feat(client-ssm): This release adds support for sharing Systems Manager parameters with other AWS accounts.

Author: awstools

clients/client-ssm/src/commands/DeleteResourcePolicyCommand.ts

@@ -28,10 +28,22 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
 
 /**
  * @public
- * <p>Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently,
- *     <code>OpsItemGroup</code> is the only resource that supports Systems Manager resource policies. The
- *    resource policy for <code>OpsItemGroup</code> enables Amazon Web Services accounts to view and interact with
- *    OpsCenter operational work items (OpsItems).</p>
+ * <p>Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following
+ *    resources support Systems Manager resource policies.</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>OpsItemGroup</code> - The resource policy for <code>OpsItemGroup</code> enables
+ *      Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>Parameter</code> - The resource policy is used to share a parameter with other
+ *      accounts using Resource Access Manager (RAM). For more information about
+ *      cross-account sharing of parameters, see <a href="systems-manager/latest/userguide/parameter-store-shared-parameters.html">Working with
+ *       shared parameters</a> in the <i>Amazon Web Services Systems Manager User Guide</i>.</p>
+ *             </li>
+ *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -58,6 +70,13 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
  * @throws {@link InternalServerError} (server fault)
  *  <p>An error occurred on the server side.</p>
  *
+ * @throws {@link MalformedResourcePolicyDocumentException} (client fault)
+ *  <p>The specified policy document is malformed or invalid, or excessive
+ *     <code>PutResourcePolicy</code> or <code>DeleteResourcePolicy</code> calls have been made.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified parameter to be shared could not be found.</p>
+ *
  * @throws {@link ResourcePolicyConflictException} (client fault)
  *  <p>The hash provided in the call doesn't match the stored hash. This exception is thrown when
  *    trying to update an obsolete policy version or when multiple requests to update a policy are
@@ -67,6 +86,9 @@ export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyR
  *  <p>One or more parameters specified for the call aren't valid. Verify the parameters and their
  *    values and try again.</p>
  *
+ * @throws {@link ResourcePolicyNotFoundException} (client fault)
+ *  <p>No policies with the specified policy ID and hash could be found.</p>
+ *
  * @throws {@link SSMServiceException}
  * <p>Base exception class for all service exceptions from SSM service.</p>
  *

clients/client-ssm/src/commands/DescribeParametersCommand.ts

@@ -28,16 +28,17 @@ export interface DescribeParametersCommandOutput extends DescribeParametersResul
 
 /**
  * @public
- * <p>Get information about a parameter.</p>
+ * <p>Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable
+ *    the <a href="https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html#systemsmanager-DescribeParameters-request-Shared">Shared</a> option.</p>
  *          <p>Request results are returned on a best-effort basis. If you specify <code>MaxResults</code>
  *    in the request, the response includes information up to the limit specified. The number of items
  *    returned, however, can be between zero and the value of <code>MaxResults</code>. If the service
  *    reaches an internal limit while processing the results, it stops the operation and returns the
  *    matching values up to that point and a <code>NextToken</code>. You can specify the
  *     <code>NextToken</code> in a subsequent call to get the next set of results.</p>
  *          <important>
- *             <p>If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must
- *     also update the key alias the parameter uses to reference KMS. Otherwise,
+ *             <p>If you change the KMS key alias for the KMS key used to encrypt a parameter,
+ *     then you must also update the key alias the parameter uses to reference KMS. Otherwise,
  *      <code>DescribeParameters</code> retrieves whatever the original key alias was
  *     referencing.</p>
  *          </important>
@@ -67,13 +68,15 @@ export interface DescribeParametersCommandOutput extends DescribeParametersResul
  *   ],
  *   MaxResults: Number("int"),
  *   NextToken: "STRING_VALUE",
+ *   Shared: true || false,
  * };
  * const command = new DescribeParametersCommand(input);
  * const response = await client.send(command);
  * // { // DescribeParametersResult
  * //   Parameters: [ // ParameterMetadataList
  * //     { // ParameterMetadata
  * //       Name: "STRING_VALUE",
+ * //       ARN: "STRING_VALUE",
  * //       Type: "String" || "StringList" || "SecureString",
  * //       KeyId: "STRING_VALUE",
  * //       LastModifiedDate: new Date("TIMESTAMP"),

