Merge branch 'release-1.42.64' into develop

* release-1.42.64:
  Bumping version to 1.42.64
  Update to latest models

Author: aws-sdk-python-automation

.changes/1.42.64.json

@@ -0,0 +1,22 @@
+[
+  {
+    "category": "``iam``",
+    "description": "Added support for CloudWatch Logs long-term API keys, currently available in Preview",
+    "type": "api-change"
+  },
+  {
+    "category": "``mgn``",
+    "description": "Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfiguration",
+    "type": "api-change"
+  },
+  {
+    "category": "``opensearch``",
+    "description": "This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data.",
+    "type": "api-change"
+  },
+  {
+    "category": "``route53globalresolver``",
+    "description": "Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection.",
+    "type": "api-change"
+  }
+]

CHANGELOG.rst

@@ -2,6 +2,15 @@
 CHANGELOG
 =========
 
+1.42.64
+=======
+
+* api-change:``iam``: Added support for CloudWatch Logs long-term API keys, currently available in Preview
+* api-change:``mgn``: Adds support for new storeSnapshotOnLocalZone field in ReplicationConfiguration and updateReplicationConfiguration
+* api-change:``opensearch``: This change enables cross-account and cross-region access for DataSources. Customers can now define access policies on their datasources to allow other AWS accounts to access and query their data.
+* api-change:``route53globalresolver``: Adds support for dual stack Global Resolvers and Dictionary-based Domain Generation Firewall Advanced Protection.
+
+
 1.42.63
 =======
 

botocore/__init__.py

@@ -17,7 +17,7 @@
 import re
 from logging import NullHandler
 
-__version__ = '1.42.63'
+__version__ = '1.42.64'
 
