From 895cc687003d4a27d231595a05f6e59fbfe17a57 Mon Sep 17 00:00:00 2001
From: awstools Step Functions is a service that lets you coordinate the components of distributed applications
+ Step Functions coordinates the components of distributed applications
and microservices using visual workflows. You can use Step Functions to build applications from individual components, each of which performs
a discrete function, or task, allowing you to scale and change
diff --git a/clients/client-sfn/src/SFN.ts b/clients/client-sfn/src/SFN.ts
index 42d5c3d9d870..2372f7ba0f1a 100644
--- a/clients/client-sfn/src/SFN.ts
+++ b/clients/client-sfn/src/SFN.ts
@@ -790,7 +790,7 @@ export interface SFN {
/**
* Step Functions is a service that lets you coordinate the components of distributed applications
+ * Step Functions coordinates the components of distributed applications
* and microservices using visual workflows. You can use Step Functions to build applications from individual components, each of which performs
* a discrete function, or task, allowing you to scale and change
diff --git a/clients/client-sfn/src/SFNClient.ts b/clients/client-sfn/src/SFNClient.ts
index f5f307e9cb0b..c55d71a6055f 100644
--- a/clients/client-sfn/src/SFNClient.ts
+++ b/clients/client-sfn/src/SFNClient.ts
@@ -397,7 +397,7 @@ export interface SFNClientResolvedConfig extends SFNClientResolvedConfigType {}
/**
* Step Functions is a service that lets you coordinate the components of distributed applications
+ * Step Functions coordinates the components of distributed applications
* and microservices using visual workflows. You can use Step Functions to build applications from individual components, each of which performs
* a discrete function, or task, allowing you to scale and change
diff --git a/clients/client-sfn/src/commands/CreateActivityCommand.ts b/clients/client-sfn/src/commands/CreateActivityCommand.ts
index c8011781aae5..e332ea78a3f9 100644
--- a/clients/client-sfn/src/commands/CreateActivityCommand.ts
+++ b/clients/client-sfn/src/commands/CreateActivityCommand.ts
@@ -59,6 +59,11 @@ export interface CreateActivityCommandOutput extends CreateActivityOutput, __Met
* value: "STRING_VALUE",
* },
* ],
+ * encryptionConfiguration: { // EncryptionConfiguration
+ * kmsKeyId: "STRING_VALUE",
+ * kmsDataKeyReusePeriodSeconds: Number("int"),
+ * type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required
+ * },
* };
* const command = new CreateActivityCommand(input);
* const response = await client.send(command);
@@ -75,13 +80,25 @@ export interface CreateActivityCommandOutput extends CreateActivityOutput, __Met
* @see {@link CreateActivityCommandOutput} for command's `response` shape.
* @see {@link SFNClientResolvedConfig | config} for SFNClient's `config` shape.
*
+ * @throws {@link ActivityAlreadyExists} (client fault)
+ * Activity already exists. The maximum number of activities has been reached. Existing activities must be deleted
* before a new activity can be created. Received when The provided name is not valid. Either your KMS key policy or API caller does not have the required permissions. Received when KMS returns You've exceeded the number of tags allowed for a resource. See the Limits Topic in the
* Step Functions Developer Guide.EncryptionConfiguration
may not be updated.encryptionConfiguration
is specified but various conditions exist which make the configuration invalid. For example, if type
is set to CUSTOMER_MANAGED_KMS_KEY
, but kmsKeyId
is null, or kmsDataKeyReusePeriodSeconds
is not between 60 and 900, or the KMS key is not symmetric or inactive.ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
If you set the publish
parameter of this API action to true
, it
* publishes version 1
as the first revision of the state machine.
+ * For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine. + *
*This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
*CreateStateMachine
is an idempotent API. Subsequent requests won’t create a
* duplicate resource if it was already created. CreateStateMachine
's idempotency
* check is based on the state machine name
, definition
,
- * type
, LoggingConfiguration
, and
- * TracingConfiguration
. The check is also based on the publish
and versionDescription
parameters. If a following request has a different
+ * type
, LoggingConfiguration
,
+ * TracingConfiguration
, and EncryptionConfiguration
The check is also based on the publish
and versionDescription
parameters. If a following request has a different
* roleArn
or tags
, Step Functions will ignore these differences and treat
* it as an idempotent request of the previous. In this case, roleArn
and
* tags
will not be updated, even if they are different.
@@ -87,6 +90,11 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu
* },
* publish: true || false,
* versionDescription: "STRING_VALUE",
+ * encryptionConfiguration: { // EncryptionConfiguration
+ * kmsKeyId: "STRING_VALUE",
+ * kmsDataKeyReusePeriodSeconds: Number("int"),
+ * type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required
+ * },
* };
* const command = new CreateStateMachineCommand(input);
* const response = await client.send(command);
@@ -114,8 +122,11 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu
* @throws {@link InvalidDefinition} (client fault)
* The provided Amazon States Language definition is not valid.
* + * @throws {@link InvalidEncryptionConfiguration} (client fault) + *Received when encryptionConfiguration
is specified but various conditions exist which make the configuration invalid. For example, if type
is set to CUSTOMER_MANAGED_KMS_KEY
, but kmsKeyId
is null, or kmsDataKeyReusePeriodSeconds
is not between 60 and 900, or the KMS key is not symmetric or inactive.
Configuration is not valid.
* * @throws {@link InvalidName} (client fault) *The provided name is not valid.
@@ -124,6 +135,12 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu *Your tracingConfiguration
key does not match, or enabled
has not
* been set to true
or false
.
Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
A state machine with the same name but a different definition or role ARN already * exists.