clients/client-ssm/src/commands/GetParameterHistoryCommand.ts

@@ -34,8 +34,8 @@ export interface GetParameterHistoryCommandOutput extends GetParameterHistoryRes
  * @public
  * <p>Retrieves the history of all changes to a parameter.</p>
  *          <important>
- *             <p>If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must
- *     also update the key alias the parameter uses to reference KMS. Otherwise,
+ *             <p>If you change the KMS key alias for the KMS key used to encrypt a parameter,
+ *     then you must also update the key alias the parameter uses to reference KMS. Otherwise,
  *      <code>GetParameterHistory</code> retrieves whatever the original key alias was
  *     referencing.</p>
  *          </important>

clients/client-ssm/src/commands/GetResourcePoliciesCommand.ts

@@ -64,6 +64,9 @@ export interface GetResourcePoliciesCommandOutput extends GetResourcePoliciesRes
  * @throws {@link InternalServerError} (server fault)
  *  <p>An error occurred on the server side.</p>
  *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified parameter to be shared could not be found.</p>
+ *
  * @throws {@link ResourcePolicyInvalidParameterException} (client fault)
  *  <p>One or more parameters specified for the call aren't valid. Verify the parameters and their
  *    values and try again.</p>

clients/client-ssm/src/commands/PutResourcePolicyCommand.ts

@@ -30,9 +30,36 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  * @public
  * <p>Creates or updates a Systems Manager resource policy. A resource policy helps you to define the
  *     IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources.
- *    Currently, <code>OpsItemGroup</code> is the only resource that supports Systems Manager resource policies.
- *    The resource policy for <code>OpsItemGroup</code> enables Amazon Web Services accounts to view and interact
- *    with OpsCenter operational work items (OpsItems).</p>
+ *    The following resources support Systems Manager resource policies.</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>OpsItemGroup</code> - The resource policy for <code>OpsItemGroup</code> enables
+ *      Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>Parameter</code> - The resource policy is used to share a parameter with other
+ *      accounts using Resource Access Manager (RAM). </p>
+ *                <p>To share a parameter, it must be in the advanced parameter tier. For information about
+ *      parameter tiers, see <a href="https://docs.aws.amazon.com/parameter-store-       advanced-parameters.html">Managing parameter tiers</a>. For information about
+ *      changing an existing standard parameter to an advanced parameter, see <a href="https://docs.aws.amazon.com/parameter-store-advanced-parameters.html#parameter-       store-advanced-parameters-enabling">Changing a standard parameter to an advanced
+ *       parameter</a>.</p>
+ *                <p>To share a <code>SecureString</code> parameter, it must be encrypted with a customer managed key, and you must share the key separately through Key Management Service. Amazon Web Services managed keys cannot be shared. Parameters encrypted with the default Amazon Web Services managed key can be updated to use a customer managed key instead. For KMS key definitions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt">KMS concepts</a> in
+ *      the <i>Key Management Service Developer Guide</i>.</p>
+ *                <important>
+ *                   <p>While you can share a parameter using the Systems Manager <code>PutResourcePolicy</code> operation,
+ *       we recommend using Resource Access Manager (RAM) instead. This is because using
+ *        <code>PutResourcePolicy</code> requires the extra step of promoting the parameter to a
+ *       standard RAM Resource Share using the RAM
+ *       <a href="https://docs.aws.amazon.com/ram/latest/APIReference/API_PromoteResourceShareCreatedFromPolicy.html">PromoteResourceShareCreatedFromPolicy</a> API operation. Otherwise, the parameter won't
+ *       be returned by the Systems Manager <a href="https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeParameters.html">DescribeParameters</a> API operation using the <code>--shared</code> option.</p>
+ *                   <p>For more information, see <a href="https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-shared-parameters.html#share">Sharing a
+ *        parameter</a> in the <i>Amazon Web Services Systems Manager User Guide</i>
+ *                   </p>
+ *                </important>
+ *             </li>
+ *          </ul>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -63,6 +90,13 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  * @throws {@link InternalServerError} (server fault)
  *  <p>An error occurred on the server side.</p>
  *
+ * @throws {@link MalformedResourcePolicyDocumentException} (client fault)
+ *  <p>The specified policy document is malformed or invalid, or excessive
+ *     <code>PutResourcePolicy</code> or <code>DeleteResourcePolicy</code> calls have been made.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The specified parameter to be shared could not be found.</p>
+ *
  * @throws {@link ResourcePolicyConflictException} (client fault)
  *  <p>The hash provided in the call doesn't match the stored hash. This exception is thrown when
  *    trying to update an obsolete policy version or when multiple requests to update a policy are
@@ -77,6 +111,9 @@ export interface PutResourcePolicyCommandOutput extends PutResourcePolicyRespons
  *    greater than 1024 bytes in size. And only one policy can be attached to
  *    <code>OpsItemGroup</code>. Verify these limits and try again.</p>
  *
+ * @throws {@link ResourcePolicyNotFoundException} (client fault)
+ *  <p>No policies with the specified policy ID and hash could be found.</p>
+ *
  * @throws {@link SSMServiceException}
  * <p>Base exception class for all service exceptions from SSM service.</p>
  *

