Merge branch 'release-1.40.44' into develop

* release-1.40.44:
  Bumping version to 1.40.44
  Update changelog based on model updates
  Merge customizations for KMS

Author: aws-sdk-python-automation

.changes/1.40.44.json

@@ -0,0 +1,42 @@
+[
+  {
+    "category": "``deadline``",
+    "description": "Added fields to track cumulative task retry attempts for steps and jobs",
+    "type": "api-change"
+  },
+  {
+    "category": "``ec2``",
+    "description": "This release adds support for OdbNetworkArn as a target in VPC Route Tables",
+    "type": "api-change"
+  },
+  {
+    "category": "``iot-managed-integrations``",
+    "description": "Adding managed integrations APIs for IoT Device Management to onboard and control devices across different manufacturers, connectivity protocols and third party vendor clouds. APIs include managed thing operations, provisioning profile management, and cloud connector operations.",
+    "type": "api-change"
+  },
+  {
+    "category": "``keyspaces``",
+    "description": "This release provides change data capture (CDC) streams support through updates to the Amazon Keyspaces API.",
+    "type": "api-change"
+  },
+  {
+    "category": "``keyspacesstreams``",
+    "description": "This release adds change data capture (CDC) streams support through the new Amazon Keyspaces Streams API.",
+    "type": "api-change"
+  },
+  {
+    "category": "``kms``",
+    "description": "This release updates AWS CLI examples for KMS APIs.",
+    "type": "api-change"
+  },
+  {
+    "category": "``qbusiness``",
+    "description": "Added support for App level authentication for QBusiness DataAccessor using AWS IAM Identity center Trusted Token issuer",
+    "type": "api-change"
+  },
+  {
+    "category": "``workspaces``",
+    "description": "Updated modifyStreamingProperties to support PrivateLink VPC endpoints for directories",
+    "type": "api-change"
+  }
+]

CHANGELOG.rst

@@ -2,6 +2,19 @@
 CHANGELOG
 =========
 
+1.40.44
+=======
+
+* api-change:``deadline``: Added fields to track cumulative task retry attempts for steps and jobs
+* api-change:``ec2``: This release adds support for OdbNetworkArn as a target in VPC Route Tables
+* api-change:``iot-managed-integrations``: Adding managed integrations APIs for IoT Device Management to onboard and control devices across different manufacturers, connectivity protocols and third party vendor clouds. APIs include managed thing operations, provisioning profile management, and cloud connector operations.
+* api-change:``keyspaces``: This release provides change data capture (CDC) streams support through updates to the Amazon Keyspaces API.
+* api-change:``keyspacesstreams``: This release adds change data capture (CDC) streams support through the new Amazon Keyspaces Streams API.
+* api-change:``kms``: This release updates AWS CLI examples for KMS APIs.
+* api-change:``qbusiness``: Added support for App level authentication for QBusiness DataAccessor using AWS IAM Identity center Trusted Token issuer
+* api-change:``workspaces``: Updated modifyStreamingProperties to support PrivateLink VPC endpoints for directories
+
+
 1.40.43
 =======
 

awscli/__init__.py

@@ -18,7 +18,7 @@
 
 import os
 
-__version__ = '1.40.43'
+__version__ = '1.40.44'
 
 #
 # Get our data path to be added to botocore's search path

awscli/examples/kms/create-key.rst

@@ -17,6 +17,7 @@ Output::
             "AWSAccountId": "111122223333",
             "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
             "CreationDate": "2017-07-05T14:04:55-07:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
             "Description": "",
             "Enabled": true,
@@ -40,7 +41,7 @@ For more information, see `Creating keys <https://docs.aws.amazon.com/kms/latest
 
 **Example 2: To create an asymmetric RSA KMS key for encryption and decryption**
 
-The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. ::
+The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.::
 
     aws kms create-key \
        --key-spec RSA_4096 \
@@ -75,7 +76,7 @@ For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.c
 
 **Example 3: To create an asymmetric elliptic curve KMS key for signing and verification**
 
-To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. ::
+To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.::
 
     aws kms create-key \
         --key-spec ECC_NIST_P521 \
@@ -105,10 +106,43 @@ Output::
     }
 
 
-For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.   
+For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
+
+**Example 4: To create an asymmetric ML-DSA KMS key for signing and verification**
+
+This example creates a module-lattice digital signature algorithm (ML-DSA) key for signing and verification. The key-usage parameter is required even though ``SIGN_VERIFY`` is the only valid value for ML-DSA keys. ::
+
+    aws kms create-key \
+        --key-spec ML_DSA_65 \
+        --key-usage SIGN_VERIFY
+
+Output::
+
+    {
+        "KeyMetadata": {
+            "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+            "AWSAccountId": "111122223333",
+            "CreationDate": "2019-12-02T07:48:55-07:00",
+            "Description": "",
+            "Enabled": true,
+            "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+            "KeyManager": "CUSTOMER",
+            "KeySpec": "ML_DSA_65",
+            "KeyState": "Enabled",
+            "KeyUsage": "SIGN_VERIFY",
+            "MultiRegion": false,
+            "Origin": "AWS_KMS",
+            "SigningAlgorithms": [
+                "ML_DSA_SHAKE_256"
+            ]
+        }
+    }
+
+
+For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
 
 
-**Example 4: To create an HMAC KMS key**
+**Example 5: To create an HMAC KMS key**
 
 The following ``create-key`` example creates a 384-bit HMAC KMS key. The ``GENERATE_VERIFY_MAC`` value for the ``--key-usage`` parameter is required even though it's the only valid value for HMAC KMS keys. ::
 
@@ -142,7 +176,7 @@ Output::
 For more information, see `HMAC keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html>`__ in the *AWS Key Management Service Developer Guide*.  
 
