Amazon EC2 Container Service

2019/07/18 - Amazon EC2 Container Service - 7 updated api methods

Changes  Update ecs client to latest version

CreateCluster (updated) Link ¶
Changes (request, response)
Request
{'settings': [{'name': 'containerInsights', 'value': 'string'}]}
Response
{'cluster': {'settings': [{'name': 'containerInsights', 'value': 'string'}]}}

Creates a new Amazon ECS cluster. By default, your account receives a default cluster when you launch your first container instance. However, you can create your own cluster with a unique name with the CreateCluster action.

See also: AWS API Documentation

Request Syntax

client.create_cluster(
    clusterName='string',
    tags=[
        {
            'key': 'string',
            'value': 'string'
        },
    ],
    settings=[
        {
            'name': 'containerInsights',
            'value': 'string'
        },
    ]
)
type clusterName:

string

param clusterName:

The name of your cluster. If you do not specify a name for your cluster, you create a cluster named default. Up to 255 letters (uppercase and lowercase), numbers, and hyphens are allowed.

type tags:

list

param tags:

The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

  • (dict) --

    The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

    • key (string) --

      One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

    • value (string) --

      The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

type settings:

list

param settings:

The setting to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster. If this value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.

  • (dict) --

    The settings to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster.

    • name (string) --

      The name of the cluster setting. The only supported value is containerInsights.

    • value (string) --

      The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.

rtype:

dict

returns:

Response Syntax

{
    'cluster': {
        'clusterArn': 'string',
        'clusterName': 'string',
        'status': 'string',
        'registeredContainerInstancesCount': 123,
        'runningTasksCount': 123,
        'pendingTasksCount': 123,
        'activeServicesCount': 123,
        'statistics': [
            {
                'name': 'string',
                'value': 'string'
            },
        ],
        'tags': [
            {
                'key': 'string',
                'value': 'string'
            },
        ],
        'settings': [
            {
                'name': 'containerInsights',
                'value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • cluster (dict) --

      The full description of your new cluster.

      • clusterArn (string) --

        The Amazon Resource Name (ARN) that identifies the cluster. The ARN contains the arn:aws:ecs namespace, followed by the Region of the cluster, the AWS account ID of the cluster owner, the cluster namespace, and then the cluster name. For example, arn:aws:ecs:region:012345678910:cluster/test.

      • clusterName (string) --

        A user-generated string that you use to identify your cluster.

      • status (string) --

        The status of the cluster. The valid values are ACTIVE or INACTIVE. ACTIVE indicates that you can register container instances with the cluster and the associated instances can accept tasks.

      • registeredContainerInstancesCount (integer) --

        The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.

      • runningTasksCount (integer) --

        The number of tasks in the cluster that are in the RUNNING state.

      • pendingTasksCount (integer) --

        The number of tasks in the cluster that are in the PENDING state.

      • activeServicesCount (integer) --

        The number of services that are running on the cluster in an ACTIVE state. You can view these services with ListServices.

      • statistics (list) --

        Additional information about your clusters that are separated by launch type, including:

        • runningEC2TasksCount

        • RunningFargateTasksCount

        • pendingEC2TasksCount

        • pendingFargateTasksCount

        • activeEC2ServiceCount

        • activeFargateServiceCount

        • drainingEC2ServiceCount

        • drainingFargateServiceCount

        • (dict) --

          A key-value pair object.

          • name (string) --

            The name of the key-value pair. For environment variables, this is the name of the environment variable.

          • value (string) --

            The value of the key-value pair. For environment variables, this is the value of the environment variable.

      • tags (list) --

        The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

        • (dict) --

          The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • key (string) --

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • value (string) --

            The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

      • settings (list) --

        The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is enabled or disabled for a cluster.

        • (dict) --

          The settings to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster.

          • name (string) --

            The name of the cluster setting. The only supported value is containerInsights.

          • value (string) --

            The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.

