docs(client-keyspaces): Amazon Keyspaces: adding the list of IAM actions required by the UpdateKeyspace API.

awstools · awstools · commit a4233c3b964e · 2024-12-09T19:38:04.000Z
diff --git a/clients/client-keyspaces/src/commands/UpdateKeyspaceCommand.ts b/clients/client-keyspaces/src/commands/UpdateKeyspaceCommand.ts
@@ -30,13 +30,105 @@ export interface UpdateKeyspaceCommandOutput extends UpdateKeyspaceResponse, __M
 /**
  * <p>
  *          Adds a new Amazon Web Services Region to the keyspace.  You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.
- *          The new replica Region is applied to all tables in the keyspace. For more information, see <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/keyspaces-multi-region-add-replica.html">Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer
- *                Guide</i>.
- *       </p>
- *          <p>To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps
- *          for all tables in the keyspace. For more information, see
+ *          Amazon Keyspaces is going to replicate all tables in the keyspace to the new Region. To successfully replicate all tables to the new Region, they
+ *          must use client-side timestamps for conflict resolution. To enable client-side timestamps, specify <code>clientSideTimestamps.status = enabled</code>
+ *          when invoking the API. For more information about client-side timestamps, see
  *          <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer
  *                Guide</i>.</p>
+ *          <p>To add a Region to a keyspace using the <code>UpdateKeyspace</code> API, the IAM principal needs permissions for the following IAM actions:</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:Alter</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:AlterMultiRegionResource</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:Create</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:CreateMultiRegionResource</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:Select</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:SelectMultiRegionResource</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:Modify</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>cassandra:ModifyMultiRegionResource</code>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>If the keyspace contains a table that is configured in provisioned mode with auto scaling enabled,
+ *          the following additional IAM actions need to be allowed.</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>application-autoscaling:RegisterScalableTarget</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>application-autoscaling:DeregisterScalableTarget</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>application-autoscaling:DescribeScalableTargets</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>application-autoscaling:PutScalingPolicy</code>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>application-autoscaling:DescribeScalingPolicies</code>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>To use the <code>UpdateKeyspace</code> API, the IAM principal also needs permissions to
+ *         create a service-linked role with the following elements:</p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <code>iam:CreateServiceLinkedRole</code> - The <b>action</b> the principal can perform.</p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication</code>
+ *                - The <b>resource</b> that the action can be
+ *                performed on. </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <code>iam:AWSServiceName: replication.cassandra.amazonaws.com</code>
+ *                - The only Amazon Web Services service that this role can be attached to is Amazon Keyspaces.</p>
+ *             </li>
+ *          </ul>
+ *          <p>For more information, see <a href="https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html">Configure the IAM permissions
+ *             required to add an Amazon Web Services Region to a keyspace</a>
+ *          in the <i>Amazon Keyspaces Developer Guide</i>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/codegen/sdk-codegen/aws-models/keyspaces.json b/codegen/sdk-codegen/aws-models/keyspaces.json
@@ -3584,7 +3584,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>\n         Adds a new Amazon Web Services Region to the keyspace.  You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n         The new replica Region is applied to all tables in the keyspace. For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/keyspaces-multi-region-add-replica.html\">Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n               Guide</i>.\n      </p>\n         <p>To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps\n         for all tables in the keyspace. For more information, see\n         <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n               Guide</i>.</p>"
+        "smithy.api#documentation": "<p>\n         Adds a new Amazon Web Services Region to the keyspace.  You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n         Amazon Keyspaces is going to replicate all tables in the keyspace to the new Region. To successfully replicate all tables to the new Region, they\n         must use client-side timestamps for conflict resolution. To enable client-side timestamps, specify <code>clientSideTimestamps.status = enabled</code>\n         when invoking the API. For more information about client-side timestamps, see\n         <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n               Guide</i>.</p>\n         <p>To add a Region to a keyspace using the <code>UpdateKeyspace</code> API, the IAM principal needs permissions for the following IAM actions:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>cassandra:Alter</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:AlterMultiRegionResource</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:Create</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:CreateMultiRegionResource</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:Select</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:SelectMultiRegionResource</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:Modify</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>cassandra:ModifyMultiRegionResource</code>\n               </p>\n            </li>\n         </ul>\n         <p>If the keyspace contains a table that is configured in provisioned mode with auto scaling enabled, \n         the following additional IAM actions need to be allowed.