AWS WAF adds support for ASN-based traffic filtering and support for ASN-based rate limiting.

Add new warning type 'EXCLUDED_PROPERTIES'
Updating the minimum for List APIs to be 1 (instead of 0)
AWS KMS announces the support for on-demand rotation of symmetric-encryption KMS keys with imported key material (EXTERNAL origin).

Author: aws-sdk-cpp-automation

VERSION

@@ -1 +1 @@
-1.11.582
+1.11.583

generated/src/aws-cpp-sdk-cloudformation/include/aws/cloudformation/model/ScanFilter.h

@@ -51,7 +51,7 @@ namespace Model
      * href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/resource-import-supported-resources.html">Resource
      * type support</a> table in the <i>CloudFormation User Guide</i>.</p> <p>To scan
      * all resource types within a service, you can use a wildcard, represented by an
-     * asterisk (<code>*</code>). You can place a asterisk at only the end of the
+     * asterisk (<code>*</code>). You can place an asterisk at only the end of the
      * string, for example, <code>AWS::S3::*</code>.</p>
      */
     inline const Aws::Vector<Aws::String>& GetTypes() const { return m_types; }

generated/src/aws-cpp-sdk-cloudformation/include/aws/cloudformation/model/WarningType.h

@@ -18,7 +18,8 @@ namespace Model
     NOT_SET,
     MUTUALLY_EXCLUSIVE_PROPERTIES,
     UNSUPPORTED_PROPERTIES,
-    MUTUALLY_EXCLUSIVE_TYPES
+    MUTUALLY_EXCLUSIVE_TYPES,
+    EXCLUDED_PROPERTIES
   };
 
 namespace WarningTypeMapper

generated/src/aws-cpp-sdk-cloudformation/source/model/WarningType.cpp

@@ -23,6 +23,7 @@ namespace Aws
         static const int MUTUALLY_EXCLUSIVE_PROPERTIES_HASH = HashingUtils::HashString("MUTUALLY_EXCLUSIVE_PROPERTIES");
         static const int UNSUPPORTED_PROPERTIES_HASH = HashingUtils::HashString("UNSUPPORTED_PROPERTIES");
         static const int MUTUALLY_EXCLUSIVE_TYPES_HASH = HashingUtils::HashString("MUTUALLY_EXCLUSIVE_TYPES");
+        static const int EXCLUDED_PROPERTIES_HASH = HashingUtils::HashString("EXCLUDED_PROPERTIES");
 
 
         WarningType GetWarningTypeForName(const Aws::String& name)
@@ -40,6 +41,10 @@ namespace Aws
           {
             return WarningType::MUTUALLY_EXCLUSIVE_TYPES;
           }
+          else if (hashCode == EXCLUDED_PROPERTIES_HASH)
+          {
+            return WarningType::EXCLUDED_PROPERTIES;
+          }
           EnumParseOverflowContainer* overflowContainer = Aws::GetEnumOverflowContainer();
           if(overflowContainer)
           {
@@ -62,6 +67,8 @@ namespace Aws
             return "UNSUPPORTED_PROPERTIES";
           case WarningType::MUTUALLY_EXCLUSIVE_TYPES:
             return "MUTUALLY_EXCLUSIVE_TYPES";
+          case WarningType::EXCLUDED_PROPERTIES:
+            return "EXCLUDED_PROPERTIES";
           default:
             EnumParseOverflowContainer* overflowContainer = Aws::GetEnumOverflowContainer();
             if(overflowContainer)

generated/src/aws-cpp-sdk-kms/include/aws/kms/KMSClient.h

@@ -25,6 +25,7 @@
 #include <aws/kms/model/CreateKeyResult.h>
 #include <aws/kms/model/DecryptResult.h>
 #include <aws/kms/model/DeleteCustomKeyStoreResult.h>
+#include <aws/kms/model/DeleteImportedKeyMaterialResult.h>
 #include <aws/kms/model/DeriveSharedSecretResult.h>
 #include <aws/kms/model/DescribeCustomKeyStoresResult.h>
 #include <aws/kms/model/DescribeKeyResult.h>
@@ -168,7 +169,7 @@ namespace Aws
       typedef Aws::Utils::Outcome<DecryptResult, KMSError> DecryptOutcome;
       typedef Aws::Utils::Outcome<Aws::NoResult, KMSError> DeleteAliasOutcome;
       typedef Aws::Utils::Outcome<DeleteCustomKeyStoreResult, KMSError> DeleteCustomKeyStoreOutcome;
-      typedef Aws::Utils::Outcome<Aws::NoResult, KMSError> DeleteImportedKeyMaterialOutcome;
+      typedef Aws::Utils::Outcome<DeleteImportedKeyMaterialResult, KMSError> DeleteImportedKeyMaterialOutcome;
       typedef Aws::Utils::Outcome<DeriveSharedSecretResult, KMSError> DeriveSharedSecretOutcome;
       typedef Aws::Utils::Outcome<DescribeCustomKeyStoresResult, KMSError> DescribeCustomKeyStoresOutcome;
       typedef Aws::Utils::Outcome<DescribeKeyResult, KMSError> DescribeKeyOutcome;

