feat(client-ecs): This release adds support for Transport Layer Security (TLS) and Configurable Timeout to ECS Service Connect. TLS facilitates privacy and data security for inter-service communications, while Configurable Timeout allows customized per-request timeout and idle timeout for Service Connect services.

Author: awstools

clients/client-ecs/src/commands/CreateServiceCommand.ts

@@ -215,6 +215,17 @@ export interface CreateServiceCommandOutput extends CreateServiceResponse, __Met
  *           },
  *         ],
  *         ingressPortOverride: Number("int"),
+ *         timeout: { // TimeoutConfiguration
+ *           idleTimeoutSeconds: Number("int"),
+ *           perRequestTimeoutSeconds: Number("int"),
+ *         },
+ *         tls: { // ServiceConnectTlsConfiguration
+ *           issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ *             awsPcaAuthorityArn: "STRING_VALUE",
+ *           },
+ *           kmsKey: "STRING_VALUE",
+ *           roleArn: "STRING_VALUE",
+ *         },
  *       },
  *     ],
  *     logConfiguration: { // LogConfiguration
@@ -426,6 +437,17 @@ export interface CreateServiceCommandOutput extends CreateServiceResponse, __Met
  * //                 },
  * //               ],
  * //               ingressPortOverride: Number("int"),
+ * //               timeout: { // TimeoutConfiguration
+ * //                 idleTimeoutSeconds: Number("int"),
+ * //                 perRequestTimeoutSeconds: Number("int"),
+ * //               },
+ * //               tls: { // ServiceConnectTlsConfiguration
+ * //                 issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ * //                   awsPcaAuthorityArn: "STRING_VALUE",
+ * //                 },
+ * //                 kmsKey: "STRING_VALUE",
+ * //                 roleArn: "STRING_VALUE",
+ * //               },
  * //             },
  * //           ],
  * //           logConfiguration: { // LogConfiguration

clients/client-ecs/src/commands/DeleteServiceCommand.ts

@@ -227,6 +227,17 @@ export interface DeleteServiceCommandOutput extends DeleteServiceResponse, __Met
  * //                 },
  * //               ],
  * //               ingressPortOverride: Number("int"),
+ * //               timeout: { // TimeoutConfiguration
+ * //                 idleTimeoutSeconds: Number("int"),
+ * //                 perRequestTimeoutSeconds: Number("int"),
+ * //               },
+ * //               tls: { // ServiceConnectTlsConfiguration
+ * //                 issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ * //                   awsPcaAuthorityArn: "STRING_VALUE",
+ * //                 },
+ * //                 kmsKey: "STRING_VALUE",
+ * //                 roleArn: "STRING_VALUE",
+ * //               },
  * //             },
  * //           ],
  * //           logConfiguration: { // LogConfiguration

clients/client-ecs/src/commands/DescribeServicesCommand.ts

@@ -212,6 +212,17 @@ export interface DescribeServicesCommandOutput extends DescribeServicesResponse,
  * //                   },
  * //                 ],
  * //                 ingressPortOverride: Number("int"),
+ * //                 timeout: { // TimeoutConfiguration
+ * //                   idleTimeoutSeconds: Number("int"),
+ * //                   perRequestTimeoutSeconds: Number("int"),
+ * //                 },
+ * //                 tls: { // ServiceConnectTlsConfiguration
+ * //                   issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ * //                     awsPcaAuthorityArn: "STRING_VALUE",
+ * //                   },
+ * //                   kmsKey: "STRING_VALUE",
+ * //                   roleArn: "STRING_VALUE",
+ * //                 },
  * //               },
  * //             ],
  * //             logConfiguration: { // LogConfiguration