@@ -136,7 +153,7 @@ export interface CreateStateMachineCommandOutput extends CreateStateMachineOutpu * deleted before a new state machine can be created. * * @throws {@link StateMachineTypeNotSupported} (client fault) - * + *State machine type is not supported.
* * @throws {@link TooManyTags} (client fault) *You've exceeded the number of tags allowed for a resource. See the Limits Topic in the diff --git a/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts b/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts index aed9875be1e8..0763150a3831 100644 --- a/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts +++ b/clients/client-sfn/src/commands/DeleteStateMachineVersionCommand.ts @@ -30,9 +30,7 @@ export interface DeleteStateMachineVersionCommandOutput extends DeleteStateMachi /** *
Deletes a state machine version. After * you delete a version, you can't call StartExecution using that version's ARN - * or use - * the - * version with a state machine alias.
+ * or use the version with a state machine alias. *Deleting a state machine version won't terminate its in-progress executions.
*The provided Amazon Resource Name (ARN) is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
Base exception class for all service exceptions from SFN service.
* diff --git a/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts b/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts index 7c1c0f8c0d87..1a79a8a27e0f 100644 --- a/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts +++ b/clients/client-sfn/src/commands/DescribeStateMachineCommand.ts @@ -74,6 +74,7 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * const client = new SFNClient(config); * const input = { // DescribeStateMachineInput * stateMachineArn: "STRING_VALUE", // required + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new DescribeStateMachineCommand(input); * const response = await client.send(command); @@ -102,6 +103,11 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * // label: "STRING_VALUE", * // revisionId: "STRING_VALUE", * // description: "STRING_VALUE", + * // encryptionConfiguration: { // EncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // kmsDataKeyReusePeriodSeconds: Number("int"), + * // type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * // }, * // }; * * ``` @@ -115,6 +121,15 @@ export interface DescribeStateMachineCommandOutput extends DescribeStateMachineO * @throws {@link InvalidArn} (client fault) *The provided Amazon Resource Name (ARN) is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The specified state machine does not exist.
* diff --git a/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts b/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts index 57554974b4f2..831a5f04f403 100644 --- a/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts +++ b/clients/client-sfn/src/commands/DescribeStateMachineForExecutionCommand.ts @@ -39,9 +39,7 @@ export interface DescribeStateMachineForExecutionCommandOutput /** *Provides information about a state machine's definition, its execution role ARN, and * configuration. If a Map Run dispatched the execution, this action returns the Map Run - * Amazon Resource Name (ARN) in the response. - * The - * state machine returned is the state machine associated with the + * Amazon Resource Name (ARN) in the response. The state machine returned is the state machine associated with the * Map Run.
*This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
@@ -55,6 +53,7 @@ export interface DescribeStateMachineForExecutionCommandOutput * const client = new SFNClient(config); * const input = { // DescribeStateMachineForExecutionInput * executionArn: "STRING_VALUE", // required + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new DescribeStateMachineForExecutionCommand(input); * const response = await client.send(command); @@ -81,6 +80,11 @@ export interface DescribeStateMachineForExecutionCommandOutput * // mapRunArn: "STRING_VALUE", * // label: "STRING_VALUE", * // revisionId: "STRING_VALUE", + * // encryptionConfiguration: { // EncryptionConfiguration + * // kmsKeyId: "STRING_VALUE", + * // kmsDataKeyReusePeriodSeconds: Number("int"), + * // type: "AWS_OWNED_KEY" || "CUSTOMER_MANAGED_KMS_KEY", // required + * // }, * // }; * * ``` @@ -97,6 +101,15 @@ export interface DescribeStateMachineForExecutionCommandOutput * @throws {@link InvalidArn} (client fault) *The provided Amazon Resource Name (ARN) is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
Base exception class for all service exceptions from SFN service.
* diff --git a/clients/client-sfn/src/commands/GetActivityTaskCommand.ts b/clients/client-sfn/src/commands/GetActivityTaskCommand.ts index 2da1f6a89c0a..68d2e79e0872 100644 --- a/clients/client-sfn/src/commands/GetActivityTaskCommand.ts +++ b/clients/client-sfn/src/commands/GetActivityTaskCommand.ts @@ -83,6 +83,15 @@ export interface GetActivityTaskCommandOutput extends GetActivityTaskOutput, __M * @throws {@link InvalidArn} (client fault) *The provided Amazon Resource Name (ARN) is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
Base exception class for all service exceptions from SFN service.
* diff --git a/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts b/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts index 933c49505c46..4c7f6e34095d 100644 --- a/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts +++ b/clients/client-sfn/src/commands/GetExecutionHistoryCommand.ts @@ -264,6 +264,15 @@ export interface GetExecutionHistoryCommandOutput extends GetExecutionHistoryOut * @throws {@link InvalidToken} (client fault) *The provided token is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
Base exception class for all service exceptions from SFN service.
* diff --git a/clients/client-sfn/src/commands/ListExecutionsCommand.ts b/clients/client-sfn/src/commands/ListExecutionsCommand.ts index f7a5a83974f0..685ad715e3d4 100644 --- a/clients/client-sfn/src/commands/ListExecutionsCommand.ts +++ b/clients/client-sfn/src/commands/ListExecutionsCommand.ts @@ -95,7 +95,7 @@ export interface ListExecutionsCommandOutput extends ListExecutionsOutput, __Met *The specified state machine does not exist.
* * @throws {@link StateMachineTypeNotSupported} (client fault) - * + *State machine type is not supported.
