Examples for apigateway, ssm, verifiedpermissions

awscli/examples/apigateway/create-domain-name-access-association.rst

@@ -0,0 +1,19 @@
+**To create a domain name access association**
+
+The following ``create-domain-name-access-association`` example creates a domain name access association between a private custom domain name and VPC endpoint. ::
+
+    aws apigateway create-domain-name-access-association \
+        --domain-name-arn arn:aws:apigateway:us-west-2:111122223333:/domainnames/my.private.domain.tld+abcd1234 \
+        --access-association-source vpce-abcd1234efg \
+        --access-association-source-type VPCE
+
+Output::
+
+    {
+        "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg
+        "accessAssociationSource": "vpce-abcd1234efg",
+        "accessAssociationSourceType": "VPCE",
+        "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234"
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/create-domain-name.rst

@@ -1,5 +1,89 @@
-**To create the custom domain name**
+**Example 1: To create a public custom domain name**
 
-Command::
+The following ``create-domain-name`` example creates a public custom domain name. ::
 
-  aws apigateway create-domain-name --domain-name 'my.domain.tld' --certificate-name 'my.domain.tld cert' --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3' 
+    aws apigateway create-domain-name \
+        --domain-name 'my.domain.tld' \
+        --certificate-name 'my.domain.tld cert'\
+        --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3'
+
+Output::
+
+    {
+        "domainName": "my.domain.tld",
+        "certificateName": "my.domain.tld cert",
+        "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+        "certificateUploadDate": "2024-10-08T11:29:49-07:00",
+        "distributionDomainName": "abcd1234.cloudfront.net",
+        "distributionHostedZoneId": "Z2FDTNDATAQYW2",
+        "endpointConfiguration": {
+            "types": [
+                "EDGE"
+            ]
+        },
+        "domainNameStatus": "AVAILABLE",
+        "securityPolicy": "TLS_1_2"
+    }
+
+For more information, see `Custom domain name for public REST APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.
+
+**Example 2: To create a private custom domain name**
+
+The following ``create-domain-name`` example creates a private custom domain name. ::
+
+    aws apigateway create-domain-name \
+        --domain-name 'my.private.domain.tld' \
+        --certificate-name 'my.domain.tld cert' \
+        --certificate-arn 'arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3' \
+        --endpoint-configuration '{"types": ["PRIVATE"]}' \
+        --security-policy 'TLS_1_2' \
+        --policy file://policy.json
+
+Contents of ``policy.json``::
+
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Principal": "*",
+                "Action": "execute-api:Invoke",
+                "Resource": [
+                    "execute-api:/*"
+                ]
+            },
+            {
+                "Effect": "Deny",
+                "Principal": "*",
+                "Action": "execute-api:Invoke",
+                "Resource": [
+                    "execute-api:/*"
+                ],
+                "Condition" : {
+                    "StringNotEquals": {
+                        "aws:SourceVpce": "vpce-abcd1234efg"
+                    }
+                }
+            }
+        ]
+    }
+
+Output::
+
+    {
+        "domainName": "my.private.domain.tld",
+        "domainNameId": "abcd1234",
+        "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234",
+        "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+        "certificateUploadDate": "2024-09-10T10:31:20-07:00",
+        "endpointConfiguration": {
+            "types": [
+                "PRIVATE"
+            ]
+        },
+        "domainNameStatus": "AVAILABLE",
+        "securityPolicy": "TLS_1_2",
+        "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpc\":\"vpc-1a2b3c4d\"}}}]}"
+    }
+
+For more information, see `Custom domain name for public REST APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/delete-domain-name-access-association.rst

@@ -0,0 +1,10 @@
+**To delete a domain name access association**
+
+The following ``delete-domain-name-access-association`` example deletes a domain name access association between a private custom domain name and VPC endpoint. ::
+
+    aws apigateway delete-domain-name-access-association \
+        --domain-name-access-association-arn arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg
+
+This command produces no output.
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/get-domain-name-access-associations.rst

