Amazon Macie 2 Update: This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs.

AWS · AWS · commit 64f0c84a2b66 · 2021-06-08T18:05:10.000Z
diff --git a/.changes/next-release/feature-AmazonMacie2-3a47601.json b/.changes/next-release/feature-AmazonMacie2-3a47601.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon Macie 2",
+    "contributor": "",
+    "description": "This release of the Amazon Macie API introduces stricter validation of S3 object criteria for classification jobs."
+}
diff --git a/services/macie2/src/main/resources/codegen-resources/service-2.json b/services/macie2/src/main/resources/codegen-resources/service-2.json
@@ -5277,15 +5277,15 @@
           "documentation": "<p>A tag-based condition that defines the operator and tag keys or tag key and value pairs for including or excluding objects from the job.</p>"
         }
       },
-      "documentation": "<p>Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job.</p>"
+      "documentation": "<p>Specifies a property- or tag-based condition that defines criteria for including or excluding S3 objects from a classification job. A JobScopeTerm object can contain only one simpleScopeTerm object or one tagScopeTerm object.</p>"
     },
     "JobScopingBlock": {
       "type": "structure",
       "members": {
         "and": {
           "shape": "__listOfJobScopeTerm",
           "locationName": "and",
-          "documentation": "<p>An array of conditions, one for each condition that determines which objects to include or exclude from the job. If you specify more than one condition, Amazon Macie uses AND logic to join the conditions.</p>"
+          "documentation": "<p>An array of conditions, one for each property- or tag-based condition that determines which objects to include or exclude from the job. If you specify more than one condition, Amazon Macie uses AND logic to join the conditions.</p>"
         }
       },
       "documentation": "<p>Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job.</p>"
@@ -5773,7 +5773,7 @@
         "classifiableSizeInBytes": {
           "shape": "__long",
           "locationName": "classifiableSizeInBytes",
-          "documentation": "<p>The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.</p><p>If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.</p>"
+          "documentation": "<p>The total storage size, in bytes, of the objects that Amazon Macie can analyze in the bucket. These objects use a supported storage class and have a file name extension for a supported file or storage format.</p> <p>If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.</p>"
         },
         "jobDetails": {
           "shape": "JobDetails",
@@ -5793,12 +5793,12 @@
         "sizeInBytes": {
           "shape": "__long",
           "locationName": "sizeInBytes",
-          "documentation": "<p>The total storage size, in bytes, of the bucket.</p><p>If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each object in the bucket. This value doesn't reflect the storage size of all versions of each object in the bucket.</p>"
+          "documentation": "<p>The total storage size, in bytes, of the bucket.</p> <p>If versioning is enabled for the bucket, Amazon Macie calculates this value based on the size of the latest version of each object in the bucket. This value doesn't reflect the storage size of all versions of each object in the bucket.</p>"
         },
         "sizeInBytesCompressed": {
           "shape": "__long",
           "locationName": "sizeInBytesCompressed",
-          "documentation": "<p>The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the bucket.</p><p>If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.</p>"
+          "documentation": "<p>The total storage size, in bytes, of the objects that are compressed (.gz, .gzip, .zip) files in the bucket.</p> <p>If versioning is enabled for the bucket, Macie calculates this value based on the size of the latest version of each applicable object in the bucket. This value doesn't reflect the storage size of all versions of each applicable object in the bucket.</p>"
         },
         "unclassifiableObjectCount": {
           "shape": "ObjectLevelStatistics",
@@ -5959,20 +5959,20 @@
         "offsetRanges": {
           "shape": "Ranges",
           "locationName": "offsetRanges",
-          "documentation": "<p>An array of objects, one for each occurrence of sensitive data in a binary text file. Each object specifies the position of the data relative to the beginning of the file.</p> <p>This value is typically null. For binary text files, Amazon Macie adds location data to a lineRanges.Range or Page object, depending on the file type.</p>"
+          "documentation": " <p>Reserved for future use.</p>"
         },
         "pages": {
           "shape": "Pages",
           "locationName": "pages",
-          "documentation": "<p>An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Format file. Each object specifies the page that contains the data, and the position of the data on that page. This value is null for all other types of files.</p>"
+          "documentation": "<p>An array of objects, one for each occurrence of sensitive data in an Adobe Portable Document Format file. Each object specifies the page that contains the data. This value is null for all other types of files.</p>"
         },
         "records": {
           "shape": "Records",
           "locationName": "records",