DeleteAccountSetting (updated) Link ¶
Changes (request, response)
Request
{'name': {'containerInsights'}}
Response
{'setting': {'name': {'containerInsights'}}}

Disables an account setting for a specified IAM user, IAM role, or the root user for an account.

See also: AWS API Documentation

Request Syntax

client.delete_account_setting(
    name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
    principalArn='string'
)
type name:

string

param name:

[REQUIRED]

The resource name for which to disable the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected.

type principalArn:

string

param principalArn:

The ARN of the principal, which can be an IAM user, IAM role, or the root user. If you specify the root user, it disables the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

rtype:

dict

returns:

Response Syntax

{
    'setting': {
        'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
        'value': 'string',
        'principalArn': 'string'
    }
}

Response Structure

  • (dict) --

    • setting (dict) --

      The account setting for the specified principal ARN.

      • name (string) --

        The Amazon ECS resource name.

      • value (string) --

        Whether the account setting is enabled or disabled for the specified resource.

      • principalArn (string) --

        The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.

DeleteCluster (updated) Link ¶
Changes (response)
{'cluster': {'settings': [{'name': 'containerInsights', 'value': 'string'}]}}

Deletes the specified cluster. You must deregister all container instances from this cluster before you may delete it. You can list the container instances in a cluster with ListContainerInstances and deregister them with DeregisterContainerInstance.

See also: AWS API Documentation

Request Syntax

client.delete_cluster(
    cluster='string'
)
type cluster:

string

param cluster:

[REQUIRED]

The short name or full Amazon Resource Name (ARN) of the cluster to delete.

rtype:

dict

returns:

Response Syntax

{
    'cluster': {
        'clusterArn': 'string',
        'clusterName': 'string',
        'status': 'string',
        'registeredContainerInstancesCount': 123,
        'runningTasksCount': 123,
        'pendingTasksCount': 123,
        'activeServicesCount': 123,
        'statistics': [
            {
                'name': 'string',
                'value': 'string'
            },
        ],
        'tags': [
            {
                'key': 'string',
                'value': 'string'
            },
        ],
        'settings': [
            {
                'name': 'containerInsights',
                'value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • cluster (dict) --

      The full description of the deleted cluster.

      • clusterArn (string) --

        The Amazon Resource Name (ARN) that identifies the cluster. The ARN contains the arn:aws:ecs namespace, followed by the Region of the cluster, the AWS account ID of the cluster owner, the cluster namespace, and then the cluster name. For example, arn:aws:ecs:region:012345678910:cluster/test.

      • clusterName (string) --

        A user-generated string that you use to identify your cluster.

      • status (string) --

        The status of the cluster. The valid values are ACTIVE or INACTIVE. ACTIVE indicates that you can register container instances with the cluster and the associated instances can accept tasks.

      • registeredContainerInstancesCount (integer) --

        The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.

      • runningTasksCount (integer) --

        The number of tasks in the cluster that are in the RUNNING state.

      • pendingTasksCount (integer) --

        The number of tasks in the cluster that are in the PENDING state.

      • activeServicesCount (integer) --

        The number of services that are running on the cluster in an ACTIVE state. You can view these services with ListServices.

      • statistics (list) --

        Additional information about your clusters that are separated by launch type, including:

        • runningEC2TasksCount

        • RunningFargateTasksCount

        • pendingEC2TasksCount

        • pendingFargateTasksCount

        • activeEC2ServiceCount

        • activeFargateServiceCount

        • drainingEC2ServiceCount

        • drainingFargateServiceCount

        • (dict) --

          A key-value pair object.

          • name (string) --

            The name of the key-value pair. For environment variables, this is the name of the environment variable.

          • value (string) --

            The value of the key-value pair. For environment variables, this is the value of the environment variable.

      • tags (list) --

        The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

        • (dict) --

          The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • key (string) --

            One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

          • value (string) --

            The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

      • settings (list) --

        The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is enabled or disabled for a cluster.