</p>\n         <ul>\n            <li>\n               <p>\n                  <code>application-autoscaling:RegisterScalableTarget</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>application-autoscaling:DeregisterScalableTarget</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>application-autoscaling:DescribeScalableTargets</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>application-autoscaling:PutScalingPolicy</code>\n               </p>\n            </li>\n            <li>\n               <p>\n                  <code>application-autoscaling:DescribeScalingPolicies</code>\n               </p>\n            </li>\n         </ul>\n         <p>To use the <code>UpdateKeyspace</code> API, the IAM principal also needs permissions to\n        create a service-linked role with the following elements:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>iam:CreateServiceLinkedRole</code> - The <b>action</b> the principal can perform.</p>\n            </li>\n            <li>\n               <p>\n                  <code>arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication</code>\n               - The <b>resource</b> that the action can be\n               performed on. </p>\n            </li>\n            <li>\n               <p>\n                  <code>iam:AWSServiceName: replication.cassandra.amazonaws.com</code>\n               - The only Amazon Web Services service that this role can be attached to is Amazon Keyspaces.</p>\n            </li>\n         </ul>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html\">Configure the IAM permissions\n            required to add an Amazon Web Services Region to a keyspace</a>\n         in the <i>Amazon Keyspaces Developer Guide</i>.</p>"
       }
     },
     "com.amazonaws.keyspaces#UpdateKeyspaceRequest": {

Original file line number	Diff line number	Diff line change
`@@ -3584,7 +3584,7 @@`
`3584`	`3584`	`}`
`3585`	`3585`	`],`
`3586`	`3586`	`"traits": {`
`3587`		- "smithy.api#documentation": "<p>\n Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n The new replica Region is applied to all tables in the keyspace. For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/keyspaces-multi-region-add-replica.html\">Add an Amazon Web Services Region to a keyspace in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.\n </p>\n <p>To change a single-Region to a multi-Region keyspace, you have to enable client-side timestamps\n for all tables in the keyspace. For more information, see\n <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.</p>"
	`3587`	+ "smithy.api#documentation": "<p>\n Adds a new Amazon Web Services Region to the keyspace. You can add a new Region to a keyspace that is either a single or a multi-Region keyspace.\n Amazon Keyspaces is going to replicate all tables in the keyspace to the new Region. To successfully replicate all tables to the new Region, they\n must use client-side timestamps for conflict resolution. To enable client-side timestamps, specify <code>clientSideTimestamps.status = enabled</code>\n when invoking the API. For more information about client-side timestamps, see\n <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/client-side-timestamps.html\">Client-side timestamps in Amazon Keyspaces</a> in the <i>Amazon Keyspaces Developer\n Guide</i>.</p>\n <p>To add a Region to a keyspace using the <code>UpdateKeyspace</code> API, the IAM principal needs permissions for the following IAM actions:</p>\n <ul>\n <li>\n <p>\n <code>cassandra:Alter</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:AlterMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Create</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:CreateMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Select</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:SelectMultiRegionResource</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:Modify</code>\n </p>\n </li>\n <li>\n <p>\n <code>cassandra:ModifyMultiRegionResource</code>\n </p>\n </li>\n </ul>\n <p>If the keyspace contains a table that is configured in provisioned mode with auto scaling enabled, \n the following additional IAM actions need to be allowed.</p>\n <ul>\n <li>\n <p>\n <code>application-autoscaling:RegisterScalableTarget</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DeregisterScalableTarget</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DescribeScalableTargets</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:PutScalingPolicy</code>\n </p>\n </li>\n <li>\n <p>\n <code>application-autoscaling:DescribeScalingPolicies</code>\n </p>\n </li>\n </ul>\n <p>To use the <code>UpdateKeyspace</code> API, the IAM principal also needs permissions to\n create a service-linked role with the following elements:</p>\n <ul>\n <li>\n <p>\n <code>iam:CreateServiceLinkedRole</code> - The <b>action</b> the principal can perform.</p>\n </li>\n <li>\n <p>\n <code>arn:aws:iam::*:role/aws-service-role/replication.cassandra.amazonaws.com/AWSServiceRoleForKeyspacesReplication</code>\n - The <b>resource</b> that the action can be\n performed on. </p>\n </li>\n <li>\n <p>\n <code>iam:AWSServiceName: replication.cassandra.amazonaws.com</code>\n - The only Amazon Web Services service that this role can be attached to is Amazon Keyspaces.</p>\n </li>\n </ul>\n <p>For more information, see <a href=\"https://docs.aws.amazon.com/keyspaces/latest/devguide/howitworks_replication_permissions_addReplica.html\">Configure the IAM permissions\n required to add an Amazon Web Services Region to a keyspace</a>\n in the <i>Amazon Keyspaces Developer Guide</i>.</p>"
`3588`	`3588`	`}`
`3589`	`3589`	`},`
`3590`	`3590`	`"com.amazonaws.keyspaces#UpdateKeyspaceRequest": {`