feat(client-elasticsearch-service): This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints.

Author: awstools

clients/client-elasticsearch-service/src/commands/CreateElasticsearchDomainCommand.ts

@@ -107,7 +107,7 @@ export interface CreateElasticsearchDomainCommandOutput extends CreateElasticsea
  *   },
  *   DomainEndpointOptions: { // DomainEndpointOptions
  *     EnforceHTTPS: true || false,
- *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  *     CustomEndpointEnabled: true || false,
  *     CustomEndpoint: "STRING_VALUE",
  *     CustomEndpointCertificateArn: "STRING_VALUE",
@@ -244,7 +244,7 @@ export interface CreateElasticsearchDomainCommandOutput extends CreateElasticsea
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/commands/DeleteElasticsearchDomainCommand.ts

@@ -132,7 +132,7 @@ export interface DeleteElasticsearchDomainCommandOutput extends DeleteElasticsea
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/commands/DescribeElasticsearchDomainCommand.ts

@@ -137,7 +137,7 @@ export interface DescribeElasticsearchDomainCommandOutput
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/commands/DescribeElasticsearchDomainConfigCommand.ts

@@ -183,7 +183,7 @@ export interface DescribeElasticsearchDomainConfigCommandOutput
  * //     DomainEndpointOptions: { // DomainEndpointOptionsStatus
  * //       Options: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/commands/DescribeElasticsearchDomainsCommand.ts

@@ -140,7 +140,7 @@ export interface DescribeElasticsearchDomainsCommandOutput
  * //       },
  * //       DomainEndpointOptions: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/commands/UpdateElasticsearchDomainConfigCommand.ts

@@ -103,7 +103,7 @@ export interface UpdateElasticsearchDomainConfigCommandOutput
  *   },
  *   DomainEndpointOptions: { // DomainEndpointOptions
  *     EnforceHTTPS: true || false,
- *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  *     CustomEndpointEnabled: true || false,
  *     CustomEndpoint: "STRING_VALUE",
  *     CustomEndpointCertificateArn: "STRING_VALUE",
@@ -286,7 +286,7 @@ export interface UpdateElasticsearchDomainConfigCommandOutput
  * //     DomainEndpointOptions: { // DomainEndpointOptionsStatus
  * //       Options: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-elasticsearch-service/src/endpoint/ruleset.ts

@@ -6,27 +6,30 @@ import { RuleSetObject } from "@smithy/types";
    or see "smithy.rules#endpointRuleSet"
    in codegen/sdk-codegen/aws-models/elasticsearch-service.json */
 