        • (dict) --

          The settings to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster.

          • name (string) --

            The name of the cluster setting. The only supported value is containerInsights.

          • value (string) --

            The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.

DescribeClusters (updated) Link ¶
Changes (response)
{'clusters': {'settings': [{'name': 'containerInsights', 'value': 'string'}]}}

Describes one or more of your clusters.

See also: AWS API Documentation

Request Syntax

client.describe_clusters(
    clusters=[
        'string',
    ],
    include=[
        'STATISTICS'|'TAGS',
    ]
)
type clusters:

list

param clusters:

A list of up to 100 cluster names or full cluster Amazon Resource Name (ARN) entries. If you do not specify a cluster, the default cluster is assumed.

  • (string) --

type include:

list

param include:

Additional information about your clusters to be separated by launch type, including:

  • runningEC2TasksCount

  • runningFargateTasksCount

  • pendingEC2TasksCount

  • pendingFargateTasksCount

  • activeEC2ServiceCount

  • activeFargateServiceCount

  • drainingEC2ServiceCount

  • drainingFargateServiceCount

  • (string) --

rtype:

dict

returns:

Response Syntax

{
    'clusters': [
        {
            'clusterArn': 'string',
            'clusterName': 'string',
            'status': 'string',
            'registeredContainerInstancesCount': 123,
            'runningTasksCount': 123,
            'pendingTasksCount': 123,
            'activeServicesCount': 123,
            'statistics': [
                {
                    'name': 'string',
                    'value': 'string'
                },
            ],
            'tags': [
                {
                    'key': 'string',
                    'value': 'string'
                },
            ],
            'settings': [
                {
                    'name': 'containerInsights',
                    'value': 'string'
                },
            ]
        },
    ],
    'failures': [
        {
            'arn': 'string',
            'reason': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • clusters (list) --

      The list of clusters.

      • (dict) --

        A regional grouping of one or more container instances on which you can run task requests. Each account receives a default cluster the first time you use the Amazon ECS service, but you may also create other clusters. Clusters may contain more than one instance type simultaneously.

        • clusterArn (string) --

          The Amazon Resource Name (ARN) that identifies the cluster. The ARN contains the arn:aws:ecs namespace, followed by the Region of the cluster, the AWS account ID of the cluster owner, the cluster namespace, and then the cluster name. For example, arn:aws:ecs:region:012345678910:cluster/test.

        • clusterName (string) --

          A user-generated string that you use to identify your cluster.

        • status (string) --

          The status of the cluster. The valid values are ACTIVE or INACTIVE. ACTIVE indicates that you can register container instances with the cluster and the associated instances can accept tasks.

        • registeredContainerInstancesCount (integer) --

          The number of container instances registered into the cluster. This includes container instances in both ACTIVE and DRAINING status.

        • runningTasksCount (integer) --

          The number of tasks in the cluster that are in the RUNNING state.

        • pendingTasksCount (integer) --

          The number of tasks in the cluster that are in the PENDING state.

        • activeServicesCount (integer) --

          The number of services that are running on the cluster in an ACTIVE state. You can view these services with ListServices.

        • statistics (list) --

          Additional information about your clusters that are separated by launch type, including:

          • runningEC2TasksCount

          • RunningFargateTasksCount

          • pendingEC2TasksCount

          • pendingFargateTasksCount

          • activeEC2ServiceCount

          • activeFargateServiceCount

          • drainingEC2ServiceCount

          • drainingFargateServiceCount

          • (dict) --

            A key-value pair object.

            • name (string) --

              The name of the key-value pair. For environment variables, this is the name of the environment variable.

            • value (string) --

              The value of the key-value pair. For environment variables, this is the value of the environment variable.

        • tags (list) --

          The metadata that you apply to the cluster to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

          • (dict) --

            The metadata that you apply to a resource to help you categorize and organize them. Each tag consists of a key and an optional value, both of which you define. Tag keys can have a maximum character length of 128 characters, and tag values can have a maximum length of 256 characters.

