From 895cc687003d4a27d231595a05f6e59fbfe17a57 Mon Sep 17 00:00:00 2001 From: awstools Date: Thu, 25 Jul 2024 19:38:55 +0000 Subject: [PATCH] feat(client-sfn): This release adds support to customer managed KMS key encryption in AWS Step Functions. --- clients/client-sfn/README.md | 2 +- clients/client-sfn/src/SFN.ts | 2 +- clients/client-sfn/src/SFNClient.ts | 2 +- .../src/commands/CreateActivityCommand.ts | 17 + .../src/commands/CreateStateMachineCommand.ts | 25 +- .../DeleteStateMachineVersionCommand.ts | 4 +- .../src/commands/DescribeActivityCommand.ts | 5 + .../src/commands/DescribeExecutionCommand.ts | 10 + .../commands/DescribeStateMachineCommand.ts | 15 + ...DescribeStateMachineForExecutionCommand.ts | 19 +- .../src/commands/GetActivityTaskCommand.ts | 9 + .../commands/GetExecutionHistoryCommand.ts | 9 + .../src/commands/ListExecutionsCommand.ts | 2 +- .../src/commands/SendTaskFailureCommand.ts | 11 + .../src/commands/SendTaskSuccessCommand.ts | 9 + .../src/commands/StartExecutionCommand.ts | 9 + .../src/commands/StartSyncExecutionCommand.ts | 12 +- .../src/commands/StopExecutionCommand.ts | 11 + .../src/commands/UpdateStateMachineCommand.ts | 18 +- clients/client-sfn/src/index.ts | 2 +- clients/client-sfn/src/models/models_0.ts | 262 +++++++++++- .../client-sfn/src/protocols/Aws_json1_0.ts | 118 ++++++ codegen/sdk-codegen/aws-models/sfn.json | 386 +++++++++++++++++- 23 files changed, 921 insertions(+), 38 deletions(-) diff --git a/clients/client-sfn/README.md b/clients/client-sfn/README.md index 7b624853b2e6..4b7cb86b75e7 100644 --- a/clients/client-sfn/README.md +++ b/clients/client-sfn/README.md @@ -8,7 +8,7 @@ AWS SDK for JavaScript SFN Client for Node.js, Browser and React Native. Step Functions -

Step Functions is a service that lets you coordinate the components of distributed applications +

Step Functions coordinates the components of distributed applications and microservices using visual workflows.

You can use Step Functions to build applications from individual components, each of which performs a discrete function, or task, allowing you to scale and change diff --git a/clients/client-sfn/src/SFN.ts b/clients/client-sfn/src/SFN.ts index 42d5c3d9d870..2372f7ba0f1a 100644 --- a/clients/client-sfn/src/SFN.ts +++ b/clients/client-sfn/src/SFN.ts @@ -790,7 +790,7 @@ export interface SFN { /** * Step Functions - *

Step Functions is a service that lets you coordinate the components of distributed applications + *

Step Functions coordinates the components of distributed applications * and microservices using visual workflows.

*

You can use Step Functions to build applications from individual components, each of which performs * a discrete function, or task, allowing you to scale and change diff --git a/clients/client-sfn/src/SFNClient.ts b/clients/client-sfn/src/SFNClient.ts index f5f307e9cb0b..c55d71a6055f 100644 --- a/clients/client-sfn/src/SFNClient.ts +++ b/clients/client-sfn/src/SFNClient.ts @@ -397,7 +397,7 @@ export interface SFNClientResolvedConfig extends SFNClientResolvedConfigType {} /** * Step Functions - *

Step Functions is a service that lets you coordinate the components of distributed applications + *

Step Functions coordinates the components of distributed applications * and microservices using visual workflows.

*

You can use Step Functions to build applications from individual components, each of which performs * a discrete function, or task, allowing you to scale and change diff --git a/clients/client-sfn/src/commands/CreateActivityCommand.ts b/clients/client-sfn/src/commands/CreateActivityCommand.ts index c8011781aae5..e332ea78a3f9 100644 --- a/clients/client-sfn/src/commands/CreateActivityCommand.ts +++ b/clients/client-sfn/src/commands/CreateActivityCommand.ts @@ -59,6 +59,11 @@ export interface CreateActivityCommandOutput extends CreateActivityOutput, __Met * value: "STRING_VALUE", * }, * ], + * encryptionConfiguration: { // EncryptionConfiguration + * kmsKeyId: "STRING_VALUE", + * kmsDataKeyReusePeriodSeconds: Number("int"), + * type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * }, * }; * const command = new CreateActivityCommand(input); * const response = await client.send(command); @@ -75,13 +80,25 @@ export interface CreateActivityCommandOutput extends CreateActivityOutput, __Met * @see {@link CreateActivityCommandOutput} for command's `response` shape. * @see {@link SFNClientResolvedConfig | config} for SFNClient's `config` shape. * + * @throws {@link ActivityAlreadyExists} (client fault) + *

Activity already exists. EncryptionConfiguration may not be updated.

+ * * @throws {@link ActivityLimitExceeded} (client fault) *

The maximum number of activities has been reached. Existing activities must be deleted * before a new activity can be created.

* + * @throws {@link InvalidEncryptionConfiguration} (client fault) + *

Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.

+ * * @throws {@link InvalidName} (client fault) *

The provided name is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link TooManyTags} (client fault) *

You've exceeded the number of tags allowed for a resource. See the Limits Topic in the * Step Functions Developer Guide.

diff --git a/clients/client-sfn/src/commands/CreateStateMachineCommand.ts b/clients/client-sfn/src/commands/CreateStateMachineCommand.ts index eafddd592b07..175791687497 100644 --- a/clients/client-sfn/src/commands/CreateStateMachineCommand.ts +++ b/clients/client-sfn/src/commands/CreateStateMachineCommand.ts @@ -40,6 +40,9 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * Language in the Step Functions User Guide.

*

If you set the publish parameter of this API action to true, it * publishes version 1 as the first revision of the state machine.

+ *

+ * For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine. + *

* *

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

* @@ -48,8 +51,8 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * CreateStateMachine is an idempotent API. Subsequent requests won’t create a * duplicate resource if it was already created. CreateStateMachine's idempotency * check is based on the state machine name, definition, - * type, LoggingConfiguration, and - * TracingConfiguration. The check is also based on the publish and versionDescription parameters. If a following request has a different + * type, LoggingConfiguration, + * TracingConfiguration, and EncryptionConfiguration The check is also based on the publish and versionDescription parameters. If a following request has a different * roleArn or tags, Step Functions will ignore these differences and treat * it as an idempotent request of the previous. In this case, roleArn and * tags will not be updated, even if they are different.

@@ -87,6 +90,11 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * }, * publish: true || false, * versionDescription: "STRING_VALUE", + * encryptionConfiguration: { // EncryptionConfiguration + * kmsKeyId: "STRING_VALUE", + * kmsDataKeyReusePeriodSeconds: Number("int"), + * type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * }, * }; * const command = new CreateStateMachineCommand(input); * const response = await client.send(command); @@ -114,8 +122,11 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * @throws {@link InvalidDefinition} (client fault) *

The provided Amazon States Language definition is not valid.

