feat(client-opensearch): This release adds support for new or existing Amazon OpenSearch domains to enable TLS 1.3 or TLS 1.2 with perfect forward secrecy cipher suites for domain endpoints.

Author: awstools

clients/client-opensearch/src/commands/CreateDomainCommand.ts

@@ -100,7 +100,7 @@ export interface CreateDomainCommandOutput extends CreateDomainResponse, __Metad
  *   },
  *   DomainEndpointOptions: { // DomainEndpointOptions
  *     EnforceHTTPS: true || false,
- *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  *     CustomEndpointEnabled: true || false,
  *     CustomEndpoint: "STRING_VALUE",
  *     CustomEndpointCertificateArn: "STRING_VALUE",
@@ -253,7 +253,7 @@ export interface CreateDomainCommandOutput extends CreateDomainResponse, __Metad
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/DeleteDomainCommand.ts

@@ -132,7 +132,7 @@ export interface DeleteDomainCommandOutput extends DeleteDomainResponse, __Metad
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/DescribeDomainCommand.ts

@@ -132,7 +132,7 @@ export interface DescribeDomainCommandOutput extends DescribeDomainResponse, __M
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/DescribeDomainConfigCommand.ts

@@ -176,7 +176,7 @@ export interface DescribeDomainConfigCommandOutput extends DescribeDomainConfigR
  * //     DomainEndpointOptions: { // DomainEndpointOptionsStatus
  * //       Options: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/DescribeDomainsCommand.ts

@@ -135,7 +135,7 @@ export interface DescribeDomainsCommandOutput extends DescribeDomainsResponse, _
  * //       },
  * //       DomainEndpointOptions: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/DescribeDryRunProgressCommand.ts

@@ -146,7 +146,7 @@ export interface DescribeDryRunProgressCommandOutput extends DescribeDryRunProgr
  * //     },
  * //     DomainEndpointOptions: { // DomainEndpointOptions
  * //       EnforceHTTPS: true || false,
- * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //       TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //       CustomEndpointEnabled: true || false,
  * //       CustomEndpoint: "STRING_VALUE",
  * //       CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/commands/UpdateDomainConfigCommand.ts

@@ -101,7 +101,7 @@ export interface UpdateDomainConfigCommandOutput extends UpdateDomainConfigRespo
  *   },
  *   DomainEndpointOptions: { // DomainEndpointOptions
  *     EnforceHTTPS: true || false,
- *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ *     TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  *     CustomEndpointEnabled: true || false,
  *     CustomEndpoint: "STRING_VALUE",
  *     CustomEndpointCertificateArn: "STRING_VALUE",
@@ -299,7 +299,7 @@ export interface UpdateDomainConfigCommandOutput extends UpdateDomainConfigRespo
  * //     DomainEndpointOptions: { // DomainEndpointOptionsStatus
  * //       Options: { // DomainEndpointOptions
  * //         EnforceHTTPS: true || false,
- * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07",
+ * //         TLSSecurityPolicy: "Policy-Min-TLS-1-0-2019-07" || "Policy-Min-TLS-1-2-2019-07" || "Policy-Min-TLS-1-2-PFS-2023-10",
  * //         CustomEndpointEnabled: true || false,
  * //         CustomEndpoint: "STRING_VALUE",
  * //         CustomEndpointCertificateArn: "STRING_VALUE",

clients/client-opensearch/src/models/models_0.ts

@@ -1626,6 +1626,7 @@ export interface CognitoOptions {
 export const TLSSecurityPolicy = {
   POLICY_MIN_TLS_1_0_2019_07: "Policy-Min-TLS-1-0-2019-07",
   POLICY_MIN_TLS_1_2_2019_07: "Policy-Min-TLS-1-2-2019-07",
+  POLICY_MIN_TLS_1_2_PFS_2023_10: "Policy-Min-TLS-1-2-PFS-2023-10",
 } as const;
 