            • key (string) --

              One part of a key-value pair that make up a tag. A key is a general label that acts like a category for more specific tag values.

            • value (string) --

              The optional part of a key-value pair that make up a tag. A value acts as a descriptor within a tag category (key).

        • settings (list) --

          The settings for the cluster. This parameter indicates whether CloudWatch Container Insights is enabled or disabled for a cluster.

          • (dict) --

            The settings to use when creating a cluster. This parameter is used to enable CloudWatch Container Insights for a cluster.

            • name (string) --

              The name of the cluster setting. The only supported value is containerInsights.

            • value (string) --

              The value to set for the cluster setting. The supported values are enabled and disabled. If enabled is specified, CloudWatch Container Insights will be enabled for the cluster, otherwise it will be disabled unless the containerInsights account setting is enabled. If a cluster value is specified, it will override the containerInsights value set with PutAccountSetting or PutAccountSettingDefault.

    • failures (list) --

      Any failures associated with the call.

      • (dict) --

        A failed resource.

        • arn (string) --

          The Amazon Resource Name (ARN) of the failed resource.

        • reason (string) --

          The reason for the failure.

ListAccountSettings (updated) Link ¶
Changes (request, response)
Request
{'name': {'containerInsights'}}
Response
{'settings': {'name': {'containerInsights'}}}

Lists the account settings for a specified principal.

See also: AWS API Documentation

Request Syntax

client.list_account_settings(
    name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
    value='string',
    principalArn='string',
    effectiveSettings=True|False,
    nextToken='string',
    maxResults=123
)
type name:

string

param name:

The resource name you want to list the account settings for.

type value:

string

param value:

The value of the account settings with which to filter results. You must also specify an account setting name to use this parameter.

type principalArn:

string

param principalArn:

The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the account settings are listed only for the authenticated user.

type effectiveSettings:

boolean

param effectiveSettings:

Specifies whether to return the effective settings. If true, the account settings for the root user or the default setting for the principalArn are returned. If false, the account settings for the principalArn are returned if they are set. Otherwise, no account settings are returned.

type nextToken:

string

param nextToken:

The nextToken value returned from a previous paginated ListAccountSettings request where maxResults was used and the results exceeded the value of that parameter. Pagination continues from the end of the previous results that returned the nextToken value.

type maxResults:

integer

param maxResults:

The maximum number of account setting results returned by ListAccountSettings in paginated output. When this parameter is used, ListAccountSettings only returns maxResults results in a single page along with a nextToken response element. The remaining results of the initial request can be seen by sending another ListAccountSettings request with the returned nextToken value. This value can be between 1 and 10. If this parameter is not used, then ListAccountSettings returns up to 10 results and a nextToken value if applicable.

rtype:

dict

returns:

Response Syntax

{
    'settings': [
        {
            'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
            'value': 'string',
            'principalArn': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • settings (list) --

      The account settings for the resource.

      • (dict) --

        The current account setting for a resource.

        • name (string) --

          The Amazon ECS resource name.

        • value (string) --

          Whether the account setting is enabled or disabled for the specified resource.

        • principalArn (string) --

          The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.

    • nextToken (string) --

      The nextToken value to include in a future ListAccountSettings request. When the results of a ListAccountSettings request exceed maxResults, this value can be used to retrieve the next page of results. This value is null when there are no more results to return.

PutAccountSetting (updated) Link ¶
Changes (request, response)
Request
{'name': {'containerInsights'}}
Response
{'setting': {'name': {'containerInsights'}}}

Modifies an account setting. If you change the account setting for the root user, the default settings for all of the IAM users and roles for which no individual account setting has been specified are reset. For more information, see Account Settings in the Amazon Elastic Container Service Developer Guide.