* + * @throws {@link InvalidEncryptionConfiguration} (client fault) + *

Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.

+ * * @throws {@link InvalidLoggingConfiguration} (client fault) - *

+ *

Configuration is not valid.

* * @throws {@link InvalidName} (client fault) *

The provided name is not valid.

@@ -124,6 +135,12 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu *

Your tracingConfiguration key does not match, or enabled has not * been set to true or false.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link StateMachineAlreadyExists} (client fault) *

A state machine with the same name but a different definition or role ARN already * exists.

@@ -136,7 +153,7 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * deleted before a new state machine can be created.

* * @throws {@link StateMachineTypeNotSupported} (client fault) - *

+ *

State machine type is not supported.

* * @throws {@link TooManyTags} (client fault) *

You've exceeded the number of tags allowed for a resource. See the Limits Topic in the diff --git a/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts b/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts index aed9875be1e8..0763150a3831 100644 --- a/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts +++ b/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts @@ -30,9 +30,7 @@ export interface DeleteStateMachineVersionCommandOutput extends DeleteStateMachi /** *

Deletes a state machine version. After * you delete a version, you can't call StartExecution using that version's ARN - * or use - * the - * version with a state machine alias.

+ * or use the version with a state machine alias.

* *

Deleting a state machine version won't terminate its in-progress executions.

* diff --git a/clients/client-sfn/src/commands/DescribeActivityCommand.ts b/clients/client-sfn/src/commands/DescribeActivityCommand.ts index 0e658f23111e..c25ae53de054 100644 --- a/clients/client-sfn/src/commands/DescribeActivityCommand.ts +++ b/clients/client-sfn/src/commands/DescribeActivityCommand.ts @@ -47,6 +47,11 @@ export interface DescribeActivityCommandOutput extends DescribeActivityOutput, _ * // activityArn: "STRING_VALUE", // required * // name: "STRING_VALUE", // required * // creationDate: new Date("TIMESTAMP"), // required + * // encryptionConfiguration: { // EncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // kmsDataKeyReusePeriodSeconds: Number("int"), + * // type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * // }, * // }; * * ``` diff --git a/clients/client-sfn/src/commands/DescribeExecutionCommand.ts b/clients/client-sfn/src/commands/DescribeExecutionCommand.ts index 45a44afb9f10..0e121357e37b 100644 --- a/clients/client-sfn/src/commands/DescribeExecutionCommand.ts +++ b/clients/client-sfn/src/commands/DescribeExecutionCommand.ts @@ -47,6 +47,7 @@ export interface DescribeExecutionCommandOutput extends DescribeExecutionOutput, * const client = new SFNClient(config); * const input = { // DescribeExecutionInput * executionArn: "STRING_VALUE", // required + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new DescribeExecutionCommand(input); * const response = await client.send(command); @@ -91,6 +92,15 @@ export interface DescribeExecutionCommandOutput extends DescribeExecutionOutput, * @throws {@link InvalidArn} (client fault) *

The provided Amazon Resource Name (ARN) is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link SFNServiceException} *

Base exception class for all service exceptions from SFN service.

* diff --git a/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts b/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts index 7c1c0f8c0d87..1a79a8a27e0f 100644 --- a/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts +++ b/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts @@ -74,6 +74,7 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * const client = new SFNClient(config); * const input = { // DescribeStateMachineInput * stateMachineArn: "STRING_VALUE", // required + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new DescribeStateMachineCommand(input); * const response = await client.send(command); @@ -102,6 +103,11 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * // label: "STRING_VALUE", * // revisionId: "STRING_VALUE", * // description: "STRING_VALUE", + * // encryptionConfiguration: { // EncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // kmsDataKeyReusePeriodSeconds: Number("int"), + * // type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * // }, * // }; * * ``` @@ -115,6 +121,15 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * @throws {@link InvalidArn} (client fault) *

The provided Amazon Resource Name (ARN) is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link StateMachineDoesNotExist} (client fault) *

The specified state machine does not exist.

* diff --git a/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts b/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts index 57554974b4f2..831a5f04f403 100644 --- a/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts +++ b/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts @@ -39,9 +39,7 @@ export interface DescribeStateMachineForExecutionCommandOutput /** *

Provides information about a state machine's definition, its execution role ARN, and * configuration. If a Map Run dispatched the execution, this action returns the Map Run - * Amazon Resource Name (ARN) in the response. - * The - * state machine returned is the state machine associated with the + * Amazon Resource Name (ARN) in the response. The state machine returned is the state machine associated with the * Map Run.

* *

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

@@ -55,6 +53,7 @@ export interface DescribeStateMachineForExecutionCommandOutput * const client = new SFNClient(config); * const input = { // DescribeStateMachineForExecutionInput * executionArn: "STRING_VALUE", // required + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new DescribeStateMachineForExecutionCommand(input); * const response = await client.send(command); @@ -81,6 +80,11 @@ export interface DescribeStateMachineForExecutionCommandOutput * // mapRunArn: "STRING_VALUE", * // label: "STRING_VALUE", * // revisionId: "STRING_VALUE", + * // encryptionConfiguration: { // EncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // kmsDataKeyReusePeriodSeconds: Number("int"), + * // type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * // }, * // }; * * ``` @@ -97,6 +101,15 @@ export interface DescribeStateMachineForExecutionCommandOutput * @throws {@link InvalidArn} (client fault) *

The provided Amazon Resource Name (ARN) is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link SFNServiceException} *

Base exception class for all service exceptions from SFN service.

* diff --git a/clients/client-sfn/src/commands/GetActivityTaskCommand.ts b/clients/client-sfn/src/commands/GetActivityTaskCommand.ts index 2da1f6a89c0a..68d2e79e0872 100644 --- a/clients/client-sfn/src/commands/GetActivityTaskCommand.ts +++ b/clients/client-sfn/src/commands/GetActivityTaskCommand.ts @@ -83,6 +83,15 @@ export interface GetActivityTaskCommandOutput extends GetActivityTaskOutput, __M * @throws {@link InvalidArn} (client fault) *

The provided Amazon Resource Name (ARN) is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link SFNServiceException} *

Base exception class for all service exceptions from SFN service.

* diff --git a/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts b/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts index 933c49505c46..4c7f6e34095d 100644 --- a/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts +++ b/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts @@ -264,6 +264,15 @@ export interface GetExecutionHistoryCommandOutput extends GetExecutionHistoryOut * @throws {@link InvalidToken} (client fault) *

The provided token is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link SFNServiceException} *

Base exception class for all service exceptions from SFN service.

* diff --git a/clients/client-sfn/src/commands/ListExecutionsCommand.ts b/clients/client-sfn/src/commands/ListExecutionsCommand.ts index f7a5a83974f0..685ad715e3d4 100644 --- a/clients/client-sfn/src/commands/ListExecutionsCommand.ts +++ b/clients/client-sfn/src/commands/ListExecutionsCommand.ts @@ -95,7 +95,7 @@ export interface ListExecutionsCommandOutput extends ListExecutionsOutput, __Met *

The specified state machine does not exist.

