diff --git a/awscli/examples/cloudfront/create-distribution.rst b/awscli/examples/cloudfront/create-distribution.rst index f316ee43603a..c2b2140e53d5 100644 --- a/awscli/examples/cloudfront/create-distribution.rst +++ b/awscli/examples/cloudfront/create-distribution.rst @@ -1,123 +1,12 @@ -**To create a CloudFront distribution** +**Example 1: To create a CloudFront distribution** -The following example creates a distribution for an S3 bucket named -``awsexamplebucket``, and also specifies ``index.html`` as the default root -object, using command line arguments:: +The following example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using command line arguments. :: aws cloudfront create-distribution \ - --origin-domain-name awsexamplebucket.s3.amazonaws.com \ + --origin-domain-name amzn-s3-demo-bucket.s3.amazonaws.com \ --default-root-object index.html -Instead of using command line arguments, you can provide the distribution -configuration in a JSON file, as shown in the following example:: - - aws cloudfront create-distribution \ - --distribution-config file://dist-config.json - -The file ``dist-config.json`` is a JSON document in the current folder that -contains the following:: - - { - "CallerReference": "cli-example", - "Aliases": { - "Quantity": 0 - }, - "DefaultRootObject": "index.html", - "Origins": { - "Quantity": 1, - "Items": [ - { - "Id": "awsexamplebucket.s3.amazonaws.com-cli-example", - "DomainName": "awsexamplebucket.s3.amazonaws.com", - "OriginPath": "", - "CustomHeaders": { - "Quantity": 0 - }, - "S3OriginConfig": { - "OriginAccessIdentity": "" - } - } - ] - }, - "OriginGroups": { - "Quantity": 0 - }, - "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-cli-example", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, - "TrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, - "AllowedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ], - "CachedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ] - } - }, - "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, - "LambdaFunctionAssociations": { - "Quantity": 0 - }, - "FieldLevelEncryptionId": "" - }, - "CacheBehaviors": { - "Quantity": 0 - }, - "CustomErrorResponses": { - "Quantity": 0 - }, - "Comment": "", - "Logging": { - "Enabled": false, - "IncludeCookies": false, - "Bucket": "", - "Prefix": "" - }, - "PriceClass": "PriceClass_All", - "Enabled": true, - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true, - "MinimumProtocolVersion": "TLSv1", - "CertificateSource": "cloudfront" - }, - "Restrictions": { - "GeoRestriction": { - "RestrictionType": "none", - "Quantity": 0 - } - }, - "WebACLId": "", - "HttpVersion": "http2", - "IsIPV6Enabled": true - } - -Whether you provide the distribution information with a command line argument -or a JSON file, the output is the same:: +Output:: { "Location": "https://cloudfront.amazonaws.com/2019-03-26/distribution/EMLARXS9EXAMPLE", @@ -143,8 +32,8 @@ or a JSON file, the output is the same:: "Quantity": 1, "Items": [ { - "Id": "awsexamplebucket.s3.amazonaws.com-cli-example", - "DomainName": "awsexamplebucket.s3.amazonaws.com", + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 @@ -159,7 +48,7 @@ or a JSON file, the output is the same:: "Quantity": 0 }, "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-cli-example", + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { @@ -233,3 +122,114 @@ or a JSON file, the output is the same:: } } } + +**Example 2: To create a CloudFront distribution using a JSON file** + +The following example creates a distribution for an S3 bucket named ``amzn-s3-demo-bucket``, and also specifies ``index.html`` as the default root object, using a JSON file. :: + + aws cloudfront create-distribution \ + --distribution-config file://dist-config.json + + +Contents of ``dist-config.json``:: + + { + "CallerReference": "cli-example", + "Aliases": { + "Quantity": 0 + }, + "DefaultRootObject": "index.html", + "Origins": { + "Quantity": 1, + "Items": [ + { + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", + "OriginPath": "", + "CustomHeaders": { + "Quantity": 0 + }, + "S3OriginConfig": { + "OriginAccessIdentity": "" + } + } + ] + }, + "OriginGroups": { + "Quantity": 0 + }, + "DefaultCacheBehavior": { + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "ForwardedValues": { + "QueryString": false, + "Cookies": { + "Forward": "none" + }, + "Headers": { + "Quantity": 0 + }, + "QueryStringCacheKeys": { + "Quantity": 0 + } + }, + "TrustedSigners": { + "Enabled": false, + "Quantity": 0 + }, + "ViewerProtocolPolicy": "allow-all", + "MinTTL": 0, + "AllowedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ], + "CachedMethods": { + "Quantity": 2, + "Items": [ + "HEAD", + "GET" + ] + } + }, + "SmoothStreaming": false, + "DefaultTTL": 86400, + "MaxTTL": 31536000, + "Compress": false, + "LambdaFunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "" + }, + "CacheBehaviors": { + "Quantity": 0 + }, + "CustomErrorResponses": { + "Quantity": 0 + }, + "Comment": "", + "Logging": { + "Enabled": false, + "IncludeCookies": false, + "Bucket": "", + "Prefix": "" + }, + "PriceClass": "PriceClass_All", + "Enabled": true, + "ViewerCertificate": { + "CloudFrontDefaultCertificate": true, + "MinimumProtocolVersion": "TLSv1", + "CertificateSource": "cloudfront" + }, + "Restrictions": { + "GeoRestriction": { + "RestrictionType": "none", + "Quantity": 0 + } + }, + "WebACLId": "", + "HttpVersion": "http2", + "IsIPV6Enabled": true + } + +See Example 1 for sample output. \ No newline at end of file diff --git a/awscli/examples/cloudfront/get-distribution-config.rst b/awscli/examples/cloudfront/get-distribution-config.rst index 8fd58446a880..af0192304fb7 100644 --- a/awscli/examples/cloudfront/get-distribution-config.rst +++ b/awscli/examples/cloudfront/get-distribution-config.rst @@ -1,13 +1,9 @@ **To get a CloudFront distribution configuration** -The following example gets metadata about the CloudFront distribution with the -ID ``EDFDVBD6EXAMPLE``, including its ``ETag``. The distribution ID is returned -in the `create-distribution `_ and -`list-distributions `_ commands. +The following example gets metadata about the CloudFront distribution with the ID ``EDFDVBD6EXAMPLE``, including its ``ETag``. The distribution ID is returned in the `create-distribution `__ and `list-distributions `__ commands. :: -:: - - aws cloudfront get-distribution-config --id EDFDVBD6EXAMPLE + aws cloudfront get-distribution-config \ + --id EDFDVBD6EXAMPLE Output:: @@ -23,8 +19,8 @@ Output:: "Quantity": 1, "Items": [ { - "Id": "awsexamplebucket.s3.amazonaws.com-cli-example", - "DomainName": "awsexamplebucket.s3.amazonaws.com", + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 @@ -39,7 +35,7 @@ Output:: "Quantity": 0 }, "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-cli-example", + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-cli-example", "ForwardedValues": { "QueryString": false, "Cookies": { diff --git a/awscli/examples/cloudfront/list-distributions.rst b/awscli/examples/cloudfront/list-distributions.rst index 4fdbaaa12f54..f44982cfd99f 100644 --- a/awscli/examples/cloudfront/list-distributions.rst +++ b/awscli/examples/cloudfront/list-distributions.rst @@ -1,7 +1,6 @@ **To list CloudFront distributions** -The following example gets a list of the CloudFront distributions in your AWS -account:: +The following example gets a list of the CloudFront distributions in your AWS account. :: aws cloudfront list-distributions @@ -11,231 +10,11 @@ Output:: "DistributionList": { "Items": [ { - "Id": "EMLARXS9EXAMPLE", - "ARN": "arn:aws:cloudfront::123456789012:distribution/EMLARXS9EXAMPLE", - "Status": "InProgress", - "LastModifiedTime": "2019-11-22T00:55:15.705Z", - "InProgressInvalidationBatches": 0, - "DomainName": "d111111abcdef8.cloudfront.net", - "ActiveTrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "DistributionConfig": { - "CallerReference": "cli-example", - "Aliases": { - "Quantity": 0 - }, - "DefaultRootObject": "index.html", - "Origins": { - "Quantity": 1, - "Items": [ - { - "Id": "awsexamplebucket.s3.amazonaws.com-cli-example", - "DomainName": "awsexamplebucket.s3.amazonaws.com", - "OriginPath": "", - "CustomHeaders": { - "Quantity": 0 - }, - "S3OriginConfig": { - "OriginAccessIdentity": "" - } - } - ] - }, - "OriginGroups": { - "Quantity": 0 - }, - "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-cli-example", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, - "TrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, - "AllowedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ], - "CachedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ] - } - }, - "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, - "LambdaFunctionAssociations": { - "Quantity": 0 - }, - "FieldLevelEncryptionId": "" - }, - "CacheBehaviors": { - "Quantity": 0 - }, - "CustomErrorResponses": { - "Quantity": 0 - }, - "Comment": "", - "Logging": { - "Enabled": false, - "IncludeCookies": false, - "Bucket": "", - "Prefix": "" - }, - "PriceClass": "PriceClass_All", - "Enabled": true, - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true, - "MinimumProtocolVersion": "TLSv1", - "CertificateSource": "cloudfront" - }, - "Restrictions": { - "GeoRestriction": { - "RestrictionType": "none", - "Quantity": 0 - } - }, - "WebACLId": "", - "HttpVersion": "http2", - "IsIPV6Enabled": true - } - }, - { - "Id": "EDFDVBD6EXAMPLE", - "ARN": "arn:aws:cloudfront::123456789012:distribution/EDFDVBD6EXAMPLE", - "Status": "InProgress", - "LastModifiedTime": "2019-12-04T23:35:41.433Z", - "InProgressInvalidationBatches": 0, - "DomainName": "d930174dauwrn8.cloudfront.net", - "ActiveTrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "DistributionConfig": { - "CallerReference": "cli-example", - "Aliases": { - "Quantity": 0 - }, - "DefaultRootObject": "index.html", - "Origins": { - "Quantity": 1, - "Items": [ - { - "Id": "awsexamplebucket1.s3.amazonaws.com-cli-example", - "DomainName": "awsexamplebucket1.s3.amazonaws.com", - "OriginPath": "", - "CustomHeaders": { - "Quantity": 0 - }, - "S3OriginConfig": { - "OriginAccessIdentity": "" - } - } - ] - }, - "OriginGroups": { - "Quantity": 0 - }, - "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket1.s3.amazonaws.com-cli-example", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, - "TrustedSigners": { - "Enabled": false, - "Quantity": 0 - }, - "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, - "AllowedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ], - "CachedMethods": { - "Quantity": 2, - "Items": [ - "HEAD", - "GET" - ] - } - }, - "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, - "LambdaFunctionAssociations": { - "Quantity": 0 - }, - "FieldLevelEncryptionId": "" - }, - "CacheBehaviors": { - "Quantity": 0 - }, - "CustomErrorResponses": { - "Quantity": 0 - }, - "Comment": "", - "Logging": { - "Enabled": false, - "IncludeCookies": false, - "Bucket": "", - "Prefix": "" - }, - "PriceClass": "PriceClass_All", - "Enabled": true, - "ViewerCertificate": { - "CloudFrontDefaultCertificate": true, - "MinimumProtocolVersion": "TLSv1", - "CertificateSource": "cloudfront" - }, - "Restrictions": { - "GeoRestriction": { - "RestrictionType": "none", - "Quantity": 0 - } - }, - "WebACLId": "", - "HttpVersion": "http2", - "IsIPV6Enabled": true - } - }, - { - "Id": "E1X5IZQEXAMPLE", - "ARN": "arn:aws:cloudfront::123456789012:distribution/E1X5IZQEXAMPLE", + "Id": "E23YS8OEXAMPLE", + "ARN": "arn:aws:cloudfront::123456789012:distribution/E23YS8OEXAMPLE", "Status": "Deployed", - "LastModifiedTime": "2019-11-06T21:31:48.864Z", - "DomainName": "d2e04y12345678.cloudfront.net", + "LastModifiedTime": "2024-08-05T18:23:40.375000+00:00", + "DomainName": "abcdefgh12ijk.cloudfront.net", "Aliases": { "Quantity": 0 }, @@ -243,15 +22,21 @@ Output:: "Quantity": 1, "Items": [ { - "Id": "awsexamplebucket2", - "DomainName": "awsexamplebucket2.s3.us-west-2.amazonaws.com", + "Id": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", + "DomainName": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 }, "S3OriginConfig": { "OriginAccessIdentity": "" - } + }, + "ConnectionAttempts": 3, + "ConnectionTimeout": 10, + "OriginShield": { + "Enabled": false + }, + "OriginAccessControlId": "EIAP8PEXAMPLE" } ] }, @@ -259,25 +44,16 @@ Output:: "Quantity": 0 }, "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket2", - "ForwardedValues": { - "QueryString": false, - "Cookies": { - "Forward": "none" - }, - "Headers": { - "Quantity": 0 - }, - "QueryStringCacheKeys": { - "Quantity": 0 - } - }, + "TargetOriginId": "amzn-s3-demo-bucket.s3.us-east-1.amazonaws.com", "TrustedSigners": { "Enabled": false, "Quantity": 0 }, + "TrustedKeyGroups": { + "Enabled": false, + "Quantity": 0 + }, "ViewerProtocolPolicy": "allow-all", - "MinTTL": 0, "AllowedMethods": { "Quantity": 2, "Items": [ @@ -293,13 +69,15 @@ Output:: } }, "SmoothStreaming": false, - "DefaultTTL": 86400, - "MaxTTL": 31536000, - "Compress": false, + "Compress": true, "LambdaFunctionAssociations": { "Quantity": 0 }, - "FieldLevelEncryptionId": "" + "FunctionAssociations": { + "Quantity": 0 + }, + "FieldLevelEncryptionId": "", + "CachePolicyId": "658327ea-f89d-4fab-a63d-7e886EXAMPLE" }, "CacheBehaviors": { "Quantity": 0 @@ -312,6 +90,7 @@ Output:: "Enabled": true, "ViewerCertificate": { "CloudFrontDefaultCertificate": true, + "SSLSupportMethod": "vip", "MinimumProtocolVersion": "TLSv1", "CertificateSource": "cloudfront" }, @@ -322,8 +101,9 @@ Output:: } }, "WebACLId": "", - "HttpVersion": "HTTP1_1", - "IsIPV6Enabled": true + "HttpVersion": "HTTP2", + "IsIPV6Enabled": true, + "Staging": false } ] } diff --git a/awscli/examples/cloudfront/update-distribution.rst b/awscli/examples/cloudfront/update-distribution.rst index 049fa762be24..cf8c9692718e 100644 --- a/awscli/examples/cloudfront/update-distribution.rst +++ b/awscli/examples/cloudfront/update-distribution.rst @@ -1,9 +1,9 @@ -**To update a CloudFront distribution's default root object** +**Example 1: To update a CloudFront distribution's default root object** -The following example updates the default root object to ``index.html`` for the -CloudFront distribution with the ID ``EDFDVBD6EXAMPLE``:: +The following example updates the default root object to ``index.html`` for the CloudFront distribution with the ID ``EDFDVBD6EXAMPLE``. :: - aws cloudfront update-distribution --id EDFDVBD6EXAMPLE \ + aws cloudfront update-distribution \ + --id EDFDVBD6EXAMPLE \ --default-root-object index.html Output:: @@ -136,28 +136,20 @@ Output:: } } -**To update a CloudFront distribution** - -The following example disables the CloudFront distribution with the ID -``EMLARXS9EXAMPLE`` by providing the distribution configuration in a JSON file -named ``dist-config-disable.json``. To update a distribution, you must use the -``--if-match`` option to provide the distribution's ``ETag``. To get the -``ETag``, use the `get-distribution `_ or -`get-distribution-config `_ command. +**Example 2: To update a CloudFront distribution** -After you use the following example to disable a distribution, you can use the -`delete-distribution `_ command to delete it. +The following example disables the CloudFront distribution with the ID ``EMLARXS9EXAMPLE`` by providing the distribution configuration in a JSON file named ``dist-config-disable.json``. To update a distribution, you must use the ``--if-match`` option to provide the distribution's ``ETag``. To get the +``ETag``, use the `get-distribution `_ or `get-distribution-config `_ command. Note that the ``Enabled`` field is set to +``false`` in the JSON file. -:: +After you use the following example to disable a distribution, you can use the `delete-distribution `_ command to delete it. :: aws cloudfront update-distribution \ --id EMLARXS9EXAMPLE \ --if-match E2QWRUHEXAMPLE \ --distribution-config file://dist-config-disable.json -The file ``dist-config-disable.json`` is a JSON document in the current folder -that contains the following. Note that the ``Enabled`` field is set to -``false``:: +Contents of ``dist-config-disable.json``:: { "CallerReference": "cli-1574382155-496510", @@ -169,8 +161,8 @@ that contains the following. Note that the ``Enabled`` field is set to "Quantity": 1, "Items": [ { - "Id": "awsexamplebucket.s3.amazonaws.com-1574382155-273939", - "DomainName": "awsexamplebucket.s3.amazonaws.com", + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-1574382155-273939", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 @@ -185,7 +177,7 @@ that contains the following. Note that the ``Enabled`` field is set to "Quantity": 0 }, "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-1574382155-273939", + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { @@ -283,8 +275,8 @@ Output:: "Quantity": 1, "Items": [ { - "Id": "awsexamplebucket.s3.amazonaws.com-1574382155-273939", - "DomainName": "awsexamplebucket.s3.amazonaws.com", + "Id": "amzn-s3-demo-bucket.s3.amazonaws.com-1574382155-273939", + "DomainName": "amzn-s3-demo-bucket.s3.amazonaws.com", "OriginPath": "", "CustomHeaders": { "Quantity": 0 @@ -299,7 +291,7 @@ Output:: "Quantity": 0 }, "DefaultCacheBehavior": { - "TargetOriginId": "awsexamplebucket.s3.amazonaws.com-1574382155-273939", + "TargetOriginId": "amzn-s3-demo-bucket.s3.amazonaws.com-1574382155-273939", "ForwardedValues": { "QueryString": false, "Cookies": { diff --git a/awscli/examples/cognito-idp/admim-disable-user.rst b/awscli/examples/cognito-idp/admim-disable-user.rst deleted file mode 100644 index 57e8ec369d44..000000000000 --- a/awscli/examples/cognito-idp/admim-disable-user.rst +++ /dev/null @@ -1,8 +0,0 @@ -**To disable a user** - -This example disables user jane@example.com. - -Command:: - - aws cognito-idp admin-disable-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com - diff --git a/awscli/examples/cognito-idp/admim-enable-user.rst b/awscli/examples/cognito-idp/admim-enable-user.rst deleted file mode 100644 index 79bc468e4b3c..000000000000 --- a/awscli/examples/cognito-idp/admim-enable-user.rst +++ /dev/null @@ -1,8 +0,0 @@ -**To enable a user** - -This example enables username jane@example.com. - -Command:: - - aws cognito-idp admin-enable-user --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com - diff --git a/awscli/examples/cognito-idp/admin-disable-provider-for-user.rst b/awscli/examples/cognito-idp/admin-disable-provider-for-user.rst new file mode 100644 index 000000000000..2d1209dd74b5 --- /dev/null +++ b/awscli/examples/cognito-idp/admin-disable-provider-for-user.rst @@ -0,0 +1,9 @@ +**To unlink a federated user from a local user profile** + +The following ``admin-disable-provider-for-user`` example disconnects a Google user from their linked local profile. :: + + aws cognito-idp admin-disable-provider-for-user \ + --user-pool-id us-west-2_EXAMPLE \ + --user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google + +For more information, see `Linking federated users to an existing user profile `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-disable-user.rst b/awscli/examples/cognito-idp/admin-disable-user.rst new file mode 100644 index 000000000000..023745bf183a --- /dev/null +++ b/awscli/examples/cognito-idp/admin-disable-user.rst @@ -0,0 +1,9 @@ +**To prevent sign-in by a user** + +The following ``admin-disable-user`` example prevents sign-in by the user ``diego@example.com``. :: + + aws cognito-idp admin-disable-user \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego@example.com + +For more information, see `Managing users `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-enable-user.rst b/awscli/examples/cognito-idp/admin-enable-user.rst new file mode 100644 index 000000000000..4a03faf7ebc6 --- /dev/null +++ b/awscli/examples/cognito-idp/admin-enable-user.rst @@ -0,0 +1,9 @@ +**To enable sign-in by a user** + +The following ``admin-enable-user`` example enables sign-in by the user diego@example.com. :: + + aws cognito-idp admin-enable-user \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego@example.com + +For more information, see `Managing users `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-get-device.rst b/awscli/examples/cognito-idp/admin-get-device.rst index 92fff255ed2c..7ed62712441e 100644 --- a/awscli/examples/cognito-idp/admin-get-device.rst +++ b/awscli/examples/cognito-idp/admin-get-device.rst @@ -1,8 +1,51 @@ -**To get a device** - -This example gets a device for username jane@example.com - -Command:: - - aws cognito-idp admin-get-device --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com --device-key us-west-2_abcd_1234-5678 - +**To get a device** + +The following ``admin-get-device`` example displays one device for the user ``diego``. :: + + aws cognito-idp admin-get-device \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego \ + --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 + +Output:: + + { + "Device": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceAttributes": [ + { + "Name": "device_status", + "Value": "valid" + }, + { + "Name": "device_name", + "Value": "MyDevice" + }, + { + "Name": "dev:device_arn", + "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + }, + { + "Name": "dev:device_owner", + "Value": "diego.us-west-2_EXAMPLE" + }, + { + "Name": "last_ip_used", + "Value": "192.0.2.1" + }, + { + "Name": "dev:device_remembered_status", + "Value": "remembered" + }, + { + "Name": "dev:device_sdk", + "Value": "aws-sdk" + } + ], + "DeviceCreateDate": 1715100742.022, + "DeviceLastModifiedDate": 1723233651.167, + "DeviceLastAuthenticatedDate": 1715100742.0 + } + } + +For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-initiate-auth.rst b/awscli/examples/cognito-idp/admin-initiate-auth.rst index bdb01054c454..2e54deec5104 100644 --- a/awscli/examples/cognito-idp/admin-initiate-auth.rst +++ b/awscli/examples/cognito-idp/admin-initiate-auth.rst @@ -1,25 +1,24 @@ -**To initiate authorization** - -This example initiates authorization using the ADMIN_NO_SRP_AUTH flow for username jane@example.com - -The client must have sign-in API for server-based authentication (ADMIN_NO_SRP_AUTH) enabled. - -Use the session information in the return value to call `admin-respond-to-auth-challenge`_. - -Command:: - - aws cognito-idp admin-initiate-auth --user-pool-id us-west-2_aaaaaaaaa --client-id 3n4b5urk1ft4fl3mg5e62d9ado --auth-flow ADMIN_NO_SRP_AUTH --auth-parameters USERNAME=jane@example.com,PASSWORD=password - -Output:: - - { - "ChallengeName": "NEW_PASSWORD_REQUIRED", - "Session": "SESSION", - "ChallengeParameters": { - "USER_ID_FOR_SRP": "84514837-dcbc-4af1-abff-f3c109334894", - "requiredAttributes": "[]", - "userAttributes": "{\"email_verified\":\"true\",\"phone_number_verified\":\"true\",\"phone_number\":\"+01xxx5550100\",\"email\":\"jane@example.com\"}" - } - } - -.. _`admin-respond-to-auth-challenge`: https://docs.aws.amazon.com/cli/latest/reference/cognito-idp/admin-respond-to-auth-challenge.html \ No newline at end of file +**To sign in a user as an admin** + +The following ``admin-initiate-auth`` example signs in the user diego@example.com. This example also includes metadata for threat protection and ClientMetadata for Lambda triggers. The user is configured for TOTP MFA and receives a challenge to provide a code from their authenticator app before they can complete authentication. :: + + aws cognito-idp admin-initiate-auth \ + --user-pool-id us-west-2_EXAMPLE \ + --client-id 1example23456789 \ + --auth-flow ADMIN_USER_PASSWORD_AUTH \ + --auth-parameters USERNAME=diego@example.com,PASSWORD="My@Example$Password3!",SECRET_HASH=ExampleEncodedClientIdSecretAndUsername= \ + --context-data="{\"EncodedData\":\"abc123example\",\"HttpHeaders\":[{\"headerName\":\"UserAgent\",\"headerValue\":\"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0\"}],\"IpAddress\":\"192.0.2.1\",\"ServerName\":\"example.com\",\"ServerPath\":\"/login\"}" \ + --client-metadata="{\"MyExampleKey\": \"MyExampleValue\"}" + +Output:: + + { + "ChallengeName": "SOFTWARE_TOKEN_MFA", + "Session": "AYABeExample...", + "ChallengeParameters": { + "FRIENDLY_DEVICE_NAME": "MyAuthenticatorApp", + "USER_ID_FOR_SRP": "diego@example.com" + } + } + +For more information, see `Admin authentication flow `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-link-provider-for-user.rst b/awscli/examples/cognito-idp/admin-link-provider-for-user.rst new file mode 100644 index 000000000000..4316adb214fd --- /dev/null +++ b/awscli/examples/cognito-idp/admin-link-provider-for-user.rst @@ -0,0 +1,10 @@ +**To link a local user to a federated user** + +The following ``admin-link-provider-for-user`` example links the local user diego to a user who will do federated sign-in with Google. :: + + aws cognito-idp admin-link-provider-for-user \ + --user-pool-id us-west-2_EXAMPLE \ + --destination-user ProviderName=Cognito,ProviderAttributeValue=diego \ + --source-user ProviderAttributeName=Cognito_Subject,ProviderAttributeValue=0000000000000000,ProviderName=Google + +For more information, see `Linking federated users to an existing user profile `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-list-devices.rst b/awscli/examples/cognito-idp/admin-list-devices.rst index 2b710876d04a..6f150de3ebd6 100644 --- a/awscli/examples/cognito-idp/admin-list-devices.rst +++ b/awscli/examples/cognito-idp/admin-list-devices.rst @@ -1,7 +1,53 @@ -**To list devices for a user** - -This example lists devices for username jane@example.com. - -Command:: - - aws cognito-idp admin-list-devices --user-pool-id us-west-2_aaaaaaaaa --username jane@example.com +**To list devices for a user** + +The following ``admin-list-devices`` example lists devices for the user diego. :: + + aws cognito-idp admin-list-devices \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego \ + --limit 1 + +Output:: + + { + "Devices": [ + { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceAttributes": [ + { + "Name": "device_status", + "Value": "valid" + }, + { + "Name": "device_name", + "Value": "MyDevice" + }, + { + "Name": "dev:device_arn", + "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + }, + { + "Name": "dev:device_owner", + "Value": "diego.us-west-2_EXAMPLE" + }, + { + "Name": "last_ip_used", + "Value": "192.0.2.1" + }, + { + "Name": "dev:device_remembered_status", + "Value": "remembered" + }, + { + "Name": "dev:device_sdk", + "Value": "aws-sdk" + } + ], + "DeviceCreateDate": 1715100742.022, + "DeviceLastModifiedDate": 1723233651.167, + "DeviceLastAuthenticatedDate": 1715100742.0 + } + ] + } + +For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-list-user-auth-events.rst b/awscli/examples/cognito-idp/admin-list-user-auth-events.rst index eeff1edbe52d..066e32060180 100644 --- a/awscli/examples/cognito-idp/admin-list-user-auth-events.rst +++ b/awscli/examples/cognito-idp/admin-list-user-auth-events.rst @@ -1,8 +1,40 @@ -**To list authorization events for a user** - -This example lists authorization events for username diego@example.com. - -Command:: - - aws cognito-idp admin-list-user-auth-events --user-pool-id us-west-2_aaaaaaaaa --username diego@example.com - +**To list authorization