clients/client-ssm/src/commands/StopAutomationExecutionCommand.ts

@@ -5,7 +5,7 @@ import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
-import { StopAutomationExecutionRequest, StopAutomationExecutionResult } from "../models/models_1";
+import { StopAutomationExecutionRequest, StopAutomationExecutionResult } from "../models/models_2";
 import { de_StopAutomationExecutionCommand, se_StopAutomationExecutionCommand } from "../protocols/Aws_json1_1";
 import { ServiceInputTypes, ServiceOutputTypes, SSMClientResolvedConfig } from "../SSMClient";
 

clients/client-ssm/src/commands/TerminateSessionCommand.ts

@@ -5,8 +5,7 @@ import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
-import { TerminateSessionRequest } from "../models/models_1";
-import { TerminateSessionResponse } from "../models/models_2";
+import { TerminateSessionRequest, TerminateSessionResponse } from "../models/models_2";
 import { de_TerminateSessionCommand, se_TerminateSessionCommand } from "../protocols/Aws_json1_1";
 import { ServiceInputTypes, ServiceOutputTypes, SSMClientResolvedConfig } from "../SSMClient";
 

clients/client-ssm/src/models/models_0.ts

@@ -2269,8 +2269,8 @@ export interface DocumentRequires {
   /**
    * @public
    * <p>An optional field specifying the version of the artifact associated with the document. For
-   *    example, 12.6. This value is unique across all versions of a document, and
-   *    can't be changed.</p>
+   *    example, 12.6. This value is unique across all versions of a document, and can't be
+   *    changed.</p>
    */
   VersionName?: string;
 }
@@ -4650,6 +4650,10 @@ export interface DeleteParameterRequest {
   /**
    * @public
    * <p>The name of the parameter to delete.</p>
+   *          <note>
+   *             <p>You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name
+   *     itself.</p>
+   *          </note>
    */
   Name: string | undefined;
 }
@@ -4687,6 +4691,10 @@ export interface DeleteParametersRequest {
    * @public
    * <p>The names of the parameters to delete. After deleting a parameter, wait for at least 30
    *    seconds to create a parameter with the same name.</p>
+   *          <note>
+   *             <p>You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name
+   *     itself.</p>
+   *          </note>
    */
   Names: string[] | undefined;
 }
@@ -4830,6 +4838,51 @@ export interface DeleteResourcePolicyRequest {
  */
 export interface DeleteResourcePolicyResponse {}
 
+/**
+ * @public
+ * <p>The specified policy document is malformed or invalid, or excessive
+ *     <code>PutResourcePolicy</code> or <code>DeleteResourcePolicy</code> calls have been made.</p>
+ */
+export class MalformedResourcePolicyDocumentException extends __BaseException {
+  readonly name: "MalformedResourcePolicyDocumentException" = "MalformedResourcePolicyDocumentException";
+  readonly $fault: "client" = "client";
+  Message?: string;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<MalformedResourcePolicyDocumentException, __BaseException>) {
+    super({
+      name: "MalformedResourcePolicyDocumentException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, MalformedResourcePolicyDocumentException.prototype);
+    this.Message = opts.Message;
+  }
+}
+
+/**
+ * @public
+ * <p>The specified parameter to be shared could not be found.</p>
+ */
+export class ResourceNotFoundException extends __BaseException {
+  readonly name: "ResourceNotFoundException" = "ResourceNotFoundException";
+  readonly $fault: "client" = "client";
+  Message?: string;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<ResourceNotFoundException, __BaseException>) {
+    super({
+      name: "ResourceNotFoundException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, ResourceNotFoundException.prototype);
+    this.Message = opts.Message;
+  }
+}
+
 /**
  * @public
  * <p>The hash provided in the call doesn't match the stored hash. This exception is thrown when
@@ -4879,6 +4932,28 @@ export class ResourcePolicyInvalidParameterException extends __BaseException {
   }
 }
 
