diff --git a/.docs.version b/.docs.version index 62d27c1d7b..d23c5e42d8 100644 --- a/.docs.version +++ b/.docs.version @@ -1 +1 @@ -cddd40c58fe29009edc87b434dff37ed2144bea0 +e85b52d7ef350840f279cc004f4b97f62cb4c71c diff --git a/aws-cloudformation-schema/aws-apigateway-vpclink.json b/aws-cloudformation-schema/aws-apigateway-vpclink.json index aadfa797c0..42827585af 100644 --- a/aws-cloudformation-schema/aws-apigateway-vpclink.json +++ b/aws-cloudformation-schema/aws-apigateway-vpclink.json @@ -4,11 +4,11 @@ "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "properties" : { "Name" : { - "description" : "The name used to label and identify the VPC link.", + "description" : "", "type" : "string" }, "Description" : { - "description" : "The description of the VPC link.", + "description" : "", "type" : "string" }, "Tags" : { @@ -21,7 +21,7 @@ } }, "TargetArns" : { - "description" : "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.", + "description" : "", "type" : "array", "uniqueItems" : false, "insertionOrder" : false, diff --git a/aws-cloudformation-schema/aws-apigatewayv2-domainname.json b/aws-cloudformation-schema/aws-apigatewayv2-domainname.json index dd4cf8268c..6be48cff16 100644 --- a/aws-cloudformation-schema/aws-apigatewayv2-domainname.json +++ b/aws-cloudformation-schema/aws-apigatewayv2-domainname.json @@ -17,7 +17,7 @@ "type" : "string" }, "DomainName" : { - "description" : "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description" : "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "type" : "string" }, "DomainNameConfigurations" : { @@ -80,7 +80,7 @@ "description" : "An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source." } }, - "description" : "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource." + "description" : "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource." } }, "required" : [ "DomainName" ], diff --git a/aws-cloudformation-schema/aws-autoscaling-autoscalinggroup.json b/aws-cloudformation-schema/aws-autoscaling-autoscalinggroup.json index a06f3d2f50..f97b50865e 100644 --- a/aws-cloudformation-schema/aws-autoscaling-autoscalinggroup.json +++ b/aws-cloudformation-schema/aws-autoscaling-autoscalinggroup.json @@ -12,7 +12,7 @@ "createOnlyProperties" : [ "/properties/InstanceId", "/properties/AutoScalingGroupName" ], "primaryIdentifier" : [ "/properties/AutoScalingGroupName" ], "required" : [ "MinSize", "MaxSize" ], - "conditionalCreateOnlyProperties" : [ "/properties/LaunchConfigurationName", "/properties/VPCZoneIdentifier", "/properties/PlacementGroup", "/properties/LaunchTemplate", "/properties/MixedInstancesPolicy" ], + "conditionalCreateOnlyProperties" : [ "/properties/LaunchConfigurationName", "/properties/VPCZoneIdentifier", "/properties/LaunchTemplate", "/properties/MixedInstancesPolicy" ], "propertyTransform" : { "/properties/LaunchConfigurationName" : "InstanceId? AutoScalingGroupName : LaunchConfigurationName" }, @@ -21,11 +21,11 @@ "permissions" : [ "autoscaling:Describe*", "managed-fleets:Get*" ] }, "create" : { - "permissions" : [ "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:Describe*", "autoscaling:EnableMetricsCollection", "autoscaling:PutNotificationConfiguration", "cloudwatch:PutMetricAlarm", "ec2:Describe*", "ec2:Get*", "ec2:RunInstances", "elasticloadbalancing:Describe*", "iam:CreateServiceLinkedRole", "iam:PassRole", "managed-fleets:Get*", "managed-fleets:CreateAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", "ssm:Get*" ], + "permissions" : [ "autoscaling:CreateAutoScalingGroup", "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:Describe*", "autoscaling:EnableMetricsCollection", "autoscaling:PutNotificationConfiguration", "cloudwatch:PutMetricAlarm", "ec2:Describe*", "ec2:Get*", "ec2:RunInstances", "elasticloadbalancing:Describe*", "iam:CreateServiceLinkedRole", "iam:PassRole", "managed-fleets:Get*", "managed-fleets:CreateAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", "ssm:Get*", "vpc-lattice:DeregisterTargets", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListTargets", "vpc-lattice:RegisterTargets" ], "timeoutInMinutes" : 360 }, "update" : { - "permissions" : [ "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags", "autoscaling:Describe*", "autoscaling:EnableMetricsCollection", "autoscaling:DisableMetricsCollection", "autoscaling:PutNotificationConfiguration", "autoscaling:DeleteNotificationConfiguration", "autoscaling:DetachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancers", "autoscaling:DetachLoadBalancers", "autoscaling:AttachTrafficSources", "autoscaling:DetachTrafficSources", "autoscaling:DeleteLifecycleHook", "autoscaling:PutLifecycleHook", "cloudwatch:PutMetricAlarm", "ec2:Describe*", "ec2:Get*", "ec2:RunInstances", "elasticloadbalancing:Describe*", "iam:CreateServiceLinkedRole", "iam:PassRole", "managed-fleets:Get*", "managed-fleets:RegisterAutoScalingGroup", "managed-fleets:DeregisterAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", "ssm:Get*" ], + "permissions" : [ "autoscaling:UpdateAutoScalingGroup", "autoscaling:CreateOrUpdateTags", "autoscaling:DeleteTags", "autoscaling:Describe*", "autoscaling:EnableMetricsCollection", "autoscaling:DisableMetricsCollection", "autoscaling:PutNotificationConfiguration", "autoscaling:DeleteNotificationConfiguration", "autoscaling:DetachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancerTargetGroups", "autoscaling:AttachLoadBalancers", "autoscaling:DetachLoadBalancers", "autoscaling:AttachTrafficSources", "autoscaling:DetachTrafficSources", "autoscaling:DeleteLifecycleHook", "autoscaling:PutLifecycleHook", "cloudwatch:PutMetricAlarm", "ec2:Describe*", "ec2:Get*", "ec2:RunInstances", "elasticloadbalancing:Describe*", "iam:CreateServiceLinkedRole", "iam:PassRole", "managed-fleets:Get*", "managed-fleets:RegisterAutoScalingGroup", "managed-fleets:DeregisterAutoScalingGroup", "managed-fleets:UpdateAutoScalingGroup", "ssm:Get*", "vpc-lattice:DeregisterTargets", "vpc-lattice:GetTargetGroup", "vpc-lattice:ListTargets", "vpc-lattice:RegisterTargets" ], "timeoutInMinutes" : 660 }, "list" : { @@ -389,6 +389,20 @@ } } }, + "TrafficSourceIdentifier" : { + "description" : "", + "additionalProperties" : false, + "type" : "object", + "properties" : { + "Type" : { + "type" : "string" + }, + "Identifier" : { + "type" : "string" + } + }, + "required" : [ "Identifier", "Type" ] + }, "MixedInstancesPolicy" : { "description" : "Use this structure to launch multiple instance types and On-Demand Instances and Spot Instances within a single Auto Scaling group.\n A mixed instances policy contains information that Amazon EC2 Auto Scaling can use to launch instances and help optimize your costs. For more information, see [Auto Scaling groups with multiple instance types and purchase options](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-mixed-instances-groups.html) in the *Amazon EC2 Auto Scaling User Guide*.\n You can create a mixed instances policy for new and existing Auto Scaling groups. You must use a launch template to configure the policy. You cannot use a launch configuration.\n There are key differences between Spot Instances and On-Demand Instances:\n + The price for Spot Instances varies based on demand\n + Amazon EC2 can terminate an individual Spot Instance as the availability of, or price for, Spot Instances changes\n \n When a Spot Instance is terminated, Amazon EC2 Auto Scaling group attempts to launch a replacement instance to maintain the desired capacity for the group. \n ``MixedInstancesPolicy`` is a property of the [AWS::AutoScaling::AutoScalingGroup](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-autoscaling-autoscalinggroup.html) resource.", "additionalProperties" : false, @@ -702,6 +716,15 @@ "description" : "The name of the Auto Scaling group. This name must be unique per Region per account.\n The name can contain any ASCII character 33 to 126 including most punctuation characters, digits, and upper and lowercased letters.\n You cannot use a colon (:) in the name.", "type" : "string" }, + "TrafficSources" : { + "uniqueItems" : true, + "description" : "", + "insertionOrder" : false, + "type" : "array", + "items" : { + "$ref" : "#/definitions/TrafficSourceIdentifier" + } + }, "DesiredCapacityType" : { "description" : "The unit of measurement for the value specified for desired capacity. Amazon EC2 Auto Scaling supports ``DesiredCapacityType`` for attribute-based instance type selection only. For more information, see [Create a mixed instances group using attribute-based instance type selection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-mixed-instances-group-attribute-based-instance-type-selection.html) in the *Amazon EC2 Auto Scaling User Guide*.\n By default, Amazon EC2 Auto Scaling specifies ``units``, which translates into number of instances.\n Valid values: ``units`` | ``vcpu`` | ``memory-mib``", "type" : "string" @@ -711,7 +734,7 @@ "type" : "string" }, "HealthCheckType" : { - "description" : "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set.", + "description" : "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set.", "type" : "string" }, "MaxInstanceLifetime" : { diff --git a/aws-cloudformation-schema/aws-autoscaling-warmpool.json b/aws-cloudformation-schema/aws-autoscaling-warmpool.json index 6d856a89f8..ff7e994bc2 100644 --- a/aws-cloudformation-schema/aws-autoscaling-warmpool.json +++ b/aws-cloudformation-schema/aws-autoscaling-warmpool.json @@ -34,6 +34,9 @@ "createOnlyProperties" : [ "/properties/AutoScalingGroupName" ], "primaryIdentifier" : [ "/properties/AutoScalingGroupName" ], "required" : [ "AutoScalingGroupName" ], + "tagging" : { + "taggable" : false + }, "handlers" : { "create" : { "permissions" : [ "autoscaling:PutWarmPool", "autoscaling:DescribeWarmPool", "autoscaling:DescribeAutoScalingGroups" ] diff --git a/aws-cloudformation-schema/aws-backup-backupplan.json b/aws-cloudformation-schema/aws-backup-backupplan.json index 503947b61c..6a559276d3 100644 --- a/aws-cloudformation-schema/aws-backup-backupplan.json +++ b/aws-cloudformation-schema/aws-backup-backupplan.json @@ -159,7 +159,7 @@ "permissions" : [ "backup:GetBackupPlan", "backup:ListTags" ] }, "create" : { - "permissions" : [ "backup:GetBackupPlan", "backup:TagResource", "backup:CreateBackupPlan" ] + "permissions" : [ "backup:GetBackupPlan", "backup:ListTags", "backup:TagResource", "backup:CreateBackupPlan" ] }, "delete" : { "permissions" : [ "backup:GetBackupPlan", "backup:DeleteBackupPlan" ] diff --git a/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json b/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json new file mode 100644 index 0000000000..f90c044a9b --- /dev/null +++ b/aws-cloudformation-schema/aws-backup-logicallyairgappedbackupvault.json @@ -0,0 +1,97 @@ +{ + "typeName" : "AWS::Backup::LogicallyAirGappedBackupVault", + "description" : "Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault", + "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "definitions" : { + "NotificationObjectType" : { + "type" : "object", + "additionalProperties" : false, + "properties" : { + "BackupVaultEvents" : { + "type" : "array", + "insertionOrder" : false, + "uniqueItems" : false, + "items" : { + "type" : "string" + } + }, + "SNSTopicArn" : { + "type" : "string" + } + }, + "required" : [ "SNSTopicArn", "BackupVaultEvents" ] + }, + "BackupVaultNamePattern" : { + "type" : "string", + "pattern" : "^[a-zA-Z0-9\\-\\_]{2,50}$" + } + }, + "properties" : { + "AccessPolicy" : { + "type" : [ "object", "string" ] + }, + "BackupVaultName" : { + "$ref" : "#/definitions/BackupVaultNamePattern" + }, + "MinRetentionDays" : { + "type" : "integer" + }, + "MaxRetentionDays" : { + "type" : "integer" + }, + "BackupVaultTags" : { + "type" : "object", + "additionalProperties" : false, + "patternProperties" : { + "^.{1,128}$" : { + "type" : "string" + } + } + }, + "Notifications" : { + "$ref" : "#/definitions/NotificationObjectType" + }, + "EncryptionKeyArn" : { + "type" : "string" + }, + "BackupVaultArn" : { + "type" : "string" + }, + "VaultState" : { + "type" : "string" + }, + "VaultType" : { + "type" : "string" + } + }, + "additionalProperties" : false, + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : true, + "tagProperty" : "/properties/BackupVaultTags", + "permissions" : [ "backup:TagResource", "backup:UntagResource", "backup:ListTags" ] + }, + "required" : [ "BackupVaultName", "MinRetentionDays", "MaxRetentionDays" ], + "createOnlyProperties" : [ "/properties/BackupVaultName", "/properties/MinRetentionDays", "/properties/MaxRetentionDays" ], + "readOnlyProperties" : [ "/properties/BackupVaultArn", "/properties/EncryptionKeyArn" ], + "primaryIdentifier" : [ "/properties/BackupVaultName" ], + "handlers" : { + "create" : { + "permissions" : [ "backup:TagResource", "backup:CreateLogicallyAirGappedBackupVault", "backup:PutBackupVaultAccessPolicy", "backup:PutBackupVaultNotifications", "backup-storage:Mount", "backup-storage:MountCapsule", "backup:DescribeBackupVault" ] + }, + "read" : { + "permissions" : [ "backup:DescribeBackupVault", "backup:GetBackupVaultNotifications", "backup:GetBackupVaultAccessPolicy", "backup:ListTags" ] + }, + "update" : { + "permissions" : [ "backup:DescribeBackupVault", "backup:DeleteBackupVaultAccessPolicy", "backup:DeleteBackupVaultNotifications", "backup:DeleteBackupVaultLockConfiguration", "backup:GetBackupVaultAccessPolicy", "backup:ListTags", "backup:TagResource", "backup:UntagResource", "backup:PutBackupVaultAccessPolicy", "backup:PutBackupVaultNotifications", "backup:PutBackupVaultLockConfiguration" ] + }, + "delete" : { + "permissions" : [ "backup:DeleteBackupVault" ] + }, + "list" : { + "permissions" : [ "backup:ListBackupVaults" ] + } + } +} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-batch-computeenvironment.json b/aws-cloudformation-schema/aws-batch-computeenvironment.json index ba54198e56..2830755481 100644 --- a/aws-cloudformation-schema/aws-batch-computeenvironment.json +++ b/aws-cloudformation-schema/aws-batch-computeenvironment.json @@ -204,7 +204,8 @@ "tagOnCreate" : true, "tagUpdatable" : false, "cloudFormationSystemTags" : false, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "Batch:TagResource", "Batch:UntagResource" ] }, "required" : [ "Type" ], "createOnlyProperties" : [ "/properties/ComputeResources/SpotIamFleetRole", "/properties/ComputeEnvironmentName", "/properties/Tags", "/properties/Type", "/properties/EksConfiguration" ], diff --git a/aws-cloudformation-schema/aws-batch-jobqueue.json b/aws-cloudformation-schema/aws-batch-jobqueue.json index b403807dac..e43fd6c104 100644 --- a/aws-cloudformation-schema/aws-batch-jobqueue.json +++ b/aws-cloudformation-schema/aws-batch-jobqueue.json @@ -97,7 +97,8 @@ "tagOnCreate" : true, "tagUpdatable" : false, "cloudFormationSystemTags" : false, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "Batch:TagResource", "Batch:UntagResource" ] }, "required" : [ "ComputeEnvironmentOrder", "Priority" ], "primaryIdentifier" : [ "/properties/JobQueueArn" ], diff --git a/aws-cloudformation-schema/aws-cognito-userpoolidentityprovider.json b/aws-cloudformation-schema/aws-cognito-userpoolidentityprovider.json index 992b3b9304..98e85cc4ac 100644 --- a/aws-cloudformation-schema/aws-cognito-userpoolidentityprovider.json +++ b/aws-cloudformation-schema/aws-cognito-userpoolidentityprovider.json @@ -1,36 +1,78 @@ { "typeName" : "AWS::Cognito::UserPoolIdentityProvider", "description" : "Resource Type definition for AWS::Cognito::UserPoolIdentityProvider", - "additionalProperties" : false, + "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "tagging" : { + "taggable" : false, + "tagOnCreate" : false, + "tagUpdatable" : false, + "cloudFormationSystemTags" : false + }, "properties" : { - "ProviderName" : { - "type" : "string" - }, "UserPoolId" : { "type" : "string" }, - "AttributeMapping" : { - "type" : "object" - }, - "ProviderDetails" : { - "type" : "object" + "ProviderName" : { + "type" : "string" }, "ProviderType" : { "type" : "string" }, - "Id" : { - "type" : "string" + "ProviderDetails" : { + "type" : "object", + "patternProperties" : { + "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" : { + "type" : "string" + } + }, + "additionalProperties" : false }, "IdpIdentifiers" : { "type" : "array", - "uniqueItems" : false, "items" : { "type" : "string" } + }, + "AttributeMapping" : { + "type" : "object", + "patternProperties" : { + "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$" : { + "type" : "string" + } + }, + "additionalProperties" : false } }, - "required" : [ "ProviderName", "UserPoolId", "ProviderType" ], + "additionalProperties" : false, + "required" : [ "UserPoolId", "ProviderName", "ProviderType", "ProviderDetails" ], "createOnlyProperties" : [ "/properties/UserPoolId", "/properties/ProviderName", "/properties/ProviderType" ], - "primaryIdentifier" : [ "/properties/Id" ], - "readOnlyProperties" : [ "/properties/Id" ] + "primaryIdentifier" : [ "/properties/UserPoolId", "/properties/ProviderName" ], + "handlers" : { + "create" : { + "permissions" : [ "cognito-idp:CreateIdentityProvider", "cognito-idp:DescribeIdentityProvider" ], + "timeoutInMinutes" : 2 + }, + "read" : { + "permissions" : [ "cognito-idp:DescribeIdentityProvider" ] + }, + "update" : { + "permissions" : [ "cognito-idp:UpdateIdentityProvider", "cognito-idp:DescribeIdentityProvider" ], + "timeoutInMinutes" : 2 + }, + "delete" : { + "permissions" : [ "cognito-idp:DeleteIdentityProvider", "cognito-idp:DescribeIdentityProvider" ], + "timeoutInMinutes" : 2 + }, + "list" : { + "handlerSchema" : { + "properties" : { + "UserPoolId" : { + "$ref" : "resource-schema.json#/properties/UserPoolId" + } + }, + "required" : [ "UserPoolId" ] + }, + "permissions" : [ "cognito-idp:ListIdentityProviders" ] + } + } } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-dynamodb-table.json b/aws-cloudformation-schema/aws-dynamodb-table.json index aede45951c..c50e330e52 100644 --- a/aws-cloudformation-schema/aws-dynamodb-table.json +++ b/aws-cloudformation-schema/aws-dynamodb-table.json @@ -1,5 +1,6 @@ { "tagging" : { + "permissions" : [ "dynamodb:TagResource", "dynamodb:UntagResource", "dynamodb:ListTagsOfResource" ], "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, diff --git a/aws-cloudformation-schema/aws-ec2-capacityreservation.json b/aws-cloudformation-schema/aws-ec2-capacityreservation.json index 33a6140f41..36f1ad7ff3 100644 --- a/aws-cloudformation-schema/aws-ec2-capacityreservation.json +++ b/aws-cloudformation-schema/aws-ec2-capacityreservation.json @@ -55,6 +55,9 @@ }, "InstanceMatchCriteria" : { "type" : "string" + }, + "UnusedReservationBillingOwnerId" : { + "type" : "string" } }, "definitions" : { @@ -93,6 +96,7 @@ "createOnlyProperties" : [ "/properties/Tenancy", "/properties/InstancePlatform", "/properties/InstanceType", "/properties/AvailabilityZone", "/properties/TagSpecifications", "/properties/OutPostArn", "/properties/EphemeralStorage", "/properties/EbsOptimized", "/properties/PlacementGroupArn" ], "primaryIdentifier" : [ "/properties/Id" ], "readOnlyProperties" : [ "/properties/Id", "/properties/AvailableInstanceCount", "/properties/TotalInstanceCount" ], + "writeOnlyProperties" : [ "/properties/UnusedReservationBillingOwnerId" ], "handlers" : { "create" : { "permissions" : [ "ec2:CreateCapacityReservation", "ec2:DescribeCapacityReservations", "ec2:CancelCapacityReservation", "ec2:CreateTags" ] @@ -107,7 +111,7 @@ "permissions" : [ "ec2:DescribeCapacityReservations" ] }, "update" : { - "permissions" : [ "ec2:ModifyCapacityReservation", "ec2:CreateCapacityReservation", "ec2:DescribeCapacityReservations", "ec2:CancelCapacityReservation", "ec2:CreateTags", "ec2:DeleteTags" ] + "permissions" : [ "ec2:ModifyCapacityReservation", "ec2:CreateCapacityReservation", "ec2:DescribeCapacityReservations", "ec2:CancelCapacityReservation", "ec2:AssociateCapacityReservationBillingOwner", "ec2:CreateTags", "ec2:DeleteTags" ] } } } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-ec2-carriergateway.json b/aws-cloudformation-schema/aws-ec2-carriergateway.json index b1ce4d6559..b35eb716eb 100644 --- a/aws-cloudformation-schema/aws-ec2-carriergateway.json +++ b/aws-cloudformation-schema/aws-ec2-carriergateway.json @@ -56,15 +56,23 @@ "createOnlyProperties" : [ "/properties/VpcId" ], "readOnlyProperties" : [ "/properties/CarrierGatewayId", "/properties/OwnerId", "/properties/State" ], "primaryIdentifier" : [ "/properties/CarrierGatewayId" ], + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : true, + "tagProperty" : "/properties/Tags", + "permissions" : [ "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags" ] + }, "handlers" : { "create" : { "permissions" : [ "ec2:CreateCarrierGateway", "ec2:DescribeCarrierGateways", "ec2:CreateTags" ] }, "read" : { - "permissions" : [ "ec2:DescribeCarrierGateways" ] + "permissions" : [ "ec2:DescribeCarrierGateways", "ec2:DescribeTags" ] }, "update" : { - "permissions" : [ "ec2:DescribeCarrierGateways", "ec2:CreateTags", "ec2:DeleteTags" ] + "permissions" : [ "ec2:DescribeCarrierGateways", "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags" ] }, "delete" : { "permissions" : [ "ec2:DeleteCarrierGateway", "ec2:DescribeCarrierGateways" ] diff --git a/aws-cloudformation-schema/aws-ec2-flowlog.json b/aws-cloudformation-schema/aws-ec2-flowlog.json index ef2163359b..ccee45d502 100644 --- a/aws-cloudformation-schema/aws-ec2-flowlog.json +++ b/aws-cloudformation-schema/aws-ec2-flowlog.json @@ -99,7 +99,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "ec2:CreateTags", "ec2:DeleteTags" ] }, "primaryIdentifier" : [ "/properties/Id" ], "handlers" : { diff --git a/aws-cloudformation-schema/aws-ec2-networkinterface.json b/aws-cloudformation-schema/aws-ec2-networkinterface.json index eeff8e4d9e..e7092a8332 100644 --- a/aws-cloudformation-schema/aws-ec2-networkinterface.json +++ b/aws-cloudformation-schema/aws-ec2-networkinterface.json @@ -206,7 +206,14 @@ "primaryIdentifier" : [ "/properties/Id" ], "readOnlyProperties" : [ "/properties/Id", "/properties/SecondaryPrivateIpAddresses", "/properties/PrimaryPrivateIpAddress", "/properties/PrimaryIpv6Address", "/properties/VpcId" ], "conditionalCreateOnlyProperties" : [ "/properties/PrivateIpAddresses", "/properties/EnablePrimaryIpv6", "/properties/ConnectionTrackingSpecification" ], - "taggable" : true, + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : true, + "tagProperty" : "/properties/Tags", + "permissions" : [ "ec2:CreateTags", "ec2:DeleteTags" ] + }, "handlers" : { "create" : { "permissions" : [ "ec2:CreateNetworkInterface", "ec2:DescribeNetworkInterfaces", "ec2:CreateTags", "ec2:ModifyNetworkInterfaceAttribute" ] diff --git a/aws-cloudformation-schema/aws-ec2-volume.json b/aws-cloudformation-schema/aws-ec2-volume.json index 983e938daf..2470d897ca 100644 --- a/aws-cloudformation-schema/aws-ec2-volume.json +++ b/aws-cloudformation-schema/aws-ec2-volume.json @@ -85,7 +85,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : false, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "ec2:CreateTags", "ec2:DeleteTags", "ec2:DescribeTags" ] }, "handlers" : { "create" : { diff --git a/aws-cloudformation-schema/aws-ec2-vpcendpoint.json b/aws-cloudformation-schema/aws-ec2-vpcendpoint.json index 292783589a..359038de93 100644 --- a/aws-cloudformation-schema/aws-ec2-vpcendpoint.json +++ b/aws-cloudformation-schema/aws-ec2-vpcendpoint.json @@ -62,7 +62,7 @@ "type" : "string" }, "PolicyDocument" : { - "description" : "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.", + "description" : "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``", "type" : [ "string", "object" ] }, "VpcEndpointType" : { diff --git a/aws-cloudformation-schema/aws-ecs-capacityprovider.json b/aws-cloudformation-schema/aws-ecs-capacityprovider.json index 1df3e93899..03fd82f844 100644 --- a/aws-cloudformation-schema/aws-ecs-capacityprovider.json +++ b/aws-cloudformation-schema/aws-ecs-capacityprovider.json @@ -3,7 +3,12 @@ "/properties/AutoScalingGroupProvider/AutoScalingGroupArn" : "$split(AutoScalingGroupProvider.AutoScalingGroupArn, \"autoScalingGroupName/\")[-1] $OR $split(AutoScalingGroupArn, \"autoScalingGroupName/\")[-1]" }, "tagging" : { - "taggable" : true + "permissions" : [ "ecs:TagResource", "ecs:UntagResource", "ecs:ListTagsForResource" ], + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "tagProperty" : "/properties/Tags", + "cloudFormationSystemTags" : true }, "handlers" : { "read" : { @@ -28,6 +33,27 @@ "additionalProperties" : false, "primaryIdentifier" : [ "/properties/Name" ], "definitions" : { + "AutoScalingGroupProvider" : { + "additionalProperties" : false, + "type" : "object", + "properties" : { + "ManagedScaling" : { + "$ref" : "#/definitions/ManagedScaling" + }, + "AutoScalingGroupArn" : { + "type" : "string" + }, + "ManagedTerminationProtection" : { + "type" : "string", + "enum" : [ "DISABLED", "ENABLED" ] + }, + "ManagedDraining" : { + "type" : "string", + "enum" : [ "DISABLED", "ENABLED" ] + } + }, + "required" : [ "AutoScalingGroupArn" ] + }, "ManagedScaling" : { "description" : "The managed scaling settings for the Auto Scaling group capacity provider.", "additionalProperties" : false, @@ -51,27 +77,6 @@ } } }, - "AutoScalingGroupProvider" : { - "additionalProperties" : false, - "type" : "object", - "properties" : { - "ManagedScaling" : { - "$ref" : "#/definitions/ManagedScaling" - }, - "AutoScalingGroupArn" : { - "type" : "string" - }, - "ManagedTerminationProtection" : { - "type" : "string", - "enum" : [ "DISABLED", "ENABLED" ] - }, - "ManagedDraining" : { - "type" : "string", - "enum" : [ "DISABLED", "ENABLED" ] - } - }, - "required" : [ "AutoScalingGroupArn" ] - }, "Tag" : { "additionalProperties" : false, "type" : "object", @@ -100,6 +105,5 @@ "Name" : { "type" : "string" } - }, - "required" : [ "AutoScalingGroupProvider" ] + } } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-ecs-service.json b/aws-cloudformation-schema/aws-ecs-service.json index 8f05db4960..618075de1b 100644 --- a/aws-cloudformation-schema/aws-ecs-service.json +++ b/aws-cloudformation-schema/aws-ecs-service.json @@ -223,7 +223,7 @@ "type" : "string" } }, - "description" : "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", + "description" : "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``.\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``", "additionalProperties" : false, "type" : "object" }, diff --git a/aws-cloudformation-schema/aws-elasticache-serverlesscache.json b/aws-cloudformation-schema/aws-elasticache-serverlesscache.json index 19dfe3d60d..e9ea160a95 100644 --- a/aws-cloudformation-schema/aws-elasticache-serverlesscache.json +++ b/aws-cloudformation-schema/aws-elasticache-serverlesscache.json @@ -194,12 +194,13 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : false, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "elasticache:AddTagsToResource", "elasticache:RemoveTagsFromResource" ] }, "additionalProperties" : false, "readOnlyProperties" : [ "/properties/FullEngineVersion", "/properties/CreateTime", "/properties/Status", "/properties/Endpoint/Address", "/properties/Endpoint/Port", "/properties/ReaderEndpoint/Address", "/properties/ReaderEndpoint/Port", "/properties/ARN" ], "writeOnlyProperties" : [ "/properties/SnapshotArnsToRestore", "/properties/FinalSnapshotName" ], - "createOnlyProperties" : [ "/properties/ServerlessCacheName", "/properties/Engine", "/properties/MajorEngineVersion", "/properties/KmsKeyId", "/properties/SnapshotArnsToRestore", "/properties/SubnetIds" ], + "createOnlyProperties" : [ "/properties/ServerlessCacheName", "/properties/KmsKeyId", "/properties/SnapshotArnsToRestore", "/properties/SubnetIds" ], "required" : [ "ServerlessCacheName", "Engine" ], "primaryIdentifier" : [ "/properties/ServerlessCacheName" ], "handlers" : { diff --git a/aws-cloudformation-schema/aws-iam-managedpolicy.json b/aws-cloudformation-schema/aws-iam-managedpolicy.json index f78d3fc011..3f36ab57b0 100644 --- a/aws-cloudformation-schema/aws-iam-managedpolicy.json +++ b/aws-cloudformation-schema/aws-iam-managedpolicy.json @@ -3,7 +3,6 @@ "description" : "Creates a new managed policy for your AWS-account.\n This operation creates a policy version with a version identifier of ``v1`` and sets v1 as the policy's default version. For more information about policy versions, see [Versioning for managed policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-versions.html) in the *IAM User Guide*.\n As a best practice, you can validate your IAM policies. To learn more, see [Validating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_policy-validator.html) in the *IAM User Guide*.\n For more information about managed policies in general, see [Managed policies and inline policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/policies-managed-vs-inline.html) in the *IAM User Guide*.", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-iam", "additionalProperties" : false, - "replacementStrategy" : "delete_then_create", "properties" : { "Description" : { "type" : "string", diff --git a/aws-cloudformation-schema/aws-imagebuilder-component.json b/aws-cloudformation-schema/aws-imagebuilder-component.json index 31d733bf44..a2643f3ecb 100644 --- a/aws-cloudformation-schema/aws-imagebuilder-component.json +++ b/aws-cloudformation-schema/aws-imagebuilder-component.json @@ -31,7 +31,7 @@ "Platform" : { "description" : "The platform of the component.", "type" : "string", - "enum" : [ "Windows", "Linux" ] + "enum" : [ "Windows", "Linux", "macOS" ] }, "Data" : { "description" : "The data of the component.", diff --git a/aws-cloudformation-schema/aws-imagebuilder-infrastructureconfiguration.json b/aws-cloudformation-schema/aws-imagebuilder-infrastructureconfiguration.json index a30f7259e0..d7a035c813 100644 --- a/aws-cloudformation-schema/aws-imagebuilder-infrastructureconfiguration.json +++ b/aws-cloudformation-schema/aws-imagebuilder-infrastructureconfiguration.json @@ -1,36 +1,113 @@ { + "typeName" : "AWS::ImageBuilder::InfrastructureConfiguration", + "description" : "Resource schema for AWS::ImageBuilder::InfrastructureConfiguration", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-imagebuilder.git", - "tagging" : { - "taggable" : false - }, - "handlers" : { - "read" : { - "permissions" : [ "imagebuilder:GetInfrastructureConfiguration" ] + "properties" : { + "Arn" : { + "description" : "The Amazon Resource Name (ARN) of the infrastructure configuration.", + "type" : "string" }, - "create" : { - "permissions" : [ "iam:PassRole", "iam:GetRole", "iam:GetInstanceProfile", "iam:CreateServiceLinkedRole", "sns:Publish", "imagebuilder:TagResource", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:CreateInfrastructureConfiguration" ] + "Name" : { + "description" : "The name of the infrastructure configuration.", + "type" : "string" }, - "update" : { - "permissions" : [ "iam:PassRole", "sns:Publish", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:UpdateInfrastructureConfiguration" ] + "Description" : { + "description" : "The description of the infrastructure configuration.", + "type" : "string" }, - "list" : { - "permissions" : [ "imagebuilder:ListInfrastructureConfigurations" ] + "InstanceTypes" : { + "description" : "The instance types of the infrastructure configuration.", + "type" : "array", + "insertionOrder" : true, + "items" : { + "type" : "string" + } }, - "delete" : { - "permissions" : [ "imagebuilder:UnTagResource", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:DeleteInfrastructureConfiguration" ] + "SecurityGroupIds" : { + "description" : "The security group IDs of the infrastructure configuration.", + "type" : "array", + "insertionOrder" : false, + "items" : { + "type" : "string" + } + }, + "Logging" : { + "description" : "The logging configuration of the infrastructure configuration.", + "$ref" : "#/definitions/Logging" + }, + "SubnetId" : { + "description" : "The subnet ID of the infrastructure configuration.", + "type" : "string" + }, + "KeyPair" : { + "description" : "The EC2 key pair of the infrastructure configuration..", + "type" : "string" + }, + "TerminateInstanceOnFailure" : { + "description" : "The terminate instance on failure configuration of the infrastructure configuration.", + "type" : "boolean" + }, + "InstanceProfileName" : { + "description" : "The instance profile of the infrastructure configuration.", + "type" : "string" + }, + "InstanceMetadataOptions" : { + "description" : "The instance metadata option settings for the infrastructure configuration.", + "$ref" : "#/definitions/InstanceMetadataOptions" + }, + "SnsTopicArn" : { + "description" : "The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration.", + "type" : "string" + }, + "ResourceTags" : { + "description" : "The tags attached to the resource created by Image Builder.", + "type" : "object", + "additionalProperties" : false, + "patternProperties" : { + ".{1,}" : { + "type" : "string" + } + } + }, + "Tags" : { + "description" : "The tags associated with the component.", + "type" : "object", + "additionalProperties" : false, + "patternProperties" : { + ".{1,}" : { + "type" : "string" + } + } + }, + "Placement" : { + "description" : "The placement option settings for the infrastructure configuration.", + "$ref" : "#/definitions/Placement" } }, - "typeName" : "AWS::ImageBuilder::InfrastructureConfiguration", - "readOnlyProperties" : [ "/properties/Arn" ], - "description" : "Resource schema for AWS::ImageBuilder::InfrastructureConfiguration", - "createOnlyProperties" : [ "/properties/Name" ], - "additionalProperties" : false, - "primaryIdentifier" : [ "/properties/Arn" ], "definitions" : { + "TagMap" : { + "description" : "TagMap", + "type" : "object", + "additionalProperties" : false, + "properties" : { + "TagKey" : { + "description" : "TagKey", + "type" : "string", + "minLength" : 1, + "maxLength" : 128 + }, + "TagValue" : { + "description" : "TagValue", + "type" : "string", + "minLength" : 1, + "maxLength" : 256 + } + } + }, "Logging" : { "description" : "The logging configuration of the infrastructure configuration.", - "additionalProperties" : false, "type" : "object", + "additionalProperties" : false, "properties" : { "S3Logs" : { "$ref" : "#/definitions/S3Logs" @@ -39,8 +116,8 @@ }, "InstanceMetadataOptions" : { "description" : "The instance metadata option settings for the infrastructure configuration.", - "additionalProperties" : false, "type" : "object", + "additionalProperties" : false, "properties" : { "HttpPutResponseHopLimit" : { "description" : "Limit the number of hops that an instance metadata request can traverse to reach its destination.", @@ -55,116 +132,67 @@ }, "S3Logs" : { "description" : "The S3 path in which to store the logs.", - "additionalProperties" : false, "type" : "object", + "additionalProperties" : false, "properties" : { - "S3KeyPrefix" : { - "description" : "S3KeyPrefix", - "type" : "string" - }, "S3BucketName" : { "description" : "S3BucketName", "type" : "string" + }, + "S3KeyPrefix" : { + "description" : "S3KeyPrefix", + "type" : "string" } } }, - "TagMap" : { - "description" : "TagMap", - "additionalProperties" : false, + "Placement" : { + "description" : "The placement options", "type" : "object", + "additionalProperties" : false, "properties" : { - "TagKey" : { - "minLength" : 1, - "description" : "TagKey", - "type" : "string", - "maxLength" : 128 + "AvailabilityZone" : { + "description" : "AvailabilityZone", + "type" : "string" }, - "TagValue" : { - "minLength" : 1, - "description" : "TagValue", + "Tenancy" : { + "description" : "Tenancy", "type" : "string", - "maxLength" : 256 + "enum" : [ "default", "dedicated", "host" ] + }, + "HostId" : { + "description" : "HostId", + "type" : "string" + }, + "HostResourceGroupArn" : { + "description" : "HostResourceGroupArn", + "type" : "string" } } } }, "required" : [ "Name", "InstanceProfileName" ], - "properties" : { - "Logging" : { - "description" : "The logging configuration of the infrastructure configuration.", - "$ref" : "#/definitions/Logging" - }, - "KeyPair" : { - "description" : "The EC2 key pair of the infrastructure configuration..", - "type" : "string" - }, - "Description" : { - "description" : "The description of the infrastructure configuration.", - "type" : "string" - }, - "InstanceProfileName" : { - "description" : "The instance profile of the infrastructure configuration.", - "type" : "string" - }, - "ResourceTags" : { - "patternProperties" : { - ".{1,}" : { - "type" : "string" - } - }, - "description" : "The tags attached to the resource created by Image Builder.", - "additionalProperties" : false, - "type" : "object" - }, - "TerminateInstanceOnFailure" : { - "description" : "The terminate instance on failure configuration of the infrastructure configuration.", - "type" : "boolean" - }, - "SubnetId" : { - "description" : "The subnet ID of the infrastructure configuration.", - "type" : "string" - }, - "SecurityGroupIds" : { - "description" : "The security group IDs of the infrastructure configuration.", - "insertionOrder" : false, - "type" : "array", - "items" : { - "type" : "string" - } - }, - "Name" : { - "description" : "The name of the infrastructure configuration.", - "type" : "string" - }, - "InstanceMetadataOptions" : { - "description" : "The instance metadata option settings for the infrastructure configuration.", - "$ref" : "#/definitions/InstanceMetadataOptions" + "primaryIdentifier" : [ "/properties/Arn" ], + "readOnlyProperties" : [ "/properties/Arn" ], + "createOnlyProperties" : [ "/properties/Name" ], + "tagging" : { + "taggable" : false + }, + "handlers" : { + "create" : { + "permissions" : [ "iam:PassRole", "iam:GetRole", "iam:GetInstanceProfile", "iam:CreateServiceLinkedRole", "sns:Publish", "imagebuilder:TagResource", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:CreateInfrastructureConfiguration" ] }, - "InstanceTypes" : { - "description" : "The instance types of the infrastructure configuration.", - "insertionOrder" : true, - "type" : "array", - "items" : { - "type" : "string" - } + "update" : { + "permissions" : [ "iam:PassRole", "sns:Publish", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:UpdateInfrastructureConfiguration" ] }, - "SnsTopicArn" : { - "description" : "The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration.", - "type" : "string" + "read" : { + "permissions" : [ "imagebuilder:GetInfrastructureConfiguration" ] }, - "Arn" : { - "description" : "The Amazon Resource Name (ARN) of the infrastructure configuration.", - "type" : "string" + "delete" : { + "permissions" : [ "imagebuilder:UnTagResource", "imagebuilder:GetInfrastructureConfiguration", "imagebuilder:DeleteInfrastructureConfiguration" ] }, - "Tags" : { - "patternProperties" : { - ".{1,}" : { - "type" : "string" - } - }, - "description" : "The tags associated with the component.", - "additionalProperties" : false, - "type" : "object" + "list" : { + "permissions" : [ "imagebuilder:ListInfrastructureConfigurations" ] } - } + }, + "additionalProperties" : false } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-inspectorv2-cisscanconfiguration.json b/aws-cloudformation-schema/aws-inspectorv2-cisscanconfiguration.json index 4886f1aecf..c70d173074 100644 --- a/aws-cloudformation-schema/aws-inspectorv2-cisscanconfiguration.json +++ b/aws-cloudformation-schema/aws-inspectorv2-cisscanconfiguration.json @@ -98,7 +98,7 @@ "maxItems" : 10000, "items" : { "type" : "string", - "pattern" : "^\\d{12}|ALL_MEMBERS|SELF$" + "pattern" : "^\\d{12}|ALL_ACCOUNTS|SELF$" }, "uniqueItems" : true }, diff --git a/aws-cloudformation-schema/aws-iot-topicrule.json b/aws-cloudformation-schema/aws-iot-topicrule.json index 1027527f9f..07d85717f3 100644 --- a/aws-cloudformation-schema/aws-iot-topicrule.json +++ b/aws-cloudformation-schema/aws-iot-topicrule.json @@ -826,7 +826,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "iot:UntagResource", "iot:TagResource", "iot:ListTagsForResource" ] }, "required" : [ "TopicRulePayload" ], "createOnlyProperties" : [ "/properties/RuleName" ], diff --git a/aws-cloudformation-schema/aws-ivs-encoderconfiguration.json b/aws-cloudformation-schema/aws-ivs-encoderconfiguration.json index 4e8cb0becd..16074351e4 100644 --- a/aws-cloudformation-schema/aws-ivs-encoderconfiguration.json +++ b/aws-cloudformation-schema/aws-ivs-encoderconfiguration.json @@ -52,16 +52,16 @@ "default" : 30 }, "Height" : { - "description" : "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", + "description" : "Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "type" : "integer", - "minimum" : 1, + "minimum" : 2, "maximum" : 1920, "default" : 720 }, "Width" : { - "description" : "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", + "description" : "Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", "type" : "integer", - "minimum" : 1, + "minimum" : 2, "maximum" : 1920, "default" : 1280 } diff --git a/aws-cloudformation-schema/aws-lambda-function.json b/aws-cloudformation-schema/aws-lambda-function.json index b244841c69..48af6a1979 100644 --- a/aws-cloudformation-schema/aws-lambda-function.json +++ b/aws-cloudformation-schema/aws-lambda-function.json @@ -256,7 +256,7 @@ "type" : "object", "properties" : { "Arn" : { - "pattern" : "^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}$", + "pattern" : "^arn:aws[a-zA-Z-]*:elasticfilesystem:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:access-point/fsap-[a-f0-9]{17}$", "description" : "The Amazon Resource Name (ARN) of the Amazon EFS access point that provides access to the file system.", "type" : "string", "maxLength" : 200 @@ -361,7 +361,7 @@ "enum" : [ "Image", "Zip" ] }, "CodeSigningConfigArn" : { - "pattern" : "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso(b?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}", + "pattern" : "arn:(aws[a-zA-Z-]*)?:lambda:[a-z]{2}((-gov)|(-iso([a-z]?)))?-[a-z]+-\\d{1}:\\d{12}:code-signing-config:csc-[a-z0-9]{17}", "description" : "To enable code signing for this function, specify the ARN of a code-signing configuration. A code-signing configuration includes a set of signing profiles, which define the trusted publishers for this function.", "type" : "string" }, diff --git a/aws-cloudformation-schema/aws-location-apikey.json b/aws-cloudformation-schema/aws-location-apikey.json index 0a8bf78163..46a6e0a8e1 100644 --- a/aws-cloudformation-schema/aws-location-apikey.json +++ b/aws-cloudformation-schema/aws-location-apikey.json @@ -11,7 +11,7 @@ "type" : "string", "maxLength" : 200, "minLength" : 5, - "pattern" : "^geo:\\w*\\*?$" + "pattern" : "^(geo|geo-routes|geo-places|geo-maps):\\w*\\*?$" }, "maxItems" : 24, "minItems" : 1, @@ -146,13 +146,13 @@ "primaryIdentifier" : [ "/properties/KeyName" ], "handlers" : { "create" : { - "permissions" : [ "geo:CreateKey", "geo:DescribeKey", "geo:TagResource", "geo:UntagResource", "geo:GetMapTile", "geo:GetMapStyleDescriptor", "geo:GetMapSprites", "geo:GetMapGlyphs", "geo:SearchPlaceIndexForText", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:GetPlace", "geo:CalculateRoute", "geo:CalculateRouteMatrix" ] + "permissions" : [ "geo:CreateKey", "geo:DescribeKey", "geo:TagResource", "geo:UntagResource", "geo:GetMapTile", "geo:GetMapStyleDescriptor", "geo:GetMapSprites", "geo:GetMapGlyphs", "geo:SearchPlaceIndexForText", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:GetPlace", "geo:CalculateRoute", "geo:CalculateRouteMatrix", "geo-maps:GetTile", "geo-maps:GetStaticMap", "geo-places:Autocomplete", "geo-places:Geocode", "geo-places:GetPlace", "geo-places:ReverseGeocode", "geo-places:SearchNearby", "geo-places:SearchText", "geo-places:Suggest", "geo-routes:CalculateIsolines", "geo-routes:CalculateRouteMatrix", "geo-routes:CalculateRoutes", "geo-routes:OptimizeWaypoints", "geo-routes:SnapToRoads" ] }, "read" : { "permissions" : [ "geo:DescribeKey" ] }, "update" : { - "permissions" : [ "geo:CreateKey", "geo:DescribeKey", "geo:TagResource", "geo:UntagResource", "geo:GetMapTile", "geo:GetMapStyleDescriptor", "geo:GetMapSprites", "geo:GetMapGlyphs", "geo:SearchPlaceIndexForText", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:GetPlace", "geo:CalculateRoute", "geo:CalculateRouteMatrix", "geo:UpdateKey" ] + "permissions" : [ "geo:CreateKey", "geo:DescribeKey", "geo:TagResource", "geo:UntagResource", "geo:GetMapTile", "geo:GetMapStyleDescriptor", "geo:GetMapSprites", "geo:GetMapGlyphs", "geo:SearchPlaceIndexForText", "geo:SearchPlaceIndexForPosition", "geo:SearchPlaceIndexForSuggestions", "geo:GetPlace", "geo:CalculateRoute", "geo:CalculateRouteMatrix", "geo-maps:GetTile", "geo-maps:GetStaticMap", "geo-places:Autocomplete", "geo-places:Geocode", "geo-places:GetPlace", "geo-places:ReverseGeocode", "geo-places:SearchNearby", "geo-places:SearchText", "geo-places:Suggest", "geo-routes:CalculateIsolines", "geo-routes:CalculateRouteMatrix", "geo-routes:CalculateRoutes", "geo-routes:OptimizeWaypoints", "geo-routes:SnapToRoads", "geo:UpdateKey" ] }, "delete" : { "permissions" : [ "geo:DeleteKey", "geo:DescribeKey" ] diff --git a/aws-cloudformation-schema/aws-memorydb-cluster.json b/aws-cloudformation-schema/aws-memorydb-cluster.json index f44b247d2a..74e0d49441 100644 --- a/aws-cloudformation-schema/aws-memorydb-cluster.json +++ b/aws-cloudformation-schema/aws-memorydb-cluster.json @@ -2,7 +2,6 @@ "typeName" : "AWS::MemoryDB::Cluster", "description" : "The AWS::MemoryDB::Cluster resource creates an Amazon MemoryDB Cluster.", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-memorydb", - "taggable" : true, "definitions" : { "Endpoint" : { "type" : "object", @@ -155,6 +154,10 @@ "description" : "The Amazon Resource Name (ARN) of the cluster.", "type" : "string" }, + "Engine" : { + "description" : "The engine type used by the cluster.", + "type" : "string" + }, "EngineVersion" : { "description" : "The Redis engine version used by the cluster.", "type" : "string" @@ -178,6 +181,14 @@ } } }, + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : true, + "tagProperty" : "/properties/Tags", + "permissions" : [ "memorydb:TagResource", "memorydb:ListTags", "memorydb:UntagResource" ] + }, "additionalProperties" : false, "readOnlyProperties" : [ "/properties/Status", "/properties/ClusterEndpoint/Address", "/properties/ClusterEndpoint/Port", "/properties/ARN", "/properties/ParameterGroupStatus" ], "required" : [ "ClusterName", "NodeType", "ACLName" ], diff --git a/aws-cloudformation-schema/aws-msk-vpcconnection.json b/aws-cloudformation-schema/aws-msk-vpcconnection.json index d47faefac8..0c4eec27db 100644 --- a/aws-cloudformation-schema/aws-msk-vpcconnection.json +++ b/aws-cloudformation-schema/aws-msk-vpcconnection.json @@ -77,7 +77,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "kafka:TagResource", "kafka:UntagResource", "kafka:ListTagsForResource" ] }, "handlers" : { "create" : { diff --git a/aws-cloudformation-schema/aws-oam-link.json b/aws-cloudformation-schema/aws-oam-link.json index 94f4d21919..9e25bf833a 100644 --- a/aws-cloudformation-schema/aws-oam-link.json +++ b/aws-cloudformation-schema/aws-oam-link.json @@ -81,7 +81,9 @@ "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, - "cloudFormationSystemTags" : false + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "oam:ListTagsForResource", "oam:UntagResource", "oam:TagResource" ] }, "required" : [ "ResourceTypes", "SinkIdentifier" ], "readOnlyProperties" : [ "/properties/Arn", "/properties/Label" ], diff --git a/aws-cloudformation-schema/aws-oam-sink.json b/aws-cloudformation-schema/aws-oam-sink.json index ffd07af0f2..ad8dd78707 100644 --- a/aws-cloudformation-schema/aws-oam-sink.json +++ b/aws-cloudformation-schema/aws-oam-sink.json @@ -37,7 +37,9 @@ "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, - "cloudFormationSystemTags" : false + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "oam:ListTagsForResource", "oam:UntagResource", "oam:TagResource" ] }, "required" : [ "Name" ], "additionalProperties" : false, diff --git a/aws-cloudformation-schema/aws-pcaconnectorad-connector.json b/aws-cloudformation-schema/aws-pcaconnectorad-connector.json index dc5a2c2f78..599b6353ba 100644 --- a/aws-cloudformation-schema/aws-pcaconnectorad-connector.json +++ b/aws-cloudformation-schema/aws-pcaconnectorad-connector.json @@ -61,21 +61,21 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:TagResource", "pca-connector-ad:UntagResource" ] }, "readOnlyProperties" : [ "/properties/ConnectorArn" ], - "writeOnlyProperties" : [ "/properties/CertificateAuthorityArn", "/properties/DirectoryId", "/properties/Tags", "/properties/VpcInformation" ], "createOnlyProperties" : [ "/properties/CertificateAuthorityArn", "/properties/DirectoryId", "/properties/VpcInformation" ], "primaryIdentifier" : [ "/properties/ConnectorArn" ], "handlers" : { "create" : { - "permissions" : [ "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:IssueCertificate", "ds:DescribeDirectories", "ec2:CreateTags", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "pca-connector-ad:CreateConnector", "pca-connector-ad:GetConnector" ] + "permissions" : [ "acm-pca:DescribeCertificateAuthority", "acm-pca:GetCertificateAuthorityCertificate", "acm-pca:GetCertificate", "acm-pca:IssueCertificate", "ds:DescribeDirectories", "ec2:CreateTags", "ec2:CreateVpcEndpoint", "ec2:DescribeVpcEndpoints", "pca-connector-ad:CreateConnector", "pca-connector-ad:GetConnector", "pca-connector-ad:TagResource" ] }, "read" : { "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:GetConnector" ] }, "delete" : { - "permissions" : [ "pca-connector-ad:GetConnector", "pca-connector-ad:DeleteConnector", "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcEndpoints" ] + "permissions" : [ "ec2:DeleteVpcEndpoints", "ec2:DescribeVpcEndpoints", "pca-connector-ad:GetConnector", "pca-connector-ad:DeleteConnector", "pca-connector-ad:UntagResource" ] }, "list" : { "permissions" : [ "pca-connector-ad:ListConnectors" ] diff --git a/aws-cloudformation-schema/aws-pcaconnectorad-directoryregistration.json b/aws-cloudformation-schema/aws-pcaconnectorad-directoryregistration.json index 16c5545429..eb384f7cbd 100644 --- a/aws-cloudformation-schema/aws-pcaconnectorad-directoryregistration.json +++ b/aws-cloudformation-schema/aws-pcaconnectorad-directoryregistration.json @@ -33,21 +33,21 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:TagResource", "pca-connector-ad:UntagResource" ] }, "readOnlyProperties" : [ "/properties/DirectoryRegistrationArn" ], - "writeOnlyProperties" : [ "/properties/DirectoryId", "/properties/Tags" ], "createOnlyProperties" : [ "/properties/DirectoryId" ], "primaryIdentifier" : [ "/properties/DirectoryRegistrationArn" ], "handlers" : { "create" : { - "permissions" : [ "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:CreateDirectoryRegistration", "ds:AuthorizeApplication", "ds:DescribeDirectories" ] + "permissions" : [ "ds:AuthorizeApplication", "ds:DescribeDirectories", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:CreateDirectoryRegistration", "pca-connector-ad:TagResource" ] }, "read" : { - "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:GetDirectoryRegistration" ] + "permissions" : [ "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:ListTagsForResource" ] }, "delete" : { - "permissions" : [ "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:DeleteDirectoryRegistration", "ds:DescribeDirectories", "ds:UnauthorizeApplication", "ds:UpdateAuthorizedApplication" ] + "permissions" : [ "ds:DescribeDirectories", "ds:UnauthorizeApplication", "ds:UpdateAuthorizedApplication", "pca-connector-ad:GetDirectoryRegistration", "pca-connector-ad:DeleteDirectoryRegistration", "pca-connector-ad:UntagResource" ] }, "list" : { "permissions" : [ "pca-connector-ad:ListDirectoryRegistrations" ] diff --git a/aws-cloudformation-schema/aws-pcaconnectorad-template.json b/aws-cloudformation-schema/aws-pcaconnectorad-template.json index 3a26e07886..87453dd693 100644 --- a/aws-cloudformation-schema/aws-pcaconnectorad-template.json +++ b/aws-cloudformation-schema/aws-pcaconnectorad-template.json @@ -781,15 +781,16 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:TagResource", "pca-connector-ad:UntagResource" ] }, "readOnlyProperties" : [ "/properties/TemplateArn" ], - "writeOnlyProperties" : [ "/properties/ConnectorArn", "/properties/Definition", "/properties/Name", "/properties/ReenrollAllCertificateHolders", "/properties/Tags" ], + "writeOnlyProperties" : [ "/properties/ReenrollAllCertificateHolders" ], "createOnlyProperties" : [ "/properties/ConnectorArn", "/properties/Name" ], "primaryIdentifier" : [ "/properties/TemplateArn" ], "handlers" : { "create" : { - "permissions" : [ "pca-connector-ad:CreateTemplate" ] + "permissions" : [ "pca-connector-ad:CreateTemplate", "pca-connector-ad:TagResource" ] }, "read" : { "permissions" : [ "pca-connector-ad:GetTemplate", "pca-connector-ad:ListTagsForResource" ] @@ -798,7 +799,7 @@ "permissions" : [ "pca-connector-ad:ListTagsForResource", "pca-connector-ad:TagResource", "pca-connector-ad:UntagResource", "pca-connector-ad:UpdateTemplate" ] }, "delete" : { - "permissions" : [ "pca-connector-ad:GetTemplate", "pca-connector-ad:DeleteTemplate" ] + "permissions" : [ "pca-connector-ad:GetTemplate", "pca-connector-ad:DeleteTemplate", "pca-connector-ad:UntagResource" ] }, "list" : { "handlerSchema" : { diff --git a/aws-cloudformation-schema/aws-proton-environmentaccountconnection.json b/aws-cloudformation-schema/aws-proton-environmentaccountconnection.json index eed5a561bd..7916c75442 100644 --- a/aws-cloudformation-schema/aws-proton-environmentaccountconnection.json +++ b/aws-cloudformation-schema/aws-proton-environmentaccountconnection.json @@ -116,6 +116,7 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "proton:ListTagsForResource", "proton:UntagResource", "proton:TagResource" ] } } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-proton-environmenttemplate.json b/aws-cloudformation-schema/aws-proton-environmenttemplate.json index 6b2f6e651e..e7a1b9c6f4 100644 --- a/aws-cloudformation-schema/aws-proton-environmenttemplate.json +++ b/aws-cloudformation-schema/aws-proton-environmenttemplate.json @@ -77,16 +77,16 @@ "additionalIdentifiers" : [ [ "/properties/Name" ] ], "handlers" : { "create" : { - "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:TagResource", "proton:GetEnvironmentTemplate", "kms:*" ] + "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:DeleteEnvironmentTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:GetEnvironmentTemplate", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "read" : { - "permissions" : [ "proton:GetEnvironmentTemplate", "proton:ListTagsForResource", "kms:*" ] + "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:DeleteEnvironmentTemplate", "proton:ListTagsForResource", "proton:GetEnvironmentTemplate", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "update" : { - "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:UntagResource", "proton:UpdateEnvironmentTemplate", "proton:GetEnvironmentTemplate", "kms:*" ] + "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:DeleteEnvironmentTemplate", "proton:GetEnvironmentTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:UpdateEnvironmentTemplate", "proton:UntagResource", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "delete" : { - "permissions" : [ "proton:DeleteEnvironmentTemplate", "proton:GetEnvironmentTemplate", "kms:*" ] + "permissions" : [ "proton:CreateEnvironmentTemplate", "proton:DeleteEnvironmentTemplate", "proton:GetEnvironmentTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:UntagResource", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "list" : { "permissions" : [ "proton:ListEnvironmentTemplates" ] @@ -98,7 +98,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "proton:ListTagsForResource", "proton:UntagResource", "proton:TagResource" ] }, "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-proton" } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-proton-servicetemplate.json b/aws-cloudformation-schema/aws-proton-servicetemplate.json index ac6d2e11c6..84a35a24b7 100644 --- a/aws-cloudformation-schema/aws-proton-servicetemplate.json +++ b/aws-cloudformation-schema/aws-proton-servicetemplate.json @@ -80,16 +80,16 @@ "additionalIdentifiers" : [ [ "/properties/Name" ] ], "handlers" : { "create" : { - "permissions" : [ "proton:CreateServiceTemplate", "proton:TagResource", "kms:*", "proton:GetServiceTemplate" ] + "permissions" : [ "proton:CreateServiceTemplate", "proton:TagResource", "proton:GetServiceTemplate", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "read" : { - "permissions" : [ "proton:GetServiceTemplate", "proton:ListTagsForResource", "kms:*" ] + "permissions" : [ "proton:GetServiceTemplate", "proton:ListTagsForResource", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "update" : { - "permissions" : [ "proton:GetServiceTemplate", "proton:CreateServiceTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:UntagResource", "proton:UpdateServiceTemplate", "kms:*" ] + "permissions" : [ "proton:GetServiceTemplate", "proton:CreateServiceTemplate", "proton:ListTagsForResource", "proton:TagResource", "proton:UntagResource", "proton:UpdateServiceTemplate", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "delete" : { - "permissions" : [ "proton:DeleteServiceTemplate", "proton:UntagResource", "kms:*", "proton:GetServiceTemplate" ] + "permissions" : [ "proton:DeleteServiceTemplate", "proton:UntagResource", "proton:GetServiceTemplate", "kms:CancelKeyDeletion", "kms:CreateAlias", "kms:CreateCustomKeyStore", "kms:CreateGrant", "kms:CreateKey", "kms:DeleteAlias", "kms:DeleteCustomKeyStore", "kms:DeleteImportedKeyMaterial", "kms:DescribeCustomKeyStores", "kms:DescribeKey", "kms:DisableKey", "kms:DisableKeyRotation", "kms:EnableKey", "kms:EnableKeyRotation", "kms:GenerateDataKey", "kms:GetKeyPolicy", "kms:GetKeyRotationStatus", "kms:GetParametersForImport", "kms:GetPublicKey", "kms:ListAliases", "kms:ListGrants", "kms:ListKeyPolicies", "kms:ListKeyRotations", "kms:ListKeys", "kms:ListResourceTags", "kms:ListRetirableGrants", "kms:PutKeyPolicy", "kms:RevokeGrant", "kms:ScheduleKeyDeletion", "kms:TagResource", "kms:UntagResource", "kms:UpdateAlias", "kms:UpdateCustomKeyStore", "kms:UpdateKeyDescription", "kms:UpdatePrimaryRegion" ] }, "list" : { "permissions" : [ "proton:ListServiceTemplates" ] @@ -101,7 +101,8 @@ "tagOnCreate" : true, "tagUpdatable" : true, "cloudFormationSystemTags" : true, - "tagProperty" : "/properties/Tags" + "tagProperty" : "/properties/Tags", + "permissions" : [ "proton:ListTagsForResource", "proton:UntagResource", "proton:TagResource" ] }, "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-proton" } \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-redshift-integration.json b/aws-cloudformation-schema/aws-redshift-integration.json new file mode 100644 index 0000000000..9509001d1f --- /dev/null +++ b/aws-cloudformation-schema/aws-redshift-integration.json @@ -0,0 +1,134 @@ +{ + "typeName" : "AWS::Redshift::Integration", + "description" : "Integration from a source AWS service to a Redshift cluster", + "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", + "properties" : { + "IntegrationArn" : { + "type" : "string", + "description" : "The Amazon Resource Name (ARN) of the integration." + }, + "IntegrationName" : { + "description" : "The name of the integration.", + "type" : "string", + "minLength" : 1, + "maxLength" : 64 + }, + "SourceArn" : { + "type" : "string", + "description" : "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable" + }, + "TargetArn" : { + "type" : "string", + "description" : "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf" + }, + "Tags" : { + "type" : "array", + "maxItems" : 50, + "uniqueItems" : true, + "insertionOrder" : false, + "description" : "An array of key-value pairs to apply to this resource.", + "items" : { + "$ref" : "#/definitions/Tag" + } + }, + "CreateTime" : { + "type" : "string", + "description" : "The time (UTC) when the integration was created." + }, + "KMSKeyId" : { + "type" : "string", + "description" : "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used.", + "anyOf" : [ { + "relationshipRef" : { + "typeName" : "AWS::KMS::Key", + "propertyPath" : "/properties/Arn" + } + }, { + "relationshipRef" : { + "typeName" : "AWS::KMS::Key", + "propertyPath" : "/properties/KeyId" + } + } ] + }, + "AdditionalEncryptionContext" : { + "$ref" : "#/definitions/EncryptionContextMap" + } + }, + "required" : [ "SourceArn", "TargetArn" ], + "definitions" : { + "Tags" : { + "type" : "array", + "maxItems" : 50, + "uniqueItems" : true, + "insertionOrder" : false, + "description" : "An array of key-value pairs to apply to this resource.", + "items" : { + "$ref" : "#/definitions/Tag" + } + }, + "Tag" : { + "description" : "A key-value pair to associate with a resource.", + "type" : "object", + "additionalProperties" : false, + "properties" : { + "Key" : { + "type" : "string", + "description" : "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "minLength" : 1, + "maxLength" : 128 + }, + "Value" : { + "type" : "string", + "description" : "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. ", + "minLength" : 0, + "maxLength" : 256 + } + }, + "required" : [ "Key" ] + }, + "EncryptionContextMap" : { + "type" : "object", + "patternProperties" : { + "^[\\s\\S]*$" : { + "type" : "string", + "maxLength" : 131072, + "minLength" : 0 + } + }, + "description" : "An optional set of non-secret key–value pairs that contains additional contextual information about the data.", + "additionalProperties" : false + } + }, + "propertyTransform" : { + "/properties/KmsKeyId" : "$join([\"arn:(aws)[-]{0,1}[a-z]{0,2}[-]{0,1}[a-z]{0,3}:kms:[a-z]{2}[-]{1}[a-z]{3,10}[-]{0,1}[a-z]{0,10}[-]{1}[1-3]{1}:[0-9]{12}[:]{1}key\\/\", KmsKeyId])" + }, + "createOnlyProperties" : [ "/properties/SourceArn", "/properties/TargetArn", "/properties/KMSKeyId", "/properties/AdditionalEncryptionContext" ], + "readOnlyProperties" : [ "/properties/IntegrationArn", "/properties/CreateTime" ], + "primaryIdentifier" : [ "/properties/IntegrationArn" ], + "handlers" : { + "create" : { + "permissions" : [ "redshift:CreateIntegration", "redshift:DescribeIntegrations", "redshift:CreateTags", "redshift:DescribeTags", "redshift:DescribeClusters", "kms:CreateGrant", "kms:DescribeKey", "redshift:CreateInboundIntegration" ] + }, + "read" : { + "permissions" : [ "redshift:DescribeIntegrations", "redshift:DescribeTags" ] + }, + "update" : { + "permissions" : [ "redshift:DescribeIntegrations", "redshift:ModifyIntegration", "redshift:CreateTags", "redshift:DeleteTags", "redshift:DescribeClusters", "redshift:DescribeTags" ] + }, + "delete" : { + "permissions" : [ "redshift:DeleteTags", "redshift:DeleteIntegration", "redshift:DescribeIntegrations" ] + }, + "list" : { + "permissions" : [ "redshift:DescribeTags", "redshift:DescribeIntegrations" ] + } + }, + "tagging" : { + "taggable" : true, + "tagOnCreate" : true, + "tagUpdatable" : true, + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "redshift:CreateTags", "redshift:DeleteTags", "redshift:DescribeTags" ] + }, + "additionalProperties" : false +} \ No newline at end of file diff --git a/aws-cloudformation-schema/aws-s3-accessgrant.json b/aws-cloudformation-schema/aws-s3-accessgrant.json index db85cbc57c..4b5da7fa9f 100644 --- a/aws-cloudformation-schema/aws-s3-accessgrant.json +++ b/aws-cloudformation-schema/aws-s3-accessgrant.json @@ -1,7 +1,7 @@ { "typeName" : "AWS::S3::AccessGrant", "description" : "The AWS::S3::AccessGrant resource is an Amazon S3 resource type representing permissions to a specific S3 bucket or prefix hosted in an S3 Access Grants instance.", - "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-s3", + "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-rpdk.git", "definitions" : { "Grantee" : { "type" : "object", @@ -101,21 +101,23 @@ }, "required" : [ "Grantee", "Permission", "AccessGrantsLocationId" ], "createOnlyProperties" : [ "/properties/S3PrefixType", "/properties/Tags" ], - "writeOnlyProperties" : [ "/properties/Tags", "/properties/S3PrefixType" ], + "writeOnlyProperties" : [ "/properties/S3PrefixType" ], "readOnlyProperties" : [ "/properties/AccessGrantId", "/properties/AccessGrantArn", "/properties/GrantScope" ], "primaryIdentifier" : [ "/properties/AccessGrantId" ], "tagging" : { "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, - "tagProperty" : "/properties/Tags" + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "s3:UntagResource", "s3:TagResource", "s3:ListTagsForResource" ] }, "handlers" : { "create" : { "permissions" : [ "s3:CreateAccessGrant", "s3:TagResource" ] }, "read" : { - "permissions" : [ "s3:GetAccessGrant" ] + "permissions" : [ "s3:GetAccessGrant", "s3:ListTagsForResource" ] }, "delete" : { "permissions" : [ "s3:DeleteAccessGrant" ] @@ -124,7 +126,7 @@ "permissions" : [ "s3:ListAccessGrants" ] }, "update" : { - "permissions" : [ "s3:TagResource" ] + "permissions" : [ "s3:TagResource", "s3:UntagResource" ] } }, "additionalProperties" : false diff --git a/aws-cloudformation-schema/aws-s3-accessgrantsinstance.json b/aws-cloudformation-schema/aws-s3-accessgrantsinstance.json index a7c692ca76..51bec0fbe0 100644 --- a/aws-cloudformation-schema/aws-s3-accessgrantsinstance.json +++ b/aws-cloudformation-schema/aws-s3-accessgrantsinstance.json @@ -58,20 +58,22 @@ "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, - "tagProperty" : "/properties/Tags" + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "s3:UntagResource", "s3:TagResource", "s3:ListTagsForResource" ] }, "handlers" : { "create" : { "permissions" : [ "s3:CreateAccessGrantsInstance", "s3:TagResource" ] }, "read" : { - "permissions" : [ "s3:GetAccessGrantsInstance" ] + "permissions" : [ "s3:GetAccessGrantsInstance", "s3:ListTagsForResource" ] }, "delete" : { "permissions" : [ "s3:DeleteAccessGrantsInstance" ] }, "update" : { - "permissions" : [ "s3:TagResource" ] + "permissions" : [ "s3:TagResource", "s3:UntagResource" ] }, "list" : { "permissions" : [ "s3:ListAccessGrantsInstances" ] diff --git a/aws-cloudformation-schema/aws-s3-accessgrantslocation.json b/aws-cloudformation-schema/aws-s3-accessgrantslocation.json index b49aa4a1c0..4efd2702af 100644 --- a/aws-cloudformation-schema/aws-s3-accessgrantslocation.json +++ b/aws-cloudformation-schema/aws-s3-accessgrantslocation.json @@ -50,19 +50,20 @@ "readOnlyProperties" : [ "/properties/AccessGrantsLocationArn", "/properties/AccessGrantsLocationId" ], "primaryIdentifier" : [ "/properties/AccessGrantsLocationId" ], "createOnlyProperties" : [ "/properties/Tags" ], - "writeOnlyProperties" : [ "/properties/Tags" ], "tagging" : { "taggable" : true, "tagOnCreate" : true, "tagUpdatable" : true, - "tagProperty" : "/properties/Tags" + "cloudFormationSystemTags" : false, + "tagProperty" : "/properties/Tags", + "permissions" : [ "s3:UntagResource", "s3:TagResource", "s3:ListTagsForResource" ] }, "handlers" : { "create" : { "permissions" : [ "s3:CreateAccessGrantsLocation", "iam:PassRole", "s3:TagResource" ] }, "read" : { - "permissions" : [ "s3:GetAccessGrantsLocation" ] + "permissions" : [ "s3:GetAccessGrantsLocation", "s3:ListTagsForResource" ] }, "delete" : { "permissions" : [ "s3:DeleteAccessGrantsLocation" ] @@ -71,7 +72,7 @@ "permissions" : [ "s3:ListAccessGrantsLocations" ] }, "update" : { - "permissions" : [ "s3:UpdateAccessGrantsLocation", "s3:TagResource", "iam:PassRole" ] + "permissions" : [ "s3:UpdateAccessGrantsLocation", "s3:TagResource", "s3:UntagResource", "iam:PassRole" ] } }, "additionalProperties" : false diff --git a/aws-cloudformation-schema/aws-s3-bucket.json b/aws-cloudformation-schema/aws-s3-bucket.json index be929d524e..d5b6c83cdc 100644 --- a/aws-cloudformation-schema/aws-s3-bucket.json +++ b/aws-cloudformation-schema/aws-s3-bucket.json @@ -265,7 +265,7 @@ "required" : [ "ServerSideEncryptionConfiguration" ] }, "ServerSideEncryptionRule" : { - "description" : "Specifies the default server-side encryption configuration.\n If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.", + "description" : "Specifies the default server-side encryption configuration.\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.\n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.", "type" : "object", "additionalProperties" : false, "properties" : { @@ -280,17 +280,17 @@ } }, "ServerSideEncryptionByDefault" : { - "description" : "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*.\n If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.", + "description" : "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).\n + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. \n + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. \n + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.", "type" : "object", "properties" : { "KMSMasterKeyID" : { - "description" : "AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", + "description" : "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*.", "type" : "string" }, "SSEAlgorithm" : { "type" : "string", "enum" : [ "aws:kms", "AES256", "aws:kms:dsse" ], - "description" : "Server-side encryption algorithm to use for the default encryption." + "description" : "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``." } }, "additionalProperties" : false, diff --git a/meta/.botocore.version b/meta/.botocore.version index 6d0d2f9f2f..a0df8259a8 100644 --- a/meta/.botocore.version +++ b/meta/.botocore.version @@ -1 +1 @@ -1.35.42 +1.35.45 diff --git a/provider/cmd/pulumi-gen-aws-native/deprecated-types.txt b/provider/cmd/pulumi-gen-aws-native/deprecated-types.txt index 1fa8ceae82..05b3941757 100644 --- a/provider/cmd/pulumi-gen-aws-native/deprecated-types.txt +++ b/provider/cmd/pulumi-gen-aws-native/deprecated-types.txt @@ -1,6 +1,5 @@ AWS::Batch::JobDefinition AWS::Cognito::UserPoolDomain -AWS::Cognito::UserPoolIdentityProvider AWS::GameCast::Application AWS::GameCast::StreamGroup AWS::SNS::TopicPolicy diff --git a/provider/cmd/pulumi-gen-aws-native/supported-types.txt b/provider/cmd/pulumi-gen-aws-native/supported-types.txt index f1c84a7f6c..68fb77a6fb 100644 --- a/provider/cmd/pulumi-gen-aws-native/supported-types.txt +++ b/provider/cmd/pulumi-gen-aws-native/supported-types.txt @@ -100,6 +100,7 @@ AWS::Backup::BackupPlan AWS::Backup::BackupSelection AWS::Backup::BackupVault AWS::Backup::Framework +AWS::Backup::LogicallyAirGappedBackupVault AWS::Backup::ReportPlan AWS::Backup::RestoreTestingPlan AWS::Backup::RestoreTestingSelection @@ -832,6 +833,7 @@ AWS::Redshift::ClusterSubnetGroup AWS::Redshift::EndpointAccess AWS::Redshift::EndpointAuthorization AWS::Redshift::EventSubscription +AWS::Redshift::Integration AWS::Redshift::ScheduledAction AWS::RedshiftServerless::Namespace AWS::RedshiftServerless::Workgroup diff --git a/provider/cmd/pulumi-resource-aws-native/metadata.json b/provider/cmd/pulumi-resource-aws-native/metadata.json index db0c6096c0..6d8f7112fd 100644 --- a/provider/cmd/pulumi-resource-aws-native/metadata.json +++ b/provider/cmd/pulumi-resource-aws-native/metadata.json @@ -2894,7 +2894,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner." + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner." } }, "outputs": { @@ -2918,7 +2918,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.", + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner.", "replaceOnChanges": true }, "vpcLinkId": { @@ -3340,7 +3340,7 @@ "inputs": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -3369,7 +3369,7 @@ "outputs": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -8222,7 +8222,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -8320,6 +8320,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -8371,7 +8377,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -8470,6 +8476,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -9761,6 +9773,92 @@ "tagsProperty": "frameworkTags", "tagsStyle": "keyValueArray" }, + "aws-native:backup:LogicallyAirGappedBackupVault": { + "cf": "AWS::Backup::LogicallyAirGappedBackupVault", + "inputs": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultName": { + "type": "string" + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "maxRetentionDays": { + "type": "integer" + }, + "minRetentionDays": { + "type": "integer" + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "outputs": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultArn": { + "type": "string" + }, + "backupVaultName": { + "type": "string", + "replaceOnChanges": true + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "encryptionKeyArn": { + "type": "string" + }, + "maxRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "minRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "autoNamingSpec": { + "sdkName": "backupVaultName" + }, + "required": [ + "maxRetentionDays", + "minRetentionDays" + ], + "createOnly": [ + "backupVaultName", + "maxRetentionDays", + "minRetentionDays" + ], + "tagsProperty": "backupVaultTags", + "tagsStyle": "stringMap" + }, "aws-native:backup:ReportPlan": { "cf": "AWS::Backup::ReportPlan", "inputs": { @@ -18347,8 +18445,11 @@ "cf": "AWS::Cognito::UserPoolIdentityProvider", "inputs": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -18358,8 +18459,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -18376,12 +18480,11 @@ }, "outputs": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." - }, - "awsId": { - "type": "string", - "description": "The resource ID." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -18391,8 +18494,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -18414,6 +18520,7 @@ "sdkName": "providerName" }, "required": [ + "providerDetails", "providerType", "userPoolId" ], @@ -18421,10 +18528,7 @@ "providerName", "providerType", "userPoolId" - ], - "irreversibleNames": { - "awsId": "Id" - } + ] }, "aws-native:cognito:UserPoolResourceServer": { "cf": "AWS::Cognito::UserPoolResourceServer", @@ -28242,6 +28346,9 @@ "tenancy": { "type": "string", "description": "Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "outputs": { @@ -28320,6 +28427,9 @@ "totalInstanceCount": { "type": "integer", "description": "Returns the total number of instances for which the Capacity Reservation reserves capacity. For example: `15` ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "required": [ @@ -28339,6 +28449,9 @@ "tagSpecifications", "tenancy" ], + "writeOnly": [ + "unusedReservationBillingOwnerId" + ], "irreversibleNames": { "awsId": "Id" } @@ -34744,7 +34857,7 @@ "inputs": { "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -34809,7 +34922,7 @@ }, "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -35818,9 +35931,6 @@ "autoNamingSpec": { "sdkName": "name" }, - "required": [ - "autoScalingGroupProvider" - ], "createOnly": [ "autoScalingGroupProvider/AutoScalingGroupArn", "name" @@ -38142,8 +38252,7 @@ }, "engine": { "type": "string", - "description": "The engine name of the Serverless Cache.", - "replaceOnChanges": true + "description": "The engine name of the Serverless Cache." }, "finalSnapshotName": { "type": "string", @@ -38160,8 +38269,7 @@ }, "majorEngineVersion": { "type": "string", - "description": "The major engine version of the Serverless Cache.", - "replaceOnChanges": true + "description": "The major engine version of the Serverless Cache." }, "readerEndpoint": { "$ref": "#/types/aws-native:elasticache:ServerlessCacheEndpoint", @@ -38222,9 +38330,7 @@ "engine" ], "createOnly": [ - "engine", "kmsKeyId", - "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore", "subnetIds" @@ -48685,6 +48791,10 @@ "type": "string", "description": "The name of the infrastructure configuration." }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -48756,6 +48866,10 @@ "description": "The name of the infrastructure configuration.", "replaceOnChanges": true }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -65157,6 +65271,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -65274,6 +65392,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -71599,12 +71721,6 @@ "directoryId", "vpcInformation" ], - "writeOnly": [ - "certificateAuthorityArn", - "directoryId", - "tags", - "vpcInformation" - ], "tagsProperty": "tags", "tagsStyle": "stringMap" }, @@ -71647,10 +71763,6 @@ "createOnly": [ "directoryId" ], - "writeOnly": [ - "directoryId", - "tags" - ], "tagsProperty": "tags", "tagsStyle": "stringMap" }, @@ -71775,11 +71887,7 @@ "name" ], "writeOnly": [ - "connectorArn", - "definition", - "name", - "reenrollAllCertificateHolders", - "tags" + "reenrollAllCertificateHolders" ], "tagsProperty": "tags", "tagsStyle": "stringMap" @@ -73384,7 +73492,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -73443,7 +73552,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -78490,6 +78600,103 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:redshift:Integration": { + "cf": "AWS::Redshift::Integration", + "inputs": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used." + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf" + } + }, + "outputs": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + }, + "createTime": { + "type": "string", + "description": "The time (UTC) when the integration was created." + }, + "integrationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the integration." + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used.", + "replaceOnChanges": true + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf", + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "integrationName", + "minLength": 1, + "maxLength": 64 + }, + "required": [ + "sourceArn", + "targetArn" + ], + "createOnly": [ + "additionalEncryptionContext", + "kmsKeyId", + "sourceArn", + "targetArn" + ], + "irreversibleNames": { + "kmsKeyId": "KMSKeyId" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:redshift:ScheduledAction": { "cf": "AWS::Redshift::ScheduledAction", "inputs": { @@ -82585,8 +82792,7 @@ "tags" ], "writeOnly": [ - "s3PrefixType", - "tags" + "s3PrefixType" ], "irreversibleNames": { "s3PrefixType": "S3PrefixType" @@ -82688,9 +82894,6 @@ "createOnly": [ "tags" ], - "writeOnly": [ - "tags" - ], "tagsProperty": "tags", "tagsStyle": "keyValueArrayCreateOnly" }, @@ -95759,7 +95962,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases." + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases." }, "tags": { "type": "array", @@ -95804,7 +96007,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases.", + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.", "replaceOnChanges": true }, "tags": { @@ -104800,6 +105003,17 @@ } } }, + "aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, "aws-native:autoscaling:AutoScalingGroupVCpuCountRequest": { "type": "object", "properties": { @@ -105945,6 +106159,23 @@ } } }, + "aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType": { + "type": "object", + "properties": { + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + } + }, + "snsTopicArn": { + "type": "string" + } + }, + "irreversibleNames": { + "snsTopicArn": "SNSTopicArn" + } + }, "aws-native:backup:ReportDeliveryChannelProperties": { "type": "object", "properties": { @@ -127812,7 +128043,7 @@ "additionalProperties": { "type": "string" }, - "description": "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" + "description": "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``.\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" }, "secretOptions": { "type": "array", @@ -137474,6 +137705,30 @@ "s3Logs": "S3Logs" } }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacement": { + "type": "object", + "properties": { + "availabilityZone": { + "type": "string", + "description": "AvailabilityZone" + }, + "hostId": { + "type": "string", + "description": "HostId" + }, + "hostResourceGroupArn": { + "type": "string", + "description": "HostResourceGroupArn" + }, + "tenancy": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy", + "description": "Tenancy" + } + } + }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy": { + "type": "string" + }, "aws-native:imagebuilder:InfrastructureConfigurationS3Logs": { "type": "object", "properties": { @@ -143837,12 +144092,12 @@ }, "height": { "type": "integer", - "description": "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", + "description": "Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "replaceOnChanges": true }, "width": { "type": "integer", - "description": "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", + "description": "Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", "replaceOnChanges": true } } @@ -194831,6 +195086,19 @@ } } }, + "aws-native:redshift:IntegrationTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + } + } + }, "aws-native:redshift:ScheduledActionState": { "type": "string" }, @@ -197715,11 +197983,11 @@ "properties": { "kmsMasterKeyId": { "type": "string", - "description": "AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." }, "sseAlgorithm": { "$ref": "#/types/aws-native:s3:BucketServerSideEncryptionByDefaultSseAlgorithm", - "description": "Server-side encryption algorithm to use for the default encryption." + "description": "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``." } }, "irreversibleNames": { @@ -214502,6 +214770,12 @@ "frameworkArn" ] }, + "aws-native:backup:getLogicallyAirGappedBackupVault": { + "cf": "AWS::Backup::LogicallyAirGappedBackupVault", + "ids": [ + "backupVaultName" + ] + }, "aws-native:backup:getReportPlan": { "cf": "AWS::Backup::ReportPlan", "ids": [ @@ -215070,7 +215344,8 @@ "aws-native:cognito:getUserPoolIdentityProvider": { "cf": "AWS::Cognito::UserPoolIdentityProvider", "ids": [ - "id" + "userPoolId", + "providerName" ] }, "aws-native:cognito:getUserPoolResourceServer": { @@ -218855,6 +219130,12 @@ "subscriptionName" ] }, + "aws-native:redshift:getIntegration": { + "cf": "AWS::Redshift::Integration", + "ids": [ + "integrationArn" + ] + }, "aws-native:redshift:getScheduledAction": { "cf": "AWS::Redshift::ScheduledAction", "ids": [ diff --git a/provider/cmd/pulumi-resource-aws-native/schema.json b/provider/cmd/pulumi-resource-aws-native/schema.json index 1285772e95..993c111105 100644 --- a/provider/cmd/pulumi-resource-aws-native/schema.json +++ b/provider/cmd/pulumi-resource-aws-native/schema.json @@ -3479,7 +3479,7 @@ "type": "object" }, "aws-native:apigatewayv2:DomainNameConfiguration": { - "description": "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource.", + "description": "The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name.\n ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource.", "properties": { "certificateArn": { "type": "string", @@ -11419,6 +11419,21 @@ }, "type": "object" }, + "aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier": { + "properties": { + "identifier": { + "type": "string" + }, + "type": { + "type": "string" + } + }, + "type": "object", + "required": [ + "identifier", + "type" + ] + }, "aws-native:autoscaling:AutoScalingGroupVCpuCountRequest": { "description": "``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type.", "properties": { @@ -13417,6 +13432,24 @@ }, "type": "object" }, + "aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType": { + "properties": { + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + } + }, + "snsTopicArn": { + "type": "string" + } + }, + "type": "object", + "required": [ + "backupVaultEvents", + "snsTopicArn" + ] + }, "aws-native:backup:ReportDeliveryChannelProperties": { "description": "A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports.", "properties": { @@ -45303,7 +45336,7 @@ "additionalProperties": { "type": "string" }, - "description": "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" + "description": "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``.\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" }, "secretOptions": { "type": "array", @@ -57792,6 +57825,10 @@ { "name": "Linux", "value": "Linux" + }, + { + "name": "MacOs", + "value": "macOS" } ] }, @@ -58673,6 +58710,46 @@ }, "type": "object" }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacement": { + "description": "The placement options", + "properties": { + "availabilityZone": { + "type": "string", + "description": "AvailabilityZone" + }, + "hostId": { + "type": "string", + "description": "HostId" + }, + "hostResourceGroupArn": { + "type": "string", + "description": "HostResourceGroupArn" + }, + "tenancy": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy", + "description": "Tenancy" + } + }, + "type": "object" + }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy": { + "description": "Tenancy", + "type": "string", + "enum": [ + { + "name": "Default", + "value": "default" + }, + { + "name": "Dedicated", + "value": "dedicated" + }, + { + "name": "Host", + "value": "host" + } + ] + }, "aws-native:imagebuilder:InfrastructureConfigurationS3Logs": { "description": "The S3 path in which to store the logs.", "properties": { @@ -67647,12 +67724,12 @@ }, "height": { "type": "integer", - "description": "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", + "description": "Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "replaceOnChanges": true }, "width": { "type": "integer", - "description": "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", + "description": "Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", "replaceOnChanges": true } }, @@ -136394,6 +136471,23 @@ "value" ] }, + "aws-native:redshift:IntegrationTag": { + "description": "A key-value pair to associate with a resource.", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + } + }, + "type": "object", + "required": [ + "key" + ] + }, "aws-native:redshift:ScheduledActionState": { "description": "The state of the scheduled action.", "type": "string", @@ -141123,15 +141217,15 @@ ] }, "aws-native:s3:BucketServerSideEncryptionByDefault": { - "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*.\n If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.", + "description": "Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html).\n + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. \n + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. \n + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS.", "properties": { "kmsMasterKeyId": { "type": "string", - "description": "AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." }, "sseAlgorithm": { "$ref": "#/types/aws-native:s3:BucketServerSideEncryptionByDefaultSseAlgorithm", - "description": "Server-side encryption algorithm to use for the default encryption." + "description": "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``." } }, "type": "object", @@ -141140,7 +141234,7 @@ ] }, "aws-native:s3:BucketServerSideEncryptionByDefaultSseAlgorithm": { - "description": "Server-side encryption algorithm to use for the default encryption.", + "description": "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``.", "type": "string", "enum": [ { @@ -141158,7 +141252,7 @@ ] }, "aws-native:s3:BucketServerSideEncryptionRule": { - "description": "Specifies the default server-side encryption configuration.\n If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.", + "description": "Specifies the default server-side encryption configuration.\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner.\n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.", "properties": { "bucketKeyEnabled": { "type": "boolean", @@ -168723,7 +168817,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.", + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner.", "replaceOnChanges": true }, "vpcLinkId": { @@ -168758,7 +168852,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner." + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner." } }, "requiredInputs": [ @@ -169150,7 +169244,7 @@ "properties": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -169194,7 +169288,7 @@ "inputProperties": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -173855,7 +173949,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -173954,6 +174048,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -174009,7 +174109,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -174107,6 +174207,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -175351,6 +175457,90 @@ "frameworkControls" ] }, + "aws-native:backup:LogicallyAirGappedBackupVault": { + "description": "Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault", + "properties": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultArn": { + "type": "string" + }, + "backupVaultName": { + "type": "string", + "replaceOnChanges": true + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "encryptionKeyArn": { + "type": "string" + }, + "maxRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "minRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "type": "object", + "required": [ + "backupVaultArn", + "backupVaultName", + "encryptionKeyArn", + "maxRetentionDays", + "minRetentionDays" + ], + "inputProperties": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultName": { + "type": "string" + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "maxRetentionDays": { + "type": "integer" + }, + "minRetentionDays": { + "type": "integer" + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "requiredInputs": [ + "maxRetentionDays", + "minRetentionDays" + ] + }, "aws-native:backup:ReportPlan": { "description": "Contains detailed information about a report plan in AWS Backup Audit Manager.", "properties": { @@ -183772,12 +183962,11 @@ "description": "Resource Type definition for AWS::Cognito::UserPoolIdentityProvider", "properties": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." - }, - "awsId": { - "type": "string", - "description": "The resource ID." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -183787,8 +183976,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -183808,15 +184000,18 @@ }, "type": "object", "required": [ - "awsId", + "providerDetails", "providerName", "providerType", "userPoolId" ], "inputProperties": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -183826,8 +184021,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -183843,6 +184041,7 @@ } }, "requiredInputs": [ + "providerDetails", "providerType", "userPoolId" ] @@ -193445,6 +193644,9 @@ "totalInstanceCount": { "type": "integer", "description": "Returns the total number of instances for which the Capacity Reservation reserves capacity. For example: `15` ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "type": "object", @@ -193512,6 +193714,9 @@ "tenancy": { "type": "string", "description": "Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "requiredInputs": [ @@ -199848,7 +200053,7 @@ }, "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -199903,7 +200108,7 @@ "inputProperties": { "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -200855,9 +201060,6 @@ } }, "type": "object", - "required": [ - "autoScalingGroupProvider" - ], "inputProperties": { "autoScalingGroupProvider": { "$ref": "#/types/aws-native:ecs:CapacityProviderAutoScalingGroupProvider", @@ -200874,10 +201076,7 @@ }, "description": "The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource - 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length - 128 Unicode characters in UTF-8\n- Maximum value length - 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit." } - }, - "requiredInputs": [ - "autoScalingGroupProvider" - ] + } }, "aws-native:ecs:Cluster": { "description": "The ``AWS::ECS::Cluster`` resource creates an Amazon Elastic Container Service (Amazon ECS) cluster.", @@ -203006,8 +203205,7 @@ }, "engine": { "type": "string", - "description": "The engine name of the Serverless Cache.", - "replaceOnChanges": true + "description": "The engine name of the Serverless Cache." }, "finalSnapshotName": { "type": "string", @@ -203024,8 +203222,7 @@ }, "majorEngineVersion": { "type": "string", - "description": "The major engine version of the Serverless Cache.", - "replaceOnChanges": true + "description": "The major engine version of the Serverless Cache." }, "readerEndpoint": { "$ref": "#/types/aws-native:elasticache:ServerlessCacheEndpoint", @@ -213254,6 +213451,10 @@ "description": "The name of the infrastructure configuration.", "replaceOnChanges": true }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -213326,6 +213527,10 @@ "type": "string", "description": "The name of the infrastructure configuration." }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -229274,6 +229479,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -229408,6 +229617,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -237257,7 +237470,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -237333,7 +237547,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -242091,6 +242306,94 @@ } } }, + "aws-native:redshift:Integration": { + "description": "Integration from a source AWS service to a Redshift cluster", + "properties": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + }, + "createTime": { + "type": "string", + "description": "The time (UTC) when the integration was created." + }, + "integrationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the integration." + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used.", + "replaceOnChanges": true + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf", + "replaceOnChanges": true + } + }, + "type": "object", + "required": [ + "createTime", + "integrationArn", + "sourceArn", + "targetArn" + ], + "inputProperties": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used." + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf" + } + }, + "requiredInputs": [ + "sourceArn", + "targetArn" + ] + }, "aws-native:redshift:ScheduledAction": { "description": "The `AWS::Redshift::ScheduledAction` resource creates an Amazon Redshift Scheduled Action.", "properties": { @@ -258761,7 +259064,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases.", + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.", "replaceOnChanges": true }, "tags": { @@ -258803,7 +259106,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases." + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases." }, "tags": { "type": "array", @@ -261738,7 +262041,7 @@ "properties": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -264123,7 +264426,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceMaintenancePolicy": { "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupInstanceMaintenancePolicy", @@ -264217,6 +264520,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -264849,6 +265158,48 @@ } } }, + "aws-native:backup:getLogicallyAirGappedBackupVault": { + "description": "Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault", + "inputs": { + "properties": { + "backupVaultName": { + "type": "string" + } + }, + "required": [ + "backupVaultName" + ] + }, + "outputs": { + "properties": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultArn": { + "type": "string" + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "encryptionKeyArn": { + "type": "string" + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + } + } + }, "aws-native:backup:getReportPlan": { "description": "Contains detailed information about a report plan in AWS Backup Audit Manager.", "inputs": { @@ -269517,24 +269868,28 @@ "description": "Resource Type definition for AWS::Cognito::UserPoolIdentityProvider", "inputs": { "properties": { - "id": { + "providerName": { "type": "string", - "description": "The resource ID." + "description": "The IdP name." + }, + "userPoolId": { + "type": "string", + "description": "The user pool ID." } }, "required": [ - "id" + "userPoolId", + "providerName" ] }, "outputs": { "properties": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." - }, - "id": { - "type": "string", - "description": "The resource ID." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -269544,8 +269899,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" } } } @@ -277730,7 +278088,7 @@ }, "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -279079,10 +279437,18 @@ "$ref": "#/types/aws-native:elasticache:ServerlessCacheEndpoint", "description": "Represents the information required for client programs to connect to a cache node. This value is read-only." }, + "engine": { + "type": "string", + "description": "The engine name of the Serverless Cache." + }, "fullEngineVersion": { "type": "string", "description": "The full engine version of the Serverless Cache." }, + "majorEngineVersion": { + "type": "string", + "description": "The major engine version of the Serverless Cache." + }, "readerEndpoint": { "$ref": "#/types/aws-native:elasticache:ServerlessCacheEndpoint", "description": "Represents the information required for client programs to connect to a cache node. This value is read-only." @@ -284452,6 +284818,10 @@ "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationLogging", "description": "The logging configuration of the infrastructure configuration." }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -293293,6 +293663,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -296491,6 +296865,13 @@ "connectorArn": { "type": "string", "description": "The Amazon Resource Name (ARN) that was returned when you called [CreateConnector](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector.html) ." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata assigned to a connector consisting of a key-value pair." } } } @@ -296513,6 +296894,13 @@ "directoryRegistrationArn": { "type": "string", "description": "The Amazon Resource Name (ARN) that was returned when you called [CreateDirectoryRegistration](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateDirectoryRegistration.html) ." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata assigned to a directory registration consisting of a key-value pair." } } } @@ -296532,6 +296920,27 @@ }, "outputs": { "properties": { + "definition": { + "oneOf": [ + { + "$ref": "#/types/aws-native:pcaconnectorad:TemplateDefinition0Properties" + }, + { + "$ref": "#/types/aws-native:pcaconnectorad:TemplateDefinition1Properties" + }, + { + "$ref": "#/types/aws-native:pcaconnectorad:TemplateDefinition2Properties" + } + ], + "description": "Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "Metadata assigned to a template consisting of a key-value pair." + }, "templateArn": { "type": "string", "description": "The Amazon Resource Name (ARN) that was returned when you called [CreateTemplate](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html) ." @@ -297383,7 +297792,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -299526,6 +299936,43 @@ } } }, + "aws-native:redshift:getIntegration": { + "description": "Integration from a source AWS service to a Redshift cluster", + "inputs": { + "properties": { + "integrationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the integration." + } + }, + "required": [ + "integrationArn" + ] + }, + "outputs": { + "properties": { + "createTime": { + "type": "string", + "description": "The time (UTC) when the integration was created." + }, + "integrationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the integration." + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + } + } + } + }, "aws-native:redshift:getScheduledAction": { "description": "The `AWS::Redshift::ScheduledAction` resource creates an Amazon Redshift Scheduled Action.", "inputs": { diff --git a/reports/missedAutonaming.json b/reports/missedAutonaming.json index 823f696603..27a4d52a26 100644 --- a/reports/missedAutonaming.json +++ b/reports/missedAutonaming.json @@ -460,7 +460,7 @@ "properties": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -3414,6 +3414,9 @@ "tenancy": { "type": "string", "description": "Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } } }, @@ -5680,7 +5683,7 @@ "properties": { "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -9953,7 +9956,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", diff --git a/sdk/dotnet/ApiGateway/VpcLink.cs b/sdk/dotnet/ApiGateway/VpcLink.cs index b26196ff7e..b0a7fea160 100644 --- a/sdk/dotnet/ApiGateway/VpcLink.cs +++ b/sdk/dotnet/ApiGateway/VpcLink.cs @@ -34,7 +34,7 @@ public partial class VpcLink : global::Pulumi.CustomResource public Output> Tags { get; private set; } = null!; /// - /// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + /// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. /// [Output("targetArns")] public Output> TargetArns { get; private set; } = null!; @@ -122,7 +122,7 @@ public InputList Tags private InputList? _targetArns; /// - /// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + /// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. /// public InputList TargetArns { diff --git a/sdk/dotnet/ApiGatewayV2/DomainName.cs b/sdk/dotnet/ApiGatewayV2/DomainName.cs index 5cf26e6f7d..baff0e27d9 100644 --- a/sdk/dotnet/ApiGatewayV2/DomainName.cs +++ b/sdk/dotnet/ApiGatewayV2/DomainName.cs @@ -17,7 +17,7 @@ namespace Pulumi.AwsNative.ApiGatewayV2 public partial class DomainName : global::Pulumi.CustomResource { /// - /// The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + /// The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. /// [Output("domainName")] public Output DomainNameValue { get; private set; } = null!; @@ -102,7 +102,7 @@ public static DomainName Get(string name, Input id, CustomResourceOption public sealed class DomainNameArgs : global::Pulumi.ResourceArgs { /// - /// The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + /// The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. /// [Input("domainName", required: true)] public Input DomainNameValue { get; set; } = null!; diff --git a/sdk/dotnet/ApiGatewayV2/GetDomainName.cs b/sdk/dotnet/ApiGatewayV2/GetDomainName.cs index 67c8770b2b..4ef49e1cdb 100644 --- a/sdk/dotnet/ApiGatewayV2/GetDomainName.cs +++ b/sdk/dotnet/ApiGatewayV2/GetDomainName.cs @@ -30,7 +30,7 @@ public static Output Invoke(GetDomainNameInvokeArgs args, I public sealed class GetDomainNameArgs : global::Pulumi.InvokeArgs { /// - /// The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + /// The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. /// [Input("domainName", required: true)] public string DomainNameValue { get; set; } = null!; @@ -44,7 +44,7 @@ public GetDomainNameArgs() public sealed class GetDomainNameInvokeArgs : global::Pulumi.InvokeArgs { /// - /// The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + /// The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. /// [Input("domainName", required: true)] public Input DomainName { get; set; } = null!; diff --git a/sdk/dotnet/ApiGatewayV2/Inputs/DomainNameConfigurationArgs.cs b/sdk/dotnet/ApiGatewayV2/Inputs/DomainNameConfigurationArgs.cs index 08933b18f4..85b721c896 100644 --- a/sdk/dotnet/ApiGatewayV2/Inputs/DomainNameConfigurationArgs.cs +++ b/sdk/dotnet/ApiGatewayV2/Inputs/DomainNameConfigurationArgs.cs @@ -12,7 +12,7 @@ namespace Pulumi.AwsNative.ApiGatewayV2.Inputs /// /// The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - /// ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + /// ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. /// public sealed class DomainNameConfigurationArgs : global::Pulumi.ResourceArgs { diff --git a/sdk/dotnet/ApiGatewayV2/Outputs/DomainNameConfiguration.cs b/sdk/dotnet/ApiGatewayV2/Outputs/DomainNameConfiguration.cs index fca9f1bb59..55a1f1950a 100644 --- a/sdk/dotnet/ApiGatewayV2/Outputs/DomainNameConfiguration.cs +++ b/sdk/dotnet/ApiGatewayV2/Outputs/DomainNameConfiguration.cs @@ -12,7 +12,7 @@ namespace Pulumi.AwsNative.ApiGatewayV2.Outputs /// /// The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - /// ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + /// ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. /// [OutputType] public sealed class DomainNameConfiguration diff --git a/sdk/dotnet/AutoScaling/AutoScalingGroup.cs b/sdk/dotnet/AutoScaling/AutoScalingGroup.cs index 804e86973d..6195fcf5c9 100644 --- a/sdk/dotnet/AutoScaling/AutoScalingGroup.cs +++ b/sdk/dotnet/AutoScaling/AutoScalingGroup.cs @@ -86,7 +86,7 @@ public partial class AutoScalingGroup : global::Pulumi.CustomResource /// /// A comma-separated value string of one or more health check types. - /// The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + /// The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. /// Only specify ``EC2`` if you must clear a value that was previously set. /// [Output("healthCheckType")] @@ -211,6 +211,9 @@ public partial class AutoScalingGroup : global::Pulumi.CustomResource [Output("terminationPolicies")] public Output> TerminationPolicies { get; private set; } = null!; + [Output("trafficSources")] + public Output> TrafficSources { get; private set; } = null!; + /// /// A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. /// If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). @@ -344,7 +347,7 @@ public InputList AvailabilityZones /// /// A comma-separated value string of one or more health check types. - /// The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + /// The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. /// Only specify ``EC2`` if you must clear a value that was previously set. /// [Input("healthCheckType")] @@ -511,6 +514,14 @@ public InputList TerminationPolicies set => _terminationPolicies = value; } + [Input("trafficSources")] + private InputList? _trafficSources; + public InputList TrafficSources + { + get => _trafficSources ?? (_trafficSources = new InputList()); + set => _trafficSources = value; + } + [Input("vpcZoneIdentifier")] private InputList? _vpcZoneIdentifier; diff --git a/sdk/dotnet/AutoScaling/GetAutoScalingGroup.cs b/sdk/dotnet/AutoScaling/GetAutoScalingGroup.cs index 33081bbba0..8d8350ebdb 100644 --- a/sdk/dotnet/AutoScaling/GetAutoScalingGroup.cs +++ b/sdk/dotnet/AutoScaling/GetAutoScalingGroup.cs @@ -111,7 +111,7 @@ public sealed class GetAutoScalingGroupResult public readonly int? HealthCheckGracePeriod; /// /// A comma-separated value string of one or more health check types. - /// The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + /// The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. /// Only specify ``EC2`` if you must clear a value that was previously set. /// public readonly string? HealthCheckType; @@ -191,6 +191,7 @@ public sealed class GetAutoScalingGroupResult /// Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` /// public readonly ImmutableArray TerminationPolicies; + public readonly ImmutableArray TrafficSources; /// /// A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. /// If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). @@ -255,6 +256,8 @@ private GetAutoScalingGroupResult( ImmutableArray terminationPolicies, + ImmutableArray trafficSources, + ImmutableArray vpcZoneIdentifier) { AvailabilityZones = availabilityZones; @@ -284,6 +287,7 @@ private GetAutoScalingGroupResult( Tags = tags; TargetGroupArns = targetGroupArns; TerminationPolicies = terminationPolicies; + TrafficSources = trafficSources; VpcZoneIdentifier = vpcZoneIdentifier; } } diff --git a/sdk/dotnet/AutoScaling/Inputs/AutoScalingGroupTrafficSourceIdentifierArgs.cs b/sdk/dotnet/AutoScaling/Inputs/AutoScalingGroupTrafficSourceIdentifierArgs.cs new file mode 100644 index 0000000000..d517226e23 --- /dev/null +++ b/sdk/dotnet/AutoScaling/Inputs/AutoScalingGroupTrafficSourceIdentifierArgs.cs @@ -0,0 +1,26 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.AutoScaling.Inputs +{ + + public sealed class AutoScalingGroupTrafficSourceIdentifierArgs : global::Pulumi.ResourceArgs + { + [Input("identifier", required: true)] + public Input Identifier { get; set; } = null!; + + [Input("type", required: true)] + public Input Type { get; set; } = null!; + + public AutoScalingGroupTrafficSourceIdentifierArgs() + { + } + public static new AutoScalingGroupTrafficSourceIdentifierArgs Empty => new AutoScalingGroupTrafficSourceIdentifierArgs(); + } +} diff --git a/sdk/dotnet/AutoScaling/Outputs/AutoScalingGroupTrafficSourceIdentifier.cs b/sdk/dotnet/AutoScaling/Outputs/AutoScalingGroupTrafficSourceIdentifier.cs new file mode 100644 index 0000000000..2f9a30807e --- /dev/null +++ b/sdk/dotnet/AutoScaling/Outputs/AutoScalingGroupTrafficSourceIdentifier.