* * @throws {@link StateMachineTypeNotSupported} (client fault) - *

+ *

State machine type is not supported.

* * @throws {@link ValidationException} (client fault) *

The input does not satisfy the constraints specified by an Amazon Web Services service.

diff --git a/clients/client-sfn/src/commands/SendTaskFailureCommand.ts b/clients/client-sfn/src/commands/SendTaskFailureCommand.ts index 5119cb39c97b..5470c0d8cd14 100644 --- a/clients/client-sfn/src/commands/SendTaskFailureCommand.ts +++ b/clients/client-sfn/src/commands/SendTaskFailureCommand.ts @@ -34,6 +34,8 @@ export interface SendTaskFailureCommandOutput extends SendTaskFailureOutput, __M /** *

Used by activity workers, Task states using the callback * pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.

+ *

For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.

+ *

A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -60,6 +62,15 @@ export interface SendTaskFailureCommandOutput extends SendTaskFailureOutput, __M * @throws {@link InvalidToken} (client fault) *

The provided token is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link TaskDoesNotExist} (client fault) *

The activity does not exist.

* diff --git a/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts b/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts index 40c6500723d9..5ca1607ff210 100644 --- a/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts +++ b/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts @@ -63,6 +63,15 @@ export interface SendTaskSuccessCommandOutput extends SendTaskSuccessOutput, __M * @throws {@link InvalidToken} (client fault) *

The provided token is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link TaskDoesNotExist} (client fault) *

The activity does not exist.

* diff --git a/clients/client-sfn/src/commands/StartExecutionCommand.ts b/clients/client-sfn/src/commands/StartExecutionCommand.ts index 717eb253ae7b..3abf3191eafa 100644 --- a/clients/client-sfn/src/commands/StartExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StartExecutionCommand.ts @@ -118,6 +118,15 @@ export interface StartExecutionCommandOutput extends StartExecutionOutput, __Met * @throws {@link InvalidName} (client fault) *

The provided name is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link StateMachineDeleting} (client fault) *

The specified state machine is being deleted.

* diff --git a/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts b/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts index b85b3378b9d9..54bde390861f 100644 --- a/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts @@ -57,6 +57,7 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu * name: "STRING_VALUE", * input: "STRING_VALUE", * traceHeader: "STRING_VALUE", + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new StartSyncExecutionCommand(input); * const response = await client.send(command); @@ -101,6 +102,15 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu * @throws {@link InvalidName} (client fault) *

The provided name is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link StateMachineDeleting} (client fault) *

The specified state machine is being deleted.

* @@ -108,7 +118,7 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu *

The specified state machine does not exist.

* * @throws {@link StateMachineTypeNotSupported} (client fault) - *

+ *

State machine type is not supported.

* * @throws {@link SFNServiceException} *

Base exception class for all service exceptions from SFN service.

diff --git a/clients/client-sfn/src/commands/StopExecutionCommand.ts b/clients/client-sfn/src/commands/StopExecutionCommand.ts index 59cfd82a5946..63858b1fb47b 100644 --- a/clients/client-sfn/src/commands/StopExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StopExecutionCommand.ts @@ -30,6 +30,8 @@ export interface StopExecutionCommandOutput extends StopExecutionOutput, __Metad /** *

Stops an execution.

*

This API action is not supported by EXPRESS state machines.

+ *

For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.

+ *

A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.

* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript @@ -61,6 +63,15 @@ export interface StopExecutionCommandOutput extends StopExecutionOutput, __Metad * @throws {@link InvalidArn} (client fault) *

The provided Amazon Resource Name (ARN) is not valid.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsInvalidStateException} (client fault) + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link ValidationException} (client fault) *

The input does not satisfy the constraints specified by an Amazon Web Services service.

* diff --git a/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts b/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts index f0531c60e96f..6b74675ccdf0 100644 --- a/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts +++ b/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts @@ -33,7 +33,7 @@ export interface UpdateStateMachineCommandOutput extends UpdateStateMachineOutpu /** *

Updates an existing state machine by modifying its definition, - * roleArn, or loggingConfiguration. Running executions will continue + * roleArn, loggingConfiguration, or EncryptionConfiguration. Running executions will continue * to use the previous definition and roleArn. You must include at * least one of definition or roleArn or you will receive a * MissingRequiredParameter error.

@@ -104,6 +104,11 @@ export interface UpdateStateMachineCommandOutput extends UpdateStateMachineOutpu * }, * publish: true || false, * versionDescription: "STRING_VALUE", + * encryptionConfiguration: { // EncryptionConfiguration + * kmsKeyId: "STRING_VALUE", + * kmsDataKeyReusePeriodSeconds: Number("int"), + * type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * }, * }; * const command = new UpdateStateMachineCommand(input); * const response = await client.send(command); @@ -131,13 +136,22 @@ export interface UpdateStateMachineCommandOutput extends UpdateStateMachineOutpu * @throws {@link InvalidDefinition} (client fault) *

The provided Amazon States Language definition is not valid.

* + * @throws {@link InvalidEncryptionConfiguration} (client fault) + *

Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.

+ * * @throws {@link InvalidLoggingConfiguration} (client fault) - *

+ *

Configuration is not valid.

* * @throws {@link InvalidTracingConfiguration} (client fault) *

Your tracingConfiguration key does not match, or enabled has not * been set to true or false.

* + * @throws {@link KmsAccessDeniedException} (client fault) + *

Either your KMS key policy or API caller does not have the required permissions.

+ * + * @throws {@link KmsThrottlingException} (client fault) + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * * @throws {@link MissingRequiredParameter} (client fault) *

Request is missing a required parameter. This error occurs if both definition * and roleArn are not specified.

diff --git a/clients/client-sfn/src/index.ts b/clients/client-sfn/src/index.ts index f1ce873398ec..6536672372d5 100644 --- a/clients/client-sfn/src/index.ts +++ b/clients/client-sfn/src/index.ts @@ -2,7 +2,7 @@ /* eslint-disable */ /** * Step Functions - *

Step Functions is a service that lets you coordinate the components of distributed applications + *

Step Functions coordinates the components of distributed applications * and microservices using visual workflows.

*

You can use Step Functions to build applications from individual components, each of which performs * a discrete function, or task, allowing you to scale and change diff --git a/clients/client-sfn/src/models/models_0.ts b/clients/client-sfn/src/models/models_0.ts index e17c61f3625c..033536bf4856 100644 --- a/clients/client-sfn/src/models/models_0.ts +++ b/clients/client-sfn/src/models/models_0.ts @@ -3,6 +3,26 @@ import { ExceptionOptionType as __ExceptionOptionType, SENSITIVE_STRING } from " import { SFNServiceException as __BaseException } from "./SFNServiceException"; +/** + *

Activity already exists. EncryptionConfiguration may not be updated.

+ * @public + */ +export class ActivityAlreadyExists extends __BaseException { + readonly name: "ActivityAlreadyExists" = "ActivityAlreadyExists"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "ActivityAlreadyExists", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, ActivityAlreadyExists.prototype); + } +} + /** *

The specified activity does not exist.