           "documentation": "<p>An array of objects, one for each occurrence of sensitive data in an Apache Avro object container or Apache Parquet file. Each object specifies the record index and the path to the field in the record that contains the data. This value is null for all other types of files.</p>"
         }
       },
-      "documentation": "<p>Provides the location of 1-15 occurrences of sensitive data that was detected by managed data identifiers or a custom data identifier and produced a sensitive data finding.</p>"
+      "documentation": "<p>Specifies the location of 1-15 occurrences of sensitive data that was detected by managed data identifiers or a custom data identifier and produced a sensitive data finding.</p>"
     },
     "OrderBy": {
       "type": "string",
@@ -5987,12 +5987,12 @@
         "lineRange": {
           "shape": "Range",
           "locationName": "lineRange",
-          "documentation": "<p>The line that contains the data, and the position of the data on that line.</p>"
+          "documentation": " <p>Reserved for future use.</p>"
         },
         "offsetRange": {
           "shape": "Range",
           "locationName": "offsetRange",
-          "documentation": "<p>The position of the data on the page, relative to the beginning of the page.</p>"
+          "documentation": " <p>Reserved for future use.</p>"
         },
         "pageNumber": {
           "shape": "__long",
@@ -6074,20 +6074,20 @@
         "end": {
           "shape": "__long",
           "locationName": "end",
-          "documentation": "<p>Possible values are:</p> <ul><li><p>In an Occurrences.lineRanges array, the number of lines from the beginning of the file to the end of the sensitive data.</p></li> <li><p>In an Occurrences.offsetRanges array, the number of characters from the beginning of the file to the end of the sensitive data.</p></li> <li><p>In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginning of the page to the end of the sensitive data.</p></li></ul>"
+          "documentation": "<p>The number of lines from the beginning of the file to the end of the sensitive data.</p> "
         },
         "start": {
           "shape": "__long",
           "locationName": "start",
-          "documentation": "<p>Possible values are:</p> <ul><li><p>In an Occurrences.lineRanges array, the number of lines from the beginning of the file to the beginning of the sensitive data.</p></li> <li><p>In an Occurrences.offsetRanges array, the number of characters from the beginning of the file to the beginning of the sensitive data.</p></li> <li><p>In a Page object, the number of lines (lineRange) or characters (offsetRange) from the beginning of the page to the beginning of the sensitive data.</p></li></ul>"
+          "documentation": "<p>The number of lines from the beginning of the file to the beginning of the sensitive data.</p> "
         },
         "startColumn": {
           "shape": "__long",
           "locationName": "startColumn",
           "documentation": "<p>The column number for the column that contains the data, if the file contains structured data.</p>"
         }
       },
-      "documentation": "<p>Provides details about the location of an occurrence of sensitive data in an Adobe Portable Document Format file, Microsoft Word document, or non-binary text file.</p>"
+      "documentation": "<p>Provides details about the location of an occurrence of sensitive data in a Microsoft Word document or non-binary text file.</p>"
     },
     "Ranges": {
       "type": "list",
@@ -6401,11 +6401,9 @@
       "type": "string",
       "documentation": "<p>The property to use in a condition that determines whether an S3 object is included or excluded from a classification job. Valid values are:</p>",
       "enum": [
-        "BUCKET_CREATION_DATE",
         "OBJECT_EXTENSION",
         "OBJECT_LAST_MODIFIED_DATE",
         "OBJECT_SIZE",
-        "TAG",
         "OBJECT_KEY"
       ]
     },
@@ -6415,12 +6413,12 @@
         "excludes": {
           "shape": "JobScopingBlock",
           "locationName": "excludes",
-          "documentation": "<p>The property- or tag-based conditions that determine which objects to exclude from the analysis.</p>"
+          "documentation": "<p>The property- and tag-based conditions that determine which objects to exclude from the analysis.</p>"
         },
         "includes": {
           "shape": "JobScopingBlock",
           "locationName": "includes",
-          "documentation": "<p>The property- or tag-based conditions that determine which objects to include in the analysis.</p>"
+          "documentation": "<p>The property- and tag-based conditions that determine which objects to include in the analysis.</p>"
         }
       },
       "documentation": "<p>Specifies one or more property- and tag-based conditions that define criteria for including or excluding S3 objects from a classification job. Exclude conditions take precedence over include conditions.</p>"
@@ -6849,7 +6847,7 @@
         "comparator": {
           "shape": "JobComparator",
           "locationName": "comparator",
-          "documentation": "<p>The operator to use in the condition. Valid operators for each supported property (key) are:</p> <ul><li><p>OBJECT_EXTENSION - EQ (equals) or NE (not equals)</p></li> <li><p>OBJECT_KEY - STARTS_WITH</p></li> <li><p>OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS</p></li> <li><p>OBJECT_SIZE - Any operator except CONTAINS</p></li> <li><p>TAG - EQ (equals) or NE (not equals)</p></li></ul>"
