Amazon EventBridge Pipes Update: This release adds support for customer managed KMS keys in Amazon EventBridge Pipe

AWS · AWS · commit cb1b932dea44 · 2024-09-10T18:19:59.000Z
diff --git a/.changes/next-release/feature-AmazonEventBridgePipes-2ab322e.json b/.changes/next-release/feature-AmazonEventBridgePipes-2ab322e.json
@@ -0,0 +1,6 @@
+{
+    "type": "feature",
+    "category": "Amazon EventBridge Pipes",
+    "contributor": "",
+    "description": "This release adds support for customer managed KMS keys in Amazon EventBridge Pipe"
+}
diff --git a/services/pipes/src/main/resources/codegen-resources/service-2.json b/services/pipes/src/main/resources/codegen-resources/service-2.json
@@ -2,6 +2,7 @@
   "version":"2.0",
   "metadata":{
     "apiVersion":"2015-10-07",
+    "auth":["aws.auth#sigv4"],
     "endpointPrefix":"pipes",
     "protocol":"rest-json",
     "protocols":["rest-json"],
@@ -521,6 +522,10 @@
         "LogConfiguration":{
           "shape":"PipeLogConfigurationParameters",
           "documentation":"<p>The logging configuration settings for the pipe.</p>"
+        },
+        "KmsKeyIdentifier":{
+          "shape":"KmsKeyIdentifier",
+          "documentation":"<p>The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.</p> <p>If you do not specify a customer managed key identifier, EventBridge uses an Amazon Web Services owned key to encrypt pipe data.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html\">Managing keys</a> in the <i>Key Management Service Developer Guide</i>. </p>"
         }
       }
     },
@@ -700,6 +705,10 @@
         "LogConfiguration":{
           "shape":"PipeLogConfiguration",
           "documentation":"<p>The logging configuration settings for the pipe.</p>"
+        },
+        "KmsKeyIdentifier":{
+          "shape":"KmsKeyIdentifier",
+          "documentation":"<p>The identifier of the KMS customer managed key for EventBridge to use to encrypt pipe data, if one has been specified.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-encryption.html\">Data encryption in EventBridge</a> in the <i>Amazon EventBridge User Guide</i>.</p>"
         }
       }
     },
@@ -1125,6 +1134,12 @@
         "AT_TIMESTAMP"
       ]
     },
+    "KmsKeyIdentifier":{
+      "type":"string",
+      "max":2048,
+      "min":0,
+      "pattern":"[a-zA-Z0-9_\\-/:]*"
+    },
     "LaunchType":{
       "type":"string",
       "enum":[
@@ -2393,7 +2408,7 @@
         },
         "OutputFormat":{
           "shape":"S3OutputFormat",
-          "documentation":"<p>The format EventBridge uses for the log records.</p> <ul> <li> <p> <code>json</code>: JSON </p> </li> <li> <p> <code>plain</code>: Plain text</p> </li> <li> <p> <code>w3c</code>: <a href=\"https://www.w3.org/TR/WD-logfile\">W3C extended logging file format</a> </p> </li> </ul>"
+          "documentation":"<p>The format EventBridge uses for the log records.</p> <p>EventBridge currently only supports <code>json</code> formatting.</p>"
         }
       },
       "documentation":"<p>The Amazon S3 logging configuration settings for the pipe.</p>"
@@ -2415,7 +2430,7 @@
         },
         "OutputFormat":{
           "shape":"S3OutputFormat",
-          "documentation":"<p>How EventBridge should format the log records.</p> <ul> <li> <p> <code>json</code>: JSON </p> </li> <li> <p> <code>plain</code>: Plain text</p> </li> <li> <p> <code>w3c</code>: <a href=\"https://www.w3.org/TR/WD-logfile\">W3C extended logging file format</a> </p> </li> </ul>"
+          "documentation":"<p>How EventBridge should format the log records.</p> <p>EventBridge currently only supports <code>json</code> formatting.</p>"
         },
         "Prefix":{
           "shape":"S3LogDestinationParametersPrefixString",
@@ -2556,7 +2571,7 @@
         },
         "SecurityGroup":{
           "shape":"SecurityGroupIds",
-          "documentation":"<p>Specifies the security groups associated with the stream. These security groups must all be in the same VPC. You can specify as many as five security groups. If you do not specify a security group, the default security group for the VPC is used.</p>"
+          "documentation":"<p>Specifies the security groups associated with the stream. These security groups must all be in the same VPC. You can specify as many as five security groups.</p>"
         }
       },
       "documentation":"<p>This structure specifies the VPC subnets and security groups for the stream, and whether a public IP address is to be used.</p>"
@@ -2963,6 +2978,10 @@
         "LogConfiguration":{
           "shape":"PipeLogConfigurationParameters",
           "documentation":"<p>The logging configuration settings for the pipe.</p>"
+        },
+        "KmsKeyIdentifier":{
+          "shape":"KmsKeyIdentifier",
+          "documentation":"<p>The identifier of the KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.</p> <p>To update a pipe that is using the default Amazon Web Services owned key to use a customer managed key instead, or update a pipe that is using a customer managed key to use a different customer managed key, specify a customer managed key identifier.</p> <p>To update a pipe that is using a customer managed key to use the default Amazon Web Services owned key, specify an empty string.</p> <p>For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html\">Managing keys</a> in the <i>Key Management Service Developer Guide</i>. </p>"
         }
       }
     },