@@ -0,0 +1,42 @@
+**Example 1: To list all domain name access associations**
+
+The following ``get-domain-name-access-associations`` example lists all domain name access associations. ::
+
+    aws apigateway get-domain-name-access-associations
+
+Output::
+
+    {
+        "items": [
+            {
+            "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg
+            "accessAssociationSource": "vpce-abcd1234efg",
+            "accessAssociationSourceType": "VPCE",
+            "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234"
+            }
+        ]
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.
+
+**Example 2: To list all domain name access associations owned by this AWS account**
+
+The following ``get-domain-name-access-associations`` example lists all the domain name access associations owned by the current AWS account. ::
+
+    aws apigateway get-domain-name-access-associations \
+        --resource-owner SELF
+
+Output::
+
+    {
+        "items": [
+            {
+            "domainNameAccessAssociationArn": "arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg
+            "accessAssociationSource": "vpce-abcd1234efg",
+            "accessAssociationSourceType": "VPCE",
+            "domainNameArn" : "arn:aws:apigateway:us-west-2:111122223333:/domainnames/private.example.com+abcd1234"
+            }
+        ]
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/get-domain-name.rst

@@ -1,14 +1,45 @@
-**To get information about a custom domain name**
+**Example 1: To get information about a public custom domain name**
 
-Command::
+The following ``get-domain-name`` example gets information about a public custom domain name. ::
 
-  aws apigateway get-domain-name --domain-name api.domain.tld
+    aws apigateway get-domain-name \
+        --domain-name api.domain.tld
 
 Output::
 
-  {
-      "domainName": "api.domain.tld", 
-      "distributionDomainName": "d1a2f3a4c5o6d.cloudfront.net", 
-      "certificateName": "uploadedCertificate", 
-      "certificateUploadDate": 1462565487
-  }
+    {
+        "domainName": "api.domain.tld", 
+        "distributionDomainName": "d1a2f3a4c5o6d.cloudfront.net", 
+        "certificateName": "uploadedCertificate", 
+        "certificateUploadDate": 1462565487
+    }
+
+For more information, see `Custom domain name for public REST APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.
+
+**Example 2: To get information about a private custom domain name**
+
+The following ``get-domain-name`` example gets information about a private custom domain name. ::
+
+    aws apigateway get-domain-name \
+        --domain-name api.private.domain.tld \
+        --domain-name-id abcd1234
+
+Output::
+
+    {
+        "domainName": "my.private.domain.tld",
+        "domainNameId": "abcd1234",
+        "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234",
+        "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+        "certificateUploadDate": "2024-09-10T10:31:20-07:00",
+        "endpointConfiguration": {
+            "types": [
+                "PRIVATE"
+            ]
+        },
+        "domainNameStatus": "AVAILABLE",
+        "securityPolicy": "TLS_1_2",
+        "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\"},{\"Effect\":\"Deny\",\"Principal\":\"*\",\"Action\":\"execute-api:Invoke\",\"Resource\":\"arn:aws:execute-api:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234\",\"Condition\":{\"StringNotEquals\":{\"aws:SourceVpc\":\"vpc-1a2b3c4d\"}}}]}"
+    }
+
+For more information, see `Custom domain name for public REST APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/get-domain-names.rst

@@ -1,18 +1,86 @@
-**To get a list of custom domain names**
+**Example 1: To get a list of custom domain names**
 
-Command::
+The following ``get-domain-names`` command gets a list of domain names. ::
 
-  aws apigateway get-domain-names
+    aws apigateway get-domain-names
 
 Output::
 