* * @throws {@link ValidationException} (client fault) *The input does not satisfy the constraints specified by an Amazon Web Services service.
diff --git a/clients/client-sfn/src/commands/SendTaskFailureCommand.ts b/clients/client-sfn/src/commands/SendTaskFailureCommand.ts index 5119cb39c97b..5470c0d8cd14 100644 --- a/clients/client-sfn/src/commands/SendTaskFailureCommand.ts +++ b/clients/client-sfn/src/commands/SendTaskFailureCommand.ts @@ -34,6 +34,8 @@ export interface SendTaskFailureCommandOutput extends SendTaskFailureOutput, __M /** *Used by activity workers, Task states using the callback
* pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken
failed.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
+ *A caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error
and cause
fields because no data needs to be encrypted.
The provided token is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The activity does not exist.
* diff --git a/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts b/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts index 40c6500723d9..5ca1607ff210 100644 --- a/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts +++ b/clients/client-sfn/src/commands/SendTaskSuccessCommand.ts @@ -63,6 +63,15 @@ export interface SendTaskSuccessCommandOutput extends SendTaskSuccessOutput, __M * @throws {@link InvalidToken} (client fault) *The provided token is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The activity does not exist.
* diff --git a/clients/client-sfn/src/commands/StartExecutionCommand.ts b/clients/client-sfn/src/commands/StartExecutionCommand.ts index 717eb253ae7b..3abf3191eafa 100644 --- a/clients/client-sfn/src/commands/StartExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StartExecutionCommand.ts @@ -118,6 +118,15 @@ export interface StartExecutionCommandOutput extends StartExecutionOutput, __Met * @throws {@link InvalidName} (client fault) *The provided name is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The specified state machine is being deleted.
* diff --git a/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts b/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts index b85b3378b9d9..54bde390861f 100644 --- a/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StartSyncExecutionCommand.ts @@ -57,6 +57,7 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu * name: "STRING_VALUE", * input: "STRING_VALUE", * traceHeader: "STRING_VALUE", + * includedData: "ALL_DATA" || "METADATA_ONLY", * }; * const command = new StartSyncExecutionCommand(input); * const response = await client.send(command); @@ -101,6 +102,15 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu * @throws {@link InvalidName} (client fault) *The provided name is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The specified state machine is being deleted.
* @@ -108,7 +118,7 @@ export interface StartSyncExecutionCommandOutput extends StartSyncExecutionOutpu *The specified state machine does not exist.
* * @throws {@link StateMachineTypeNotSupported} (client fault) - * + *State machine type is not supported.
* * @throws {@link SFNServiceException} *Base exception class for all service exceptions from SFN service.
diff --git a/clients/client-sfn/src/commands/StopExecutionCommand.ts b/clients/client-sfn/src/commands/StopExecutionCommand.ts index 59cfd82a5946..63858b1fb47b 100644 --- a/clients/client-sfn/src/commands/StopExecutionCommand.ts +++ b/clients/client-sfn/src/commands/StopExecutionCommand.ts @@ -30,6 +30,8 @@ export interface StopExecutionCommandOutput extends StopExecutionOutput, __Metad /** *Stops an execution.
*This API action is not supported by EXPRESS
state machines.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
+ *A caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error
and cause
fields because no data needs to be encrypted.
The provided Amazon Resource Name (ARN) is not valid.
* + * @throws {@link KmsAccessDeniedException} (client fault) + *Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsInvalidStateException} (client fault) + *The KMS key is not in valid state, for example: Disabled or Deleted.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The input does not satisfy the constraints specified by an Amazon Web Services service.
* diff --git a/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts b/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts index f0531c60e96f..6b74675ccdf0 100644 --- a/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts +++ b/clients/client-sfn/src/commands/UpdateStateMachineCommand.ts @@ -33,7 +33,7 @@ export interface UpdateStateMachineCommandOutput extends UpdateStateMachineOutpu /** *Updates an existing state machine by modifying its definition
,
- * roleArn
, or loggingConfiguration
. Running executions will continue
+ * roleArn
, loggingConfiguration
, or EncryptionConfiguration
. Running executions will continue
* to use the previous definition
and roleArn
. You must include at
* least one of definition
or roleArn
or you will receive a
* MissingRequiredParameter
error.
The provided Amazon States Language definition is not valid.
* + * @throws {@link InvalidEncryptionConfiguration} (client fault) + *Received when encryptionConfiguration
is specified but various conditions exist which make the configuration invalid. For example, if type
is set to CUSTOMER_MANAGED_KMS_KEY
, but kmsKeyId
is null, or kmsDataKeyReusePeriodSeconds
is not between 60 and 900, or the KMS key is not symmetric or inactive.
Configuration is not valid.
* * @throws {@link InvalidTracingConfiguration} (client fault) *Your tracingConfiguration
key does not match, or enabled
has not
* been set to true
or false
.
Either your KMS key policy or API caller does not have the required permissions.
+ * + * @throws {@link KmsThrottlingException} (client fault) + *Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
Request is missing a required parameter. This error occurs if both definition
* and roleArn
are not specified.
Step Functions is a service that lets you coordinate the components of distributed applications + *
Step Functions coordinates the components of distributed applications * and microservices using visual workflows.
*You can use Step Functions to build applications from individual components, each of which performs * a discrete function, or task, allowing you to scale and change diff --git a/clients/client-sfn/src/models/models_0.ts b/clients/client-sfn/src/models/models_0.ts index e17c61f3625c..033536bf4856 100644 --- a/clients/client-sfn/src/models/models_0.ts +++ b/clients/client-sfn/src/models/models_0.ts @@ -3,6 +3,26 @@ import { ExceptionOptionType as __ExceptionOptionType, SENSITIVE_STRING } from " import { SFNServiceException as __BaseException } from "./SFNServiceException"; +/** + *
Activity already exists. EncryptionConfiguration
may not be updated.
The specified activity does not exist.