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.AutoScaling.Outputs +{ + + [OutputType] + public sealed class AutoScalingGroupTrafficSourceIdentifier + { + public readonly string Identifier; + public readonly string Type; + + [OutputConstructor] + private AutoScalingGroupTrafficSourceIdentifier( + string identifier, + + string type) + { + Identifier = identifier; + Type = type; + } + } +} diff --git a/sdk/dotnet/Backup/GetLogicallyAirGappedBackupVault.cs b/sdk/dotnet/Backup/GetLogicallyAirGappedBackupVault.cs new file mode 100644 index 0000000000..a80e659d7c --- /dev/null +++ b/sdk/dotnet/Backup/GetLogicallyAirGappedBackupVault.cs @@ -0,0 +1,90 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Backup +{ + public static class GetLogicallyAirGappedBackupVault + { + /// + /// Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + /// + public static Task InvokeAsync(GetLogicallyAirGappedBackupVaultArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("aws-native:backup:getLogicallyAirGappedBackupVault", args ?? new GetLogicallyAirGappedBackupVaultArgs(), options.WithDefaults()); + + /// + /// Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + /// + public static Output Invoke(GetLogicallyAirGappedBackupVaultInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("aws-native:backup:getLogicallyAirGappedBackupVault", args ?? new GetLogicallyAirGappedBackupVaultInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetLogicallyAirGappedBackupVaultArgs : global::Pulumi.InvokeArgs + { + [Input("backupVaultName", required: true)] + public string BackupVaultName { get; set; } = null!; + + public GetLogicallyAirGappedBackupVaultArgs() + { + } + public static new GetLogicallyAirGappedBackupVaultArgs Empty => new GetLogicallyAirGappedBackupVaultArgs(); + } + + public sealed class GetLogicallyAirGappedBackupVaultInvokeArgs : global::Pulumi.InvokeArgs + { + [Input("backupVaultName", required: true)] + public Input BackupVaultName { get; set; } = null!; + + public GetLogicallyAirGappedBackupVaultInvokeArgs() + { + } + public static new GetLogicallyAirGappedBackupVaultInvokeArgs Empty => new GetLogicallyAirGappedBackupVaultInvokeArgs(); + } + + + [OutputType] + public sealed class GetLogicallyAirGappedBackupVaultResult + { + /// + /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + /// + public readonly object? AccessPolicy; + public readonly string? BackupVaultArn; + public readonly ImmutableDictionary? BackupVaultTags; + public readonly string? EncryptionKeyArn; + public readonly Outputs.LogicallyAirGappedBackupVaultNotificationObjectType? Notifications; + public readonly string? VaultState; + public readonly string? VaultType; + + [OutputConstructor] + private GetLogicallyAirGappedBackupVaultResult( + object? accessPolicy, + + string? backupVaultArn, + + ImmutableDictionary? backupVaultTags, + + string? encryptionKeyArn, + + Outputs.LogicallyAirGappedBackupVaultNotificationObjectType? notifications, + + string? vaultState, + + string? vaultType) + { + AccessPolicy = accessPolicy; + BackupVaultArn = backupVaultArn; + BackupVaultTags = backupVaultTags; + EncryptionKeyArn = encryptionKeyArn; + Notifications = notifications; + VaultState = vaultState; + VaultType = vaultType; + } + } +} diff --git a/sdk/dotnet/Backup/Inputs/LogicallyAirGappedBackupVaultNotificationObjectTypeArgs.cs b/sdk/dotnet/Backup/Inputs/LogicallyAirGappedBackupVaultNotificationObjectTypeArgs.cs new file mode 100644 index 0000000000..0d97e5abf8 --- /dev/null +++ b/sdk/dotnet/Backup/Inputs/LogicallyAirGappedBackupVaultNotificationObjectTypeArgs.cs @@ -0,0 +1,31 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Backup.Inputs +{ + + public sealed class LogicallyAirGappedBackupVaultNotificationObjectTypeArgs : global::Pulumi.ResourceArgs + { + [Input("backupVaultEvents", required: true)] + private InputList? _backupVaultEvents; + public InputList BackupVaultEvents + { + get => _backupVaultEvents ?? (_backupVaultEvents = new InputList()); + set => _backupVaultEvents = value; + } + + [Input("snsTopicArn", required: true)] + public Input SnsTopicArn { get; set; } = null!; + + public LogicallyAirGappedBackupVaultNotificationObjectTypeArgs() + { + } + public static new LogicallyAirGappedBackupVaultNotificationObjectTypeArgs Empty => new LogicallyAirGappedBackupVaultNotificationObjectTypeArgs(); + } +} diff --git a/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs b/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs new file mode 100644 index 0000000000..2e664730d3 --- /dev/null +++ b/sdk/dotnet/Backup/LogicallyAirGappedBackupVault.cs @@ -0,0 +1,139 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Backup +{ + /// + /// Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + /// + [AwsNativeResourceType("aws-native:backup:LogicallyAirGappedBackupVault")] + public partial class LogicallyAirGappedBackupVault : global::Pulumi.CustomResource + { + /// + /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + /// + [Output("accessPolicy")] + public Output AccessPolicy { get; private set; } = null!; + + [Output("backupVaultArn")] + public Output BackupVaultArn { get; private set; } = null!; + + [Output("backupVaultName")] + public Output BackupVaultName { get; private set; } = null!; + + [Output("backupVaultTags")] + public Output?> BackupVaultTags { get; private set; } = null!; + + [Output("encryptionKeyArn")] + public Output EncryptionKeyArn { get; private set; } = null!; + + [Output("maxRetentionDays")] + public Output MaxRetentionDays { get; private set; } = null!; + + [Output("minRetentionDays")] + public Output MinRetentionDays { get; private set; } = null!; + + [Output("notifications")] + public Output Notifications { get; private set; } = null!; + + [Output("vaultState")] + public Output VaultState { get; private set; } = null!; + + [Output("vaultType")] + public Output VaultType { get; private set; } = null!; + + + /// + /// Create a LogicallyAirGappedBackupVault resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public LogicallyAirGappedBackupVault(string name, LogicallyAirGappedBackupVaultArgs args, CustomResourceOptions? options = null) + : base("aws-native:backup:LogicallyAirGappedBackupVault", name, args ?? new LogicallyAirGappedBackupVaultArgs(), MakeResourceOptions(options, "")) + { + } + + private LogicallyAirGappedBackupVault(string name, Input id, CustomResourceOptions? options = null) + : base("aws-native:backup:LogicallyAirGappedBackupVault", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + ReplaceOnChanges = + { + "backupVaultName", + "maxRetentionDays", + "minRetentionDays", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing LogicallyAirGappedBackupVault resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static LogicallyAirGappedBackupVault Get(string name, Input id, CustomResourceOptions? options = null) + { + return new LogicallyAirGappedBackupVault(name, id, options); + } + } + + public sealed class LogicallyAirGappedBackupVaultArgs : global::Pulumi.ResourceArgs + { + /// + /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + /// + [Input("accessPolicy")] + public Input? AccessPolicy { get; set; } + + [Input("backupVaultName")] + public Input? BackupVaultName { get; set; } + + [Input("backupVaultTags")] + private InputMap? _backupVaultTags; + public InputMap BackupVaultTags + { + get => _backupVaultTags ?? (_backupVaultTags = new InputMap()); + set => _backupVaultTags = value; + } + + [Input("maxRetentionDays", required: true)] + public Input MaxRetentionDays { get; set; } = null!; + + [Input("minRetentionDays", required: true)] + public Input MinRetentionDays { get; set; } = null!; + + [Input("notifications")] + public Input? Notifications { get; set; } + + [Input("vaultState")] + public Input? VaultState { get; set; } + + [Input("vaultType")] + public Input? VaultType { get; set; } + + public LogicallyAirGappedBackupVaultArgs() + { + } + public static new LogicallyAirGappedBackupVaultArgs Empty => new LogicallyAirGappedBackupVaultArgs(); + } +} diff --git a/sdk/dotnet/Backup/Outputs/LogicallyAirGappedBackupVaultNotificationObjectType.cs b/sdk/dotnet/Backup/Outputs/LogicallyAirGappedBackupVaultNotificationObjectType.cs new file mode 100644 index 0000000000..d73461482d --- /dev/null +++ b/sdk/dotnet/Backup/Outputs/LogicallyAirGappedBackupVaultNotificationObjectType.cs @@ -0,0 +1,29 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Backup.Outputs +{ + + [OutputType] + public sealed class LogicallyAirGappedBackupVaultNotificationObjectType + { + public readonly ImmutableArray BackupVaultEvents; + public readonly string SnsTopicArn; + + [OutputConstructor] + private LogicallyAirGappedBackupVaultNotificationObjectType( + ImmutableArray backupVaultEvents, + + string snsTopicArn) + { + BackupVaultEvents = backupVaultEvents; + SnsTopicArn = snsTopicArn; + } + } +} diff --git a/sdk/dotnet/Cognito/GetUserPoolIdentityProvider.cs b/sdk/dotnet/Cognito/GetUserPoolIdentityProvider.cs index 2d6ae1899f..eb3d25f951 100644 --- a/sdk/dotnet/Cognito/GetUserPoolIdentityProvider.cs +++ b/sdk/dotnet/Cognito/GetUserPoolIdentityProvider.cs @@ -28,10 +28,16 @@ public static Output Invoke(GetUserPoolIdenti public sealed class GetUserPoolIdentityProviderArgs : global::Pulumi.InvokeArgs { /// - /// The resource ID. + /// The IdP name. /// - [Input("id", required: true)] - public string Id { get; set; } = null!; + [Input("providerName", required: true)] + public string ProviderName { get; set; } = null!; + + /// + /// The user pool ID. + /// + [Input("userPoolId", required: true)] + public string UserPoolId { get; set; } = null!; public GetUserPoolIdentityProviderArgs() { @@ -42,10 +48,16 @@ public GetUserPoolIdentityProviderArgs() public sealed class GetUserPoolIdentityProviderInvokeArgs : global::Pulumi.InvokeArgs { /// - /// The resource ID. + /// The IdP name. + /// + [Input("providerName", required: true)] + public Input ProviderName { get; set; } = null!; + + /// + /// The user pool ID. /// - [Input("id", required: true)] - public Input Id { get; set; } = null!; + [Input("userPoolId", required: true)] + public Input UserPoolId { get; set; } = null!; public GetUserPoolIdentityProviderInvokeArgs() { @@ -59,14 +71,8 @@ public sealed class GetUserPoolIdentityProviderResult { /// /// A mapping of IdP attributes to standard and custom user pool attributes. - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - /// - public readonly object? AttributeMapping; - /// - /// The resource ID. /// - public readonly string? Id; + public readonly ImmutableDictionary? AttributeMapping; /// /// A list of IdP identifiers. /// @@ -101,23 +107,18 @@ public sealed class GetUserPoolIdentityProviderResult /// - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` /// /// Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. /// - public readonly object? ProviderDetails; + public readonly ImmutableDictionary? ProviderDetails; [OutputConstructor] private GetUserPoolIdentityProviderResult( - object? attributeMapping, - - string? id, + ImmutableDictionary? attributeMapping, ImmutableArray idpIdentifiers, - object? providerDetails) + ImmutableDictionary? providerDetails) { AttributeMapping = attributeMapping; - Id = id; IdpIdentifiers = idpIdentifiers; ProviderDetails = providerDetails; } diff --git a/sdk/dotnet/Cognito/UserPoolIdentityProvider.cs b/sdk/dotnet/Cognito/UserPoolIdentityProvider.cs index 37d6523746..56862a9b6a 100644 --- a/sdk/dotnet/Cognito/UserPoolIdentityProvider.cs +++ b/sdk/dotnet/Cognito/UserPoolIdentityProvider.cs @@ -17,17 +17,9 @@ public partial class UserPoolIdentityProvider : global::Pulumi.CustomResource { /// /// A mapping of IdP attributes to standard and custom user pool attributes. - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. /// [Output("attributeMapping")] - public Output AttributeMapping { get; private set; } = null!; - - /// - /// The resource ID. - /// - [Output("awsId")] - public Output AwsId { get; private set; } = null!; + public Output?> AttributeMapping { get; private set; } = null!; /// /// A list of IdP identifiers. @@ -65,11 +57,9 @@ public partial class UserPoolIdentityProvider : global::Pulumi.CustomResource /// - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` /// /// Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. /// [Output("providerDetails")] - public Output ProviderDetails { get; private set; } = null!; + public Output> ProviderDetails { get; private set; } = null!; /// /// The IdP name. @@ -140,13 +130,17 @@ public static UserPoolIdentityProvider Get(string name, Input id, Custom public sealed class UserPoolIdentityProviderArgs : global::Pulumi.ResourceArgs { + [Input("attributeMapping")] + private InputMap? _attributeMapping; + /// /// A mapping of IdP attributes to standard and custom user pool attributes. - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. /// - [Input("attributeMapping")] - public Input? AttributeMapping { get; set; } + public InputMap AttributeMapping + { + get => _attributeMapping ?? (_attributeMapping = new InputMap()); + set => _attributeMapping = value; + } [Input("idpIdentifiers")] private InputList? _idpIdentifiers; @@ -160,6 +154,9 @@ public InputList IdpIdentifiers set => _idpIdentifiers = value; } + [Input("providerDetails", required: true)] + private InputMap? _providerDetails; + /// /// The scopes, URLs, and identifiers for your external identity provider. The following /// examples describe the provider detail keys for each IdP type. These values and their @@ -190,11 +187,12 @@ public InputList IdpIdentifiers /// - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` /// /// Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - /// - /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. /// - [Input("providerDetails")] - public Input? ProviderDetails { get; set; } + public InputMap ProviderDetails + { + get => _providerDetails ?? (_providerDetails = new InputMap()); + set => _providerDetails = value; + } /// /// The IdP name. diff --git a/sdk/dotnet/Ec2/CapacityReservation.cs b/sdk/dotnet/Ec2/CapacityReservation.cs index fada89ba67..ed1c434c2c 100644 --- a/sdk/dotnet/Ec2/CapacityReservation.cs +++ b/sdk/dotnet/Ec2/CapacityReservation.cs @@ -128,6 +128,9 @@ public partial class CapacityReservation : global::Pulumi.CustomResource [Output("totalInstanceCount")] public Output TotalInstanceCount { get; private set; } = null!; + [Output("unusedReservationBillingOwnerId")] + public Output UnusedReservationBillingOwnerId { get; private set; } = null!; + /// /// Create a CapacityReservation resource with the given unique name, arguments, and options. @@ -286,6 +289,9 @@ public InputList TagSpecificatio [Input("tenancy")] public Input? Tenancy { get; set; } + [Input("unusedReservationBillingOwnerId")] + public Input? UnusedReservationBillingOwnerId { get; set; } + public CapacityReservationArgs() { } diff --git a/sdk/dotnet/Ec2/GetVpcEndpoint.cs b/sdk/dotnet/Ec2/GetVpcEndpoint.cs index cf9148a335..2cf34ea20a 100644 --- a/sdk/dotnet/Ec2/GetVpcEndpoint.cs +++ b/sdk/dotnet/Ec2/GetVpcEndpoint.cs @@ -93,7 +93,8 @@ public sealed class GetVpcEndpointResult public readonly ImmutableArray NetworkInterfaceIds; /// /// An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + /// ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` /// /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. /// diff --git a/sdk/dotnet/Ec2/VpcEndpoint.cs b/sdk/dotnet/Ec2/VpcEndpoint.cs index 4d640a79e6..8c74fe9524 100644 --- a/sdk/dotnet/Ec2/VpcEndpoint.cs +++ b/sdk/dotnet/Ec2/VpcEndpoint.cs @@ -53,7 +53,8 @@ public partial class VpcEndpoint : global::Pulumi.CustomResource /// /// An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + /// ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` /// /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. /// @@ -159,7 +160,8 @@ public sealed class VpcEndpointArgs : global::Pulumi.ResourceArgs { /// /// An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + /// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + /// ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` /// /// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. /// diff --git a/sdk/dotnet/Ecs/CapacityProvider.cs b/sdk/dotnet/Ecs/CapacityProvider.cs index 4a292269cb..1010d06a36 100644 --- a/sdk/dotnet/Ecs/CapacityProvider.cs +++ b/sdk/dotnet/Ecs/CapacityProvider.cs @@ -233,7 +233,7 @@ public partial class CapacityProvider : global::Pulumi.CustomResource /// The Auto Scaling group settings for the capacity provider. /// [Output("autoScalingGroupProvider")] - public Output AutoScalingGroupProvider { get; private set; } = null!; + public Output AutoScalingGroupProvider { get; private set; } = null!; /// /// The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. @@ -265,7 +265,7 @@ public partial class CapacityProvider : global::Pulumi.CustomResource /// The unique name of the resource /// The arguments used to populate this resource's properties /// A bag of options that control this resource's behavior - public CapacityProvider(string name, CapacityProviderArgs args, CustomResourceOptions? options = null) + public CapacityProvider(string name, CapacityProviderArgs? args = null, CustomResourceOptions? options = null) : base("aws-native:ecs:CapacityProvider", name, args ?? new CapacityProviderArgs(), MakeResourceOptions(options, "")) { } @@ -310,8 +310,8 @@ public sealed class CapacityProviderArgs : global::Pulumi.ResourceArgs /// /// The Auto Scaling group settings for the capacity provider. /// - [Input("autoScalingGroupProvider", required: true)] - public Input AutoScalingGroupProvider { get; set; } = null!; + [Input("autoScalingGroupProvider")] + public Input? AutoScalingGroupProvider { get; set; } /// /// The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. diff --git a/sdk/dotnet/Ecs/Inputs/ServiceLogConfigurationArgs.cs b/sdk/dotnet/Ecs/Inputs/ServiceLogConfigurationArgs.cs index eb9174167e..d51bcfd873 100644 --- a/sdk/dotnet/Ecs/Inputs/ServiceLogConfigurationArgs.cs +++ b/sdk/dotnet/Ecs/Inputs/ServiceLogConfigurationArgs.cs @@ -38,7 +38,16 @@ public sealed class ServiceLogConfigurationArgs : global::Pulumi.ResourceArgs private InputMap? _options; /// - /// The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + /// The configuration options to send to the log driver. + /// The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + /// + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + /// To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + /// When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + /// Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + /// When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + /// When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + /// When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + /// This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` /// public InputMap Options { diff --git a/sdk/dotnet/Ecs/Outputs/ServiceLogConfiguration.cs b/sdk/dotnet/Ecs/Outputs/ServiceLogConfiguration.cs index e8e4876d8e..91083d46e1 100644 --- a/sdk/dotnet/Ecs/Outputs/ServiceLogConfiguration.cs +++ b/sdk/dotnet/Ecs/Outputs/ServiceLogConfiguration.cs @@ -34,7 +34,16 @@ public sealed class ServiceLogConfiguration /// public readonly string? LogDriver; /// - /// The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + /// The configuration options to send to the log driver. + /// The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + /// + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + /// To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + /// When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + /// Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + /// When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + /// When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + /// When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + /// This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` /// public readonly ImmutableDictionary? Options; /// diff --git a/sdk/dotnet/ElastiCache/GetServerlessCache.cs b/sdk/dotnet/ElastiCache/GetServerlessCache.cs index 15c47ca98b..f6ecd372d6 100644 --- a/sdk/dotnet/ElastiCache/GetServerlessCache.cs +++ b/sdk/dotnet/ElastiCache/GetServerlessCache.cs @@ -82,10 +82,18 @@ public sealed class GetServerlessCacheResult /// public readonly Outputs.ServerlessCacheEndpoint? Endpoint; /// + /// The engine name of the Serverless Cache. + /// + public readonly string? Engine; + /// /// The full engine version of the Serverless Cache. /// public readonly string? FullEngineVersion; /// + /// The major engine version of the Serverless Cache. + /// + public readonly string? MajorEngineVersion; + /// /// Represents the information required for client programs to connect to a cache node. This value is read-only. /// public readonly Outputs.ServerlessCacheEndpoint? ReaderEndpoint; @@ -124,8 +132,12 @@ private GetServerlessCacheResult( Outputs.ServerlessCacheEndpoint? endpoint, + string? engine, + string? fullEngineVersion, + string? majorEngineVersion, + Outputs.ServerlessCacheEndpoint? readerEndpoint, ImmutableArray securityGroupIds, @@ -144,7 +156,9 @@ private GetServerlessCacheResult( DailySnapshotTime = dailySnapshotTime; Description = description; Endpoint = endpoint; + Engine = engine; FullEngineVersion = fullEngineVersion; + MajorEngineVersion = majorEngineVersion; ReaderEndpoint = readerEndpoint; SecurityGroupIds = securityGroupIds; SnapshotRetentionLimit = snapshotRetentionLimit; diff --git a/sdk/dotnet/ElastiCache/ServerlessCache.cs b/sdk/dotnet/ElastiCache/ServerlessCache.cs index 1a03056f75..5dbf064fb7 100644 --- a/sdk/dotnet/ElastiCache/ServerlessCache.cs +++ b/sdk/dotnet/ElastiCache/ServerlessCache.cs @@ -160,9 +160,7 @@ private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? Version = Utilities.Version, ReplaceOnChanges = { - "engine", "kmsKeyId", - "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]", diff --git a/sdk/dotnet/ImageBuilder/Enums.cs b/sdk/dotnet/ImageBuilder/Enums.cs index b95b90218c..dd8ad0820b 100644 --- a/sdk/dotnet/ImageBuilder/Enums.cs +++ b/sdk/dotnet/ImageBuilder/Enums.cs @@ -22,6 +22,7 @@ private ComponentPlatform(string value) public static ComponentPlatform Windows { get; } = new ComponentPlatform("Windows"); public static ComponentPlatform Linux { get; } = new ComponentPlatform("Linux"); + public static ComponentPlatform MacOs { get; } = new ComponentPlatform("macOS"); public static bool operator ==(ComponentPlatform left, ComponentPlatform right) => left.Equals(right); public static bool operator !=(ComponentPlatform left, ComponentPlatform right) => !left.Equals(right); @@ -417,6 +418,38 @@ private InfrastructureConfigurationInstanceMetadataOptionsHttpTokens(string valu public override string ToString() => _value; } + /// + /// Tenancy + /// + [EnumType] + public readonly struct InfrastructureConfigurationPlacementTenancy : IEquatable + { + private readonly string _value; + + private InfrastructureConfigurationPlacementTenancy(string value) + { + _value = value ?? throw new ArgumentNullException(nameof(value)); + } + + public static InfrastructureConfigurationPlacementTenancy Default { get; } = new InfrastructureConfigurationPlacementTenancy("default"); + public static InfrastructureConfigurationPlacementTenancy Dedicated { get; } = new InfrastructureConfigurationPlacementTenancy("dedicated"); + public static InfrastructureConfigurationPlacementTenancy Host { get; } = new InfrastructureConfigurationPlacementTenancy("host"); + + public static bool operator ==(InfrastructureConfigurationPlacementTenancy left, InfrastructureConfigurationPlacementTenancy right) => left.Equals(right); + public static bool operator !=(InfrastructureConfigurationPlacementTenancy left, InfrastructureConfigurationPlacementTenancy right) => !left.Equals(right); + + public static explicit operator string(InfrastructureConfigurationPlacementTenancy value) => value._value; + + [EditorBrowsable(EditorBrowsableState.Never)] + public override bool Equals(object? obj) => obj is InfrastructureConfigurationPlacementTenancy other && Equals(other); + public bool Equals(InfrastructureConfigurationPlacementTenancy other) => string.Equals(_value, other._value, StringComparison.Ordinal); + + [EditorBrowsable(EditorBrowsableState.Never)] + public override int GetHashCode() => _value?.GetHashCode() ?? 0; + + public override string ToString() => _value; + } + /// /// The action type of the policy detail. /// diff --git a/sdk/dotnet/ImageBuilder/GetInfrastructureConfiguration.cs b/sdk/dotnet/ImageBuilder/GetInfrastructureConfiguration.cs index 6c8e95514f..95fdf87326 100644 --- a/sdk/dotnet/ImageBuilder/GetInfrastructureConfiguration.cs +++ b/sdk/dotnet/ImageBuilder/GetInfrastructureConfiguration.cs @@ -86,6 +86,10 @@ public sealed class GetInfrastructureConfigurationResult /// public readonly Outputs.InfrastructureConfigurationLogging? Logging; /// + /// The placement option settings for the infrastructure configuration. + /// + public readonly Outputs.InfrastructureConfigurationPlacement? Placement; + /// /// The tags attached to the resource created by Image Builder. /// public readonly ImmutableDictionary? ResourceTags; @@ -126,6 +130,8 @@ private GetInfrastructureConfigurationResult( Outputs.InfrastructureConfigurationLogging? logging, + Outputs.InfrastructureConfigurationPlacement? placement, + ImmutableDictionary? resourceTags, ImmutableArray securityGroupIds, @@ -145,6 +151,7 @@ private GetInfrastructureConfigurationResult( InstanceTypes = instanceTypes; KeyPair = keyPair; Logging = logging; + Placement = placement; ResourceTags = resourceTags; SecurityGroupIds = securityGroupIds; SnsTopicArn = snsTopicArn; diff --git a/sdk/dotnet/ImageBuilder/InfrastructureConfiguration.cs b/sdk/dotnet/ImageBuilder/InfrastructureConfiguration.cs index b6699ff6fd..b81d702794 100644 --- a/sdk/dotnet/ImageBuilder/InfrastructureConfiguration.cs +++ b/sdk/dotnet/ImageBuilder/InfrastructureConfiguration.cs @@ -63,6 +63,12 @@ public partial class InfrastructureConfiguration : global::Pulumi.CustomResource [Output("name")] public Output Name { get; private set; } = null!; + /// + /// The placement option settings for the infrastructure configuration. + /// + [Output("placement")] + public Output Placement { get; private set; } = null!; + /// /// The tags attached to the resource created by Image Builder. /// @@ -196,6 +202,12 @@ public InputList InstanceTypes [Input("name")] public Input? Name { get; set; } + /// + /// The placement option settings for the infrastructure configuration. + /// + [Input("placement")] + public Input? Placement { get; set; } + [Input("resourceTags")] private InputMap? _resourceTags; diff --git a/sdk/dotnet/ImageBuilder/Inputs/InfrastructureConfigurationPlacementArgs.cs b/sdk/dotnet/ImageBuilder/Inputs/InfrastructureConfigurationPlacementArgs.cs new file mode 100644 index 0000000000..dff4aecea4 --- /dev/null +++ b/sdk/dotnet/ImageBuilder/Inputs/InfrastructureConfigurationPlacementArgs.cs @@ -0,0 +1,47 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.ImageBuilder.Inputs +{ + + /// + /// The placement options + /// + public sealed class InfrastructureConfigurationPlacementArgs : global::Pulumi.ResourceArgs + { + /// + /// AvailabilityZone + /// + [Input("availabilityZone")] + public Input? AvailabilityZone { get; set; } + + /// + /// HostId + /// + [Input("hostId")] + public Input? HostId { get; set; } + + /// + /// HostResourceGroupArn + /// + [Input("hostResourceGroupArn")] + public Input? HostResourceGroupArn { get; set; } + + /// + /// Tenancy + /// + [Input("tenancy")] + public Input? Tenancy { get; set; } + + public InfrastructureConfigurationPlacementArgs() + { + } + public static new InfrastructureConfigurationPlacementArgs Empty => new InfrastructureConfigurationPlacementArgs(); + } +} diff --git a/sdk/dotnet/ImageBuilder/Outputs/InfrastructureConfigurationPlacement.cs b/sdk/dotnet/ImageBuilder/Outputs/InfrastructureConfigurationPlacement.cs new file mode 100644 index 0000000000..225fa1522d --- /dev/null +++ b/sdk/dotnet/ImageBuilder/Outputs/InfrastructureConfigurationPlacement.cs @@ -0,0 +1,52 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.ImageBuilder.Outputs +{ + + /// + /// The placement options + /// + [OutputType] + public sealed class InfrastructureConfigurationPlacement + { + /// + /// AvailabilityZone + /// + public readonly string? AvailabilityZone; + /// + /// HostId + /// + public readonly string? HostId; + /// + /// HostResourceGroupArn + /// + public readonly string? HostResourceGroupArn; + /// + /// Tenancy + /// + public readonly Pulumi.AwsNative.ImageBuilder.InfrastructureConfigurationPlacementTenancy? Tenancy; + + [OutputConstructor] + private InfrastructureConfigurationPlacement( + string? availabilityZone, + + string? hostId, + + string? hostResourceGroupArn, + + Pulumi.AwsNative.ImageBuilder.InfrastructureConfigurationPlacementTenancy? tenancy) + { + AvailabilityZone = availabilityZone; + HostId = hostId; + HostResourceGroupArn = hostResourceGroupArn; + Tenancy = tenancy; + } + } +} diff --git a/sdk/dotnet/Ivs/Inputs/VideoPropertiesArgs.cs b/sdk/dotnet/Ivs/Inputs/VideoPropertiesArgs.cs index 88e511a762..edd4db565c 100644 --- a/sdk/dotnet/Ivs/Inputs/VideoPropertiesArgs.cs +++ b/sdk/dotnet/Ivs/Inputs/VideoPropertiesArgs.cs @@ -28,13 +28,13 @@ public sealed class VideoPropertiesArgs : global::Pulumi.ResourceArgs public Input? Framerate { get; set; } /// - /// Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + /// Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. /// [Input("height")] public Input? Height { get; set; } /// - /// Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + /// Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. /// [Input("width")] public Input? Width { get; set; } diff --git a/sdk/dotnet/Ivs/Outputs/VideoProperties.cs b/sdk/dotnet/Ivs/Outputs/VideoProperties.cs index 567c748133..b2688b7c96 100644 --- a/sdk/dotnet/Ivs/Outputs/VideoProperties.cs +++ b/sdk/dotnet/Ivs/Outputs/VideoProperties.cs @@ -25,11 +25,11 @@ public sealed class VideoProperties /// public readonly double? Framerate; /// - /// Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + /// Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. /// public readonly int? Height; /// - /// Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + /// Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. /// public readonly int? Width; diff --git a/sdk/dotnet/MemoryDb/Cluster.cs b/sdk/dotnet/MemoryDb/Cluster.cs index eb39e7bcd2..3dd7e728a2 100644 --- a/sdk/dotnet/MemoryDb/Cluster.cs +++ b/sdk/dotnet/MemoryDb/Cluster.cs @@ -59,6 +59,12 @@ public partial class Cluster : global::Pulumi.CustomResource [Output("description")] public Output Description { get; private set; } = null!; + /// + /// The engine type used by the cluster. + /// + [Output("engine")] + public Output Engine { get; private set; } = null!; + /// /// The Redis engine version used by the cluster. /// @@ -281,6 +287,12 @@ public sealed class ClusterArgs : global::Pulumi.ResourceArgs [Input("description")] public Input? Description { get; set; } + /// + /// The engine type used by the cluster. + /// + [Input("engine")] + public Input? Engine { get; set; } + /// /// The Redis engine version used by the cluster. /// diff --git a/sdk/dotnet/MemoryDb/GetCluster.cs b/sdk/dotnet/MemoryDb/GetCluster.cs index 3e0a2140c4..510fe379f1 100644 --- a/sdk/dotnet/MemoryDb/GetCluster.cs +++ b/sdk/dotnet/MemoryDb/GetCluster.cs @@ -80,6 +80,10 @@ public sealed class GetClusterResult /// public readonly string? Description; /// + /// The engine type used by the cluster. + /// + public readonly string? Engine; + /// /// The Redis engine version used by the cluster. /// public readonly string? EngineVersion; @@ -148,6 +152,8 @@ private GetClusterResult( string? description, + string? engine, + string? engineVersion, string? maintenanceWindow, @@ -181,6 +187,7 @@ private GetClusterResult( AutoMinorVersionUpgrade = autoMinorVersionUpgrade; ClusterEndpoint = clusterEndpoint; Description = description; + Engine = engine; EngineVersion = engineVersion; MaintenanceWindow = maintenanceWindow; NodeType = nodeType; diff --git a/sdk/dotnet/PcaConnectorAd/GetConnector.cs b/sdk/dotnet/PcaConnectorAd/GetConnector.cs index b1938a20bb..03bf55405f 100644 --- a/sdk/dotnet/PcaConnectorAd/GetConnector.cs +++ b/sdk/dotnet/PcaConnectorAd/GetConnector.cs @@ -61,11 +61,19 @@ public sealed class GetConnectorResult /// The Amazon Resource Name (ARN) that was returned when you called [CreateConnector](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector.html) . /// public readonly string? ConnectorArn; + /// + /// Metadata assigned to a connector consisting of a key-value pair. + /// + public readonly ImmutableDictionary? Tags; [OutputConstructor] - private GetConnectorResult(string? connectorArn) + private GetConnectorResult( + string? connectorArn, + + ImmutableDictionary? tags) { ConnectorArn = connectorArn; + Tags = tags; } } } diff --git a/sdk/dotnet/PcaConnectorAd/GetDirectoryRegistration.cs b/sdk/dotnet/PcaConnectorAd/GetDirectoryRegistration.cs index a6c12ec7b7..64ed0b6ac2 100644 --- a/sdk/dotnet/PcaConnectorAd/GetDirectoryRegistration.cs +++ b/sdk/dotnet/PcaConnectorAd/GetDirectoryRegistration.cs @@ -61,11 +61,19 @@ public sealed class GetDirectoryRegistrationResult /// The Amazon Resource Name (ARN) that was returned when you called [CreateDirectoryRegistration](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateDirectoryRegistration.html) . /// public readonly string? DirectoryRegistrationArn; + /// + /// Metadata assigned to a directory registration consisting of a key-value pair. + /// + public readonly ImmutableDictionary? Tags; [OutputConstructor] - private GetDirectoryRegistrationResult(string? directoryRegistrationArn) + private GetDirectoryRegistrationResult( + string? directoryRegistrationArn, + + ImmutableDictionary? tags) { DirectoryRegistrationArn = directoryRegistrationArn; + Tags = tags; } } } diff --git a/sdk/dotnet/PcaConnectorAd/GetTemplate.cs b/sdk/dotnet/PcaConnectorAd/GetTemplate.cs index bf3f029775..1a9df08cb5 100644 --- a/sdk/dotnet/PcaConnectorAd/GetTemplate.cs +++ b/sdk/dotnet/PcaConnectorAd/GetTemplate.cs @@ -57,14 +57,29 @@ public GetTemplateInvokeArgs() [OutputType] public sealed class GetTemplateResult { + /// + /// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings. + /// + public readonly object? Definition; + /// + /// Metadata assigned to a template consisting of a key-value pair. + /// + public readonly ImmutableDictionary? Tags; /// /// The Amazon Resource Name (ARN) that was returned when you called [CreateTemplate](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html) . /// public readonly string? TemplateArn; [OutputConstructor] - private GetTemplateResult(string? templateArn) + private GetTemplateResult( + object? definition, + + ImmutableDictionary? tags, + + string? templateArn) { + Definition = definition; + Tags = tags; TemplateArn = templateArn; } } diff --git a/sdk/dotnet/QBusiness/GetWebExperience.cs b/sdk/dotnet/QBusiness/GetWebExperience.cs index 23575e1f7c..80a7ead69a 100644 --- a/sdk/dotnet/QBusiness/GetWebExperience.cs +++ b/sdk/dotnet/QBusiness/GetWebExperience.cs @@ -81,6 +81,11 @@ public sealed class GetWebExperienceResult /// Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. /// public readonly Union? IdentityProviderConfiguration; + /// + /// Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + /// + /// > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + /// public readonly ImmutableArray Origins; /// /// The Amazon Resource Name (ARN) of the service role attached to your web experience. diff --git a/sdk/dotnet/QBusiness/WebExperience.cs b/sdk/dotnet/QBusiness/WebExperience.cs index 3d1faf5525..f5258d90d5 100644 --- a/sdk/dotnet/QBusiness/WebExperience.cs +++ b/sdk/dotnet/QBusiness/WebExperience.cs @@ -39,6 +39,11 @@ public partial class WebExperience : global::Pulumi.CustomResource [Output("identityProviderConfiguration")] public Output?> IdentityProviderConfiguration { get; private set; } = null!; + /// + /// Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + /// + /// > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + /// [Output("origins")] public Output> Origins { get; private set; } = null!; @@ -167,6 +172,12 @@ public sealed class WebExperienceArgs : global::Pulumi.ResourceArgs [Input("origins")] private InputList? _origins; + + /// + /// Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + /// + /// > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + /// public InputList Origins { get => _origins ?? (_origins = new InputList()); diff --git a/sdk/dotnet/Redshift/GetIntegration.cs b/sdk/dotnet/Redshift/GetIntegration.cs new file mode 100644 index 0000000000..227594242f --- /dev/null +++ b/sdk/dotnet/Redshift/GetIntegration.cs @@ -0,0 +1,93 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Redshift +{ + public static class GetIntegration + { + /// + /// Integration from a source AWS service to a Redshift cluster + /// + public static Task InvokeAsync(GetIntegrationArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.InvokeAsync("aws-native:redshift:getIntegration", args ?? new GetIntegrationArgs(), options.WithDefaults()); + + /// + /// Integration from a source AWS service to a Redshift cluster + /// + public static Output Invoke(GetIntegrationInvokeArgs args, InvokeOptions? options = null) + => global::Pulumi.Deployment.Instance.Invoke("aws-native:redshift:getIntegration", args ?? new GetIntegrationInvokeArgs(), options.WithDefaults()); + } + + + public sealed class GetIntegrationArgs : global::Pulumi.InvokeArgs + { + /// + /// The Amazon Resource Name (ARN) of the integration. + /// + [Input("integrationArn", required: true)] + public string IntegrationArn { get; set; } = null!; + + public GetIntegrationArgs() + { + } + public static new GetIntegrationArgs Empty => new GetIntegrationArgs(); + } + + public sealed class GetIntegrationInvokeArgs : global::Pulumi.InvokeArgs + { + /// + /// The Amazon Resource Name (ARN) of the integration. + /// + [Input("integrationArn", required: true)] + public Input IntegrationArn { get; set; } = null!; + + public GetIntegrationInvokeArgs() + { + } + public static new GetIntegrationInvokeArgs Empty => new GetIntegrationInvokeArgs(); + } + + + [OutputType] + public sealed class GetIntegrationResult + { + /// + /// The time (UTC) when the integration was created. + /// + public readonly string? CreateTime; + /// + /// The Amazon Resource Name (ARN) of the integration. + /// + public readonly string? IntegrationArn; + /// + /// The name of the integration. + /// + public readonly string? IntegrationName; + /// + /// An array of key-value pairs to apply to this resource. + /// + public readonly ImmutableArray Tags; + + [OutputConstructor] + private GetIntegrationResult( + string? createTime, + + string? integrationArn, + + string? integrationName, + + ImmutableArray tags) + { + CreateTime = createTime; + IntegrationArn = integrationArn; + IntegrationName = integrationName; + Tags = tags; + } + } +} diff --git a/sdk/dotnet/Redshift/Integration.cs b/sdk/dotnet/Redshift/Integration.cs new file mode 100644 index 0000000000..6bd3e888d4 --- /dev/null +++ b/sdk/dotnet/Redshift/Integration.cs @@ -0,0 +1,164 @@ +// *** WARNING: this file was generated by pulumi. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +using System; +using System.Collections.Generic; +using System.Collections.Immutable; +using System.Threading.Tasks; +using Pulumi.Serialization; + +namespace Pulumi.AwsNative.Redshift +{ + /// + /// Integration from a source AWS service to a Redshift cluster + /// + [AwsNativeResourceType("aws-native:redshift:Integration")] + public partial class Integration : global::Pulumi.CustomResource + { + [Output("additionalEncryptionContext")] + public Output?> AdditionalEncryptionContext { get; private set; } = null!; + + /// + /// The time (UTC) when the integration was created. + /// + [Output("createTime")] + public Output CreateTime { get; private set; } = null!; + + /// + /// The Amazon Resource Name (ARN) of the integration. + /// + [Output("integrationArn")] + public Output IntegrationArn { get; private set; } = null!; + + /// + /// The name of the integration. + /// + [Output("integrationName")] + public Output IntegrationName { get; private set; } = null!; + + /// + /// An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + /// + [Output("kmsKeyId")] + public Output KmsKeyId { get; private set; } = null!; + + /// + /// The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + /// + [Output("sourceArn")] + public Output SourceArn { get; private set; } = null!; + + /// + /// An array of key-value pairs to apply to this resource. + /// + [Output("tags")] + public Output> Tags { get; private set; } = null!; + + /// + /// The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + /// + [Output("targetArn")] + public Output TargetArn { get; private set; } = null!; + + + /// + /// Create a Integration resource with the given unique name, arguments, and options. + /// + /// + /// The unique name of the resource + /// The arguments used to populate this resource's properties + /// A bag of options that control this resource's behavior + public Integration(string name, IntegrationArgs args, CustomResourceOptions? options = null) + : base("aws-native:redshift:Integration", name, args ?? new IntegrationArgs(), MakeResourceOptions(options, "")) + { + } + + private Integration(string name, Input id, CustomResourceOptions? options = null) + : base("aws-native:redshift:Integration", name, null, MakeResourceOptions(options, id)) + { + } + + private static CustomResourceOptions MakeResourceOptions(CustomResourceOptions? options, Input? id) + { + var defaultOptions = new CustomResourceOptions + { + Version = Utilities.Version, + ReplaceOnChanges = + { + "additionalEncryptionContext.*", + "kmsKeyId", + "sourceArn", + "targetArn", + }, + }; + var merged = CustomResourceOptions.Merge(defaultOptions, options); + // Override the ID if one was specified for consistency with other language SDKs. + merged.Id = id ?? merged.Id; + return merged; + } + /// + /// Get an existing Integration resource's state with the given name, ID, and optional extra + /// properties used to qualify the lookup. + /// + /// + /// The unique name of the resulting resource. + /// The unique provider ID of the resource to lookup. + /// A bag of options that control this resource's behavior + public static Integration Get(string name, Input id, CustomResourceOptions? options = null) + { + return new Integration(name, id, options); + } + } + + public sealed class IntegrationArgs : global::Pulumi.ResourceArgs + { + [Input("additionalEncryptionContext")] + private InputMap? _additionalEncryptionContext; + public InputMap AdditionalEncryptionContext + { + get => _additionalEncryptionContext ?? (_additionalEncryptionContext = new InputMap()); + set => _additionalEncryptionContext = value; + } + + /// + /// The name of the integration. + /// + [Input("integrationName")] + public Input? IntegrationName { get; set; } + + /// + /// An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + /// + [Input("kmsKeyId")] + public Input? KmsKeyId { get; set; } + + /// + /// The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + /// + [Input("sourceArn", required: true)] + public Input SourceArn { get; set; } = null!; + + [Input("tags")] + private InputList? _tags; + + /// + /// An array of key-value pairs to apply to this resource. + /// + public InputList Tags + { + get => _tags ?? (_tags = new InputList()); + set => _tags = value; + } + + /// + /// The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + /// + [Input("targetArn", required: true)] + public Input TargetArn { get; set; } = null!; + + public IntegrationArgs() + { + } + public static new IntegrationArgs Empty => new IntegrationArgs(); + } +} diff --git a/sdk/dotnet/S3/Enums.cs b/sdk/dotnet/S3/Enums.cs index a28f537ed6..ca0f168327 100644 --- a/sdk/dotnet/S3/Enums.cs +++ b/sdk/dotnet/S3/Enums.cs @@ -816,6 +816,7 @@ private BucketRuleStatus(string value) /// /// Server-side encryption algorithm to use for the default encryption. + /// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. /// [EnumType] public readonly struct BucketServerSideEncryptionByDefaultSseAlgorithm : IEquatable diff --git a/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionByDefaultArgs.cs b/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionByDefaultArgs.cs index b37cd3cafa..df451df399 100644 --- a/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionByDefaultArgs.cs +++ b/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionByDefaultArgs.cs @@ -11,27 +11,35 @@ namespace Pulumi.AwsNative.S3.Inputs { /// - /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - /// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + /// + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + /// + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + /// + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. /// public sealed class BucketServerSideEncryptionByDefaultArgs : global::Pulumi.ResourceArgs { /// - /// AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - /// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + /// AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + /// + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + /// + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + /// + /// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. /// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` /// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` /// + Key Alias: ``alias/alias-name`` /// - /// If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - /// If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - /// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + /// If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + /// + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + /// + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + /// + /// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. /// [Input("kmsMasterKeyId")] public Input? KmsMasterKeyId { get; set; } /// /// Server-side encryption algorithm to use for the default encryption. + /// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. /// [Input("sseAlgorithm", required: true)] public Input SseAlgorithm { get; set; } = null!; diff --git a/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionRuleArgs.cs b/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionRuleArgs.cs index e79044adea..f6ed76aec0 100644 --- a/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionRuleArgs.cs +++ b/sdk/dotnet/S3/Inputs/BucketServerSideEncryptionRuleArgs.cs @@ -12,7 +12,8 @@ namespace Pulumi.AwsNative.S3.Inputs /// /// Specifies the default server-side encryption configuration. - /// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. /// public sealed class BucketServerSideEncryptionRuleArgs : global::Pulumi.ResourceArgs { diff --git a/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionByDefault.cs b/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionByDefault.cs index 63d8b2aa53..7c13c0df03 100644 --- a/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionByDefault.cs +++ b/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionByDefault.cs @@ -11,26 +11,34 @@ namespace Pulumi.AwsNative.S3.Outputs { /// - /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - /// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + /// + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + /// + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + /// + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. /// [OutputType] public sealed class BucketServerSideEncryptionByDefault { /// - /// AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - /// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + /// AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + /// + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + /// + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + /// + /// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. /// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` /// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` /// + Key Alias: ``alias/alias-name`` /// - /// If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - /// If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - /// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + /// If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + /// + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + /// + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + /// + /// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. /// public readonly string? KmsMasterKeyId; /// /// Server-side encryption algorithm to use for the default encryption. + /// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. /// public readonly Pulumi.AwsNative.S3.BucketServerSideEncryptionByDefaultSseAlgorithm SseAlgorithm; diff --git a/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionRule.cs b/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionRule.cs index 16ee921c85..25a791d404 100644 --- a/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionRule.cs +++ b/sdk/dotnet/S3/Outputs/BucketServerSideEncryptionRule.cs @@ -12,7 +12,8 @@ namespace Pulumi.AwsNative.S3.Outputs /// /// Specifies the default server-side encryption configuration. - /// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + /// + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. /// [OutputType] public sealed class BucketServerSideEncryptionRule diff --git a/sdk/dotnet/Wisdom/KnowledgeBase.cs b/sdk/dotnet/Wisdom/KnowledgeBase.cs index 39365d1e4b..4e276e1623 100644 --- a/sdk/dotnet/Wisdom/KnowledgeBase.cs +++ b/sdk/dotnet/Wisdom/KnowledgeBase.cs @@ -58,7 +58,7 @@ public partial class KnowledgeBase : global::Pulumi.CustomResource public Output ServerSideEncryptionConfiguration { get; private set; } = null!; /// - /// The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + /// The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. /// [Output("sourceConfiguration")] public Output SourceConfiguration { get; private set; } = null!; @@ -154,7 +154,7 @@ public sealed class KnowledgeBaseArgs : global::Pulumi.ResourceArgs public Input? ServerSideEncryptionConfiguration { get; set; } /// - /// The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + /// The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. /// [Input("sourceConfiguration")] public Input? SourceConfiguration { get; set; } diff --git a/sdk/go/aws/apigateway/vpcLink.go b/sdk/go/aws/apigateway/vpcLink.go index cee6408a64..66e7f8cca5 100644 --- a/sdk/go/aws/apigateway/vpcLink.go +++ b/sdk/go/aws/apigateway/vpcLink.go @@ -23,7 +23,7 @@ type VpcLink struct { Name pulumi.StringOutput `pulumi:"name"` // An array of arbitrary tags (key-value pairs) to associate with the VPC link. Tags aws.TagArrayOutput `pulumi:"tags"` - // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. TargetArns pulumi.StringArrayOutput `pulumi:"targetArns"` // The ID for the VPC link. For example: `abc123` . VpcLinkId pulumi.StringOutput `pulumi:"vpcLinkId"` @@ -82,7 +82,7 @@ type vpcLinkArgs struct { Name *string `pulumi:"name"` // An array of arbitrary tags (key-value pairs) to associate with the VPC link. Tags []aws.Tag `pulumi:"tags"` - // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. TargetArns []string `pulumi:"targetArns"` } @@ -94,7 +94,7 @@ type VpcLinkArgs struct { Name pulumi.StringPtrInput // An array of arbitrary tags (key-value pairs) to associate with the VPC link. Tags aws.TagArrayInput - // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + // The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. TargetArns pulumi.StringArrayInput } @@ -150,7 +150,7 @@ func (o VpcLinkOutput) Tags() aws.TagArrayOutput { return o.ApplyT(func(v *VpcLink) aws.TagArrayOutput { return v.Tags }).