clients/client-ecs/src/commands/UpdateServiceCommand.ts

@@ -253,6 +253,17 @@ export interface UpdateServiceCommandOutput extends UpdateServiceResponse, __Met
  *           },
  *         ],
  *         ingressPortOverride: Number("int"),
+ *         timeout: { // TimeoutConfiguration
+ *           idleTimeoutSeconds: Number("int"),
+ *           perRequestTimeoutSeconds: Number("int"),
+ *         },
+ *         tls: { // ServiceConnectTlsConfiguration
+ *           issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ *             awsPcaAuthorityArn: "STRING_VALUE",
+ *           },
+ *           kmsKey: "STRING_VALUE",
+ *           roleArn: "STRING_VALUE",
+ *         },
  *       },
  *     ],
  *     logConfiguration: { // LogConfiguration
@@ -464,6 +475,17 @@ export interface UpdateServiceCommandOutput extends UpdateServiceResponse, __Met
  * //                 },
  * //               ],
  * //               ingressPortOverride: Number("int"),
+ * //               timeout: { // TimeoutConfiguration
+ * //                 idleTimeoutSeconds: Number("int"),
+ * //                 perRequestTimeoutSeconds: Number("int"),
+ * //               },
+ * //               tls: { // ServiceConnectTlsConfiguration
+ * //                 issuerCertificateAuthority: { // ServiceConnectTlsCertificateAuthority
+ * //                   awsPcaAuthorityArn: "STRING_VALUE",
+ * //                 },
+ * //                 kmsKey: "STRING_VALUE",
+ * //                 roleArn: "STRING_VALUE",
+ * //               },
  * //             },
  * //           ],
  * //           logConfiguration: { // LogConfiguration

clients/client-ecs/src/models/models_0.ts

@@ -1963,6 +1963,74 @@ export interface ServiceConnectClientAlias {
   dnsName?: string;
 }
 
+/**
+ * @public
+ * <p>An object that represents the timeout configurations for Service Connect.</p>
+ *          <note>
+ *             <p>If <code>idleTimeout</code> is set to a time that is less than
+ * 				<code>perRequestTimeout</code>, the connection will close when the
+ * 				<code>idleTimeout</code> is reached and not the
+ * 				<code>perRequestTimeout</code>.</p>
+ *          </note>
+ */
+export interface TimeoutConfiguration {
+  /**
+   * @public
+   * <p>The amount of time in seconds a connection will stay active while idle. A
+   * 			value of <code>0</code> can be set to disable <code>idleTimeout</code>.</p>
+   *          <p>The <code>idleTimeout</code> default for
+   * 			<code>HTTP</code>/<code>HTTP2</code>/<code>GRPC</code> is 5 minutes.</p>
+   *          <p>The <code>idleTimeout</code> default for <code>TCP</code> is 1 hour.</p>
+   */
+  idleTimeoutSeconds?: number;
+
+  /**
+   * @public
+   * <p>The amount of time waiting for the upstream to respond with a complete response
+   * 			per request. A value of <code>0</code> can be set to disable <code>perRequestTimeout</code>.
+   * 			<code>perRequestTimeout</code> can only be set if Service Connect <code>appProtocol</code>
+   * 			isn't <code>TCP</code>. Only <code>idleTimeout</code> is allowed for <code>TCP</code>
+   *             <code>appProtocol</code>.</p>
+   */
+  perRequestTimeoutSeconds?: number;
+}
+
+/**
+ * @public
+ * <p>An object that represents the Amazon Web Services Private Certificate Authority certificate.</p>
+ */
+export interface ServiceConnectTlsCertificateAuthority {
+  /**
+   * @public
+   * <p>The ARN of the Amazon Web Services Private Certificate Authority certificate.</p>
+   */
+  awsPcaAuthorityArn?: string;
+}
+
+/**
+ * @public
+ * <p>An object that represents the configuration for Service Connect TLS.</p>
+ */
+export interface ServiceConnectTlsConfiguration {
+  /**
+   * @public
+   * <p>The signer certificate authority.</p>
+   */
+  issuerCertificateAuthority: ServiceConnectTlsCertificateAuthority | undefined;
+
+  /**
+   * @public
+   * <p>The Amazon Web Services Key Management Service key.</p>
+   */
+  kmsKey?: string;
+
+  /**
+   * @public
+   * <p>The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS.</p>
+   */
+  roleArn?: string;
+}
+
 /**
  * @public
  * <p>The Service Connect service object configuration. For more information, see <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-connect.html">Service Connect</a> in the <i>Amazon Elastic Container Service Developer Guide</i>.</p>
@@ -2010,6 +2078,18 @@ export interface ServiceConnectService {
    * 			Service Connect proxy.</p>
    */
   ingressPortOverride?: number;
+
+  /**
+   * @public
+   * <p>A reference to an object that represents the configured timeouts for Service Connect.</p>
+   */
+  timeout?: TimeoutConfiguration;
+
+  /**
+   * @public
+   * <p>An object that represents the configuration for Service Connect TLS.</p>
+   */
+  tls?: ServiceConnectTlsConfiguration;
 }
 