events for a user** + +The following ``admin-list-user-auth-events`` example lists the most recent user activity log event for the user diego. :: + + aws cognito-idp admin-list-user-auth-events \ + --user-pool-id us-west-2_ywDJHlIfU \ + --username brcotter+050123 \ + --max-results 1 + +Output:: + + { + "AuthEvents": [ + { + "EventId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222", + "EventType": "SignIn", + "CreationDate": 1726694203.495, + "EventResponse": "InProgress", + "EventRisk": { + "RiskDecision": "AccountTakeover", + "RiskLevel": "Medium", + "CompromisedCredentialsDetected": false + }, + "ChallengeResponses": [ + { + "ChallengeName": "Password", + "ChallengeResponse": "Success" + } + ], + "EventContextData": { + "IpAddress": "192.0.2.1", + "City": "Seattle", + "Country": "United States" + } + } + ], + "NextToken": "a1b2c3d4-5678-90ab-cdef-EXAMPLE22222#2024-09-18T21:16:43.495Z" + } + +For more information, see `Viewing and exporting user event history `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-respond-to-auth-challenge.rst b/awscli/examples/cognito-idp/admin-respond-to-auth-challenge.rst new file mode 100644 index 000000000000..6ae67f4208e4 --- /dev/null +++ b/awscli/examples/cognito-idp/admin-respond-to-auth-challenge.rst @@ -0,0 +1,29 @@ +**To respond to an authentication challenge** + +There are many ways to respond to different authentication challenges, depending on your authentication flow, user pool configuration, and user settings. The following ``admin-respond-to-auth-challenge`` example provides a TOTP MFA code for diego@example.com and completes sign-in. This user pool has device remembering turned on, so the authentication result also returns a new device key. :: + + aws cognito-idp admin-respond-to-auth-challenge \ + --user-pool-id us-west-2_EXAMPLE \ + --client-id 1example23456789 \ + --challenge-name SOFTWARE_TOKEN_MFA \ + --challenge-responses USERNAME=diego@example.com,SOFTWARE_TOKEN_MFA_CODE=000000 \ + --session AYABeExample... + +Output:: + + { + "ChallengeParameters": {}, + "AuthenticationResult": { + "AccessToken": "eyJra456defEXAMPLE", + "ExpiresIn": 3600, + "TokenType": "Bearer", + "RefreshToken": "eyJra123abcEXAMPLE", + "IdToken": "eyJra789ghiEXAMPLE", + "NewDeviceMetadata": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceGroupKey": "-ExAmPlE1" + } + } + } + +For more information, see `Admin authentication flow `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-set-user-password.rst b/awscli/examples/cognito-idp/admin-set-user-password.rst new file mode 100644 index 000000000000..88bdabf591d7 --- /dev/null +++ b/awscli/examples/cognito-idp/admin-set-user-password.rst @@ -0,0 +1,13 @@ +**To set a user password as an admin** + +The following ``admin-set-user-password`` example permanently sets the password for diego@example.com. :: + + aws cognito-idp admin-set-user-password \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego@example.com \ + --password MyExamplePassword1! \ + --permanent + +This command produces no output. + +For more information, see `Passwords, password recovery, and password policies `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/admin-user-global-sign-out.rst b/awscli/examples/cognito-idp/admin-user-global-sign-out.rst new file mode 100644 index 000000000000..dc6365e40d40 --- /dev/null +++ b/awscli/examples/cognito-idp/admin-user-global-sign-out.rst @@ -0,0 +1,9 @@ +**To sign out a user as an admin** + +The following ``admin-user-global-sign-out`` example signs out the user diego@example.com. :: + + aws cognito-idp admin-user-global-sign-out \ + --user-pool-id us-west-2_EXAMPLE \ + --username diego@example.com + +For more information, see `Authentication with a user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/associate-software-token.rst b/awscli/examples/cognito-idp/associate-software-token.rst new file mode 100644 index 000000000000..9a72f3db15ac --- /dev/null +++ b/awscli/examples/cognito-idp/associate-software-token.rst @@ -0,0 +1,14 @@ +**To generate a secret key for an MFA authenticator app** + +The following ``associate-software-token`` example generates a TOTP private key for a user who has signed in and received an access token. The resulting private key can be manually entered into an authenticator app, or applications can render it as a QR code that the user can scan. :: + + aws cognito-idp associate-software-token \ + --access-token eyJra456defEXAMPLE + +Output:: + + { + "SecretCode": "QWERTYUIOP123456EXAMPLE" + } + +For more information, see `TOTP software token MFA `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/confirm-device.rst b/awscli/examples/cognito-idp/confirm-device.rst new file mode 100644 index 000000000000..6b391fb6d690 --- /dev/null +++ b/awscli/examples/cognito-idp/confirm-device.rst @@ -0,0 +1,16 @@ +**To confirm a user device** + +The following ``confirm-device`` example adds a new remembered device for the current user. :: + + aws cognito-idp confirm-device \ + --access-token eyJra456defEXAMPLE \ + --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \ + --device-secret-verifier-config PasswordVerifier=TXlWZXJpZmllclN0cmluZw,Salt=TXlTUlBTYWx0 + +Output:: + + { + "UserConfirmationNecessary": false + } + +For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/create-identity-provider.rst b/awscli/examples/cognito-idp/create-identity-provider.rst new file mode 100644 index 000000000000..fd66f4b2d9c7 --- /dev/null +++ b/awscli/examples/cognito-idp/create-identity-provider.rst @@ -0,0 +1,102 @@ +**Example 1: To create a user pool SAML identity provider (IdP) with a metadata URL** + +The following ``create-identity-provider`` example creates a new SAML IdP with metadata from a public URL, attribute mapping, and two identifiers. :: + + aws cognito-idp create-identity-provider \ + --user-pool-id us-west-2_EXAMPLE \ + --provider-name MySAML \ + --provider-type SAML \ + --provider-details IDPInit=true,IDPSignout=true,EncryptedResponses=true,MetadataURL=https://auth.example.com/sso/saml/metadata,RequestSigningAlgorithm=rsa-sha256 \ + --attribute-mapping email=emailaddress,phone_number=phone,custom:111=department \ + --idp-identifiers CorpSAML WestSAML + +Output:: + + { + "IdentityProvider": { + "UserPoolId": "us-west-2_EXAMPLE", + "ProviderName": "MySAML", + "ProviderType": "SAML", + "ProviderDetails": { + "ActiveEncryptionCertificate": "MIICvTCCAaEXAMPLE", + "EncryptedResponses": "true", + "IDPInit": "true", + "IDPSignout": "true", + "MetadataURL": "https://auth.example.com/sso/saml/metadata", + "RequestSigningAlgorithm": "rsa-sha256", + "SLORedirectBindingURI": "https://auth.example.com/slo/saml", + "SSORedirectBindingURI": "https://auth.example.com/sso/saml" + }, + "AttributeMapping": { + "custom:111": "department", + "emailaddress": "email", + "phone": "phone_number" + }, + "IdpIdentifiers": [ + "CorpSAML", + "WestSAML" + ], + "LastModifiedDate": 1726853833.977, + "CreationDate": 1726853833.977 + } + } + +For more information, see `Adding user pool sign-in through a third party `__ in the *Amazon Cognito Developer Guide*. + +**Example 2: To create a user pool SAML identity provider (IdP) with a metadata file** + +The following ``create-identity-provider`` example creates a new SAML IdP with metadata from a file, attribute mapping, and two identifiers. File syntax can differ between operating systems in the ``--provider-details`` parameter. It's easiest to create a JSON input file for this operation.:: + + aws cognito-idp create-identity-provider \ + --cli-input-json file://.\SAML-identity-provider.json + +Contents of ``SAML-identity-provider.json``:: + + { + "AttributeMapping": { + "email" : "idp_email", + "email_verified" : "idp_email_verified" + }, + "IdpIdentifiers": [ "platform" ], + "ProviderDetails": { + "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "IDPSignout" : "true", + "RequestSigningAlgorithm" : "rsa-sha256", + "EncryptedResponses" : "true", + "IDPInit" : "true" + }, + "ProviderName": "MySAML2", + "ProviderType": "SAML", + "UserPoolId": "us-west-2_EXAMPLE" + } + +Output:: + + { + "IdentityProvider": { + "UserPoolId": "us-west-2_EXAMPLE", + "ProviderName": "MySAML2", + "ProviderType": "SAML", + "ProviderDetails": { + "ActiveEncryptionCertificate": "[USER_POOL_ENCRYPTION_CERTIFICATE_DATA]", + "EncryptedResponses": "true", + "IDPInit": "true", + "IDPSignout": "true", + "MetadataFile": "[IDP_CERTIFICATE_DATA]urn:oasis:names:tc:SAML:1.1:nameid-format:unspecifiedurn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "RequestSigningAlgorithm": "rsa-sha256", + "SLORedirectBindingURI": "https://www.example.com/slo/saml", + "SSORedirectBindingURI": "https://www.example.com/sso/saml" + }, + "AttributeMapping": { + "email": "idp_email", + "email_verified": "idp_email_verified" + }, + "IdpIdentifiers": [ + "platform" + ], + "LastModifiedDate": 1726855290.731, + "CreationDate": 1726855290.731 + } + } + +For more information, see `Adding user pool sign-in through a third party `__ in the *Amazon Cognito Developer Guide*. \ No newline at end of file diff --git a/awscli/examples/cognito-idp/create-resource-server.rst b/awscli/examples/cognito-idp/create-resource-server.rst new file mode 100644 index 000000000000..3b00722f1702 --- /dev/null +++ b/awscli/examples/cognito-idp/create-resource-server.rst @@ -0,0 +1,31 @@ +**To create a user pool client** + +The following ``create-resource-server`` example creates a new resource server with custom scopes. :: + + aws cognito-idp create-resource-server \ + --user-pool-id us-west-2_EXAMPLE \ + --identifier solar-system-data \ + --name "Solar system object tracker" \ + --scopes ScopeName=sunproximity.read,ScopeDescription="Distance in AU from Sol" ScopeName=asteroids.add,ScopeDescription="Enter a new asteroid" + +Output:: + + { + "ResourceServer": { + "UserPoolId": "us-west-2_EXAMPLE", + "Identifier": "solar-system-data", + "Name": "Solar system object tracker", + "Scopes": [ + { + "ScopeName": "sunproximity.read", + "ScopeDescription": "Distance in AU from Sol" + }, + { + "ScopeName": "asteroids.add", + "ScopeDescription": "Enter a new asteroid" + } + ] + } + } + +For more information, see `Scopes, M2M, and APIs with resource servers `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/create-user-pool-client.rst b/awscli/examples/cognito-idp/create-user-pool-client.rst index 3d9129ae8b12..b02c0071dd6d 100644 --- a/awscli/examples/cognito-idp/create-user-pool-client.rst +++ b/awscli/examples/cognito-idp/create-user-pool-client.rst @@ -1,26 +1,94 @@ **To create a user pool client** -This example creates a new user pool client with two explicit authorization flows: USER_PASSWORD_AUTH and ADMIN_NO_SRP_AUTH. +The following ``create-user-pool-client`` example creates a new user pool client with a client secret, explicit read and write attributes, sign in with username-password and SRP flows, sign-in with three IdPs, access to a subset of OAuth scopes, PinPoint analytics, and an extended authentication session validity. :: -Command:: + aws cognito-idp create-user-pool-client \ + --user-pool-id us-west-2_EXAMPLE \ + --client-name MyTestClient \ + --generate-secret \ + --refresh-token-validity 10 \ + --access-token-validity 60 \ + --id-token-validity 60 \ + --token-validity-units AccessToken=minutes,IdToken=minutes,RefreshToken=days \ + --read-attributes email phone_number email_verified phone_number_verified \ + --write-attributes email phone_number \ + --explicit-auth-flows ALLOW_USER_PASSWORD_AUTH ALLOW_USER_SRP_AUTH ALLOW_REFRESH_TOKEN_AUTH \ + --supported-identity-providers Google Facebook MyOIDC \ + --callback-urls https://www.amazon.com https://example.com http://localhost:8001 myapp://example \ + --allowed-o-auth-flows code implicit \ + --allowed-o-auth-scopes openid profile aws.cognito.signin.user.admin solar-system-data/asteroids.add \ + --allowed-o-auth-flows-user-pool-client \ + --analytics-configuration ApplicationArn=arn:aws:mobiletargeting:us-west-2:767671399759:apps/thisisanexamplepinpointapplicationid,UserDataShared=TRUE \ + --prevent-user-existence-errors ENABLED \ + --enable-token-revocation \ + --enable-propagate-additional-user-context-data \ + --auth-session-validity 4 - aws cognito-idp create-user-pool-client --user-pool-id us-west-2_aaaaaaaaa --client-name MyNewClient --no-generate-secret --explicit-auth-flows "USER_PASSWORD_AUTH" "ADMIN_NO_SRP_AUTH" - Output:: - { - "UserPoolClient": { - "UserPoolId": "us-west-2_aaaaaaaaa", - "ClientName": "MyNewClient", - "ClientId": "6p3bs000no6a4ue1idruvd05ad", - "LastModifiedDate": 1548697449.497, - "CreationDate": 1548697449.497, - "RefreshTokenValidity": 30, - "ExplicitAuthFlows": [ - "USER_PASSWORD_AUTH", - "ADMIN_NO_SRP_AUTH" - ], - "AllowedOAuthFlowsUserPoolClient": false + { + "UserPoolClient": { + "UserPoolId": "us-west-2_EXAMPLE", + "ClientName": "MyTestClient", + "ClientId": "123abc456defEXAMPLE", + "ClientSecret": "this1234is5678my91011example1213client1415secret", + "LastModifiedDate": 1726788459.464, + "CreationDate": 1726788459.464, + "RefreshTokenValidity": 10, + "AccessTokenValidity": 60, + "IdTokenValidity": 60, + "TokenValidityUnits": { + "AccessToken": "minutes", + "IdToken": "minutes", + "RefreshToken": "days" + }, + "ReadAttributes": [ + "email_verified", + "phone_number_verified", + "phone_number", + "email" + ], + "WriteAttributes": [ + "phone_number", + "email" + ], + "ExplicitAuthFlows": [ + "ALLOW_USER_PASSWORD_AUTH", + "ALLOW_USER_SRP_AUTH", + "ALLOW_REFRESH_TOKEN_AUTH" + ], + "SupportedIdentityProviders": [ + "Google", + "MyOIDC", + "Facebook" + ], + "CallbackURLs": [ + "https://example.com", + "https://www.amazon.com", + "myapp://example", + "http://localhost:8001" + ], + "AllowedOAuthFlows": [ + "implicit", + "code" + ], + "AllowedOAuthScopes": [ + "aws.cognito.signin.user.admin", + "openid", + "profile", + "solar-system-data/asteroids.add" + ], + "AllowedOAuthFlowsUserPoolClient": true, + "AnalyticsConfiguration": { + "ApplicationArn": "arn:aws:mobiletargeting:us-west-2:123456789012:apps/thisisanexamplepinpointapplicationid", + "RoleArn": "arn:aws:iam::123456789012:role/aws-service-role/cognito-idp.amazonaws.com/AWSServiceRoleForAmazonCognitoIdp", + "UserDataShared": true + }, + "PreventUserExistenceErrors": "ENABLED", + "EnableTokenRevocation": true, + "EnablePropagateAdditionalUserContextData": true, + "AuthSessionValidity": 4 + } } - } +For more information, see `Application-specific settings with app clients `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/create-user-pool-domain.rst b/awscli/examples/cognito-idp/create-user-pool-domain.rst index 77e6185cc12f..9fb60e6cb1f6 100644 --- a/awscli/examples/cognito-idp/create-user-pool-domain.rst +++ b/awscli/examples/cognito-idp/create-user-pool-domain.rst @@ -1,8 +1,26 @@ -**To create a user pool domain** +**Example 1: To create a user pool domain** -This example creates a new user pool domain. with two explicit authorization flows: USER_PASSWORD_AUTH and ADMIN_NO_SRP_AUTH. +The following ``create-user-pool-domain`` example creates a new custom domain. :: -Command:: + aws cognito-idp create-user-pool-domain \ + --user-pool-id us-west-2_EXAMPLE \ + --domain auth.example.com \ + --custom-domain-config CertificateArn=arn:aws:acm:us-east-1:123456789012:certificate/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222 - aws cognito-idp create-user-pool-domain --user-pool-id us-west-2_aaaaaaaaa --domain my-new-domain - +Output:: + + { + "CloudFrontDomain": "example1domain.cloudfront.net" + } + +For more information, see `Configuring a user pool domain `__ in the *Amazon Cognito Developer Guide*. + +**Example 2: To create a user pool domain** + +The following ``create-user-pool-domain`` example creates a new domain with a service-owned prefix. :: + + aws cognito-idp create-user-pool-domain \ + --user-pool-id us-west-2_EXAMPLE2 \ + --domain mydomainprefix + +For more information, see `Configuring a user pool domain `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/delete-user-attributes.rst b/awscli/examples/cognito-idp/delete-user-attributes.rst index 3856abc42271..16e730946a08 100644 --- a/awscli/examples/cognito-idp/delete-user-attributes.rst +++ b/awscli/examples/cognito-idp/delete-user-attributes.rst @@ -1,8 +1,11 @@ -**To delete user attributes** +**To delete a user attribute** -This example deletes the user attribute "FAVORITE_ANIMAL". +The following ``delete-user-attributes`` example deletes the custom attribute "custom:attribute" from the currently signed-in user. :: -Command:: + aws cognito-idp delete-user-attributes \ + --access-token ACCESS_TOKEN \ + --user-attribute-names "custom:department" - aws cognito-idp delete-user-attributes --access-token ACCESS_TOKEN --user-attribute-names "FAVORITE_ANIMAL" - +This command produces no output. + +For more information, see `Working with user attributes `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/describe-user-pool.rst b/awscli/examples/cognito-idp/describe-user-pool.rst index 130a301f038d..3e3fba376e04 100644 --- a/awscli/examples/cognito-idp/describe-user-pool.rst +++ b/awscli/examples/cognito-idp/describe-user-pool.rst @@ -1,267 +1,376 @@ **To describe a user pool** -This example describes a user pool with the user pool id us-west-2_aaaaaaaaa. +The following example describes a user pool with the user pool id us-west-2_EXAMPLE. :: -Command:: - - aws cognito-idp describe-user-pool --user-pool-id us-west-2_aaaaaaaaa + aws cognito-idp describe-user-pool \ + --user-pool-id us-west-2_EXAMPLE Output:: - { - "UserPool": { - "SmsVerificationMessage": "Your verification code is {####}. ", - "SchemaAttributes": [ - { - "Name": "sub", - "StringAttributeConstraints": { - "MinLength": "1", - "MaxLength": "2048" - }, - "DeveloperOnlyAttribute": false, - "Required": true, - "AttributeDataType": "String", - "Mutable": false + { + "UserPool": { + "Id": "us-west-2_EXAMPLE", + "Name": "MyUserPool", + "Policies": { + "PasswordPolicy": { + "MinimumLength": 8, + "RequireUppercase": true, + "RequireLowercase": true, + "RequireNumbers": true, + "RequireSymbols": true, + "TemporaryPasswordValidityDays": 1 + } }, - { - "Name": "name", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + "DeletionProtection": "ACTIVE", + "LambdaConfig": { + "PreSignUp": "arn:aws:lambda:us-west-2:123456789012:function:MyPreSignUpFunction", + "CustomMessage": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomMessageFunction", + "PostConfirmation": "arn:aws:lambda:us-west-2:123456789012:function:MyPostConfirmationFunction", + "PreAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPreAuthenticationFunction", + "PostAuthentication": "arn:aws:lambda:us-west-2:123456789012:function:MyPostAuthenticationFunction", + "DefineAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyDefineAuthChallengeFunction", + "CreateAuthChallenge": "arn:aws:lambda:us-west-2:123456789012:function:MyCreateAuthChallengeFunction", + "VerifyAuthChallengeResponse": "arn:aws:lambda:us-west-2:123456789012:function:MyVerifyAuthChallengeFunction", + "PreTokenGeneration": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction", + "UserMigration": "arn:aws:lambda:us-west-2:123456789012:function:MyMigrateUserFunction", + "PreTokenGenerationConfig": { + "LambdaVersion": "V2_0", + "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyPreTokenGenerationFunction" }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "given_name", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + "CustomSMSSender": { + "LambdaVersion": "V1_0", + "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomSMSSenderFunction" }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "family_name", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + "CustomEmailSender": { + "LambdaVersion": "V1_0", + "LambdaArn": "arn:aws:lambda:us-west-2:123456789012:function:MyCustomEmailSenderFunction" }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true + "KMSKeyID": "arn:aws:kms:us-west-2:123456789012:key/a1b2c3d4-5678-90ab-cdef-EXAMPLE22222" }, - { - "Name": "middle_name", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + "LastModifiedDate": 1726784814.598, + "CreationDate": 1602103465.273, + "SchemaAttributes": [ + { + "Name": "sub", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": false, + "Required": true, + "StringAttributeConstraints": { + "MinLength": "1", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "nickname", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "name", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "preferred_username", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "given_name", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "profile", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "family_name", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "picture", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "middle_name", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "website", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "nickname", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "email", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "preferred_username", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": true, - "AttributeDataType": "String", - "Mutable": true - }, - { - "AttributeDataType": "Boolean", - "DeveloperOnlyAttribute": false, - "Required": false, - "Name": "email_verified", - "Mutable": true - }, - { - "Name": "gender", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "profile", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "birthdate", - "StringAttributeConstraints": { - "MinLength": "10", - "MaxLength": "10" + { + "Name": "picture", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "zoneinfo", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "website", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "locale", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "email", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": true, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true - }, - { - "Name": "phone_number", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" + { + "Name": "email_verified", + "AttributeDataType": "Boolean", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false + }, + { + "Name": "gender", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } + }, + { + "Name": "birthdate", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "10", + "MaxLength": "10" + } }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true + { + "Name": "zoneinfo", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } + }, + { + "Name": "locale", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } + }, + { + "Name": "phone_number", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } + }, + { + "Name": "phone_number_verified", + "AttributeDataType": "Boolean", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false + }, + { + "Name": "address", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "0", + "MaxLength": "2048" + } + }, + { + "Name": "updated_at", + "AttributeDataType": "Number", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "NumberAttributeConstraints": { + "MinValue": "0" + } + }, + { + "Name": "identities", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": {} + }, + { + "Name": "custom:111", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "1", + "MaxLength": "256" + } + }, + { + "Name": "dev:custom:222", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": true, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MinLength": "1", + "MaxLength": "421" + } + }, + { + "Name": "custom:accesstoken", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MaxLength": "2048" + } + }, + { + "Name": "custom:idtoken", + "AttributeDataType": "String", + "DeveloperOnlyAttribute": false, + "Mutable": true, + "Required": false, + "StringAttributeConstraints": { + "MaxLength": "2048" + } + } + ], + "AutoVerifiedAttributes": [ + "email" + ], + "SmsVerificationMessage": "Your verification code is {####}. ", + "EmailVerificationMessage": "Your verification code is {####}. ", + "EmailVerificationSubject": "Your verification code", + "VerificationMessageTemplate": { + "SmsMessage": "Your verification code is {####}. ", + "EmailMessage": "Your verification code is {####}. ", + "EmailSubject": "Your verification code", + "EmailMessageByLink": "Please click the link below to verify your email address. {##Verify Your Email##}\n this is from us-west-2_ywDJHlIfU", + "EmailSubjectByLink": "Your verification link", + "DefaultEmailOption": "CONFIRM_WITH_LINK" }, - { - "AttributeDataType": "Boolean", - "DeveloperOnlyAttribute": false, - "Required": false, - "Name": "phone_number_verified", - "Mutable": true + "SmsAuthenticationMessage": "Your verification code is {####}. ", + "UserAttributeUpdateSettings": { + "AttributesRequireVerificationBeforeUpdate": [] }, - { - "Name": "address", - "StringAttributeConstraints": { - "MinLength": "0", - "MaxLength": "2048" - }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "String", - "Mutable": true + "MfaConfiguration": "OPTIONAL", + "DeviceConfiguration": { + "ChallengeRequiredOnNewDevice": true, + "DeviceOnlyRememberedOnUserPrompt": false }, - { - "Name": "updated_at", - "NumberAttributeConstraints": { - "MinValue": "0" - }, - "DeveloperOnlyAttribute": false, - "Required": false, - "AttributeDataType": "Number", - "Mutable": true - } - ], - "EmailVerificationSubject": "Your verification code", - "MfaConfiguration": "OFF", - "Name": "MyUserPool", - "EmailVerificationMessage": "Your verification code is {####}. ", - "SmsAuthenticationMessage": "Your authentication code is {####}. ", - "LastModifiedDate": 1547763720.822, - "AdminCreateUserConfig": { - "InviteMessageTemplate": { - "EmailMessage": "Your username is {username} and temporary password is {####}. ", - "EmailSubject": "Your temporary password", - "SMSMessage": "Your username is {username} and temporary password is {####}. " + "EstimatedNumberOfUsers": 166, + "EmailConfiguration": { + "SourceArn": "arn:aws:ses:us-west-2:123456789012:identity/admin@example.com", + "EmailSendingAccount": "DEVELOPER" }, - "UnusedAccountValidityDays": 7, - "AllowAdminCreateUserOnly": false - }, - "EmailConfiguration": { - "ReplyToEmailAddress": "myemail@mydomain.com" - "SourceArn": "arn:aws:ses:us-east-1:000000000000:identity/myemail@mydomain.com" - }, - "AutoVerifiedAttributes": [ - "email" - ], - "Policies": { - "PasswordPolicy": { - "RequireLowercase": true, - "RequireSymbols": true, - "RequireNumbers": true, - "MinimumLength": 8, - "RequireUppercase": true + "SmsConfiguration": { + "SnsCallerArn": "arn:aws:iam::123456789012:role/service-role/userpool-SMS-Role", + "ExternalId": "a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "SnsRegion": "us-west-2" + }, + "UserPoolTags": {}, + "Domain": "myCustomDomain", + "CustomDomain": "auth.example.com", + "AdminCreateUserConfig": { + "AllowAdminCreateUserOnly": false, + "UnusedAccountValidityDays": 1, + "InviteMessageTemplate": { + "SMSMessage": "Your username is {username} and temporary password is {####}. ", + "EmailMessage": "Your