Updates SDK to v2.634.0

.changes/2.634.0.json

@@ -0,0 +1,22 @@
+[
+    {
+        "type": "feature",
+        "category": "EC2",
+        "description": "You can now create AWS Client VPN Endpoints with a specified VPC and Security Group. Additionally, you can modify these attributes when modifying the endpoint. "
+    },
+    {
+        "type": "feature",
+        "category": "EKS",
+        "description": "Amazon EKS now supports adding a KMS key to your cluster for envelope encryption of Kubernetes secrets."
+    },
+    {
+        "type": "feature",
+        "category": "GuardDuty",
+        "description": "Add a new finding field for EC2 findings indicating the instance's local IP address involved in the threat."
+    },
+    {
+        "type": "feature",
+        "category": "OpsWorksCM",
+        "description": "Updated the Tag regex pattern to align with AWS tagging APIs."
+    }
+]

CHANGELOG.md

@@ -1,7 +1,13 @@
 # Changelog for AWS SDK for JavaScript
-<!--LATEST=2.633.0-->
+<!--LATEST=2.634.0-->
 <!--ENTRYINSERT-->
 
+## 2.634.0
+* feature: EC2: You can now create AWS Client VPN Endpoints with a specified VPC and Security Group. Additionally, you can modify these attributes when modifying the endpoint. 
+* feature: EKS: Amazon EKS now supports adding a KMS key to your cluster for envelope encryption of Kubernetes secrets.
+* feature: GuardDuty: Add a new finding field for EC2 findings indicating the instance's local IP address involved in the threat.
+* feature: OpsWorksCM: Updated the Tag regex pattern to align with AWS tagging APIs.
+
 ## 2.633.0
 * feature: Pinpoint: This release of the Amazon Pinpoint API introduces support for integrating recommender models with email, push notification, and SMS message templates. You can now use these types of templates to connect to recommender models and add personalized recommendations to messages that you send from campaigns and journeys.
 

README.md

@@ -25,7 +25,7 @@ version.
 To use the SDK in the browser, simply add the following script tag to your
 HTML pages:
 
-    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.633.0.min.js"></script>
+    <script src="https://sdk.amazonaws.com/js/aws-sdk-2.634.0.min.js"></script>
 
 You can also build a custom browser SDK with your specified set of AWS services.
 This can allow you to reduce the SDK's size, specify different API versions of

apis/ec2-2016-11-15.min.json

@@ -1354,7 +1354,12 @@
           "TagSpecifications": {
             "shape": "S1l",
             "locationName": "TagSpecification"
-          }
+          },
+          "SecurityGroupIds": {
+            "shape": "S1u",
+            "locationName": "SecurityGroupId"
+          },
+          "VpcId": {}
         }
       },
       "output": {
@@ -5222,6 +5227,13 @@
                 "Tags": {
                   "shape": "Sj",
                   "locationName": "tagSet"
+                },
+                "SecurityGroupIds": {
+                  "shape": "S1u",
+                  "locationName": "securityGroupIdSet"
+                },
+                "VpcId": {
+                  "locationName": "vpcId"
                 }
               }
             }
@@ -13283,7 +13295,12 @@
           },
           "DryRun": {
             "type": "boolean"
-          }
+          },
+          "SecurityGroupIds": {
+            "shape": "S1u",
+            "locationName": "SecurityGroupId"
+          },
+          "VpcId": {}
         }
       },
       "output": {