 /**
@@ -6752,9 +6832,9 @@ export interface Volume {
    * 			task definition revision may only have one volume configured at launch in the volume
    * 			configuration.</p>
    *          <p>To configure a volume at launch time, use this task definition revision and specify a
-   * 				<code>volumeConfigurations</code> object when calling the
+   * 			<code>volumeConfigurations</code> object when calling the
    * 			<code>CreateService</code>, <code>UpdateService</code>, <code>RunTask</code> or
-   * 				<code>StartTask</code> APIs.</p>
+   * 			<code>StartTask</code> APIs.</p>
    */
   configuredAtLaunch?: boolean;
 }

clients/client-ecs/src/protocols/Aws_json1_1.ts

@@ -315,6 +315,8 @@ import {
   ServiceConnectClientAlias,
   ServiceConnectConfiguration,
   ServiceConnectService,
+  ServiceConnectTlsCertificateAuthority,
+  ServiceConnectTlsConfiguration,
   ServiceEvent,
   ServiceField,
   ServiceManagedEBSVolumeConfiguration,
@@ -346,6 +348,7 @@ import {
   TaskSetField,
   TaskSetNotFoundException,
   TaskVolumeConfiguration,
+  TimeoutConfiguration,
   Tmpfs,
   Ulimit,
   UnsupportedFeatureException,
@@ -5082,6 +5085,10 @@ const se_Scale = (input: Scale, context: __SerdeContext): any => {
 
 // se_ServiceConnectServiceList omitted.
 
+// se_ServiceConnectTlsCertificateAuthority omitted.
+
+// se_ServiceConnectTlsConfiguration omitted.
+
 // se_ServiceFieldList omitted.
 
 // se_ServiceManagedEBSVolumeConfiguration omitted.
@@ -5156,6 +5163,8 @@ const se_SubmitTaskStateChangeRequest = (input: SubmitTaskStateChangeRequest, co
 
 // se_TaskVolumeConfigurations omitted.
 
+// se_TimeoutConfiguration omitted.
+
 // se_Tmpfs omitted.
 
 // se_TmpfsList omitted.
@@ -5917,6 +5926,10 @@ const de_Service = (output: any, context: __SerdeContext): Service => {
 
 // de_ServiceConnectServiceResourceList omitted.
 
+// de_ServiceConnectTlsCertificateAuthority omitted.
+
+// de_ServiceConnectTlsConfiguration omitted.
+
 /**
  * deserializeAws_json1_1ServiceEvent
  */
@@ -6169,6 +6182,8 @@ const de_TaskSets = (output: any, context: __SerdeContext): TaskSet[] => {
   return retVal;
 };
 
+// de_TimeoutConfiguration omitted.
+
 // de_Tmpfs omitted.
 
 // de_TmpfsList omitted.