 
-**Example 4: To create a multi-Region primary KMS key**
+**Example 6: To create a multi-Region primary KMS key**
 
 The following ``create-key`` example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the ``--multi-region`` parameter is required for this KMS key. In the AWS CLI, to indicate that a Boolean parameter is true, just specify the parameter name. ::
 
@@ -156,6 +190,7 @@ Output::
             "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
             "AWSAccountId": "111122223333",
             "CreationDate": "2021-09-02T016:15:21-09:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
             "Description": "",
             "Enabled": true,
@@ -183,7 +218,7 @@ Output::
 For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.  
 
 
-**Example 5: To create a KMS key for imported key material**
+**Example 7: To create a KMS key for imported key material**
 
 The following ``create-key`` example creates a creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the ``--origin`` parameter to ``EXTERNAL``. ::
 
@@ -253,7 +288,7 @@ Output::
 For more information, see `AWS CloudHSM key stores <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html>`__ in the *AWS Key Management Service Developer Guide*. 
 
 
-**Example 7: To create a KMS key in an external key store**
+**Example 8: To create a KMS key in an external key store**
 
 The following ``create-key`` example creates a creates a KMS key in the specified external key store. The ``--custom-key-store-id``, ``--origin``, and ``--xks-key-id`` parameters are required in this command. 
 

awscli/examples/kms/delete-imported-key-material.rst

@@ -5,6 +5,12 @@ The following ``delete-imported-key-material`` example deletes key material that
     aws kms delete-imported-key-material \
        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab
 
-This command produces no output. To verify that the key material is deleted, use the ``describe-key`` command to look for a key state of ``PendingImport`` or ``PendingDeletion``.
 
-For more information, see `Deleting imported key material<https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-delete-key-material.html>`__ in the *AWS Key Management Service Developer Guide*.
+Output::
+
+    {
+        "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
+    }
+
+For more information, see `Deleting imported key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-delete-key-material.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/describe-key.rst

@@ -14,6 +14,7 @@ Output::
             "AWSAccountId": "846764612917",
             "KeyId": "b8a9477d-836c-491f-857e-07937918959b",
             "Arn": "arn:aws:kms:us-west-2:846764612917:key/b8a9477d-836c-491f-857e-07937918959b",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CreationDate": 2017-06-30T21:44:32.140000+00:00,
             "Enabled": true,
             "Description": "Default KMS key that protects my S3 objects when no other key is defined",
@@ -80,6 +81,7 @@ Output::
             "AWSAccountId": "111122223333",
             "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
             "CreationDate": "2021-06-28T21:09:16.114000+00:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "Description": "",
             "Enabled": true,
             "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab",

awscli/examples/kms/disable-key.rst

@@ -1,6 +1,6 @@
 **To temporarily disable a KMS key**
 
-The following example uses the ``disable-key`` command to disable a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. ::
+The following ``disable-key`` command disables a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. ::
 
     aws kms disable-key \
         --key-id 1234abcd-12ab-34cd-56ef-1234567890ab

awscli/examples/kms/generate-data-key-pair-without-plaintext.rst

@@ -20,6 +20,7 @@ Output::
         "PrivateKeyCiphertextBlob": "AQIDAHi6LtupRpdKl2aJTzkK6FbhOtQkMlQJJH3PdtHvS/y+hAFFxmiD134doUDzMGmfCEtcAAAHaTCCB2UGCSqGSIb3DQEHBqCCB1...",
         "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...",
         "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
         "KeyPairSpec": "ECC_NIST_P384"
     }
 

awscli/examples/kms/generate-data-key-pair.rst

@@ -19,6 +19,7 @@ Output::
         "PrivateKeyPlaintext": "MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDcDd4YzI+u9Kfv4t2UkTWhShBXkekS4cBVt07I0P42ZgMf+YvU5IgS4ut...",
         "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...",
         "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
         "KeyPairSpec": "RSA_2048"
     }
 

awscli/examples/kms/generate-data-key-without-plaintext.rst

@@ -14,7 +14,8 @@ Output::
 
     {
         "CiphertextBlob": "AQEDAHjRYf5WytIc0C857tFSnBaPn2F8DgfmThbJlGfR8P3WlwAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEFogL",
-        "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+        "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
     }
 
 The ``CiphertextBlob`` (encrypted data key) is returned in base64-encoded format.