+          "documentation": "<p>The operator to use in the condition. Valid values for each supported property (key) are:</p> <ul><li><p>OBJECT_EXTENSION - EQ (equals) or NE (not equals)</p></li> <li><p>OBJECT_KEY - STARTS_WITH</p></li> <li><p>OBJECT_LAST_MODIFIED_DATE - Any operator except CONTAINS</p></li> <li><p>OBJECT_SIZE - Any operator except CONTAINS</p></li></ul>"
         },
         "key": {
           "shape": "ScopeFilterKey",
@@ -6859,7 +6857,7 @@
         "values": {
           "shape": "__listOf__string",
           "locationName": "values",
-          "documentation": "<p>An array that lists the values to use in the condition. If the value for the key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple values and Amazon Macie uses an OR operator to join the values. Otherwise, this array can specify only one value.</p> <p>Valid values for each supported property (key) are:</p> <ul><li><p>OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: docx or pdf</p></li> <li><p>OBJECT_KEY - A string that represents the key prefix (folder name or path) of an object. For example: logs or awslogs/eventlogs. This value applies a condition to objects whose keys (names) begin with the specified value.</p></li> <li><p>OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when an object was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z</p></li> <li><p>OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.</p></li> <li><p>TAG - A string that represents a tag key for an object. For advanced options, use a TagScopeTerm object instead of a SimpleScopeTerm object to define a tag-based condition for the job.</p></li></ul> <p>Macie doesn't support use of wildcard characters in these values. Also, string values are case sensitive.</p>"
+          "documentation": "<p>An array that lists the values to use in the condition. If the value for the key property is OBJECT_EXTENSION or OBJECT_KEY, this array can specify multiple values and Amazon Macie uses OR logic to join the values. Otherwise, this array can specify only one value.</p> <p>Valid values for each supported property (key) are:</p> <ul><li><p>OBJECT_EXTENSION - A string that represents the file name extension of an object. For example: docx or pdf</p></li> <li><p>OBJECT_KEY - A string that represents the key prefix (folder name or path) of an object. For example: logs or awslogs/eventlogs. This value applies a condition to objects whose keys (names) begin with the specified value.</p></li> <li><p>OBJECT_LAST_MODIFIED_DATE - The date and time (in UTC and extended ISO 8601 format) when an object was created or last changed, whichever is latest. For example: 2020-09-28T14:31:13Z</p></li> <li><p>OBJECT_SIZE - An integer that represents the storage size (in bytes) of an object.</p></li></ul> <p>Macie doesn't support use of wildcard characters in these values. Also, string values are case sensitive.</p>"
         }
       },
       "documentation": "<p>Specifies a property-based condition that determines whether an S3 object is included or excluded from a classification job.</p>"
@@ -6981,25 +6979,25 @@
         "comparator": {
           "shape": "JobComparator",
           "locationName": "comparator",
-          "documentation": "<p>The operator to use in the condition. Valid operators are EQ (equals) or NE (not equals).</p>"
+          "documentation": "<p>The operator to use in the condition. Valid values are EQ (equals) or NE (not equals).</p>"
         },
         "key": {
           "shape": "__string",
           "locationName": "key",
-          "documentation": "<p>The tag key to use in the condition.</p>"
+          "documentation": "<p>The object property to use in the condition. The only valid value is TAG.</p>"
         },
         "tagValues": {
           "shape": "__listOfTagValuePair",
           "locationName": "tagValues",
-          "documentation": "<p>The tag keys or tag key and value pairs to use in the condition.</p>"
+          "documentation": "<p>The tag keys or tag key and value pairs to use in the condition. To specify only tag keys in a condition, specify the keys in this array and set the value for each associated tag value to an empty string.</p>"
         },
         "target": {
           "shape": "TagTarget",
           "locationName": "target",
           "documentation": "<p>The type of object to apply the condition to.</p>"
         }
       },
-      "documentation": "<p>Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job. Tag keys and values are case sensitive. Also, Amazon Macie doesn't support use of partial values or wildcard characters in tag-based conditions.</p>"
+      "documentation": "<p>Specifies a tag-based condition that determines whether an S3 object is included or excluded from a classification job.</p>"
     },
     "TagTarget": {
       "type": "string",
@@ -7208,6 +7206,12 @@
           "shape": "__integer",
           "locationName": "position",
           "documentation": "<p>The position of the filter in the list of saved filters on the Amazon Macie console. This value also determines the order in which the filter is applied to findings, relative to other filters that are also applied to the findings.</p>"
+        },
+        "clientToken": {
+          "shape": "__string",
+          "locationName": "clientToken",
+          "documentation": "<p>A unique, case-sensitive token that you provide to ensure the idempotency of the request.</p>",
+          "idempotencyToken": true
         }
       },
       "required": [