* @public @@ -247,6 +267,52 @@ export class ActivityWorkerLimitExceeded extends __BaseException { } } +/** + * @public + * @enum + */ +export const EncryptionType = { + AWS_OWNED_KEY: "AWS_OWNED_KEY", + CUSTOMER_MANAGED_KMS_KEY: "CUSTOMER_MANAGED_KMS_KEY", +} as const; + +/** + * @public + */ +export type EncryptionType = (typeof EncryptionType)[keyof typeof EncryptionType]; + +/** + *

Settings to configure server-side encryption.

+ *

+ * For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity. + *

+ * + *

Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see Key Management Service pricing.

+ * + *

For more information on KMS, see What is Key Management Service? + *

+ * @public + */ +export interface EncryptionConfiguration { + /** + *

An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

+ * @public + */ + kmsKeyId?: string; + + /** + *

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

+ * @public + */ + kmsDataKeyReusePeriodSeconds?: number; + + /** + *

Encryption type

+ * @public + */ + type: EncryptionType | undefined; +} + /** *

Tags are key-value pairs that can be associated with Step Functions state machines and * activities.

@@ -315,6 +381,12 @@ export interface CreateActivityInput { * @public */ tags?: Tag[]; + + /** + *

Settings to configure server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -334,6 +406,26 @@ export interface CreateActivityOutput { creationDate: Date | undefined; } +/** + *

Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.

+ * @public + */ +export class InvalidEncryptionConfiguration extends __BaseException { + readonly name: "InvalidEncryptionConfiguration" = "InvalidEncryptionConfiguration"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "InvalidEncryptionConfiguration", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, InvalidEncryptionConfiguration.prototype); + } +} + /** *

The provided name is not valid.

* @public @@ -354,6 +446,46 @@ export class InvalidName extends __BaseException { } } +/** + *

Either your KMS key policy or API caller does not have the required permissions.

+ * @public + */ +export class KmsAccessDeniedException extends __BaseException { + readonly name: "KmsAccessDeniedException" = "KmsAccessDeniedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "KmsAccessDeniedException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, KmsAccessDeniedException.prototype); + } +} + +/** + *

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

+ * @public + */ +export class KmsThrottlingException extends __BaseException { + readonly name: "KmsThrottlingException" = "KmsThrottlingException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "KmsThrottlingException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, KmsThrottlingException.prototype); + } +} + /** *

You've exceeded the number of tags allowed for a resource. See the Limits Topic in the * Step Functions Developer Guide.

@@ -586,6 +718,12 @@ export interface CreateStateMachineInput { * @public */ versionDescription?: string; + + /** + *

Settings to configure server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -652,7 +790,7 @@ export class InvalidDefinition extends __BaseException { } /** - *

+ *

Configuration is not valid.

* @public */ export class InvalidLoggingConfiguration extends __BaseException { @@ -755,7 +893,7 @@ export class StateMachineLimitExceeded extends __BaseException { } /** - *

+ *

State machine type is not supported.

* @public */ export class StateMachineTypeNotSupported extends __BaseException { @@ -832,9 +970,8 @@ export interface RoutingConfigurationListItem { stateMachineVersionArn: string | undefined; /** - *

The percentage of traffic you want to route to a state machine - * version. The sum of the weights in the routing - * configuration must be equal to 100.

+ *

The percentage of traffic you want to route to a state machine version. The sum of the + * weights in the routing configuration must be equal to 100.

* @public */ weight: number | undefined; @@ -1046,8 +1183,28 @@ export interface DescribeActivityOutput { * @public */ creationDate: Date | undefined; + + /** + *

Settings for configured server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } +/** + * @public + * @enum + */ +export const IncludedData = { + ALL_DATA: "ALL_DATA", + METADATA_ONLY: "METADATA_ONLY", +} as const; + +/** + * @public + */ +export type IncludedData = (typeof IncludedData)[keyof typeof IncludedData]; + /** * @public */ @@ -1057,6 +1214,12 @@ export interface DescribeExecutionInput { * @public */ executionArn: string | undefined; + + /** + *

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

+ * @public + */ + includedData?: IncludedData; } /** @@ -1331,6 +1494,50 @@ export class ExecutionDoesNotExist extends __BaseException { } } +/** + * @public + * @enum + */ +export const KmsKeyState = { + CREATING: "CREATING", + DISABLED: "DISABLED", + PENDING_DELETION: "PENDING_DELETION", + PENDING_IMPORT: "PENDING_IMPORT", + UNAVAILABLE: "UNAVAILABLE", +} as const; + +/** + * @public + */ +export type KmsKeyState = (typeof KmsKeyState)[keyof typeof KmsKeyState]; + +/** + *

The KMS key is not in valid state, for example: Disabled or Deleted.

+ * @public + */ +export class KmsInvalidStateException extends __BaseException { + readonly name: "KmsInvalidStateException" = "KmsInvalidStateException"; + readonly $fault: "client" = "client"; + /** + *

Current status of the KMS; key. For example: DISABLED, PENDING_DELETION, PENDING_IMPORT, UNAVAILABLE, CREATING.

+ * @public + */ + kmsKeyState?: KmsKeyState; + + /** + * @internal + */ + constructor(opts: __ExceptionOptionType) { + super({ + name: "KmsInvalidStateException", + $fault: "client", + ...opts, + }); + Object.setPrototypeOf(this, KmsInvalidStateException.prototype); + this.kmsKeyState = opts.kmsKeyState; + } +} + /** * @public */ @@ -1577,6 +1784,17 @@ export interface DescribeStateMachineInput { * @public */ stateMachineArn: string | undefined; + + /** + *

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

+ * + *

+ * When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt permission. + *

+ * + * @public + */ + includedData?: IncludedData; } /** @@ -1640,6 +1858,7 @@ export interface DescribeStateMachineOutput { /** *

The Amazon States Language definition of the state machine. See Amazon States Language.

+ *

If called with includedData = METADATA_ONLY, the returned definition will be \{\}.

* @public */ definition: string | undefined; @@ -1698,6 +1917,12 @@ export interface DescribeStateMachineOutput { * @public */ description?: string; + + /** + *

Settings to configure server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -1782,6 +2007,12 @@ export interface DescribeStateMachineForExecutionInput { * @public */ executionArn: string | undefined; + + /** + *

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

+ * @public + */ + includedData?: IncludedData; } /** @@ -1850,6 +2081,12 @@ export interface DescribeStateMachineForExecutionOutput { * @public */ revisionId?: string; + + /** + *

Settings to configure server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -3817,8 +4054,7 @@ export interface StartExecutionInput { stateMachineArn: string | undefined; /** - *

Optional name of the execution. - * This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, + *

Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, * see * Limits Related to State Machine Executions in the Step Functions Developer Guide.

*

If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.

@@ -3925,6 +4161,12 @@ export interface StartSyncExecutionInput { * @public */ traceHeader?: string; + + /** + *

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

+ * @public + */ + includedData?: IncludedData; } /** @@ -4487,6 +4729,12 @@ export interface UpdateStateMachineInput { * @public */ versionDescription?: string; + + /** + *

Settings to configure server-side encryption.