-  {
-      "items": [
-          {
-              "distributionDomainName": "d9511k3l09bkd.cloudfront.net", 
-              "certificateUploadDate": 1452812505, 
-              "certificateName": "my_custom_domain-certificate", 
-              "domainName": "subdomain.domain.tld"
-          }
-      ]
-  }
+    {
+        "items": [
+            {
+                "distributionDomainName": "d9511k3l09bkd.cloudfront.net", 
+                "certificateUploadDate": 1452812505, 
+                "certificateName": "my_custom_domain-certificate", 
+                "domainName": "subdomain.domain.tld"
+            }
+        ]
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.
+
+**Example 2: To get a list of custom domain names owned by this AWS account**
+
+The following ``get-domain-names`` command gets a list of domain names owned by this AWS account. ::
+
+    aws apigateway get-domain-names \
+        --resource-owner SELF
+
+Output::
+
+    {
+        "items": [
+            {
+                "domainName": "my.domain.tld",
+                "domainNameArn": "arn:aws:apigateway:us-east-1::/domainnames/my.private.domain.tld",
+                "certificateUploadDate": "2024-08-15T17:02:55-07:00",
+                "regionalDomainName": "d-abcd1234.execute-api.us-east-1.amazonaws.com",
+                "regionalHostedZoneId": "Z1UJRXOUMOOFQ8",
+                "regionalCertificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+                "endpointConfiguration": {
+                    "types": [
+                        "REGIONAL"
+                    ]
+                },
+                "domainNameStatus": "AVAILABLE",
+                "securityPolicy": "TLS_1_2"
+            },
+            {
+                "domainName": "my.private.domain.tld",
+                "domainNameId": "abcd1234",
+                "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234",
+                "certificateArn": "arn:aws:acm:us-east-1:012345678910:certificate/fb1b9770-a305-495d-aefb-27e5e101ff3",
+                "certificateUploadDate": "2024-11-26T11:44:40-08:00",
+                "endpointConfiguration": {
+                    "types": [
+                        "PRIVATE"
+                    ]
+                },
+                "domainNameStatus": "AVAILABLE",
+                "securityPolicy": "TLS_1_2"
+            }
+        ]
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.
+
+**Example 3: To get a list of custom domain names owned by other AWS accounts that you can create a domain name access association with.**
+
+The following ``get-domain-names`` command gets a list of domain names owned by other AWS accounts that you have access to create a domain name access association with. ::
+
+    aws apigateway get-domain-names \
+        --resource-owner OTHER_ACCOUNTS
+
+Output::
+
+    {
+        "items": [
+            {
+                "domainName": "my.private.domain.tld",
+                "domainNameId": "abcd1234",
+                "domainNameArn": "arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234"
+            }
+        ]
+    }
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/apigateway/reject-domain-name-access-association.rst

@@ -0,0 +1,11 @@
+**To reject a domain name access association**
+
+The following ``reject-domain-name-access-association`` example rejects a domain name access association between a private custom domain name and VPC endpoint. ::
+
+    aws apigateway reject-domain-name-access-association \
+        --domain-name-access-association-arn arn:aws:apigateway:us-west-2:012345678910:/domainnameaccessassociations/domainname/my.private.domain.tld/vpcesource/vpce-abcd1234efg \
+        --domain-name-arn arn:aws:apigateway:us-east-1:012345678910:/domainnames/my.private.domain.tld+abcd1234
+
+This command produces no output.
+
+For more information, see `Custom domain names for private APIs in API Gateway <https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-custom-domains.html>`__ in the *Amazon API Gateway Developer Guide*.

awscli/examples/ssm/deregister-managed-instance.rst

@@ -2,9 +2,9 @@
 
 The following ``deregister-managed-instance`` example deregisters the specified managed instance. ::
 
-    aws ssm deregister-managed-instance 
-        --instance-id "mi-08ab247cdfEXAMPLE"  
+    aws ssm deregister-managed-instance \
+        --instance-id 'mi-08ab247cdfEXAMPLE'
 
 This command produces no output.
 
-For more information, see `Deregistering Managed Instances in a Hybrid Environment <https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-managed-instances-advanced-deregister.html>`__ in the *AWS Systems Manager User Guide*.
+For more information, see `Deregistering managed nodes in a hybrid and multicloud environment <https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-deregister-hybrid-nodes.html>`__ in the *AWS Systems Manager User Guide*.

awscli/examples/verifiedpermissions/create-policy-template.rst

@@ -1,12 +1,12 @@
-**Example 1: To create a policy template**
+**To create a policy template**
 
 The following ``create-policy-template`` example creates a policy template with a statement that contains a placeholder for the principal. ::
 
     aws verifiedpermissions create-policy-template \
-        --definition file://template1.txt \
+        --statement file://template1.txt \
         --policy-store-id PSEXAMPLEabcdefg111111
 
-Contents of file ``template1.txt``::
+Contents of ``template1.txt``::
 
     permit(
         principal in ?principal,