* @public @@ -247,6 +267,52 @@ export class ActivityWorkerLimitExceeded extends __BaseException { } } +/** + * @public + * @enum + */ +export const EncryptionType = { + AWS_OWNED_KEY: "AWS_OWNED_KEY", + CUSTOMER_MANAGED_KMS_KEY: "CUSTOMER_MANAGED_KMS_KEY", +} as const; + +/** + * @public + */ +export type EncryptionType = (typeof EncryptionType)[keyof typeof EncryptionType]; + +/** + *Settings to configure server-side encryption.
+ *+ * For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity. + *
+ *Step Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see Key Management Service pricing.
+ *For more information on KMS, see What is Key Management Service? + *
+ * @public + */ +export interface EncryptionConfiguration { + /** + *An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
+ * @public + */ + kmsKeyId?: string; + + /** + *Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey
. Only applies to customer managed keys.
Encryption type
+ * @public + */ + type: EncryptionType | undefined; +} + /** *Tags are key-value pairs that can be associated with Step Functions state machines and * activities.
@@ -315,6 +381,12 @@ export interface CreateActivityInput { * @public */ tags?: Tag[]; + + /** + *Settings to configure server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -334,6 +406,26 @@ export interface CreateActivityOutput { creationDate: Date | undefined; } +/** + *Received when encryptionConfiguration
is specified but various conditions exist which make the configuration invalid. For example, if type
is set to CUSTOMER_MANAGED_KMS_KEY
, but kmsKeyId
is null, or kmsDataKeyReusePeriodSeconds
is not between 60 and 900, or the KMS key is not symmetric or inactive.
The provided name is not valid.
* @public @@ -354,6 +446,46 @@ export class InvalidName extends __BaseException { } } +/** + *Either your KMS key policy or API caller does not have the required permissions.
+ * @public + */ +export class KmsAccessDeniedException extends __BaseException { + readonly name: "KmsAccessDeniedException" = "KmsAccessDeniedException"; + readonly $fault: "client" = "client"; + /** + * @internal + */ + constructor(opts: __ExceptionOptionTypeReceived when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
You've exceeded the number of tags allowed for a resource. See the Limits Topic in the * Step Functions Developer Guide.
@@ -586,6 +718,12 @@ export interface CreateStateMachineInput { * @public */ versionDescription?: string; + + /** + *Settings to configure server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -652,7 +790,7 @@ export class InvalidDefinition extends __BaseException { } /** - * + *Configuration is not valid.
* @public */ export class InvalidLoggingConfiguration extends __BaseException { @@ -755,7 +893,7 @@ export class StateMachineLimitExceeded extends __BaseException { } /** - * + *State machine type is not supported.
* @public */ export class StateMachineTypeNotSupported extends __BaseException { @@ -832,9 +970,8 @@ export interface RoutingConfigurationListItem { stateMachineVersionArn: string | undefined; /** - *The percentage of traffic you want to route to a state machine - * version. The sum of the weights in the routing - * configuration must be equal to 100.
+ *The percentage of traffic you want to route to a state machine version. The sum of the + * weights in the routing configuration must be equal to 100.
* @public */ weight: number | undefined; @@ -1046,8 +1183,28 @@ export interface DescribeActivityOutput { * @public */ creationDate: Date | undefined; + + /** + *Settings for configured server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } +/** + * @public + * @enum + */ +export const IncludedData = { + ALL_DATA: "ALL_DATA", + METADATA_ONLY: "METADATA_ONLY", +} as const; + +/** + * @public + */ +export type IncludedData = (typeof IncludedData)[keyof typeof IncludedData]; + /** * @public */ @@ -1057,6 +1214,12 @@ export interface DescribeExecutionInput { * @public */ executionArn: string | undefined; + + /** + *If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
The KMS key is not in valid state, for example: Disabled or Deleted.
+ * @public + */ +export class KmsInvalidStateException extends __BaseException { + readonly name: "KmsInvalidStateException" = "KmsInvalidStateException"; + readonly $fault: "client" = "client"; + /** + *Current status of the KMS; key. For example: DISABLED
, PENDING_DELETION
, PENDING_IMPORT
, UNAVAILABLE
, CREATING
.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
+ * When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY
parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt
permission.
+ *
The Amazon States Language definition of the state machine. See Amazon States Language.
+ *If called with includedData = METADATA_ONLY
, the returned definition will be \{\}
.
Settings to configure server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -1782,6 +2007,12 @@ export interface DescribeStateMachineForExecutionInput { * @public */ executionArn: string | undefined; + + /** + *If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
Settings to configure server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** @@ -3817,8 +4054,7 @@ export interface StartExecutionInput { stateMachineArn: string | undefined; /** - *Optional name of the execution. - * This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, + *
Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information, * see * Limits Related to State Machine Executions in the Step Functions Developer Guide.
*If you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.
@@ -3925,6 +4161,12 @@ export interface StartSyncExecutionInput { * @public */ traceHeader?: string; + + /** + *If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
Settings to configure server-side encryption.