+/**
+ * @public
+ * <p>No policies with the specified policy ID and hash could be found.</p>
+ */
+export class ResourcePolicyNotFoundException extends __BaseException {
+  readonly name: "ResourcePolicyNotFoundException" = "ResourcePolicyNotFoundException";
+  readonly $fault: "client" = "client";
+  Message?: string;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<ResourcePolicyNotFoundException, __BaseException>) {
+    super({
+      name: "ResourcePolicyNotFoundException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, ResourcePolicyNotFoundException.prototype);
+    this.Message = opts.Message;
+  }
+}
+
 /**
  * @public
  */
@@ -6862,8 +6937,8 @@ export interface DescribeDocumentRequest {
   /**
    * @public
    * <p>An optional field specifying the version of the artifact associated with the document. For
-   *    example, 12.6. This value is unique across all versions of a document, and
-   *    can't be changed.</p>
+   *    example, 12.6. This value is unique across all versions of a document, and can't be
+   *    changed.</p>
    */
   VersionName?: string;
 }
@@ -9352,66 +9427,6 @@ export interface DescribeMaintenanceWindowTasksRequest {
   NextToken?: string;
 }
 
-/**
- * @public
- * @enum
- */
-export const MaintenanceWindowTaskCutoffBehavior = {
-  CancelTask: "CANCEL_TASK",
-  ContinueTask: "CONTINUE_TASK",
-} as const;
-
-/**
- * @public
- */
-export type MaintenanceWindowTaskCutoffBehavior =
-  (typeof MaintenanceWindowTaskCutoffBehavior)[keyof typeof MaintenanceWindowTaskCutoffBehavior];
-
-/**
- * @public
- * <p>Information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed
- *    node-level logs to.</p>
- *          <note>
- *             <p>
- *                <code>LoggingInfo</code> has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the
- *       <code>OutputS3BucketName</code> and <code>OutputS3KeyPrefix</code> options in the <code>TaskInvocationParameters</code> structure.
- *       For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance
- *       window task types, see <a>MaintenanceWindowTaskInvocationParameters</a>.</p>
- *          </note>
- */
-export interface LoggingInfo {
-  /**
-   * @public
-   * <p>The name of an S3 bucket where execution logs are stored.</p>
-   */
-  S3BucketName: string | undefined;
-
-  /**
-   * @public
-   * <p>(Optional) The S3 bucket subfolder. </p>
-   */
-  S3KeyPrefix?: string;
-
-  /**
-   * @public
-   * <p>The Amazon Web Services Region where the S3 bucket is located.</p>
-   */
-  S3Region: string | undefined;
-}
-
-/**
- * @public
- * <p>Defines the values for a task parameter.</p>
- */
-export interface MaintenanceWindowTaskParameterValueExpression {
-  /**
-   * @public
-   * <p>This field contains an array of 0 or more strings, each 1 to 255 characters in
-   *    length.</p>
-   */
-  Values?: string[];
-}
-
 /**
  * @internal
  */
@@ -9598,13 +9613,3 @@ export const DescribeMaintenanceWindowTargetsResultFilterSensitiveLog = (
   ...obj,
   ...(obj.Targets && { Targets: obj.Targets.map((item) => MaintenanceWindowTargetFilterSensitiveLog(item)) }),
 });
-
-/**
- * @internal
- */
-export const MaintenanceWindowTaskParameterValueExpressionFilterSensitiveLog = (
-  obj: MaintenanceWindowTaskParameterValueExpression
-): any => ({
-  ...obj,
-  ...(obj.Values && { Values: SENSITIVE_STRING }),
-});