When serviceLongArnFormat, taskLongArnFormat, or containerInstanceLongArnFormat are specified, the Amazon Resource Name (ARN) and resource ID format of the resource type for a specified IAM user, IAM role, or the root user for an account is affected. The opt-in and opt-out account setting must be set for each Amazon ECS resource separately. The ARN and resource ID format of a resource will be defined by the opt-in status of the IAM user or role that created the resource. You must enable this setting to use Amazon ECS features such as resource tagging.

When awsvpcTrunking is specified, the elastic network interface (ENI) limit for any new container instances that support the feature is changed. If awsvpcTrunking is enabled, any new container instances that support the feature are launched have the increased ENI limits available to them. For more information, see Elastic Network Interface Trunking in the Amazon Elastic Container Service Developer Guide.

When containerInsights is specified, the default setting indicating whether CloudWatch Container Insights is enabled for your clusters is changed. If containerInsights is enabled, any new clusters that are created will have Container Insights enabled unless you disable it during cluster creation. For more information, see CloudWatch Container Insights in the Amazon Elastic Container Service Developer Guide.

See also: AWS API Documentation

Request Syntax

client.put_account_setting(
    name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
    value='string',
    principalArn='string'
)
type name:

string

param name:

[REQUIRED]

The Amazon ECS resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the elastic network interface (ENI) limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for CloudWatch Container Insights for your clusters is affected.

type value:

string

param value:

[REQUIRED]

The account setting value for the specified principal ARN. Accepted values are enabled and disabled.

type principalArn:

string

param principalArn:

The ARN of the principal, which can be an IAM user, IAM role, or the root user. If you specify the root user, it modifies the account setting for all IAM users, IAM roles, and the root user of the account unless an IAM user or role explicitly overrides these settings. If this field is omitted, the setting is changed only for the authenticated user.

rtype:

dict

returns:

Response Syntax

{
    'setting': {
        'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
        'value': 'string',
        'principalArn': 'string'
    }
}

Response Structure

  • (dict) --

    • setting (dict) --

      The current account setting for a resource.

      • name (string) --

        The Amazon ECS resource name.

      • value (string) --

        Whether the account setting is enabled or disabled for the specified resource.

      • principalArn (string) --

        The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.

PutAccountSettingDefault (updated) Link ¶
Changes (request, response)
Request
{'name': {'containerInsights'}}
Response
{'setting': {'name': {'containerInsights'}}}

Modifies an account setting for all IAM users on an account for whom no individual account setting has been specified.

See also: AWS API Documentation

Request Syntax

client.put_account_setting_default(
    name='serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
    value='string'
)
type name:

string

param name:

[REQUIRED]

The resource name for which to modify the account setting. If serviceLongArnFormat is specified, the ARN for your Amazon ECS services is affected. If taskLongArnFormat is specified, the ARN and resource ID for your Amazon ECS tasks is affected. If containerInstanceLongArnFormat is specified, the ARN and resource ID for your Amazon ECS container instances is affected. If awsvpcTrunking is specified, the ENI limit for your Amazon ECS container instances is affected. If containerInsights is specified, the default setting for CloudWatch Container Insights for your clusters is affected.

type value:

string

param value:

[REQUIRED]

The account setting value for the specified principal ARN. Accepted values are enabled and disabled.

rtype:

dict

returns:

Response Syntax

{
    'setting': {
        'name': 'serviceLongArnFormat'|'taskLongArnFormat'|'containerInstanceLongArnFormat'|'awsvpcTrunking'|'containerInsights',
        'value': 'string',
        'principalArn': 'string'
    }
}

Response Structure

  • (dict) --

    • setting (dict) --

      The current account setting for a resource.

      • name (string) --

        The Amazon ECS resource name.

      • value (string) --

        Whether the account setting is enabled or disabled for the specified resource.

      • principalArn (string) --

        The ARN of the principal, which can be an IAM user, IAM role, or the root user. If this field is omitted, the authenticated user is assumed.