+ * @public + */ + encryptionConfiguration?: EncryptionConfiguration; } /** diff --git a/clients/client-sfn/src/protocols/Aws_json1_0.ts b/clients/client-sfn/src/protocols/Aws_json1_0.ts index 8dc44bf233e6..0007998727f3 100644 --- a/clients/client-sfn/src/protocols/Aws_json1_0.ts +++ b/clients/client-sfn/src/protocols/Aws_json1_0.ts @@ -105,6 +105,7 @@ import { ValidateStateMachineDefinitionCommandOutput, } from "../commands/ValidateStateMachineDefinitionCommand"; import { + ActivityAlreadyExists, ActivityDoesNotExist, ActivityLimitExceeded, ActivityListItem, @@ -133,6 +134,7 @@ import { DescribeStateMachineForExecutionOutput, DescribeStateMachineInput, DescribeStateMachineOutput, + EncryptionConfiguration, ExecutionAlreadyExists, ExecutionDoesNotExist, ExecutionLimitExceeded, @@ -144,12 +146,16 @@ import { HistoryEvent, InvalidArn, InvalidDefinition, + InvalidEncryptionConfiguration, InvalidExecutionInput, InvalidLoggingConfiguration, InvalidName, InvalidOutput, InvalidToken, InvalidTracingConfiguration, + KmsAccessDeniedException, + KmsInvalidStateException, + KmsThrottlingException, ListActivitiesInput, ListActivitiesOutput, ListExecutionsInput, @@ -1454,12 +1460,24 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): }; const errorCode = loadRestJsonErrorCode(output, parsedOutput.body); switch (errorCode) { + case "ActivityAlreadyExists": + case "com.amazonaws.sfn#ActivityAlreadyExists": + throw await de_ActivityAlreadyExistsRes(parsedOutput, context); case "ActivityLimitExceeded": case "com.amazonaws.sfn#ActivityLimitExceeded": throw await de_ActivityLimitExceededRes(parsedOutput, context); + case "InvalidEncryptionConfiguration": + case "com.amazonaws.sfn#InvalidEncryptionConfiguration": + throw await de_InvalidEncryptionConfigurationRes(parsedOutput, context); case "InvalidName": case "com.amazonaws.sfn#InvalidName": throw await de_InvalidNameRes(parsedOutput, context); + case "KmsAccessDeniedException": + case "com.amazonaws.sfn#KmsAccessDeniedException": + throw await de_KmsAccessDeniedExceptionRes(parsedOutput, context); + case "KmsThrottlingException": + case "com.amazonaws.sfn#KmsThrottlingException": + throw await de_KmsThrottlingExceptionRes(parsedOutput, context); case "TooManyTags": case "com.amazonaws.sfn#TooManyTags": throw await de_TooManyTagsRes(parsedOutput, context); @@ -1505,6 +1523,9 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): case "ExecutionDoesNotExist": case "com.amazonaws.sfn#ExecutionDoesNotExist": throw await de_ExecutionDoesNotExistRes(parsedOutput, context); + case "KmsInvalidStateException": + case "com.amazonaws.sfn#KmsInvalidStateException": + throw await de_KmsInvalidStateExceptionRes(parsedOutput, context); case "StateMachineDoesNotExist": case "com.amazonaws.sfn#StateMachineDoesNotExist": throw await de_StateMachineDoesNotExistRes(parsedOutput, context); @@ -1548,6 +1569,22 @@ const de_CommandError = async (output: __HttpResponse, context: __SerdeContext): } }; +/** + * deserializeAws_json1_0ActivityAlreadyExistsRes + */ +const de_ActivityAlreadyExistsRes = async ( + parsedOutput: any, + context: __SerdeContext +): PromiseStep Functions is a service that lets you coordinate the components of distributed applications\n and microservices using visual workflows.
\nYou can use Step Functions to build applications from individual components, each of which performs\n a discrete function, or task, allowing you to scale and change\n applications quickly. Step Functions provides a console that helps visualize the components of your\n application as a series of steps. Step Functions automatically triggers and tracks each step, and\n retries steps when there are errors, so your application executes predictably and in the right\n order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any\n issues.
\nStep Functions manages operations and underlying infrastructure to ensure your application is\n available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has\n access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API.\n For more information about Step Functions, see the \n Step Functions Developer Guide\n .
\nIf you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution
and specify its parameter as StateMachineArn
.
Step Functions coordinates the components of distributed applications\n and microservices using visual workflows.
\nYou can use Step Functions to build applications from individual components, each of which performs\n a discrete function, or task, allowing you to scale and change\n applications quickly. Step Functions provides a console that helps visualize the components of your\n application as a series of steps. Step Functions automatically triggers and tracks each step, and\n retries steps when there are errors, so your application executes predictably and in the right\n order every time. Step Functions logs the state of each step, so you can quickly diagnose and debug any\n issues.
\nStep Functions manages operations and underlying infrastructure to ensure your application is\n available at any scale. You can run tasks on Amazon Web Services, your own servers, or any system that has\n access to Amazon Web Services. You can access and use Step Functions using the console, the Amazon Web Services SDKs, or an HTTP API.\n For more information about Step Functions, see the \n Step Functions Developer Guide\n .
\nIf you use the Step Functions API actions using Amazon Web Services SDK integrations, make sure the API actions are in camel case and parameter names are in Pascal case. For example, you could use Step Functions API action startSyncExecution
and specify its parameter as StateMachineArn
.
Activity already exists. EncryptionConfiguration
may not be updated.
The list of tags to add to a resource.
\nAn array of key-value pairs. For more information, see Using\n Cost Allocation Tags in the Amazon Web Services Billing and Cost Management User\n Guide, and Controlling Access Using IAM\n Tags.
\nTags may only contain Unicode letters, digits, white space, or these symbols: _ . : / = + - @
.
Settings to configure server-side encryption.
" + } } }, "traits": { @@ -1598,6 +1628,9 @@ { "target": "com.amazonaws.sfn#InvalidDefinition" }, + { + "target": "com.amazonaws.sfn#InvalidEncryptionConfiguration" + }, { "target": "com.amazonaws.sfn#InvalidLoggingConfiguration" }, @@ -1607,6 +1640,12 @@ { "target": "com.amazonaws.sfn#InvalidTracingConfiguration" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineAlreadyExists" }, @@ -1627,7 +1666,7 @@ } ], "traits": { - "smithy.api#documentation": "Creates a state machine. A state machine consists of a collection of states that can do\n work (Task
states), determine to which states to transition next\n (Choice
states), stop an execution with an error (Fail
states),\n and so on. State machines are specified using a JSON-based, structured language. For more\n information, see Amazon States\n Language in the Step Functions User Guide.