 
 # Configure default logger to do nothing

botocore/data/iam/2010-05-08/service-2.json

@@ -406,7 +406,7 @@
         {"shape":"NoSuchEntityException"},
         {"shape":"ServiceNotSupportedException"}
       ],
-      "documentation":"<p>Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service. </p> <p>You can have a maximum of two sets of service-specific credentials for each supported service per user.</p> <p>You can create service-specific credentials for Amazon Bedrock, CodeCommit and Amazon Keyspaces (for Apache Cassandra).</p> <p>You can reset the password to a new service-generated value by calling <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html\">ResetServiceSpecificCredential</a>.</p> <p>For more information about service-specific credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html\">Service-specific credentials for IAM users</a> in the <i>IAM User Guide</i>.</p>"
+      "documentation":"<p>Generates a set of credentials consisting of a user name and password that can be used to access the service specified in the request. These credentials are generated by IAM, and can be used only for the specified service. </p> <p>You can have a maximum of two sets of service-specific credentials for each supported service per user.</p> <p>You can create service-specific credentials for Amazon Bedrock, Amazon CloudWatch Logs, CodeCommit and Amazon Keyspaces (for Apache Cassandra).</p> <p>You can reset the password to a new service-generated value by calling <a href=\"https://docs.aws.amazon.com/IAM/latest/APIReference/API_ResetServiceSpecificCredential.html\">ResetServiceSpecificCredential</a>.</p> <p>For more information about service-specific credentials, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_bedrock.html\">Service-specific credentials for IAM users</a> in the <i>IAM User Guide</i>.</p>"
     },
     "CreateUser":{
       "name":"CreateUser",
@@ -3725,7 +3725,7 @@
         },
         "CredentialAgeDays":{
           "shape":"credentialAgeDays",
-          "documentation":"<p>The number of days until the service specific credential expires. This field is only valid for Bedrock API keys and must be a positive integer. When not specified, the credential will not expire.</p>"
+          "documentation":"<p>The number of days until the service specific credential expires. This field is only valid for Bedrock and CloudWatch Logs API keys and must be a positive integer. When not specified, the credential will not expire.</p>"
         }
       }
     },
@@ -3892,7 +3892,7 @@
         },
         "RolePermissionRestrictionArns":{
           "shape":"rolePermissionRestrictionArnListType",
-          "documentation":"<p>If the <code>PermissionPolicy</code> includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See <a href=\"IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions boundaries for IAM entities</a> for more details about IAM permission boundaries. </p>"
+          "documentation":"<p>If the <code>PermissionPolicy</code> includes role creation permissions, this element will include the list of permissions boundary policies associated with the role creation. See <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html\">Permissions boundaries for IAM entities</a> for more details about IAM permission boundaries. </p>"
         },
         "OwnerId":{
           "shape":"ownerIdType",
@@ -3901,11 +3901,11 @@
         "ApproverId":{"shape":"arnType"},
         "State":{
           "shape":"stateType",
-          "documentation":"<p>The state of this delegation request.</p> <p>See the <a href=\"IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for an explanation of how these states are transitioned.</p>"
+          "documentation":"<p>The state of this delegation request.</p> <p>See the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for an explanation of how these states are transitioned. </p>"
         },
         "ExpirationTime":{
           "shape":"dateType",
-          "documentation":"<p>The expiry time of this delegation request</p> <p>See the <a href=\"IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for details on the life time of a delegation request at each state.</p>"
+          "documentation":"<p>The expiry time of this delegation request</p> <p>See the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/temporary-delegation-building-integration.html#temporary-delegation-request-lifecycle\">Understanding the Request Lifecycle</a> for details on the life time of a delegation request at each state.</p>"
         },
         "RequestorId":{
           "shape":"accountIdType",
@@ -8337,7 +8337,7 @@
         },
         "ExpirationDate":{
           "shape":"dateType",
-          "documentation":"<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.</p>"
+          "documentation":"<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys and CloudWatch Logs API keys that were created with an expiration period.</p>"
         },
         "ServiceName":{
           "shape":"serviceName",
@@ -8353,11 +8353,11 @@
         },
         "ServiceCredentialAlias":{
           "shape":"serviceCredentialAlias",
-          "documentation":"<p>For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>"
+          "documentation":"<p>For Bedrock API keys and CloudWatch Logs API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>"
         },
         "ServiceCredentialSecret":{
           "shape":"serviceCredentialSecret",
-          "documentation":"<p>For Bedrock API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.</p>"
+          "documentation":"<p>For Bedrock API keys and CloudWatch Logs API keys, this is the secret portion of the credential that should be used to authenticate API calls. This value is returned only when the credential is created.</p>"
         },
         "ServiceSpecificCredentialId":{
           "shape":"serviceSpecificCredentialId",
@@ -8398,15 +8398,15 @@
         },
         "ServiceCredentialAlias":{
           "shape":"serviceCredentialAlias",
-          "documentation":"<p>For Bedrock API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>"
+          "documentation":"<p>For Bedrock API keys and CloudWatch Logs API keys, this is the public portion of the credential that includes the IAM user name and a suffix containing version and creation information.</p>"
         },
         "CreateDate":{
           "shape":"dateType",
           "documentation":"<p>The date and time, in <a href=\"http://www.iso.org/iso/iso8601\">ISO 8601 date-time format</a>, when the service-specific credential were created.</p>"
         },
         "ExpirationDate":{
           "shape":"dateType",
-          "documentation":"<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys that were created with an expiration period.</p>"
+          "documentation":"<p>The date and time when the service specific credential expires. This field is only present for Bedrock API keys and CloudWatch Logs API keys that were created with an expiration period.</p>"
         },
         "ServiceSpecificCredentialId":{
           "shape":"serviceSpecificCredentialId",