(aws.TagArrayOutput) } -// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. +// The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. func (o VpcLinkOutput) TargetArns() pulumi.StringArrayOutput { return o.ApplyT(func(v *VpcLink) pulumi.StringArrayOutput { return v.TargetArns }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/aws/apigatewayv2/domainName.go b/sdk/go/aws/apigatewayv2/domainName.go index 38db2d77a9..d62ac53f49 100644 --- a/sdk/go/aws/apigatewayv2/domainName.go +++ b/sdk/go/aws/apigatewayv2/domainName.go @@ -18,7 +18,7 @@ import ( type DomainName struct { pulumi.CustomResourceState - // The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + // The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. DomainName pulumi.StringOutput `pulumi:"domainName"` // The domain name configurations. DomainNameConfigurations DomainNameConfigurationArrayOutput `pulumi:"domainNameConfigurations"` @@ -79,7 +79,7 @@ func (DomainNameState) ElementType() reflect.Type { } type domainNameArgs struct { - // The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + // The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. DomainName string `pulumi:"domainName"` // The domain name configurations. DomainNameConfigurations []DomainNameConfiguration `pulumi:"domainNameConfigurations"` @@ -91,7 +91,7 @@ type domainNameArgs struct { // The set of arguments for constructing a DomainName resource. type DomainNameArgs struct { - // The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + // The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. DomainName pulumi.StringInput // The domain name configurations. DomainNameConfigurations DomainNameConfigurationArrayInput @@ -138,7 +138,7 @@ func (o DomainNameOutput) ToDomainNameOutputWithContext(ctx context.Context) Dom return o } -// The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. +// The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (“_“) character are not supported. func (o DomainNameOutput) DomainName() pulumi.StringOutput { return o.ApplyT(func(v *DomainName) pulumi.StringOutput { return v.DomainName }).(pulumi.StringOutput) } diff --git a/sdk/go/aws/apigatewayv2/getDomainName.go b/sdk/go/aws/apigatewayv2/getDomainName.go index 4b78602df9..8cd37e86ab 100644 --- a/sdk/go/aws/apigatewayv2/getDomainName.go +++ b/sdk/go/aws/apigatewayv2/getDomainName.go @@ -25,7 +25,7 @@ func LookupDomainName(ctx *pulumi.Context, args *LookupDomainNameArgs, opts ...p } type LookupDomainNameArgs struct { - // The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + // The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. DomainName string `pulumi:"domainName"` } @@ -62,7 +62,7 @@ func LookupDomainNameOutput(ctx *pulumi.Context, args LookupDomainNameOutputArgs } type LookupDomainNameOutputArgs struct { - // The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + // The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. DomainName pulumi.StringInput `pulumi:"domainName"` } diff --git a/sdk/go/aws/autoscaling/autoScalingGroup.go b/sdk/go/aws/autoscaling/autoScalingGroup.go index bdcc59dafe..22ae37394a 100644 --- a/sdk/go/aws/autoscaling/autoScalingGroup.go +++ b/sdk/go/aws/autoscaling/autoScalingGroup.go @@ -51,7 +51,7 @@ type AutoScalingGroup struct { // Default: ``0`` seconds HealthCheckGracePeriod pulumi.IntPtrOutput `pulumi:"healthCheckGracePeriod"` // A comma-separated value string of one or more health check types. - // The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + // The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. HealthCheckType pulumi.StringPtrOutput `pulumi:"healthCheckType"` // The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -98,7 +98,8 @@ type AutoScalingGroup struct { TargetGroupArns pulumi.StringArrayOutput `pulumi:"targetGroupArns"` // A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. // Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` - TerminationPolicies pulumi.StringArrayOutput `pulumi:"terminationPolicies"` + TerminationPolicies pulumi.StringArrayOutput `pulumi:"terminationPolicies"` + TrafficSources AutoScalingGroupTrafficSourceIdentifierArrayOutput `pulumi:"trafficSources"` // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). // When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). @@ -188,7 +189,7 @@ type autoScalingGroupArgs struct { // Default: ``0`` seconds HealthCheckGracePeriod *int `pulumi:"healthCheckGracePeriod"` // A comma-separated value string of one or more health check types. - // The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + // The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. HealthCheckType *string `pulumi:"healthCheckType"` // The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -235,7 +236,8 @@ type autoScalingGroupArgs struct { TargetGroupArns []string `pulumi:"targetGroupArns"` // A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. // Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` - TerminationPolicies []string `pulumi:"terminationPolicies"` + TerminationPolicies []string `pulumi:"terminationPolicies"` + TrafficSources []AutoScalingGroupTrafficSourceIdentifier `pulumi:"trafficSources"` // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). // When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). @@ -276,7 +278,7 @@ type AutoScalingGroupArgs struct { // Default: ``0`` seconds HealthCheckGracePeriod pulumi.IntPtrInput // A comma-separated value string of one or more health check types. - // The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + // The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. HealthCheckType pulumi.StringPtrInput // The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -324,6 +326,7 @@ type AutoScalingGroupArgs struct { // A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. // Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` TerminationPolicies pulumi.StringArrayInput + TrafficSources AutoScalingGroupTrafficSourceIdentifierArrayInput // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). // When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). @@ -433,7 +436,7 @@ func (o AutoScalingGroupOutput) HealthCheckGracePeriod() pulumi.IntPtrOutput { // A comma-separated value string of one or more health check types. // -// The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. +// The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. func (o AutoScalingGroupOutput) HealthCheckType() pulumi.StringPtrOutput { return o.ApplyT(func(v *AutoScalingGroup) pulumi.StringPtrOutput { return v.HealthCheckType }).(pulumi.StringPtrOutput) @@ -558,6 +561,10 @@ func (o AutoScalingGroupOutput) TerminationPolicies() pulumi.StringArrayOutput { return o.ApplyT(func(v *AutoScalingGroup) pulumi.StringArrayOutput { return v.TerminationPolicies }).(pulumi.StringArrayOutput) } +func (o AutoScalingGroupOutput) TrafficSources() AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return o.ApplyT(func(v *AutoScalingGroup) AutoScalingGroupTrafficSourceIdentifierArrayOutput { return v.TrafficSources }).(AutoScalingGroupTrafficSourceIdentifierArrayOutput) +} + // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). diff --git a/sdk/go/aws/autoscaling/getAutoScalingGroup.go b/sdk/go/aws/autoscaling/getAutoScalingGroup.go index e683782fde..9fa1019aef 100644 --- a/sdk/go/aws/autoscaling/getAutoScalingGroup.go +++ b/sdk/go/aws/autoscaling/getAutoScalingGroup.go @@ -61,7 +61,7 @@ type LookupAutoScalingGroupResult struct { // Default: ``0`` seconds HealthCheckGracePeriod *int `pulumi:"healthCheckGracePeriod"` // A comma-separated value string of one or more health check types. - // The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + // The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. HealthCheckType *string `pulumi:"healthCheckType"` // An instance maintenance policy. For more information, see [Set instance maintenance policy](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-instance-maintenance-policy.html) in the *Amazon EC2 Auto Scaling User Guide*. @@ -105,7 +105,8 @@ type LookupAutoScalingGroupResult struct { TargetGroupArns []string `pulumi:"targetGroupArns"` // A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*. // Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` - TerminationPolicies []string `pulumi:"terminationPolicies"` + TerminationPolicies []string `pulumi:"terminationPolicies"` + TrafficSources []AutoScalingGroupTrafficSourceIdentifier `pulumi:"trafficSources"` // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). // When you update ``VPCZoneIdentifier``, this retains the same Auto Scaling group and replaces old instances with new ones, according to the specified subnets. You can optionally specify how CloudFormation handles these updates by using an [UpdatePolicy attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatepolicy.html). @@ -214,7 +215,7 @@ func (o LookupAutoScalingGroupResultOutput) HealthCheckGracePeriod() pulumi.IntP // A comma-separated value string of one or more health check types. // -// The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. +// The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. // Only specify ``EC2`` if you must clear a value that was previously set. func (o LookupAutoScalingGroupResultOutput) HealthCheckType() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupAutoScalingGroupResult) *string { return v.HealthCheckType }).(pulumi.StringPtrOutput) @@ -334,6 +335,12 @@ func (o LookupAutoScalingGroupResultOutput) TerminationPolicies() pulumi.StringA return o.ApplyT(func(v LookupAutoScalingGroupResult) []string { return v.TerminationPolicies }).(pulumi.StringArrayOutput) } +func (o LookupAutoScalingGroupResultOutput) TrafficSources() AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return o.ApplyT(func(v LookupAutoScalingGroupResult) []AutoScalingGroupTrafficSourceIdentifier { + return v.TrafficSources + }).(AutoScalingGroupTrafficSourceIdentifierArrayOutput) +} + // A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. // // If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). diff --git a/sdk/go/aws/autoscaling/pulumiTypes.go b/sdk/go/aws/autoscaling/pulumiTypes.go index d427dd4934..b336045953 100644 --- a/sdk/go/aws/autoscaling/pulumiTypes.go +++ b/sdk/go/aws/autoscaling/pulumiTypes.go @@ -4208,6 +4208,106 @@ func (o AutoScalingGroupTotalLocalStorageGbRequestPtrOutput) Min() pulumi.Float6 }).(pulumi.Float64PtrOutput) } +type AutoScalingGroupTrafficSourceIdentifier struct { + Identifier string `pulumi:"identifier"` + Type string `pulumi:"type"` +} + +// AutoScalingGroupTrafficSourceIdentifierInput is an input type that accepts AutoScalingGroupTrafficSourceIdentifierArgs and AutoScalingGroupTrafficSourceIdentifierOutput values. +// You can construct a concrete instance of `AutoScalingGroupTrafficSourceIdentifierInput` via: +// +// AutoScalingGroupTrafficSourceIdentifierArgs{...} +type AutoScalingGroupTrafficSourceIdentifierInput interface { + pulumi.Input + + ToAutoScalingGroupTrafficSourceIdentifierOutput() AutoScalingGroupTrafficSourceIdentifierOutput + ToAutoScalingGroupTrafficSourceIdentifierOutputWithContext(context.Context) AutoScalingGroupTrafficSourceIdentifierOutput +} + +type AutoScalingGroupTrafficSourceIdentifierArgs struct { + Identifier pulumi.StringInput `pulumi:"identifier"` + Type pulumi.StringInput `pulumi:"type"` +} + +func (AutoScalingGroupTrafficSourceIdentifierArgs) ElementType() reflect.Type { + return reflect.TypeOf((*AutoScalingGroupTrafficSourceIdentifier)(nil)).Elem() +} + +func (i AutoScalingGroupTrafficSourceIdentifierArgs) ToAutoScalingGroupTrafficSourceIdentifierOutput() AutoScalingGroupTrafficSourceIdentifierOutput { + return i.ToAutoScalingGroupTrafficSourceIdentifierOutputWithContext(context.Background()) +} + +func (i AutoScalingGroupTrafficSourceIdentifierArgs) ToAutoScalingGroupTrafficSourceIdentifierOutputWithContext(ctx context.Context) AutoScalingGroupTrafficSourceIdentifierOutput { + return pulumi.ToOutputWithContext(ctx, i).(AutoScalingGroupTrafficSourceIdentifierOutput) +} + +// AutoScalingGroupTrafficSourceIdentifierArrayInput is an input type that accepts AutoScalingGroupTrafficSourceIdentifierArray and AutoScalingGroupTrafficSourceIdentifierArrayOutput values. +// You can construct a concrete instance of `AutoScalingGroupTrafficSourceIdentifierArrayInput` via: +// +// AutoScalingGroupTrafficSourceIdentifierArray{ AutoScalingGroupTrafficSourceIdentifierArgs{...} } +type AutoScalingGroupTrafficSourceIdentifierArrayInput interface { + pulumi.Input + + ToAutoScalingGroupTrafficSourceIdentifierArrayOutput() AutoScalingGroupTrafficSourceIdentifierArrayOutput + ToAutoScalingGroupTrafficSourceIdentifierArrayOutputWithContext(context.Context) AutoScalingGroupTrafficSourceIdentifierArrayOutput +} + +type AutoScalingGroupTrafficSourceIdentifierArray []AutoScalingGroupTrafficSourceIdentifierInput + +func (AutoScalingGroupTrafficSourceIdentifierArray) ElementType() reflect.Type { + return reflect.TypeOf((*[]AutoScalingGroupTrafficSourceIdentifier)(nil)).Elem() +} + +func (i AutoScalingGroupTrafficSourceIdentifierArray) ToAutoScalingGroupTrafficSourceIdentifierArrayOutput() AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return i.ToAutoScalingGroupTrafficSourceIdentifierArrayOutputWithContext(context.Background()) +} + +func (i AutoScalingGroupTrafficSourceIdentifierArray) ToAutoScalingGroupTrafficSourceIdentifierArrayOutputWithContext(ctx context.Context) AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return pulumi.ToOutputWithContext(ctx, i).(AutoScalingGroupTrafficSourceIdentifierArrayOutput) +} + +type AutoScalingGroupTrafficSourceIdentifierOutput struct{ *pulumi.OutputState } + +func (AutoScalingGroupTrafficSourceIdentifierOutput) ElementType() reflect.Type { + return reflect.TypeOf((*AutoScalingGroupTrafficSourceIdentifier)(nil)).Elem() +} + +func (o AutoScalingGroupTrafficSourceIdentifierOutput) ToAutoScalingGroupTrafficSourceIdentifierOutput() AutoScalingGroupTrafficSourceIdentifierOutput { + return o +} + +func (o AutoScalingGroupTrafficSourceIdentifierOutput) ToAutoScalingGroupTrafficSourceIdentifierOutputWithContext(ctx context.Context) AutoScalingGroupTrafficSourceIdentifierOutput { + return o +} + +func (o AutoScalingGroupTrafficSourceIdentifierOutput) Identifier() pulumi.StringOutput { + return o.ApplyT(func(v AutoScalingGroupTrafficSourceIdentifier) string { return v.Identifier }).(pulumi.StringOutput) +} + +func (o AutoScalingGroupTrafficSourceIdentifierOutput) Type() pulumi.StringOutput { + return o.ApplyT(func(v AutoScalingGroupTrafficSourceIdentifier) string { return v.Type }).(pulumi.StringOutput) +} + +type AutoScalingGroupTrafficSourceIdentifierArrayOutput struct{ *pulumi.OutputState } + +func (AutoScalingGroupTrafficSourceIdentifierArrayOutput) ElementType() reflect.Type { + return reflect.TypeOf((*[]AutoScalingGroupTrafficSourceIdentifier)(nil)).Elem() +} + +func (o AutoScalingGroupTrafficSourceIdentifierArrayOutput) ToAutoScalingGroupTrafficSourceIdentifierArrayOutput() AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return o +} + +func (o AutoScalingGroupTrafficSourceIdentifierArrayOutput) ToAutoScalingGroupTrafficSourceIdentifierArrayOutputWithContext(ctx context.Context) AutoScalingGroupTrafficSourceIdentifierArrayOutput { + return o +} + +func (o AutoScalingGroupTrafficSourceIdentifierArrayOutput) Index(i pulumi.IntInput) AutoScalingGroupTrafficSourceIdentifierOutput { + return pulumi.All(o, i).ApplyT(func(vs []interface{}) AutoScalingGroupTrafficSourceIdentifier { + return vs[0].([]AutoScalingGroupTrafficSourceIdentifier)[vs[1].(int)] + }).(AutoScalingGroupTrafficSourceIdentifierOutput) +} + // “VCpuCountRequest“ is a property of the “InstanceRequirements“ property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type. type AutoScalingGroupVCpuCountRequest struct { // The maximum number of vCPUs. @@ -8324,6 +8424,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupTagPropertyArrayInput)(nil)).Elem(), AutoScalingGroupTagPropertyArray{}) pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupTotalLocalStorageGbRequestInput)(nil)).Elem(), AutoScalingGroupTotalLocalStorageGbRequestArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupTotalLocalStorageGbRequestPtrInput)(nil)).Elem(), AutoScalingGroupTotalLocalStorageGbRequestArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupTrafficSourceIdentifierInput)(nil)).Elem(), AutoScalingGroupTrafficSourceIdentifierArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupTrafficSourceIdentifierArrayInput)(nil)).Elem(), AutoScalingGroupTrafficSourceIdentifierArray{}) pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupVCpuCountRequestInput)(nil)).Elem(), AutoScalingGroupVCpuCountRequestArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*AutoScalingGroupVCpuCountRequestPtrInput)(nil)).Elem(), AutoScalingGroupVCpuCountRequestArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*LaunchConfigurationBlockDeviceInput)(nil)).Elem(), LaunchConfigurationBlockDeviceArgs{}) @@ -8409,6 +8511,8 @@ func init() { pulumi.RegisterOutputType(AutoScalingGroupTagPropertyArrayOutput{}) pulumi.RegisterOutputType(AutoScalingGroupTotalLocalStorageGbRequestOutput{}) pulumi.RegisterOutputType(AutoScalingGroupTotalLocalStorageGbRequestPtrOutput{}) + pulumi.RegisterOutputType(AutoScalingGroupTrafficSourceIdentifierOutput{}) + pulumi.RegisterOutputType(AutoScalingGroupTrafficSourceIdentifierArrayOutput{}) pulumi.RegisterOutputType(AutoScalingGroupVCpuCountRequestOutput{}) pulumi.RegisterOutputType(AutoScalingGroupVCpuCountRequestPtrOutput{}) pulumi.RegisterOutputType(LaunchConfigurationBlockDeviceOutput{}) diff --git a/sdk/go/aws/backup/getLogicallyAirGappedBackupVault.go b/sdk/go/aws/backup/getLogicallyAirGappedBackupVault.go new file mode 100644 index 0000000000..ff0eaa13d5 --- /dev/null +++ b/sdk/go/aws/backup/getLogicallyAirGappedBackupVault.go @@ -0,0 +1,114 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package backup + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault +func LookupLogicallyAirGappedBackupVault(ctx *pulumi.Context, args *LookupLogicallyAirGappedBackupVaultArgs, opts ...pulumi.InvokeOption) (*LookupLogicallyAirGappedBackupVaultResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupLogicallyAirGappedBackupVaultResult + err := ctx.Invoke("aws-native:backup:getLogicallyAirGappedBackupVault", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +type LookupLogicallyAirGappedBackupVaultArgs struct { + BackupVaultName string `pulumi:"backupVaultName"` +} + +type LookupLogicallyAirGappedBackupVaultResult struct { + // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + AccessPolicy interface{} `pulumi:"accessPolicy"` + BackupVaultArn *string `pulumi:"backupVaultArn"` + BackupVaultTags map[string]string `pulumi:"backupVaultTags"` + EncryptionKeyArn *string `pulumi:"encryptionKeyArn"` + Notifications *LogicallyAirGappedBackupVaultNotificationObjectType `pulumi:"notifications"` + VaultState *string `pulumi:"vaultState"` + VaultType *string `pulumi:"vaultType"` +} + +func LookupLogicallyAirGappedBackupVaultOutput(ctx *pulumi.Context, args LookupLogicallyAirGappedBackupVaultOutputArgs, opts ...pulumi.InvokeOption) LookupLogicallyAirGappedBackupVaultResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (LookupLogicallyAirGappedBackupVaultResultOutput, error) { + args := v.(LookupLogicallyAirGappedBackupVaultArgs) + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupLogicallyAirGappedBackupVaultResult + secret, err := ctx.InvokePackageRaw("aws-native:backup:getLogicallyAirGappedBackupVault", args, &rv, "", opts...) + if err != nil { + return LookupLogicallyAirGappedBackupVaultResultOutput{}, err + } + + output := pulumi.ToOutput(rv).(LookupLogicallyAirGappedBackupVaultResultOutput) + if secret { + return pulumi.ToSecret(output).(LookupLogicallyAirGappedBackupVaultResultOutput), nil + } + return output, nil + }).(LookupLogicallyAirGappedBackupVaultResultOutput) +} + +type LookupLogicallyAirGappedBackupVaultOutputArgs struct { + BackupVaultName pulumi.StringInput `pulumi:"backupVaultName"` +} + +func (LookupLogicallyAirGappedBackupVaultOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupLogicallyAirGappedBackupVaultArgs)(nil)).Elem() +} + +type LookupLogicallyAirGappedBackupVaultResultOutput struct{ *pulumi.OutputState } + +func (LookupLogicallyAirGappedBackupVaultResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupLogicallyAirGappedBackupVaultResult)(nil)).Elem() +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) ToLookupLogicallyAirGappedBackupVaultResultOutput() LookupLogicallyAirGappedBackupVaultResultOutput { + return o +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) ToLookupLogicallyAirGappedBackupVaultResultOutputWithContext(ctx context.Context) LookupLogicallyAirGappedBackupVaultResultOutput { + return o +} + +// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. +func (o LookupLogicallyAirGappedBackupVaultResultOutput) AccessPolicy() pulumi.AnyOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) interface{} { return v.AccessPolicy }).(pulumi.AnyOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) BackupVaultArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) *string { return v.BackupVaultArn }).(pulumi.StringPtrOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) BackupVaultTags() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) map[string]string { return v.BackupVaultTags }).(pulumi.StringMapOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) EncryptionKeyArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) *string { return v.EncryptionKeyArn }).(pulumi.StringPtrOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) Notifications() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) *LogicallyAirGappedBackupVaultNotificationObjectType { + return v.Notifications + }).(LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) VaultState() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) *string { return v.VaultState }).(pulumi.StringPtrOutput) +} + +func (o LookupLogicallyAirGappedBackupVaultResultOutput) VaultType() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupLogicallyAirGappedBackupVaultResult) *string { return v.VaultType }).(pulumi.StringPtrOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupLogicallyAirGappedBackupVaultResultOutput{}) +} diff --git a/sdk/go/aws/backup/init.go b/sdk/go/aws/backup/init.go index 2a1a62d2f2..3fed9dabb5 100644 --- a/sdk/go/aws/backup/init.go +++ b/sdk/go/aws/backup/init.go @@ -29,6 +29,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &BackupVault{} case "aws-native:backup:Framework": r = &Framework{} + case "aws-native:backup:LogicallyAirGappedBackupVault": + r = &LogicallyAirGappedBackupVault{} case "aws-native:backup:ReportPlan": r = &ReportPlan{} case "aws-native:backup:RestoreTestingPlan": diff --git a/sdk/go/aws/backup/logicallyAirGappedBackupVault.go b/sdk/go/aws/backup/logicallyAirGappedBackupVault.go new file mode 100644 index 0000000000..630bf2d5c4 --- /dev/null +++ b/sdk/go/aws/backup/logicallyAirGappedBackupVault.go @@ -0,0 +1,191 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package backup + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault +type LogicallyAirGappedBackupVault struct { + pulumi.CustomResourceState + + // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + AccessPolicy pulumi.AnyOutput `pulumi:"accessPolicy"` + BackupVaultArn pulumi.StringOutput `pulumi:"backupVaultArn"` + BackupVaultName pulumi.StringOutput `pulumi:"backupVaultName"` + BackupVaultTags pulumi.StringMapOutput `pulumi:"backupVaultTags"` + EncryptionKeyArn pulumi.StringOutput `pulumi:"encryptionKeyArn"` + MaxRetentionDays pulumi.IntOutput `pulumi:"maxRetentionDays"` + MinRetentionDays pulumi.IntOutput `pulumi:"minRetentionDays"` + Notifications LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput `pulumi:"notifications"` + VaultState pulumi.StringPtrOutput `pulumi:"vaultState"` + VaultType pulumi.StringPtrOutput `pulumi:"vaultType"` +} + +// NewLogicallyAirGappedBackupVault registers a new resource with the given unique name, arguments, and options. +func NewLogicallyAirGappedBackupVault(ctx *pulumi.Context, + name string, args *LogicallyAirGappedBackupVaultArgs, opts ...pulumi.ResourceOption) (*LogicallyAirGappedBackupVault, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.MaxRetentionDays == nil { + return nil, errors.New("invalid value for required argument 'MaxRetentionDays'") + } + if args.MinRetentionDays == nil { + return nil, errors.New("invalid value for required argument 'MinRetentionDays'") + } + replaceOnChanges := pulumi.ReplaceOnChanges([]string{ + "backupVaultName", + "maxRetentionDays", + "minRetentionDays", + }) + opts = append(opts, replaceOnChanges) + opts = internal.PkgResourceDefaultOpts(opts) + var resource LogicallyAirGappedBackupVault + err := ctx.RegisterResource("aws-native:backup:LogicallyAirGappedBackupVault", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetLogicallyAirGappedBackupVault gets an existing LogicallyAirGappedBackupVault resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetLogicallyAirGappedBackupVault(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *LogicallyAirGappedBackupVaultState, opts ...pulumi.ResourceOption) (*LogicallyAirGappedBackupVault, error) { + var resource LogicallyAirGappedBackupVault + err := ctx.ReadResource("aws-native:backup:LogicallyAirGappedBackupVault", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering LogicallyAirGappedBackupVault resources. +type logicallyAirGappedBackupVaultState struct { +} + +type LogicallyAirGappedBackupVaultState struct { +} + +func (LogicallyAirGappedBackupVaultState) ElementType() reflect.Type { + return reflect.TypeOf((*logicallyAirGappedBackupVaultState)(nil)).Elem() +} + +type logicallyAirGappedBackupVaultArgs struct { + // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + AccessPolicy interface{} `pulumi:"accessPolicy"` + BackupVaultName *string `pulumi:"backupVaultName"` + BackupVaultTags map[string]string `pulumi:"backupVaultTags"` + MaxRetentionDays int `pulumi:"maxRetentionDays"` + MinRetentionDays int `pulumi:"minRetentionDays"` + Notifications *LogicallyAirGappedBackupVaultNotificationObjectType `pulumi:"notifications"` + VaultState *string `pulumi:"vaultState"` + VaultType *string `pulumi:"vaultType"` +} + +// The set of arguments for constructing a LogicallyAirGappedBackupVault resource. +type LogicallyAirGappedBackupVaultArgs struct { + // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + AccessPolicy pulumi.Input + BackupVaultName pulumi.StringPtrInput + BackupVaultTags pulumi.StringMapInput + MaxRetentionDays pulumi.IntInput + MinRetentionDays pulumi.IntInput + Notifications LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput + VaultState pulumi.StringPtrInput + VaultType pulumi.StringPtrInput +} + +func (LogicallyAirGappedBackupVaultArgs) ElementType() reflect.Type { + return reflect.TypeOf((*logicallyAirGappedBackupVaultArgs)(nil)).Elem() +} + +type LogicallyAirGappedBackupVaultInput interface { + pulumi.Input + + ToLogicallyAirGappedBackupVaultOutput() LogicallyAirGappedBackupVaultOutput + ToLogicallyAirGappedBackupVaultOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultOutput +} + +func (*LogicallyAirGappedBackupVault) ElementType() reflect.Type { + return reflect.TypeOf((**LogicallyAirGappedBackupVault)(nil)).Elem() +} + +func (i *LogicallyAirGappedBackupVault) ToLogicallyAirGappedBackupVaultOutput() LogicallyAirGappedBackupVaultOutput { + return i.ToLogicallyAirGappedBackupVaultOutputWithContext(context.Background()) +} + +func (i *LogicallyAirGappedBackupVault) ToLogicallyAirGappedBackupVaultOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultOutput { + return pulumi.ToOutputWithContext(ctx, i).(LogicallyAirGappedBackupVaultOutput) +} + +type LogicallyAirGappedBackupVaultOutput struct{ *pulumi.OutputState } + +func (LogicallyAirGappedBackupVaultOutput) ElementType() reflect.Type { + return reflect.TypeOf((**LogicallyAirGappedBackupVault)(nil)).Elem() +} + +func (o LogicallyAirGappedBackupVaultOutput) ToLogicallyAirGappedBackupVaultOutput() LogicallyAirGappedBackupVaultOutput { + return o +} + +func (o LogicallyAirGappedBackupVaultOutput) ToLogicallyAirGappedBackupVaultOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultOutput { + return o +} + +// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. +func (o LogicallyAirGappedBackupVaultOutput) AccessPolicy() pulumi.AnyOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.AnyOutput { return v.AccessPolicy }).(pulumi.AnyOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) BackupVaultArn() pulumi.StringOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringOutput { return v.BackupVaultArn }).(pulumi.StringOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) BackupVaultName() pulumi.StringOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringOutput { return v.BackupVaultName }).(pulumi.StringOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) BackupVaultTags() pulumi.StringMapOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringMapOutput { return v.BackupVaultTags }).(pulumi.StringMapOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) EncryptionKeyArn() pulumi.StringOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringOutput { return v.EncryptionKeyArn }).(pulumi.StringOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) MaxRetentionDays() pulumi.IntOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.IntOutput { return v.MaxRetentionDays }).(pulumi.IntOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) MinRetentionDays() pulumi.IntOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.IntOutput { return v.MinRetentionDays }).(pulumi.IntOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) Notifications() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return v.Notifications + }).(LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) VaultState() pulumi.StringPtrOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringPtrOutput { return v.VaultState }).(pulumi.StringPtrOutput) +} + +func (o LogicallyAirGappedBackupVaultOutput) VaultType() pulumi.StringPtrOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVault) pulumi.StringPtrOutput { return v.VaultType }).(pulumi.StringPtrOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*LogicallyAirGappedBackupVaultInput)(nil)).Elem(), &LogicallyAirGappedBackupVault{}) + pulumi.RegisterOutputType(LogicallyAirGappedBackupVaultOutput{}) +} diff --git a/sdk/go/aws/backup/pulumiTypes.go b/sdk/go/aws/backup/pulumiTypes.go index c5ee48c06a..2497a8a130 100644 --- a/sdk/go/aws/backup/pulumiTypes.go +++ b/sdk/go/aws/backup/pulumiTypes.go @@ -2201,6 +2201,154 @@ func (o FrameworkTagArrayOutput) Index(i pulumi.IntInput) FrameworkTagOutput { }).(FrameworkTagOutput) } +type LogicallyAirGappedBackupVaultNotificationObjectType struct { + BackupVaultEvents []string `pulumi:"backupVaultEvents"` + SnsTopicArn string `pulumi:"snsTopicArn"` +} + +// LogicallyAirGappedBackupVaultNotificationObjectTypeInput is an input type that accepts LogicallyAirGappedBackupVaultNotificationObjectTypeArgs and LogicallyAirGappedBackupVaultNotificationObjectTypeOutput values. +// You can construct a concrete instance of `LogicallyAirGappedBackupVaultNotificationObjectTypeInput` via: +// +// LogicallyAirGappedBackupVaultNotificationObjectTypeArgs{...} +type LogicallyAirGappedBackupVaultNotificationObjectTypeInput interface { + pulumi.Input + + ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutput() LogicallyAirGappedBackupVaultNotificationObjectTypeOutput + ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutputWithContext(context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypeOutput +} + +type LogicallyAirGappedBackupVaultNotificationObjectTypeArgs struct { + BackupVaultEvents pulumi.StringArrayInput `pulumi:"backupVaultEvents"` + SnsTopicArn pulumi.StringInput `pulumi:"snsTopicArn"` +} + +func (LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LogicallyAirGappedBackupVaultNotificationObjectType)(nil)).Elem() +} + +func (i LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutput() LogicallyAirGappedBackupVaultNotificationObjectTypeOutput { + return i.ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutputWithContext(context.Background()) +} + +func (i LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypeOutput { + return pulumi.ToOutputWithContext(ctx, i).(LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) +} + +func (i LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return i.ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(context.Background()) +} + +func (i LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(LogicallyAirGappedBackupVaultNotificationObjectTypeOutput).ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(ctx) +} + +// LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput is an input type that accepts LogicallyAirGappedBackupVaultNotificationObjectTypeArgs, LogicallyAirGappedBackupVaultNotificationObjectTypePtr and LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput values. +// You can construct a concrete instance of `LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput` via: +// +// LogicallyAirGappedBackupVaultNotificationObjectTypeArgs{...} +// +// or: +// +// nil +type LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput interface { + pulumi.Input + + ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput + ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput +} + +type logicallyAirGappedBackupVaultNotificationObjectTypePtrType LogicallyAirGappedBackupVaultNotificationObjectTypeArgs + +func LogicallyAirGappedBackupVaultNotificationObjectTypePtr(v *LogicallyAirGappedBackupVaultNotificationObjectTypeArgs) LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput { + return (*logicallyAirGappedBackupVaultNotificationObjectTypePtrType)(v) +} + +func (*logicallyAirGappedBackupVaultNotificationObjectTypePtrType) ElementType() reflect.Type { + return reflect.TypeOf((**LogicallyAirGappedBackupVaultNotificationObjectType)(nil)).Elem() +} + +func (i *logicallyAirGappedBackupVaultNotificationObjectTypePtrType) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return i.ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(context.Background()) +} + +func (i *logicallyAirGappedBackupVaultNotificationObjectTypePtrType) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) +} + +type LogicallyAirGappedBackupVaultNotificationObjectTypeOutput struct{ *pulumi.OutputState } + +func (LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LogicallyAirGappedBackupVaultNotificationObjectType)(nil)).Elem() +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutput() LogicallyAirGappedBackupVaultNotificationObjectTypeOutput { + return o +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypeOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypeOutput { + return o +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o.ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(context.Background()) +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v LogicallyAirGappedBackupVaultNotificationObjectType) *LogicallyAirGappedBackupVaultNotificationObjectType { + return &v + }).(LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) BackupVaultEvents() pulumi.StringArrayOutput { + return o.ApplyT(func(v LogicallyAirGappedBackupVaultNotificationObjectType) []string { return v.BackupVaultEvents }).(pulumi.StringArrayOutput) +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) SnsTopicArn() pulumi.StringOutput { + return o.ApplyT(func(v LogicallyAirGappedBackupVaultNotificationObjectType) string { return v.SnsTopicArn }).(pulumi.StringOutput) +} + +type LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput struct{ *pulumi.OutputState } + +func (LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**LogicallyAirGappedBackupVaultNotificationObjectType)(nil)).Elem() +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput() LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) ToLogicallyAirGappedBackupVaultNotificationObjectTypePtrOutputWithContext(ctx context.Context) LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput { + return o +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) Elem() LogicallyAirGappedBackupVaultNotificationObjectTypeOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVaultNotificationObjectType) LogicallyAirGappedBackupVaultNotificationObjectType { + if v != nil { + return *v + } + var ret LogicallyAirGappedBackupVaultNotificationObjectType + return ret + }).(LogicallyAirGappedBackupVaultNotificationObjectTypeOutput) +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) BackupVaultEvents() pulumi.StringArrayOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVaultNotificationObjectType) []string { + if v == nil { + return nil + } + return v.BackupVaultEvents + }).(pulumi.StringArrayOutput) +} + +func (o LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput) SnsTopicArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *LogicallyAirGappedBackupVaultNotificationObjectType) *string { + if v == nil { + return nil + } + return &v.SnsTopicArn + }).(pulumi.StringPtrOutput) +} + // A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports. type ReportDeliveryChannelProperties struct { // A list of the format of your reports: CSV, JSON, or both. If not specified, the default format is CSV. @@ -2977,6 +3125,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*FrameworkControlInputParameterArrayInput)(nil)).Elem(), FrameworkControlInputParameterArray{}) pulumi.RegisterInputType(reflect.TypeOf((*FrameworkTagInput)(nil)).Elem(), FrameworkTagArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*FrameworkTagArrayInput)(nil)).Elem(), FrameworkTagArray{}) + pulumi.RegisterInputType(reflect.TypeOf((*LogicallyAirGappedBackupVaultNotificationObjectTypeInput)(nil)).Elem(), LogicallyAirGappedBackupVaultNotificationObjectTypeArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*LogicallyAirGappedBackupVaultNotificationObjectTypePtrInput)(nil)).Elem(), LogicallyAirGappedBackupVaultNotificationObjectTypeArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ReportDeliveryChannelPropertiesInput)(nil)).Elem(), ReportDeliveryChannelPropertiesArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ReportSettingPropertiesInput)(nil)).Elem(), ReportSettingPropertiesArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*RestoreTestingPlanRestoreTestingRecoveryPointSelectionInput)(nil)).Elem(), RestoreTestingPlanRestoreTestingRecoveryPointSelectionArgs{}) @@ -3013,6 +3163,8 @@ func init() { pulumi.RegisterOutputType(FrameworkControlInputParameterArrayOutput{}) pulumi.RegisterOutputType(FrameworkTagOutput{}) pulumi.RegisterOutputType(FrameworkTagArrayOutput{}) + pulumi.RegisterOutputType(LogicallyAirGappedBackupVaultNotificationObjectTypeOutput{}) + pulumi.RegisterOutputType(LogicallyAirGappedBackupVaultNotificationObjectTypePtrOutput{}) pulumi.RegisterOutputType(ReportDeliveryChannelPropertiesOutput{}) pulumi.RegisterOutputType(ReportDeliveryChannelPropertiesPtrOutput{}) pulumi.RegisterOutputType(ReportSettingPropertiesOutput{}) diff --git a/sdk/go/aws/cognito/getUserPoolIdentityProvider.go b/sdk/go/aws/cognito/getUserPoolIdentityProvider.go index f92bf5f6da..1bf1f5b2a4 100644 --- a/sdk/go/aws/cognito/getUserPoolIdentityProvider.go +++ b/sdk/go/aws/cognito/getUserPoolIdentityProvider.go @@ -23,17 +23,15 @@ func LookupUserPoolIdentityProvider(ctx *pulumi.Context, args *LookupUserPoolIde } type LookupUserPoolIdentityProviderArgs struct { - // The resource ID. - Id string `pulumi:"id"` + // The IdP name. + ProviderName string `pulumi:"providerName"` + // The user pool ID. + UserPoolId string `pulumi:"userPoolId"` } type LookupUserPoolIdentityProviderResult struct { // A mapping of IdP attributes to standard and custom user pool attributes. - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - AttributeMapping interface{} `pulumi:"attributeMapping"` - // The resource ID. - Id *string `pulumi:"id"` + AttributeMapping map[string]string `pulumi:"attributeMapping"` // A list of IdP identifiers. IdpIdentifiers []string `pulumi:"idpIdentifiers"` // The scopes, URLs, and identifiers for your external identity provider. The following @@ -65,9 +63,7 @@ type LookupUserPoolIdentityProviderResult struct { // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - ProviderDetails interface{} `pulumi:"providerDetails"` + ProviderDetails map[string]string `pulumi:"providerDetails"` } func LookupUserPoolIdentityProviderOutput(ctx *pulumi.Context, args LookupUserPoolIdentityProviderOutputArgs, opts ...pulumi.InvokeOption) LookupUserPoolIdentityProviderResultOutput { @@ -90,8 +86,10 @@ func LookupUserPoolIdentityProviderOutput(ctx *pulumi.Context, args LookupUserPo } type LookupUserPoolIdentityProviderOutputArgs struct { - // The resource ID. - Id pulumi.StringInput `pulumi:"id"` + // The IdP name. + ProviderName pulumi.StringInput `pulumi:"providerName"` + // The user pool ID. + UserPoolId pulumi.StringInput `pulumi:"userPoolId"` } func (LookupUserPoolIdentityProviderOutputArgs) ElementType() reflect.Type { @@ -113,15 +111,8 @@ func (o LookupUserPoolIdentityProviderResultOutput) ToLookupUserPoolIdentityProv } // A mapping of IdP attributes to standard and custom user pool attributes. -// -// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. -func (o LookupUserPoolIdentityProviderResultOutput) AttributeMapping() pulumi.AnyOutput { - return o.ApplyT(func(v LookupUserPoolIdentityProviderResult) interface{} { return v.AttributeMapping }).(pulumi.AnyOutput) -} - -// The resource ID. -func (o LookupUserPoolIdentityProviderResultOutput) Id() pulumi.StringPtrOutput { - return o.ApplyT(func(v LookupUserPoolIdentityProviderResult) *string { return v.Id }).(pulumi.StringPtrOutput) +func (o LookupUserPoolIdentityProviderResultOutput) AttributeMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupUserPoolIdentityProviderResult) map[string]string { return v.AttributeMapping }).(pulumi.StringMapOutput) } // A list of IdP identifiers. @@ -158,10 +149,8 @@ func (o LookupUserPoolIdentityProviderResultOutput) IdpIdentifiers() pulumi.Stri // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` -// -// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. -func (o LookupUserPoolIdentityProviderResultOutput) ProviderDetails() pulumi.AnyOutput { - return o.ApplyT(func(v LookupUserPoolIdentityProviderResult) interface{} { return v.ProviderDetails }).(pulumi.AnyOutput) +func (o LookupUserPoolIdentityProviderResultOutput) ProviderDetails() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupUserPoolIdentityProviderResult) map[string]string { return v.ProviderDetails }).(pulumi.StringMapOutput) } func init() { diff --git a/sdk/go/aws/cognito/userPoolIdentityProvider.go b/sdk/go/aws/cognito/userPoolIdentityProvider.go index fb9c0e3baf..616d22f13f 100644 --- a/sdk/go/aws/cognito/userPoolIdentityProvider.go +++ b/sdk/go/aws/cognito/userPoolIdentityProvider.go @@ -17,11 +17,7 @@ type UserPoolIdentityProvider struct { pulumi.CustomResourceState // A mapping of IdP attributes to standard and custom user pool attributes. - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - AttributeMapping pulumi.AnyOutput `pulumi:"attributeMapping"` - // The resource ID. - AwsId pulumi.StringOutput `pulumi:"awsId"` + AttributeMapping pulumi.StringMapOutput `pulumi:"attributeMapping"` // A list of IdP identifiers. IdpIdentifiers pulumi.StringArrayOutput `pulumi:"idpIdentifiers"` // The scopes, URLs, and identifiers for your external identity provider. The following @@ -53,9 +49,7 @@ type UserPoolIdentityProvider struct { // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - ProviderDetails pulumi.AnyOutput `pulumi:"providerDetails"` + ProviderDetails pulumi.StringMapOutput `pulumi:"providerDetails"` // The IdP name. ProviderName pulumi.StringOutput `pulumi:"providerName"` // The IdP type. @@ -71,6 +65,9 @@ func NewUserPoolIdentityProvider(ctx *pulumi.Context, return nil, errors.New("missing one or more required arguments") } + if args.ProviderDetails == nil { + return nil, errors.New("invalid value for required argument 'ProviderDetails'") + } if args.ProviderType == nil { return nil, errors.New("invalid value for required argument 'ProviderType'") } @@ -117,9 +114,7 @@ func (UserPoolIdentityProviderState) ElementType() reflect.Type { type userPoolIdentityProviderArgs struct { // A mapping of IdP attributes to standard and custom user pool attributes. - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - AttributeMapping interface{} `pulumi:"attributeMapping"` + AttributeMapping map[string]string `pulumi:"attributeMapping"` // A list of IdP identifiers. IdpIdentifiers []string `pulumi:"idpIdentifiers"` // The scopes, URLs, and identifiers for your external identity provider. The following @@ -151,9 +146,7 @@ type userPoolIdentityProviderArgs struct { // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - ProviderDetails interface{} `pulumi:"providerDetails"` + ProviderDetails map[string]string `pulumi:"providerDetails"` // The IdP name. ProviderName *string `pulumi:"providerName"` // The IdP type. @@ -165,9 +158,7 @@ type userPoolIdentityProviderArgs struct { // The set of arguments for constructing a UserPoolIdentityProvider resource. type UserPoolIdentityProviderArgs struct { // A mapping of IdP attributes to standard and custom user pool attributes. - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - AttributeMapping pulumi.Input + AttributeMapping pulumi.StringMapInput // A list of IdP identifiers. IdpIdentifiers pulumi.StringArrayInput // The scopes, URLs, and identifiers for your external identity provider. The following @@ -199,9 +190,7 @@ type UserPoolIdentityProviderArgs struct { // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - // - // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - ProviderDetails pulumi.Input + ProviderDetails pulumi.StringMapInput // The IdP name. ProviderName pulumi.StringPtrInput // The IdP type. @@ -248,15 +237,8 @@ func (o UserPoolIdentityProviderOutput) ToUserPoolIdentityProviderOutputWithCont } // A mapping of IdP attributes to standard and custom user pool attributes. -// -// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. -func (o UserPoolIdentityProviderOutput) AttributeMapping() pulumi.AnyOutput { - return o.ApplyT(func(v *UserPoolIdentityProvider) pulumi.AnyOutput { return v.AttributeMapping }).(pulumi.AnyOutput) -} - -// The resource ID. -func (o UserPoolIdentityProviderOutput) AwsId() pulumi.StringOutput { - return o.ApplyT(func(v *UserPoolIdentityProvider) pulumi.StringOutput { return v.AwsId }).(pulumi.StringOutput) +func (o UserPoolIdentityProviderOutput) AttributeMapping() pulumi.StringMapOutput { + return o.ApplyT(func(v *UserPoolIdentityProvider) pulumi.StringMapOutput { return v.AttributeMapping }).(pulumi.StringMapOutput) } // A list of IdP identifiers. @@ -293,10 +275,8 @@ func (o UserPoolIdentityProviderOutput) IdpIdentifiers() pulumi.StringArrayOutpu // - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` // // Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` -// -// Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. -func (o UserPoolIdentityProviderOutput) ProviderDetails() pulumi.AnyOutput { - return o.ApplyT(func(v *UserPoolIdentityProvider) pulumi.AnyOutput { return v.ProviderDetails }).(pulumi.AnyOutput) +func (o UserPoolIdentityProviderOutput) ProviderDetails() pulumi.StringMapOutput { + return o.ApplyT(func(v *UserPoolIdentityProvider) pulumi.StringMapOutput { return v.ProviderDetails }).(pulumi.StringMapOutput) } // The IdP name. diff --git a/sdk/go/aws/ec2/capacityReservation.go b/sdk/go/aws/ec2/capacityReservation.go index 54a3c43101..3b36636f59 100644 --- a/sdk/go/aws/ec2/capacityReservation.go +++ b/sdk/go/aws/ec2/capacityReservation.go @@ -64,7 +64,8 @@ type CapacityReservation struct { // - `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account . Tenancy pulumi.StringPtrOutput `pulumi:"tenancy"` // Returns the total number of instances for which the Capacity Reservation reserves capacity. For example: `15` . - TotalInstanceCount pulumi.IntOutput `pulumi:"totalInstanceCount"` + TotalInstanceCount pulumi.IntOutput `pulumi:"totalInstanceCount"` + UnusedReservationBillingOwnerId pulumi.StringPtrOutput `pulumi:"unusedReservationBillingOwnerId"` } // NewCapacityReservation registers a new resource with the given unique name, arguments, and options. @@ -173,7 +174,8 @@ type capacityReservationArgs struct { // // - `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts . // - `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account . - Tenancy *string `pulumi:"tenancy"` + Tenancy *string `pulumi:"tenancy"` + UnusedReservationBillingOwnerId *string `pulumi:"unusedReservationBillingOwnerId"` } // The set of arguments for constructing a CapacityReservation resource. @@ -220,7 +222,8 @@ type CapacityReservationArgs struct { // // - `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts . // - `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account . - Tenancy pulumi.StringPtrInput + Tenancy pulumi.StringPtrInput + UnusedReservationBillingOwnerId pulumi.StringPtrInput } func (CapacityReservationArgs) ElementType() reflect.Type { @@ -359,6 +362,10 @@ func (o CapacityReservationOutput) TotalInstanceCount() pulumi.IntOutput { return o.ApplyT(func(v *CapacityReservation) pulumi.IntOutput { return v.TotalInstanceCount }).(pulumi.IntOutput) } +func (o CapacityReservationOutput) UnusedReservationBillingOwnerId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *CapacityReservation) pulumi.StringPtrOutput { return v.UnusedReservationBillingOwnerId }).(pulumi.StringPtrOutput) +} + func init() { pulumi.RegisterInputType(reflect.TypeOf((*CapacityReservationInput)(nil)).Elem(), &CapacityReservation{}) pulumi.RegisterOutputType(CapacityReservationOutput{}) diff --git a/sdk/go/aws/ec2/getVpcEndpoint.go b/sdk/go/aws/ec2/getVpcEndpoint.go index d4942f2295..b10ea89538 100644 --- a/sdk/go/aws/ec2/getVpcEndpoint.go +++ b/sdk/go/aws/ec2/getVpcEndpoint.go @@ -49,7 +49,8 @@ type LookupVpcEndpointResult struct { // (Interface endpoints) The network interface IDs. If you update the `PrivateDnsEnabled` or `SubnetIds` properties, the items in this list might change. NetworkInterfaceIds []string `pulumi:"networkInterfaceIds"` // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + // ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. PolicyDocument interface{} `pulumi:"policyDocument"` @@ -136,7 +137,8 @@ func (o LookupVpcEndpointResultOutput) NetworkInterfaceIds() pulumi.StringArrayO // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. // -// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. +// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: +// ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. func (o LookupVpcEndpointResultOutput) PolicyDocument() pulumi.AnyOutput { diff --git a/sdk/go/aws/ec2/vpcEndpoint.go b/sdk/go/aws/ec2/vpcEndpoint.go index c92f2b2d02..50db0b50d5 100644 --- a/sdk/go/aws/ec2/vpcEndpoint.go +++ b/sdk/go/aws/ec2/vpcEndpoint.go @@ -37,7 +37,8 @@ type VpcEndpoint struct { // (Interface endpoints) The network interface IDs. If you update the `PrivateDnsEnabled` or `SubnetIds` properties, the items in this list might change. NetworkInterfaceIds pulumi.StringArrayOutput `pulumi:"networkInterfaceIds"` // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + // ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. PolicyDocument pulumi.AnyOutput `pulumi:"policyDocument"` @@ -114,7 +115,8 @@ func (VpcEndpointState) ElementType() reflect.Type { type vpcEndpointArgs struct { // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + // ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. PolicyDocument interface{} `pulumi:"policyDocument"` @@ -141,7 +143,8 @@ type vpcEndpointArgs struct { // The set of arguments for constructing a VpcEndpoint resource. type VpcEndpointArgs struct { // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + // For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + // ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. PolicyDocument pulumi.Input @@ -230,7 +233,8 @@ func (o VpcEndpointOutput) NetworkInterfaceIds() pulumi.StringArrayOutput { // An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. // -// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. +// For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: +// ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` // // Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. func (o VpcEndpointOutput) PolicyDocument() pulumi.AnyOutput { diff --git a/sdk/go/aws/ecs/capacityProvider.go b/sdk/go/aws/ecs/capacityProvider.go index 456012d21e..18529a2d0b 100644 --- a/sdk/go/aws/ecs/capacityProvider.go +++ b/sdk/go/aws/ecs/capacityProvider.go @@ -7,7 +7,6 @@ import ( "context" "reflect" - "errors" "github.com/pulumi/pulumi-aws-native/sdk/go/aws" "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" "github.com/pulumi/pulumi/sdk/v3/go/pulumi" @@ -248,7 +247,7 @@ type CapacityProvider struct { pulumi.CustomResourceState // The Auto Scaling group settings for the capacity provider. - AutoScalingGroupProvider CapacityProviderAutoScalingGroupProviderOutput `pulumi:"autoScalingGroupProvider"` + AutoScalingGroupProvider CapacityProviderAutoScalingGroupProviderPtrOutput `pulumi:"autoScalingGroupProvider"` // The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. Name pulumi.StringPtrOutput `pulumi:"name"` // The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both. @@ -269,12 +268,9 @@ type CapacityProvider struct { func NewCapacityProvider(ctx *pulumi.Context, name string, args *CapacityProviderArgs, opts ...pulumi.ResourceOption) (*CapacityProvider, error) { if args == nil { - return nil, errors.New("missing one or more required arguments") + args = &CapacityProviderArgs{} } - if args.AutoScalingGroupProvider == nil { - return nil, errors.New("invalid value for required argument 'AutoScalingGroupProvider'") - } replaceOnChanges := pulumi.ReplaceOnChanges([]string{ "autoScalingGroupProvider.autoScalingGroupArn", "name", @@ -314,7 +310,7 @@ func (CapacityProviderState) ElementType() reflect.Type { type capacityProviderArgs struct { // The Auto Scaling group settings for the capacity provider. - AutoScalingGroupProvider CapacityProviderAutoScalingGroupProvider `pulumi:"autoScalingGroupProvider"` + AutoScalingGroupProvider *CapacityProviderAutoScalingGroupProvider `pulumi:"autoScalingGroupProvider"` // The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. Name *string `pulumi:"name"` // The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both. @@ -334,7 +330,7 @@ type capacityProviderArgs struct { // The set of arguments for constructing a CapacityProvider resource. type CapacityProviderArgs struct { // The Auto Scaling group settings for the capacity provider. - AutoScalingGroupProvider CapacityProviderAutoScalingGroupProviderInput + AutoScalingGroupProvider CapacityProviderAutoScalingGroupProviderPtrInput // The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. Name pulumi.StringPtrInput // The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both. @@ -389,10 +385,10 @@ func (o CapacityProviderOutput) ToCapacityProviderOutputWithContext(ctx context. } // The Auto Scaling group settings for the capacity provider. -func (o CapacityProviderOutput) AutoScalingGroupProvider() CapacityProviderAutoScalingGroupProviderOutput { - return o.ApplyT(func(v *CapacityProvider) CapacityProviderAutoScalingGroupProviderOutput { +func (o CapacityProviderOutput) AutoScalingGroupProvider() CapacityProviderAutoScalingGroupProviderPtrOutput { + return o.ApplyT(func(v *CapacityProvider) CapacityProviderAutoScalingGroupProviderPtrOutput { return v.AutoScalingGroupProvider - }).