generated/src/aws-cpp-sdk-kms/include/aws/kms/KMSServiceClientModel.h

@@ -63,9 +63,9 @@ namespace Model
      * </p> <p>A valid key ID is required. If you supply a null or empty string value,
      * this operation returns an error.</p> <p>For help finding the key ID and ARN, see
      * <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn">Finding
-     * the Key ID and ARN</a> in the <i> <i>Key Management Service Developer Guide</i>
-     * </i>.</p> <p>Specify the key ID or key ARN of the KMS key.</p> <p>For
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html">Find
+     * the key ID and key ARN</a> in the <i> <i>Key Management Service Developer
+     * Guide</i> </i>.</p> <p>Specify the key ID or key ARN of the KMS key.</p> <p>For
      * example:</p> <ul> <li> <p>Key ID:
      * <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN:
      * <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code>

generated/src/aws-cpp-sdk-kms/include/aws/kms/model/CreateAliasRequest.h

@@ -95,7 +95,7 @@ namespace Model
      * parameter is required for custom key stores with a
      * <code>CustomKeyStoreType</code> of <code>AWS_CLOUDHSM</code>.</p> <p>Enter the
      * password of the <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html#concept-kmsuser">
      * <code>kmsuser</code> crypto user (CU) account</a> in the specified CloudHSM
      * cluster. KMS logs into the cluster as this user to manage key material on your
      * behalf.</p> <p>The password must be a string of 7 to 32 characters. Its value is
@@ -217,7 +217,7 @@ namespace Model
      * <code>RawSecretAccessKey</code>, a secret key, and <code>AccessKeyId</code>, a
      * unique identifier for the <code>RawSecretAccessKey</code>. For character
      * requirements, see <a
-     * href="kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html">XksProxyAuthenticationCredentialType</a>.</p>
+     * href="API_XksProxyAuthenticationCredentialType.html">XksProxyAuthenticationCredentialType</a>.</p>
      * <p>KMS uses this authentication credential to sign requests to the external key
      * store proxy on your behalf. This credential is unrelated to Identity and Access
      * Management (IAM) and Amazon Web Services credentials.</p> <p>This parameter
@@ -243,7 +243,7 @@ namespace Model
      * <code>PUBLIC_ENDPOINT</code>. If the external key store proxy uses a Amazon VPC
      * endpoint service for communication with KMS, specify
      * <code>VPC_ENDPOINT_SERVICE</code>. For help making this choice, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity">Choosing
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/choose-xks-connectivity.html">Choosing
      * a connectivity option</a> in the <i>Key Management Service Developer
      * Guide</i>.</p> <p>An Amazon VPC endpoint service keeps your communication with
      * KMS in a private address space entirely within Amazon Web Services, but it

generated/src/aws-cpp-sdk-kms/include/aws/kms/model/CreateCustomKeyStoreRequest.h

@@ -87,7 +87,7 @@ namespace Model
      * <p>The grant determines the retiring principal. Other principals might have
      * permission to retire the grant or revoke the grant. For details, see
      * <a>RevokeGrant</a> and <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-delete.html">Retiring
      * and revoking grants</a> in the <i>Key Management Service Developer Guide</i>.
      * </p>
      */
@@ -164,7 +164,7 @@ namespace Model
      * consistency</i>. For more information, see <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant
      * token</a> and <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using
      * a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline const Aws::Vector<Aws::String>& GetGrantTokens() const { return m_grantTokens; }
@@ -206,8 +206,8 @@ namespace Model
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional
      * parameter. </p> <p>To learn more about how to use this parameter, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing
-     * your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing
+     * your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline bool GetDryRun() const { return m_dryRun; }
     inline bool DryRunHasBeenSet() const { return m_dryRunHasBeenSet; }

