AWS Service Catalog Update: Documentation updates for ServiceCatalog.

AWS · AWS · commit a214811b2aae · 2023-05-31T18:12:14.000Z
diff --git a/.changes/next-release/feature-AWSServiceCatalog-27cb4d7.json b/.changes/next-release/feature-AWSServiceCatalog-27cb4d7.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "AWS Service Catalog",
+    "contributor": "",
+    "description": "Documentation updates for ServiceCatalog."
+}
diff --git a/services/servicecatalog/src/main/resources/codegen-resources/service-2.json b/services/servicecatalog/src/main/resources/codegen-resources/service-2.json
@@ -649,7 +649,7 @@
         {"shape":"InvalidParametersException"},
         {"shape":"ResourceNotFoundException"}
       ],
-      "documentation":"<p>Disassociates a previously associated principal ARN from a specified portfolio.</p> <p>The <code>PrincipalType</code> and <code>PrincipalARN</code> must match the <code>AssociatePrincipalWithPortfolio</code> call request details. For example, to disassociate an association created with a <code>PrincipalARN</code> of <code>PrincipalType</code> IAM you must use the <code>PrincipalType</code> IAM when calling <code>DisassociatePrincipalFromPortfolio</code>. </p> <p>For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal. </p>"
+      "documentation":"<p>Disassociates a previously associated principal ARN from a specified portfolio.</p> <p>The <code>PrincipalType</code> and <code>PrincipalARN</code> must match the <code>AssociatePrincipalWithPortfolio</code> call request details. For example, to disassociate an association created with a <code>PrincipalARN</code> of <code>PrincipalType</code> IAM you must use the <code>PrincipalType</code> IAM when calling <code>DisassociatePrincipalFromPortfolio</code>. </p> <p>For portfolios that have been shared with principal name sharing enabled: after disassociating a principal, share recipient accounts will no longer be able to provision products in this portfolio using a role matching the name of the associated principal. </p> <p>For more information, review <a href=\"https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options\">associate-principal-with-portfolio</a> in the Amazon Web Services CLI Command Reference. </p> <note> <p>If you disassociate a principal from a portfolio, with PrincipalType as <code>IAM</code>, the same principal will still have access to the portfolio if it matches one of the associated principals of type <code>IAM_PATTERN</code>. To fully remove access for a principal, verify all the associated Principals of type <code>IAM_PATTERN</code>, and then ensure you disassociate any <code>IAM_PATTERN</code> principals that match the principal whose access you are removing.</p> </note>"
     },
     "DisassociateProductFromPortfolio":{
       "name":"DisassociateProductFromPortfolio",
@@ -1421,11 +1421,11 @@
         },
         "PrincipalARN":{
           "shape":"PrincipalARN",
-          "documentation":"<p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> if <code>PrincipalType</code> is <code>IAM_PATTERN</code>. </p> <p>You can associate multiple <code>IAM</code> patterns even if the account has no principal with that name. This is useful in Principal Name Sharing if you want to share a principal without creating it in the account that owns the portfolio. </p>"
+          "documentation":"<p>The ARN of the principal (user, role, or group). The supported value is a fully defined <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns\"> <code>IAM</code> ARN</a> if the <code>PrincipalType</code> is <code>IAM</code>. If the <code>PrincipalType</code> is <code>IAM_PATTERN</code>, the supported value is an <code>IAM</code> ARN without an AccountID in the following format:</p> <p> <i>arn:partition:iam:::resource-type/resource-id</i> </p> <p>The resource-id can be either of the following:</p> <ul> <li> <p>Fully formed, for example <i>arn:aws:iam:::role/resource-name</i> or <i>arn:aws:iam:::role/resource-path/resource-name</i> </p> </li> <li> <p>A wildcard ARN. The wildcard ARN accepts <code>IAM_PATTERN</code> values with a \"*\" or \"?