(CapacityProviderAutoScalingGroupProviderOutput) + }).(CapacityProviderAutoScalingGroupProviderPtrOutput) } // The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. diff --git a/sdk/go/aws/ecs/pulumiTypes.go b/sdk/go/aws/ecs/pulumiTypes.go index 44b975a672..e424597752 100644 --- a/sdk/go/aws/ecs/pulumiTypes.go +++ b/sdk/go/aws/ecs/pulumiTypes.go @@ -70,6 +70,47 @@ func (i CapacityProviderAutoScalingGroupProviderArgs) ToCapacityProviderAutoScal return pulumi.ToOutputWithContext(ctx, i).(CapacityProviderAutoScalingGroupProviderOutput) } +func (i CapacityProviderAutoScalingGroupProviderArgs) ToCapacityProviderAutoScalingGroupProviderPtrOutput() CapacityProviderAutoScalingGroupProviderPtrOutput { + return i.ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(context.Background()) +} + +func (i CapacityProviderAutoScalingGroupProviderArgs) ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(ctx context.Context) CapacityProviderAutoScalingGroupProviderPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CapacityProviderAutoScalingGroupProviderOutput).ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(ctx) +} + +// CapacityProviderAutoScalingGroupProviderPtrInput is an input type that accepts CapacityProviderAutoScalingGroupProviderArgs, CapacityProviderAutoScalingGroupProviderPtr and CapacityProviderAutoScalingGroupProviderPtrOutput values. +// You can construct a concrete instance of `CapacityProviderAutoScalingGroupProviderPtrInput` via: +// +// CapacityProviderAutoScalingGroupProviderArgs{...} +// +// or: +// +// nil +type CapacityProviderAutoScalingGroupProviderPtrInput interface { + pulumi.Input + + ToCapacityProviderAutoScalingGroupProviderPtrOutput() CapacityProviderAutoScalingGroupProviderPtrOutput + ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(context.Context) CapacityProviderAutoScalingGroupProviderPtrOutput +} + +type capacityProviderAutoScalingGroupProviderPtrType CapacityProviderAutoScalingGroupProviderArgs + +func CapacityProviderAutoScalingGroupProviderPtr(v *CapacityProviderAutoScalingGroupProviderArgs) CapacityProviderAutoScalingGroupProviderPtrInput { + return (*capacityProviderAutoScalingGroupProviderPtrType)(v) +} + +func (*capacityProviderAutoScalingGroupProviderPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**CapacityProviderAutoScalingGroupProvider)(nil)).Elem() +} + +func (i *capacityProviderAutoScalingGroupProviderPtrType) ToCapacityProviderAutoScalingGroupProviderPtrOutput() CapacityProviderAutoScalingGroupProviderPtrOutput { + return i.ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(context.Background()) +} + +func (i *capacityProviderAutoScalingGroupProviderPtrType) ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(ctx context.Context) CapacityProviderAutoScalingGroupProviderPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(CapacityProviderAutoScalingGroupProviderPtrOutput) +} + type CapacityProviderAutoScalingGroupProviderOutput struct{ *pulumi.OutputState } func (CapacityProviderAutoScalingGroupProviderOutput) ElementType() reflect.Type { @@ -84,6 +125,16 @@ func (o CapacityProviderAutoScalingGroupProviderOutput) ToCapacityProviderAutoSc return o } +func (o CapacityProviderAutoScalingGroupProviderOutput) ToCapacityProviderAutoScalingGroupProviderPtrOutput() CapacityProviderAutoScalingGroupProviderPtrOutput { + return o.ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(context.Background()) +} + +func (o CapacityProviderAutoScalingGroupProviderOutput) ToCapacityProviderAutoScalingGroupProviderPtrOutputWithContext(ctx context.Context) CapacityProviderAutoScalingGroupProviderPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v CapacityProviderAutoScalingGroupProvider) *CapacityProviderAutoScalingGroupProvider { + return &v + }).(CapacityProviderAutoScalingGroupProviderPtrOutput) +} + // The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name. func (o CapacityProviderAutoScalingGroupProviderOutput) AutoScalingGroupArn() pulumi.StringOutput { return o.ApplyT(func(v CapacityProviderAutoScalingGroupProvider) string { return v.AutoScalingGroupArn }).(pulumi.StringOutput) @@ -3958,7 +4009,16 @@ type ServiceLogConfiguration struct { // For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html). // If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. LogDriver *string `pulumi:"logDriver"` - // The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + // The configuration options to send to the log driver. + // The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + // + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + // To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + // When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + // Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + // When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + // When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + // When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + // This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` Options map[string]string `pulumi:"options"` // The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. SecretOptions []ServiceSecret `pulumi:"secretOptions"` @@ -3993,7 +4053,16 @@ type ServiceLogConfigurationArgs struct { // For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html). // If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. LogDriver pulumi.StringPtrInput `pulumi:"logDriver"` - // The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + // The configuration options to send to the log driver. + // The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + // + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + // To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + // When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + // Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + // When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + // When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + // When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + // This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` Options pulumi.StringMapInput `pulumi:"options"` // The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. SecretOptions ServiceSecretArrayInput `pulumi:"secretOptions"` @@ -4097,7 +4166,17 @@ func (o ServiceLogConfigurationOutput) LogDriver() pulumi.StringPtrOutput { return o.ApplyT(func(v ServiceLogConfiguration) *string { return v.LogDriver }).(pulumi.StringPtrOutput) } -// The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: “sudo docker version --format '{{.Server.APIVersion}}'“ +// The configuration options to send to the log driver. +// +// The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: +// + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. +// To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. +// When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. +// Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. +// When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. +// When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. +// When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. +// This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` func (o ServiceLogConfigurationOutput) Options() pulumi.StringMapOutput { return o.ApplyT(func(v ServiceLogConfiguration) map[string]string { return v.Options }).(pulumi.StringMapOutput) } @@ -4147,7 +4226,17 @@ func (o ServiceLogConfigurationPtrOutput) LogDriver() pulumi.StringPtrOutput { }).(pulumi.StringPtrOutput) } -// The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: “sudo docker version --format '{{.Server.APIVersion}}'“ +// The configuration options to send to the log driver. +// +// The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: +// + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. +// To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. +// When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. +// Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. +// When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. +// When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. +// When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. +// This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` func (o ServiceLogConfigurationPtrOutput) Options() pulumi.StringMapOutput { return o.ApplyT(func(v *ServiceLogConfiguration) map[string]string { if v == nil { @@ -12504,6 +12593,7 @@ type TaskSetTag struct { func init() { pulumi.RegisterInputType(reflect.TypeOf((*CapacityProviderAutoScalingGroupProviderInput)(nil)).Elem(), CapacityProviderAutoScalingGroupProviderArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*CapacityProviderAutoScalingGroupProviderPtrInput)(nil)).Elem(), CapacityProviderAutoScalingGroupProviderArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CapacityProviderManagedScalingInput)(nil)).Elem(), CapacityProviderManagedScalingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*CapacityProviderManagedScalingPtrInput)(nil)).Elem(), CapacityProviderManagedScalingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*ClusterCapacityProviderAssociationsCapacityProviderStrategyInput)(nil)).Elem(), ClusterCapacityProviderAssociationsCapacityProviderStrategyArgs{}) diff --git a/sdk/go/aws/elasticache/getServerlessCache.go b/sdk/go/aws/elasticache/getServerlessCache.go index 18e3bc65a5..569c21d48f 100644 --- a/sdk/go/aws/elasticache/getServerlessCache.go +++ b/sdk/go/aws/elasticache/getServerlessCache.go @@ -41,8 +41,12 @@ type LookupServerlessCacheResult struct { Description *string `pulumi:"description"` // Represents the information required for client programs to connect to a cache node. This value is read-only. Endpoint *ServerlessCacheEndpoint `pulumi:"endpoint"` + // The engine name of the Serverless Cache. + Engine *string `pulumi:"engine"` // The full engine version of the Serverless Cache. FullEngineVersion *string `pulumi:"fullEngineVersion"` + // The major engine version of the Serverless Cache. + MajorEngineVersion *string `pulumi:"majorEngineVersion"` // Represents the information required for client programs to connect to a cache node. This value is read-only. ReaderEndpoint *ServerlessCacheEndpoint `pulumi:"readerEndpoint"` // One or more Amazon VPC security groups associated with this Serverless Cache. @@ -129,11 +133,21 @@ func (o LookupServerlessCacheResultOutput) Endpoint() ServerlessCacheEndpointPtr return o.ApplyT(func(v LookupServerlessCacheResult) *ServerlessCacheEndpoint { return v.Endpoint }).(ServerlessCacheEndpointPtrOutput) } +// The engine name of the Serverless Cache. +func (o LookupServerlessCacheResultOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupServerlessCacheResult) *string { return v.Engine }).(pulumi.StringPtrOutput) +} + // The full engine version of the Serverless Cache. func (o LookupServerlessCacheResultOutput) FullEngineVersion() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupServerlessCacheResult) *string { return v.FullEngineVersion }).(pulumi.StringPtrOutput) } +// The major engine version of the Serverless Cache. +func (o LookupServerlessCacheResultOutput) MajorEngineVersion() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupServerlessCacheResult) *string { return v.MajorEngineVersion }).(pulumi.StringPtrOutput) +} + // Represents the information required for client programs to connect to a cache node. This value is read-only. func (o LookupServerlessCacheResultOutput) ReaderEndpoint() ServerlessCacheEndpointPtrOutput { return o.ApplyT(func(v LookupServerlessCacheResult) *ServerlessCacheEndpoint { return v.ReaderEndpoint }).(ServerlessCacheEndpointPtrOutput) diff --git a/sdk/go/aws/elasticache/serverlessCache.go b/sdk/go/aws/elasticache/serverlessCache.go index a37fc34eb8..55ccb243be 100644 --- a/sdk/go/aws/elasticache/serverlessCache.go +++ b/sdk/go/aws/elasticache/serverlessCache.go @@ -70,9 +70,7 @@ func NewServerlessCache(ctx *pulumi.Context, return nil, errors.New("invalid value for required argument 'Engine'") } replaceOnChanges := pulumi.ReplaceOnChanges([]string{ - "engine", "kmsKeyId", - "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]", diff --git a/sdk/go/aws/imagebuilder/getInfrastructureConfiguration.go b/sdk/go/aws/imagebuilder/getInfrastructureConfiguration.go index 11c947f2a0..1ea9fbff7d 100644 --- a/sdk/go/aws/imagebuilder/getInfrastructureConfiguration.go +++ b/sdk/go/aws/imagebuilder/getInfrastructureConfiguration.go @@ -42,6 +42,8 @@ type LookupInfrastructureConfigurationResult struct { KeyPair *string `pulumi:"keyPair"` // The logging configuration of the infrastructure configuration. Logging *InfrastructureConfigurationLogging `pulumi:"logging"` + // The placement option settings for the infrastructure configuration. + Placement *InfrastructureConfigurationPlacement `pulumi:"placement"` // The tags attached to the resource created by Image Builder. ResourceTags map[string]string `pulumi:"resourceTags"` // The security group IDs of the infrastructure configuration. @@ -135,6 +137,13 @@ func (o LookupInfrastructureConfigurationResultOutput) Logging() InfrastructureC return o.ApplyT(func(v LookupInfrastructureConfigurationResult) *InfrastructureConfigurationLogging { return v.Logging }).(InfrastructureConfigurationLoggingPtrOutput) } +// The placement option settings for the infrastructure configuration. +func (o LookupInfrastructureConfigurationResultOutput) Placement() InfrastructureConfigurationPlacementPtrOutput { + return o.ApplyT(func(v LookupInfrastructureConfigurationResult) *InfrastructureConfigurationPlacement { + return v.Placement + }).(InfrastructureConfigurationPlacementPtrOutput) +} + // The tags attached to the resource created by Image Builder. func (o LookupInfrastructureConfigurationResultOutput) ResourceTags() pulumi.StringMapOutput { return o.ApplyT(func(v LookupInfrastructureConfigurationResult) map[string]string { return v.ResourceTags }).(pulumi.StringMapOutput) diff --git a/sdk/go/aws/imagebuilder/infrastructureConfiguration.go b/sdk/go/aws/imagebuilder/infrastructureConfiguration.go index 9a11f5cf3b..c643167531 100644 --- a/sdk/go/aws/imagebuilder/infrastructureConfiguration.go +++ b/sdk/go/aws/imagebuilder/infrastructureConfiguration.go @@ -32,6 +32,8 @@ type InfrastructureConfiguration struct { Logging InfrastructureConfigurationLoggingPtrOutput `pulumi:"logging"` // The name of the infrastructure configuration. Name pulumi.StringOutput `pulumi:"name"` + // The placement option settings for the infrastructure configuration. + Placement InfrastructureConfigurationPlacementPtrOutput `pulumi:"placement"` // The tags attached to the resource created by Image Builder. ResourceTags pulumi.StringMapOutput `pulumi:"resourceTags"` // The security group IDs of the infrastructure configuration. @@ -107,6 +109,8 @@ type infrastructureConfigurationArgs struct { Logging *InfrastructureConfigurationLogging `pulumi:"logging"` // The name of the infrastructure configuration. Name *string `pulumi:"name"` + // The placement option settings for the infrastructure configuration. + Placement *InfrastructureConfigurationPlacement `pulumi:"placement"` // The tags attached to the resource created by Image Builder. ResourceTags map[string]string `pulumi:"resourceTags"` // The security group IDs of the infrastructure configuration. @@ -137,6 +141,8 @@ type InfrastructureConfigurationArgs struct { Logging InfrastructureConfigurationLoggingPtrInput // The name of the infrastructure configuration. Name pulumi.StringPtrInput + // The placement option settings for the infrastructure configuration. + Placement InfrastructureConfigurationPlacementPtrInput // The tags attached to the resource created by Image Builder. ResourceTags pulumi.StringMapInput // The security group IDs of the infrastructure configuration. @@ -230,6 +236,11 @@ func (o InfrastructureConfigurationOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *InfrastructureConfiguration) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } +// The placement option settings for the infrastructure configuration. +func (o InfrastructureConfigurationOutput) Placement() InfrastructureConfigurationPlacementPtrOutput { + return o.ApplyT(func(v *InfrastructureConfiguration) InfrastructureConfigurationPlacementPtrOutput { return v.Placement }).(InfrastructureConfigurationPlacementPtrOutput) +} + // The tags attached to the resource created by Image Builder. func (o InfrastructureConfigurationOutput) ResourceTags() pulumi.StringMapOutput { return o.ApplyT(func(v *InfrastructureConfiguration) pulumi.StringMapOutput { return v.ResourceTags }).(pulumi.StringMapOutput) diff --git a/sdk/go/aws/imagebuilder/pulumiEnums.go b/sdk/go/aws/imagebuilder/pulumiEnums.go index 63e313169b..dd6f91108d 100644 --- a/sdk/go/aws/imagebuilder/pulumiEnums.go +++ b/sdk/go/aws/imagebuilder/pulumiEnums.go @@ -16,6 +16,7 @@ type ComponentPlatform string const ( ComponentPlatformWindows = ComponentPlatform("Windows") ComponentPlatformLinux = ComponentPlatform("Linux") + ComponentPlatformMacOs = ComponentPlatform("macOS") ) func (ComponentPlatform) ElementType() reflect.Type { @@ -142,6 +143,7 @@ func (o ComponentPlatformPtrOutput) ToStringPtrOutputWithContext(ctx context.Con // // ComponentPlatformWindows // ComponentPlatformLinux +// ComponentPlatformMacOs type ComponentPlatformInput interface { pulumi.Input @@ -2107,6 +2109,174 @@ func (in *infrastructureConfigurationInstanceMetadataOptionsHttpTokensPtr) ToInf return pulumi.ToOutputWithContext(ctx, in).(InfrastructureConfigurationInstanceMetadataOptionsHttpTokensPtrOutput) } +// Tenancy +type InfrastructureConfigurationPlacementTenancy string + +const ( + InfrastructureConfigurationPlacementTenancyDefault = InfrastructureConfigurationPlacementTenancy("default") + InfrastructureConfigurationPlacementTenancyDedicated = InfrastructureConfigurationPlacementTenancy("dedicated") + InfrastructureConfigurationPlacementTenancyHost = InfrastructureConfigurationPlacementTenancy("host") +) + +func (InfrastructureConfigurationPlacementTenancy) ElementType() reflect.Type { + return reflect.TypeOf((*InfrastructureConfigurationPlacementTenancy)(nil)).Elem() +} + +func (e InfrastructureConfigurationPlacementTenancy) ToInfrastructureConfigurationPlacementTenancyOutput() InfrastructureConfigurationPlacementTenancyOutput { + return pulumi.ToOutput(e).(InfrastructureConfigurationPlacementTenancyOutput) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToInfrastructureConfigurationPlacementTenancyOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyOutput { + return pulumi.ToOutputWithContext(ctx, e).(InfrastructureConfigurationPlacementTenancyOutput) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToInfrastructureConfigurationPlacementTenancyPtrOutput() InfrastructureConfigurationPlacementTenancyPtrOutput { + return e.ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(context.Background()) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyPtrOutput { + return InfrastructureConfigurationPlacementTenancy(e).ToInfrastructureConfigurationPlacementTenancyOutputWithContext(ctx).ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(ctx) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToStringOutput() pulumi.StringOutput { + return pulumi.ToOutput(pulumi.String(e)).(pulumi.StringOutput) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return pulumi.ToOutputWithContext(ctx, pulumi.String(e)).(pulumi.StringOutput) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToStringPtrOutput() pulumi.StringPtrOutput { + return pulumi.String(e).ToStringPtrOutputWithContext(context.Background()) +} + +func (e InfrastructureConfigurationPlacementTenancy) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return pulumi.String(e).ToStringOutputWithContext(ctx).ToStringPtrOutputWithContext(ctx) +} + +type InfrastructureConfigurationPlacementTenancyOutput struct{ *pulumi.OutputState } + +func (InfrastructureConfigurationPlacementTenancyOutput) ElementType() reflect.Type { + return reflect.TypeOf((*InfrastructureConfigurationPlacementTenancy)(nil)).Elem() +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToInfrastructureConfigurationPlacementTenancyOutput() InfrastructureConfigurationPlacementTenancyOutput { + return o +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToInfrastructureConfigurationPlacementTenancyOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyOutput { + return o +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToInfrastructureConfigurationPlacementTenancyPtrOutput() InfrastructureConfigurationPlacementTenancyPtrOutput { + return o.ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(context.Background()) +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v InfrastructureConfigurationPlacementTenancy) *InfrastructureConfigurationPlacementTenancy { + return &v + }).(InfrastructureConfigurationPlacementTenancyPtrOutput) +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToStringOutput() pulumi.StringOutput { + return o.ToStringOutputWithContext(context.Background()) +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e InfrastructureConfigurationPlacementTenancy) string { + return string(e) + }).(pulumi.StringOutput) +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o InfrastructureConfigurationPlacementTenancyOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e InfrastructureConfigurationPlacementTenancy) *string { + v := string(e) + return &v + }).(pulumi.StringPtrOutput) +} + +type InfrastructureConfigurationPlacementTenancyPtrOutput struct{ *pulumi.OutputState } + +func (InfrastructureConfigurationPlacementTenancyPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**InfrastructureConfigurationPlacementTenancy)(nil)).Elem() +} + +func (o InfrastructureConfigurationPlacementTenancyPtrOutput) ToInfrastructureConfigurationPlacementTenancyPtrOutput() InfrastructureConfigurationPlacementTenancyPtrOutput { + return o +} + +func (o InfrastructureConfigurationPlacementTenancyPtrOutput) ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyPtrOutput { + return o +} + +func (o InfrastructureConfigurationPlacementTenancyPtrOutput) Elem() InfrastructureConfigurationPlacementTenancyOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacementTenancy) InfrastructureConfigurationPlacementTenancy { + if v != nil { + return *v + } + var ret InfrastructureConfigurationPlacementTenancy + return ret + }).(InfrastructureConfigurationPlacementTenancyOutput) +} + +func (o InfrastructureConfigurationPlacementTenancyPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput { + return o.ToStringPtrOutputWithContext(context.Background()) +} + +func (o InfrastructureConfigurationPlacementTenancyPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, e *InfrastructureConfigurationPlacementTenancy) *string { + if e == nil { + return nil + } + v := string(*e) + return &v + }).(pulumi.StringPtrOutput) +} + +// InfrastructureConfigurationPlacementTenancyInput is an input type that accepts values of the InfrastructureConfigurationPlacementTenancy enum +// A concrete instance of `InfrastructureConfigurationPlacementTenancyInput` can be one of the following: +// +// InfrastructureConfigurationPlacementTenancyDefault +// InfrastructureConfigurationPlacementTenancyDedicated +// InfrastructureConfigurationPlacementTenancyHost +type InfrastructureConfigurationPlacementTenancyInput interface { + pulumi.Input + + ToInfrastructureConfigurationPlacementTenancyOutput() InfrastructureConfigurationPlacementTenancyOutput + ToInfrastructureConfigurationPlacementTenancyOutputWithContext(context.Context) InfrastructureConfigurationPlacementTenancyOutput +} + +var infrastructureConfigurationPlacementTenancyPtrType = reflect.TypeOf((**InfrastructureConfigurationPlacementTenancy)(nil)).Elem() + +type InfrastructureConfigurationPlacementTenancyPtrInput interface { + pulumi.Input + + ToInfrastructureConfigurationPlacementTenancyPtrOutput() InfrastructureConfigurationPlacementTenancyPtrOutput + ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(context.Context) InfrastructureConfigurationPlacementTenancyPtrOutput +} + +type infrastructureConfigurationPlacementTenancyPtr string + +func InfrastructureConfigurationPlacementTenancyPtr(v string) InfrastructureConfigurationPlacementTenancyPtrInput { + return (*infrastructureConfigurationPlacementTenancyPtr)(&v) +} + +func (*infrastructureConfigurationPlacementTenancyPtr) ElementType() reflect.Type { + return infrastructureConfigurationPlacementTenancyPtrType +} + +func (in *infrastructureConfigurationPlacementTenancyPtr) ToInfrastructureConfigurationPlacementTenancyPtrOutput() InfrastructureConfigurationPlacementTenancyPtrOutput { + return pulumi.ToOutput(in).(InfrastructureConfigurationPlacementTenancyPtrOutput) +} + +func (in *infrastructureConfigurationPlacementTenancyPtr) ToInfrastructureConfigurationPlacementTenancyPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementTenancyPtrOutput { + return pulumi.ToOutputWithContext(ctx, in).(InfrastructureConfigurationPlacementTenancyPtrOutput) +} + // The action type of the policy detail. type LifecyclePolicyActionType string @@ -3136,6 +3306,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*ImageWorkflowConfigurationOnFailurePtrInput)(nil)).Elem(), ImageWorkflowConfigurationOnFailure("CONTINUE")) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationInstanceMetadataOptionsHttpTokensInput)(nil)).Elem(), InfrastructureConfigurationInstanceMetadataOptionsHttpTokens("required")) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationInstanceMetadataOptionsHttpTokensPtrInput)(nil)).Elem(), InfrastructureConfigurationInstanceMetadataOptionsHttpTokens("required")) + pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationPlacementTenancyInput)(nil)).Elem(), InfrastructureConfigurationPlacementTenancy("default")) + pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationPlacementTenancyPtrInput)(nil)).Elem(), InfrastructureConfigurationPlacementTenancy("default")) pulumi.RegisterInputType(reflect.TypeOf((*LifecyclePolicyActionTypeInput)(nil)).Elem(), LifecyclePolicyActionType("DELETE")) pulumi.RegisterInputType(reflect.TypeOf((*LifecyclePolicyActionTypePtrInput)(nil)).Elem(), LifecyclePolicyActionType("DELETE")) pulumi.RegisterInputType(reflect.TypeOf((*LifecyclePolicyFilterTypeInput)(nil)).Elem(), LifecyclePolicyFilterType("AGE")) @@ -3174,6 +3346,8 @@ func init() { pulumi.RegisterOutputType(ImageWorkflowConfigurationOnFailurePtrOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationInstanceMetadataOptionsHttpTokensOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationInstanceMetadataOptionsHttpTokensPtrOutput{}) + pulumi.RegisterOutputType(InfrastructureConfigurationPlacementTenancyOutput{}) + pulumi.RegisterOutputType(InfrastructureConfigurationPlacementTenancyPtrOutput{}) pulumi.RegisterOutputType(LifecyclePolicyActionTypeOutput{}) pulumi.RegisterOutputType(LifecyclePolicyActionTypePtrOutput{}) pulumi.RegisterOutputType(LifecyclePolicyFilterTypeOutput{}) diff --git a/sdk/go/aws/imagebuilder/pulumiTypes.go b/sdk/go/aws/imagebuilder/pulumiTypes.go index c39db5de17..280e22b098 100644 --- a/sdk/go/aws/imagebuilder/pulumiTypes.go +++ b/sdk/go/aws/imagebuilder/pulumiTypes.go @@ -5284,6 +5284,205 @@ func (o InfrastructureConfigurationLoggingPtrOutput) S3Logs() InfrastructureConf }).(InfrastructureConfigurationS3LogsPtrOutput) } +// The placement options +type InfrastructureConfigurationPlacement struct { + // AvailabilityZone + AvailabilityZone *string `pulumi:"availabilityZone"` + // HostId + HostId *string `pulumi:"hostId"` + // HostResourceGroupArn + HostResourceGroupArn *string `pulumi:"hostResourceGroupArn"` + // Tenancy + Tenancy *InfrastructureConfigurationPlacementTenancy `pulumi:"tenancy"` +} + +// InfrastructureConfigurationPlacementInput is an input type that accepts InfrastructureConfigurationPlacementArgs and InfrastructureConfigurationPlacementOutput values. +// You can construct a concrete instance of `InfrastructureConfigurationPlacementInput` via: +// +// InfrastructureConfigurationPlacementArgs{...} +type InfrastructureConfigurationPlacementInput interface { + pulumi.Input + + ToInfrastructureConfigurationPlacementOutput() InfrastructureConfigurationPlacementOutput + ToInfrastructureConfigurationPlacementOutputWithContext(context.Context) InfrastructureConfigurationPlacementOutput +} + +// The placement options +type InfrastructureConfigurationPlacementArgs struct { + // AvailabilityZone + AvailabilityZone pulumi.StringPtrInput `pulumi:"availabilityZone"` + // HostId + HostId pulumi.StringPtrInput `pulumi:"hostId"` + // HostResourceGroupArn + HostResourceGroupArn pulumi.StringPtrInput `pulumi:"hostResourceGroupArn"` + // Tenancy + Tenancy InfrastructureConfigurationPlacementTenancyPtrInput `pulumi:"tenancy"` +} + +func (InfrastructureConfigurationPlacementArgs) ElementType() reflect.Type { + return reflect.TypeOf((*InfrastructureConfigurationPlacement)(nil)).Elem() +} + +func (i InfrastructureConfigurationPlacementArgs) ToInfrastructureConfigurationPlacementOutput() InfrastructureConfigurationPlacementOutput { + return i.ToInfrastructureConfigurationPlacementOutputWithContext(context.Background()) +} + +func (i InfrastructureConfigurationPlacementArgs) ToInfrastructureConfigurationPlacementOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementOutput { + return pulumi.ToOutputWithContext(ctx, i).(InfrastructureConfigurationPlacementOutput) +} + +func (i InfrastructureConfigurationPlacementArgs) ToInfrastructureConfigurationPlacementPtrOutput() InfrastructureConfigurationPlacementPtrOutput { + return i.ToInfrastructureConfigurationPlacementPtrOutputWithContext(context.Background()) +} + +func (i InfrastructureConfigurationPlacementArgs) ToInfrastructureConfigurationPlacementPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(InfrastructureConfigurationPlacementOutput).ToInfrastructureConfigurationPlacementPtrOutputWithContext(ctx) +} + +// InfrastructureConfigurationPlacementPtrInput is an input type that accepts InfrastructureConfigurationPlacementArgs, InfrastructureConfigurationPlacementPtr and InfrastructureConfigurationPlacementPtrOutput values. +// You can construct a concrete instance of `InfrastructureConfigurationPlacementPtrInput` via: +// +// InfrastructureConfigurationPlacementArgs{...} +// +// or: +// +// nil +type InfrastructureConfigurationPlacementPtrInput interface { + pulumi.Input + + ToInfrastructureConfigurationPlacementPtrOutput() InfrastructureConfigurationPlacementPtrOutput + ToInfrastructureConfigurationPlacementPtrOutputWithContext(context.Context) InfrastructureConfigurationPlacementPtrOutput +} + +type infrastructureConfigurationPlacementPtrType InfrastructureConfigurationPlacementArgs + +func InfrastructureConfigurationPlacementPtr(v *InfrastructureConfigurationPlacementArgs) InfrastructureConfigurationPlacementPtrInput { + return (*infrastructureConfigurationPlacementPtrType)(v) +} + +func (*infrastructureConfigurationPlacementPtrType) ElementType() reflect.Type { + return reflect.TypeOf((**InfrastructureConfigurationPlacement)(nil)).Elem() +} + +func (i *infrastructureConfigurationPlacementPtrType) ToInfrastructureConfigurationPlacementPtrOutput() InfrastructureConfigurationPlacementPtrOutput { + return i.ToInfrastructureConfigurationPlacementPtrOutputWithContext(context.Background()) +} + +func (i *infrastructureConfigurationPlacementPtrType) ToInfrastructureConfigurationPlacementPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementPtrOutput { + return pulumi.ToOutputWithContext(ctx, i).(InfrastructureConfigurationPlacementPtrOutput) +} + +// The placement options +type InfrastructureConfigurationPlacementOutput struct{ *pulumi.OutputState } + +func (InfrastructureConfigurationPlacementOutput) ElementType() reflect.Type { + return reflect.TypeOf((*InfrastructureConfigurationPlacement)(nil)).Elem() +} + +func (o InfrastructureConfigurationPlacementOutput) ToInfrastructureConfigurationPlacementOutput() InfrastructureConfigurationPlacementOutput { + return o +} + +func (o InfrastructureConfigurationPlacementOutput) ToInfrastructureConfigurationPlacementOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementOutput { + return o +} + +func (o InfrastructureConfigurationPlacementOutput) ToInfrastructureConfigurationPlacementPtrOutput() InfrastructureConfigurationPlacementPtrOutput { + return o.ToInfrastructureConfigurationPlacementPtrOutputWithContext(context.Background()) +} + +func (o InfrastructureConfigurationPlacementOutput) ToInfrastructureConfigurationPlacementPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementPtrOutput { + return o.ApplyTWithContext(ctx, func(_ context.Context, v InfrastructureConfigurationPlacement) *InfrastructureConfigurationPlacement { + return &v + }).(InfrastructureConfigurationPlacementPtrOutput) +} + +// AvailabilityZone +func (o InfrastructureConfigurationPlacementOutput) AvailabilityZone() pulumi.StringPtrOutput { + return o.ApplyT(func(v InfrastructureConfigurationPlacement) *string { return v.AvailabilityZone }).(pulumi.StringPtrOutput) +} + +// HostId +func (o InfrastructureConfigurationPlacementOutput) HostId() pulumi.StringPtrOutput { + return o.ApplyT(func(v InfrastructureConfigurationPlacement) *string { return v.HostId }).(pulumi.StringPtrOutput) +} + +// HostResourceGroupArn +func (o InfrastructureConfigurationPlacementOutput) HostResourceGroupArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v InfrastructureConfigurationPlacement) *string { return v.HostResourceGroupArn }).(pulumi.StringPtrOutput) +} + +// Tenancy +func (o InfrastructureConfigurationPlacementOutput) Tenancy() InfrastructureConfigurationPlacementTenancyPtrOutput { + return o.ApplyT(func(v InfrastructureConfigurationPlacement) *InfrastructureConfigurationPlacementTenancy { + return v.Tenancy + }).(InfrastructureConfigurationPlacementTenancyPtrOutput) +} + +type InfrastructureConfigurationPlacementPtrOutput struct{ *pulumi.OutputState } + +func (InfrastructureConfigurationPlacementPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**InfrastructureConfigurationPlacement)(nil)).Elem() +} + +func (o InfrastructureConfigurationPlacementPtrOutput) ToInfrastructureConfigurationPlacementPtrOutput() InfrastructureConfigurationPlacementPtrOutput { + return o +} + +func (o InfrastructureConfigurationPlacementPtrOutput) ToInfrastructureConfigurationPlacementPtrOutputWithContext(ctx context.Context) InfrastructureConfigurationPlacementPtrOutput { + return o +} + +func (o InfrastructureConfigurationPlacementPtrOutput) Elem() InfrastructureConfigurationPlacementOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacement) InfrastructureConfigurationPlacement { + if v != nil { + return *v + } + var ret InfrastructureConfigurationPlacement + return ret + }).(InfrastructureConfigurationPlacementOutput) +} + +// AvailabilityZone +func (o InfrastructureConfigurationPlacementPtrOutput) AvailabilityZone() pulumi.StringPtrOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacement) *string { + if v == nil { + return nil + } + return v.AvailabilityZone + }).(pulumi.StringPtrOutput) +} + +// HostId +func (o InfrastructureConfigurationPlacementPtrOutput) HostId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacement) *string { + if v == nil { + return nil + } + return v.HostId + }).(pulumi.StringPtrOutput) +} + +// HostResourceGroupArn +func (o InfrastructureConfigurationPlacementPtrOutput) HostResourceGroupArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacement) *string { + if v == nil { + return nil + } + return v.HostResourceGroupArn + }).(pulumi.StringPtrOutput) +} + +// Tenancy +func (o InfrastructureConfigurationPlacementPtrOutput) Tenancy() InfrastructureConfigurationPlacementTenancyPtrOutput { + return o.ApplyT(func(v *InfrastructureConfigurationPlacement) *InfrastructureConfigurationPlacementTenancy { + if v == nil { + return nil + } + return v.Tenancy + }).(InfrastructureConfigurationPlacementTenancyPtrOutput) +} + // The S3 path in which to store the logs. type InfrastructureConfigurationS3Logs struct { // S3BucketName @@ -6705,6 +6904,8 @@ func init() { pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationInstanceMetadataOptionsPtrInput)(nil)).Elem(), InfrastructureConfigurationInstanceMetadataOptionsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationLoggingInput)(nil)).Elem(), InfrastructureConfigurationLoggingArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationLoggingPtrInput)(nil)).Elem(), InfrastructureConfigurationLoggingArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationPlacementInput)(nil)).Elem(), InfrastructureConfigurationPlacementArgs{}) + pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationPlacementPtrInput)(nil)).Elem(), InfrastructureConfigurationPlacementArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationS3LogsInput)(nil)).Elem(), InfrastructureConfigurationS3LogsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*InfrastructureConfigurationS3LogsPtrInput)(nil)).Elem(), InfrastructureConfigurationS3LogsArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*LifecyclePolicyActionInput)(nil)).Elem(), LifecyclePolicyActionArgs{}) @@ -6790,6 +6991,8 @@ func init() { pulumi.RegisterOutputType(InfrastructureConfigurationInstanceMetadataOptionsPtrOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationLoggingOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationLoggingPtrOutput{}) + pulumi.RegisterOutputType(InfrastructureConfigurationPlacementOutput{}) + pulumi.RegisterOutputType(InfrastructureConfigurationPlacementPtrOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationS3LogsOutput{}) pulumi.RegisterOutputType(InfrastructureConfigurationS3LogsPtrOutput{}) pulumi.RegisterOutputType(LifecyclePolicyActionOutput{}) diff --git a/sdk/go/aws/ivs/pulumiTypes.go b/sdk/go/aws/ivs/pulumiTypes.go index e9bd2cfc2e..ac6d1b5073 100644 --- a/sdk/go/aws/ivs/pulumiTypes.go +++ b/sdk/go/aws/ivs/pulumiTypes.go @@ -863,9 +863,9 @@ type VideoProperties struct { Bitrate *int `pulumi:"bitrate"` // Video frame rate, in fps. Default: 30. Framerate *float64 `pulumi:"framerate"` - // Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + // Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. Height *int `pulumi:"height"` - // Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + // Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. Width *int `pulumi:"width"` } @@ -886,9 +886,9 @@ type VideoPropertiesArgs struct { Bitrate pulumi.IntPtrInput `pulumi:"bitrate"` // Video frame rate, in fps. Default: 30. Framerate pulumi.Float64PtrInput `pulumi:"framerate"` - // Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + // Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. Height pulumi.IntPtrInput `pulumi:"height"` - // Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + // Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. Width pulumi.IntPtrInput `pulumi:"width"` } @@ -980,12 +980,12 @@ func (o VideoPropertiesOutput) Framerate() pulumi.Float64PtrOutput { return o.ApplyT(func(v VideoProperties) *float64 { return v.Framerate }).(pulumi.Float64PtrOutput) } -// Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. +// Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. func (o VideoPropertiesOutput) Height() pulumi.IntPtrOutput { return o.ApplyT(func(v VideoProperties) *int { return v.Height }).(pulumi.IntPtrOutput) } -// Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. +// Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. func (o VideoPropertiesOutput) Width() pulumi.IntPtrOutput { return o.ApplyT(func(v VideoProperties) *int { return v.Width }).(pulumi.IntPtrOutput) } @@ -1034,7 +1034,7 @@ func (o VideoPropertiesPtrOutput) Framerate() pulumi.Float64PtrOutput { }).(pulumi.Float64PtrOutput) } -// Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. +// Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. func (o VideoPropertiesPtrOutput) Height() pulumi.IntPtrOutput { return o.ApplyT(func(v *VideoProperties) *int { if v == nil { @@ -1044,7 +1044,7 @@ func (o VideoPropertiesPtrOutput) Height() pulumi.IntPtrOutput { }).(pulumi.IntPtrOutput) } -// Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. +// Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. func (o VideoPropertiesPtrOutput) Width() pulumi.IntPtrOutput { return o.ApplyT(func(v *VideoProperties) *int { if v == nil { diff --git a/sdk/go/aws/memorydb/cluster.go b/sdk/go/aws/memorydb/cluster.go index 97a8461a72..d422edad2e 100644 --- a/sdk/go/aws/memorydb/cluster.go +++ b/sdk/go/aws/memorydb/cluster.go @@ -33,6 +33,8 @@ type Cluster struct { DataTiering ClusterDataTieringStatusPtrOutput `pulumi:"dataTiering"` // An optional description of the cluster. Description pulumi.StringPtrOutput `pulumi:"description"` + // The engine type used by the cluster. + Engine pulumi.StringPtrOutput `pulumi:"engine"` // The Redis engine version used by the cluster. EngineVersion pulumi.StringPtrOutput `pulumi:"engineVersion"` // The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. @@ -150,6 +152,8 @@ type clusterArgs struct { DataTiering *ClusterDataTieringStatus `pulumi:"dataTiering"` // An optional description of the cluster. Description *string `pulumi:"description"` + // The engine type used by the cluster. + Engine *string `pulumi:"engine"` // The Redis engine version used by the cluster. EngineVersion *string `pulumi:"engineVersion"` // The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. @@ -208,6 +212,8 @@ type ClusterArgs struct { DataTiering ClusterDataTieringStatusPtrInput // An optional description of the cluster. Description pulumi.StringPtrInput + // The engine type used by the cluster. + Engine pulumi.StringPtrInput // The Redis engine version used by the cluster. EngineVersion pulumi.StringPtrInput // The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. @@ -324,6 +330,11 @@ func (o ClusterOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v *Cluster) pulumi.StringPtrOutput { return v.Description }).(pulumi.StringPtrOutput) } +// The engine type used by the cluster. +func (o ClusterOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Cluster) pulumi.StringPtrOutput { return v.Engine }).(pulumi.StringPtrOutput) +} + // The Redis engine version used by the cluster. func (o ClusterOutput) EngineVersion() pulumi.StringPtrOutput { return o.ApplyT(func(v *Cluster) pulumi.StringPtrOutput { return v.EngineVersion }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aws/memorydb/getCluster.go b/sdk/go/aws/memorydb/getCluster.go index ccceaa7628..f9477375df 100644 --- a/sdk/go/aws/memorydb/getCluster.go +++ b/sdk/go/aws/memorydb/getCluster.go @@ -41,6 +41,8 @@ type LookupClusterResult struct { ClusterEndpoint *ClusterEndpoint `pulumi:"clusterEndpoint"` // An optional description of the cluster. Description *string `pulumi:"description"` + // The engine type used by the cluster. + Engine *string `pulumi:"engine"` // The Redis engine version used by the cluster. EngineVersion *string `pulumi:"engineVersion"` // Specifies the weekly time range during which maintenance on the cluster is performed. It is specified as a range in the format ddd:hh24:mi-ddd:hh24:mi (24H Clock UTC). The minimum maintenance window is a 60 minute period. @@ -140,6 +142,11 @@ func (o LookupClusterResultOutput) Description() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupClusterResult) *string { return v.Description }).(pulumi.StringPtrOutput) } +// The engine type used by the cluster. +func (o LookupClusterResultOutput) Engine() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupClusterResult) *string { return v.Engine }).(pulumi.StringPtrOutput) +} + // The Redis engine version used by the cluster. func (o LookupClusterResultOutput) EngineVersion() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupClusterResult) *string { return v.EngineVersion }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aws/pcaconnectorad/getConnector.go b/sdk/go/aws/pcaconnectorad/getConnector.go index ae545feb03..f7ea4dc7b6 100644 --- a/sdk/go/aws/pcaconnectorad/getConnector.go +++ b/sdk/go/aws/pcaconnectorad/getConnector.go @@ -30,6 +30,8 @@ type LookupConnectorArgs struct { type LookupConnectorResult struct { // The Amazon Resource Name (ARN) that was returned when you called [CreateConnector](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector.html) . ConnectorArn *string `pulumi:"connectorArn"` + // Metadata assigned to a connector consisting of a key-value pair. + Tags map[string]string `pulumi:"tags"` } func LookupConnectorOutput(ctx *pulumi.Context, args LookupConnectorOutputArgs, opts ...pulumi.InvokeOption) LookupConnectorResultOutput { @@ -79,6 +81,11 @@ func (o LookupConnectorResultOutput) ConnectorArn() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupConnectorResult) *string { return v.ConnectorArn }).(pulumi.StringPtrOutput) } +// Metadata assigned to a connector consisting of a key-value pair. +func (o LookupConnectorResultOutput) Tags() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupConnectorResult) map[string]string { return v.Tags }).(pulumi.StringMapOutput) +} + func init() { pulumi.RegisterOutputType(LookupConnectorResultOutput{}) } diff --git a/sdk/go/aws/pcaconnectorad/getDirectoryRegistration.go b/sdk/go/aws/pcaconnectorad/getDirectoryRegistration.go index 37a796f8f6..aad8055fd1 100644 --- a/sdk/go/aws/pcaconnectorad/getDirectoryRegistration.go +++ b/sdk/go/aws/pcaconnectorad/getDirectoryRegistration.go @@ -30,6 +30,8 @@ type LookupDirectoryRegistrationArgs struct { type LookupDirectoryRegistrationResult struct { // The Amazon Resource Name (ARN) that was returned when you called [CreateDirectoryRegistration](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateDirectoryRegistration.html) . DirectoryRegistrationArn *string `pulumi:"directoryRegistrationArn"` + // Metadata assigned to a directory registration consisting of a key-value pair. + Tags map[string]string `pulumi:"tags"` } func LookupDirectoryRegistrationOutput(ctx *pulumi.Context, args LookupDirectoryRegistrationOutputArgs, opts ...pulumi.InvokeOption) LookupDirectoryRegistrationResultOutput { @@ -79,6 +81,11 @@ func (o LookupDirectoryRegistrationResultOutput) DirectoryRegistrationArn() pulu return o.ApplyT(func(v LookupDirectoryRegistrationResult) *string { return v.DirectoryRegistrationArn }).(pulumi.StringPtrOutput) } +// Metadata assigned to a directory registration consisting of a key-value pair. +func (o LookupDirectoryRegistrationResultOutput) Tags() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupDirectoryRegistrationResult) map[string]string { return v.Tags }).(pulumi.StringMapOutput) +} + func init() { pulumi.RegisterOutputType(LookupDirectoryRegistrationResultOutput{}) } diff --git a/sdk/go/aws/pcaconnectorad/getTemplate.go b/sdk/go/aws/pcaconnectorad/getTemplate.go index fa00f3bd42..1e30f8493e 100644 --- a/sdk/go/aws/pcaconnectorad/getTemplate.go +++ b/sdk/go/aws/pcaconnectorad/getTemplate.go @@ -28,6 +28,10 @@ type LookupTemplateArgs struct { } type LookupTemplateResult struct { + // Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings. + Definition interface{} `pulumi:"definition"` + // Metadata assigned to a template consisting of a key-value pair. + Tags map[string]string `pulumi:"tags"` // The Amazon Resource Name (ARN) that was returned when you called [CreateTemplate](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html) . TemplateArn *string `pulumi:"templateArn"` } @@ -74,6 +78,16 @@ func (o LookupTemplateResultOutput) ToLookupTemplateResultOutputWithContext(ctx return o } +// Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings. +func (o LookupTemplateResultOutput) Definition() pulumi.AnyOutput { + return o.ApplyT(func(v LookupTemplateResult) interface{} { return v.Definition }).(pulumi.AnyOutput) +} + +// Metadata assigned to a template consisting of a key-value pair. +func (o LookupTemplateResultOutput) Tags() pulumi.StringMapOutput { + return o.ApplyT(func(v LookupTemplateResult) map[string]string { return v.Tags }).(pulumi.StringMapOutput) +} + // The Amazon Resource Name (ARN) that was returned when you called [CreateTemplate](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html) . func (o LookupTemplateResultOutput) TemplateArn() pulumi.StringPtrOutput { return o.ApplyT(func(v LookupTemplateResult) *string { return v.TemplateArn }).(pulumi.StringPtrOutput) diff --git a/sdk/go/aws/pcaconnectorad/pulumiTypes.go b/sdk/go/aws/pcaconnectorad/pulumiTypes.go index 5aab073648..2e1d3cc34e 100644 --- a/sdk/go/aws/pcaconnectorad/pulumiTypes.go +++ b/sdk/go/aws/pcaconnectorad/pulumiTypes.go @@ -366,6 +366,48 @@ func (o TemplateCertificateValidityOutput) ValidityPeriod() TemplateValidityPeri return o.ApplyT(func(v TemplateCertificateValidity) TemplateValidityPeriod { return v.ValidityPeriod }).(TemplateValidityPeriodOutput) } +type TemplateCertificateValidityPtrOutput struct{ *pulumi.OutputState } + +func (TemplateCertificateValidityPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateCertificateValidity)(nil)).Elem() +} + +func (o TemplateCertificateValidityPtrOutput) ToTemplateCertificateValidityPtrOutput() TemplateCertificateValidityPtrOutput { + return o +} + +func (o TemplateCertificateValidityPtrOutput) ToTemplateCertificateValidityPtrOutputWithContext(ctx context.Context) TemplateCertificateValidityPtrOutput { + return o +} + +func (o TemplateCertificateValidityPtrOutput) Elem() TemplateCertificateValidityOutput { + return o.ApplyT(func(v *TemplateCertificateValidity) TemplateCertificateValidity { + if v != nil { + return *v + } + var ret TemplateCertificateValidity + return ret + }).(TemplateCertificateValidityOutput) +} + +func (o TemplateCertificateValidityPtrOutput) RenewalPeriod() TemplateValidityPeriodPtrOutput { + return o.ApplyT(func(v *TemplateCertificateValidity) *TemplateValidityPeriod { + if v == nil { + return nil + } + return &v.RenewalPeriod + }).(TemplateValidityPeriodPtrOutput) +} + +func (o TemplateCertificateValidityPtrOutput) ValidityPeriod() TemplateValidityPeriodPtrOutput { + return o.ApplyT(func(v *TemplateCertificateValidity) *TemplateValidityPeriod { + if v == nil { + return nil + } + return &v.ValidityPeriod + }).