username is {username} and temporary password is {####}. ", + "EmailSubject": "Your temporary password" + } + }, + "UserPoolAddOns": { + "AdvancedSecurityMode": "ENFORCED", + "AdvancedSecurityAdditionalFlows": {} + }, + "Arn": "arn:aws:cognito-idp:us-west-2:123456789012:userpool/us-west-2_EXAMPLE", + "AccountRecoverySetting": { + "RecoveryMechanisms": [ + { + "Priority": 1, + "Name": "verified_email" + } + ] } - }, - "UserPoolTags": {}, - "UsernameAttributes": [ - "email" - ], - "CreationDate": 1547763720.822, - "EstimatedNumberOfUsers": 1, - "Id": "us-west-2_aaaaaaaaa", - "LambdaConfig": {} + } } - } \ No newline at end of file + +For more information, see `Amazon Cognito user pools `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/get-device.rst b/awscli/examples/cognito-idp/get-device.rst new file mode 100644 index 000000000000..d3839ee1b1a1 --- /dev/null +++ b/awscli/examples/cognito-idp/get-device.rst @@ -0,0 +1,50 @@ +**To get a device** + +The following ``get-device`` example displays one device for currently signed-in user. :: + + aws cognito-idp get-device \ + --access-token eyJra456defEXAMPLE \ + --device-key us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 + +Output:: + + { + "Device": { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceAttributes": [ + { + "Name": "device_status", + "Value": "valid" + }, + { + "Name": "device_name", + "Value": "MyDevice" + }, + { + "Name": "dev:device_arn", + "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + }, + { + "Name": "dev:device_owner", + "Value": "diego.us-west-2_EXAMPLE" + }, + { + "Name": "last_ip_used", + "Value": "192.0.2.1" + }, + { + "Name": "dev:device_remembered_status", + "Value": "remembered" + }, + { + "Name": "dev:device_sdk", + "Value": "aws-sdk" + } + ], + "DeviceCreateDate": 1715100742.022, + "DeviceLastModifiedDate": 1723233651.167, + "DeviceLastAuthenticatedDate": 1715100742.0 + } + } + +For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/get-group.rst b/awscli/examples/cognito-idp/get-group.rst index 61a87756385c..dd6c4b0e16fb 100644 --- a/awscli/examples/cognito-idp/get-group.rst +++ b/awscli/examples/cognito-idp/get-group.rst @@ -1,19 +1,22 @@ **To get information about a group** -This example gets information about a group named MyGroup. +The following ``get-group`` example lists the properties of the user group named ``MyGroup``. This group has a precedence and an IAM role associated with it. :: -Command:: - - aws cognito-idp get-group --user-pool-id us-west-2_aaaaaaaaa --group-name MyGroup + aws cognito-idp get-group \ + --user-pool-id us-west-2_EXAMPLE \ + --group-name MyGroup Output:: - { - "Group": { - "GroupName": "MyGroup", - "UserPoolId": "us-west-2_aaaaaaaaa", - "Description": "A sample group.", - "LastModifiedDate": 1548270073.795, - "CreationDate": 1548270073.795 + { + "Group": { + "GroupName": "MyGroup", + "UserPoolId": "us-west-2_EXAMPLE", + "RoleArn": "arn:aws:iam::123456789012:role/example-cognito-role", + "Precedence": 7, + "LastModifiedDate": 1697211218.305, + "CreationDate": 1611685503.954 + } } - } \ No newline at end of file + +For more information, see `Adding groups to a user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/cognito-idp/list-devices.rst b/awscli/examples/cognito-idp/list-devices.rst new file mode 100644 index 000000000000..d74692723d2c --- /dev/null +++ b/awscli/examples/cognito-idp/list-devices.rst @@ -0,0 +1,53 @@ +**To list devices for a user** + +The following ``list-devices`` example lists devices for the currently sign-in user. :: + + aws cognito-idp admin-list-devices \ + --user-pool-id us-west-2_EXAMPLE \ + --access-token eyJra456defEXAMPLE \ + --limit 1 + +Output:: + + { + "Devices": [ + { + "DeviceKey": "us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", + "DeviceAttributes": [ + { + "Name": "device_status", + "Value": "valid" + }, + { + "Name": "device_name", + "Value": "MyDevice" + }, + { + "Name": "dev:device_arn", + "Value": "arn:aws:cognito-idp:us-west-2:123456789012:owner/diego.us-west-2_EXAMPLE/device/us-west-2_a1b2c3d4-5678-90ab-cdef-EXAMPLE11111" + }, + { + "Name": "dev:device_owner", + "Value": "diego.us-west-2_EXAMPLE" + }, + { + "Name": "last_ip_used", + "Value": "192.0.2.1" + }, + { + "Name": "dev:device_remembered_status", + "Value": "remembered" + }, + { + "Name": "dev:device_sdk", + "Value": "aws-sdk" + } + ], + "DeviceCreateDate": 1715100742.022, + "DeviceLastModifiedDate": 1723233651.167, + "DeviceLastAuthenticatedDate": 1715100742.0 + } + ] + } + +For more information, see `Working with user devices in your user pool `__ in the *Amazon Cognito Developer Guide*. diff --git a/awscli/examples/ec2/describe-capacity-reservation-fleets.rst b/awscli/examples/ec2/describe-capacity-reservation-fleets.rst index b9f4abe3b1dd..0b55a285fcb6 100644 --- a/awscli/examples/ec2/describe-capacity-reservation-fleets.rst +++ b/awscli/examples/ec2/describe-capacity-reservation-fleets.rst @@ -1,6 +1,6 @@ **To view a Capacity Reservation Fleet** -The following ``describe-capacity-reservation-fleets`` example lists configuration and capacity information for the specified Capacity Reservation Fleet. It also lists details about the individual Capacity Reservations that are inside the Fleet.:: +The following ``describe-capacity-reservation-fleets`` example lists configuration and capacity information for the specified Capacity Reservation Fleet. It also lists details about the individual Capacity Reservations that are inside the Fleet. :: aws ec2 describe-capacity-reservation-fleets \ --capacity-reservation-fleet-ids crf-abcdef01234567890 @@ -10,7 +10,7 @@ Output:: { "CapacityReservationFleets": [ { - "Status": "active", + "State": "active", "EndDate": "2022-12-31T23:59:59.000Z", "InstanceMatchCriteria": "open", "Tags": [], @@ -38,4 +38,4 @@ Output:: ] } -For more information about Capacity Reservation Fleets, see `Capacity Reservation Fleets `__ in the *Amazon EC2 User Guide*. \ No newline at end of file +For more information about Capacity Reservation Fleets, see `Capacity Reservation Fleets `__ in the *Amazon EC2 User Guide*. diff --git a/awscli/examples/ec2/import-snapshot.rst b/awscli/examples/ec2/import-snapshot.rst index 502ebfd6c5e9..60f21ac9514c 100755 --- a/awscli/examples/ec2/import-snapshot.rst +++ b/awscli/examples/ec2/import-snapshot.rst @@ -4,7 +4,7 @@ The following ``import-snapshot`` example imports the specified disk as a snapsh aws ec2 import-snapshot \ --description "My server VMDK" \ - --disk-container Format=VMDK,UserBucket={S3Bucket=my-import-bucket,S3Key=vms/my-server-vm.vmdk} + --disk-container Format=VMDK,UserBucket={'S3Bucket=my-import-bucket,S3Key=vms/my-server-vm.vmdk'} Output:: diff --git a/awscli/examples/ecr-public/batch-delete-image.rst b/awscli/examples/ecr-public/batch-delete-image.rst new file mode 100644 index 000000000000..3f053e245783 --- /dev/null +++ b/awscli/examples/ecr-public/batch-delete-image.rst @@ -0,0 +1,92 @@ +**Example 1: To delete an image by using image digest ids, the image and all of its tags are deleted within a repository in a public registry** + +The following ``batch-delete-image`` example deletes an image by specifying the image digest.:: + + aws ecr-public batch-delete-image \ + --repository-name project-a/nginx-web-app \ + --image-ids imageDigest=sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2 + +Output:: + + { + "imageIds": [ + { + "imageDigest": "sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2", + "imageTag": "latest" + } + ], + "failures": [] + } + +For more information, see `Deleting an image in a public repository `__ in the *Amazon ECR Public User Guide*. + +**Example 2: To delete any image by specifying the tag associated with the image you want to delete from the repository.** + +The following ``batch-delete-image`` example deletes an image by specifying the tag associated with the image repository named ``project-a/nginx-web-app`` in a public registry. If you have only one tag and execute this command, it will remove the image. Otherwise, if you have multiple tags for the same image, specify one, and only the tag is removed from repository and not the image. :: + + aws ecr-public batch-delete-image \ + --repository-name project-a/nginx-web-app \ + --image-ids imageTag=_temp + +Output:: + + { + "imageIds": [ + { + "imageDigest": "sha256:f7a86a0760e2f8d7eff07e515fc87bf4bac45c35376c06f9a280f15ecad6d7e0", + "imageTag": "_temp" + } + ], + "failures": [] + } + +For more information, see `Deleting an image in a public repository `__ in the *Amazon ECR Public User Guide*. + +**Example 3: To delete multiple images, you can specify multiple image tags or image digests in the request for a repository in a public registry.** + +The following ``batch-delete-image`` example delete multiple images from a repository named `project-a/nginx-web-app` by specifying multiple image tags or image digests in the request. :: + + aws ecr-public batch-delete-image \ + --repository-name project-a/nginx-web-app \ + --image-ids imageTag=temp2.0 imageDigest=sha256:47ba980bc055353d9c0af89b1894f68faa43ca93856917b8406316be86f01278 + +Output:: + + { + "imageIds": [ + { + "imageDigest": "sha256:47ba980bc055353d9c0af89b1894f68faa43ca93856917b8406316be86f01278" + }, + { + "imageDigest": "sha256:f7a86a0760e2f8d7eff07e515fc87bf4bac45c35376c06f9a280f15ecad6d7e0", + "imageTag": "temp2.0" + } + ], + "failures": [] + } + +For more information, see `Deleting an image in a public repository `__ in the *Amazon ECR Public User Guide*. + +**Example 4: To delete an image in cross AWS Account using registry-id and imagedigest ids, the image and all of its tags are deleted within a repository in a public registry** + +The following ``batch-delete-image`` example deletes an image by specifying the image digest in the cross AWS Account.:: + + aws ecr-public batch-delete-image \ + --registry-id 123456789098 \ + --repository-name project-a/nginx-web-app \ + --image-ids imageDigest=sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2 \ + --region us-east-1 + +Output:: + + { + "imageIds": [ + { + "imageDigest": "sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2", + "imageTag": "temp2.0" + } + ], + "failures": [] + } + +For more information, see `Deleting an image in a public repository `__ in the *Amazon ECR Public User Guide*. diff --git a/awscli/examples/ecr-public/create-repository.rst b/awscli/examples/ecr-public/create-repository.rst index cc18a72f72f2..9637a552bcd1 100644 --- a/awscli/examples/ecr-public/create-repository.rst +++ b/awscli/examples/ecr-public/create-repository.rst @@ -1,6 +1,6 @@ **Example 1: To create a repository in a public registry** -The following ``create-repository`` example creates a repository named ``project-a/nginx-web-app`` in a public registry. :: +The following ``create-repository`` example creates a repository named `project-a/nginx-web-app` in a public registry. :: aws ecr-public create-repository \ --repository-name project-a/nginx-web-app @@ -22,12 +22,13 @@ For more information, see `Creating a public repository `__ in the *Amazon ECR Public User Guide*. diff --git a/awscli/examples/ecr-public/delete-repository.rst b/awscli/examples/ecr-public/delete-repository.rst index 5f041e759c2a..cf8308e6a013 100644 --- a/awscli/examples/ecr-public/delete-repository.rst +++ b/awscli/examples/ecr-public/delete-repository.rst @@ -17,4 +17,4 @@ Output:: } } -For more information, see `Deleting a public repository `__ in the *Amazon ECR Public User Guide*. +For more information, see `Deleting a public repository `__ in the *Amazon ECR Public*. diff --git a/awscli/examples/ecr-public/describe-image-tags.rst b/awscli/examples/ecr-public/describe-image-tags.rst new file mode 100644 index 000000000000..7dd562e2df61 --- /dev/null +++ b/awscli/examples/ecr-public/describe-image-tags.rst @@ -0,0 +1,25 @@ +**Example 1: To describe image tag details in public repository** + +The following ``describe-image-tags`` example describe imagetags in the ``project-a/nginx-web-app`` sample repository. :: + + aws ecr-public describe-image-tags \ + --repository-name project-a/nginx-web-app \ + --region us-east-1 + +Output:: + + { + "imageTagDetails": [ + { + "imageTag": "latest", + "createdAt": "2024-07-10T22:29:00-05:00", + "imageDetail": { + "imageDigest": "sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2", + "imageSizeInBytes": 121956548, + "imagePushedAt": "2024-07-10T22:29:00-05:00", + "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json", + "artifactMediaType": "application/vnd.docker.container.image.v1+json" + } + } + ] + } diff --git a/awscli/examples/ecr-public/describe-images.rst b/awscli/examples/ecr-public/describe-images.rst new file mode 100644 index 000000000000..a89779ede061 --- /dev/null +++ b/awscli/examples/ecr-public/describe-images.rst @@ -0,0 +1,82 @@ +**Example 1: To describe images in a public registry repository** + +The following ``describe-images`` example describes imagesDetails in a repository named ``project-a/nginx-web-app`` in a public registry. :: + + aws ecr-public describe-images \ + --repository-name project-a/nginx-web-app \ + --region us-east-1 + +Output:: + + { + "imageDetails": [ + { + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "imageDigest": "sha256:0d8c93e72e82fa070d49565c00af32abbe8ddfd7f75e39f4306771ae0628c7e8", + "imageTags": [ + "temp1.0" + ], + "imageSizeInBytes": 