Merge branch 'release-1.40.39' into develop

aws-sdk-python-automation · aws-sdk-python-automation · commit 3e17a0535d5a · 2025-09-25T18:09:18.000Z
* release-1.40.39:
  Bumping version to 1.40.39
  Update endpoints model
  Update to latest models
diff --git a/.changes/1.40.39.json b/.changes/1.40.39.json
@@ -0,0 +1,17 @@
+[
+  {
+    "category": "``glue``",
+    "description": "Update GetConnection(s) API to return KmsKeyArn & Add 63 missing connection types",
+    "type": "api-change"
+  },
+  {
+    "category": "``lightsail``",
+    "description": "Attribute HTTP binding update for Get/Delete operations",
+    "type": "api-change"
+  },
+  {
+    "category": "``network-firewall``",
+    "description": "Network Firewall now introduces Reject and Alert action support for stateful domain list rule groups, providing customers with more granular control over their network traffic.",
+    "type": "api-change"
+  }
+]
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -2,6 +2,14 @@
 CHANGELOG
 =========
 
+1.40.39
+=======
+
+* api-change:``glue``: Update GetConnection(s) API to return KmsKeyArn & Add 63 missing connection types
+* api-change:``lightsail``: Attribute HTTP binding update for Get/Delete operations
+* api-change:``network-firewall``: Network Firewall now introduces Reject and Alert action support for stateful domain list rule groups, providing customers with more granular control over their network traffic.
+
+
 1.40.38
 =======
 
diff --git a/botocore/__init__.py b/botocore/__init__.py
@@ -17,7 +17,7 @@
 import re
 from logging import NullHandler
 
-__version__ = '1.40.38'
+__version__ = '1.40.39'
 
