is reserved for internal use. # # @option params [required, String] :resource_policy @@ -2550,10 +2733,10 @@ operation: config.api.operation(operation_name), client: self, params: params, config: config) context[:gem_name] = 'aws-sdk-secretsmanager' - context[:gem_version] = '1.55.0' + context[:gem_version] = '1.56.0' Seahorse::Client::Request.new(handlers, context) end # @api private # @deprecated