+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** diff --git a/clients/client-sfn/src/protocols/Aws_json1_0.ts b/clients/client-sfn/src/protocols/Aws_json1_0.ts index 8dc44bf233e6..0007998727f3 100644 --- a/clients/client-sfn/src/protocols/Aws_json1_0.ts +++ b/clients/client-sfn/src/protocols/Aws_json1_0.ts @@ -105,6 +105,7 @@ import { ValidateStateMachineDefinitionCommandOutput, } from "../commands/ValidateStateMachineDefinitionCommand"; import { + ActivityAlreadyExists, ActivityDoesNotExist, ActivityLimitExceeded, ActivityListItem, @@ -133,6 +134,7 @@ import { DescribeStateMachineForExecutionOutput, DescribeStateMachineInput, DescribeStateMachineOutput, + EncryptionConfiguration, ExecutionAlreadyExists, ExecutionDoesNotExist, ExecutionLimitExceeded, @@ -144,12 +146,16 @@ import { HistoryEvent, InvalidArn, InvalidDefinition, + InvalidEncryptionConfiguration, InvalidExecutionInput, InvalidLoggingConfiguration, InvalidName, InvalidOutput, InvalidToken, InvalidTracingConfiguration, + KmsAccessDeniedException, + KmsInvalidStateException, + KmsThrottlingException, ListActivitiesInput, ListActivitiesOutput, ListExecutionsInput, @@ -1454,12 +1460,24 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): }; const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); switch (errorCode) { + case "ActivityAlreadyExists": + case "com.amazonaws.sfn#ActivityAlreadyExists": + throw await de_ActivityAlreadyExistsRes(parsedOutput, context); case "ActivityLimitExceeded": case "com.amazonaws.sfn#ActivityLimitExceeded": throw await de_ActivityLimitExceededRes(parsedOutput, context); + case "InvalidEncryptionConfiguration": + case "com.amazonaws.sfn#InvalidEncryptionConfiguration": + throw await de_InvalidEncryptionConfigurationRes(parsedOutput, context); case "InvalidName": case "com.amazonaws.sfn#InvalidName": throw await de_InvalidNameRes(parsedOutput, context); + case "KmsAccessDeniedException": + case "com.amazonaws.sfn#KmsAccessDeniedException": + throw await de_KmsAccessDeniedExceptionRes(parsedOutput, context); + case "KmsThrottlingException": + case "com.amazonaws.sfn#KmsThrottlingException": + throw await de_KmsThrottlingExceptionRes(parsedOutput, context); case "TooManyTags": case "com.amazonaws.sfn#TooManyTags": throw await de_TooManyTagsRes(parsedOutput, context); @@ -1505,6 +1523,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): case "ExecutionDoesNotExist": case "com.amazonaws.sfn#ExecutionDoesNotExist": throw await de_ExecutionDoesNotExistRes(parsedOutput, context); + case "KmsInvalidStateException": + case "com.amazonaws.sfn#KmsInvalidStateException": + throw await de_KmsInvalidStateExceptionRes(parsedOutput, context); case "StateMachineDoesNotExist": case "com.amazonaws.sfn#StateMachineDoesNotExist": throw await de_StateMachineDoesNotExistRes(parsedOutput, context); @@ -1548,6 +1569,22 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): } }; +/** + * deserializeAws_json1_0ActivityAlreadyExistsRes + */ +const de_ActivityAlreadyExistsRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new ActivityAlreadyExists({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + /** * deserializeAws_json1_0ActivityDoesNotExistRes */ @@ -1699,6 +1736,22 @@ const de_InvalidDefinitionRes = async (parsedOutput: any, context: __SerdeContex return __decorateServiceException(exception, body); }; +/** + * deserializeAws_json1_0InvalidEncryptionConfigurationRes + */ +const de_InvalidEncryptionConfigurationRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new InvalidEncryptionConfiguration({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + /** * deserializeAws_json1_0InvalidExecutionInputRes */ @@ -1786,6 +1839,54 @@ const de_InvalidTracingConfigurationRes = async ( return __decorateServiceException(exception, body); }; +/** + * deserializeAws_json1_0KmsAccessDeniedExceptionRes + */ +const de_KmsAccessDeniedExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new KmsAccessDeniedException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + +/** + * deserializeAws_json1_0KmsInvalidStateExceptionRes + */ +const de_KmsInvalidStateExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new KmsInvalidStateException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + +/** + * deserializeAws_json1_0KmsThrottlingExceptionRes + */ +const de_KmsThrottlingExceptionRes = async ( + parsedOutput: any, + context: __SerdeContext +): Promise => { + const body = parsedOutput.body; + const deserialized: any = _json(body); + const exception = new KmsThrottlingException({ + $metadata: deserializeMetadata(parsedOutput), + ...deserialized, + }); + return __decorateServiceException(exception, body); +}; + /** * deserializeAws_json1_0MissingRequiredParameterRes */ @@ -1991,6 +2092,8 @@ const de_ValidationExceptionRes = async (parsedOutput: any, context: __SerdeCont // se_DescribeStateMachineInput omitted. +// se_EncryptionConfiguration omitted. + // se_GetActivityTaskInput omitted. // se_GetExecutionHistoryInput omitted. @@ -2075,6 +2178,8 @@ const se_UpdateMapRunInput = (input: UpdateMapRunInput, context: __SerdeContext) // se_ValidateStateMachineDefinitionInput omitted. +// de_ActivityAlreadyExists omitted. + // de_ActivityDoesNotExist omitted. // de_ActivityFailedEventDetails omitted. @@ -2170,6 +2275,7 @@ const de_DescribeActivityOutput = (output: any, context: __SerdeContext): Descri return take(output, { activityArn: __expectString, creationDate: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), + encryptionConfiguration: _json, name: __expectString, }) as any; }; @@ -2245,6 +2351,7 @@ const de_DescribeStateMachineForExecutionOutput = ( ): DescribeStateMachineForExecutionOutput => { return take(output, { definition: __expectString, + encryptionConfiguration: _json, label: __expectString, loggingConfiguration: _json, mapRunArn: __expectString, @@ -2265,6 +2372,7 @@ const de_DescribeStateMachineOutput = (output: any, context: __SerdeContext): De creationDate: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), definition: __expectString, description: __expectString, + encryptionConfiguration: _json, label: __expectString, loggingConfiguration: _json, name: __expectString, @@ -2277,6 +2385,8 @@ const de_DescribeStateMachineOutput = (output: any, context: __SerdeContext): De }) as any; }; +// de_EncryptionConfiguration omitted. + // de_ExecutionAbortedEventDetails omitted. // de_ExecutionAlreadyExists omitted. @@ -2413,6 +2523,8 @@ const de_HistoryEventList = (output: any, context: __SerdeContext): HistoryEvent // de_InvalidDefinition omitted. +// de_InvalidEncryptionConfiguration omitted. + // de_InvalidExecutionInput omitted. // de_InvalidLoggingConfiguration omitted. @@ -2425,6 +2537,12 @@ const de_HistoryEventList = (output: any, context: __SerdeContext): HistoryEvent // de_InvalidTracingConfiguration omitted. +// de_KmsAccessDeniedException omitted. + +// de_KmsInvalidStateException omitted. + +// de_KmsThrottlingException omitted. + // de_LambdaFunctionFailedEventDetails omitted. // de_LambdaFunctionScheduledEventDetails omitted. diff --git a/codegen/sdk-codegen/aws-models/sfn.json b/codegen/sdk-codegen/aws-models/sfn.json index 82247fb2aa2d..66c64e979651 100644 --- a/codegen/sdk-codegen/aws-models/sfn.json +++ b/codegen/sdk-codegen/aws-models/sfn.json @@ -158,7 +158,7 @@ "name": "states" }, "aws.protocols#awsJson1_0": {}, - "smithy.api#documentation": "Step Functions\n

Step Functions is a service that lets you coordinate the components of distributed applications\n and microservices using visual workflows.