 
 # Configure default logger to do nothing
diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json
@@ -9557,6 +9557,7 @@
               "tags" : [ "fips" ]
             } ]
           },
+          "ap-southeast-6" : { },
           "ap-southeast-7" : {
             "variants" : [ {
               "hostname" : "elasticfilesystem-fips.ap-southeast-7.amazonaws.com",
@@ -11222,6 +11223,7 @@
               "tags" : [ "fips" ]
             } ]
           },
+          "ap-east-2" : { },
           "ap-northeast-1" : {
             "variants" : [ {
               "hostname" : "fms-fips.ap-northeast-1.amazonaws.com",
@@ -30998,6 +31000,12 @@
           "cn-northwest-1" : { }
         }
       },
+      "verifiedpermissions" : {
+        "endpoints" : {
+          "cn-north-1" : { },
+          "cn-northwest-1" : { }
+        }
+      },
       "waf-regional" : {
         "endpoints" : {
           "cn-north-1" : {
diff --git a/botocore/data/glue/2017-03-31/service-2.json b/botocore/data/glue/2017-03-31/service-2.json
diff --git a/botocore/data/lightsail/2016-11-28/service-2.json b/botocore/data/lightsail/2016-11-28/service-2.json
@@ -3232,7 +3232,7 @@
         },
         "message":{
           "shape":"BPAStatusMessage",
-          "documentation":"<p>A message that provides a reason for a <code>Failed</code> or <code>Defaulted</code> synchronization status.</p> <p>The following messages are possible:</p> <ul> <li> <p> <code>SYNC_ON_HOLD</code> - The synchronization has not yet happened. This status message occurs immediately after you create your first Lightsail bucket. This status message should change after the first synchronization happens, approximately 1 hour after the first bucket is created.</p> </li> <li> <p> <code>DEFAULTED_FOR_SLR_MISSING</code> - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. The account-level BPA configuration for your Lightsail buckets is defaulted to <i>active</i> until the synchronization can occur. This means that all your buckets are private and not publicly accessible. For more information about how to create the required service-linked role to allow synchronization, see <a href=\"https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-using-service-linked-roles\">Using Service-Linked Roles for Amazon Lightsail</a> in the <i>Amazon Lightsail Developer Guide</i>.</p> </li> <li> <p> <code>DEFAULTED_FOR_SLR_MISSING_ON_HOLD</code> - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. Account-level BPA is not yet configured for your Lightsail buckets. Therefore, only the bucket access permissions and individual object access permissions apply to your Lightsail buckets. For more information about how to create the required service-linked role to allow synchronization, see <a href=\"https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-using-service-linked-roles\">Using Service-Linked Roles for Amazon Lightsail</a> in the <i>Amazon Lightsail Developer Guide</i>.</p> </li> <li> <p> <code>Unknown</code> - The reason that synchronization failed is unknown. Contact Amazon Web ServicesSupport for more information.</p> </li> </ul>"
+          "documentation":"<p>A message that provides a reason for a <code>Failed</code> or <code>Defaulted</code> synchronization status.</p> <p>The following messages are possible:</p> <ul> <li> <p> <code>SYNC_ON_HOLD</code> - The synchronization has not yet happened. This status message occurs immediately after you create your first Lightsail bucket. This status message should change after the first synchronization happens, approximately 1 hour after the first bucket is created.</p> </li> <li> <p> <code>DEFAULTED_FOR_SLR_MISSING</code> - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. The account-level BPA configuration for your Lightsail buckets is defaulted to <i>active</i> until the synchronization can occur. This means that all your buckets are private and not publicly accessible. For more information about how to create the required service-linked role to allow synchronization, see <a href=\"https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-using-service-linked-roles\">Using Service-Linked Roles for Amazon Lightsail</a> in the <i>Amazon Lightsail Developer Guide</i>.</p> </li> <li> <p> <code>DEFAULTED_FOR_SLR_MISSING_ON_HOLD</code> - The synchronization failed because the required service-linked role is missing from your Amazon Web Services account. Account-level BPA is not yet configured for your Lightsail buckets. Therefore, only the bucket access permissions and individual object access permissions apply to your Lightsail buckets. For more information about how to create the required service-linked role to allow synchronization, see <a href=\"https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-using-service-linked-roles\">Using Service-Linked Roles for Amazon Lightsail</a> in the <i>Amazon Lightsail Developer Guide</i>.</p> </li> <li> <p> <code>Unknown</code> - The reason that synchronization failed is unknown. Contact Amazon Web Services Support for more information.</p> </li> </ul>"
         },
         "bpaImpactsLightsail":{
           "shape":"boolean",
diff --git a/botocore/data/network-firewall/2020-11-12/service-2.json b/botocore/data/network-firewall/2020-11-12/service-2.json
@@ -2856,7 +2856,9 @@
       "type":"string",
       "enum":[
         "ALLOWLIST",
-        "DENYLIST"
+        "DENYLIST",
+        "REJECTLIST",
+        "ALERTLIST"
       ]
     },
     "GetAnalysisReportResultsRequest":{
@@ -4082,7 +4084,7 @@
         },
         "GeneratedRulesType":{
           "shape":"GeneratedRulesType",
-          "documentation":"<p>Whether you want to allow or deny access to the domains in your target list.</p>"
+          "documentation":"<p>Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.</p> <note> <p>When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.</p> </note>"
         }
       },
       "documentation":"<p>Stateful inspection criteria for a domain list rule group. </p> <p>For HTTPS traffic, domain filtering is SNI-based. It uses the server name indicator extension of the TLS handshake.</p> <p>By default, Network Firewall domain list inspection only includes traffic coming from the VPC where you deploy the firewall. To inspect traffic from IP addresses outside of the deployment VPC, you set the <code>HOME_NET</code> rule variable to include the CIDR range of the deployment VPC plus the other CIDR ranges. For more information, see <a>RuleVariables</a> in this guide and <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/stateful-rule-groups-domain-names.html\">Stateful domain list rule groups in Network Firewall</a> in the <i>Network Firewall Developer Guide</i>.</p>"
diff --git a/docs/source/conf.py b/docs/source/conf.py
@@ -59,7 +59,7 @@
 # The short X.Y version.
 version = '1.40.'
 # The full version, including alpha/beta/rc tags.
-release = '1.40.38'
+release = '1.40.39'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