apis/ec2-2016-11-15.normal.json

@@ -192,7 +192,7 @@
       "output": {
         "shape": "AssociateClientVpnTargetNetworkResult"
       },
-      "documentation": "<p>Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.</p>"
+      "documentation": "<p>Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.</p> <p>If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that's in a different VPC, you must first modify the Client VPN endpoint (<a>ModifyClientVpnEndpoint</a>) and change the VPC that's associated with it.</p>"
     },
     "AssociateDhcpOptions": {
       "name": "AssociateDhcpOptions",
@@ -1894,7 +1894,7 @@
       "input": {
         "shape": "DeleteVpnGatewayRequest"
       },
-      "documentation": "<p>Deletes the specified virtual private gateway. We recommend that before you delete a virtual private gateway, you detach it from the VPC and delete the VPN connection. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.</p>"
+      "documentation": "<p>Deletes the specified virtual private gateway. You must first detach the virtual private gateway from the VPC. Note that you don't need to delete the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and your network.</p>"
     },
     "DeprovisionByoipCidr": {
       "name": "DeprovisionByoipCidr",
@@ -4247,7 +4247,7 @@
       "output": {
         "shape": "ModifyClientVpnEndpointResult"
       },
-      "documentation": "<p>Modifies the specified Client VPN endpoint. You can only modify an endpoint's server certificate information, client connection logging information, DNS server, and description. Modifying the DNS server resets existing client connections.</p>"
+      "documentation": "<p>Modifies the specified Client VPN endpoint. Modifying the DNS server resets existing client connections.</p>"
     },
     "ModifyDefaultCreditSpecification": {
       "name": "ModifyDefaultCreditSpecification",
@@ -4696,7 +4696,7 @@
       "output": {
         "shape": "ModifyVpnConnectionResult"
       },
-      "documentation": "<p>Modifies the target gateway of an AWS Site-to-Site VPN connection. The following migration options are available:</p> <ul> <li> <p>An existing virtual private gateway to a new virtual private gateway</p> </li> <li> <p>An existing virtual private gateway to a transit gateway</p> </li> <li> <p>An existing transit gateway to a new transit gateway</p> </li> <li> <p>An existing transit gateway to a virtual private gateway</p> </li> </ul> <p>Before you perform the migration to the new gateway, you must configure the new gateway. Use <a>CreateVpnGateway</a> to create a virtual private gateway, or <a>CreateTransitGateway</a> to create a transit gateway.</p> <p>This step is required when you migrate from a virtual private gateway with static routes to a transit gateway. </p> <p>You must delete the static routes before you migrate to the new gateway.</p> <p>Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.</p> <p>After you migrate to the new gateway, you might need to modify your VPC route table. Use <a>CreateRoute</a> and <a>DeleteRoute</a> to make the changes described in <a href=\"https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing\">VPN Gateway Target Modification Required VPC Route Table Updates</a> in the <i>AWS Site-to-Site VPN User Guide</i>.</p> <p> When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the AWS Site-to-Site VPN connection. Use <a>CreateTransitGatewayRoute</a> to add the routes.</p> <p> If you deleted VPN static routes, you must add the static routes to the transit gateway route table.</p> <p>After you perform this operation, the AWS VPN endpoint's IP addresses on the AWS side and the tunnel options remain intact. Your s2slong; connection will be temporarily unavailable for approximately 10 minutes while we provision the new endpoints </p>"