generated/src/aws-cpp-sdk-kms/include/aws/kms/model/CreateGrantRequest.h

@@ -39,7 +39,7 @@ namespace Model
      * consistency</i>. For more information, see <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant
      * token</a> and <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using
      * a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline const Aws::String& GetGrantToken() const { return m_grantToken; }

generated/src/aws-cpp-sdk-kms/include/aws/kms/model/CreateGrantResult.h

@@ -56,12 +56,21 @@ namespace Model
      * principal might not be immediately visible to KMS. For more information, see <a
      * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency">Changes
      * that I make are not always immediately visible</a> in the <i>Amazon Web Services
-     * Identity and Access Management User Guide</i>.</p> </li> </ul> <p>If you do not
-     * provide a key policy, KMS attaches a default key policy to the KMS key. For more
-     * information, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default">Default
-     * key policy</a> in the <i>Key Management Service Developer Guide</i>. </p> <p>The
-     * key policy size quota is 32 kilobytes (32768 bytes).</p> <p>For help writing and
+     * Identity and Access Management User Guide</i>.</p> </li> </ul>  <p>If
+     * either of the required <code>Resource</code> or <code>Action</code> elements are
+     * missing from a key policy statement, the policy statement has no effect. When a
+     * key policy statement is missing one of these elements, the KMS console correctly
+     * reports an error, but the <code>CreateKey</code> and <code>PutKeyPolicy</code>
+     * API requests succeed, even though the policy statement is ineffective.</p>
+     * <p>For more information on required key policy elements, see <a
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html#key-policy-elements">Elements
+     * in a key policy</a> in the <i>Key Management Service Developer Guide</i>.</p>
+     *  <p>If you do not provide a key policy, KMS attaches a default key policy
+     * to the KMS key. For more information, see <a
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html">Default
+     * key policy</a> in the <i>Key Management Service Developer Guide</i>. </p> 
+     * <p>If the key policy exceeds the length constraint, KMS returns a
+     * <code>LimitExceededException</code>.</p>  <p>For help writing and
      * formatting a JSON policy document, see the <a
      * href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM
      * JSON Policy Reference</a> in the <i> <i>Identity and Access Management User
@@ -95,7 +104,7 @@ namespace Model
     ///@{
     /**
      * <p>Determines the <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations">cryptographic
      * operations</a> for which you can use the KMS key. The default value is
      * <code>ENCRYPT_DECRYPT</code>. This parameter is optional when you are creating a
      * symmetric encryption KMS key; otherwise, it is required. You can't change the
@@ -123,28 +132,29 @@ namespace Model
      * <p>Specifies the type of KMS key to create. The default value,
      * <code>SYMMETRIC_DEFAULT</code>, creates a KMS key with a 256-bit AES-GCM key
      * that is used for encryption and decryption, except in China Regions, where it
-     * creates a 128-bit symmetric key that uses SM4 encryption. For help choosing a
-     * key spec for your KMS key, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose">Choosing
-     * a KMS key type</a> in the <i> <i>Key Management Service Developer Guide</i>
+     * creates a 128-bit symmetric key that uses SM4 encryption. For a detailed
+     * description of all supported key specs, see <a
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose-key-spec.html">Key
+     * spec reference</a> in the <i> <i>Key Management Service Developer Guide</i>
      * </i>.</p> <p>The <code>KeySpec</code> determines whether the KMS key contains a
      * symmetric key or an asymmetric key pair. It also determines the algorithms that
      * the KMS key supports. You can't change the <code>KeySpec</code> after the KMS
      * key is created. To further restrict the algorithms that can be used with the KMS
      * key, use a condition key in its key policy or IAM policy. For more information,
      * see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm">kms:EncryptionAlgorithm</a>,
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-algorithm">kms:EncryptionAlgorithm</a>,
      * <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm">kms:MacAlgorithm</a>
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-mac-algorithm">kms:MacAlgorithm</a>,
+     * <a
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-agreement-algorithm">kms:KeyAgreementAlgorithm</a>,
      * or <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm">kms:Signing
-     * Algorithm</a> in the <i> <i>Key Management Service Developer Guide</i> </i>.</p>
-     *  <p> <a
-     * href="http://aws.amazon.com/kms/features/#AWS_Service_Integration">Amazon Web
-     * Services services that are integrated with KMS</a> use symmetric encryption KMS
-     * keys to protect your data. These services do not support asymmetric KMS keys or
-     * HMAC KMS keys.</p>  <p>KMS supports the following key specs for KMS
-     * keys:</p> <ul> <li> <p>Symmetric encryption key (default)</p> <ul> <li> <p>
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-signing-algorithm">kms:SigningAlgorithm</a>
+     * in the <i> <i>Key Management Service Developer Guide</i> </i>.</p> 
+     * <p> <a href="http://aws.amazon.com/kms/features/#AWS_Service_Integration">Amazon
+     * Web Services services that are integrated with KMS</a> use symmetric encryption
+     * KMS keys to protect your data. These services do not support asymmetric KMS keys
+     * or HMAC KMS keys.</p>  <p>KMS supports the following key specs for
+     * KMS keys:</p> <ul> <li> <p>Symmetric encryption key (default)</p> <ul> <li> <p>
      * <code>SYMMETRIC_DEFAULT</code> </p> </li> </ul> </li> <li> <p>HMAC keys
      * (symmetric)</p> <ul> <li> <p> <code>HMAC_224</code> </p> </li> <li> <p>
      * <code>HMAC_256</code> </p> </li> <li> <p> <code>HMAC_384</code> </p> </li> <li>
@@ -203,7 +213,7 @@ namespace Model
     ///@{
     /**
      * <p>Creates the KMS key in the specified <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom
      * key store</a>. The <code>ConnectionState</code> of the custom key store must be
      * <code>CONNECTED</code>. To find the CustomKeyStoreID and ConnectionState use the
      * <a>DescribeCustomKeyStores</a> operation.</p> <p>This parameter is valid only
@@ -263,8 +273,8 @@ namespace Model
      * to an Amazon Web Services resource, Amazon Web Services generates a cost
      * allocation report with usage and costs aggregated by tags. Tags can also be used
      * to control access to a KMS key. For details, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging
-     * Keys</a>.</p>
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tags
+     * in KMS</a>.</p>
      */
     inline const Aws::Vector<Tag>& GetTags() const { return m_tags; }
     inline bool TagsHasBeenSet() const { return m_tagsHasBeenSet; }
@@ -322,7 +332,7 @@ namespace Model
      * <code>CustomKeyStoreId</code> parameter. This key must be enabled and configured
      * to perform encryption and decryption. Each KMS key in an external key store must
      * use a different external key. For details, see <a
-     * href="https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements">Requirements
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html#xks-key-requirements">Requirements
      * for a KMS key in an external key store</a> in the <i>Key Management Service
      * Developer Guide</i>.</p> <p>Each KMS key in an external key store is associated
      * two backing keys. One is key material that KMS generates. The other is the