 /**
@@ -1659,6 +1660,11 @@ export interface DomainEndpointOptions {
    *                   <b>Policy-Min-TLS-1-2-2019-07:</b> TLS security policy that
    *      supports only TLS version 1.2</p>
    *             </li>
+   *             <li>
+   *                <p>
+   *                   <b>Policy-Min-TLS-1-2-PFS-2023-10:</b> TLS security policy that
+   *      supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites</p>
+   *             </li>
    *          </ul>
    */
   TLSSecurityPolicy?: TLSSecurityPolicy;
@@ -1977,7 +1983,9 @@ export interface CreateDomainRequest {
 
   /**
    * @public
-   * <p>The type of IP addresses supported by the endpoint for the domain.</p>
+   * <p>Specify either dual stack or IPv4 as your IP address type. Dual stack allows you to share
+   *    domain resources across IPv4 and IPv6 address types, and is the recommended option.
+   *    If you set your IP address type to dual stack, you can't change your address type later.</p>
    */
   IPAddressType?: IPAddressType;
 
@@ -2246,15 +2254,16 @@ export interface DomainStatus {
 
   /**
    * @public
-   * <p>The domain endpoint to which index and search requests are submitted. For example,
-   *     <code>search-imdb-movies-oopcnjfn6ugo.eu-west-1.es.amazonaws.com</code> or
-   *     <code>doc-imdb-movies-oopcnjfn6u.eu-west-1.es.amazonaws.com</code>.</p>
+   * <p>If <code>IPAddressType</code> to set to <code>dualstack</code>, a version 2 domain endpoint is provisioned.
+   *    This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses.
+   *    Normal endpoints work only with IPv4 IP addresses.
+   *   </p>
    */
   EndpointV2?: string;
 
   /**
    * @public
-   * <p>The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints.. Example
+   * <p>The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints. Example
    *     <code>key, value</code>:
    *     <code>'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'</code>.</p>
    */
@@ -3888,7 +3897,9 @@ export interface DomainConfig {
 
   /**
    * @public
-   * <p>The type of IP addresses supported by the endpoint for the domain.</p>
+   * <p>Choose either dual stack or IPv4 as your IP address type.
+   *    Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option.
+   *    If you set your IP address type to dual stack, you can't change your address type later.</p>
    */
   IPAddressType?: IPAddressTypeStatus;
 
@@ -4883,15 +4894,15 @@ export interface DescribePackagesRequest {
   /**
    * @public
    * <p>An optional parameter that specifies the maximum number of results to return. You can use
-   *     <code>nextToken</code> to get the next page of results.</p>
+   *    <code>nextToken</code> to get the next page of results.</p>
    */
   MaxResults?: number;
 
   /**
    * @public
    * <p>If your initial <code>DescribePackageFilters</code> operation returns a
-   *     <code>nextToken</code>, you can include the returned <code>nextToken</code> in subsequent
-   *     <code>DescribePackageFilters</code> operations, which returns results in the next page.</p>
+   *    <code>nextToken</code>, you can include the returned <code>nextToken</code> in subsequent
+   *    <code>DescribePackageFilters</code> operations, which returns results in the next page.</p>
    */
   NextToken?: string;
 }
@@ -4910,7 +4921,7 @@ export interface DescribePackagesResponse {
   /**
    * @public
    * <p>When <code>nextToken</code> is returned, there are more results available. The value of
-   *     <code>nextToken</code> is a unique pagination token for each page. Make the call again using the
+   *    <code>nextToken</code> is a unique pagination token for each page. Make the call again using the
    *    returned token to retrieve the next page.</p>
    */
   NextToken?: string;
@@ -6875,7 +6886,10 @@ export interface UpdateDomainConfigRequest {
 