If you set the publish
parameter of this API action to true
, it\n publishes version 1
as the first revision of the state machine.
This operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
\n\n CreateStateMachine
is an idempotent API. Subsequent requests won’t create a\n duplicate resource if it was already created. CreateStateMachine
's idempotency\n check is based on the state machine name
, definition
,\n type
, LoggingConfiguration
, and\n TracingConfiguration
. The check is also based on the publish
and versionDescription
parameters. If a following request has a different\n roleArn
or tags
, Step Functions will ignore these differences and treat\n it as an idempotent request of the previous. In this case, roleArn
and\n tags
will not be updated, even if they are different.
Creates a state machine. A state machine consists of a collection of states that can do\n work (Task
states), determine to which states to transition next\n (Choice
states), stop an execution with an error (Fail
states),\n and so on. State machines are specified using a JSON-based, structured language. For more\n information, see Amazon States\n Language in the Step Functions User Guide.
If you set the publish
parameter of this API action to true
, it\n publishes version 1
as the first revision of the state machine.
\n For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine. The execution history and state machine definition will be encrypted with the key applied to the State Machine.\n
\nThis operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
\n\n CreateStateMachine
is an idempotent API. Subsequent requests won’t create a\n duplicate resource if it was already created. CreateStateMachine
's idempotency\n check is based on the state machine name
, definition
,\n type
, LoggingConfiguration
,\n TracingConfiguration
, and EncryptionConfiguration
The check is also based on the publish
and versionDescription
parameters. If a following request has a different\n roleArn
or tags
, Step Functions will ignore these differences and treat\n it as an idempotent request of the previous. In this case, roleArn
and\n tags
will not be updated, even if they are different.
Sets description about the state machine version. You can only set the description if the publish
parameter is set to true
. Otherwise, if you set versionDescription
, but publish
to false
, this API action throws ValidationException
.
Settings to configure server-side encryption.
" + } } }, "traits": { @@ -1969,7 +2014,7 @@ } ], "traits": { - "smithy.api#documentation": "Deletes a state machine version. After\n you delete a version, you can't call StartExecution using that version's ARN\n or use\n the\n version with a state machine alias.
\nDeleting a state machine version won't terminate its in-progress executions.
\nYou can't delete a state machine version currently referenced by one or more aliases. Before you delete a version, you must either delete the aliases or update them to point to another state machine version.
\n\n Related operations:\n
\nDeletes a state machine version. After\n you delete a version, you can't call StartExecution using that version's ARN\n or use the version with a state machine alias.
\nDeleting a state machine version won't terminate its in-progress executions.
\nYou can't delete a state machine version currently referenced by one or more aliases. Before you delete a version, you must either delete the aliases or update them to point to another state machine version.
\n\n Related operations:\n
\nThe date the activity is created.
", "smithy.api#required": {} } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "Settings for configured server-side encryption.
" + } } }, "traits": { @@ -2072,6 +2123,15 @@ }, { "target": "com.amazonaws.sfn#InvalidArn" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -2087,6 +2147,12 @@ "smithy.api#documentation": "The Amazon Resource Name (ARN) of the execution to describe.
", "smithy.api#required": {} } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call DescribeStateMachine API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
Provides information about a state machine's definition, its execution role ARN, and\n configuration. If a Map Run dispatched the execution, this action returns the Map Run\n Amazon Resource Name (ARN) in the response.\n The\n state machine returned is the state machine associated with the\n Map Run.
\nThis operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
\nThis API action is not supported by EXPRESS
state machines.
Provides information about a state machine's definition, its execution role ARN, and\n configuration. If a Map Run dispatched the execution, this action returns the Map Run\n Amazon Resource Name (ARN) in the response. The state machine returned is the state machine associated with the\n Map Run.
\nThis operation is eventually consistent. The results are best effort and may not reflect very recent updates and changes.
\nThis API action is not supported by EXPRESS
state machines.
The Amazon Resource Name (ARN) of the execution you want state machine information for.
", "smithy.api#required": {} } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
The revision identifier for the state machine. The first revision ID when you create the state machine is null.
\nUse the state machine revisionId
parameter to compare the revision of a state machine with the configuration of the state machine used for executions without performing a diff of the properties, such as definition
and roleArn
.
Settings to configure server-side encryption.
" + } } }, "traits": { @@ -2562,6 +2658,12 @@ "smithy.api#documentation": "The Amazon Resource Name (ARN) of the state machine for which you want the information.
\nIf you specify a state machine version ARN, this API returns details about that version. The version ARN is a combination of state machine ARN and the version number separated by a colon (:). For example, stateMachineARN:1
.
If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
\n When calling a labelled ARN for an encrypted state machine, the includedData = METADATA_ONLY
parameter will not apply because Step Functions needs to decrypt the entire state machine definition to get the Distributed Map state’s definition. In this case, the API caller needs to have kms:Decrypt
permission.\n
The Amazon States Language definition of the state machine. See Amazon States Language.
", + "smithy.api#documentation": "The Amazon States Language definition of the state machine. See Amazon States Language.
\nIf called with includedData = METADATA_ONLY
, the returned definition will be {}
.
The description of the state machine version.
" } + }, + "encryptionConfiguration": { + "target": "com.amazonaws.sfn#EncryptionConfiguration", + "traits": { + "smithy.api#documentation": "Settings to configure server-side encryption.
" + } } }, "traits": { @@ -2657,6 +2765,50 @@ "smithy.api#default": false } }, + "com.amazonaws.sfn#EncryptionConfiguration": { + "type": "structure", + "members": { + "kmsKeyId": { + "target": "com.amazonaws.sfn#KmsKeyId", + "traits": { + "smithy.api#documentation": "An alias, alias ARN, key ID, or key ARN of a symmetric encryption KMS key to encrypt data. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.