(TemplateValidityPeriodPtrOutput) +} + type TemplateDefinition0Properties struct { TemplateV2 TemplateV2 `pulumi:"templateV2"` } @@ -415,6 +457,39 @@ func (o TemplateDefinition0PropertiesOutput) TemplateV2() TemplateV2Output { return o.ApplyT(func(v TemplateDefinition0Properties) TemplateV2 { return v.TemplateV2 }).(TemplateV2Output) } +type TemplateDefinition0PropertiesPtrOutput struct{ *pulumi.OutputState } + +func (TemplateDefinition0PropertiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateDefinition0Properties)(nil)).Elem() +} + +func (o TemplateDefinition0PropertiesPtrOutput) ToTemplateDefinition0PropertiesPtrOutput() TemplateDefinition0PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition0PropertiesPtrOutput) ToTemplateDefinition0PropertiesPtrOutputWithContext(ctx context.Context) TemplateDefinition0PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition0PropertiesPtrOutput) Elem() TemplateDefinition0PropertiesOutput { + return o.ApplyT(func(v *TemplateDefinition0Properties) TemplateDefinition0Properties { + if v != nil { + return *v + } + var ret TemplateDefinition0Properties + return ret + }).(TemplateDefinition0PropertiesOutput) +} + +func (o TemplateDefinition0PropertiesPtrOutput) TemplateV2() TemplateV2PtrOutput { + return o.ApplyT(func(v *TemplateDefinition0Properties) *TemplateV2 { + if v == nil { + return nil + } + return &v.TemplateV2 + }).(TemplateV2PtrOutput) +} + type TemplateDefinition1Properties struct { TemplateV3 TemplateV3 `pulumi:"templateV3"` } @@ -464,6 +539,39 @@ func (o TemplateDefinition1PropertiesOutput) TemplateV3() TemplateV3Output { return o.ApplyT(func(v TemplateDefinition1Properties) TemplateV3 { return v.TemplateV3 }).(TemplateV3Output) } +type TemplateDefinition1PropertiesPtrOutput struct{ *pulumi.OutputState } + +func (TemplateDefinition1PropertiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateDefinition1Properties)(nil)).Elem() +} + +func (o TemplateDefinition1PropertiesPtrOutput) ToTemplateDefinition1PropertiesPtrOutput() TemplateDefinition1PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition1PropertiesPtrOutput) ToTemplateDefinition1PropertiesPtrOutputWithContext(ctx context.Context) TemplateDefinition1PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition1PropertiesPtrOutput) Elem() TemplateDefinition1PropertiesOutput { + return o.ApplyT(func(v *TemplateDefinition1Properties) TemplateDefinition1Properties { + if v != nil { + return *v + } + var ret TemplateDefinition1Properties + return ret + }).(TemplateDefinition1PropertiesOutput) +} + +func (o TemplateDefinition1PropertiesPtrOutput) TemplateV3() TemplateV3PtrOutput { + return o.ApplyT(func(v *TemplateDefinition1Properties) *TemplateV3 { + if v == nil { + return nil + } + return &v.TemplateV3 + }).(TemplateV3PtrOutput) +} + type TemplateDefinition2Properties struct { TemplateV4 TemplateV4 `pulumi:"templateV4"` } @@ -513,6 +621,39 @@ func (o TemplateDefinition2PropertiesOutput) TemplateV4() TemplateV4Output { return o.ApplyT(func(v TemplateDefinition2Properties) TemplateV4 { return v.TemplateV4 }).(TemplateV4Output) } +type TemplateDefinition2PropertiesPtrOutput struct{ *pulumi.OutputState } + +func (TemplateDefinition2PropertiesPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateDefinition2Properties)(nil)).Elem() +} + +func (o TemplateDefinition2PropertiesPtrOutput) ToTemplateDefinition2PropertiesPtrOutput() TemplateDefinition2PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition2PropertiesPtrOutput) ToTemplateDefinition2PropertiesPtrOutputWithContext(ctx context.Context) TemplateDefinition2PropertiesPtrOutput { + return o +} + +func (o TemplateDefinition2PropertiesPtrOutput) Elem() TemplateDefinition2PropertiesOutput { + return o.ApplyT(func(v *TemplateDefinition2Properties) TemplateDefinition2Properties { + if v != nil { + return *v + } + var ret TemplateDefinition2Properties + return ret + }).(TemplateDefinition2PropertiesOutput) +} + +func (o TemplateDefinition2PropertiesPtrOutput) TemplateV4() TemplateV4PtrOutput { + return o.ApplyT(func(v *TemplateDefinition2Properties) *TemplateV4 { + if v == nil { + return nil + } + return &v.TemplateV4 + }).(TemplateV4PtrOutput) +} + type TemplateEnrollmentFlagsV2 struct { EnableKeyReuseOnNtTokenKeysetStorageFull *bool `pulumi:"enableKeyReuseOnNtTokenKeysetStorageFull"` IncludeSymmetricAlgorithms *bool `pulumi:"includeSymmetricAlgorithms"` @@ -586,6 +727,75 @@ func (o TemplateEnrollmentFlagsV2Output) UserInteractionRequired() pulumi.BoolPt return o.ApplyT(func(v TemplateEnrollmentFlagsV2) *bool { return v.UserInteractionRequired }).(pulumi.BoolPtrOutput) } +type TemplateEnrollmentFlagsV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplateEnrollmentFlagsV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateEnrollmentFlagsV2)(nil)).Elem() +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) ToTemplateEnrollmentFlagsV2PtrOutput() TemplateEnrollmentFlagsV2PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) ToTemplateEnrollmentFlagsV2PtrOutputWithContext(ctx context.Context) TemplateEnrollmentFlagsV2PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) Elem() TemplateEnrollmentFlagsV2Output { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) TemplateEnrollmentFlagsV2 { + if v != nil { + return *v + } + var ret TemplateEnrollmentFlagsV2 + return ret + }).(TemplateEnrollmentFlagsV2Output) +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) EnableKeyReuseOnNtTokenKeysetStorageFull() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) *bool { + if v == nil { + return nil + } + return v.EnableKeyReuseOnNtTokenKeysetStorageFull + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) IncludeSymmetricAlgorithms() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) *bool { + if v == nil { + return nil + } + return v.IncludeSymmetricAlgorithms + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) NoSecurityExtension() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) *bool { + if v == nil { + return nil + } + return v.NoSecurityExtension + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) RemoveInvalidCertificateFromPersonalStore() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) *bool { + if v == nil { + return nil + } + return v.RemoveInvalidCertificateFromPersonalStore + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV2PtrOutput) UserInteractionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV2) *bool { + if v == nil { + return nil + } + return v.UserInteractionRequired + }).(pulumi.BoolPtrOutput) +} + type TemplateEnrollmentFlagsV3 struct { EnableKeyReuseOnNtTokenKeysetStorageFull *bool `pulumi:"enableKeyReuseOnNtTokenKeysetStorageFull"` IncludeSymmetricAlgorithms *bool `pulumi:"includeSymmetricAlgorithms"` @@ -659,6 +869,75 @@ func (o TemplateEnrollmentFlagsV3Output) UserInteractionRequired() pulumi.BoolPt return o.ApplyT(func(v TemplateEnrollmentFlagsV3) *bool { return v.UserInteractionRequired }).(pulumi.BoolPtrOutput) } +type TemplateEnrollmentFlagsV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplateEnrollmentFlagsV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateEnrollmentFlagsV3)(nil)).Elem() +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) ToTemplateEnrollmentFlagsV3PtrOutput() TemplateEnrollmentFlagsV3PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) ToTemplateEnrollmentFlagsV3PtrOutputWithContext(ctx context.Context) TemplateEnrollmentFlagsV3PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) Elem() TemplateEnrollmentFlagsV3Output { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) TemplateEnrollmentFlagsV3 { + if v != nil { + return *v + } + var ret TemplateEnrollmentFlagsV3 + return ret + }).(TemplateEnrollmentFlagsV3Output) +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) EnableKeyReuseOnNtTokenKeysetStorageFull() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) *bool { + if v == nil { + return nil + } + return v.EnableKeyReuseOnNtTokenKeysetStorageFull + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) IncludeSymmetricAlgorithms() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) *bool { + if v == nil { + return nil + } + return v.IncludeSymmetricAlgorithms + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) NoSecurityExtension() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) *bool { + if v == nil { + return nil + } + return v.NoSecurityExtension + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) RemoveInvalidCertificateFromPersonalStore() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) *bool { + if v == nil { + return nil + } + return v.RemoveInvalidCertificateFromPersonalStore + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV3PtrOutput) UserInteractionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV3) *bool { + if v == nil { + return nil + } + return v.UserInteractionRequired + }).(pulumi.BoolPtrOutput) +} + type TemplateEnrollmentFlagsV4 struct { EnableKeyReuseOnNtTokenKeysetStorageFull *bool `pulumi:"enableKeyReuseOnNtTokenKeysetStorageFull"` IncludeSymmetricAlgorithms *bool `pulumi:"includeSymmetricAlgorithms"` @@ -732,6 +1011,75 @@ func (o TemplateEnrollmentFlagsV4Output) UserInteractionRequired() pulumi.BoolPt return o.ApplyT(func(v TemplateEnrollmentFlagsV4) *bool { return v.UserInteractionRequired }).(pulumi.BoolPtrOutput) } +type TemplateEnrollmentFlagsV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplateEnrollmentFlagsV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateEnrollmentFlagsV4)(nil)).Elem() +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) ToTemplateEnrollmentFlagsV4PtrOutput() TemplateEnrollmentFlagsV4PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) ToTemplateEnrollmentFlagsV4PtrOutputWithContext(ctx context.Context) TemplateEnrollmentFlagsV4PtrOutput { + return o +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) Elem() TemplateEnrollmentFlagsV4Output { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) TemplateEnrollmentFlagsV4 { + if v != nil { + return *v + } + var ret TemplateEnrollmentFlagsV4 + return ret + }).(TemplateEnrollmentFlagsV4Output) +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) EnableKeyReuseOnNtTokenKeysetStorageFull() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) *bool { + if v == nil { + return nil + } + return v.EnableKeyReuseOnNtTokenKeysetStorageFull + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) IncludeSymmetricAlgorithms() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) *bool { + if v == nil { + return nil + } + return v.IncludeSymmetricAlgorithms + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) NoSecurityExtension() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) *bool { + if v == nil { + return nil + } + return v.NoSecurityExtension + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) RemoveInvalidCertificateFromPersonalStore() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) *bool { + if v == nil { + return nil + } + return v.RemoveInvalidCertificateFromPersonalStore + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateEnrollmentFlagsV4PtrOutput) UserInteractionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateEnrollmentFlagsV4) *bool { + if v == nil { + return nil + } + return v.UserInteractionRequired + }).(pulumi.BoolPtrOutput) +} + type TemplateExtensionsV2 struct { ApplicationPolicies *TemplateApplicationPolicies `pulumi:"applicationPolicies"` KeyUsage TemplateKeyUsage `pulumi:"keyUsage"` @@ -787,6 +1135,48 @@ func (o TemplateExtensionsV2Output) KeyUsage() TemplateKeyUsageOutput { return o.ApplyT(func(v TemplateExtensionsV2) TemplateKeyUsage { return v.KeyUsage }).(TemplateKeyUsageOutput) } +type TemplateExtensionsV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplateExtensionsV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateExtensionsV2)(nil)).Elem() +} + +func (o TemplateExtensionsV2PtrOutput) ToTemplateExtensionsV2PtrOutput() TemplateExtensionsV2PtrOutput { + return o +} + +func (o TemplateExtensionsV2PtrOutput) ToTemplateExtensionsV2PtrOutputWithContext(ctx context.Context) TemplateExtensionsV2PtrOutput { + return o +} + +func (o TemplateExtensionsV2PtrOutput) Elem() TemplateExtensionsV2Output { + return o.ApplyT(func(v *TemplateExtensionsV2) TemplateExtensionsV2 { + if v != nil { + return *v + } + var ret TemplateExtensionsV2 + return ret + }).(TemplateExtensionsV2Output) +} + +func (o TemplateExtensionsV2PtrOutput) ApplicationPolicies() TemplateApplicationPoliciesPtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV2) *TemplateApplicationPolicies { + if v == nil { + return nil + } + return v.ApplicationPolicies + }).(TemplateApplicationPoliciesPtrOutput) +} + +func (o TemplateExtensionsV2PtrOutput) KeyUsage() TemplateKeyUsagePtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV2) *TemplateKeyUsage { + if v == nil { + return nil + } + return &v.KeyUsage + }).(TemplateKeyUsagePtrOutput) +} + type TemplateExtensionsV3 struct { ApplicationPolicies *TemplateApplicationPolicies `pulumi:"applicationPolicies"` KeyUsage TemplateKeyUsage `pulumi:"keyUsage"` @@ -842,17 +1232,59 @@ func (o TemplateExtensionsV3Output) KeyUsage() TemplateKeyUsageOutput { return o.ApplyT(func(v TemplateExtensionsV3) TemplateKeyUsage { return v.KeyUsage }).(TemplateKeyUsageOutput) } -type TemplateExtensionsV4 struct { - ApplicationPolicies *TemplateApplicationPolicies `pulumi:"applicationPolicies"` - KeyUsage TemplateKeyUsage `pulumi:"keyUsage"` +type TemplateExtensionsV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplateExtensionsV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateExtensionsV3)(nil)).Elem() } -// TemplateExtensionsV4Input is an input type that accepts TemplateExtensionsV4Args and TemplateExtensionsV4Output values. -// You can construct a concrete instance of `TemplateExtensionsV4Input` via: -// -// TemplateExtensionsV4Args{...} -type TemplateExtensionsV4Input interface { - pulumi.Input +func (o TemplateExtensionsV3PtrOutput) ToTemplateExtensionsV3PtrOutput() TemplateExtensionsV3PtrOutput { + return o +} + +func (o TemplateExtensionsV3PtrOutput) ToTemplateExtensionsV3PtrOutputWithContext(ctx context.Context) TemplateExtensionsV3PtrOutput { + return o +} + +func (o TemplateExtensionsV3PtrOutput) Elem() TemplateExtensionsV3Output { + return o.ApplyT(func(v *TemplateExtensionsV3) TemplateExtensionsV3 { + if v != nil { + return *v + } + var ret TemplateExtensionsV3 + return ret + }).(TemplateExtensionsV3Output) +} + +func (o TemplateExtensionsV3PtrOutput) ApplicationPolicies() TemplateApplicationPoliciesPtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV3) *TemplateApplicationPolicies { + if v == nil { + return nil + } + return v.ApplicationPolicies + }).(TemplateApplicationPoliciesPtrOutput) +} + +func (o TemplateExtensionsV3PtrOutput) KeyUsage() TemplateKeyUsagePtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV3) *TemplateKeyUsage { + if v == nil { + return nil + } + return &v.KeyUsage + }).(TemplateKeyUsagePtrOutput) +} + +type TemplateExtensionsV4 struct { + ApplicationPolicies *TemplateApplicationPolicies `pulumi:"applicationPolicies"` + KeyUsage TemplateKeyUsage `pulumi:"keyUsage"` +} + +// TemplateExtensionsV4Input is an input type that accepts TemplateExtensionsV4Args and TemplateExtensionsV4Output values. +// You can construct a concrete instance of `TemplateExtensionsV4Input` via: +// +// TemplateExtensionsV4Args{...} +type TemplateExtensionsV4Input interface { + pulumi.Input ToTemplateExtensionsV4Output() TemplateExtensionsV4Output ToTemplateExtensionsV4OutputWithContext(context.Context) TemplateExtensionsV4Output @@ -897,6 +1329,48 @@ func (o TemplateExtensionsV4Output) KeyUsage() TemplateKeyUsageOutput { return o.ApplyT(func(v TemplateExtensionsV4) TemplateKeyUsage { return v.KeyUsage }).(TemplateKeyUsageOutput) } +type TemplateExtensionsV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplateExtensionsV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateExtensionsV4)(nil)).Elem() +} + +func (o TemplateExtensionsV4PtrOutput) ToTemplateExtensionsV4PtrOutput() TemplateExtensionsV4PtrOutput { + return o +} + +func (o TemplateExtensionsV4PtrOutput) ToTemplateExtensionsV4PtrOutputWithContext(ctx context.Context) TemplateExtensionsV4PtrOutput { + return o +} + +func (o TemplateExtensionsV4PtrOutput) Elem() TemplateExtensionsV4Output { + return o.ApplyT(func(v *TemplateExtensionsV4) TemplateExtensionsV4 { + if v != nil { + return *v + } + var ret TemplateExtensionsV4 + return ret + }).(TemplateExtensionsV4Output) +} + +func (o TemplateExtensionsV4PtrOutput) ApplicationPolicies() TemplateApplicationPoliciesPtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV4) *TemplateApplicationPolicies { + if v == nil { + return nil + } + return v.ApplicationPolicies + }).(TemplateApplicationPoliciesPtrOutput) +} + +func (o TemplateExtensionsV4PtrOutput) KeyUsage() TemplateKeyUsagePtrOutput { + return o.ApplyT(func(v *TemplateExtensionsV4) *TemplateKeyUsage { + if v == nil { + return nil + } + return &v.KeyUsage + }).(TemplateKeyUsagePtrOutput) +} + type TemplateGeneralFlagsV2 struct { AutoEnrollment *bool `pulumi:"autoEnrollment"` MachineType *bool `pulumi:"machineType"` @@ -952,6 +1426,48 @@ func (o TemplateGeneralFlagsV2Output) MachineType() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateGeneralFlagsV2) *bool { return v.MachineType }).(pulumi.BoolPtrOutput) } +type TemplateGeneralFlagsV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplateGeneralFlagsV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateGeneralFlagsV2)(nil)).Elem() +} + +func (o TemplateGeneralFlagsV2PtrOutput) ToTemplateGeneralFlagsV2PtrOutput() TemplateGeneralFlagsV2PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV2PtrOutput) ToTemplateGeneralFlagsV2PtrOutputWithContext(ctx context.Context) TemplateGeneralFlagsV2PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV2PtrOutput) Elem() TemplateGeneralFlagsV2Output { + return o.ApplyT(func(v *TemplateGeneralFlagsV2) TemplateGeneralFlagsV2 { + if v != nil { + return *v + } + var ret TemplateGeneralFlagsV2 + return ret + }).(TemplateGeneralFlagsV2Output) +} + +func (o TemplateGeneralFlagsV2PtrOutput) AutoEnrollment() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV2) *bool { + if v == nil { + return nil + } + return v.AutoEnrollment + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateGeneralFlagsV2PtrOutput) MachineType() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV2) *bool { + if v == nil { + return nil + } + return v.MachineType + }).(pulumi.BoolPtrOutput) +} + type TemplateGeneralFlagsV3 struct { AutoEnrollment *bool `pulumi:"autoEnrollment"` MachineType *bool `pulumi:"machineType"` @@ -1007,6 +1523,48 @@ func (o TemplateGeneralFlagsV3Output) MachineType() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateGeneralFlagsV3) *bool { return v.MachineType }).(pulumi.BoolPtrOutput) } +type TemplateGeneralFlagsV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplateGeneralFlagsV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateGeneralFlagsV3)(nil)).Elem() +} + +func (o TemplateGeneralFlagsV3PtrOutput) ToTemplateGeneralFlagsV3PtrOutput() TemplateGeneralFlagsV3PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV3PtrOutput) ToTemplateGeneralFlagsV3PtrOutputWithContext(ctx context.Context) TemplateGeneralFlagsV3PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV3PtrOutput) Elem() TemplateGeneralFlagsV3Output { + return o.ApplyT(func(v *TemplateGeneralFlagsV3) TemplateGeneralFlagsV3 { + if v != nil { + return *v + } + var ret TemplateGeneralFlagsV3 + return ret + }).(TemplateGeneralFlagsV3Output) +} + +func (o TemplateGeneralFlagsV3PtrOutput) AutoEnrollment() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV3) *bool { + if v == nil { + return nil + } + return v.AutoEnrollment + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateGeneralFlagsV3PtrOutput) MachineType() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV3) *bool { + if v == nil { + return nil + } + return v.MachineType + }).(pulumi.BoolPtrOutput) +} + type TemplateGeneralFlagsV4 struct { AutoEnrollment *bool `pulumi:"autoEnrollment"` MachineType *bool `pulumi:"machineType"` @@ -1062,6 +1620,48 @@ func (o TemplateGeneralFlagsV4Output) MachineType() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateGeneralFlagsV4) *bool { return v.MachineType }).(pulumi.BoolPtrOutput) } +type TemplateGeneralFlagsV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplateGeneralFlagsV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateGeneralFlagsV4)(nil)).Elem() +} + +func (o TemplateGeneralFlagsV4PtrOutput) ToTemplateGeneralFlagsV4PtrOutput() TemplateGeneralFlagsV4PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV4PtrOutput) ToTemplateGeneralFlagsV4PtrOutputWithContext(ctx context.Context) TemplateGeneralFlagsV4PtrOutput { + return o +} + +func (o TemplateGeneralFlagsV4PtrOutput) Elem() TemplateGeneralFlagsV4Output { + return o.ApplyT(func(v *TemplateGeneralFlagsV4) TemplateGeneralFlagsV4 { + if v != nil { + return *v + } + var ret TemplateGeneralFlagsV4 + return ret + }).(TemplateGeneralFlagsV4Output) +} + +func (o TemplateGeneralFlagsV4PtrOutput) AutoEnrollment() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV4) *bool { + if v == nil { + return nil + } + return v.AutoEnrollment + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateGeneralFlagsV4PtrOutput) MachineType() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateGeneralFlagsV4) *bool { + if v == nil { + return nil + } + return v.MachineType + }).(pulumi.BoolPtrOutput) +} + type TemplateGroupAccessControlEntryAccessRights struct { // Allow or deny an Active Directory group from autoenrolling certificates issued against a template. The Active Directory group must be allowed to enroll to allow autoenrollment AutoEnroll *TemplateGroupAccessControlEntryAccessRight `pulumi:"autoEnroll"` @@ -1182,6 +1782,48 @@ func (o TemplateKeyUsageOutput) UsageFlags() TemplateKeyUsageFlagsOutput { return o.ApplyT(func(v TemplateKeyUsage) TemplateKeyUsageFlags { return v.UsageFlags }).(TemplateKeyUsageFlagsOutput) } +type TemplateKeyUsagePtrOutput struct{ *pulumi.OutputState } + +func (TemplateKeyUsagePtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateKeyUsage)(nil)).Elem() +} + +func (o TemplateKeyUsagePtrOutput) ToTemplateKeyUsagePtrOutput() TemplateKeyUsagePtrOutput { + return o +} + +func (o TemplateKeyUsagePtrOutput) ToTemplateKeyUsagePtrOutputWithContext(ctx context.Context) TemplateKeyUsagePtrOutput { + return o +} + +func (o TemplateKeyUsagePtrOutput) Elem() TemplateKeyUsageOutput { + return o.ApplyT(func(v *TemplateKeyUsage) TemplateKeyUsage { + if v != nil { + return *v + } + var ret TemplateKeyUsage + return ret + }).(TemplateKeyUsageOutput) +} + +func (o TemplateKeyUsagePtrOutput) Critical() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsage) *bool { + if v == nil { + return nil + } + return v.Critical + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateKeyUsagePtrOutput) UsageFlags() TemplateKeyUsageFlagsPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsage) *TemplateKeyUsageFlags { + if v == nil { + return nil + } + return &v.UsageFlags + }).(TemplateKeyUsageFlagsPtrOutput) +} + type TemplateKeyUsageFlags struct { DataEncipherment *bool `pulumi:"dataEncipherment"` DigitalSignature *bool `pulumi:"digitalSignature"` @@ -1255,6 +1897,75 @@ func (o TemplateKeyUsageFlagsOutput) NonRepudiation() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateKeyUsageFlags) *bool { return v.NonRepudiation }).(pulumi.BoolPtrOutput) } +type TemplateKeyUsageFlagsPtrOutput struct{ *pulumi.OutputState } + +func (TemplateKeyUsageFlagsPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateKeyUsageFlags)(nil)).Elem() +} + +func (o TemplateKeyUsageFlagsPtrOutput) ToTemplateKeyUsageFlagsPtrOutput() TemplateKeyUsageFlagsPtrOutput { + return o +} + +func (o TemplateKeyUsageFlagsPtrOutput) ToTemplateKeyUsageFlagsPtrOutputWithContext(ctx context.Context) TemplateKeyUsageFlagsPtrOutput { + return o +} + +func (o TemplateKeyUsageFlagsPtrOutput) Elem() TemplateKeyUsageFlagsOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) TemplateKeyUsageFlags { + if v != nil { + return *v + } + var ret TemplateKeyUsageFlags + return ret + }).(TemplateKeyUsageFlagsOutput) +} + +func (o TemplateKeyUsageFlagsPtrOutput) DataEncipherment() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) *bool { + if v == nil { + return nil + } + return v.DataEncipherment + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateKeyUsageFlagsPtrOutput) DigitalSignature() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) *bool { + if v == nil { + return nil + } + return v.DigitalSignature + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateKeyUsageFlagsPtrOutput) KeyAgreement() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) *bool { + if v == nil { + return nil + } + return v.KeyAgreement + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateKeyUsageFlagsPtrOutput) KeyEncipherment() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) *bool { + if v == nil { + return nil + } + return v.KeyEncipherment + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateKeyUsageFlagsPtrOutput) NonRepudiation() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateKeyUsageFlags) *bool { + if v == nil { + return nil + } + return v.NonRepudiation + }).(pulumi.BoolPtrOutput) +} + type TemplateKeyUsageProperty0Properties struct { PropertyType TemplateKeyUsagePropertyType `pulumi:"propertyType"` } @@ -1745,6 +2456,57 @@ func (o TemplatePrivateKeyAttributesV2Output) MinimalKeyLength() pulumi.Float64O return o.ApplyT(func(v TemplatePrivateKeyAttributesV2) float64 { return v.MinimalKeyLength }).(pulumi.Float64Output) } +type TemplatePrivateKeyAttributesV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyAttributesV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyAttributesV2)(nil)).Elem() +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) ToTemplatePrivateKeyAttributesV2PtrOutput() TemplatePrivateKeyAttributesV2PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) ToTemplatePrivateKeyAttributesV2PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyAttributesV2PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) Elem() TemplatePrivateKeyAttributesV2Output { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV2) TemplatePrivateKeyAttributesV2 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyAttributesV2 + return ret + }).(TemplatePrivateKeyAttributesV2Output) +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) CryptoProviders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV2) []string { + if v == nil { + return nil + } + return v.CryptoProviders + }).(pulumi.StringArrayOutput) +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) KeySpec() TemplateKeySpecPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV2) *TemplateKeySpec { + if v == nil { + return nil + } + return &v.KeySpec + }).(TemplateKeySpecPtrOutput) +} + +func (o TemplatePrivateKeyAttributesV2PtrOutput) MinimalKeyLength() pulumi.Float64PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV2) *float64 { + if v == nil { + return nil + } + return &v.MinimalKeyLength + }).(pulumi.Float64PtrOutput) +} + type TemplatePrivateKeyAttributesV3 struct { Algorithm TemplatePrivateKeyAlgorithm `pulumi:"algorithm"` CryptoProviders []string `pulumi:"cryptoProviders"` @@ -1818,19 +2580,88 @@ func (o TemplatePrivateKeyAttributesV3Output) MinimalKeyLength() pulumi.Float64O return o.ApplyT(func(v TemplatePrivateKeyAttributesV3) float64 { return v.MinimalKeyLength }).(pulumi.Float64Output) } -type TemplatePrivateKeyAttributesV4 struct { - Algorithm *TemplatePrivateKeyAlgorithm `pulumi:"algorithm"` - CryptoProviders []string `pulumi:"cryptoProviders"` - KeySpec TemplateKeySpec `pulumi:"keySpec"` - KeyUsageProperty interface{} `pulumi:"keyUsageProperty"` - MinimalKeyLength float64 `pulumi:"minimalKeyLength"` +type TemplatePrivateKeyAttributesV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyAttributesV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyAttributesV3)(nil)).Elem() } -// TemplatePrivateKeyAttributesV4Input is an input type that accepts TemplatePrivateKeyAttributesV4Args and TemplatePrivateKeyAttributesV4Output values. -// You can construct a concrete instance of `TemplatePrivateKeyAttributesV4Input` via: -// -// TemplatePrivateKeyAttributesV4Args{...} -type TemplatePrivateKeyAttributesV4Input interface { +func (o TemplatePrivateKeyAttributesV3PtrOutput) ToTemplatePrivateKeyAttributesV3PtrOutput() TemplatePrivateKeyAttributesV3PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) ToTemplatePrivateKeyAttributesV3PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyAttributesV3PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) Elem() TemplatePrivateKeyAttributesV3Output { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) TemplatePrivateKeyAttributesV3 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyAttributesV3 + return ret + }).(TemplatePrivateKeyAttributesV3Output) +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) Algorithm() TemplatePrivateKeyAlgorithmPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) *TemplatePrivateKeyAlgorithm { + if v == nil { + return nil + } + return &v.Algorithm + }).(TemplatePrivateKeyAlgorithmPtrOutput) +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) CryptoProviders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) []string { + if v == nil { + return nil + } + return v.CryptoProviders + }).(pulumi.StringArrayOutput) +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) KeySpec() TemplateKeySpecPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) *TemplateKeySpec { + if v == nil { + return nil + } + return &v.KeySpec + }).(TemplateKeySpecPtrOutput) +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) KeyUsageProperty() pulumi.AnyOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) interface{} { + if v == nil { + return nil + } + return v.KeyUsageProperty + }).(pulumi.AnyOutput) +} + +func (o TemplatePrivateKeyAttributesV3PtrOutput) MinimalKeyLength() pulumi.Float64PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV3) *float64 { + if v == nil { + return nil + } + return &v.MinimalKeyLength + }).(pulumi.Float64PtrOutput) +} + +type TemplatePrivateKeyAttributesV4 struct { + Algorithm *TemplatePrivateKeyAlgorithm `pulumi:"algorithm"` + CryptoProviders []string `pulumi:"cryptoProviders"` + KeySpec TemplateKeySpec `pulumi:"keySpec"` + KeyUsageProperty interface{} `pulumi:"keyUsageProperty"` + MinimalKeyLength float64 `pulumi:"minimalKeyLength"` +} + +// TemplatePrivateKeyAttributesV4Input is an input type that accepts TemplatePrivateKeyAttributesV4Args and TemplatePrivateKeyAttributesV4Output values. +// You can construct a concrete instance of `TemplatePrivateKeyAttributesV4Input` via: +// +// TemplatePrivateKeyAttributesV4Args{...} +type TemplatePrivateKeyAttributesV4Input interface { pulumi.Input ToTemplatePrivateKeyAttributesV4Output() TemplatePrivateKeyAttributesV4Output @@ -1891,6 +2722,75 @@ func (o TemplatePrivateKeyAttributesV4Output) MinimalKeyLength() pulumi.Float64O return o.ApplyT(func(v TemplatePrivateKeyAttributesV4) float64 { return v.MinimalKeyLength }).(pulumi.Float64Output) } +type TemplatePrivateKeyAttributesV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyAttributesV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyAttributesV4)(nil)).Elem() +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) ToTemplatePrivateKeyAttributesV4PtrOutput() TemplatePrivateKeyAttributesV4PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) ToTemplatePrivateKeyAttributesV4PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyAttributesV4PtrOutput { + return o +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) Elem() TemplatePrivateKeyAttributesV4Output { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) TemplatePrivateKeyAttributesV4 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyAttributesV4 + return ret + }).(TemplatePrivateKeyAttributesV4Output) +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) Algorithm() TemplatePrivateKeyAlgorithmPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) *TemplatePrivateKeyAlgorithm { + if v == nil { + return nil + } + return v.Algorithm + }).(TemplatePrivateKeyAlgorithmPtrOutput) +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) CryptoProviders() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) []string { + if v == nil { + return nil + } + return v.CryptoProviders + }).(pulumi.StringArrayOutput) +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) KeySpec() TemplateKeySpecPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) *TemplateKeySpec { + if v == nil { + return nil + } + return &v.KeySpec + }).(TemplateKeySpecPtrOutput) +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) KeyUsageProperty() pulumi.AnyOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) interface{} { + if v == nil { + return nil + } + return v.KeyUsageProperty + }).(pulumi.AnyOutput) +} + +func (o TemplatePrivateKeyAttributesV4PtrOutput) MinimalKeyLength() pulumi.Float64PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyAttributesV4) *float64 { + if v == nil { + return nil + } + return &v.MinimalKeyLength + }).(pulumi.Float64PtrOutput) +} + type TemplatePrivateKeyFlagsV2 struct { ClientVersion TemplateClientCompatibilityV2 `pulumi:"clientVersion"` ExportableKey *bool `pulumi:"exportableKey"` @@ -1952,6 +2852,57 @@ func (o TemplatePrivateKeyFlagsV2Output) StrongKeyProtectionRequired() pulumi.Bo return o.ApplyT(func(v TemplatePrivateKeyFlagsV2) *bool { return v.StrongKeyProtectionRequired }).(pulumi.BoolPtrOutput) } +type TemplatePrivateKeyFlagsV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyFlagsV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyFlagsV2)(nil)).Elem() +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) ToTemplatePrivateKeyFlagsV2PtrOutput() TemplatePrivateKeyFlagsV2PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) ToTemplatePrivateKeyFlagsV2PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyFlagsV2PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) Elem() TemplatePrivateKeyFlagsV2Output { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV2) TemplatePrivateKeyFlagsV2 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyFlagsV2 + return ret + }).(TemplatePrivateKeyFlagsV2Output) +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) ClientVersion() TemplateClientCompatibilityV2PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV2) *TemplateClientCompatibilityV2 { + if v == nil { + return nil + } + return &v.ClientVersion + }).(TemplateClientCompatibilityV2PtrOutput) +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) ExportableKey() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV2) *bool { + if v == nil { + return nil + } + return v.ExportableKey + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV2PtrOutput) StrongKeyProtectionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV2) *bool { + if v == nil { + return nil + } + return v.StrongKeyProtectionRequired + }).(pulumi.BoolPtrOutput) +} + type TemplatePrivateKeyFlagsV3 struct { ClientVersion TemplateClientCompatibilityV3 `pulumi:"clientVersion"` ExportableKey *bool `pulumi:"exportableKey"` @@ -2019,6 +2970,66 @@ func (o TemplatePrivateKeyFlagsV3Output) StrongKeyProtectionRequired() pulumi.Bo return o.ApplyT(func(v TemplatePrivateKeyFlagsV3) *bool { return v.StrongKeyProtectionRequired }).(pulumi.BoolPtrOutput) } +type TemplatePrivateKeyFlagsV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyFlagsV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyFlagsV3)(nil)).Elem() +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) ToTemplatePrivateKeyFlagsV3PtrOutput() TemplatePrivateKeyFlagsV3PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) ToTemplatePrivateKeyFlagsV3PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyFlagsV3PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) Elem() TemplatePrivateKeyFlagsV3Output { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV3) TemplatePrivateKeyFlagsV3 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyFlagsV3 + return ret + }).(TemplatePrivateKeyFlagsV3Output) +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) ClientVersion() TemplateClientCompatibilityV3PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV3) *TemplateClientCompatibilityV3 { + if v == nil { + return nil + } + return &v.ClientVersion + }).(TemplateClientCompatibilityV3PtrOutput) +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) ExportableKey() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV3) *bool { + if v == nil { + return nil + } + return v.ExportableKey + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) RequireAlternateSignatureAlgorithm() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV3) *bool { + if v == nil { + return nil + } + return v.RequireAlternateSignatureAlgorithm + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV3PtrOutput) StrongKeyProtectionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV3) *bool { + if v == nil { + return nil + } + return v.StrongKeyProtectionRequired + }).(pulumi.BoolPtrOutput) +} + type TemplatePrivateKeyFlagsV4 struct { ClientVersion TemplateClientCompatibilityV4 `pulumi:"clientVersion"` ExportableKey *bool `pulumi:"exportableKey"` @@ -2098,6 +3109,84 @@ func (o TemplatePrivateKeyFlagsV4Output) UseLegacyProvider() pulumi.BoolPtrOutpu return o.ApplyT(func(v TemplatePrivateKeyFlagsV4) *bool { return v.UseLegacyProvider }).(pulumi.BoolPtrOutput) } +type TemplatePrivateKeyFlagsV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplatePrivateKeyFlagsV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplatePrivateKeyFlagsV4)(nil)).Elem() +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) ToTemplatePrivateKeyFlagsV4PtrOutput() TemplatePrivateKeyFlagsV4PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) ToTemplatePrivateKeyFlagsV4PtrOutputWithContext(ctx context.Context) TemplatePrivateKeyFlagsV4PtrOutput { + return o +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) Elem() TemplatePrivateKeyFlagsV4Output { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) TemplatePrivateKeyFlagsV4 { + if v != nil { + return *v + } + var ret TemplatePrivateKeyFlagsV4 + return ret + }).(TemplatePrivateKeyFlagsV4Output) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) ClientVersion() TemplateClientCompatibilityV4PtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *TemplateClientCompatibilityV4 { + if v == nil { + return nil + } + return &v.ClientVersion + }).(TemplateClientCompatibilityV4PtrOutput) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) ExportableKey() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *bool { + if v == nil { + return nil + } + return v.ExportableKey + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) RequireAlternateSignatureAlgorithm() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireAlternateSignatureAlgorithm + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) RequireSameKeyRenewal() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireSameKeyRenewal + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) StrongKeyProtectionRequired() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *bool { + if v == nil { + return nil + } + return v.StrongKeyProtectionRequired + }).(pulumi.BoolPtrOutput) +} + +func (o TemplatePrivateKeyFlagsV4PtrOutput) UseLegacyProvider() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplatePrivateKeyFlagsV4) *bool { + if v == nil { + return nil + } + return v.UseLegacyProvider + }).(pulumi.BoolPtrOutput) +} + type TemplateSubjectNameFlagsV2 struct { RequireCommonName *bool `pulumi:"requireCommonName"` RequireDirectoryPath *bool `pulumi:"requireDirectoryPath"` @@ -2201,49 +3290,163 @@ func (o TemplateSubjectNameFlagsV2Output) SanRequireUpn() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateSubjectNameFlagsV2) *bool { return v.SanRequireUpn }).(pulumi.BoolPtrOutput) } -type TemplateSubjectNameFlagsV3 struct { - RequireCommonName *bool `pulumi:"requireCommonName"` - RequireDirectoryPath *bool `pulumi:"requireDirectoryPath"` - RequireDnsAsCn *bool `pulumi:"requireDnsAsCn"` - RequireEmail *bool `pulumi:"requireEmail"` - SanRequireDirectoryGuid *bool `pulumi:"sanRequireDirectoryGuid"` - SanRequireDns *bool `pulumi:"sanRequireDns"` - SanRequireDomainDns *bool `pulumi:"sanRequireDomainDns"` - SanRequireEmail *bool `pulumi:"sanRequireEmail"` - SanRequireSpn *bool `pulumi:"sanRequireSpn"` - SanRequireUpn *bool `pulumi:"sanRequireUpn"` -} +type TemplateSubjectNameFlagsV2PtrOutput struct{ *pulumi.OutputState } -// TemplateSubjectNameFlagsV3Input is an input type that accepts TemplateSubjectNameFlagsV3Args and TemplateSubjectNameFlagsV3Output values. -// You can construct a concrete instance of `TemplateSubjectNameFlagsV3Input` via: -// -// TemplateSubjectNameFlagsV3Args{...} -type TemplateSubjectNameFlagsV3Input interface { - pulumi.Input +func (TemplateSubjectNameFlagsV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateSubjectNameFlagsV2)(nil)).Elem() +} - ToTemplateSubjectNameFlagsV3Output() TemplateSubjectNameFlagsV3Output - ToTemplateSubjectNameFlagsV3OutputWithContext(context.Context) TemplateSubjectNameFlagsV3Output +func (o TemplateSubjectNameFlagsV2PtrOutput) ToTemplateSubjectNameFlagsV2PtrOutput() TemplateSubjectNameFlagsV2PtrOutput { + return o } -type TemplateSubjectNameFlagsV3Args struct { - RequireCommonName pulumi.BoolPtrInput `pulumi:"requireCommonName"` - RequireDirectoryPath pulumi.BoolPtrInput `pulumi:"requireDirectoryPath"` - RequireDnsAsCn pulumi.BoolPtrInput `pulumi:"requireDnsAsCn"` - RequireEmail pulumi.BoolPtrInput `pulumi:"requireEmail"` - SanRequireDirectoryGuid pulumi.BoolPtrInput `pulumi:"sanRequireDirectoryGuid"` - SanRequireDns pulumi.BoolPtrInput `pulumi:"sanRequireDns"` - SanRequireDomainDns pulumi.BoolPtrInput `pulumi:"sanRequireDomainDns"` - SanRequireEmail pulumi.BoolPtrInput `pulumi:"sanRequireEmail"` - SanRequireSpn pulumi.BoolPtrInput `pulumi:"sanRequireSpn"` - SanRequireUpn pulumi.BoolPtrInput `pulumi:"sanRequireUpn"` +func (o TemplateSubjectNameFlagsV2PtrOutput) ToTemplateSubjectNameFlagsV2PtrOutputWithContext(ctx context.Context) TemplateSubjectNameFlagsV2PtrOutput { + return o } -func (TemplateSubjectNameFlagsV3Args) ElementType() reflect.Type { - return reflect.TypeOf((*TemplateSubjectNameFlagsV3)(nil)).Elem() +func (o TemplateSubjectNameFlagsV2PtrOutput) Elem() TemplateSubjectNameFlagsV2Output { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) TemplateSubjectNameFlagsV2 { + if v != nil { + return *v + } + var ret TemplateSubjectNameFlagsV2 + return ret + }).(TemplateSubjectNameFlagsV2Output) } -func (i TemplateSubjectNameFlagsV3Args) ToTemplateSubjectNameFlagsV3Output() TemplateSubjectNameFlagsV3Output { - return i.ToTemplateSubjectNameFlagsV3OutputWithContext(context.Background()) +func (o TemplateSubjectNameFlagsV2PtrOutput) RequireCommonName() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.RequireCommonName + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) RequireDirectoryPath() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.RequireDirectoryPath + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) RequireDnsAsCn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.RequireDnsAsCn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) RequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.RequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireDirectoryGuid() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireDirectoryGuid + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireDomainDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireDomainDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireSpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireSpn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV2PtrOutput) SanRequireUpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV2) *bool { + if v == nil { + return nil + } + return v.SanRequireUpn + }).(pulumi.BoolPtrOutput) +} + +type TemplateSubjectNameFlagsV3 struct { + RequireCommonName *bool `pulumi:"requireCommonName"` + RequireDirectoryPath *bool `pulumi:"requireDirectoryPath"` + RequireDnsAsCn *bool `pulumi:"requireDnsAsCn"` + RequireEmail *bool `pulumi:"requireEmail"` + SanRequireDirectoryGuid *bool `pulumi:"sanRequireDirectoryGuid"` + SanRequireDns *bool `pulumi:"sanRequireDns"` + SanRequireDomainDns *bool `pulumi:"sanRequireDomainDns"` + SanRequireEmail *bool `pulumi:"sanRequireEmail"` + SanRequireSpn *bool `pulumi:"sanRequireSpn"` + SanRequireUpn *bool `pulumi:"sanRequireUpn"` +} + +// TemplateSubjectNameFlagsV3Input is an input type that accepts TemplateSubjectNameFlagsV3Args and TemplateSubjectNameFlagsV3Output values. +// You can construct a concrete instance of `TemplateSubjectNameFlagsV3Input` via: +// +// TemplateSubjectNameFlagsV3Args{...} +type TemplateSubjectNameFlagsV3Input interface { + pulumi.Input + + ToTemplateSubjectNameFlagsV3Output() TemplateSubjectNameFlagsV3Output + ToTemplateSubjectNameFlagsV3OutputWithContext(context.Context) TemplateSubjectNameFlagsV3Output +} + +type TemplateSubjectNameFlagsV3Args struct { + RequireCommonName pulumi.BoolPtrInput `pulumi:"requireCommonName"` + RequireDirectoryPath pulumi.BoolPtrInput `pulumi:"requireDirectoryPath"` + RequireDnsAsCn pulumi.BoolPtrInput `pulumi:"requireDnsAsCn"` + RequireEmail pulumi.BoolPtrInput `pulumi:"requireEmail"` + SanRequireDirectoryGuid pulumi.BoolPtrInput `pulumi:"sanRequireDirectoryGuid"` + SanRequireDns pulumi.BoolPtrInput `pulumi:"sanRequireDns"` + SanRequireDomainDns pulumi.BoolPtrInput `pulumi:"sanRequireDomainDns"` + SanRequireEmail pulumi.BoolPtrInput `pulumi:"sanRequireEmail"` + SanRequireSpn pulumi.BoolPtrInput `pulumi:"sanRequireSpn"` + SanRequireUpn pulumi.BoolPtrInput `pulumi:"sanRequireUpn"` +} + +func (TemplateSubjectNameFlagsV3Args) ElementType() reflect.Type { + return reflect.TypeOf((*TemplateSubjectNameFlagsV3)(nil)).Elem() +} + +func (i TemplateSubjectNameFlagsV3Args) ToTemplateSubjectNameFlagsV3Output() TemplateSubjectNameFlagsV3Output { + return i.ToTemplateSubjectNameFlagsV3OutputWithContext(context.Background()) } func (i TemplateSubjectNameFlagsV3Args) ToTemplateSubjectNameFlagsV3OutputWithContext(ctx context.Context) TemplateSubjectNameFlagsV3Output { @@ -2304,6 +3507,120 @@ func (o TemplateSubjectNameFlagsV3Output) SanRequireUpn() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateSubjectNameFlagsV3) *bool { return v.SanRequireUpn }).(pulumi.BoolPtrOutput) } +type TemplateSubjectNameFlagsV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplateSubjectNameFlagsV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateSubjectNameFlagsV3)(nil)).Elem() +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) ToTemplateSubjectNameFlagsV3PtrOutput() TemplateSubjectNameFlagsV3PtrOutput { + return o +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) ToTemplateSubjectNameFlagsV3PtrOutputWithContext(ctx context.Context) TemplateSubjectNameFlagsV3PtrOutput { + return o +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) Elem() TemplateSubjectNameFlagsV3Output { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) TemplateSubjectNameFlagsV3 { + if v != nil { + return *v + } + var ret TemplateSubjectNameFlagsV3 + return ret + }).(TemplateSubjectNameFlagsV3Output) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) RequireCommonName() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.RequireCommonName + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) RequireDirectoryPath() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.RequireDirectoryPath + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) RequireDnsAsCn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.RequireDnsAsCn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) RequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.RequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireDirectoryGuid() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireDirectoryGuid + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireDomainDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireDomainDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireSpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireSpn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV3PtrOutput) SanRequireUpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV3) *bool { + if v == nil { + return nil + } + return v.SanRequireUpn + }).(pulumi.BoolPtrOutput) +} + type TemplateSubjectNameFlagsV4 struct { RequireCommonName *bool `pulumi:"requireCommonName"` RequireDirectoryPath *bool `pulumi:"requireDirectoryPath"` @@ -2407,6 +3724,120 @@ func (o TemplateSubjectNameFlagsV4Output) SanRequireUpn() pulumi.BoolPtrOutput { return o.ApplyT(func(v TemplateSubjectNameFlagsV4) *bool { return v.SanRequireUpn }).(pulumi.BoolPtrOutput) } +type TemplateSubjectNameFlagsV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplateSubjectNameFlagsV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateSubjectNameFlagsV4)(nil)).Elem() +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) ToTemplateSubjectNameFlagsV4PtrOutput() TemplateSubjectNameFlagsV4PtrOutput { + return o +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) ToTemplateSubjectNameFlagsV4PtrOutputWithContext(ctx context.Context) TemplateSubjectNameFlagsV4PtrOutput { + return o +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) Elem() TemplateSubjectNameFlagsV4Output { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) TemplateSubjectNameFlagsV4 { + if v != nil { + return *v + } + var ret TemplateSubjectNameFlagsV4 + return ret + }).(TemplateSubjectNameFlagsV4Output) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) RequireCommonName() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireCommonName + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) RequireDirectoryPath() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireDirectoryPath + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) RequireDnsAsCn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireDnsAsCn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) RequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.RequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireDirectoryGuid() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireDirectoryGuid + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireDomainDns() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireDomainDns + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireEmail() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireEmail + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireSpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireSpn + }).(pulumi.BoolPtrOutput) +} + +func (o TemplateSubjectNameFlagsV4PtrOutput) SanRequireUpn() pulumi.BoolPtrOutput { + return o.ApplyT(func(v *TemplateSubjectNameFlagsV4) *bool { + if v == nil { + return nil + } + return v.SanRequireUpn + }).(pulumi.BoolPtrOutput) +} + type TemplateV2 struct { CertificateValidity TemplateCertificateValidity `pulumi:"certificateValidity"` EnrollmentFlags TemplateEnrollmentFlagsV2 `pulumi:"enrollmentFlags"` @@ -2498,6 +3929,102 @@ func (o TemplateV2Output) SupersededTemplates() pulumi.StringArrayOutput { return o.ApplyT(func(v TemplateV2) []string { return v.SupersededTemplates }).(pulumi.StringArrayOutput) } +type TemplateV2PtrOutput struct{ *pulumi.OutputState } + +func (TemplateV2PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateV2)(nil)).Elem() +} + +func (o TemplateV2PtrOutput) ToTemplateV2PtrOutput() TemplateV2PtrOutput { + return o +} + +func (o TemplateV2PtrOutput) ToTemplateV2PtrOutputWithContext(ctx context.Context) TemplateV2PtrOutput { + return o +} + +func (o TemplateV2PtrOutput) Elem() TemplateV2Output { + return o.ApplyT(func(v *TemplateV2) TemplateV2 { + if v != nil { + return *v + } + var ret TemplateV2 + return ret + }).(TemplateV2Output) +} + +func (o TemplateV2PtrOutput) CertificateValidity() TemplateCertificateValidityPtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplateCertificateValidity { + if v == nil { + return nil + } + return &v.CertificateValidity + }).(TemplateCertificateValidityPtrOutput) +} + +func (o TemplateV2PtrOutput) EnrollmentFlags() TemplateEnrollmentFlagsV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplateEnrollmentFlagsV2 { + if v == nil { + return nil + } + return &v.EnrollmentFlags + }).(TemplateEnrollmentFlagsV2PtrOutput) +} + +func (o TemplateV2PtrOutput) Extensions() TemplateExtensionsV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplateExtensionsV2 { + if v == nil { + return nil + } + return &v.Extensions + }).(TemplateExtensionsV2PtrOutput) +} + +func (o TemplateV2PtrOutput) GeneralFlags() TemplateGeneralFlagsV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplateGeneralFlagsV2 { + if v == nil { + return nil + } + return &v.GeneralFlags + }).(TemplateGeneralFlagsV2PtrOutput) +} + +func (o TemplateV2PtrOutput) PrivateKeyAttributes() TemplatePrivateKeyAttributesV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplatePrivateKeyAttributesV2 { + if v == nil { + return nil + } + return &v.PrivateKeyAttributes + }).