+      "documentation": "<p>Modifies the target gateway of an AWS Site-to-Site VPN connection. The following migration options are available:</p> <ul> <li> <p>An existing virtual private gateway to a new virtual private gateway</p> </li> <li> <p>An existing virtual private gateway to a transit gateway</p> </li> <li> <p>An existing transit gateway to a new transit gateway</p> </li> <li> <p>An existing transit gateway to a virtual private gateway</p> </li> </ul> <p>Before you perform the migration to the new gateway, you must configure the new gateway. Use <a>CreateVpnGateway</a> to create a virtual private gateway, or <a>CreateTransitGateway</a> to create a transit gateway.</p> <p>This step is required when you migrate from a virtual private gateway with static routes to a transit gateway. </p> <p>You must delete the static routes before you migrate to the new gateway.</p> <p>Keep a copy of the static route before you delete it. You will need to add back these routes to the transit gateway after the VPN connection migration is complete.</p> <p>After you migrate to the new gateway, you might need to modify your VPC route table. Use <a>CreateRoute</a> and <a>DeleteRoute</a> to make the changes described in <a href=\"https://docs.aws.amazon.com/vpn/latest/s2svpn/modify-vpn-target.html#step-update-routing\">VPN Gateway Target Modification Required VPC Route Table Updates</a> in the <i>AWS Site-to-Site VPN User Guide</i>.</p> <p> When the new gateway is a transit gateway, modify the transit gateway route table to allow traffic between the VPC and the AWS Site-to-Site VPN connection. Use <a>CreateTransitGatewayRoute</a> to add the routes.</p> <p> If you deleted VPN static routes, you must add the static routes to the transit gateway route table.</p> <p>After you perform this operation, the AWS VPN endpoint's IP addresses on the AWS side and the tunnel options remain intact. Your AWS Site-to-Site VPN connection will be temporarily unavailable for a brief period while we provision the new endpoints.</p>"
     },
     "ModifyVpnTunnelCertificate": {
       "name": "ModifyVpnTunnelCertificate",
@@ -8303,6 +8303,16 @@
           "shape": "TagList",
           "documentation": "<p>Any tags assigned to the Client VPN endpoint.</p>",
           "locationName": "tagSet"
+        },
+        "SecurityGroupIds": {
+          "shape": "ClientVpnSecurityGroupIdSet",
+          "documentation": "<p>The IDs of the security groups for the target network.</p>",
+          "locationName": "securityGroupIdSet"
+        },
+        "VpcId": {
+          "shape": "VpcId",
+          "documentation": "<p>The ID of the VPC.</p>",
+          "locationName": "vpcId"
         }
       },
       "documentation": "<p>Describes a Client VPN endpoint.</p>"
@@ -9053,6 +9063,15 @@
           "shape": "TagSpecificationList",
           "documentation": "<p>The tags to apply to the Client VPN endpoint during creation.</p>",
           "locationName": "TagSpecification"
+        },
+        "SecurityGroupIds": {
+          "shape": "ClientVpnSecurityGroupIdSet",
+          "documentation": "<p>The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.</p>",
+          "locationName": "SecurityGroupId"
+        },
+        "VpcId": {
+          "shape": "VpcId",
+          "documentation": "<p>The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.</p>"
         }
       }
     },
@@ -16780,7 +16799,7 @@
         },
         "Filters": {
           "shape": "FilterList",
-          "documentation": "<p>The filters.</p> <ul> <li> <p> <code>key</code> - The tag key.</p> </li> <li> <p> <code>resource-id</code> - The ID of the resource.</p> </li> <li> <p> <code>resource-type</code> - The resource type (<code>customer-gateway</code> | <code>dedicated-host</code> | <code>dhcp-options</code> | <code>elastic-ip</code> | <code>fleet</code> | <code>fpga-image</code> | <code>image</code> | <code>instance</code> | <code>host-reservation</code> | <code>internet-gateway</code> | <code>launch-template</code> | <code>natgateway</code> | <code>network-acl</code> | <code>network-interface</code> | <code>reserved-instances</code> | <code>route-table</code> | <code>security-group</code> | <code>snapshot</code> | <code>spot-instances-request</code> | <code>subnet</code> | <code>volume</code> | <code>vpc</code> | <code>vpc-peering-connection</code> | <code>vpn-connection</code> | <code>vpn-gateway</code>).</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of the tag. For example, specify \"tag:Owner\" for the filter name and \"TeamA\" for the filter value to find resources with the tag \"Owner=TeamA\".</p> </li> <li> <p> <code>value</code> - The tag value.</p> </li> </ul>",