123184716, + "imagePushedAt": "2024-07-23T11:32:49-05:00", + "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json", + "artifactMediaType": "application/vnd.docker.container.image.v1+json" + }, + { + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "imageDigest": "sha256:b1f9deb5fe3711a3278379ebbcaefbc5d70a2263135db86bd27a0dae150546c2", + "imageTags": [ + "temp2.0" + ], + "imageSizeInBytes": 121956548, + "imagePushedAt": "2024-07-23T11:39:38-05:00", + "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json", + "artifactMediaType": "application/vnd.docker.container.image.v1+json" + }, + { + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "imageDigest": "sha256:f7a86a0760e2f8d7eff07e515fc87bf4bac45c35376c06f9a280f15ecad6d7e0", + "imageTags": [ + "temp3.0", + "latest" + ], + "imageSizeInBytes": 232108879, + "imagePushedAt": "2024-07-22T00:54:34-05:00", + "imageManifestMediaType": "application/vnd.docker.distribution.manifest.v2+json", + "artifactMediaType": "application/vnd.docker.container.image.v1+json" + } + ] + } + +For more information, see `Describe an image in a public repository `__ in the *Amazon ECR Public*. + +**Example 2: To describe images from the repository by sort imageTags & imagePushedAt** + +The following ``describe-images`` example describe images within repository named `project-a/nginx-web-app` in a public registry. :: + + aws ecr-public describe-images \ + --repository-name project-a/nginx-web-app \ + --query 'sort_by(imageDetails,& imagePushedAt)[*].imageTags[*]' \ + --output text + +Output:: + + temp3.0 latest + temp1.0 + temp2.0 + +**Example 3: To describe images from the repository to generate the last 2 image tags pushed in the repository** + +The following ``describe-images`` example gets imagetags details from the repository named ``project-a/nginx-web-app`` in a public registry and queries the result to display only the first two records. :: + + aws ecr-public describe-images \ + --repository-name project-a/nginx-web-app \ + --query 'sort_by(imageDetails,& imagePushedAt)[*].imageTags[*] | [0:2]' \ + --output text + +Output:: + + temp3.0 latest + temp1.0 diff --git a/awscli/examples/ecr-public/get-authorization-token.rst b/awscli/examples/ecr-public/get-authorization-token.rst new file mode 100644 index 000000000000..52c5fad05805 --- /dev/null +++ b/awscli/examples/ecr-public/get-authorization-token.rst @@ -0,0 +1,32 @@ +**Example 1: To retrieve an authorization token for any Amazon ECR public registry that the IAM principal has access** + +The following ``get-authorization-token`` example gets an authorization token with the AWS CLI and sets it to an environment variable. :: + + aws ecr-public get-authorization-token \ + --region us-east-1 + +Output:: + + { + "authorizationData": { + "authorizationToken": "QVdTOmV5SndZWGxzYjJKJFHDSFKJHERWUY65IOU36TRYEGFNSDLRIUOTUYTHJKLDFGOcmFUQk9OSFV2UVV4a0x6Sm1ZV0Z6TDFndlZtUjJSVmgxVEVObU9IZEdTWEZxU210c1JUQm5RWGxOUVV4NlNFUnROWG92ZWtGbWJFUjRkbWMyV0U5amFpczRNWGxTVkM5Tk5qWkVUM2RDYm05TVJqSkxjV3BsUVZvMmFYSm5iV1ZvVFdGSVRqVlFMMHN4VnpsTGVXbDFRWGRoTmpsbWFuQllhbVl6TkdGaGMwUjJha2xsYUhscWRscHZTRUpFVkVnNVQwNUdOVFpPY2xZclVFNVFVWGRSVFZvd04xUkhjVGxZZFVkQ1ZFZHBPRUptUzBVclYxQldMMjVMVkRsd2VFVlNSa1EzTWpWSlIxRkVWakJGZFZOVWEzaFBSVk5FWWpSc1lWZHZWMHBSYmxaMlJYWmhZekpaWVVOeFppdFlUa2xKU1RCdFUwdElVbXRJYlhGRk1WaFhNVTVRTkdwc1FYRlVNVWxZZUhkV05Xa3ZXWGd3ZUVZMWIyeE5VRU5QZEdSaWRHOU9lakZOZVdwTVZEUkNRVzlvYzNKSlpsRXhhR2cwWjJwRVJFVjNWalEzYjNCUmRIcEZUR1pYU1Rsc1kxSlNNbU5hUW5wRE1tOUpRMHR5Y1hkeGNXNDVMMmx4Um5GUlVGQnhjMVpQZG5WYUswOW9SQ3RPY0hwSlRsUk5lVXQyY0c1b1FsQjVZVEprVmtSdmJsQklOM05RU3pkNmQydERhMkZ5VmxSRmFVUndWVlE1ZGtsVWFXUkJWMFZEWVhoSFdXTk5VMXBTYTFreVRHZEVlVVZ0ZFRWRk4xTTVjRXBDUjBRMlYyTkdPVWhGWkVweVVGcEVaRFJxZUVablkwNXFaamh5YkVKWmJGSTNOVzFXSzFjdllXSTVTMWx2YUZacksxSnJWSFJ0Wml0T1NFSnpWVFZvV204eVFYbzFWRU5SYjNaR01Va3hPR3h2TWxkNVJsSmpUbTVSTjNjemJsUkdVRlZKVDBjeE9VeHlXVEpGVFRSS2NWbFdkVEJrV0VreFVsSktXbkpCVGtsMFdVZEJOMjltWjFFNGVHRktNbGRuWlVoUlNXNXdZV3A0VjI5M2FYZGljbE5tZGpkQ1ZYTmhOVFUyTDBzeVpteDBka0pUTVdkNGJ6TkxkSEJDYml0cE0waGhTbVpEZEZkQ00yOU1TM1pXTDNSVFlWaFpWelZXVWxjNFRXNXdhR3BhUmpoU1FuWnFkRlJMVW5abGRYRlNjVVJKZDBaSFpXUTRabEZUTUdOTVQwcFFkVXAyYjA5Tk9UaFlZMjEwVnpFMlpXdE9hMnBWV0hST1owUkpVV3R1VFU1dGJXWjNNVGc0VTAxUlNHZE9TbXRMY2tWYWJVeFljVVk0ZWpsTFdWWlRNbEZMVDJkMk1FaFBTMDl5YzJSM1NqTlplRGhUWVVOQlJGWnRlbkU1WTBKVFdqTktSR05WTkd0RGNEVjZNalJHVXpkVk9HTnVSa2xLUVd4SVJDODJXbGcyYldGemJVczJPRVp6TDBoNFMwWkRUMmdyYldGa1QwWjVhMlZQTm5SQ1l6QkpNbFpyVUhSaGVIbFVOR296VjFGVlQyMHpNeTlPWVVoSk1FdDBWalZFU2pneU5rcHNLemQxZDNwcVp6RlNja3AwVm10VU0yRnRWWGMzZDJnMFduSnFjVXczWTBjclNXeHFUVlUyVkZwWGNWY3ZSV0V6WW1oT2JIRklZVlJHU1RrMGEyOVJiMHBPVUhORk9FdERjbFJZY0daS2VVdHRZa2x5YjFORE4zSkJaWEJPZUU5eGR6WnhZMlY1WXprM1JtSkZhVFZFYkVFck5EUk9ZMWRyVEVNd1dqa2lMQ0prWVhSaGEyVjVJam9pWlhsS1VWSkdaMmxQYVVwV1ZXeENhVk5YVm14WFdFWk5VMjFrV21SRE9YaGFhWFF4VkhwS1MyTkljSHBVUms0MFlWaHNTbUpIYUhsWFZHdDZZVWhqZDFKRmFETldNbFYyWTJ0cmVVMUlTbHBWUjJONFRURlJNMDlHYUd4U01uaHVWRVJzUWxaV1pGZFJibkJLV1RCYU5HTXpUakpXTUhoWFRrWndhRTVyTVVwVFZFSkdWV3RzTUZaVVpEQlRSVGxyVkVkb2FGUlVVWHBaTVhCSFQxWmFOVlJxU20xaVZXUnVTM3BaTlZaV2NIcFdWMlJGVkcwMVRHSXdSakpXUnpoNlVsUm5kbUpzUmpGT2FUazFWVzFTY0dWR1FtOVdiVEZoVmpKc1NWRllhRmRTUkZwc1V6SkdSbUpWYkhCVlNFbDJWVzB4Ym1OVk1IWmFhelZ3WkZoa1FtVnFUa3BpTTJoTVRWVk9jMVo2V2t4aWJFWnJWRVUxVW1ONlp6QldWVFZPWW14c01sZFlZekprUjFwVFkxaE9kRnBXWkhaVFZWcGhWa2MxU2xWRlVtdFRiWE16WWpOVmVrNXFSa2RVTTJSd1QwaGtXbVJIVVhsbGJYQkRaRlp2ZGxvd1ZqWmlNbEl4Vkc1T2FtSldjRU5VU0ZVd1kwZDRjbU14WkhaVVYwNTRaRzV2TWxSVlVsQmpiSEJPVkc1VmVsZEZPVzVYYkVwWlUyNWtVbGRZWkZWaVdFWlNUVzF3VFZSSVFraE9XRnBwWVZoak0xUnJXak5OYm04eFpEQk9XbEZzYkhSTmEyaHpaRmRTUTJORVFUQlpWMk01VUZOSmMwbHJiRUpTUTBrMlNXNUZlbHA2U1RGVVZXeFVZekIwYVU5RWFEVmtiRVpzVVZWc2QxbHJWbmxOYW13MVZWaG9UazVzVWpWbFJHaDZZMjFHVkZVeFFubFZXRTVLVGpCMGFXSlZNWGhpUjBwTVlUSTVNRTVVYXpCTE0wVnlWakF4VG1WSE5VcGtSa0pRVld4V1UwOVdVWGhqTVc4eVZraFdlVnA2VGsxV01tUnhVV3Q0ZEdGcVRsUk5hMnN5V2tSV2FtUkdVakZqVm5CUFVrUlNjR0pHUm1GbGFscDRXV2x6Y2xFd1VYcGhSRnBZVmtaU2FVNXVSVFZYYlVaVFpXdHdkVmRZVGpaVGEyaDBWMnhDVlU0elZrWlRSRUpIVlVWa2MwNVlhRFZsUkVwelQwWkNSbE5WY0ZGWFNFWXhaVmMxVEZsVE9VeFdhMGt4V1ROS1Rrd3pXazFpYkhCdFVrUldWRlJHVlhaTmJVazBZbFZzUkV3d2N6UldSV2MxVDBWa05tSXpiM2hXVms1V1ZtMDFiRkZUT1hoUFJVcHpUMGRzU2xaSVJrTkxNVTVFWWtaa05WWnViRmRYVjJRd1RXcG5kMVJWUmpCa1JYQkdZVlYwZFZNeU1VVlpWVTVQV25wa1ExZHFVbE5sUjBaRVlWVTFXbVZwY3pSTE1HTTFVbFZGTlZwRll6UlRSMVoxVFcxb05XTnJkRUpWZWxsM1RETmplbUV4WkdGU1JsWm9ZVVpzZEdWR2JFTlVNblJYVkRCNE5HUXlkRXhaTWxKTlYxZDBWRTB5YUZwaFJsazFVMGR3Y0ZGVk9YaGxhekV6VVZRd09VbHVNRDBpTENKMlpYSnphVzl1SWpvaU15SXNJblI1Y0dVaU9pSkVRVlJCWDB0RldTSXNJbVY0Y0dseVlYUnBiMjRpT2pFM01qRTVOVGMzTmpKOQ==", + "expiresAt": "2024-07-25T21:37:26.301000-04:00" + } + } + +For more information, see `Amazon ECR public registries `__ in the *Amazon ECR Public*. + +**Example 2: To retrieve an authorization token for any Amazon ECR public registry that the IAM principal has access** + +The following ``get-authorization-token`` example gets an authorization token with the AWS CLI and sets it to an environment variable. :: + + aws ecr-public get-authorization-token \ + --region us-east-1 \ + --output=text \ + --query 'authorizationData.authorizationToken' + +Output:: + + QVdTOmV5SndZWGxzYjJKJFHDSFKJHERWUY65IOU36TRYEGFNSDLRIUOTUYTHJKLDFGOcmFUQk9OSFV2UVV4a0x6Sm1ZV0Z6TDFndlZtUjJSVmgxVEVObU9IZEdTWEZxU210c1JUQm5RWGxOUVV4NlNFUnROWG92ZWtGbWJFUjRkbWMyV0U5amFpczRNWGxTVkM5Tk5qWkVUM2RDYm05TVJqSkxjV3BsUVZvMmFYSm5iV1ZvVFdGSVRqVlFMMHN4VnpsTGVXbDFRWGRoTmpsbWFuQllhbVl6TkdGaGMwUjJha2xsYUhscWRscHZTRUpFVkVnNVQwNUdOVFpPY2xZclVFNVFVWGRSVFZvd04xUkhjVGxZZFVkQ1ZFZHBPRUptUzBVclYxQldMMjVMVkRsd2VFVlNSa1EzTWpWSlIxRkVWakJGZFZOVWEzaFBSVk5FWWpSc1lWZHZWMHBSYmxaMlJYWmhZekpaWVVOeFppdFlUa2xKU1RCdFUwdElVbXRJYlhGRk1WaFhNVTVRTkdwc1FYRlVNVWxZZUhkV05Xa3ZXWGd3ZUVZMWIyeE5VRU5QZEdSaWRHOU9lakZOZVdwTVZEUkNRVzlvYzNKSlpsRXhhR2cwWjJwRVJFVjNWalEzYjNCUmRIcEZUR1pYU1Rsc1kxSlNNbU5hUW5wRE1tOUpRMHR5Y1hkeGNXNDVMMmx4Um5GUlVGQnhjMVpQZG5WYUswOW9SQ3RPY0hwSlRsUk5lVXQyY0c1b1FsQjVZVEprVmtSdmJsQklOM05RU3pkNmQydERhMkZ5VmxSRmFVUndWVlE1ZGtsVWFXUkJWMFZEWVhoSFdXTk5VMXBTYTFreVRHZEVlVVZ0ZFRWRk4xTTVjRXBDUjBRMlYyTkdPVWhGWkVweVVGcEVaRFJxZUVablkwNXFaamh5YkVKWmJGSTNOVzFXSzFjdllXSTVTMWx2YUZacksxSnJWSFJ0Wml0T1NFSnpWVFZvV204eVFYbzFWRU5SYjNaR01Va3hPR3h2TWxkNVJsSmpUbTVSTjNjemJsUkdVRlZKVDBjeE9VeHlXVEpGVFRSS2NWbFdkVEJrV0VreFVsSktXbkpCVGtsMFdVZEJOMjltWjFFNGVHRktNbGRuWlVoUlNXNXdZV3A0VjI5M2FYZGljbE5tZGpkQ1ZYTmhOVFUyTDBzeVpteDBka0pUTVdkNGJ6TkxkSEJDYml0cE0waGhTbVpEZEZkQ00yOU1TM1pXTDNSVFlWaFpWelZXVWxjNFRXNXdhR3BhUmpoU1FuWnFkRlJMVW5abGRYRlNjVVJKZDBaSFpXUTRabEZUTUdOTVQwcFFkVXAyYjA5Tk9UaFlZMjEwVnpFMlpXdE9hMnBWV0hST1owUkpVV3R1VFU1dGJXWjNNVGc0VTAxUlNHZE9TbXRMY2tWYWJVeFljVVk0ZWpsTFdWWlRNbEZMVDJkMk1FaFBTMDl5YzJSM1NqTlplRGhUWVVOQlJGWnRlbkU1WTBKVFdqTktSR05WTkd0RGNEVjZNalJHVXpkVk9HTnVSa2xLUVd4SVJDODJXbGcyYldGemJVczJPRVp6TDBoNFMwWkRUMmdyYldGa1QwWjVhMlZQTm5SQ1l6QkpNbFpyVUhSaGVIbFVOR296VjFGVlQyMHpNeTlPWVVoSk1FdDBWalZFU2pneU5rcHNLemQxZDNwcVp6RlNja3AwVm10VU0yRnRWWGMzZDJnMFduSnFjVXczWTBjclNXeHFUVlUyVkZwWGNWY3ZSV0V6WW1oT2JIRklZVlJHU1RrMGEyOVJiMHBPVUhORk9FdERjbFJZY0daS2VVdHRZa2x5YjFORE4zSkJaWEJPZUU5eGR6WnhZMlY1WXprM1JtSkZhVFZFYkVFck5EUk9ZMWRyVEVNd1dqa2lMQ0prWVhSaGEyVjVJam9pWlhsS1VWSkdaMmxQYVVwV1ZXeENhVk5YVm14WFdFWk5VMjFrV21SRE9YaGFhWFF4VkhwS1MyTkljSHBVUms0MFlWaHNTbUpIYUhsWFZHdDZZVWhqZDFKRmFETldNbFYyWTJ0cmVVMUlTbHBWUjJONFRURlJNMDlHYUd4U01uaHVWRVJzUWxaV1pGZFJibkJLV1RCYU5HTXpUakpXTUhoWFRrWndhRTVyTVVwVFZFSkdWV3RzTUZaVVpEQlRSVGxyVkVkb2FGUlVVWHBaTVhCSFQxWmFOVlJxU20xaVZXUnVTM3BaTlZaV2NIcFdWMlJGVkcwMVRHSXdSakpXUnpoNlVsUm5kbUpzUmpGT2FUazFWVzFTY0dWR1FtOVdiVEZoVmpKc1NWRllhRmRTUkZwc1V6SkdSbUpWYkhCVlNFbDJWVzB4Ym1OVk1IWmFhelZ3WkZoa1FtVnFUa3BpTTJoTVRWVk9jMVo2V2t4aWJFWnJWRVUxVW1ONlp6QldWVFZPWW14c01sZFlZekprUjFwVFkxaE9kRnBXWkhaVFZWcGhWa2MxU2xWRlVtdFRiWE16WWpOVmVrNXFSa2RVTTJSd1QwaGtXbVJIVVhsbGJYQkRaRlp2ZGxvd1ZqWmlNbEl4Vkc1T2FtSldjRU5VU0ZVd1kwZDRjbU14WkhaVVYwNTRaRzV2TWxSVlVsQmpiSEJPVkc1VmVsZEZPVzVYYkVwWlUyNWtVbGRZWkZWaVdFWlNUVzF3VFZSSVFraE9XRnBwWVZoak0xUnJXak5OYm04eFpEQk9XbEZzYkhSTmEyaHpaRmRTUTJORVFUQlpWMk01VUZOSmMwbHJiRUpTUTBrMlNXNUZlbHA2U1RGVVZXeFVZekIwYVU5RWFEVmtiRVpzVVZWc2QxbHJWbmxOYW13MVZWaG9UazVzVWpWbFJHaDZZMjFHVkZVeFFubFZXRTVLVGpCMGFXSlZNWGhpUjBwTVlUSTVNRTVVYXpCTE0wVnlWakF4VG1WSE5VcGtSa0pRVld4V1UwOVdVWGhqTVc4eVZraFdlVnA2VGsxV01tUnhVV3Q0ZEdGcVRsUk5hMnN5V2tSV2FtUkdVakZqVm5CUFVrUlNjR0pHUm1GbGFscDRXV2x6Y2xFd1VYcGhSRnBZVmtaU2FVNXVSVFZYYlVaVFpXdHdkVmRZVGpaVGEyaDBWMnhDVlU0elZrWlRSRUpIVlVWa2MwNVlhRFZsUkVwelQwWkNSbE5WY0ZGWFNFWXhaVmMxVEZsVE9VeFdhMGt4V1ROS1Rrd3pXazFpYkhCdFVrUldWRlJHVlhaTmJVazBZbFZzUkV3d2N6UldSV2MxVDBWa05tSXpiM2hXVms1V1ZtMDFiRkZUT1hoUFJVcHpUMGRzU2xaSVJrTkxNVTVFWWtaa05WWnViRmRYVjJRd1RXcG5kMVJWUmpCa1JYQkdZVlYwZFZNeU1VVlpWVTVQV25wa1ExZHFVbE5sUjBaRVlWVTFXbVZwY3pSTE1HTTFVbFZGTlZwRll6UlRSMVoxVFcxb05XTnJkRUpWZWxsM1RETmplbUV4WkdGU1JsWm9ZVVpzZEdWR2JFTlVNblJYVkRCNE5HUXlkRXhaTWxKTlYxZDBWRTB5YUZwaFJsazFVMGR3Y0ZGVk9YaGxhekV6VVZRd09VbHVNRDBpTENKMlpYSnphVzl1SWpvaU15SXNJblI1Y0dVaU9pSkVRVlJCWDB0RldTSXNJbVY0Y0dseVlYUnBiMjRpT2pFM01qRTVOVGMzTmpKOQ + +For more information, see `Amazon ECR public registries `__ in the *Amazon ECR Public*. diff --git a/awscli/examples/ecr-public/get-repository-policy.rst b/awscli/examples/ecr-public/get-repository-policy.rst new file mode 100644 index 000000000000..e684c775a6b1 --- /dev/null +++ b/awscli/examples/ecr-public/get-repository-policy.rst @@ -0,0 +1,17 @@ +**To get a repository policy associated with the repository** + +The following ``get-repository-policy`` example gets a repository policy associated with the repository. :: + + aws ecr-public get-repository-policy \ + --repository-name project-a/nginx-web-app \ + --region us-east-1 + +Output:: + + { + "registryId": "123456789012", + "repositoryName": "project-a/nginx-web-app", + "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"AllowPush\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : [ \"arn:aws:iam::123456789012:user/eksuser1\", \"arn:aws:iam::123456789012:user/admin\" ]\n },\n \"Action\" : [ \"ecr-public:BatchCheckLayerAvailability\", \"ecr-public:PutImage\", \"ecr-public:InitiateLayerUpload\", \"ecr-public:UploadLayerPart\", \"ecr-public:CompleteLayerUpload\" ]\n } ]\n}" + } + +For more information, see `Use GetRepositoryPolicy with an AWS SDK or CLI `__ in the *Amazon ECR Public User Guide*. \ No newline at end of file diff --git a/awscli/examples/ecr-public/put-repository-catalog-data.rst b/awscli/examples/ecr-public/put-repository-catalog-data.rst new file mode 100644 index 000000000000..9be052cdd6ec --- /dev/null +++ b/awscli/examples/ecr-public/put-repository-catalog-data.rst @@ -0,0 +1,50 @@ +**Example 1: To creates or updates the catalog data for a repository in a public registry.