-const s="required",
-t="fn",
-u="argv",
-v="ref";
+const v="required",
+w="fn",
+x="argv",
+y="ref";
 const a=true,
 b="isSet",
 c="booleanEquals",
 d="error",
 e="endpoint",
 f="tree",
 g="PartitionResult",
-h={[s]:false,"type":"String"},
-i={[s]:true,"default":false,"type":"Boolean"},
-j={[v]:"Endpoint"},
-k={[t]:c,[u]:[{[v]:"UseFIPS"},true]},
-l={[t]:c,[u]:[{[v]:"UseDualStack"},true]},
-m={},
-n={[t]:"getAttr",[u]:[{[v]:g},"supportsFIPS"]},
-o={[t]:c,[u]:[true,{[t]:"getAttr",[u]:[{[v]:g},"supportsDualStack"]}]},
-p=[k],
-q=[l],
-r=[{[v]:"Region"}];
-const _data={version:"1.0",parameters:{Region:h,UseDualStack:i,UseFIPS:i,Endpoint:h},rules:[{conditions:[{[t]:b,[u]:[j]}],rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:j,properties:m,headers:m},type:e}],type:f},{conditions:[{[t]:b,[u]:r}],rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:g}],rules:[{conditions:[k,l],rules:[{conditions:[{[t]:c,[u]:[a,n]},o],rules:[{endpoint:{url:"https://es-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:p,rules:[{conditions:[{[t]:c,[u]:[n,a]}],rules:[{endpoint:{url:"https://es-fips.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:q,rules:[{conditions:[o],rules:[{endpoint:{url:"https://es.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:m,headers:m},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://es.{Region}.{PartitionResult#dnsSuffix}",properties:m,headers:m},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]};
+h="stringEquals",
+i={[v]:false,"type":"String"},
+j={[v]:true,"default":false,"type":"Boolean"},
+k={[y]:"Endpoint"},
+l={[w]:c,[x]:[{[y]:"UseFIPS"},true]},
+m={[w]:c,[x]:[{[y]:"UseDualStack"},true]},
+n={},
+o={[w]:"getAttr",[x]:[{[y]:g},"supportsFIPS"]},
+p={[w]:c,[x]:[true,{[w]:"getAttr",[x]:[{[y]:g},"supportsDualStack"]}]},
+q={[w]:"getAttr",[x]:[{[y]:g},"name"]},
+r={"url":"https://aos.{Region}.api.aws","properties":{},"headers":{}},
+s=[l],
+t=[m],
+u=[{[y]:"Region"}];
+const _data={version:"1.0",parameters:{Region:i,UseDualStack:j,UseFIPS:j,Endpoint:i},rules:[{conditions:[{[w]:b,[x]:[k]}],rules:[{conditions:s,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:d},{conditions:t,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:d},{endpoint:{url:k,properties:n,headers:n},type:e}],type:f},{conditions:[{[w]:b,[x]:u}],rules:[{conditions:[{[w]:"aws.partition",[x]:u,assign:g}],rules:[{conditions:[l,m],rules:[{conditions:[{[w]:c,[x]:[a,o]},p],rules:[{endpoint:{url:"https://es-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:n,headers:n},type:e}],type:f},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:d}],type:f},{conditions:s,rules:[{conditions:[{[w]:c,[x]:[o,a]}],rules:[{endpoint:{url:"https://es-fips.{Region}.{PartitionResult#dnsSuffix}",properties:n,headers:n},type:e}],type:f},{error:"FIPS is enabled but this partition does not support FIPS",type:d}],type:f},{conditions:t,rules:[{conditions:[p],rules:[{conditions:[{[w]:h,[x]:["aws",q]}],endpoint:r,type:e},{conditions:[{[w]:h,[x]:["aws-cn",q]}],endpoint:{url:"https://aos.{Region}.api.amazonwebservices.com.cn",properties:n,headers:n},type:e},{conditions:[{[w]:h,[x]:["aws-us-gov",q]}],endpoint:r,type:e},{endpoint:{url:"https://es.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:n,headers:n},type:e}],type:f},{error:"DualStack is enabled but this partition does not support DualStack",type:d}],type:f},{endpoint:{url:"https://es.{Region}.{PartitionResult#dnsSuffix}",properties:n,headers:n},type:e}],type:f}],type:f},{error:"Invalid Configuration: Missing Region",type:d}]};
 export const ruleSet: RuleSetObject = _data;

clients/client-elasticsearch-service/src/models/models_0.ts

@@ -1098,6 +1098,7 @@ export interface CognitoOptions {
 export const TLSSecurityPolicy = {
   POLICY_MIN_TLS_1_0_2019_07: "Policy-Min-TLS-1-0-2019-07",
   POLICY_MIN_TLS_1_2_2019_07: "Policy-Min-TLS-1-2-2019-07",
+  POLICY_MIN_TLS_1_2_PFS_2023_10: "Policy-Min-TLS-1-2-PFS-2023-10",
 } as const;
 
 /**
@@ -1121,8 +1122,9 @@ export interface DomainEndpointOptions {
    * <p>Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain.
    *         <br></br> It can be one of the following values:
    *         <ul>
-   *             <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy which supports TLSv1.0 and higher.</li>
-   *             <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy which supports only TLSv1.2</li>
+   *             <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy that supports TLS version 1.0 to TLS version 1.2</li>
+   *             <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy that supports only TLS version 1.2</li>
+   *             <li><b>Policy-Min-TLS-1-2-PFS-2023-10: </b> TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites</li>
    *         </ul>
    *     </p>
    */