\n

You can use Step Functions to build applications from individual components, each of which performs\n a discrete function, or task, allowing you to scale and change\n applications quickly. Step Functions provides a console that helps visualize the components of your\n application as a series of steps. Step Functions automatically triggers and tracks each step, and\n retries steps when there are errors, so your application executes predictably and in the right\n order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any\n issues.

\n

Step Functions manages operations and underlying infrastructure to ensure your application is\n available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has\n access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API.\n For more information about Step Functions, see the \n Step Functions Developer Guide\n .

\n \n

If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.

\n ", + "smithy.api#documentation": "Step Functions\n

Step Functions coordinates the components of distributed applications\n and microservices using visual workflows.

\n

You can use Step Functions to build applications from individual components, each of which performs\n a discrete function, or task, allowing you to scale and change\n applications quickly. Step Functions provides a console that helps visualize the components of your\n application as a series of steps. Step Functions automatically triggers and tracks each step, and\n retries steps when there are errors, so your application executes predictably and in the right\n order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any\n issues.

\n

Step Functions manages operations and underlying infrastructure to ensure your application is\n available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has\n access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API.\n For more information about Step Functions, see the \n Step Functions Developer Guide\n .

\n \n

If you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution and specify its parameter as StateMachineArn.

\n ", "smithy.api#title": "AWS Step Functions", "smithy.api#xmlNamespace": { "uri": "http://swf.amazonaws.com/doc/2015-07-20/" @@ -1176,6 +1176,18 @@ } } }, + "com.amazonaws.sfn#ActivityAlreadyExists": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

Activity already exists. EncryptionConfiguration may not be updated.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.sfn#ActivityDoesNotExist": { "type": "structure", "members": { @@ -1522,12 +1534,24 @@ "target": "com.amazonaws.sfn#CreateActivityOutput" }, "errors": [ + { + "target": "com.amazonaws.sfn#ActivityAlreadyExists" + }, { "target": "com.amazonaws.sfn#ActivityLimitExceeded" }, + { + "target": "com.amazonaws.sfn#InvalidEncryptionConfiguration" + }, { "target": "com.amazonaws.sfn#InvalidName" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#TooManyTags" } @@ -1552,6 +1576,12 @@ "traits": { "smithy.api#documentation": "

The list of tags to add to a resource.

\n

An array of key-value pairs. For more information, see Using\n Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User\n Guide, and Controlling Access Using IAM\n Tags.

\n

Tags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @.

" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

" + } } }, "traits": { @@ -1598,6 +1628,9 @@ { "target": "com.amazonaws.sfn#InvalidDefinition" }, + { + "target": "com.amazonaws.sfn#InvalidEncryptionConfiguration" + }, { "target": "com.amazonaws.sfn#InvalidLoggingConfiguration" }, @@ -1607,6 +1640,12 @@ { "target": "com.amazonaws.sfn#InvalidTracingConfiguration" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineAlreadyExists" }, @@ -1627,7 +1666,7 @@ } ], "traits": { - "smithy.api#documentation": "

Creates a state machine. A state machine consists of a collection of states that can do\n work (Task states), determine to which states to transition next\n (Choice states), stop an execution with an error (Fail states),\n and so on. State machines are specified using a JSON-based, structured language. For more\n information, see Amazon States\n Language in the Step Functions User Guide.

\n

If you set the publish parameter of this API action to true, it\n publishes version 1 as the first revision of the state machine.

\n \n

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

\n \n \n

\n CreateStateMachine is an idempotent API. Subsequent requests won’t create a\n duplicate resource if it was already created. CreateStateMachine's idempotency\n check is based on the state machine name, definition,\n type, LoggingConfiguration, and\n TracingConfiguration. The check is also based on the publish and versionDescription parameters. If a following request has a different\n roleArn or tags, Step Functions will ignore these differences and treat\n it as an idempotent request of the previous. In this case, roleArn and\n tags will not be updated, even if they are different.

\n ", + "smithy.api#documentation": "

Creates a state machine. A state machine consists of a collection of states that can do\n work (Task states), determine to which states to transition next\n (Choice states), stop an execution with an error (Fail states),\n and so on. State machines are specified using a JSON-based, structured language. For more\n information, see Amazon States\n Language in the Step Functions User Guide.

\n

If you set the publish parameter of this API action to true, it\n publishes version 1 as the first revision of the state machine.

\n

\n For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine.\n

\n \n

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

\n \n \n

\n CreateStateMachine is an idempotent API. Subsequent requests won’t create a\n duplicate resource if it was already created. CreateStateMachine's idempotency\n check is based on the state machine name, definition,\n type, LoggingConfiguration,\n TracingConfiguration, and EncryptionConfiguration The check is also based on the publish and versionDescription parameters. If a following request has a different\n roleArn or tags, Step Functions will ignore these differences and treat\n it as an idempotent request of the previous. In this case, roleArn and\n tags will not be updated, even if they are different.

\n ", "smithy.api#idempotent": {} } }, @@ -1776,6 +1815,12 @@ "traits": { "smithy.api#documentation": "

Sets description about the state machine version. You can only set the description if the publish parameter is set to true. Otherwise, if you set versionDescription, but publish to false, this API action throws ValidationException.

" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

" + } } }, "traits": { @@ -1969,7 +2014,7 @@ } ], "traits": { - "smithy.api#documentation": "

Deletes a state machine version. After\n you delete a version, you can't call StartExecution using that version's ARN\n or use\n the\n version with a state machine alias.

\n \n

Deleting a state machine version won't terminate its in-progress executions.

\n \n \n

You can't delete a state machine version currently referenced by one or more aliases. Before you delete a version, you must either delete the aliases or update them to point to another state machine version.

\n \n

\n Related operations:\n

\n " + "smithy.api#documentation": "

Deletes a state machine version. After\n you delete a version, you can't call StartExecution using that version's ARN\n or use the version with a state machine alias.

\n \n

Deleting a state machine version won't terminate its in-progress executions.

\n \n \n

You can't delete a state machine version currently referenced by one or more aliases. Before you delete a version, you must either delete the aliases or update them to point to another state machine version.

\n \n

\n Related operations:\n

\n " } }, "com.amazonaws.sfn#DeleteStateMachineVersionInput": { @@ -2052,6 +2097,12 @@ "smithy.api#documentation": "

The date the activity is created.

", "smithy.api#required": {} } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings for configured server-side encryption.