   /**
    * @public
-   * <p>The type of IP addresses supported by the endpoint for the domain.</p>
+   * <p>Specify either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across
+   *    IPv4 and IPv6 address types, and is the recommended option.
+   *    If your IP address type is currently set to dual stack, you can't change it.
+   *   </p>
    */
   IPAddressType?: IPAddressType;
 

codegen/sdk-codegen/aws-models/opensearch.json

@@ -32,7 +32,7 @@
     "com.amazonaws.opensearch#ARN": {
       "type": "string",
       "traits": {
-        "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the domain. See <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html\">Identifiers for IAM Entities\n   </a> in <i>Using AWS Identity and Access Management</i> for more information.\n  </p>",
+        "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the domain. See <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/index.html\">Identifiers for IAM Entities\n  </a> in <i>Using Amazon Web Services Identity and Access Management</i> for more information.\n  </p>",
         "smithy.api#length": {
           "min": 20,
           "max": 2048
@@ -3015,7 +3015,7 @@
         "IPAddressType": {
           "target": "com.amazonaws.opensearch#IPAddressType",
           "traits": {
-            "smithy.api#documentation": "<p>The type of IP addresses supported by the endpoint for the domain.</p>"
+            "smithy.api#documentation": "<p>Specify either dual stack or IPv4 as your IP address type. Dual stack allows you to share\n   domain resources across IPv4 and IPv6 address types, and is the recommended option. \n   If you set your IP address type to dual stack, you can't change your address type later.</p>"
           }
         },
         "SnapshotOptions": {
@@ -4959,13 +4959,13 @@
           "target": "com.amazonaws.opensearch#MaxResults",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>An optional parameter that specifies the maximum number of results to return. You can use\n    <code>nextToken</code> to get the next page of results.</p>"
+            "smithy.api#documentation": "<p>An optional parameter that specifies the maximum number of results to return. You can use\n   <code>nextToken</code> to get the next page of results.</p>"
           }
         },
         "NextToken": {
           "target": "com.amazonaws.opensearch#NextToken",
           "traits": {
-            "smithy.api#documentation": "<p>If your initial <code>DescribePackageFilters</code> operation returns a\n    <code>nextToken</code>, you can include the returned <code>nextToken</code> in subsequent\n    <code>DescribePackageFilters</code> operations, which returns results in the next page.</p>"
+            "smithy.api#documentation": "<p>If your initial <code>DescribePackageFilters</code> operation returns a\n   <code>nextToken</code>, you can include the returned <code>nextToken</code> in subsequent\n   <code>DescribePackageFilters</code> operations, which returns results in the next page.</p>"
           }
         }
       },
@@ -4986,7 +4986,7 @@
         "NextToken": {
           "target": "com.amazonaws.opensearch#String",
           "traits": {
-            "smithy.api#documentation": "<p>When <code>nextToken</code> is returned, there are more results available. The value of\n    <code>nextToken</code> is a unique pagination token for each page. Make the call again using the\n   returned token to retrieve the next page.</p>"
+            "smithy.api#documentation": "<p>When <code>nextToken</code> is returned, there are more results available. The value of\n   <code>nextToken</code> is a unique pagination token for each page. Make the call again using the\n   returned token to retrieve the next page.</p>"
           }
         }
       },
@@ -5378,7 +5378,7 @@
         "IPAddressType": {
           "target": "com.amazonaws.opensearch#IPAddressTypeStatus",
           "traits": {
-            "smithy.api#documentation": "<p>The type of IP addresses supported by the endpoint for the domain.</p>"
+            "smithy.api#documentation": "<p>Choose either dual stack or IPv4 as your IP address type. \n   Dual stack allows you to share domain resources across IPv4 and IPv6 address types, and is the recommended option. \n   If you set your IP address type to dual stack, you can't change your address type later.</p>"
           }
         },
         "SnapshotOptions": {
@@ -5476,7 +5476,7 @@
         "TLSSecurityPolicy": {
           "target": "com.amazonaws.opensearch#TLSSecurityPolicy",
           "traits": {