" + } + }, + "kmsDataKeyReusePeriodSeconds": { + "target": "com.amazonaws.sfn#KmsDataKeyReusePeriodSeconds", + "traits": { + "smithy.api#documentation": "Maximum duration that Step Functions will reuse data keys. When the period expires, Step Functions will call GenerateDataKey
. Only applies to customer managed keys.
Encryption type
", + "smithy.api#required": {} + } + } + }, + "traits": { + "smithy.api#documentation": "Settings to configure server-side encryption.
\n\n For additional control over security, you can encrypt your data using a customer-managed key for Step Functions state machines and activities. You can configure a symmetric KMS key and data key reuse period when creating or updating a State Machine, and when creating an Activity. The execution history and state machine definition will be encrypted with the key applied to the State Machine. Activity inputs will be encrypted with the key applied to the Activity.\n
\nStep Functions automatically enables encryption at rest using Amazon Web Services owned keys at no charge. However, KMS charges apply when using a customer managed key. For more information about pricing, see Key Management Service pricing.
\nFor more information on KMS, see What is Key Management Service?\n
" + } + }, + "com.amazonaws.sfn#EncryptionType": { + "type": "enum", + "members": { + "AWS_OWNED_KEY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "AWS_OWNED_KEY" + } + }, + "CUSTOMER_MANAGED_KMS_KEY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CUSTOMER_MANAGED_KMS_KEY" + } + } + } + }, "com.amazonaws.sfn#ErrorMessage": { "type": "string" }, @@ -3036,6 +3188,15 @@ }, { "target": "com.amazonaws.sfn#InvalidArn" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -3100,6 +3261,15 @@ }, { "target": "com.amazonaws.sfn#InvalidToken" + }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" } ], "traits": { @@ -3810,6 +3980,23 @@ "com.amazonaws.sfn#IncludeExecutionDataGetExecutionHistory": { "type": "boolean" }, + "com.amazonaws.sfn#IncludedData": { + "type": "enum", + "members": { + "ALL_DATA": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "ALL_DATA" + } + }, + "METADATA_ONLY": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "METADATA_ONLY" + } + } + } + }, "com.amazonaws.sfn#InspectionData": { "type": "structure", "members": { @@ -3990,6 +4177,18 @@ "smithy.api#error": "client" } }, + "com.amazonaws.sfn#InvalidEncryptionConfiguration": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "Received when encryptionConfiguration
is specified but various conditions exist which make the configuration invalid. For example, if type
is set to CUSTOMER_MANAGED_KMS_KEY
, but kmsKeyId
is null, or kmsDataKeyReusePeriodSeconds
is not between 60 and 900, or the KMS key is not symmetric or inactive.
Configuration is not valid.
", "smithy.api#error": "client" } }, @@ -4062,6 +4261,101 @@ "smithy.api#error": "client" } }, + "com.amazonaws.sfn#KmsAccessDeniedException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "Either your KMS key policy or API caller does not have the required permissions.
", + "smithy.api#error": "client" + } + }, + "com.amazonaws.sfn#KmsDataKeyReusePeriodSeconds": { + "type": "integer", + "traits": { + "smithy.api#range": { + "min": 60, + "max": 900 + } + } + }, + "com.amazonaws.sfn#KmsInvalidStateException": { + "type": "structure", + "members": { + "kmsKeyState": { + "target": "com.amazonaws.sfn#KmsKeyState", + "traits": { + "smithy.api#documentation": "Current status of the KMS; key. For example: DISABLED
, PENDING_DELETION
, PENDING_IMPORT
, UNAVAILABLE
, CREATING
.
The KMS key is not in valid state, for example: Disabled or Deleted.
", + "smithy.api#error": "client" + } + }, + "com.amazonaws.sfn#KmsKeyId": { + "type": "string", + "traits": { + "smithy.api#length": { + "min": 1, + "max": 2048 + } + } + }, + "com.amazonaws.sfn#KmsKeyState": { + "type": "enum", + "members": { + "DISABLED": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "DISABLED" + } + }, + "PENDING_DELETION": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING_DELETION" + } + }, + "PENDING_IMPORT": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "PENDING_IMPORT" + } + }, + "UNAVAILABLE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "UNAVAILABLE" + } + }, + "CREATING": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CREATING" + } + } + } + }, + "com.amazonaws.sfn#KmsThrottlingException": { + "type": "structure", + "members": { + "message": { + "target": "com.amazonaws.sfn#ErrorMessage" + } + }, + "traits": { + "smithy.api#documentation": "Received when KMS returns ThrottlingException
for a KMS call that Step Functions makes on behalf of the caller.
The percentage of traffic you want to route to a state machine\n version. The sum of the weights in the routing\n configuration must be equal to 100.
", + "smithy.api#documentation": "The percentage of traffic you want to route to a state machine version. The sum of the\n weights in the routing configuration must be equal to 100.
", "smithy.api#required": {} } } @@ -5445,6 +5739,15 @@ { "target": "com.amazonaws.sfn#InvalidToken" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#TaskDoesNotExist" }, @@ -5453,7 +5756,7 @@ } ], "traits": { - "smithy.api#documentation": "Used by activity workers, Task states using the callback\n pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken
failed.
Used by activity workers, Task states using the callback\n pattern, and optionally Task states using the job run pattern to report that the task identified by the taskToken
failed.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
\nA caller can mark a task as fail without using any KMS permissions in the execution role if the caller provides a null value for both error
and cause
fields because no data needs to be encrypted.