** + +The following ``put-repository-catalog-data`` example creates or update catalog data for reposiotry named `project-a/nginx-web-app` in a public registry, along with logoImageBlob, aboutText, usageText and tags information. :: + + aws ecr-public put-repository-catalog-data \ + --repository-name project-a/nginx-web-app \ + --cli-input-json file://repository-catalog-data.json \ + --region us-east-1 + +Contents of ``repository-catalog-data.json``:: + + { + "catalogData": { + "description": "My project-a ECR Public Repository", + "architectures": [ + "ARM", + "ARM 64", + "x86", + "x86-64" + ], + "operatingSystems": [ + "Linux" + ], + "logoImageBlob": "iVBORw0KGgoAAAANSUhEUgAAAYYAAAGGCAMAAABIXtbXAAAAq1BMVEVHcEz// ", + "aboutText": "## Quick reference.", + "usageText": "## Supported architectures are as follows" + } + } + +Output:: + + { + "catalogData": { + "description": "My project-a ECR Public Repository", + "architectures": [ + "ARM", + "ARM 64", + "x86", + "x86-64" + ], + "operatingSystems": [ + "Linux" + ], + "logoUrl": "https://d3g9o9u8re44ak.cloudfront.net/logo/491d3846-8f33-4d8b-a10c-c2ce271e6c0d/4f09d87c-2569-4916-a932-5c296bf6f88a.png", + "aboutText": "## Quick reference.", + "usageText": "## Supported architectures are as follows." + } + } + +For more information, see `Repository catalog data `__ in the *Amazon ECR Public*. diff --git a/awscli/examples/ecr-public/set-repository-policy.rst b/awscli/examples/ecr-public/set-repository-policy.rst new file mode 100644 index 000000000000..b87b257f482b --- /dev/null +++ b/awscli/examples/ecr-public/set-repository-policy.rst @@ -0,0 +1,118 @@ +**Example 1: To set a repository policy to allow a pull on the repository** + +The following ``set-repository-policy`` example applies an ECR public repository policy to the specified repository to control access permissions. :: + + aws ecr-public set-repository-policy \ + --repository-name project-a/nginx-web-app \ + --policy-text file://my-repository-policy.json + +Contents of ``my-repository-policy.json``:: + + { + "Version" : "2008-10-17", + "Statement" : [ + { + "Sid" : "allow public pull", + "Effect" : "Allow", + "Principal" : "*", + "Action" : [ + "ecr:BatchCheckLayerAvailability", + "ecr:BatchGetImage", + "ecr:GetDownloadUrlForLayer" + ] + } + ] + } + +Output:: + + { + "registryId": "12345678901", + "repositoryName": "project-a/nginx-web-app", + "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"allow public pull\",\n \"Effect\" : \"Allow\",\n \"Principal\" : \"*\",\n \"Action\" : [ \"ecr:BatchCheckLayerAvailability\", \"ecr:BatchGetImage\", \"ecr:GetDownloadUrlForLayer\" ]\n } ]\n}" + } + +For more information, see `Setting a repository policy statement `__ in the *Amazon ECR Public User Guide*. + +**Example 2: To set a repository policy to allow an IAM user within your account to push images** + +The following ``set-repository-policy`` example allows an IAM user within your account to push images using to an ECR repository in your AWS account using the input file named ``file://my-repository-policy.json`` as policy text. :: + + aws ecr-public set-repository-policy \ + --repository-name project-a/nginx-web-app \ + --policy-text file://my-repository-policy.json + +Contents of ``my-repository-policy.json``:: + + { + "Version": "2008-10-17", + "Statement": [ + { + "Sid": "AllowPush", + "Effect": "Allow", + "Principal": { + "AWS": [ + "arn:aws:iam::account-id:user/push-pull-user-1", + "arn:aws:iam::account-id:user/push-pull-user-2" + ] + }, + "Action": [ + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:PutImage", + "ecr-public:InitiateLayerUpload", + "ecr-public:UploadLayerPart", + "ecr-public:CompleteLayerUpload" + ] + } + ] + } + +Output:: + + { + "registryId": "12345678901", + "repositoryName": "project-a/nginx-web-app", + "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"AllowPush\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : [ \"arn:aws:iam::12345678901:user/admin\", \"arn:aws:iam::12345678901:user/eksuser1\" ]\n },\n \"Action\" : [ \"ecr-public:BatchCheckLayerAvailability\", \"ecr-public:PutImage\", \"ecr-public:InitiateLayerUpload\", \"ecr-public:UploadLayerPart\", \"ecr-public:CompleteLayerUpload\" ]\n } ]\n}" + } + +For more information, see `Setting a repository policy statement `__ in the *Amazon ECR Public User Guide*. + +**Example 3: To set a repository policy to allow an IAM user from different account to push images** + +The following ``set-repository-policy`` example allows a specific account to push images using cli input file://my-repository-policy.json in your AWS account. :: + + aws ecr-public set-repository-policy \ + --repository-name project-a/nginx-web-app \ + --policy-text file://my-repository-policy.json + +Contents of ``my-repository-policy.json``:: + + { + "Version": "2008-10-17", + "Statement": [ + { + "Sid": "AllowCrossAccountPush", + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam::other-or-same-account-id:role/RoleName" + }, + "Action": [ + "ecr-public:BatchCheckLayerAvailability", + "ecr-public:PutImage", + "ecr-public:InitiateLayerUpload", + "ecr-public:UploadLayerPart", + "ecr-public:CompleteLayerUpload" + ] + } + ] + } + +Output:: + + { + "registryId": "12345678901", + "repositoryName": "project-a/nginx-web-app", + "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"AllowCrossAccountPush\",\n \"Effect\" : \"Allow\",\n \"Principal\" : {\n \"AWS\" : \"arn:aws:iam::12345678901:role/RoleName\"\n },\n \"Action\" : [ \"ecr-public:BatchCheckLayerAvailability\", \"ecr-public:PutImage\", \"ecr-public:InitiateLayerUpload\", \"ecr-public:UploadLayerPart\", \"ecr-public:CompleteLayerUpload\" ]\n } ]\n}" + } + +For more information, see `Public repository policy examples `__ in the *Amazon ECR Public User Guide*. diff --git a/awscli/examples/ecs/capacity-provider-update.rst b/awscli/examples/ecs/capacity-provider-update.rst new file mode 100644 index 000000000000..bfd381413dc2 --- /dev/null +++ b/awscli/examples/ecs/capacity-provider-update.rst @@ -0,0 +1,33 @@ +**Update the capacity provider in an ECS cluster** + +The following ``update-capacity-provider`` example shows how we can modify the parameters of the capacity provider in an ECS cluster. :: + + aws ecs update-capacity-provider \ + --name Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt \ + --auto-scaling-group-provider "managedScaling={status=DISABLED,targetCapacity=50,minimumScalingStepSize=2,maximumScalingStepSize=30,instanceWarmupPeriod=200},managedTerminationProtection=DISABLED,managedDraining=DISABLED" + +Output:: + + { + "capacityProvider": { + "capacityProviderArn": "arn:aws:ecs:us-west-2:123456789012:capacity-provider/Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt", + "name": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt", + "status": "ACTIVE", + "autoScalingGroupProvider": { + "autoScalingGroupArn": "arn:aws:autoscaling:us-west-2:123456789012:autoScalingGroup:424941d1-b43f-4a17-adbb-08b6a6e397e1:autoScalingGroupName/Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-ECSAutoScalingGroup-f44jrQHS2nRB", + "managedScaling": { + "status": "ENABLED", + "targetCapacity": 100, + "minimumScalingStepSize": 1, + "maximumScalingStepSize": 10000, + "instanceWarmupPeriod": 300 + }, + "managedTerminationProtection": "DISABLED", + "managedDraining": "ENABLED" + }, + "updateStatus": "UPDATE_IN_PROGRESS", + "tags": [] + } + } + +For more information on Capacity Provider, see `Amazon ECS capacity providers for the EC2 launch type `__ in the *Amazon ECS Developer Guide*. diff --git a/awscli/examples/ecs/get-task-protection.rst b/awscli/examples/ecs/get-task-protection.rst new file mode 100644 index 000000000000..456fb65d16ef --- /dev/null +++ b/awscli/examples/ecs/get-task-protection.rst @@ -0,0 +1,21 @@ +**Retrieve the protection status of task in ECS service** + +The following ``get-task-protection`` provides the protection status of ECS tasks that belong to Amazon ECS service. :: + + aws ecs get-task-protection \ + --cluster ECS-project-update-cluster \ + --tasks c43ed3b1331041f289316f958adb6a24 + +Output:: + + { + "protectedTasks": [ + { + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/c43ed3b1331041f289316f958adb6a24", + "protectionEnabled": false + } + ], + "failures": [] + } + +For more formation on task protection, see `Protect your Amazon ECS tasks from being terminated by scale-in events `__ in the *Amazon ECS Developer Guide*. diff --git a/awscli/examples/ecs/update-cluster.rst b/awscli/examples/ecs/update-cluster.rst new file mode 100644 index 000000000000..68e106545fad --- /dev/null +++ b/awscli/examples/ecs/update-cluster.rst @@ -0,0 +1,176 @@ +**Example 1: Update ECS cluster enabling containerInsights** + +The following ``update-cluster`` updates the containerInsights value to ``enabled`` in an already created cluster. By default, it is disabled. :: + + aws ecs update-cluster \ + --cluster ECS-project-update-cluster \ + --settings name=containerInsights,value=enabled + +Output:: + + "cluster": { + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/ECS-project-update-cluster", + "clusterName": "ECS-project-update-cluster", + "status": "ACTIVE", + "registeredContainerInstancesCount": 0, + "runningTasksCount": 0, + "pendingTasksCount": 0, + "activeServicesCount": 0, + "statistics": [], + "tags": [], + "settings": [ + { + "name": "containerInsights", + "value": "enabled" + } + ], + "capacityProviders": [ + "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + ], + "defaultCapacityProviderStrategy": [ + { + "capacityProvider": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt", + "weight": 1, + "base": 0 + } + ], + "attachments": [ + { + "id": "069d002b-7634-42e4-b1d4-544f4c8f6380", + "type": "as_policy", + "status": "CREATED", + "details": [ + { + "name": "capacityProviderName", + "value": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + }, + { + "name": "scalingPolicyName", + "value": "ECSManagedAutoScalingPolicy-152363a6-8c65-484c-b721-42c3e070ae93" + } + ] + }, + { + "id": "08b5b6ca-45e9-4209-a65d-e962a27c490a", + "type": "managed_draining", + "status": "CREATED", + "details": [ + { + "name": "capacityProviderName", + "value": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + }, + { + "name": "autoScalingLifecycleHookName", + "value": "ecs-managed-draining-termination-hook" + } + ] + }, + { + "id": "45d0b36f-8cff-46b6-9380-1288744802ab", + "type": "sc", + "status": "ATTACHED", + "details": [] + } + ], + "attachmentsStatus": "UPDATE_COMPLETE", + "serviceConnectDefaults": { + "namespace": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-igwrsylmy3kwvcdx" + } + } + + +**Example 2: Update ECS cluster to set a default Service Connect namspace** + +The following ``update-cluster`` updates ECS cluster by setting a default Service Connect namespace. :: + + aws ecs update-cluster \ + --cluster ECS-project-update-cluster \ + --service-connect-defaults namespace=test + +Output:: + + { + "cluster": { + "clusterArn": "arn:aws:ecs:us-west-2:123456789012:cluster/ECS-project-update-cluster", + "clusterName": "ECS-project-update-cluster", + "status": "ACTIVE", + "registeredContainerInstancesCount": 0, + "runningTasksCount": 0, + "pendingTasksCount": 0, + "activeServicesCount": 0, + "statistics": [], + "tags": [], + "settings": [ + { + "name": "containerInsights", + "value": "enabled" + } + ], + "capacityProviders": [ + "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + ], + "defaultCapacityProviderStrategy": [ + { + "capacityProvider": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt", + "weight": 1, + "base": 0 + } + ], + "attachments": [ + { + "id": "069d002b-7634-42e4-b1d4-544f4c8f6380", + "type": "as_policy", + "status": "CREATED", + "details": [ + { + "name": "capacityProviderName", + "value": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + }, + { + "name": "scalingPolicyName", + "value": "ECSManagedAutoScalingPolicy-152363a6-8c65-484c-b721-42c3e070ae93" + } + ] + }, + { + "id": "08b5b6ca-45e9-4209-a65d-e962a27c490a", + "type": "managed_draining", + "status": "CREATED", + "details": [ + { + "name": "capacityProviderName", + "value": "Infra-ECS-Cluster-ECS-project-update-cluster-d6bb6d5b-EC2CapacityProvider-3fIpdkLywwFt" + }, + { + "name": "autoScalingLifecycleHookName", + "value": "ecs-managed-draining-termination-hook" + } + ] + }, + { + "id": "45d0b36f-8cff-46b6-9380-1288744802ab", + "type": "sc", + "status": "DELETED", + "details": [] + }, + { + "id": "3e6890c3-609c-4832-91de-d6ca891b3ef1", + "type": "sc", + "status": "ATTACHED", + "details": [] + }, + { + "id": "961b8ec1-c2f1-4070-8495-e669b7668e90", + "type": "sc", + "status": "DELETED", + "details": [] + } + ], + "attachmentsStatus": "UPDATE_COMPLETE", + "serviceConnectDefaults": { + "namespace": "arn:aws:servicediscovery:us-west-2:123456789012:namespace/ns-dtjmxqpfi46ht7dr" + } + } + } + +For more information on Service Connect, see `Use Service Connect to connect Amazon ECS services with short names `__ in the *Amazon ECS Developer Guide*. diff --git a/awscli/examples/ecs/update-task-protection.rst b/awscli/examples/ecs/update-task-protection.rst new file mode 100644 index 000000000000..6637b009847e --- /dev/null +++ b/awscli/examples/ecs/update-task-protection.rst @@ -0,0 +1,46 @@ +**Example 1: Enable task protection for ECS tasks** + +The following ``update-task-protection`` protects your ECS task from termination during scale-in from Deployments or Service AutoScaling. You can specify custom expiration period for task protection from 1 up to 2,880 minutes (48 hours). If you do not specify expiration period, enabling task protection default time is 2 hours. :: + + aws ecs update-task-protection \ + --cluster ECS-project-update-cluster \ + --tasks c43ed3b1331041f289316f958adb6a24 \ + --protection-enabled \ + --expires-in-minutes 300 + +Output:: + + { + "protectedTasks": [ + { + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/c43ed3b1331041f289316f958adb6a24", + "protectionEnabled": true, + "expirationDate": "2024-09-14T19:53:36.687000-05:00" + } + ], + "failures": [] + } + +**Example 2: Disable task protection for ECS tasks** + +The following ``update-task-protection`` disables the tasks protected from scale in from Deployments or Service AutoScaling. :: + + aws ecs update-task-protection \ + --cluster ECS-project-update-cluster \ + --tasks c43ed3b1331041f289316f958adb6a24 \ + --no-protection-enabled + +Output:: + + { + "protectedTasks": [ + { + "taskArn": "arn:aws:ecs:us-west-2:123456789012:task/c43ed3b1331041f289316f958adb6a24", + "protectionEnabled": false + } + ], + "failures": [] + } + +For more formation on task protection, see `Protect your Amazon ECS tasks from being terminated by scale-in events `__ in the *Amazon ECS Developer Guide*. + diff --git