botocore/data/mgn/2020-02-26/service-2.json

@@ -1842,6 +1842,10 @@
         "internetProtocol":{
           "shape":"InternetProtocol",
           "documentation":"<p>Request to configure the internet protocol to IPv4 or IPv6.</p>"
+        },
+        "storeSnapshotOnLocalZone":{
+          "shape":"Boolean",
+          "documentation":"<p>Request to store snapshot on local zone during Replication Settings template creation.</p>"
         }
       }
     },
@@ -4419,6 +4423,10 @@
         "internetProtocol":{
           "shape":"InternetProtocol",
           "documentation":"<p>Replication Configuration internet protocol.</p>"
+        },
+        "storeSnapshotOnLocalZone":{
+          "shape":"Boolean",
+          "documentation":"<p>Replication Configuration store snapshot on local zone.</p>"
         }
       }
     },
@@ -4560,6 +4568,10 @@
         "internetProtocol":{
           "shape":"InternetProtocol",
           "documentation":"<p>Replication Configuration template internet protocol.</p>"
+        },
+        "storeSnapshotOnLocalZone":{
+          "shape":"Boolean",
+          "documentation":"<p>Replication Configuration template store snapshot on local zone.</p>"
         }
       }
     },
@@ -5711,6 +5723,10 @@
         "internetProtocol":{
           "shape":"InternetProtocol",
           "documentation":"<p>Update replication configuration internet protocol.</p>"
+        },
+        "storeSnapshotOnLocalZone":{
+          "shape":"Boolean",
+          "documentation":"<p>Update replication configuration store snapshot on local zone.</p>"
         }
       }
     },
@@ -5781,6 +5797,10 @@
         "internetProtocol":{
           "shape":"InternetProtocol",
           "documentation":"<p>Update replication configuration template internet protocol request.</p>"
+        },
+        "storeSnapshotOnLocalZone":{
+          "shape":"Boolean",
+          "documentation":"<p>Update replication configuration template store snapshot on local zone request.</p>"
         }
       }
     },

botocore/data/opensearch/2021-01-01/service-2.json

@@ -1276,7 +1276,8 @@
         {"shape":"InternalException"},
         {"shape":"ResourceNotFoundException"},
         {"shape":"ValidationException"},
-        {"shape":"DisabledOperationException"}
+        {"shape":"DisabledOperationException"},
+        {"shape":"LimitExceededException"}
       ],
       "documentation":"<p> Updates the configuration or properties of an existing direct query data source in Amazon OpenSearch Service. </p>"
     },
@@ -1628,6 +1629,10 @@
           "shape":"DirectQueryOpenSearchARNList",
           "documentation":"<p> A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source. </p>"
         },
+        "DataSourceAccessPolicy":{
+          "shape":"PolicyDocument",
+          "documentation":"<p> An optional IAM access policy document that defines the permissions for accessing the data source. The policy document must be in valid JSON format and follow IAM policy syntax.</p>"
+        },
         "TagList":{"shape":"TagList"}
       }
     },
@@ -3019,6 +3024,10 @@
         "dataSourceDescription":{
           "shape":"DataSourceDescription",
           "documentation":"<p>Detailed description of a data source.</p>"
+        },
+        "iamRoleForDataSourceArn":{
+          "shape":"RoleArn",
+          "documentation":"<p>The ARN of the IAM role to be used for cross account/region data source association.</p>"
         }
       },
       "documentation":"<p>Data sources that are associated with an OpenSearch application. </p>"
@@ -4955,6 +4964,10 @@
           "shape":"DirectQueryOpenSearchARNList",
           "documentation":"<p> A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source. </p>"
         },
+        "DataSourceAccessPolicy":{
+          "shape":"PolicyDocument",
+          "documentation":"<p> The IAM access policy document that defines the permissions for accessing the direct query data source. Returns the current policy configuration in JSON format, or null if no custom policy is configured. </p>"
+        },
         "DataSourceArn":{
           "shape":"String",
           "documentation":"<p> The unique, system-generated identifier that represents the data source. </p>"
@@ -8057,6 +8070,10 @@
         "OpenSearchArns":{
           "shape":"DirectQueryOpenSearchARNList",
           "documentation":"<p> A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source. </p>"
+        },
+        "DataSourceAccessPolicy":{
+          "shape":"PolicyDocument",
+          "documentation":"<p> An optional IAM access policy document that defines the updated permissions for accessing the direct query data source. The policy document must be in valid JSON format and follow IAM policy syntax. If not specified, the existing access policy if present remains unchanged. </p>"
         }
       }
     },