codegen/sdk-codegen/aws-models/elasticsearch-service.json

@@ -796,6 +796,81 @@
                             }
                           ],
                           "rules": [
+                            {
+                              "conditions": [
+                                {
+                                  "fn": "stringEquals",
+                                  "argv": [
+                                    "aws",
+                                    {
+                                      "fn": "getAttr",
+                                      "argv": [
+                                        {
+                                          "ref": "PartitionResult"
+                                        },
+                                        "name"
+                                      ]
+                                    }
+                                  ]
+                                }
+                              ],
+                              "endpoint": {
+                                "url": "https://aos.{Region}.api.aws",
+                                "properties": {},
+                                "headers": {}
+                              },
+                              "type": "endpoint"
+                            },
+                            {
+                              "conditions": [
+                                {
+                                  "fn": "stringEquals",
+                                  "argv": [
+                                    "aws-cn",
+                                    {
+                                      "fn": "getAttr",
+                                      "argv": [
+                                        {
+                                          "ref": "PartitionResult"
+                                        },
+                                        "name"
+                                      ]
+                                    }
+                                  ]
+                                }
+                              ],
+                              "endpoint": {
+                                "url": "https://aos.{Region}.api.amazonwebservices.com.cn",
+                                "properties": {},
+                                "headers": {}
+                              },
+                              "type": "endpoint"
+                            },
+                            {
+                              "conditions": [
+                                {
+                                  "fn": "stringEquals",
+                                  "argv": [
+                                    "aws-us-gov",
+                                    {
+                                      "fn": "getAttr",
+                                      "argv": [
+                                        {
+                                          "ref": "PartitionResult"
+                                        },
+                                        "name"
+                                      ]
+                                    }
+                                  ]
+                                }
+                              ],
+                              "endpoint": {
+                                "url": "https://aos.{Region}.api.aws",
+                                "properties": {},
+                                "headers": {}
+                              },
+                              "type": "endpoint"
+                            },
                             {
                               "conditions": [],
                               "endpoint": {
@@ -1195,7 +1270,7 @@
               "documentation": "For region us-east-1 with FIPS disabled and DualStack enabled",
               "expect": {
                 "endpoint": {
-                  "url": "https://es.us-east-1.api.aws"
+                  "url": "https://aos.us-east-1.api.aws"
                 }
               },
               "params": {
@@ -1260,7 +1335,7 @@
               "documentation": "For region cn-north-1 with FIPS disabled and DualStack enabled",
               "expect": {
                 "endpoint": {
-                  "url": "https://es.cn-north-1.api.amazonwebservices.com.cn"
+                  "url": "https://aos.cn-north-1.api.amazonwebservices.com.cn"
                 }
               },
               "params": {
@@ -1338,7 +1413,7 @@
               "documentation": "For region us-gov-east-1 with FIPS disabled and DualStack enabled",
               "expect": {
                 "endpoint": {
-                  "url": "https://es.us-gov-east-1.api.aws"
+                  "url": "https://aos.us-gov-east-1.api.aws"
                 }
               },
               "params": {
@@ -4301,7 +4376,7 @@
         "TLSSecurityPolicy": {
           "target": "com.amazonaws.elasticsearchservice#TLSSecurityPolicy",
           "traits": {
-            "smithy.api#documentation": "<p>Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain.\n        <br></br> It can be one of the following values:\n        <ul>\n            <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy which supports TLSv1.0 and higher.</li>\n            <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy which supports only TLSv1.2</li>\n        </ul>\n    </p>"
+            "smithy.api#documentation": "<p>Specify the TLS security policy that needs to be applied to the HTTPS endpoint of Elasticsearch domain.\n        <br></br> It can be one of the following values:\n        <ul>\n            <li><b>Policy-Min-TLS-1-0-2019-07: </b> TLS security policy that supports TLS version 1.0 to TLS version 1.2</li>\n            <li><b>Policy-Min-TLS-1-2-2019-07: </b> TLS security policy that supports only TLS version 1.2</li>\n            <li><b>Policy-Min-TLS-1-2-PFS-2023-10: </b> TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites</li>\n        </ul>\n    </p>"
           }
         },
         "CustomEndpointEnabled": {
@@ -8531,6 +8606,12 @@
           "traits": {
             "smithy.api#enumValue": "Policy-Min-TLS-1-2-2019-07"
           }
+        },
+        "POLICY_MIN_TLS_1_2_PFS_2023_10": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "Policy-Min-TLS-1-2-PFS-2023-10"
+          }
         }
       }
     },