" + } } }, "traits": { @@ -2072,6 +2123,15 @@ }, { "target": "com.amazonaws.sfn#InvalidArn" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -2087,6 +2147,12 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the execution to describe.

", "smithy.api#required": {} } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

" + } } }, "traits": { @@ -2358,6 +2424,15 @@ { "target": "com.amazonaws.sfn#InvalidArn" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineDoesNotExist" } @@ -2462,10 +2537,19 @@ }, { "target": "com.amazonaws.sfn#InvalidArn" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { - "smithy.api#documentation": "

Provides information about a state machine's definition, its execution role ARN, and\n configuration. If a Map Run dispatched the execution, this action returns the Map Run\n Amazon Resource Name (ARN) in the response.\n The\n state machine returned is the state machine associated with the\n Map Run.

\n \n

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

\n \n

This API action is not supported by EXPRESS state machines.

" + "smithy.api#documentation": "

Provides information about a state machine's definition, its execution role ARN, and\n configuration. If a Map Run dispatched the execution, this action returns the Map Run\n Amazon Resource Name (ARN) in the response. The state machine returned is the state machine associated with the\n Map Run.

\n \n

This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.

\n \n

This API action is not supported by EXPRESS state machines.

" } }, "com.amazonaws.sfn#DescribeStateMachineForExecutionInput": { @@ -2477,6 +2561,12 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the execution you want state machine information for.

", "smithy.api#required": {} } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

" + } } }, "traits": { @@ -2547,6 +2637,12 @@ "traits": { "smithy.api#documentation": "

The revision identifier for the state machine. The first revision ID when you create the state machine is null.

\n

Use the state machine revisionId parameter to compare the revision of a state machine with the configuration of the state machine used for executions without performing a diff of the properties, such as definition and roleArn.

" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

" + } } }, "traits": { @@ -2562,6 +2658,12 @@ "smithy.api#documentation": "

The Amazon Resource Name (ARN) of the state machine for which you want the information.

\n

If you specify a state machine version ARN, this API returns details about that version. The version ARN is a combination of state machine ARN and the version number separated by a colon (:). For example, stateMachineARN:1.

", "smithy.api#required": {} } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

\n \n

\n When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt permission.\n

\n " + } } }, "traits": { @@ -2594,7 +2696,7 @@ "definition": { "target": "com.amazonaws.sfn#Definition", "traits": { - "smithy.api#documentation": "

The Amazon States Language definition of the state machine. See Amazon States Language.

", + "smithy.api#documentation": "

The Amazon States Language definition of the state machine. See Amazon States Language.

\n

If called with includedData = METADATA_ONLY, the returned definition will be {}.

", "smithy.api#required": {} } }, @@ -2645,6 +2747,12 @@ "traits": { "smithy.api#documentation": "

The description of the state machine version.

" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

" + } } }, "traits": { @@ -2657,6 +2765,50 @@ "smithy.api#default": false } }, + "com.amazonaws.sfn#EncryptionConfiguration": { + "type": "structure", + "members": { + "kmsKeyId": { + "target": "com.amazonaws.sfn#KmsKeyId", + "traits": { + "smithy.api#documentation": "

An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

" + } + }, + "kmsDataKeyReusePeriodSeconds": { + "target": "com.amazonaws.sfn#KmsDataKeyReusePeriodSeconds", + "traits": { + "smithy.api#documentation": "

Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey. Only applies to customer managed keys.

" + } + }, + "type": { + "target": "com.amazonaws.sfn#EncryptionType", + "traits": { + "smithy.api#documentation": "

Encryption type

", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

\n

\n For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity.\n

\n \n

Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see Key Management Service pricing.

\n \n

For more information on KMS, see What is Key Management Service?\n

" + } + }, + "com.amazonaws.sfn#EncryptionType": { + "type": "enum", + "members": { + "AWS_OWNED_KEY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_OWNED_KEY" + } + }, + "CUSTOMER_MANAGED_KMS_KEY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CUSTOMER_MANAGED_KMS_KEY" + } + } + } + }, "com.amazonaws.sfn#ErrorMessage": { "type": "string" }, @@ -3036,6 +3188,15 @@ }, { "target": "com.amazonaws.sfn#InvalidArn" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -3100,6 +3261,15 @@ }, { "target": "com.amazonaws.sfn#InvalidToken" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -3810,6 +3980,23 @@ "com.amazonaws.sfn#IncludeExecutionDataGetExecutionHistory": { "type": "boolean" }, + "com.amazonaws.sfn#IncludedData": { + "type": "enum", + "members": { + "ALL_DATA": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ALL_DATA" + } + }, + "METADATA_ONLY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "METADATA_ONLY" + } + } + } + }, "com.amazonaws.sfn#InspectionData": { "type": "structure", "members": { @@ -3990,6 +4177,18 @@ "smithy.api#error": "client" } }, + "com.amazonaws.sfn#InvalidEncryptionConfiguration": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

Received when encryptionConfiguration is specified but various conditions exist which make the configuration invalid. For example, if type is set to CUSTOMER_MANAGED_KMS_KEY, but kmsKeyId is null, or kmsDataKeyReusePeriodSeconds is not between 60 and 900, or the KMS key is not symmetric or inactive.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.sfn#InvalidExecutionInput": { "type": "structure", "members": { @@ -4010,7 +4209,7 @@ } }, "traits": { - "smithy.api#documentation": "

", + "smithy.api#documentation": "

Configuration is not valid.

", "smithy.api#error": "client" } }, @@ -4062,6 +4261,101 @@ "smithy.api#error": "client" } }, + "com.amazonaws.sfn#KmsAccessDeniedException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

Either your KMS key policy or API caller does not have the required permissions.

", + "smithy.api#error": "client" + } + }, + "com.amazonaws.sfn#KmsDataKeyReusePeriodSeconds": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 60, + "max": 900 + } + } + }, + "com.amazonaws.sfn#KmsInvalidStateException": { + "type": "structure", + "members": { + "kmsKeyState": { + "target": "com.amazonaws.sfn#KmsKeyState", + "traits": { + "smithy.api#documentation": "

Current status of the KMS; key. For example: DISABLED, PENDING_DELETION, PENDING_IMPORT, UNAVAILABLE, CREATING.

" + } + }, + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

The KMS key is not in valid state, for example: Disabled or Deleted.

", + "smithy.api#error": "client" + } + }, + "com.amazonaws.sfn#KmsKeyId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 2048 + } + } + }, + "com.amazonaws.sfn#KmsKeyState": { + "type": "enum", + "members": { + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + }, + "PENDING_DELETION": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING_DELETION" + } + }, + "PENDING_IMPORT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING_IMPORT" + } + }, + "UNAVAILABLE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNAVAILABLE" + } + }, + "CREATING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CREATING" + } + } + } + }, + "com.amazonaws.sfn#KmsThrottlingException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "

Received when KMS returns ThrottlingException for a KMS call that Step Functions makes on behalf of the caller.