generated/src/aws-cpp-sdk-kms/include/aws/kms/model/CreateKeyRequest.h

@@ -55,7 +55,7 @@ namespace Model
     /**
      * <p>Specifies the encryption context to use when decrypting the data. An
      * encryption context is valid only for <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations">cryptographic
      * operations</a> with a symmetric encryption KMS key. The standard asymmetric
      * encryption algorithms and HMAC algorithms that KMS uses do not support an
      * encryption context.</p> <p>An <i>encryption context</i> is a collection of
@@ -65,7 +65,7 @@ namespace Model
      * encryption context is supported only on operations with symmetric encryption KMS
      * keys. On operations with symmetric encryption KMS keys, an encryption context is
      * optional, but it is strongly recommended.</p> <p>For more information, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">Encryption
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">Encryption
      * context</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline const Aws::Map<Aws::String, Aws::String>& GetEncryptionContext() const { return m_encryptionContext; }
@@ -87,7 +87,7 @@ namespace Model
      * consistency</i>. For more information, see <a
      * href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">Grant
      * token</a> and <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using
      * a grant token</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline const Aws::Vector<Aws::String>& GetGrantTokens() const { return m_grantTokens; }
@@ -180,8 +180,8 @@ namespace Model
     /**
      * <p>Checks if your request will succeed. <code>DryRun</code> is an optional
      * parameter. </p> <p>To learn more about how to use this parameter, see <a
-     * href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html">Testing
-     * your KMS API calls</a> in the <i>Key Management Service Developer Guide</i>.</p>
+     * href="https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html">Testing
+     * your permissions</a> in the <i>Key Management Service Developer Guide</i>.</p>
      */
     inline bool GetDryRun() const { return m_dryRun; }
     inline bool DryRunHasBeenSet() const { return m_dryRunHasBeenSet; }