a/awscli/examples/inspector2/associate-member.rst b/awscli/examples/inspector2/associate-member.rst new file mode 100644 index 000000000000..7ab28c179c61 --- /dev/null +++ b/awscli/examples/inspector2/associate-member.rst @@ -0,0 +1,14 @@ +**Example: To associate an AWS account with an Amazon Inspector delegated administrator** + +The following ``associate-member`` example associates an AWS account with an Amazon Inspector delegated administrator. :: + + aws inspector2 associate-member \ + --account-id 123456789012 + +Output:: + + { + "accountId": "123456789012" + } + +For more information, see `Managing multiple accounts in Amazon Inspector with AWS Organizations `__ in the *Amazon Inspector User Guide*. diff --git a/awscli/examples/inspector2/disassociate-member.rst b/awscli/examples/inspector2/disassociate-member.rst new file mode 100644 index 000000000000..cc464ac156f9 --- /dev/null +++ b/awscli/examples/inspector2/disassociate-member.rst @@ -0,0 +1,14 @@ +**Example: To disassociate a member account from an Amazon Inspector delegated administrator** + +The following ``disassociate-member`` example disassociates an AWS account from an Amazon Inspector delegated administrator. :: + + aws inspector2 disassociate-member \ + --account-id 123456789012 + +Output:: + + { + "accountId": "123456789012" + } + +For more information, see `Managing multiple accounts in Amazon Inspector with AWS Organizations `__ in the *Amazon Inspector User Guide*. diff --git a/awscli/examples/inspector2/get-member.rst b/awscli/examples/inspector2/get-member.rst new file mode 100644 index 000000000000..068c3bb045c3 --- /dev/null +++ b/awscli/examples/inspector2/get-member.rst @@ -0,0 +1,17 @@ +**Example: To get member information for your organization** + + aws inspector2 get-member \ + --account-id 123456789012 + +Output:: + + { + "member": { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2023-09-11T09:57:20.520000-07:00" + } + } + +For more information, see `Managing multiple accounts in Amazon Inspector with AWS Organizations `__ in the *Amazon Inspector User Guide*. diff --git a/awscli/examples/inspector2/list-members.rst b/awscli/examples/inspector2/list-members.rst new file mode 100644 index 000000000000..5d5d0805cdd3 --- /dev/null +++ b/awscli/examples/inspector2/list-members.rst @@ -0,0 +1,83 @@ +**Example 1: To list all member accounts associated with the Amazon Inspector delegated administrator for your organization** + + aws inspector2 list-members \ + --only-associated + +Output:: + + { + { + "members": [ + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2023-09-11T09:57:20.520000-07:00" + }, + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2024-08-12T10:13:01.472000-07:00" + }, + { + "accountId": "625032911453", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2023-09-11T09:57:20.438000-07:00" + }, + { + "accountId": "715411239211", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2024-04-24T09:14:57.471000-07:00" + } + ] + } + +For more information, see `Managing multiple accounts in Amazon Inspector with AWS Organizations `__ in the *Amazon Inspector User Guide*. + +**Example 2: To list all member accounts associated with and disassociated from the Amazon Inspector delegated administrator for your organization** + + aws inspector2 list-members \ + --no-only-associated + +Output:: + + { + { + "members": [ + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "REMOVED", + "updatedAt": "2024-05-15T11:34:53.326000-07:00" + }, + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2023-09-11T09:57:20.520000-07:00" + }, + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2024-08-12T10:13:01.472000-07:00" + }, + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2023-09-11T09:57:20.438000-07:00" + }, + { + "accountId": "123456789012", + "delegatedAdminAccountId": "123456789012", + "relationshipStatus": "ENABLED", + "updatedAt": "2024-04-24T09:14:57.471000-07:00" + } + ] + } + +For more information, see `Managing multiple accounts in Amazon Inspector with AWS Organizations `__ in the *Amazon Inspector User Guide*. diff --git a/awscli/examples/ivs-realtime/create-ingest-configuration.rst b/awscli/examples/ivs-realtime/create-ingest-configuration.rst new file mode 100644 index 000000000000..6baf24dbed9b --- /dev/null +++ b/awscli/examples/ivs-realtime/create-ingest-configuration.rst @@ -0,0 +1,25 @@ +**To create an ingest configuration** + +The following ``create-ingest-configuration`` example creates an ingest configuration using RTMPS protocol. :: + + aws ivs-realtime create-ingest-configuration \ + --name ingest1 \ + --ingest-protocol rtmps + +Output:: + + { + "ingestConfiguration": { + "name": "ingest1", + "arn": "arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234", + "ingestProtocol": "RTMPS", + "streamKey": "rt_123456789012_us-west-2_AbCdEfGh1234_abcd1234efgh5678ijkl9012MNOP34", + "stageArn": "", + "participantId": "xyZ654abC321", + "state": "INACTIVE", + "userId": "", + "tags": {} + } + } + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/create-stage.rst b/awscli/examples/ivs-realtime/create-stage.rst index 9731071deff0..5b94fa41baf6 100644 --- a/awscli/examples/ivs-realtime/create-stage.rst +++ b/awscli/examples/ivs-realtime/create-stage.rst @@ -21,6 +21,8 @@ Output:: "arn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", "endpoints": { "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" }, "name": "stage1", @@ -49,9 +51,11 @@ Output:: "AUDIO_VIDEO" ], "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", - }, + }, "endpoints": { "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" }, "name": "stage1", @@ -59,4 +63,4 @@ Output:: } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/delete-ingest-configuration.rst b/awscli/examples/ivs-realtime/delete-ingest-configuration.rst new file mode 100644 index 000000000000..daa3e0eec53c --- /dev/null +++ b/awscli/examples/ivs-realtime/delete-ingest-configuration.rst @@ -0,0 +1,22 @@ +**Example 1: To delete an inactive ingest configuration** + +The following ``delete-ingest-configuration`` example deletes the inactive ingest configuration for a specified ingest-configuration ARN (Amazon Resource Name). :: + + aws ivs-realtime delete-ingest-configuration \ + --arn arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234 + +This command produces no output. + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. + +**Example 2: To force delete an active ingest configuration** + +The following ``delete-ingest-configuration`` example forces deletion of the active ingest configuration for a specified ingest-configuration ARN (Amazon Resource Name). :: + + aws ivs-realtime delete-ingest-configuration \ + --arn arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234 \ + --force + +This command produces no output. + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file diff --git a/awscli/examples/ivs-realtime/get-ingest-configuration.rst b/awscli/examples/ivs-realtime/get-ingest-configuration.rst new file mode 100644 index 000000000000..f38753d068a6 --- /dev/null +++ b/awscli/examples/ivs-realtime/get-ingest-configuration.rst @@ -0,0 +1,24 @@ +**To get ingest configuration information** + +The following ``get-ingest-configuration`` example gets the ingest configuration for a specified ingest-configuration ARN (Amazon Resource Name). :: + + aws ivs-realtime get-ingest-configuration \ + --arn arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234 + +Output:: + + { + "ingestConfiguration": { + "name": "ingest1", + "arn": "arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234", + "ingestProtocol": "RTMPS", + "streamKey": "rt_123456789012_us-west-2_AbCdEfGh1234_abcd1234efgh5678ijkl9012MNOP34", + "stageArn": "", + "participantId": "xyZ654abC321", + "state": "INACTIVE", + "userId": "", + "tags": {} + } + } + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/get-stage.rst b/awscli/examples/ivs-realtime/get-stage.rst index 5aa92d4b1c2a..cf56514a5a99 100644 --- a/awscli/examples/ivs-realtime/get-stage.rst +++ b/awscli/examples/ivs-realtime/get-stage.rst @@ -16,9 +16,11 @@ Output:: "AUDIO_VIDEO" ], "storageConfigurationArn": "arn:aws:ivs:us-west-2:123456789012:storage-configuration/abcdABCDefgh", - }, + }, "endpoints": { "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" }, "name": "test", @@ -26,4 +28,4 @@ Output:: } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/list-ingest-configurations.rst b/awscli/examples/ivs-realtime/list-ingest-configurations.rst new file mode 100644 index 000000000000..842348c03e93 --- /dev/null +++ b/awscli/examples/ivs-realtime/list-ingest-configurations.rst @@ -0,0 +1,23 @@ +**To get summary information about all ingest configurations** + +The following ``list-ingest-configurations`` example lists all ingest configurations for your AWS account, in the AWS region where the API request is processed. :: + + aws ivs-realtime list-ingest-configurations + +Output:: + + { + "ingestConfigurations": [ + { + "name": "", + "arn": "arn:aws:ivs:us-west-2:123456789012:ingest-configuration/XYZuvwSt4567", + "ingestProtocol": "RTMPS", + "stageArn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "participnatId": "abC789Xyz456", + "state": "INACTIVE" + "userId": "", + } + ] + } + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/update-ingest-configuration.rst b/awscli/examples/ivs-realtime/update-ingest-configuration.rst new file mode 100644 index 000000000000..990416099996 --- /dev/null +++ b/awscli/examples/ivs-realtime/update-ingest-configuration.rst @@ -0,0 +1,25 @@ +**To update an ingest configuration** + +The following ``update-inegst-configuration`` example updates an ingest configuration to attach it to a stage. :: + + aws ivs-realtime update-ingest-configuration \ + --arn arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234 \ + --stage-arn arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh + +Output:: + + { + "ingestConfiguration": { + "name": "ingest1", + "arn": "arn:aws:ivs:us-west-2:123456789012:ingest-configuration/AbCdEfGh1234", + "ingestProtocol": "RTMPS", + "streamKey": "rt_123456789012_us-west-2_AbCdEfGh1234_abcd1234efgh5678ijkl9012MNOP34", + "stageArn": "arn:aws:ivs:us-west-2:123456789012:stage/abcdABCDefgh", + "participantId": "xyZ654abC321", + "state": "INACTIVE", + "userId": "", + "tags": {} + } + } + +For more information, see `IVS Stream Ingest | Real-Time Streaming `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/ivs-realtime/update-stage.rst b/awscli/examples/ivs-realtime/update-stage.rst index f06f5d2ebc37..8a566d6a9631 100644 --- a/awscli/examples/ivs-realtime/update-stage.rst +++ b/awscli/examples/ivs-realtime/update-stage.rst @@ -20,6 +20,8 @@ Output:: }, "endpoints": { "events": "wss://global.events.live-video.net", + "rtmp": "rtmp://9x0y8z7s6t5u.global-contribute-staging.live-video.net/app/", + "rtmps": "rtmps://9x0y8z7s6t5u.global-contribute-staging.live-video.net:443/app/", "whip": "https://1a2b3c4d5e6f.global-bm.whip.live-video.net" }, "name": "stage1a", @@ -27,4 +29,4 @@ Output:: } } -For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. \ No newline at end of file +For more information, see `Enabling Multiple Hosts on an Amazon IVS Stream `__ in the *Amazon Interactive Video Service User Guide*. diff --git a/awscli/examples/s3api/put-object.rst b/awscli/examples/s3api/put-object.rst index 8b780e8310b4..ca115fca09f0 100644 --- a/awscli/examples/s3api/put-object.rst +++ b/awscli/examples/s3api/put-object.rst @@ -1,13 +1,21 @@ -The following example uses the ``put-object`` command to upload an object to Amazon S3:: +**Example 1: Upload an object to Amazon S3** - aws s3api put-object --bucket text-content --key dir-1/my_images.tar.bz2 --body my_images.tar.bz2 +The following ``put-object`` command example uploads an object to Amazon S3. :: -The following example shows an upload of a video file (The video file is -specified using Windows file system syntax.):: + aws s3api put-object \ + --bucket amzn-s3-demo-bucket \ + --key my-dir/MySampleImage.png \ + --body MySampleImage.png - aws s3api put-object --bucket text-content --key dir-1/big-video-file.mp4 --body e:\media\videos\f-sharp-3-data-services.mp4 +For more information about uploading objects, see `Uploading Objects < http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html>`__ in the *Amazon S3 Developer Guide*. -For more information about uploading objects, see `Uploading Objects`_ in the *Amazon S3 Developer Guide*. +**Example 2: Upload a video file to Amazon S3** -.. _`Uploading Objects`: http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html +The following ``put-object`` command example uploads a video file. :: + aws s3api put-object \ + --bucket amzn-s3-demo-bucket \ + --key my-dir/big-video-file.mp4 \ + --body /media/videos/f-sharp-3-data-services.mp4 + +For more information about uploading objects, see `Uploading Objects < http://docs.aws.amazon.com/AmazonS3/latest/dev/UploadingObjects.html>`__ in the *Amazon S3 Developer Guide*. diff --git a/awscli/examples/workmail/list-organizations.rst b/awscli/examples/workmail/list-organizations.rst index b328f022da43..e880b9ef6bf9 100644 --- a/awscli/examples/workmail/list-organizations.rst +++ b/awscli/examples/workmail/list-organizations.rst @@ -1,6 +1,6 @@ **To retrieve a list of organizations** -The following ``list-organizations`` command retrieves summaries of non-deleted organizations. :: +The following ``list-organizations`` command retrieves summaries of the customer's organizations. :: aws workmail list-organizations