+          "documentation": "<p>The filters.</p> <ul> <li> <p> <code>key</code> - The tag key.</p> </li> <li> <p> <code>resource-id</code> - The ID of the resource.</p> </li> <li> <p> <code>resource-type</code> - The resource type (<code>customer-gateway</code> | <code>dedicated-host</code> | <code>dhcp-options</code> | <code>elastic-ip</code> | <code>fleet</code> | <code>fpga-image</code> | <code>image</code> | <code>instance</code> | <code>host-reservation</code> | <code>internet-gateway</code> | <code>launch-template</code> | <code>natgateway</code> | <code>network-acl</code> | <code>network-interface</code> | <code>placement-group</code> | <code>reserved-instances</code> | <code>route-table</code> | <code>security-group</code> | <code>snapshot</code> | <code>spot-instances-request</code> | <code>subnet</code> | <code>volume</code> | <code>vpc</code> | <code>vpc-endpoint</code> | <code>vpc-endpoint-service</code> | <code>vpc-peering-connection</code> | <code>vpn-connection</code> | <code>vpn-gateway</code>).</p> </li> <li> <p> <code>tag</code>:&lt;key&gt; - The key/value combination of the tag. For example, specify \"tag:Owner\" for the filter name and \"TeamA\" for the filter value to find resources with the tag \"Owner=TeamA\".</p> </li> <li> <p> <code>value</code> - The tag value.</p> </li> </ul>",
           "locationName": "Filter"
         },
         "MaxResults": {
@@ -18356,7 +18375,8 @@
           "documentation": "<p>The ID of the route table.</p>"
         },
         "DryRun": {
-          "shape": "Boolean"
+          "shape": "Boolean",
+          "documentation": "<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
         }
       },
       "documentation": "<p>Contains the parameters for DisableVgwRoutePropagation.</p>"
@@ -19445,7 +19465,8 @@
           "documentation": "<p>The ID of the route table. The routing table must be associated with the same VPC that the virtual private gateway is attached to. </p>"
         },
         "DryRun": {
-          "shape": "Boolean"
+          "shape": "Boolean",
+          "documentation": "<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
         }
       },
       "documentation": "<p>Contains the parameters for EnableVgwRoutePropagation.</p>"
@@ -26916,6 +26937,15 @@
         "DryRun": {
           "shape": "Boolean",
           "documentation": "<p>Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is <code>DryRunOperation</code>. Otherwise, it is <code>UnauthorizedOperation</code>.</p>"
+        },
+        "SecurityGroupIds": {
+          "shape": "ClientVpnSecurityGroupIdSet",
+          "documentation": "<p>The IDs of one or more security groups to apply to the target network.</p>",
+          "locationName": "SecurityGroupId"
+        },
+        "VpcId": {
+          "shape": "VpcId",
+          "documentation": "<p>The ID of the VPC to associate with the Client VPN endpoint.</p>"
         }
       }
     },
@@ -35859,7 +35889,7 @@
       "members": {
         "ResourceType": {
           "shape": "ResourceType",
-          "documentation": "<p>The type of resource to tag. Currently, the resource types that support tagging on creation are: <code>capacity-reservation</code> | <code>client-vpn-endpoint</code> | <code>dedicated-host</code> | <code>fleet</code> | <code>fpga-image</code> | <code>instance</code> | <code>key-pair</code> | <code>launch-template</code> | <code>placement-group</code> | <code>snapshot</code> | <code>traffic-mirror-filter</code> | <code>traffic-mirror-session</code> | <code>traffic-mirror-target</code> | <code>transit-gateway</code> | <code>transit-gateway-attachment</code> | <code>transit-gateway-route-table</code> | <code>volume</code>.</p> <p>To tag a resource after it has been created, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html\">CreateTags</a>.</p>",
+          "documentation": "<p>The type of resource to tag. Currently, the resource types that support tagging on creation are: <code>capacity-reservation</code> | <code>client-vpn-endpoint</code> | <code>dedicated-host</code> | <code>fleet</code> | <code>fpga-image</code> | <code>instance</code> | <code>key-pair</code> | <code>launch-template</code> | <code>spot-fleet-request</code> | <code>placement-group</code> | <code>snapshot</code> | <code>traffic-mirror-filter</code> | <code>traffic-mirror-session</code> | <code>traffic-mirror-target</code> | <code>transit-gateway</code> | <code>transit-gateway-attachment</code> | <code>transit-gateway-route-table</code> | <code>vpc-endpoint</code> (for interface VPC endpoints)| <code>vpc-endpoint-service</code> (for gateway VPC endpoints) | <code>volume</code> | <code>vpc-flow-log</code>.</p> <p>To tag a resource after it has been created, see <a href=\"https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTags.html\">CreateTags</a>.</p>",
           "locationName": "resourceType"
         },
         "Tags": {