-            "smithy.api#documentation": "<p>Specify the TLS security policy to apply to the HTTPS endpoint of the domain. The policy can\n   be one of the following values:</p>\n         <ul>\n            <li>\n               <p>\n                  <b>Policy-Min-TLS-1-0-2019-07:</b> TLS security policy that\n     supports TLS version 1.0 to TLS version 1.2</p>\n            </li>\n            <li>\n               <p>\n                  <b>Policy-Min-TLS-1-2-2019-07:</b> TLS security policy that\n     supports only TLS version 1.2</p>\n            </li>\n         </ul>"
+            "smithy.api#documentation": "<p>Specify the TLS security policy to apply to the HTTPS endpoint of the domain. The policy can\n   be one of the following values:</p>\n         <ul>\n            <li>\n               <p>\n                  <b>Policy-Min-TLS-1-0-2019-07:</b> TLS security policy that\n     supports TLS version 1.0 to TLS version 1.2</p>\n            </li>\n            <li>\n               <p>\n                  <b>Policy-Min-TLS-1-2-2019-07:</b> TLS security policy that\n     supports only TLS version 1.2</p>\n            </li>\n            <li>\n               <p>\n                  <b>Policy-Min-TLS-1-2-PFS-2023-10:</b> TLS security policy that\n     supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites</p>\n            </li>\n         </ul>"
           }
         },
         "CustomEndpointEnabled": {
@@ -5932,12 +5932,15 @@
           }
         },
         "EndpointV2": {
-          "target": "com.amazonaws.opensearch#ServiceUrl"
+          "target": "com.amazonaws.opensearch#ServiceUrl",
+          "traits": {
+            "smithy.api#documentation": "<p>If <code>IPAddressType</code> to set to <code>dualstack</code>, a version 2 domain endpoint is provisioned.\n   This endpoint functions like a normal endpoint, except that it works with both IPv4 and IPv6 IP addresses.\n   Normal endpoints work only with IPv4 IP addresses.\n  </p>"
+          }
         },
         "Endpoints": {
           "target": "com.amazonaws.opensearch#EndpointsMap",
           "traits": {
-            "smithy.api#documentation": "<p>The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints.. Example\n    <code>key, value</code>:\n    <code>'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'</code>.</p>"
+            "smithy.api#documentation": "<p>The key-value pair that exists if the OpenSearch Service domain uses VPC endpoints. Example\n    <code>key, value</code>:\n    <code>'vpc','vpc-endpoint-h2dsd34efgyghrtguk5gt6j2foh4.us-east-1.es.amazonaws.com'</code>.</p>"
           }
         },
         "Processing": {
@@ -10966,7 +10969,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>The status of <code>SkipUnavailable</code> setting for the outbound connection.</p>\n         <ul>\n            <li>\n               <p>\n                  <b>ENABLED</b> - The <code>SkipUnavailable</code> setting is enabled\n    for the connection.</p>\n            </li>\n            <li>\n               <p>\n                  <b>DISABLED</b> - The <code>SkipUnavailable</code> setting is disabled\n     for the connection.</p>\n            </li>\n         </ul>"
+        "smithy.api#documentation": "<p>The status of <code>SkipUnavailable</code> setting for the outbound connection.</p>\n         <ul>\n            <li>\n               <p>\n                  <b>ENABLED</b> - The <code>SkipUnavailable</code> setting is enabled\n     for the connection.</p>\n            </li>\n            <li>\n               <p>\n                  <b>DISABLED</b> - The <code>SkipUnavailable</code> setting is disabled\n     for the connection.</p>\n            </li>\n         </ul>"
       }
     },
     "com.amazonaws.opensearch#SlotList": {
@@ -11339,6 +11342,12 @@
           "traits": {
             "smithy.api#enumValue": "Policy-Min-TLS-1-2-2019-07"
           }
+        },
+        "POLICY_MIN_TLS_1_2_PFS_2023_10": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "Policy-Min-TLS-1-2-PFS-2023-10"
+          }
         }
       }
     },
@@ -11610,7 +11619,7 @@
         "IPAddressType": {
           "target": "com.amazonaws.opensearch#IPAddressType",
           "traits": {
-            "smithy.api#documentation": "<p>The type of IP addresses supported by the endpoint for the domain.</p>"
+            "smithy.api#documentation": "<p>Specify either dual stack or IPv4 as your IP address type. Dual stack allows you to share domain resources across\n   IPv4 and IPv6 address types, and is the recommended option. \n   If your IP address type is currently set to dual stack, you can't change it.\n  </p>"
           }
         },
         "LogPublishingOptions": {