Optional name of the execution.\n This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information,\n see \n Limits Related to State Machine Executions in the Step Functions Developer Guide.
\nIf you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.
\nA name must not contain:
\nwhite space
\nbrackets < > { } [ ]
\n
wildcard characters ? *
\n
special characters \" # % \\ ^ | ~ ` $ & , ; : /
\n
control characters (U+0000-001F
, U+007F-009F
)
To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.
" + "smithy.api#documentation": "Optional name of the execution. This name must be unique for your Amazon Web Services account, Region, and state machine for 90 days. For more information,\n see \n Limits Related to State Machine Executions in the Step Functions Developer Guide.
\nIf you don't provide a name for the execution, Step Functions automatically generates a universally unique identifier (UUID) as the execution name.
\nA name must not contain:
\nwhite space
\nbrackets < > { } [ ]
\n
wildcard characters ? *
\n
special characters \" # % \\ ^ | ~ ` $ & , ; : /
\n
control characters (U+0000-001F
, U+007F-009F
)
To enable logging with CloudWatch Logs, the name should only contain 0-9, A-Z, a-z, - and _.
" } }, "input": { @@ -5755,6 +6076,15 @@ { "target": "com.amazonaws.sfn#InvalidName" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#StateMachineDeleting" }, @@ -5799,6 +6129,12 @@ "traits": { "smithy.api#documentation": "Passes the X-Ray trace header. The trace header can also be passed in the request\n payload.
" } + }, + "includedData": { + "target": "com.amazonaws.sfn#IncludedData", + "traits": { + "smithy.api#documentation": "If your state machine definition is encrypted with a KMS key, callers must have kms:Decrypt
permission to decrypt the definition. Alternatively, you can call the API with includedData = METADATA_ONLY
to get a successful response without the encrypted definition.
State machine type is not supported.
", "smithy.api#error": "client" } }, @@ -6165,12 +6501,21 @@ { "target": "com.amazonaws.sfn#InvalidArn" }, + { + "target": "com.amazonaws.sfn#KmsAccessDeniedException" + }, + { + "target": "com.amazonaws.sfn#KmsInvalidStateException" + }, + { + "target": "com.amazonaws.sfn#KmsThrottlingException" + }, { "target": "com.amazonaws.sfn#ValidationException" } ], "traits": { - "smithy.api#documentation": "Stops an execution.
\nThis API action is not supported by EXPRESS
state machines.
Stops an execution.
\nThis API action is not supported by EXPRESS
state machines.
For an execution with encryption enabled, Step Functions will encrypt the error and cause fields using the KMS key for the execution role.
\nA caller can stop an execution without using any KMS permissions in the execution role if the caller provides a null value for both error
and cause
fields because no data needs to be encrypted.
Updates an existing state machine by modifying its definition
,\n roleArn
, or loggingConfiguration
. Running executions will continue\n to use the previous definition
and roleArn
. You must include at\n least one of definition
or roleArn
or you will receive a\n MissingRequiredParameter
error.
A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel
refers to a Distributed Map state with a label mapStateLabel
in the state machine named stateMachineName
.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
\nThe following are some examples of qualified and unqualified state machine ARNs:
\nThe following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel
in a state machine named myStateMachine
.
\n arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
\n
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException
.
The following qualified state machine ARN refers to an alias named PROD
.
\n arn:
\n
If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.
\nThe following unqualified state machine ARN refers to a state machine named myStateMachine
.
\n arn:
\n
After you update your state machine, you can set the publish
parameter to\n true
in the same action to publish a new version. This\n way, you can opt-in to strict versioning of your state machine.
Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.
\nAll StartExecution
calls within a few seconds use the updated\n definition
and roleArn
. Executions started immediately after you\n call UpdateStateMachine
may use the previous state machine\n definition
and roleArn
.
Updates an existing state machine by modifying its definition
,\n roleArn
, loggingConfiguration
, or EncryptionConfiguration
. Running executions will continue\n to use the previous definition
and roleArn
. You must include at\n least one of definition
or roleArn
or you will receive a\n MissingRequiredParameter
error.
A qualified state machine ARN refers to a Distributed Map state defined within a state machine. For example, the qualified state machine ARN arn:partition:states:region:account-id:stateMachine:stateMachineName/mapStateLabel
refers to a Distributed Map state with a label mapStateLabel
in the state machine named stateMachineName
.
A qualified state machine ARN can either refer to a Distributed Map state defined within a state machine, a version ARN, or an alias ARN.
\nThe following are some examples of qualified and unqualified state machine ARNs:
\nThe following qualified state machine ARN refers to a Distributed Map state with a label mapStateLabel
in a state machine named myStateMachine
.
\n arn:partition:states:region:account-id:stateMachine:myStateMachine/mapStateLabel
\n
If you provide a qualified state machine ARN that refers to a Distributed Map state, the request fails with ValidationException
.
The following qualified state machine ARN refers to an alias named PROD
.
\n arn:
\n
If you provide a qualified state machine ARN that refers to a version ARN or an alias ARN, the request starts execution for that version or alias.
\nThe following unqualified state machine ARN refers to a state machine named myStateMachine
.
\n arn:
\n
After you update your state machine, you can set the publish
parameter to\n true
in the same action to publish a new version. This\n way, you can opt-in to strict versioning of your state machine.
Step Functions assigns monotonically increasing integers for state machine versions, starting at version number 1.
\nAll StartExecution
calls within a few seconds use the updated\n definition
and roleArn
. Executions started immediately after you\n call UpdateStateMachine
may use the previous state machine\n definition
and roleArn
.
An optional description of the state machine version to publish.
\nYou can only specify the versionDescription
parameter if you've set publish
to true
.
Settings to configure server-side encryption.
" + } } }, "traits": {