", + "smithy.api#error": "client" + } + }, "com.amazonaws.sfn#LambdaFunctionFailedEventDetails": { "type": "structure", "members": { @@ -5424,7 +5718,7 @@ "target": "com.amazonaws.sfn#VersionWeight", "traits": { "smithy.api#default": 0, - "smithy.api#documentation": "

The percentage of traffic you want to route to a state machine\n version. The sum of the weights in the routing\n configuration must be equal to 100.

", + "smithy.api#documentation": "

The percentage of traffic you want to route to a state machine version. The sum of the\n weights in the routing configuration must be equal to 100.

", "smithy.api#required": {} } } @@ -5445,6 +5739,15 @@ { "target": "com.amazonaws.sfn#InvalidToken" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#TaskDoesNotExist" }, @@ -5453,7 +5756,7 @@ } ], "traits": { - "smithy.api#documentation": "

Used by activity workers, Task states using the callback\n pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.

" + "smithy.api#documentation": "

Used by activity workers, Task states using the callback\n pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken failed.

\n

For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.

\n

A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.

" } }, "com.amazonaws.sfn#SendTaskFailureInput": { @@ -5550,6 +5853,15 @@ { "target": "com.amazonaws.sfn#InvalidToken" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#TaskDoesNotExist" }, @@ -5667,6 +5979,15 @@ { "target": "com.amazonaws.sfn#InvalidName" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineDeleting" }, @@ -5695,7 +6016,7 @@ "name": { "target": "com.amazonaws.sfn#Name", "traits": { - "smithy.api#documentation": "

Optional name of the execution.\n This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information,\n see \n Limits Related to State Machine Executions in the Step Functions Developer Guide.

\n

If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.

\n

A name must not contain:

\n
    \n
  • \n

    white space

    \n
    • \n
  • \n

    brackets < > { } [ ]\n

    \n
    • \n
  • \n

    wildcard characters ? *\n

    \n
    • \n
  • \n

    special characters \" # % \\ ^ | ~ ` $ & , ; : /\n

    \n
    • \n
  • \n

    control characters (U+0000-001F, U+007F-009F)

    \n
    • \n
\n

To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

" + "smithy.api#documentation": "

Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information,\n see \n Limits Related to State Machine Executions in the Step Functions Developer Guide.

\n

If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.

\n

A name must not contain:

\n
    \n
  • \n

    white space

    \n
    • \n
  • \n

    brackets < > { } [ ]\n

    \n
    • \n
  • \n

    wildcard characters ? *\n

    \n
    • \n
  • \n

    special characters \" # % \\ ^ | ~ ` $ & , ; : /\n

    \n
    • \n
  • \n

    control characters (U+0000-001F, U+007F-009F)

    \n
    • \n
\n

To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.

" } }, "input": { @@ -5755,6 +6076,15 @@ { "target": "com.amazonaws.sfn#InvalidName" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineDeleting" }, @@ -5799,6 +6129,12 @@ "traits": { "smithy.api#documentation": "

Passes the X-Ray trace header. The trace header can also be passed in the request\n payload.

" } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "

If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY to get a successful response without the encrypted definition.

" + } } }, "traits": { @@ -6109,7 +6445,7 @@ } }, "traits": { - "smithy.api#documentation": "

", + "smithy.api#documentation": "

State machine type is not supported.

", "smithy.api#error": "client" } }, @@ -6165,12 +6501,21 @@ { "target": "com.amazonaws.sfn#InvalidArn" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#ValidationException" } ], "traits": { - "smithy.api#documentation": "

Stops an execution.

\n

This API action is not supported by EXPRESS state machines.

" + "smithy.api#documentation": "

Stops an execution.

\n

This API action is not supported by EXPRESS state machines.

\n

For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.

\n

A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error and cause fields because no data needs to be encrypted.

" } }, "com.amazonaws.sfn#StopExecutionInput": { @@ -6665,7 +7010,7 @@ "traits": { "smithy.api#length": { "min": 1, - "max": 1024 + "max": 2048 } } }, @@ -7035,12 +7380,21 @@ { "target": "com.amazonaws.sfn#InvalidDefinition" }, + { + "target": "com.amazonaws.sfn#InvalidEncryptionConfiguration" + }, { "target": "com.amazonaws.sfn#InvalidLoggingConfiguration" }, { "target": "com.amazonaws.sfn#InvalidTracingConfiguration" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#MissingRequiredParameter" }, @@ -7058,7 +7412,7 @@ } ], "traits": { - "smithy.api#documentation": "

Updates an existing state machine by modifying its definition,\n roleArn, or loggingConfiguration. Running executions will continue\n to use the previous definition and roleArn. You must include at\n least one of definition or roleArn or you will receive a\n MissingRequiredParameter error.

\n

A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName.

\n

A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.

\n

The following are some examples of qualified and unqualified state machine ARNs:

\n
    \n
  • \n

    The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.

    \n

    \n arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel\n

    \n \n

    If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.

    \n     \n
    • \n
  • \n

    The following qualified state machine ARN refers to an alias named PROD.

    \n

    \n arn::states:::stateMachine:\n

    \n \n

    If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.

    \n     \n
    • \n
  • \n

    The following unqualified state machine ARN refers to a state machine named myStateMachine.

    \n

    \n arn::states:::stateMachine:\n

    \n
    • \n
\n

After you update your state machine, you can set the publish parameter to\n true in the same action to publish a new version. This\n way, you can opt-in to strict versioning of your state machine.

\n \n

Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.

\n \n \n

All StartExecution calls within a few seconds use the updated\n definition and roleArn. Executions started immediately after you\n call UpdateStateMachine may use the previous state machine\n definition and roleArn.

\n ", + "smithy.api#documentation": "

Updates an existing state machine by modifying its definition,\n roleArn, loggingConfiguration, or EncryptionConfiguration. Running executions will continue\n to use the previous definition and roleArn. You must include at\n least one of definition or roleArn or you will receive a\n MissingRequiredParameter error.

\n

A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel refers to a Distributed Map state with a label mapStateLabel in the state machine named stateMachineName.

\n

A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.

\n

The following are some examples of qualified and unqualified state machine ARNs:

\n
    \n
  • \n

    The following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel in a state machine named myStateMachine.

    \n

    \n arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel\n

    \n \n

    If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException.

    \n     \n
    • \n
  • \n

    The following qualified state machine ARN refers to an alias named PROD.

    \n

    \n arn::states:::stateMachine:\n

    \n \n

    If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.

    \n     \n
    • \n
  • \n

    The following unqualified state machine ARN refers to a state machine named myStateMachine.

    \n

    \n arn::states:::stateMachine:\n

    \n
    • \n
\n

After you update your state machine, you can set the publish parameter to\n true in the same action to publish a new version. This\n way, you can opt-in to strict versioning of your state machine.

\n \n

Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.

\n \n \n

All StartExecution calls within a few seconds use the updated\n definition and roleArn. Executions started immediately after you\n call UpdateStateMachine may use the previous state machine\n definition and roleArn.

\n ", "smithy.api#idempotent": {} } }, @@ -7179,6 +7533,12 @@ "traits": { "smithy.api#documentation": "

An optional description of the state machine version to publish.

\n

You can only specify the versionDescription parameter if you've set publish to true.

" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "

Settings to configure server-side encryption.

" + } } }, "traits": {