\" in the resource-id segment of the ARN, for example <i>arn:partition:service:::resource-type/resource-path/resource-name</i>. The new symbols are exclusive to the <b>resource-path</b> and <b>resource-name</b> and cannot be used to replace the <b>resource-type</b> or other ARN values. </p> </li> </ul> <p>Examples of an <b>acceptable</b> wildcard ARN:</p> <ul> <li> <p>arn:aws:iam:::role/ResourceName_*</p> </li> <li> <p>arn:aws:iam:::role/*/ResourceName_?</p> </li> </ul> <p>Examples of an <b>unacceptable</b> wildcard ARN:</p> <ul> <li> <p>arn:aws:iam:::*/ResourceName</p> </li> </ul> <p>You can associate multiple <code>IAM_PATTERN</code>s even if the account has no principal with that name. </p> <note> <ul> <li> <p>The ARN path and principal name allow unlimited wildcard characters. </p> </li> <li> <p>The \"?\" wildcard character matches zero or one of any character. This is similar to \".?\" in regular regex context.</p> </li> <li> <p>The \"*\" wildcard character matches any number of any characters. This is similar \".*\" in regular regex context.</p> </li> <li> <p>In the IAM Principal ARNs format (arn:partition:iam:::resource-type/resource-path/resource-name), valid <b>resource-type</b> values include user/, group/, or role/. The \"?\" and \"*\" are allowed only after the <b>resource-type</b>, in the resource-id segment. You can use special characters anywhere within the <b>resource-id</b>.</p> </li> <li> <p>The \"*\" also matches the \"/\" character, allowing paths to be formed within the <b>resource-id</b>. For example, arn:aws:iam:::role/*/ResourceName_? matches both arn:aws:iam:::role/pathA/pathB/ResourceName_1 and arn:aws:iam:::role/pathA/ResourceName_1.</p> </li> </ul> </note>"
         },
         "PrincipalType":{
           "shape":"PrincipalType",
-          "documentation":"<p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>. </p>"
+          "documentation":"<p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>, with or without wildcard characters. </p>"
         }
       }
     },
@@ -3001,11 +3001,11 @@
         },
         "PrincipalARN":{
           "shape":"PrincipalARN",
-          "documentation":"<p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> if <code>PrincipalType</code> is <code>IAM_PATTERN</code>.</p>"
+          "documentation":"<p>The ARN of the principal (user, role, or group). This field allows an ARN with no <code>accountID</code> with or without wildcard characters if <code>PrincipalType</code> is <code>IAM_PATTERN</code>.</p>"
         },
         "PrincipalType":{
           "shape":"PrincipalType",
-          "documentation":"<p>The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you use no <code>accountID</code>. </p>"
+          "documentation":"<p>The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you specify an <code>IAM</code> ARN with no AccountId, with or without wildcard characters. </p>"
         }
       }
     },
@@ -4531,11 +4531,11 @@
       "members":{
         "PrincipalARN":{
           "shape":"PrincipalARN",
-          "documentation":"<p>The ARN of the principal (user, role, or group). This field allows for an ARN with no <code>accountID</code> if the <code>PrincipalType</code> is an <code>IAM_PATTERN</code>. </p>"
+          "documentation":"<p>The ARN of the principal (user, role, or group). This field allows for an ARN with no <code>accountID</code>, with or without wildcard characters if the <code>PrincipalType</code> is an <code>IAM_PATTERN</code>. </p> <p>For more information, review <a href=\"https://docs.aws.amazon.com/cli/latest/reference/servicecatalog/associate-principal-with-portfolio.html#options\">associate-principal-with-portfolio</a> in the Amazon Web Services CLI Command Reference. </p>"
         },
         "PrincipalType":{
           "shape":"PrincipalType",
-          "documentation":"<p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>. </p>"
+          "documentation":"<p>The principal type. The supported value is <code>IAM</code> if you use a fully defined ARN, or <code>IAM_PATTERN</code> if you use an ARN with no <code>accountID</code>, with or without wildcard characters. </p>"
         }
       },
       "documentation":"<p>Information about a principal.</p>"
