{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE TypeFamilies #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.SecretsManager.TagResource -- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Attaches tags to a secret. Tags consist of a key name and a value. Tags -- are part of the secret\'s metadata. They are not associated with -- specific versions of the secret. This operation appends tags to the -- existing list of tags. -- -- The following restrictions apply to tags: -- -- - Maximum number of tags per secret: 50 -- -- - Maximum key length: 127 Unicode characters in UTF-8 -- -- - Maximum value length: 255 Unicode characters in UTF-8 -- -- - Tag keys and values are case sensitive. -- -- - Do not use the @aws:@ prefix in your tag names or values because -- Amazon Web Services reserves it for Amazon Web Services use. You -- can\'t edit or delete tag names or values with this prefix. Tags -- with this prefix do not count against your tags per secret limit. -- -- - If you use your tagging schema across multiple services and -- resources, other services might have restrictions on allowed -- characters. Generally allowed characters: letters, spaces, and -- numbers representable in UTF-8, plus the following special -- characters: + - = . _ : \/ \@. -- -- If you use tags as part of your security strategy, then adding or -- removing a tag can change permissions. If successfully completing this -- operation would result in you losing your permissions for this secret, -- then the operation is blocked and returns an Access Denied error. -- -- Secrets Manager generates a CloudTrail log entry when you call this -- action. Do not include sensitive information in request parameters -- because it might be logged. For more information, see -- . -- -- __Required permissions:__ @secretsmanager:TagResource@. For more -- information, see -- -- and -- . module Amazonka.SecretsManager.TagResource ( -- * Creating a Request TagResource (..), newTagResource, -- * Request Lenses tagResource_secretId, tagResource_tags, -- * Destructuring the Response TagResourceResponse (..), newTagResourceResponse, ) where import qualified Amazonka.Core as Core import qualified Amazonka.Core.Lens.Internal as Lens import qualified Amazonka.Data as Data import qualified Amazonka.Prelude as Prelude import qualified Amazonka.Request as Request import qualified Amazonka.Response as Response import Amazonka.SecretsManager.Types -- | /See:/ 'newTagResource' smart constructor. data TagResource = TagResource' { -- | The identifier for the secret to attach tags to. You can specify either -- the Amazon Resource Name (ARN) or the friendly name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See -- . secretId :: Prelude.Text, -- | The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a @Key@ and a @Value@. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key\/value pairs. For more information, see -- -- in the Amazon Web Services CLI User Guide. tags :: [Tag] } deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic) -- | -- Create a value of 'TagResource' with all optional fields omitted. -- -- Use or to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'secretId', 'tagResource_secretId' - The identifier for the secret to attach tags to. You can specify either -- the Amazon Resource Name (ARN) or the friendly name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See -- . -- -- 'tags', 'tagResource_tags' - The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a @Key@ and a @Value@. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key\/value pairs. For more information, see -- -- in the Amazon Web Services CLI User Guide. newTagResource :: -- | 'secretId' Prelude.Text -> TagResource newTagResource pSecretId_ = TagResource' { secretId = pSecretId_, tags = Prelude.mempty } -- | The identifier for the secret to attach tags to. You can specify either -- the Amazon Resource Name (ARN) or the friendly name of the secret. -- -- For an ARN, we recommend that you specify a complete ARN rather than a -- partial ARN. See -- . tagResource_secretId :: Lens.Lens' TagResource Prelude.Text tagResource_secretId = Lens.lens (\TagResource' {secretId} -> secretId) (\s@TagResource' {} a -> s {secretId = a} :: TagResource) -- | The tags to attach to the secret as a JSON text string argument. Each -- element in the list consists of a @Key@ and a @Value@. -- -- For storing multiple values, we recommend that you use a JSON text -- string argument and specify key\/value pairs. For more information, see -- -- in the Amazon Web Services CLI User Guide. tagResource_tags :: Lens.Lens' TagResource [Tag] tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced instance Core.AWSRequest TagResource where type AWSResponse TagResource = TagResourceResponse request overrides = Request.postJSON (overrides defaultService) response = Response.receiveNull TagResourceResponse' instance Prelude.Hashable TagResource where hashWithSalt _salt TagResource' {..} = _salt `Prelude.hashWithSalt` secretId `Prelude.hashWithSalt` tags instance Prelude.NFData TagResource where rnf TagResource' {..} = Prelude.rnf secretId `Prelude.seq` Prelude.rnf tags instance Data.ToHeaders TagResource where toHeaders = Prelude.const ( Prelude.mconcat [ "X-Amz-Target" Data.=# ("secretsmanager.TagResource" :: Prelude.ByteString), "Content-Type" Data.=# ( "application/x-amz-json-1.1" :: Prelude.ByteString ) ] ) instance Data.ToJSON TagResource where toJSON TagResource' {..} = Data.object ( Prelude.catMaybes [ Prelude.Just ("SecretId" Data..= secretId), Prelude.Just ("Tags" Data..= tags) ] ) instance Data.ToPath TagResource where toPath = Prelude.const "/" instance Data.ToQuery TagResource where toQuery = Prelude.const Prelude.mempty -- | /See:/ 'newTagResourceResponse' smart constructor. data TagResourceResponse = TagResourceResponse' { } deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic) -- | -- Create a value of 'TagResourceResponse' with all optional fields omitted. -- -- Use or to modify other optional fields. newTagResourceResponse :: TagResourceResponse newTagResourceResponse = TagResourceResponse' instance Prelude.NFData TagResourceResponse where rnf _ = ()