codegen/sdk-codegen/aws-models/ecs.json

@@ -5537,6 +5537,15 @@
         "smithy.api#default": 0
       }
     },
+    "com.amazonaws.ecs#Duration": {
+      "type": "integer",
+      "traits": {
+        "smithy.api#range": {
+          "min": 0,
+          "max": 2147483647
+        }
+      }
+    },
     "com.amazonaws.ecs#EBSKMSKeyId": {
       "type": "string"
     },
@@ -9974,6 +9983,15 @@
           "traits": {
             "smithy.api#documentation": "<p>The port number for the Service Connect proxy to listen on.</p>\n         <p>Use the value of this field to bypass the proxy for traffic on the port number\n\t\t\tspecified in the named <code>portMapping</code> in the task definition of this\n\t\t\tapplication, and then use it in your VPC security groups to allow traffic into the proxy\n\t\t\tfor this Amazon ECS service.</p>\n         <p>In <code>awsvpc</code> mode and Fargate, the default value is the container port\n\t\t\tnumber. The container port number is in the <code>portMapping</code> in the task\n\t\t\tdefinition. In bridge mode, the default value is the ephemeral port of the\n\t\t\tService Connect proxy.</p>"
           }
+        },
+        "timeout": {
+          "target": "com.amazonaws.ecs#TimeoutConfiguration",
+          "traits": {
+            "smithy.api#documentation": "<p>A reference to an object that represents the configured timeouts for Service Connect.</p>"
+          }
+        },
+        "tls": {
+          "target": "com.amazonaws.ecs#ServiceConnectTlsConfiguration"
         }
       },
       "traits": {
@@ -10012,6 +10030,47 @@
         "target": "com.amazonaws.ecs#ServiceConnectServiceResource"
       }
     },
+    "com.amazonaws.ecs#ServiceConnectTlsCertificateAuthority": {
+      "type": "structure",
+      "members": {
+        "awsPcaAuthorityArn": {
+          "target": "com.amazonaws.ecs#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The ARN of the Amazon Web Services Private Certificate Authority certificate.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>An object that represents the Amazon Web Services Private Certificate Authority certificate.</p>"
+      }
+    },
+    "com.amazonaws.ecs#ServiceConnectTlsConfiguration": {
+      "type": "structure",
+      "members": {
+        "issuerCertificateAuthority": {
+          "target": "com.amazonaws.ecs#ServiceConnectTlsCertificateAuthority",
+          "traits": {
+            "smithy.api#documentation": "<p>The signer certificate authority.</p>",
+            "smithy.api#required": {}
+          }
+        },
+        "kmsKey": {
+          "target": "com.amazonaws.ecs#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Web Services Key Management Service key.</p>"
+          }
+        },
+        "roleArn": {
+          "target": "com.amazonaws.ecs#String",
+          "traits": {
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the IAM role that's associated with the Service Connect TLS.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>An object that represents the configuration for Service Connect TLS.</p>"
+      }
+    },
     "com.amazonaws.ecs#ServiceEvent": {
       "type": "structure",
       "members": {
@@ -12028,6 +12087,26 @@
         "target": "com.amazonaws.ecs#Task"
       }
     },
+    "com.amazonaws.ecs#TimeoutConfiguration": {
+      "type": "structure",
+      "members": {
+        "idleTimeoutSeconds": {
+          "target": "com.amazonaws.ecs#Duration",
+          "traits": {
+            "smithy.api#documentation": "<p>The amount of time in seconds a connection will stay active while idle. A \n\t\t\tvalue of <code>0</code> can be set to disable <code>idleTimeout</code>.</p>\n         <p>The <code>idleTimeout</code> default for\n\t\t\t<code>HTTP</code>/<code>HTTP2</code>/<code>GRPC</code> is 5 minutes.</p>\n         <p>The <code>idleTimeout</code> default for <code>TCP</code> is 1 hour.</p>"
+          }
+        },
+        "perRequestTimeoutSeconds": {
+          "target": "com.amazonaws.ecs#Duration",
+          "traits": {
+            "smithy.api#documentation": "<p>The amount of time waiting for the upstream to respond with a complete response \n\t\t\tper request. A value of <code>0</code> can be set to disable <code>perRequestTimeout</code>. \n\t\t\t<code>perRequestTimeout</code> can only be set if Service Connect <code>appProtocol</code> \n\t\t\tisn't <code>TCP</code>. Only <code>idleTimeout</code> is allowed for <code>TCP</code>\n            <code>appProtocol</code>.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>An object that represents the timeout configurations for Service Connect.</p>\n         <note>\n            <p>If <code>idleTimeout</code> is set to a time that is less than\n\t\t\t\t<code>perRequestTimeout</code>, the connection will close when the\n\t\t\t\t<code>idleTimeout</code> is reached and not the\n\t\t\t\t<code>perRequestTimeout</code>.</p>\n         </note>"
+      }
+    },
     "com.amazonaws.ecs#Timestamp": {
       "type": "timestamp"
     },
@@ -13247,7 +13326,7 @@
         "configuredAtLaunch": {
           "target": "com.amazonaws.ecs#BoxedBoolean",
           "traits": {
-            "smithy.api#documentation": "<p>Indicates whether the volume should be configured at launch time. This is used to\n\t\t\tcreate Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each\n\t\t\ttask definition revision may only have one volume configured at launch in the volume\n\t\t\tconfiguration.</p>\n         <p>To configure a volume at launch time, use this task definition revision and specify a\n\t\t\t\t<code>volumeConfigurations</code> object when calling the\n\t\t\t<code>CreateService</code>, <code>UpdateService</code>, <code>RunTask</code> or\n\t\t\t\t<code>StartTask</code> APIs.</p>"
+            "smithy.api#documentation": "<p>Indicates whether the volume should be configured at launch time. This is used to\n\t\t\tcreate Amazon EBS volumes for standalone tasks or tasks created as part of a service. Each\n\t\t\ttask definition revision may only have one volume configured at launch in the volume\n\t\t\tconfiguration.</p>\n         <p>To configure a volume at launch time, use this task definition revision and specify a\n\t\t\t<code>volumeConfigurations</code> object when calling the\n\t\t\t<code>CreateService</code>, <code>UpdateService</code>, <code>RunTask</code> or\n\t\t\t<code>StartTask</code> APIs.</p>"
           }
         }
       },