(TemplatePrivateKeyAttributesV2PtrOutput) +} + +func (o TemplateV2PtrOutput) PrivateKeyFlags() TemplatePrivateKeyFlagsV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplatePrivateKeyFlagsV2 { + if v == nil { + return nil + } + return &v.PrivateKeyFlags + }).(TemplatePrivateKeyFlagsV2PtrOutput) +} + +func (o TemplateV2PtrOutput) SubjectNameFlags() TemplateSubjectNameFlagsV2PtrOutput { + return o.ApplyT(func(v *TemplateV2) *TemplateSubjectNameFlagsV2 { + if v == nil { + return nil + } + return &v.SubjectNameFlags + }).(TemplateSubjectNameFlagsV2PtrOutput) +} + +func (o TemplateV2PtrOutput) SupersededTemplates() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplateV2) []string { + if v == nil { + return nil + } + return v.SupersededTemplates + }).(pulumi.StringArrayOutput) +} + type TemplateV3 struct { CertificateValidity TemplateCertificateValidity `pulumi:"certificateValidity"` EnrollmentFlags TemplateEnrollmentFlagsV3 `pulumi:"enrollmentFlags"` @@ -2595,6 +4122,111 @@ func (o TemplateV3Output) SupersededTemplates() pulumi.StringArrayOutput { return o.ApplyT(func(v TemplateV3) []string { return v.SupersededTemplates }).(pulumi.StringArrayOutput) } +type TemplateV3PtrOutput struct{ *pulumi.OutputState } + +func (TemplateV3PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateV3)(nil)).Elem() +} + +func (o TemplateV3PtrOutput) ToTemplateV3PtrOutput() TemplateV3PtrOutput { + return o +} + +func (o TemplateV3PtrOutput) ToTemplateV3PtrOutputWithContext(ctx context.Context) TemplateV3PtrOutput { + return o +} + +func (o TemplateV3PtrOutput) Elem() TemplateV3Output { + return o.ApplyT(func(v *TemplateV3) TemplateV3 { + if v != nil { + return *v + } + var ret TemplateV3 + return ret + }).(TemplateV3Output) +} + +func (o TemplateV3PtrOutput) CertificateValidity() TemplateCertificateValidityPtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateCertificateValidity { + if v == nil { + return nil + } + return &v.CertificateValidity + }).(TemplateCertificateValidityPtrOutput) +} + +func (o TemplateV3PtrOutput) EnrollmentFlags() TemplateEnrollmentFlagsV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateEnrollmentFlagsV3 { + if v == nil { + return nil + } + return &v.EnrollmentFlags + }).(TemplateEnrollmentFlagsV3PtrOutput) +} + +func (o TemplateV3PtrOutput) Extensions() TemplateExtensionsV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateExtensionsV3 { + if v == nil { + return nil + } + return &v.Extensions + }).(TemplateExtensionsV3PtrOutput) +} + +func (o TemplateV3PtrOutput) GeneralFlags() TemplateGeneralFlagsV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateGeneralFlagsV3 { + if v == nil { + return nil + } + return &v.GeneralFlags + }).(TemplateGeneralFlagsV3PtrOutput) +} + +func (o TemplateV3PtrOutput) HashAlgorithm() TemplateHashAlgorithmPtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateHashAlgorithm { + if v == nil { + return nil + } + return &v.HashAlgorithm + }).(TemplateHashAlgorithmPtrOutput) +} + +func (o TemplateV3PtrOutput) PrivateKeyAttributes() TemplatePrivateKeyAttributesV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplatePrivateKeyAttributesV3 { + if v == nil { + return nil + } + return &v.PrivateKeyAttributes + }).(TemplatePrivateKeyAttributesV3PtrOutput) +} + +func (o TemplateV3PtrOutput) PrivateKeyFlags() TemplatePrivateKeyFlagsV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplatePrivateKeyFlagsV3 { + if v == nil { + return nil + } + return &v.PrivateKeyFlags + }).(TemplatePrivateKeyFlagsV3PtrOutput) +} + +func (o TemplateV3PtrOutput) SubjectNameFlags() TemplateSubjectNameFlagsV3PtrOutput { + return o.ApplyT(func(v *TemplateV3) *TemplateSubjectNameFlagsV3 { + if v == nil { + return nil + } + return &v.SubjectNameFlags + }).(TemplateSubjectNameFlagsV3PtrOutput) +} + +func (o TemplateV3PtrOutput) SupersededTemplates() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplateV3) []string { + if v == nil { + return nil + } + return v.SupersededTemplates + }).(pulumi.StringArrayOutput) +} + type TemplateV4 struct { CertificateValidity TemplateCertificateValidity `pulumi:"certificateValidity"` EnrollmentFlags TemplateEnrollmentFlagsV4 `pulumi:"enrollmentFlags"` @@ -2692,6 +4324,111 @@ func (o TemplateV4Output) SupersededTemplates() pulumi.StringArrayOutput { return o.ApplyT(func(v TemplateV4) []string { return v.SupersededTemplates }).(pulumi.StringArrayOutput) } +type TemplateV4PtrOutput struct{ *pulumi.OutputState } + +func (TemplateV4PtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateV4)(nil)).Elem() +} + +func (o TemplateV4PtrOutput) ToTemplateV4PtrOutput() TemplateV4PtrOutput { + return o +} + +func (o TemplateV4PtrOutput) ToTemplateV4PtrOutputWithContext(ctx context.Context) TemplateV4PtrOutput { + return o +} + +func (o TemplateV4PtrOutput) Elem() TemplateV4Output { + return o.ApplyT(func(v *TemplateV4) TemplateV4 { + if v != nil { + return *v + } + var ret TemplateV4 + return ret + }).(TemplateV4Output) +} + +func (o TemplateV4PtrOutput) CertificateValidity() TemplateCertificateValidityPtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateCertificateValidity { + if v == nil { + return nil + } + return &v.CertificateValidity + }).(TemplateCertificateValidityPtrOutput) +} + +func (o TemplateV4PtrOutput) EnrollmentFlags() TemplateEnrollmentFlagsV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateEnrollmentFlagsV4 { + if v == nil { + return nil + } + return &v.EnrollmentFlags + }).(TemplateEnrollmentFlagsV4PtrOutput) +} + +func (o TemplateV4PtrOutput) Extensions() TemplateExtensionsV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateExtensionsV4 { + if v == nil { + return nil + } + return &v.Extensions + }).(TemplateExtensionsV4PtrOutput) +} + +func (o TemplateV4PtrOutput) GeneralFlags() TemplateGeneralFlagsV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateGeneralFlagsV4 { + if v == nil { + return nil + } + return &v.GeneralFlags + }).(TemplateGeneralFlagsV4PtrOutput) +} + +func (o TemplateV4PtrOutput) HashAlgorithm() TemplateHashAlgorithmPtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateHashAlgorithm { + if v == nil { + return nil + } + return v.HashAlgorithm + }).(TemplateHashAlgorithmPtrOutput) +} + +func (o TemplateV4PtrOutput) PrivateKeyAttributes() TemplatePrivateKeyAttributesV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplatePrivateKeyAttributesV4 { + if v == nil { + return nil + } + return &v.PrivateKeyAttributes + }).(TemplatePrivateKeyAttributesV4PtrOutput) +} + +func (o TemplateV4PtrOutput) PrivateKeyFlags() TemplatePrivateKeyFlagsV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplatePrivateKeyFlagsV4 { + if v == nil { + return nil + } + return &v.PrivateKeyFlags + }).(TemplatePrivateKeyFlagsV4PtrOutput) +} + +func (o TemplateV4PtrOutput) SubjectNameFlags() TemplateSubjectNameFlagsV4PtrOutput { + return o.ApplyT(func(v *TemplateV4) *TemplateSubjectNameFlagsV4 { + if v == nil { + return nil + } + return &v.SubjectNameFlags + }).(TemplateSubjectNameFlagsV4PtrOutput) +} + +func (o TemplateV4PtrOutput) SupersededTemplates() pulumi.StringArrayOutput { + return o.ApplyT(func(v *TemplateV4) []string { + if v == nil { + return nil + } + return v.SupersededTemplates + }).(pulumi.StringArrayOutput) +} + type TemplateValidityPeriod struct { Period float64 `pulumi:"period"` PeriodType TemplateValidityPeriodType `pulumi:"periodType"` @@ -2747,6 +4484,48 @@ func (o TemplateValidityPeriodOutput) PeriodType() TemplateValidityPeriodTypeOut return o.ApplyT(func(v TemplateValidityPeriod) TemplateValidityPeriodType { return v.PeriodType }).(TemplateValidityPeriodTypeOutput) } +type TemplateValidityPeriodPtrOutput struct{ *pulumi.OutputState } + +func (TemplateValidityPeriodPtrOutput) ElementType() reflect.Type { + return reflect.TypeOf((**TemplateValidityPeriod)(nil)).Elem() +} + +func (o TemplateValidityPeriodPtrOutput) ToTemplateValidityPeriodPtrOutput() TemplateValidityPeriodPtrOutput { + return o +} + +func (o TemplateValidityPeriodPtrOutput) ToTemplateValidityPeriodPtrOutputWithContext(ctx context.Context) TemplateValidityPeriodPtrOutput { + return o +} + +func (o TemplateValidityPeriodPtrOutput) Elem() TemplateValidityPeriodOutput { + return o.ApplyT(func(v *TemplateValidityPeriod) TemplateValidityPeriod { + if v != nil { + return *v + } + var ret TemplateValidityPeriod + return ret + }).(TemplateValidityPeriodOutput) +} + +func (o TemplateValidityPeriodPtrOutput) Period() pulumi.Float64PtrOutput { + return o.ApplyT(func(v *TemplateValidityPeriod) *float64 { + if v == nil { + return nil + } + return &v.Period + }).(pulumi.Float64PtrOutput) +} + +func (o TemplateValidityPeriodPtrOutput) PeriodType() TemplateValidityPeriodTypePtrOutput { + return o.ApplyT(func(v *TemplateValidityPeriod) *TemplateValidityPeriodType { + if v == nil { + return nil + } + return &v.PeriodType + }).(TemplateValidityPeriodTypePtrOutput) +} + func init() { pulumi.RegisterInputType(reflect.TypeOf((*ConnectorVpcInformationInput)(nil)).Elem(), ConnectorVpcInformationArgs{}) pulumi.RegisterInputType(reflect.TypeOf((*TemplateApplicationPoliciesInput)(nil)).Elem(), TemplateApplicationPoliciesArgs{}) @@ -2794,21 +4573,36 @@ func init() { pulumi.RegisterOutputType(TemplateApplicationPolicy0PropertiesOutput{}) pulumi.RegisterOutputType(TemplateApplicationPolicy1PropertiesOutput{}) pulumi.RegisterOutputType(TemplateCertificateValidityOutput{}) + pulumi.RegisterOutputType(TemplateCertificateValidityPtrOutput{}) pulumi.RegisterOutputType(TemplateDefinition0PropertiesOutput{}) + pulumi.RegisterOutputType(TemplateDefinition0PropertiesPtrOutput{}) pulumi.RegisterOutputType(TemplateDefinition1PropertiesOutput{}) + pulumi.RegisterOutputType(TemplateDefinition1PropertiesPtrOutput{}) pulumi.RegisterOutputType(TemplateDefinition2PropertiesOutput{}) + pulumi.RegisterOutputType(TemplateDefinition2PropertiesPtrOutput{}) pulumi.RegisterOutputType(TemplateEnrollmentFlagsV2Output{}) + pulumi.RegisterOutputType(TemplateEnrollmentFlagsV2PtrOutput{}) pulumi.RegisterOutputType(TemplateEnrollmentFlagsV3Output{}) + pulumi.RegisterOutputType(TemplateEnrollmentFlagsV3PtrOutput{}) pulumi.RegisterOutputType(TemplateEnrollmentFlagsV4Output{}) + pulumi.RegisterOutputType(TemplateEnrollmentFlagsV4PtrOutput{}) pulumi.RegisterOutputType(TemplateExtensionsV2Output{}) + pulumi.RegisterOutputType(TemplateExtensionsV2PtrOutput{}) pulumi.RegisterOutputType(TemplateExtensionsV3Output{}) + pulumi.RegisterOutputType(TemplateExtensionsV3PtrOutput{}) pulumi.RegisterOutputType(TemplateExtensionsV4Output{}) + pulumi.RegisterOutputType(TemplateExtensionsV4PtrOutput{}) pulumi.RegisterOutputType(TemplateGeneralFlagsV2Output{}) + pulumi.RegisterOutputType(TemplateGeneralFlagsV2PtrOutput{}) pulumi.RegisterOutputType(TemplateGeneralFlagsV3Output{}) + pulumi.RegisterOutputType(TemplateGeneralFlagsV3PtrOutput{}) pulumi.RegisterOutputType(TemplateGeneralFlagsV4Output{}) + pulumi.RegisterOutputType(TemplateGeneralFlagsV4PtrOutput{}) pulumi.RegisterOutputType(TemplateGroupAccessControlEntryAccessRightsOutput{}) pulumi.RegisterOutputType(TemplateKeyUsageOutput{}) + pulumi.RegisterOutputType(TemplateKeyUsagePtrOutput{}) pulumi.RegisterOutputType(TemplateKeyUsageFlagsOutput{}) + pulumi.RegisterOutputType(TemplateKeyUsageFlagsPtrOutput{}) pulumi.RegisterOutputType(TemplateKeyUsageProperty0PropertiesOutput{}) pulumi.RegisterOutputType(TemplateKeyUsageProperty0PropertiesPtrOutput{}) pulumi.RegisterOutputType(TemplateKeyUsageProperty1PropertiesOutput{}) @@ -2816,16 +4610,29 @@ func init() { pulumi.RegisterOutputType(TemplateKeyUsagePropertyFlagsOutput{}) pulumi.RegisterOutputType(TemplateKeyUsagePropertyFlagsPtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV2Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV2PtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV3Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV3PtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV4Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyAttributesV4PtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV2Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV2PtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV3Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV3PtrOutput{}) pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV4Output{}) + pulumi.RegisterOutputType(TemplatePrivateKeyFlagsV4PtrOutput{}) pulumi.RegisterOutputType(TemplateSubjectNameFlagsV2Output{}) + pulumi.RegisterOutputType(TemplateSubjectNameFlagsV2PtrOutput{}) pulumi.RegisterOutputType(TemplateSubjectNameFlagsV3Output{}) + pulumi.RegisterOutputType(TemplateSubjectNameFlagsV3PtrOutput{}) pulumi.RegisterOutputType(TemplateSubjectNameFlagsV4Output{}) + pulumi.RegisterOutputType(TemplateSubjectNameFlagsV4PtrOutput{}) pulumi.RegisterOutputType(TemplateV2Output{}) + pulumi.RegisterOutputType(TemplateV2PtrOutput{}) pulumi.RegisterOutputType(TemplateV3Output{}) + pulumi.RegisterOutputType(TemplateV3PtrOutput{}) pulumi.RegisterOutputType(TemplateV4Output{}) + pulumi.RegisterOutputType(TemplateV4PtrOutput{}) pulumi.RegisterOutputType(TemplateValidityPeriodOutput{}) + pulumi.RegisterOutputType(TemplateValidityPeriodPtrOutput{}) } diff --git a/sdk/go/aws/qbusiness/getWebExperience.go b/sdk/go/aws/qbusiness/getWebExperience.go index 59f0a443ba..594ba81bd1 100644 --- a/sdk/go/aws/qbusiness/getWebExperience.go +++ b/sdk/go/aws/qbusiness/getWebExperience.go @@ -37,7 +37,10 @@ type LookupWebExperienceResult struct { DefaultEndpoint *string `pulumi:"defaultEndpoint"` // Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. IdentityProviderConfiguration interface{} `pulumi:"identityProviderConfiguration"` - Origins []string `pulumi:"origins"` + // Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + // + // > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + Origins []string `pulumi:"origins"` // The Amazon Resource Name (ARN) of the service role attached to your web experience. // // > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -121,6 +124,9 @@ func (o LookupWebExperienceResultOutput) IdentityProviderConfiguration() pulumi. return o.ApplyT(func(v LookupWebExperienceResult) interface{} { return v.IdentityProviderConfiguration }).(pulumi.AnyOutput) } +// Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). +// +// > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . func (o LookupWebExperienceResultOutput) Origins() pulumi.StringArrayOutput { return o.ApplyT(func(v LookupWebExperienceResult) []string { return v.Origins }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/aws/qbusiness/webExperience.go b/sdk/go/aws/qbusiness/webExperience.go index 41c0c6cdbb..e0c25969fa 100644 --- a/sdk/go/aws/qbusiness/webExperience.go +++ b/sdk/go/aws/qbusiness/webExperience.go @@ -24,8 +24,11 @@ type WebExperience struct { // The endpoint URLs for your Amazon Q Business web experience. The URLs are unique and fully hosted by AWS . DefaultEndpoint pulumi.StringOutput `pulumi:"defaultEndpoint"` // Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. - IdentityProviderConfiguration pulumi.AnyOutput `pulumi:"identityProviderConfiguration"` - Origins pulumi.StringArrayOutput `pulumi:"origins"` + IdentityProviderConfiguration pulumi.AnyOutput `pulumi:"identityProviderConfiguration"` + // Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + // + // > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + Origins pulumi.StringArrayOutput `pulumi:"origins"` // The Amazon Resource Name (ARN) of the service role attached to your web experience. // // > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -101,7 +104,10 @@ type webExperienceArgs struct { ApplicationId string `pulumi:"applicationId"` // Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. IdentityProviderConfiguration interface{} `pulumi:"identityProviderConfiguration"` - Origins []string `pulumi:"origins"` + // Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + // + // > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + Origins []string `pulumi:"origins"` // The Amazon Resource Name (ARN) of the service role attached to your web experience. // // > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -124,7 +130,10 @@ type WebExperienceArgs struct { ApplicationId pulumi.StringInput // Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. IdentityProviderConfiguration pulumi.Input - Origins pulumi.StringArrayInput + // Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + // + // > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + Origins pulumi.StringArrayInput // The Amazon Resource Name (ARN) of the service role attached to your web experience. // // > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -198,6 +207,9 @@ func (o WebExperienceOutput) IdentityProviderConfiguration() pulumi.AnyOutput { return o.ApplyT(func(v *WebExperience) pulumi.AnyOutput { return v.IdentityProviderConfiguration }).(pulumi.AnyOutput) } +// Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). +// +// > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . func (o WebExperienceOutput) Origins() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebExperience) pulumi.StringArrayOutput { return v.Origins }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/aws/redshift/getIntegration.go b/sdk/go/aws/redshift/getIntegration.go new file mode 100644 index 0000000000..87a6a245d4 --- /dev/null +++ b/sdk/go/aws/redshift/getIntegration.go @@ -0,0 +1,106 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package redshift + +import ( + "context" + "reflect" + + "github.com/pulumi/pulumi-aws-native/sdk/go/aws" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Integration from a source AWS service to a Redshift cluster +func LookupIntegration(ctx *pulumi.Context, args *LookupIntegrationArgs, opts ...pulumi.InvokeOption) (*LookupIntegrationResult, error) { + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupIntegrationResult + err := ctx.Invoke("aws-native:redshift:getIntegration", args, &rv, opts...) + if err != nil { + return nil, err + } + return &rv, nil +} + +type LookupIntegrationArgs struct { + // The Amazon Resource Name (ARN) of the integration. + IntegrationArn string `pulumi:"integrationArn"` +} + +type LookupIntegrationResult struct { + // The time (UTC) when the integration was created. + CreateTime *string `pulumi:"createTime"` + // The Amazon Resource Name (ARN) of the integration. + IntegrationArn *string `pulumi:"integrationArn"` + // The name of the integration. + IntegrationName *string `pulumi:"integrationName"` + // An array of key-value pairs to apply to this resource. + Tags []aws.Tag `pulumi:"tags"` +} + +func LookupIntegrationOutput(ctx *pulumi.Context, args LookupIntegrationOutputArgs, opts ...pulumi.InvokeOption) LookupIntegrationResultOutput { + return pulumi.ToOutputWithContext(context.Background(), args). + ApplyT(func(v interface{}) (LookupIntegrationResultOutput, error) { + args := v.(LookupIntegrationArgs) + opts = internal.PkgInvokeDefaultOpts(opts) + var rv LookupIntegrationResult + secret, err := ctx.InvokePackageRaw("aws-native:redshift:getIntegration", args, &rv, "", opts...) + if err != nil { + return LookupIntegrationResultOutput{}, err + } + + output := pulumi.ToOutput(rv).(LookupIntegrationResultOutput) + if secret { + return pulumi.ToSecret(output).(LookupIntegrationResultOutput), nil + } + return output, nil + }).(LookupIntegrationResultOutput) +} + +type LookupIntegrationOutputArgs struct { + // The Amazon Resource Name (ARN) of the integration. + IntegrationArn pulumi.StringInput `pulumi:"integrationArn"` +} + +func (LookupIntegrationOutputArgs) ElementType() reflect.Type { + return reflect.TypeOf((*LookupIntegrationArgs)(nil)).Elem() +} + +type LookupIntegrationResultOutput struct{ *pulumi.OutputState } + +func (LookupIntegrationResultOutput) ElementType() reflect.Type { + return reflect.TypeOf((*LookupIntegrationResult)(nil)).Elem() +} + +func (o LookupIntegrationResultOutput) ToLookupIntegrationResultOutput() LookupIntegrationResultOutput { + return o +} + +func (o LookupIntegrationResultOutput) ToLookupIntegrationResultOutputWithContext(ctx context.Context) LookupIntegrationResultOutput { + return o +} + +// The time (UTC) when the integration was created. +func (o LookupIntegrationResultOutput) CreateTime() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupIntegrationResult) *string { return v.CreateTime }).(pulumi.StringPtrOutput) +} + +// The Amazon Resource Name (ARN) of the integration. +func (o LookupIntegrationResultOutput) IntegrationArn() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupIntegrationResult) *string { return v.IntegrationArn }).(pulumi.StringPtrOutput) +} + +// The name of the integration. +func (o LookupIntegrationResultOutput) IntegrationName() pulumi.StringPtrOutput { + return o.ApplyT(func(v LookupIntegrationResult) *string { return v.IntegrationName }).(pulumi.StringPtrOutput) +} + +// An array of key-value pairs to apply to this resource. +func (o LookupIntegrationResultOutput) Tags() aws.TagArrayOutput { + return o.ApplyT(func(v LookupIntegrationResult) []aws.Tag { return v.Tags }).(aws.TagArrayOutput) +} + +func init() { + pulumi.RegisterOutputType(LookupIntegrationResultOutput{}) +} diff --git a/sdk/go/aws/redshift/init.go b/sdk/go/aws/redshift/init.go index 076e86937b..0e5b3f07c2 100644 --- a/sdk/go/aws/redshift/init.go +++ b/sdk/go/aws/redshift/init.go @@ -33,6 +33,8 @@ func (m *module) Construct(ctx *pulumi.Context, name, typ, urn string) (r pulumi r = &EndpointAuthorization{} case "aws-native:redshift:EventSubscription": r = &EventSubscription{} + case "aws-native:redshift:Integration": + r = &Integration{} case "aws-native:redshift:ScheduledAction": r = &ScheduledAction{} default: diff --git a/sdk/go/aws/redshift/integration.go b/sdk/go/aws/redshift/integration.go new file mode 100644 index 0000000000..64e738fc9d --- /dev/null +++ b/sdk/go/aws/redshift/integration.go @@ -0,0 +1,197 @@ +// Code generated by pulumi-language-go DO NOT EDIT. +// *** WARNING: Do not edit by hand unless you're certain you know what you are doing! *** + +package redshift + +import ( + "context" + "reflect" + + "errors" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws" + "github.com/pulumi/pulumi-aws-native/sdk/go/aws/internal" + "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +) + +// Integration from a source AWS service to a Redshift cluster +type Integration struct { + pulumi.CustomResourceState + + AdditionalEncryptionContext pulumi.StringMapOutput `pulumi:"additionalEncryptionContext"` + // The time (UTC) when the integration was created. + CreateTime pulumi.StringOutput `pulumi:"createTime"` + // The Amazon Resource Name (ARN) of the integration. + IntegrationArn pulumi.StringOutput `pulumi:"integrationArn"` + // The name of the integration. + IntegrationName pulumi.StringPtrOutput `pulumi:"integrationName"` + // An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + KmsKeyId pulumi.StringPtrOutput `pulumi:"kmsKeyId"` + // The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + SourceArn pulumi.StringOutput `pulumi:"sourceArn"` + // An array of key-value pairs to apply to this resource. + Tags aws.TagArrayOutput `pulumi:"tags"` + // The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + TargetArn pulumi.StringOutput `pulumi:"targetArn"` +} + +// NewIntegration registers a new resource with the given unique name, arguments, and options. +func NewIntegration(ctx *pulumi.Context, + name string, args *IntegrationArgs, opts ...pulumi.ResourceOption) (*Integration, error) { + if args == nil { + return nil, errors.New("missing one or more required arguments") + } + + if args.SourceArn == nil { + return nil, errors.New("invalid value for required argument 'SourceArn'") + } + if args.TargetArn == nil { + return nil, errors.New("invalid value for required argument 'TargetArn'") + } + replaceOnChanges := pulumi.ReplaceOnChanges([]string{ + "additionalEncryptionContext.*", + "kmsKeyId", + "sourceArn", + "targetArn", + }) + opts = append(opts, replaceOnChanges) + opts = internal.PkgResourceDefaultOpts(opts) + var resource Integration + err := ctx.RegisterResource("aws-native:redshift:Integration", name, args, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// GetIntegration gets an existing Integration resource's state with the given name, ID, and optional +// state properties that are used to uniquely qualify the lookup (nil if not required). +func GetIntegration(ctx *pulumi.Context, + name string, id pulumi.IDInput, state *IntegrationState, opts ...pulumi.ResourceOption) (*Integration, error) { + var resource Integration + err := ctx.ReadResource("aws-native:redshift:Integration", name, id, state, &resource, opts...) + if err != nil { + return nil, err + } + return &resource, nil +} + +// Input properties used for looking up and filtering Integration resources. +type integrationState struct { +} + +type IntegrationState struct { +} + +func (IntegrationState) ElementType() reflect.Type { + return reflect.TypeOf((*integrationState)(nil)).Elem() +} + +type integrationArgs struct { + AdditionalEncryptionContext map[string]string `pulumi:"additionalEncryptionContext"` + // The name of the integration. + IntegrationName *string `pulumi:"integrationName"` + // An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + KmsKeyId *string `pulumi:"kmsKeyId"` + // The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + SourceArn string `pulumi:"sourceArn"` + // An array of key-value pairs to apply to this resource. + Tags []aws.Tag `pulumi:"tags"` + // The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + TargetArn string `pulumi:"targetArn"` +} + +// The set of arguments for constructing a Integration resource. +type IntegrationArgs struct { + AdditionalEncryptionContext pulumi.StringMapInput + // The name of the integration. + IntegrationName pulumi.StringPtrInput + // An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + KmsKeyId pulumi.StringPtrInput + // The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + SourceArn pulumi.StringInput + // An array of key-value pairs to apply to this resource. + Tags aws.TagArrayInput + // The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + TargetArn pulumi.StringInput +} + +func (IntegrationArgs) ElementType() reflect.Type { + return reflect.TypeOf((*integrationArgs)(nil)).Elem() +} + +type IntegrationInput interface { + pulumi.Input + + ToIntegrationOutput() IntegrationOutput + ToIntegrationOutputWithContext(ctx context.Context) IntegrationOutput +} + +func (*Integration) ElementType() reflect.Type { + return reflect.TypeOf((**Integration)(nil)).Elem() +} + +func (i *Integration) ToIntegrationOutput() IntegrationOutput { + return i.ToIntegrationOutputWithContext(context.Background()) +} + +func (i *Integration) ToIntegrationOutputWithContext(ctx context.Context) IntegrationOutput { + return pulumi.ToOutputWithContext(ctx, i).(IntegrationOutput) +} + +type IntegrationOutput struct{ *pulumi.OutputState } + +func (IntegrationOutput) ElementType() reflect.Type { + return reflect.TypeOf((**Integration)(nil)).Elem() +} + +func (o IntegrationOutput) ToIntegrationOutput() IntegrationOutput { + return o +} + +func (o IntegrationOutput) ToIntegrationOutputWithContext(ctx context.Context) IntegrationOutput { + return o +} + +func (o IntegrationOutput) AdditionalEncryptionContext() pulumi.StringMapOutput { + return o.ApplyT(func(v *Integration) pulumi.StringMapOutput { return v.AdditionalEncryptionContext }).(pulumi.StringMapOutput) +} + +// The time (UTC) when the integration was created. +func (o IntegrationOutput) CreateTime() pulumi.StringOutput { + return o.ApplyT(func(v *Integration) pulumi.StringOutput { return v.CreateTime }).(pulumi.StringOutput) +} + +// The Amazon Resource Name (ARN) of the integration. +func (o IntegrationOutput) IntegrationArn() pulumi.StringOutput { + return o.ApplyT(func(v *Integration) pulumi.StringOutput { return v.IntegrationArn }).(pulumi.StringOutput) +} + +// The name of the integration. +func (o IntegrationOutput) IntegrationName() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Integration) pulumi.StringPtrOutput { return v.IntegrationName }).(pulumi.StringPtrOutput) +} + +// An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. +func (o IntegrationOutput) KmsKeyId() pulumi.StringPtrOutput { + return o.ApplyT(func(v *Integration) pulumi.StringPtrOutput { return v.KmsKeyId }).(pulumi.StringPtrOutput) +} + +// The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable +func (o IntegrationOutput) SourceArn() pulumi.StringOutput { + return o.ApplyT(func(v *Integration) pulumi.StringOutput { return v.SourceArn }).(pulumi.StringOutput) +} + +// An array of key-value pairs to apply to this resource. +func (o IntegrationOutput) Tags() aws.TagArrayOutput { + return o.ApplyT(func(v *Integration) aws.TagArrayOutput { return v.Tags }).(aws.TagArrayOutput) +} + +// The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf +func (o IntegrationOutput) TargetArn() pulumi.StringOutput { + return o.ApplyT(func(v *Integration) pulumi.StringOutput { return v.TargetArn }).(pulumi.StringOutput) +} + +func init() { + pulumi.RegisterInputType(reflect.TypeOf((*IntegrationInput)(nil)).Elem(), &Integration{}) + pulumi.RegisterOutputType(IntegrationOutput{}) +} diff --git a/sdk/go/aws/redshift/pulumiTypes.go b/sdk/go/aws/redshift/pulumiTypes.go index 5094d5f2e8..6ed7f1c3ea 100644 --- a/sdk/go/aws/redshift/pulumiTypes.go +++ b/sdk/go/aws/redshift/pulumiTypes.go @@ -649,6 +649,14 @@ type EventSubscriptionTag struct { Value string `pulumi:"value"` } +// A key-value pair to associate with a resource. +type IntegrationTag struct { + // The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. + Key string `pulumi:"key"` + // The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. + Value *string `pulumi:"value"` +} + type ScheduledActionType struct { } diff --git a/sdk/go/aws/s3/pulumiEnums.go b/sdk/go/aws/s3/pulumiEnums.go index c722d1ac20..79399f5801 100644 --- a/sdk/go/aws/s3/pulumiEnums.go +++ b/sdk/go/aws/s3/pulumiEnums.go @@ -4253,6 +4253,8 @@ func (in *bucketRuleStatusPtr) ToBucketRuleStatusPtrOutputWithContext(ctx contex } // Server-side encryption algorithm to use for the default encryption. +// +// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. type BucketServerSideEncryptionByDefaultSseAlgorithm string const ( diff --git a/sdk/go/aws/s3/pulumiTypes.go b/sdk/go/aws/s3/pulumiTypes.go index 0fe4aecf1f..ccbb58bc82 100644 --- a/sdk/go/aws/s3/pulumiTypes.go +++ b/sdk/go/aws/s3/pulumiTypes.go @@ -7626,21 +7626,28 @@ func (o BucketS3KeyFilterPtrOutput) Rules() BucketFilterRuleArrayOutput { }).(BucketFilterRuleArrayOutput) } -// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). +// - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (“aws/s3“) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. +// - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (“aws/s3“) isn't supported. +// - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. type BucketServerSideEncryptionByDefault struct { - // AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + // AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + // + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + // + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + // + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. // + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` // + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` // + Key Alias: ``alias/alias-name`` // - // If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - // If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - // Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + // If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + // + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + // + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + // + // Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. KmsMasterKeyId *string `pulumi:"kmsMasterKeyId"` // Server-side encryption algorithm to use for the default encryption. + // For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. SseAlgorithm BucketServerSideEncryptionByDefaultSseAlgorithm `pulumi:"sseAlgorithm"` } @@ -7655,21 +7662,28 @@ type BucketServerSideEncryptionByDefaultInput interface { ToBucketServerSideEncryptionByDefaultOutputWithContext(context.Context) BucketServerSideEncryptionByDefaultOutput } -// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). +// - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (“aws/s3“) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. +// - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (“aws/s3“) isn't supported. +// - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. type BucketServerSideEncryptionByDefaultArgs struct { - // AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + // AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + // + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + // + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + // + // You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. // + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` // + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` // + Key Alias: ``alias/alias-name`` // - // If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - // If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - // Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + // If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + // + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + // + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + // + // Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. KmsMasterKeyId pulumi.StringPtrInput `pulumi:"kmsMasterKeyId"` // Server-side encryption algorithm to use for the default encryption. + // For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. SseAlgorithm BucketServerSideEncryptionByDefaultSseAlgorithmInput `pulumi:"sseAlgorithm"` } @@ -7726,9 +7740,10 @@ func (i *bucketServerSideEncryptionByDefaultPtrType) ToBucketServerSideEncryptio return pulumi.ToOutputWithContext(ctx, i).(BucketServerSideEncryptionByDefaultPtrOutput) } -// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). +// - *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (“aws/s3“) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. +// - *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (“aws/s3“) isn't supported. +// - *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. type BucketServerSideEncryptionByDefaultOutput struct{ *pulumi.OutputState } func (BucketServerSideEncryptionByDefaultOutput) ElementType() reflect.Type { @@ -7753,21 +7768,34 @@ func (o BucketServerSideEncryptionByDefaultOutput) ToBucketServerSideEncryptionB }).(BucketServerSideEncryptionByDefaultPtrOutput) } -// AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“ or “aws:kms:dsse“. +// AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. +// +// - *General purpose buckets* - This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“ or “aws:kms:dsse“. +// +// - *Directory buckets* - This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“. +// +// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. +// +// - Key ID: “1234abcd-12ab-34cd-56ef-1234567890ab“ +// +// - Key ARN: “arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab“ +// +// - Key Alias: “alias/alias-name“ +// +// If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // -// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. -// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` -// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` -// + Key Alias: ``alias/alias-name`` +// - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. // -// If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. -// If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). -// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. +// - *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. +// +// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. func (o BucketServerSideEncryptionByDefaultOutput) KmsMasterKeyId() pulumi.StringPtrOutput { return o.ApplyT(func(v BucketServerSideEncryptionByDefault) *string { return v.KmsMasterKeyId }).(pulumi.StringPtrOutput) } // Server-side encryption algorithm to use for the default encryption. +// +// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. func (o BucketServerSideEncryptionByDefaultOutput) SseAlgorithm() BucketServerSideEncryptionByDefaultSseAlgorithmOutput { return o.ApplyT(func(v BucketServerSideEncryptionByDefault) BucketServerSideEncryptionByDefaultSseAlgorithm { return v.SseAlgorithm @@ -7798,16 +7826,27 @@ func (o BucketServerSideEncryptionByDefaultPtrOutput) Elem() BucketServerSideEnc }).(BucketServerSideEncryptionByDefaultOutput) } -// AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“ or “aws:kms:dsse“. +// AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. +// +// - *General purpose buckets* - This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“ or “aws:kms:dsse“. +// +// - *Directory buckets* - This parameter is allowed if and only if “SSEAlgorithm“ is set to “aws:kms“. +// +// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. +// +// - Key ID: “1234abcd-12ab-34cd-56ef-1234567890ab“ +// +// - Key ARN: “arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab“ +// +// - Key Alias: “alias/alias-name“ +// +// If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). // -// You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. -// + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` -// + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` -// + Key Alias: ``alias/alias-name`` +// - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. // -// If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. -// If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). -// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. +// - *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. +// +// Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. func (o BucketServerSideEncryptionByDefaultPtrOutput) KmsMasterKeyId() pulumi.StringPtrOutput { return o.ApplyT(func(v *BucketServerSideEncryptionByDefault) *string { if v == nil { @@ -7818,6 +7857,8 @@ func (o BucketServerSideEncryptionByDefaultPtrOutput) KmsMasterKeyId() pulumi.St } // Server-side encryption algorithm to use for the default encryption. +// +// For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. func (o BucketServerSideEncryptionByDefaultPtrOutput) SseAlgorithm() BucketServerSideEncryptionByDefaultSseAlgorithmPtrOutput { return o.ApplyT(func(v *BucketServerSideEncryptionByDefault) *BucketServerSideEncryptionByDefaultSseAlgorithm { if v == nil { @@ -7828,8 +7869,8 @@ func (o BucketServerSideEncryptionByDefaultPtrOutput) SseAlgorithm() BucketServe } // Specifies the default server-side encryption configuration. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. type BucketServerSideEncryptionRule struct { // Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. // For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. @@ -7850,8 +7891,8 @@ type BucketServerSideEncryptionRuleInput interface { } // Specifies the default server-side encryption configuration. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. type BucketServerSideEncryptionRuleArgs struct { // Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. // For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. @@ -7898,8 +7939,8 @@ func (i BucketServerSideEncryptionRuleArray) ToBucketServerSideEncryptionRuleArr } // Specifies the default server-side encryption configuration. -// -// If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. +// - *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. type BucketServerSideEncryptionRuleOutput struct{ *pulumi.OutputState } func (BucketServerSideEncryptionRuleOutput) ElementType() reflect.Type { diff --git a/sdk/go/aws/wisdom/knowledgeBase.go b/sdk/go/aws/wisdom/knowledgeBase.go index 0a8d88d292..fa40bec78a 100644 --- a/sdk/go/aws/wisdom/knowledgeBase.go +++ b/sdk/go/aws/wisdom/knowledgeBase.go @@ -31,7 +31,7 @@ type KnowledgeBase struct { RenderingConfiguration KnowledgeBaseRenderingConfigurationPtrOutput `pulumi:"renderingConfiguration"` // This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* . ServerSideEncryptionConfiguration KnowledgeBaseServerSideEncryptionConfigurationPtrOutput `pulumi:"serverSideEncryptionConfiguration"` - // The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + // The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. SourceConfiguration KnowledgeBaseSourceConfigurationPtrOutput `pulumi:"sourceConfiguration"` // The tags used to organize, track, or control access for this resource. Tags aws.CreateOnlyTagArrayOutput `pulumi:"tags"` @@ -99,7 +99,7 @@ type knowledgeBaseArgs struct { RenderingConfiguration *KnowledgeBaseRenderingConfiguration `pulumi:"renderingConfiguration"` // This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* . ServerSideEncryptionConfiguration *KnowledgeBaseServerSideEncryptionConfiguration `pulumi:"serverSideEncryptionConfiguration"` - // The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + // The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. SourceConfiguration *KnowledgeBaseSourceConfiguration `pulumi:"sourceConfiguration"` // The tags used to organize, track, or control access for this resource. Tags []aws.CreateOnlyTag `pulumi:"tags"` @@ -117,7 +117,7 @@ type KnowledgeBaseArgs struct { RenderingConfiguration KnowledgeBaseRenderingConfigurationPtrInput // This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* . ServerSideEncryptionConfiguration KnowledgeBaseServerSideEncryptionConfigurationPtrInput - // The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + // The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. SourceConfiguration KnowledgeBaseSourceConfigurationPtrInput // The tags used to organize, track, or control access for this resource. Tags aws.CreateOnlyTagArrayInput @@ -197,7 +197,7 @@ func (o KnowledgeBaseOutput) ServerSideEncryptionConfiguration() KnowledgeBaseSe }).(KnowledgeBaseServerSideEncryptionConfigurationPtrOutput) } -// The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. +// The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. func (o KnowledgeBaseOutput) SourceConfiguration() KnowledgeBaseSourceConfigurationPtrOutput { return o.ApplyT(func(v *KnowledgeBase) KnowledgeBaseSourceConfigurationPtrOutput { return v.SourceConfiguration }).(KnowledgeBaseSourceConfigurationPtrOutput) } diff --git a/sdk/nodejs/apigateway/vpcLink.ts b/sdk/nodejs/apigateway/vpcLink.ts index 435c9f2174..8bb4dc462a 100644 --- a/sdk/nodejs/apigateway/vpcLink.ts +++ b/sdk/nodejs/apigateway/vpcLink.ts @@ -50,7 +50,7 @@ export class VpcLink extends pulumi.CustomResource { */ public readonly tags!: pulumi.Output; /** - * The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + * The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. */ public readonly targetArns!: pulumi.Output; /** @@ -108,7 +108,7 @@ export interface VpcLinkArgs { */ tags?: pulumi.Input[]>; /** - * The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + * The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. */ targetArns: pulumi.Input[]>; } diff --git a/sdk/nodejs/apigatewayv2/domainName.ts b/sdk/nodejs/apigatewayv2/domainName.ts index be2fef3811..2e0d595cfc 100644 --- a/sdk/nodejs/apigatewayv2/domainName.ts +++ b/sdk/nodejs/apigatewayv2/domainName.ts @@ -39,7 +39,7 @@ export class DomainName extends pulumi.CustomResource { } /** - * The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + * The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. */ public readonly domainName!: pulumi.Output; /** @@ -103,7 +103,7 @@ export class DomainName extends pulumi.CustomResource { */ export interface DomainNameArgs { /** - * The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + * The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. */ domainName: pulumi.Input; /** diff --git a/sdk/nodejs/apigatewayv2/getDomainName.ts b/sdk/nodejs/apigatewayv2/getDomainName.ts index 74bc8f6da1..b659df9f1b 100644 --- a/sdk/nodejs/apigatewayv2/getDomainName.ts +++ b/sdk/nodejs/apigatewayv2/getDomainName.ts @@ -20,7 +20,7 @@ export function getDomainName(args: GetDomainNameArgs, opts?: pulumi.InvokeOptio export interface GetDomainNameArgs { /** - * The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + * The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. */ domainName: string; } @@ -60,7 +60,7 @@ export function getDomainNameOutput(args: GetDomainNameOutputArgs, opts?: pulumi export interface GetDomainNameOutputArgs { /** - * The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + * The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. */ domainName: pulumi.Input; } diff --git a/sdk/nodejs/autoscaling/autoScalingGroup.ts b/sdk/nodejs/autoscaling/autoScalingGroup.ts index d672255e61..0be9f1e83d 100644 --- a/sdk/nodejs/autoscaling/autoScalingGroup.ts +++ b/sdk/nodejs/autoscaling/autoScalingGroup.ts @@ -90,7 +90,7 @@ export class AutoScalingGroup extends pulumi.CustomResource { public readonly healthCheckGracePeriod!: pulumi.Output; /** * A comma-separated value string of one or more health check types. - * The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + * The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. * Only specify ``EC2`` if you must clear a value that was previously set. */ public readonly healthCheckType!: pulumi.Output; @@ -175,6 +175,7 @@ export class AutoScalingGroup extends pulumi.CustomResource { * Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` */ public readonly terminationPolicies!: pulumi.Output; + public readonly trafficSources!: pulumi.Output; /** * A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. * If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). @@ -229,6 +230,7 @@ export class AutoScalingGroup extends pulumi.CustomResource { resourceInputs["tags"] = args ? args.tags : undefined; resourceInputs["targetGroupArns"] = args ? args.targetGroupArns : undefined; resourceInputs["terminationPolicies"] = args ? args.terminationPolicies : undefined; + resourceInputs["trafficSources"] = args ? args.trafficSources : undefined; resourceInputs["vpcZoneIdentifier"] = args ? args.vpcZoneIdentifier : undefined; } else { resourceInputs["autoScalingGroupName"] = undefined /*out*/; @@ -260,6 +262,7 @@ export class AutoScalingGroup extends pulumi.CustomResource { resourceInputs["tags"] = undefined /*out*/; resourceInputs["targetGroupArns"] = undefined /*out*/; resourceInputs["terminationPolicies"] = undefined /*out*/; + resourceInputs["trafficSources"] = undefined /*out*/; resourceInputs["vpcZoneIdentifier"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); @@ -323,7 +326,7 @@ export interface AutoScalingGroupArgs { healthCheckGracePeriod?: pulumi.Input; /** * A comma-separated value string of one or more health check types. - * The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + * The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. * Only specify ``EC2`` if you must clear a value that was previously set. */ healthCheckType?: pulumi.Input; @@ -408,6 +411,7 @@ export interface AutoScalingGroupArgs { * Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` */ terminationPolicies?: pulumi.Input[]>; + trafficSources?: pulumi.Input[]>; /** * A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. * If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). diff --git a/sdk/nodejs/autoscaling/getAutoScalingGroup.ts b/sdk/nodejs/autoscaling/getAutoScalingGroup.ts index 26439c5ed5..44c9f36ef2 100644 --- a/sdk/nodejs/autoscaling/getAutoScalingGroup.ts +++ b/sdk/nodejs/autoscaling/getAutoScalingGroup.ts @@ -74,7 +74,7 @@ export interface GetAutoScalingGroupResult { readonly healthCheckGracePeriod?: number; /** * A comma-separated value string of one or more health check types. - * The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + * The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. * Only specify ``EC2`` if you must clear a value that was previously set. */ readonly healthCheckType?: string; @@ -154,6 +154,7 @@ export interface GetAutoScalingGroupResult { * Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias`` */ readonly terminationPolicies?: string[]; + readonly trafficSources?: outputs.autoscaling.AutoScalingGroupTrafficSourceIdentifier[]; /** * A list of subnet IDs for a virtual private cloud (VPC) where instances in the Auto Scaling group can be created. * If this resource specifies public subnets and is also in a VPC that is defined in the same stack template, you must use the [DependsOn attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html) to declare a dependency on the [VPC-gateway attachment](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-vpc-gateway-attachment.html). diff --git a/sdk/nodejs/backup/getLogicallyAirGappedBackupVault.ts b/sdk/nodejs/backup/getLogicallyAirGappedBackupVault.ts new file mode 100644 index 0000000000..238c3fe78e --- /dev/null +++ b/sdk/nodejs/backup/getLogicallyAirGappedBackupVault.ts @@ -0,0 +1,48 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + */ +export function getLogicallyAirGappedBackupVault(args: GetLogicallyAirGappedBackupVaultArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("aws-native:backup:getLogicallyAirGappedBackupVault", { + "backupVaultName": args.backupVaultName, + }, opts); +} + +export interface GetLogicallyAirGappedBackupVaultArgs { + backupVaultName: string; +} + +export interface GetLogicallyAirGappedBackupVaultResult { + /** + * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + */ + readonly accessPolicy?: any; + readonly backupVaultArn?: string; + readonly backupVaultTags?: {[key: string]: string}; + readonly encryptionKeyArn?: string; + readonly notifications?: outputs.backup.LogicallyAirGappedBackupVaultNotificationObjectType; + readonly vaultState?: string; + readonly vaultType?: string; +} +/** + * Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + */ +export function getLogicallyAirGappedBackupVaultOutput(args: GetLogicallyAirGappedBackupVaultOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("aws-native:backup:getLogicallyAirGappedBackupVault", { + "backupVaultName": args.backupVaultName, + }, opts); +} + +export interface GetLogicallyAirGappedBackupVaultOutputArgs { + backupVaultName: pulumi.Input; +} diff --git a/sdk/nodejs/backup/index.ts b/sdk/nodejs/backup/index.ts index 2b6ee87baa..5fb53b4320 100644 --- a/sdk/nodejs/backup/index.ts +++ b/sdk/nodejs/backup/index.ts @@ -45,6 +45,11 @@ export const getFramework: typeof import("./getFramework").getFramework = null a export const getFrameworkOutput: typeof import("./getFramework").getFrameworkOutput = null as any; utilities.lazyLoad(exports, ["getFramework","getFrameworkOutput"], () => require("./getFramework")); +export { GetLogicallyAirGappedBackupVaultArgs, GetLogicallyAirGappedBackupVaultResult, GetLogicallyAirGappedBackupVaultOutputArgs } from "./getLogicallyAirGappedBackupVault"; +export const getLogicallyAirGappedBackupVault: typeof import("./getLogicallyAirGappedBackupVault").getLogicallyAirGappedBackupVault = null as any; +export const getLogicallyAirGappedBackupVaultOutput: typeof import("./getLogicallyAirGappedBackupVault").getLogicallyAirGappedBackupVaultOutput = null as any; +utilities.lazyLoad(exports, ["getLogicallyAirGappedBackupVault","getLogicallyAirGappedBackupVaultOutput"], () => require("./getLogicallyAirGappedBackupVault")); + export { GetReportPlanArgs, GetReportPlanResult, GetReportPlanOutputArgs } from "./getReportPlan"; export const getReportPlan: typeof import("./getReportPlan").getReportPlan = null as any; export const getReportPlanOutput: typeof import("./getReportPlan").getReportPlanOutput = null as any; @@ -60,6 +65,11 @@ export const getRestoreTestingSelection: typeof import("./getRestoreTestingSelec export const getRestoreTestingSelectionOutput: typeof import("./getRestoreTestingSelection").getRestoreTestingSelectionOutput = null as any; utilities.lazyLoad(exports, ["getRestoreTestingSelection","getRestoreTestingSelectionOutput"], () => require("./getRestoreTestingSelection")); +export { LogicallyAirGappedBackupVaultArgs } from "./logicallyAirGappedBackupVault"; +export type LogicallyAirGappedBackupVault = import("./logicallyAirGappedBackupVault").LogicallyAirGappedBackupVault; +export const LogicallyAirGappedBackupVault: typeof import("./logicallyAirGappedBackupVault").LogicallyAirGappedBackupVault = null as any; +utilities.lazyLoad(exports, ["LogicallyAirGappedBackupVault"], () => require("./logicallyAirGappedBackupVault")); + export { ReportPlanArgs } from "./reportPlan"; export type ReportPlan = import("./reportPlan").ReportPlan; export const ReportPlan: typeof import("./reportPlan").ReportPlan = null as any; @@ -91,6 +101,8 @@ const _module = { return new BackupVault(name, undefined, { urn }) case "aws-native:backup:Framework": return new Framework(name, undefined, { urn }) + case "aws-native:backup:LogicallyAirGappedBackupVault": + return new LogicallyAirGappedBackupVault(name, undefined, { urn }) case "aws-native:backup:ReportPlan": return new ReportPlan(name, undefined, { urn }) case "aws-native:backup:RestoreTestingPlan": diff --git a/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts b/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts new file mode 100644 index 0000000000..8547001261 --- /dev/null +++ b/sdk/nodejs/backup/logicallyAirGappedBackupVault.ts @@ -0,0 +1,115 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + */ +export class LogicallyAirGappedBackupVault extends pulumi.CustomResource { + /** + * Get an existing LogicallyAirGappedBackupVault resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): LogicallyAirGappedBackupVault { + return new LogicallyAirGappedBackupVault(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'aws-native:backup:LogicallyAirGappedBackupVault'; + + /** + * Returns true if the given object is an instance of LogicallyAirGappedBackupVault. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is LogicallyAirGappedBackupVault { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === LogicallyAirGappedBackupVault.__pulumiType; + } + + /** + * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + */ + public readonly accessPolicy!: pulumi.Output; + public /*out*/ readonly backupVaultArn!: pulumi.Output; + public readonly backupVaultName!: pulumi.Output; + public readonly backupVaultTags!: pulumi.Output<{[key: string]: string} | undefined>; + public /*out*/ readonly encryptionKeyArn!: pulumi.Output; + public readonly maxRetentionDays!: pulumi.Output; + public readonly minRetentionDays!: pulumi.Output; + public readonly notifications!: pulumi.Output; + public readonly vaultState!: pulumi.Output; + public readonly vaultType!: pulumi.Output; + + /** + * Create a LogicallyAirGappedBackupVault resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: LogicallyAirGappedBackupVaultArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.maxRetentionDays === undefined) && !opts.urn) { + throw new Error("Missing required property 'maxRetentionDays'"); + } + if ((!args || args.minRetentionDays === undefined) && !opts.urn) { + throw new Error("Missing required property 'minRetentionDays'"); + } + resourceInputs["accessPolicy"] = args ? args.accessPolicy : undefined; + resourceInputs["backupVaultName"] = args ? args.backupVaultName : undefined; + resourceInputs["backupVaultTags"] = args ? args.backupVaultTags : undefined; + resourceInputs["maxRetentionDays"] = args ? args.maxRetentionDays : undefined; + resourceInputs["minRetentionDays"] = args ? args.minRetentionDays : undefined; + resourceInputs["notifications"] = args ? args.notifications : undefined; + resourceInputs["vaultState"] = args ? args.vaultState : undefined; + resourceInputs["vaultType"] = args ? args.vaultType : undefined; + resourceInputs["backupVaultArn"] = undefined /*out*/; + resourceInputs["encryptionKeyArn"] = undefined /*out*/; + } else { + resourceInputs["accessPolicy"] = undefined /*out*/; + resourceInputs["backupVaultArn"] = undefined /*out*/; + resourceInputs["backupVaultName"] = undefined /*out*/; + resourceInputs["backupVaultTags"] = undefined /*out*/; + resourceInputs["encryptionKeyArn"] = undefined /*out*/; + resourceInputs["maxRetentionDays"] = undefined /*out*/; + resourceInputs["minRetentionDays"] = undefined /*out*/; + resourceInputs["notifications"] = undefined /*out*/; + resourceInputs["vaultState"] = undefined /*out*/; + resourceInputs["vaultType"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const replaceOnChanges = { replaceOnChanges: ["backupVaultName", "maxRetentionDays", "minRetentionDays"] }; + opts = pulumi.mergeOptions(opts, replaceOnChanges); + super(LogicallyAirGappedBackupVault.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a LogicallyAirGappedBackupVault resource. + */ +export interface LogicallyAirGappedBackupVaultArgs { + /** + * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + */ + accessPolicy?: any; + backupVaultName?: pulumi.Input; + backupVaultTags?: pulumi.Input<{[key: string]: pulumi.Input}>; + maxRetentionDays: pulumi.Input; + minRetentionDays: pulumi.Input; + notifications?: pulumi.Input; + vaultState?: pulumi.Input; + vaultType?: pulumi.Input; +} diff --git a/sdk/nodejs/cognito/getUserPoolIdentityProvider.ts b/sdk/nodejs/cognito/getUserPoolIdentityProvider.ts index 2442dccc7a..717d006962 100644 --- a/sdk/nodejs/cognito/getUserPoolIdentityProvider.ts +++ b/sdk/nodejs/cognito/getUserPoolIdentityProvider.ts @@ -10,28 +10,27 @@ import * as utilities from "../utilities"; export function getUserPoolIdentityProvider(args: GetUserPoolIdentityProviderArgs, opts?: pulumi.InvokeOptions): Promise { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invoke("aws-native:cognito:getUserPoolIdentityProvider", { - "id": args.id, + "providerName": args.providerName, + "userPoolId": args.userPoolId, }, opts); } export interface GetUserPoolIdentityProviderArgs { /** - * The resource ID. + * The IdP name. */ - id: string; + providerName: string; + /** + * The user pool ID. + */ + userPoolId: string; } export interface GetUserPoolIdentityProviderResult { /** * A mapping of IdP attributes to standard and custom user pool attributes. - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - */ - readonly attributeMapping?: any; - /** - * The resource ID. */ - readonly id?: string; + readonly attributeMapping?: {[key: string]: string}; /** * A list of IdP identifiers. */ @@ -66,10 +65,8 @@ export interface GetUserPoolIdentityProviderResult { * - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` * * Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. */ - readonly providerDetails?: any; + readonly providerDetails?: {[key: string]: string}; } /** * Resource Type definition for AWS::Cognito::UserPoolIdentityProvider @@ -77,13 +74,18 @@ export interface GetUserPoolIdentityProviderResult { export function getUserPoolIdentityProviderOutput(args: GetUserPoolIdentityProviderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); return pulumi.runtime.invokeOutput("aws-native:cognito:getUserPoolIdentityProvider", { - "id": args.id, + "providerName": args.providerName, + "userPoolId": args.userPoolId, }, opts); } export interface GetUserPoolIdentityProviderOutputArgs { /** - * The resource ID. + * The IdP name. + */ + providerName: pulumi.Input; + /** + * The user pool ID. */ - id: pulumi.Input; + userPoolId: pulumi.Input; } diff --git a/sdk/nodejs/cognito/userPoolIdentityProvider.ts b/sdk/nodejs/cognito/userPoolIdentityProvider.ts index 7d349ab97a..c41167628f 100644 --- a/sdk/nodejs/cognito/userPoolIdentityProvider.ts +++ b/sdk/nodejs/cognito/userPoolIdentityProvider.ts @@ -36,14 +36,8 @@ export class UserPoolIdentityProvider extends pulumi.CustomResource { /** * A mapping of IdP attributes to standard and custom user pool attributes. - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - */ - public readonly attributeMapping!: pulumi.Output; - /** - * The resource ID. */ - public /*out*/ readonly awsId!: pulumi.Output; + public readonly attributeMapping!: pulumi.Output<{[key: string]: string} | undefined>; /** * A list of IdP identifiers. */ @@ -78,10 +72,8 @@ export class UserPoolIdentityProvider extends pulumi.CustomResource { * - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` * * Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. */ - public readonly providerDetails!: pulumi.Output; + public readonly providerDetails!: pulumi.Output<{[key: string]: string}>; /** * The IdP name. */ @@ -106,6 +98,9 @@ export class UserPoolIdentityProvider extends pulumi.CustomResource { let resourceInputs: pulumi.Inputs = {}; opts = opts || {}; if (!opts.id) { + if ((!args || args.providerDetails === undefined) && !opts.urn) { + throw new Error("Missing required property 'providerDetails'"); + } if ((!args || args.providerType === undefined) && !opts.urn) { throw new Error("Missing required property 'providerType'"); } @@ -118,10 +113,8 @@ export class UserPoolIdentityProvider extends pulumi.CustomResource { resourceInputs["providerName"] = args ? args.providerName : undefined; resourceInputs["providerType"] = args ? args.providerType : undefined; resourceInputs["userPoolId"] = args ? args.userPoolId : undefined; - resourceInputs["awsId"] = undefined /*out*/; } else { resourceInputs["attributeMapping"] = undefined /*out*/; - resourceInputs["awsId"] = undefined /*out*/; resourceInputs["idpIdentifiers"] = undefined /*out*/; resourceInputs["providerDetails"] = undefined /*out*/; resourceInputs["providerName"] = undefined /*out*/; @@ -141,10 +134,8 @@ export class UserPoolIdentityProvider extends pulumi.CustomResource { export interface UserPoolIdentityProviderArgs { /** * A mapping of IdP attributes to standard and custom user pool attributes. - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. */ - attributeMapping?: any; + attributeMapping?: pulumi.Input<{[key: string]: pulumi.Input}>; /** * A list of IdP identifiers. */ @@ -179,10 +170,8 @@ export interface UserPoolIdentityProviderArgs { * - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` * * Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - * - * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. */ - providerDetails?: any; + providerDetails: pulumi.Input<{[key: string]: pulumi.Input}>; /** * The IdP name. */ diff --git a/sdk/nodejs/ec2/capacityReservation.ts b/sdk/nodejs/ec2/capacityReservation.ts index c9ec13d1bb..1332f613d7 100644 --- a/sdk/nodejs/ec2/capacityReservation.ts +++ b/sdk/nodejs/ec2/capacityReservation.ts @@ -118,6 +118,7 @@ export class CapacityReservation extends pulumi.CustomResource { * Returns the total number of instances for which the Capacity Reservation reserves capacity. For example: `15` . */ public /*out*/ readonly totalInstanceCount!: pulumi.Output; + public readonly unusedReservationBillingOwnerId!: pulumi.Output; /** * Create a CapacityReservation resource with the given unique name, arguments, and options. @@ -155,6 +156,7 @@ export class CapacityReservation extends pulumi.CustomResource { resourceInputs["placementGroupArn"] = args ? args.placementGroupArn : undefined; resourceInputs["tagSpecifications"] = args ? args.tagSpecifications : undefined; resourceInputs["tenancy"] = args ? args.tenancy : undefined; + resourceInputs["unusedReservationBillingOwnerId"] = args ? args.unusedReservationBillingOwnerId : undefined; resourceInputs["availableInstanceCount"] = undefined /*out*/; resourceInputs["awsId"] = undefined /*out*/; resourceInputs["totalInstanceCount"] = undefined /*out*/; @@ -175,6 +177,7 @@ export class CapacityReservation extends pulumi.CustomResource { resourceInputs["tagSpecifications"] = undefined /*out*/; resourceInputs["tenancy"] = undefined /*out*/; resourceInputs["totalInstanceCount"] = undefined /*out*/; + resourceInputs["unusedReservationBillingOwnerId"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); const replaceOnChanges = { replaceOnChanges: ["availabilityZone", "ebsOptimized", "ephemeralStorage", "instancePlatform", "instanceType", "outPostArn", "placementGroupArn", "tagSpecifications[*]", "tenancy"] }; @@ -256,4 +259,5 @@ export interface CapacityReservationArgs { * - `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account . */ tenancy?: pulumi.Input; + unusedReservationBillingOwnerId?: pulumi.Input; } diff --git a/sdk/nodejs/ec2/getVpcEndpoint.ts b/sdk/nodejs/ec2/getVpcEndpoint.ts index 7a672677f5..d3a73d8204 100644 --- a/sdk/nodejs/ec2/getVpcEndpoint.ts +++ b/sdk/nodejs/ec2/getVpcEndpoint.ts @@ -52,7 +52,8 @@ export interface GetVpcEndpointResult { readonly networkInterfaceIds?: string[]; /** * An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + * ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. */ diff --git a/sdk/nodejs/ec2/vpcEndpoint.ts b/sdk/nodejs/ec2/vpcEndpoint.ts index 3e9a384e46..b3b566b167 100644 --- a/sdk/nodejs/ec2/vpcEndpoint.ts +++ b/sdk/nodejs/ec2/vpcEndpoint.ts @@ -67,7 +67,8 @@ export class VpcEndpoint extends pulumi.CustomResource { public /*out*/ readonly networkInterfaceIds!: pulumi.Output; /** * An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + * ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. */ @@ -161,7 +162,8 @@ export class VpcEndpoint extends pulumi.CustomResource { export interface VpcEndpointArgs { /** * An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + * For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + * ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` * * Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. */ diff --git a/sdk/nodejs/ecs/capacityProvider.ts b/sdk/nodejs/ecs/capacityProvider.ts index 8c0a137f17..815942fa28 100644 --- a/sdk/nodejs/ecs/capacityProvider.ts +++ b/sdk/nodejs/ecs/capacityProvider.ts @@ -180,7 +180,7 @@ export class CapacityProvider extends pulumi.CustomResource { /** * The Auto Scaling group settings for the capacity provider. */ - public readonly autoScalingGroupProvider!: pulumi.Output; + public readonly autoScalingGroupProvider!: pulumi.Output; /** * The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. */ @@ -207,13 +207,10 @@ export class CapacityProvider extends pulumi.CustomResource { * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ - constructor(name: string, args: CapacityProviderArgs, opts?: pulumi.CustomResourceOptions) { + constructor(name: string, args?: CapacityProviderArgs, opts?: pulumi.CustomResourceOptions) { let resourceInputs: pulumi.Inputs = {}; opts = opts || {}; if (!opts.id) { - if ((!args || args.autoScalingGroupProvider === undefined) && !opts.urn) { - throw new Error("Missing required property 'autoScalingGroupProvider'"); - } resourceInputs["autoScalingGroupProvider"] = args ? args.autoScalingGroupProvider : undefined; resourceInputs["name"] = args ? args.name : undefined; resourceInputs["tags"] = args ? args.tags : undefined; @@ -236,7 +233,7 @@ export interface CapacityProviderArgs { /** * The Auto Scaling group settings for the capacity provider. */ - autoScalingGroupProvider: pulumi.Input; + autoScalingGroupProvider?: pulumi.Input; /** * The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used. */ diff --git a/sdk/nodejs/elasticache/getServerlessCache.ts b/sdk/nodejs/elasticache/getServerlessCache.ts index 3432bc9442..76949c9966 100644 --- a/sdk/nodejs/elasticache/getServerlessCache.ts +++ b/sdk/nodejs/elasticache/getServerlessCache.ts @@ -49,10 +49,18 @@ export interface GetServerlessCacheResult { * Represents the information required for client programs to connect to a cache node. This value is read-only. */ readonly endpoint?: outputs.elasticache.ServerlessCacheEndpoint; + /** + * The engine name of the Serverless Cache. + */ + readonly engine?: string; /** * The full engine version of the Serverless Cache. */ readonly fullEngineVersion?: string; + /** + * The major engine version of the Serverless Cache. + */ + readonly majorEngineVersion?: string; /** * Represents the information required for client programs to connect to a cache node. This value is read-only. */ diff --git a/sdk/nodejs/elasticache/serverlessCache.ts b/sdk/nodejs/elasticache/serverlessCache.ts index 2923569329..9ffad1fcd3 100644 --- a/sdk/nodejs/elasticache/serverlessCache.ts +++ b/sdk/nodejs/elasticache/serverlessCache.ts @@ -175,7 +175,7 @@ export class ServerlessCache extends pulumi.CustomResource { resourceInputs["userGroupId"] = undefined /*out*/; } opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); - const replaceOnChanges = { replaceOnChanges: ["engine", "kmsKeyId", "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]"] }; + const replaceOnChanges = { replaceOnChanges: ["kmsKeyId", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]"] }; opts = pulumi.mergeOptions(opts, replaceOnChanges); super(ServerlessCache.__pulumiType, name, resourceInputs, opts); } diff --git a/sdk/nodejs/imagebuilder/getInfrastructureConfiguration.ts b/sdk/nodejs/imagebuilder/getInfrastructureConfiguration.ts index bacf66d33a..187f619030 100644 --- a/sdk/nodejs/imagebuilder/getInfrastructureConfiguration.ts +++ b/sdk/nodejs/imagebuilder/getInfrastructureConfiguration.ts @@ -53,6 +53,10 @@ export interface GetInfrastructureConfigurationResult { * The logging configuration of the infrastructure configuration. */ readonly logging?: outputs.imagebuilder.InfrastructureConfigurationLogging; + /** + * The placement option settings for the infrastructure configuration. + */ + readonly placement?: outputs.imagebuilder.InfrastructureConfigurationPlacement; /** * The tags attached to the resource created by Image Builder. */ diff --git a/sdk/nodejs/imagebuilder/infrastructureConfiguration.ts b/sdk/nodejs/imagebuilder/infrastructureConfiguration.ts index d0702af616..66763dc26b 100644 --- a/sdk/nodejs/imagebuilder/infrastructureConfiguration.ts +++ b/sdk/nodejs/imagebuilder/infrastructureConfiguration.ts @@ -69,6 +69,10 @@ export class InfrastructureConfiguration extends pulumi.CustomResource { * The name of the infrastructure configuration. */ public readonly name!: pulumi.Output; + /** + * The placement option settings for the infrastructure configuration. + */ + public readonly placement!: pulumi.Output; /** * The tags attached to the resource created by Image Builder. */ @@ -115,6 +119,7 @@ export class InfrastructureConfiguration extends pulumi.CustomResource { resourceInputs["keyPair"] = args ? args.keyPair : undefined; resourceInputs["logging"] = args ? args.logging : undefined; resourceInputs["name"] = args ? args.name : undefined; + resourceInputs["placement"] = args ? args.placement : undefined; resourceInputs["resourceTags"] = args ? args.resourceTags : undefined; resourceInputs["securityGroupIds"] = args ? args.securityGroupIds : undefined; resourceInputs["snsTopicArn"] = args ? args.snsTopicArn : undefined; @@ -131,6 +136,7 @@ export class InfrastructureConfiguration extends pulumi.CustomResource { resourceInputs["keyPair"] = undefined /*out*/; resourceInputs["logging"] = undefined /*out*/; resourceInputs["name"] = undefined /*out*/; + resourceInputs["placement"] = undefined /*out*/; resourceInputs["resourceTags"] = undefined /*out*/; resourceInputs["securityGroupIds"] = undefined /*out*/; resourceInputs["snsTopicArn"] = undefined /*out*/; @@ -177,6 +183,10 @@ export interface InfrastructureConfigurationArgs { * The name of the infrastructure configuration. */ name?: pulumi.Input; + /** + * The placement option settings for the infrastructure configuration. + */ + placement?: pulumi.Input; /** * The tags attached to the resource created by Image Builder. */ diff --git a/sdk/nodejs/memorydb/cluster.ts b/sdk/nodejs/memorydb/cluster.ts index b30a6a14e3..ffae4cdcd5 100644 --- a/sdk/nodejs/memorydb/cluster.ts +++ b/sdk/nodejs/memorydb/cluster.ts @@ -67,6 +67,10 @@ export class Cluster extends pulumi.CustomResource { * An optional description of the cluster. */ public readonly description!: pulumi.Output; + /** + * The engine type used by the cluster. + */ + public readonly engine!: pulumi.Output; /** * The Redis engine version used by the cluster. */ @@ -177,6 +181,7 @@ export class Cluster extends pulumi.CustomResource { resourceInputs["clusterName"] = args ? args.clusterName : undefined; resourceInputs["dataTiering"] = args ? args.dataTiering : undefined; resourceInputs["description"] = args ? args.description : undefined; + resourceInputs["engine"] = args ? args.engine : undefined; resourceInputs["engineVersion"] = args ? args.engineVersion : undefined; resourceInputs["finalSnapshotName"] = args ? args.finalSnapshotName : undefined; resourceInputs["kmsKeyId"] = args ? args.kmsKeyId : undefined; @@ -207,6 +212,7 @@ export class Cluster extends pulumi.CustomResource { resourceInputs["clusterName"] = undefined /*out*/; resourceInputs["dataTiering"] = undefined /*out*/; resourceInputs["description"] = undefined /*out*/; + resourceInputs["engine"] = undefined /*out*/; resourceInputs["engineVersion"] = undefined /*out*/; resourceInputs["finalSnapshotName"] = undefined /*out*/; resourceInputs["kmsKeyId"] = undefined /*out*/; @@ -266,6 +272,10 @@ export interface ClusterArgs { * An optional description of the cluster. */ description?: pulumi.Input; + /** + * The engine type used by the cluster. + */ + engine?: pulumi.Input; /** * The Redis engine version used by the cluster. */ diff --git a/sdk/nodejs/memorydb/getCluster.ts b/sdk/nodejs/memorydb/getCluster.ts index 5c597fe561..8122adeddc 100644 --- a/sdk/nodejs/memorydb/getCluster.ts +++ b/sdk/nodejs/memorydb/getCluster.ts @@ -47,6 +47,10 @@ export interface GetClusterResult { * An optional description of the cluster. */ readonly description?: string; + /** + * The engine type used by the cluster. + */ + readonly engine?: string; /** * The Redis engine version used by the cluster. */ diff --git a/sdk/nodejs/pcaconnectorad/getConnector.ts b/sdk/nodejs/pcaconnectorad/getConnector.ts index 54d6a5e1cc..ce0c246c57 100644 --- a/sdk/nodejs/pcaconnectorad/getConnector.ts +++ b/sdk/nodejs/pcaconnectorad/getConnector.ts @@ -26,6 +26,10 @@ export interface GetConnectorResult { * The Amazon Resource Name (ARN) that was returned when you called [CreateConnector](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateConnector.html) . */ readonly connectorArn?: string; + /** + * Metadata assigned to a connector consisting of a key-value pair. + */ + readonly tags?: {[key: string]: string}; } /** * Definition of AWS::PCAConnectorAD::Connector Resource Type diff --git a/sdk/nodejs/pcaconnectorad/getDirectoryRegistration.ts b/sdk/nodejs/pcaconnectorad/getDirectoryRegistration.ts index dca3a1a070..2eecd72711 100644 --- a/sdk/nodejs/pcaconnectorad/getDirectoryRegistration.ts +++ b/sdk/nodejs/pcaconnectorad/getDirectoryRegistration.ts @@ -26,6 +26,10 @@ export interface GetDirectoryRegistrationResult { * The Amazon Resource Name (ARN) that was returned when you called [CreateDirectoryRegistration](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateDirectoryRegistration.html) . */ readonly directoryRegistrationArn?: string; + /** + * Metadata assigned to a directory registration consisting of a key-value pair. + */ + readonly tags?: {[key: string]: string}; } /** * Definition of AWS::PCAConnectorAD::DirectoryRegistration Resource Type diff --git a/sdk/nodejs/pcaconnectorad/getTemplate.ts b/sdk/nodejs/pcaconnectorad/getTemplate.ts index e180471338..d2cbee38d8 100644 --- a/sdk/nodejs/pcaconnectorad/getTemplate.ts +++ b/sdk/nodejs/pcaconnectorad/getTemplate.ts @@ -2,6 +2,9 @@ // *** Do not edit by hand unless you're certain you know what you are doing! *** import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; import * as utilities from "../utilities"; /** @@ -22,6 +25,14 @@ export interface GetTemplateArgs { } export interface GetTemplateResult { + /** + * Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings. + */ + readonly definition?: outputs.pcaconnectorad.TemplateDefinition0Properties | outputs.pcaconnectorad.TemplateDefinition1Properties | outputs.pcaconnectorad.TemplateDefinition2Properties; + /** + * Metadata assigned to a template consisting of a key-value pair. + */ + readonly tags?: {[key: string]: string}; /** * The Amazon Resource Name (ARN) that was returned when you called [CreateTemplate](https://docs.aws.amazon.com/pca-connector-ad/latest/APIReference/API_CreateTemplate.html) . */ diff --git a/sdk/nodejs/qbusiness/getWebExperience.ts b/sdk/nodejs/qbusiness/getWebExperience.ts index 4e31788aef..7adcc31a7e 100644 --- a/sdk/nodejs/qbusiness/getWebExperience.ts +++ b/sdk/nodejs/qbusiness/getWebExperience.ts @@ -42,6 +42,11 @@ export interface GetWebExperienceResult { * Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. */ readonly identityProviderConfiguration?: outputs.qbusiness.WebExperienceIdentityProviderConfiguration0Properties | outputs.qbusiness.WebExperienceIdentityProviderConfiguration1Properties; + /** + * Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + * + * > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + */ readonly origins?: string[]; /** * The Amazon Resource Name (ARN) of the service role attached to your web experience. diff --git a/sdk/nodejs/qbusiness/webExperience.ts b/sdk/nodejs/qbusiness/webExperience.ts index 150f011e92..12f8fb2e25 100644 --- a/sdk/nodejs/qbusiness/webExperience.ts +++ b/sdk/nodejs/qbusiness/webExperience.ts @@ -53,6 +53,11 @@ export class WebExperience extends pulumi.CustomResource { * Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. */ public readonly identityProviderConfiguration!: pulumi.Output; + /** + * Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + * + * > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + */ public readonly origins!: pulumi.Output; /** * The Amazon Resource Name (ARN) of the service role attached to your web experience. @@ -162,6 +167,11 @@ export interface WebExperienceArgs { * Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. */ identityProviderConfiguration?: pulumi.Input; + /** + * Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + * + * > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + */ origins?: pulumi.Input[]>; /** * The Amazon Resource Name (ARN) of the service role attached to your web experience. diff --git a/sdk/nodejs/redshift/getIntegration.ts b/sdk/nodejs/redshift/getIntegration.ts new file mode 100644 index 0000000000..ba7330feda --- /dev/null +++ b/sdk/nodejs/redshift/getIntegration.ts @@ -0,0 +1,60 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Integration from a source AWS service to a Redshift cluster + */ +export function getIntegration(args: GetIntegrationArgs, opts?: pulumi.InvokeOptions): Promise { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invoke("aws-native:redshift:getIntegration", { + "integrationArn": args.integrationArn, + }, opts); +} + +export interface GetIntegrationArgs { + /** + * The Amazon Resource Name (ARN) of the integration. + */ + integrationArn: string; +} + +export interface GetIntegrationResult { + /** + * The time (UTC) when the integration was created. + */ + readonly createTime?: string; + /** + * The Amazon Resource Name (ARN) of the integration. + */ + readonly integrationArn?: string; + /** + * The name of the integration. + */ + readonly integrationName?: string; + /** + * An array of key-value pairs to apply to this resource. + */ + readonly tags?: outputs.Tag[]; +} +/** + * Integration from a source AWS service to a Redshift cluster + */ +export function getIntegrationOutput(args: GetIntegrationOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts || {}); + return pulumi.runtime.invokeOutput("aws-native:redshift:getIntegration", { + "integrationArn": args.integrationArn, + }, opts); +} + +export interface GetIntegrationOutputArgs { + /** + * The Amazon Resource Name (ARN) of the integration. + */ + integrationArn: pulumi.Input; +} diff --git a/sdk/nodejs/redshift/index.ts b/sdk/nodejs/redshift/index.ts index 7ef5534b5f..c95802e7ae 100644 --- a/sdk/nodejs/redshift/index.ts +++ b/sdk/nodejs/redshift/index.ts @@ -65,11 +65,21 @@ export const getEventSubscription: typeof import("./getEventSubscription").getEv export const getEventSubscriptionOutput: typeof import("./getEventSubscription").getEventSubscriptionOutput = null as any; utilities.lazyLoad(exports, ["getEventSubscription","getEventSubscriptionOutput"], () => require("./getEventSubscription")); +export { GetIntegrationArgs, GetIntegrationResult, GetIntegrationOutputArgs } from "./getIntegration"; +export const getIntegration: typeof import("./getIntegration").getIntegration = null as any; +export const getIntegrationOutput: typeof import("./getIntegration").getIntegrationOutput = null as any; +utilities.lazyLoad(exports, ["getIntegration","getIntegrationOutput"], () => require("./getIntegration")); + export { GetScheduledActionArgs, GetScheduledActionResult, GetScheduledActionOutputArgs } from "./getScheduledAction"; export const getScheduledAction: typeof import("./getScheduledAction").getScheduledAction = null as any; export const getScheduledActionOutput: typeof import("./getScheduledAction").getScheduledActionOutput = null as any; utilities.lazyLoad(exports, ["getScheduledAction","getScheduledActionOutput"], () => require("./getScheduledAction")); +export { IntegrationArgs } from "./integration"; +export type Integration = import("./integration").Integration; +export const Integration: typeof import("./integration").Integration = null as any; +utilities.lazyLoad(exports, ["Integration"], () => require("./integration")); + export { ScheduledActionArgs } from "./scheduledAction"; export type ScheduledAction = import("./scheduledAction").ScheduledAction; export const ScheduledAction: typeof import("./scheduledAction").ScheduledAction = null as any; @@ -95,6 +105,8 @@ const _module = { return new EndpointAuthorization(name, undefined, { urn }) case "aws-native:redshift:EventSubscription": return new EventSubscription(name, undefined, { urn }) + case "aws-native:redshift:Integration": + return new Integration(name, undefined, { urn }) case "aws-native:redshift:ScheduledAction": return new ScheduledAction(name, undefined, { urn }) default: diff --git a/sdk/nodejs/redshift/integration.ts b/sdk/nodejs/redshift/integration.ts new file mode 100644 index 0000000000..8fef396ce9 --- /dev/null +++ b/sdk/nodejs/redshift/integration.ts @@ -0,0 +1,137 @@ +// *** WARNING: this file was generated by pulumi-language-nodejs. *** +// *** Do not edit by hand unless you're certain you know what you are doing! *** + +import * as pulumi from "@pulumi/pulumi"; +import * as inputs from "../types/input"; +import * as outputs from "../types/output"; +import * as enums from "../types/enums"; +import * as utilities from "../utilities"; + +/** + * Integration from a source AWS service to a Redshift cluster + */ +export class Integration extends pulumi.CustomResource { + /** + * Get an existing Integration resource's state with the given name, ID, and optional extra + * properties used to qualify the lookup. + * + * @param name The _unique_ name of the resulting resource. + * @param id The _unique_ provider ID of the resource to lookup. + * @param opts Optional settings to control the behavior of the CustomResource. + */ + public static get(name: string, id: pulumi.Input, opts?: pulumi.CustomResourceOptions): Integration { + return new Integration(name, undefined as any, { ...opts, id: id }); + } + + /** @internal */ + public static readonly __pulumiType = 'aws-native:redshift:Integration'; + + /** + * Returns true if the given object is an instance of Integration. This is designed to work even + * when multiple copies of the Pulumi SDK have been loaded into the same process. + */ + public static isInstance(obj: any): obj is Integration { + if (obj === undefined || obj === null) { + return false; + } + return obj['__pulumiType'] === Integration.__pulumiType; + } + + public readonly additionalEncryptionContext!: pulumi.Output<{[key: string]: string} | undefined>; + /** + * The time (UTC) when the integration was created. + */ + public /*out*/ readonly createTime!: pulumi.Output; + /** + * The Amazon Resource Name (ARN) of the integration. + */ + public /*out*/ readonly integrationArn!: pulumi.Output; + /** + * The name of the integration. + */ + public readonly integrationName!: pulumi.Output; + /** + * An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + */ + public readonly kmsKeyId!: pulumi.Output; + /** + * The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + */ + public readonly sourceArn!: pulumi.Output; + /** + * An array of key-value pairs to apply to this resource. + */ + public readonly tags!: pulumi.Output; + /** + * The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + */ + public readonly targetArn!: pulumi.Output; + + /** + * Create a Integration resource with the given unique name, arguments, and options. + * + * @param name The _unique_ name of the resource. + * @param args The arguments to use to populate this resource's properties. + * @param opts A bag of options that control this resource's behavior. + */ + constructor(name: string, args: IntegrationArgs, opts?: pulumi.CustomResourceOptions) { + let resourceInputs: pulumi.Inputs = {}; + opts = opts || {}; + if (!opts.id) { + if ((!args || args.sourceArn === undefined) && !opts.urn) { + throw new Error("Missing required property 'sourceArn'"); + } + if ((!args || args.targetArn === undefined) && !opts.urn) { + throw new Error("Missing required property 'targetArn'"); + } + resourceInputs["additionalEncryptionContext"] = args ? args.additionalEncryptionContext : undefined; + resourceInputs["integrationName"] = args ? args.integrationName : undefined; + resourceInputs["kmsKeyId"] = args ? args.kmsKeyId : undefined; + resourceInputs["sourceArn"] = args ? args.sourceArn : undefined; + resourceInputs["tags"] = args ? args.tags : undefined; + resourceInputs["targetArn"] = args ? args.targetArn : undefined; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["integrationArn"] = undefined /*out*/; + } else { + resourceInputs["additionalEncryptionContext"] = undefined /*out*/; + resourceInputs["createTime"] = undefined /*out*/; + resourceInputs["integrationArn"] = undefined /*out*/; + resourceInputs["integrationName"] = undefined /*out*/; + resourceInputs["kmsKeyId"] = undefined /*out*/; + resourceInputs["sourceArn"] = undefined /*out*/; + resourceInputs["tags"] = undefined /*out*/; + resourceInputs["targetArn"] = undefined /*out*/; + } + opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts); + const replaceOnChanges = { replaceOnChanges: ["additionalEncryptionContext.*", "kmsKeyId", "sourceArn", "targetArn"] }; + opts = pulumi.mergeOptions(opts, replaceOnChanges); + super(Integration.__pulumiType, name, resourceInputs, opts); + } +} + +/** + * The set of arguments for constructing a Integration resource. + */ +export interface IntegrationArgs { + additionalEncryptionContext?: pulumi.Input<{[key: string]: pulumi.Input}>; + /** + * The name of the integration. + */ + integrationName?: pulumi.Input; + /** + * An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + */ + kmsKeyId?: pulumi.Input; + /** + * The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + */ + sourceArn: pulumi.Input; + /** + * An array of key-value pairs to apply to this resource. + */ + tags?: pulumi.Input[]>; + /** + * The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + */ + targetArn: pulumi.Input; +} diff --git a/sdk/nodejs/tsconfig.json b/sdk/nodejs/tsconfig.json index c8ba346fb9..b125fccefc 100644 --- a/sdk/nodejs/tsconfig.json +++ b/sdk/nodejs/tsconfig.json @@ -235,10 +235,12 @@ "backup/getBackupSelection.ts", "backup/getBackupVault.ts", "backup/getFramework.ts", + "backup/getLogicallyAirGappedBackupVault.ts", "backup/getReportPlan.ts", "backup/getRestoreTestingPlan.ts", "backup/getRestoreTestingSelection.ts", "backup/index.ts", + "backup/logicallyAirGappedBackupVault.ts", "backup/reportPlan.ts", "backup/restoreTestingPlan.ts", "backup/restoreTestingSelection.ts", @@ -1821,8 +1823,10 @@ "redshift/getEndpointAccess.ts", "redshift/getEndpointAuthorization.ts", "redshift/getEventSubscription.ts", + "redshift/getIntegration.ts", "redshift/getScheduledAction.ts", "redshift/index.ts", + "redshift/integration.ts", "redshift/scheduledAction.ts", "redshiftserverless/getNamespace.ts", "redshiftserverless/getWorkgroup.ts", diff --git a/sdk/nodejs/types/enums/imagebuilder/index.ts b/sdk/nodejs/types/enums/imagebuilder/index.ts index 3e362c3faa..675883670d 100644 --- a/sdk/nodejs/types/enums/imagebuilder/index.ts +++ b/sdk/nodejs/types/enums/imagebuilder/index.ts @@ -5,6 +5,7 @@ export const ComponentPlatform = { Windows: "Windows", Linux: "Linux", + MacOs: "macOS", } as const; /** @@ -139,6 +140,17 @@ export const InfrastructureConfigurationInstanceMetadataOptionsHttpTokens = { */ export type InfrastructureConfigurationInstanceMetadataOptionsHttpTokens = (typeof InfrastructureConfigurationInstanceMetadataOptionsHttpTokens)[keyof typeof InfrastructureConfigurationInstanceMetadataOptionsHttpTokens]; +export const InfrastructureConfigurationPlacementTenancy = { + Default: "default", + Dedicated: "dedicated", + Host: "host", +} as const; + +/** + * Tenancy + */ +export type InfrastructureConfigurationPlacementTenancy = (typeof InfrastructureConfigurationPlacementTenancy)[keyof typeof InfrastructureConfigurationPlacementTenancy]; + export const LifecyclePolicyActionType = { Delete: "DELETE", Deprecate: "DEPRECATE", diff --git a/sdk/nodejs/types/enums/s3/index.ts b/sdk/nodejs/types/enums/s3/index.ts index 60b0169ca0..e2ceffc93c 100644 --- a/sdk/nodejs/types/enums/s3/index.ts +++ b/sdk/nodejs/types/enums/s3/index.ts @@ -292,6 +292,7 @@ export const BucketServerSideEncryptionByDefaultSseAlgorithm = { /** * Server-side encryption algorithm to use for the default encryption. + * For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. */ export type BucketServerSideEncryptionByDefaultSseAlgorithm = (typeof BucketServerSideEncryptionByDefaultSseAlgorithm)[keyof typeof BucketServerSideEncryptionByDefaultSseAlgorithm]; diff --git a/sdk/nodejs/types/input.ts b/sdk/nodejs/types/input.ts index 4902d205b5..29f8b77ccc 100644 --- a/sdk/nodejs/types/input.ts +++ b/sdk/nodejs/types/input.ts @@ -2181,7 +2181,7 @@ export namespace apigatewayv2 { /** * The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - * ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + * ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. */ export interface DomainNameConfigurationArgs { /** @@ -6717,6 +6717,11 @@ export namespace autoscaling { min?: pulumi.Input; } + export interface AutoScalingGroupTrafficSourceIdentifierArgs { + identifier: pulumi.Input; + type: pulumi.Input; + } + /** * ``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type. */ @@ -7587,6 +7592,11 @@ export namespace backup { value?: pulumi.Input; } + export interface LogicallyAirGappedBackupVaultNotificationObjectTypeArgs { + backupVaultEvents: pulumi.Input[]>; + snsTopicArn: pulumi.Input; + } + /** * A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports. */ @@ -24393,7 +24403,16 @@ export namespace ecs { */ logDriver?: pulumi.Input; /** - * The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + * The configuration options to send to the log driver. + * The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + * + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + * To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + * When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + * Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + * When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + * When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + * When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + * This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` */ options?: pulumi.Input<{[key: string]: pulumi.Input}>; /** @@ -32526,6 +32545,28 @@ export namespace imagebuilder { s3Logs?: pulumi.Input; } + /** + * The placement options + */ + export interface InfrastructureConfigurationPlacementArgs { + /** + * AvailabilityZone + */ + availabilityZone?: pulumi.Input; + /** + * HostId + */ + hostId?: pulumi.Input; + /** + * HostResourceGroupArn + */ + hostResourceGroupArn?: pulumi.Input; + /** + * Tenancy + */ + tenancy?: pulumi.Input; + } + /** * The S3 path in which to store the logs. */ @@ -37597,11 +37638,11 @@ export namespace ivs { */ framerate?: pulumi.Input; /** - * Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + * Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. */ height?: pulumi.Input; /** - * Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + * Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. */ width?: pulumi.Input; } @@ -80616,31 +80657,40 @@ export namespace s3 { } /** - * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - * If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + * + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + * + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + * + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. */ export interface BucketServerSideEncryptionByDefaultArgs { /** - * AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + * + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + * + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + * + * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. * + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` * + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` * + Key Alias: ``alias/alias-name`` * - * If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - * If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - * Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + * If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + * + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + * + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + * + * Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. */ kmsMasterKeyId?: pulumi.Input; /** * Server-side encryption algorithm to use for the default encryption. + * For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. */ sseAlgorithm: pulumi.Input; } /** * Specifies the default server-side encryption configuration. - * If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. */ export interface BucketServerSideEncryptionRuleArgs { /** diff --git a/sdk/nodejs/types/output.ts b/sdk/nodejs/types/output.ts index 87f26ccac9..7d26b8c380 100644 --- a/sdk/nodejs/types/output.ts +++ b/sdk/nodejs/types/output.ts @@ -2101,7 +2101,7 @@ export namespace apigatewayv2 { /** * The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - * ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + * ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. */ export interface DomainNameConfiguration { /** @@ -6644,6 +6644,11 @@ export namespace autoscaling { min?: number; } + export interface AutoScalingGroupTrafficSourceIdentifier { + identifier: string; + type: string; + } + /** * ``VCpuCountRequest`` is a property of the ``InstanceRequirements`` property of the [AWS::AutoScaling::AutoScalingGroup LaunchTemplateOverrides](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplateoverrides.html) property type that describes the minimum and maximum number of vCPUs for an instance type. */ @@ -7516,6 +7521,11 @@ export namespace backup { value?: string; } + export interface LogicallyAirGappedBackupVaultNotificationObjectType { + backupVaultEvents: string[]; + snsTopicArn: string; + } + /** * A structure that contains information about where and how to deliver your reports, specifically your Amazon S3 bucket name, S3 key prefix, and the formats of your reports. */ @@ -25717,7 +25727,16 @@ export namespace ecs { */ logDriver?: string; /** - * The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + * The configuration options to send to the log driver. + * The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + * + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + * To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + * When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + * Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + * When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + * When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + * When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + * This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` */ options?: {[key: string]: string}; /** @@ -33903,6 +33922,28 @@ export namespace imagebuilder { s3Logs?: outputs.imagebuilder.InfrastructureConfigurationS3Logs; } + /** + * The placement options + */ + export interface InfrastructureConfigurationPlacement { + /** + * AvailabilityZone + */ + availabilityZone?: string; + /** + * HostId + */ + hostId?: string; + /** + * HostResourceGroupArn + */ + hostResourceGroupArn?: string; + /** + * Tenancy + */ + tenancy?: enums.imagebuilder.InfrastructureConfigurationPlacementTenancy; + } + /** * The S3 path in which to store the logs. */ @@ -39013,11 +39054,11 @@ export namespace ivs { */ framerate?: number; /** - * Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + * Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. */ height?: number; /** - * Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + * Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. */ width?: number; } @@ -82902,31 +82943,40 @@ export namespace s3 { } /** - * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - * If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + * + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + * + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + * + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. */ export interface BucketServerSideEncryptionByDefault { /** - * AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + * AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + * + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + * + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + * + * You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. * + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` * + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` * + Key Alias: ``alias/alias-name`` * - * If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - * If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - * Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + * If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + * + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + * + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + * + * Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. */ kmsMasterKeyId?: string; /** * Server-side encryption algorithm to use for the default encryption. + * For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. */ sseAlgorithm: enums.s3.BucketServerSideEncryptionByDefaultSseAlgorithm; } /** * Specifies the default server-side encryption configuration. - * If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + * + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. */ export interface BucketServerSideEncryptionRule { /** diff --git a/sdk/nodejs/wisdom/knowledgeBase.ts b/sdk/nodejs/wisdom/knowledgeBase.ts index fb24a665ac..b779138356 100644 --- a/sdk/nodejs/wisdom/knowledgeBase.ts +++ b/sdk/nodejs/wisdom/knowledgeBase.ts @@ -66,7 +66,7 @@ export class KnowledgeBase extends pulumi.CustomResource { */ public readonly serverSideEncryptionConfiguration!: pulumi.Output; /** - * The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + * The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. */ public readonly sourceConfiguration!: pulumi.Output; /** @@ -140,7 +140,7 @@ export interface KnowledgeBaseArgs { */ serverSideEncryptionConfiguration?: pulumi.Input; /** - * The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + * The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. */ sourceConfiguration?: pulumi.Input; /** diff --git a/sdk/python/pulumi_aws_native/__init__.py b/sdk/python/pulumi_aws_native/__init__.py index ae0a65c7f6..a38a308965 100644 --- a/sdk/python/pulumi_aws_native/__init__.py +++ b/sdk/python/pulumi_aws_native/__init__.py @@ -939,6 +939,7 @@ "aws-native:backup:BackupSelection": "BackupSelection", "aws-native:backup:BackupVault": "BackupVault", "aws-native:backup:Framework": "Framework", + "aws-native:backup:LogicallyAirGappedBackupVault": "LogicallyAirGappedBackupVault", "aws-native:backup:ReportPlan": "ReportPlan", "aws-native:backup:RestoreTestingPlan": "RestoreTestingPlan", "aws-native:backup:RestoreTestingSelection": "RestoreTestingSelection" @@ -2670,6 +2671,7 @@ "aws-native:redshift:EndpointAccess": "EndpointAccess", "aws-native:redshift:EndpointAuthorization": "EndpointAuthorization", "aws-native:redshift:EventSubscription": "EventSubscription", + "aws-native:redshift:Integration": "Integration", "aws-native:redshift:ScheduledAction": "ScheduledAction" } }, diff --git a/sdk/python/pulumi_aws_native/apigateway/vpc_link.py b/sdk/python/pulumi_aws_native/apigateway/vpc_link.py index cd9151dcb7..bdede4987f 100644 --- a/sdk/python/pulumi_aws_native/apigateway/vpc_link.py +++ b/sdk/python/pulumi_aws_native/apigateway/vpc_link.py @@ -27,7 +27,7 @@ def __init__(__self__, *, tags: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]] = None): """ The set of arguments for constructing a VpcLink resource. - :param pulumi.Input[Sequence[pulumi.Input[str]]] target_arns: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_arns: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. :param pulumi.Input[str] description: The description of the VPC link. :param pulumi.Input[str] name: The name used to label and identify the VPC link. :param pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]] tags: An array of arbitrary tags (key-value pairs) to associate with the VPC link. @@ -44,7 +44,7 @@ def __init__(__self__, *, @pulumi.getter(name="targetArns") def target_arns(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: """ - The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. """ return pulumi.get(self, "target_arns") @@ -107,7 +107,7 @@ def __init__(__self__, :param pulumi.Input[str] description: The description of the VPC link. :param pulumi.Input[str] name: The name used to label and identify the VPC link. :param pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]] tags: An array of arbitrary tags (key-value pairs) to associate with the VPC link. - :param pulumi.Input[Sequence[pulumi.Input[str]]] target_arns: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + :param pulumi.Input[Sequence[pulumi.Input[str]]] target_arns: The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. """ ... @overload @@ -212,7 +212,7 @@ def tags(self) -> pulumi.Output[Optional[Sequence['_root_outputs.Tag']]]: @pulumi.getter(name="targetArns") def target_arns(self) -> pulumi.Output[Sequence[str]]: """ - The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner. + The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner. """ return pulumi.get(self, "target_arns") diff --git a/sdk/python/pulumi_aws_native/apigatewayv2/_inputs.py b/sdk/python/pulumi_aws_native/apigatewayv2/_inputs.py index 82145dd79e..b28de5dce5 100644 --- a/sdk/python/pulumi_aws_native/apigatewayv2/_inputs.py +++ b/sdk/python/pulumi_aws_native/apigatewayv2/_inputs.py @@ -331,7 +331,7 @@ def issuer(self, value: Optional[pulumi.Input[str]]): class DomainNameConfigurationArgsDict(TypedDict): """ The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. """ certificate_arn: NotRequired[pulumi.Input[str]] """ @@ -366,7 +366,7 @@ def __init__(__self__, *, security_policy: Optional[pulumi.Input[str]] = None): """ The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. :param pulumi.Input[str] certificate_arn: An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. :param pulumi.Input[str] certificate_name: The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name. :param pulumi.Input[str] endpoint_type: The endpoint type. diff --git a/sdk/python/pulumi_aws_native/apigatewayv2/domain_name.py b/sdk/python/pulumi_aws_native/apigatewayv2/domain_name.py index 1847f0fe9e..371360a8a2 100644 --- a/sdk/python/pulumi_aws_native/apigatewayv2/domain_name.py +++ b/sdk/python/pulumi_aws_native/apigatewayv2/domain_name.py @@ -27,7 +27,7 @@ def __init__(__self__, *, tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None): """ The set of arguments for constructing a DomainName resource. - :param pulumi.Input[str] domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + :param pulumi.Input[str] domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. :param pulumi.Input[Sequence[pulumi.Input['DomainNameConfigurationArgs']]] domain_name_configurations: The domain name configurations. :param pulumi.Input['DomainNameMutualTlsAuthenticationArgs'] mutual_tls_authentication: The mutual TLS authentication configuration for a custom domain name. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: The collection of tags associated with a domain name. @@ -44,7 +44,7 @@ def __init__(__self__, *, @pulumi.getter(name="domainName") def domain_name(self) -> pulumi.Input[str]: """ - The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. """ return pulumi.get(self, "domain_name") @@ -105,7 +105,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + :param pulumi.Input[str] domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. :param pulumi.Input[Sequence[pulumi.Input[Union['DomainNameConfigurationArgs', 'DomainNameConfigurationArgsDict']]]] domain_name_configurations: The domain name configurations. :param pulumi.Input[Union['DomainNameMutualTlsAuthenticationArgs', 'DomainNameMutualTlsAuthenticationArgsDict']] mutual_tls_authentication: The mutual TLS authentication configuration for a custom domain name. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] tags: The collection of tags associated with a domain name. @@ -192,7 +192,7 @@ def get(resource_name: str, @pulumi.getter(name="domainName") def domain_name(self) -> pulumi.Output[str]: """ - The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. """ return pulumi.get(self, "domain_name") diff --git a/sdk/python/pulumi_aws_native/apigatewayv2/get_domain_name.py b/sdk/python/pulumi_aws_native/apigatewayv2/get_domain_name.py index 22a7a0013f..985c73d0fa 100644 --- a/sdk/python/pulumi_aws_native/apigatewayv2/get_domain_name.py +++ b/sdk/python/pulumi_aws_native/apigatewayv2/get_domain_name.py @@ -102,7 +102,7 @@ def get_domain_name(domain_name: Optional[str] = None, You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*. - :param str domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + :param str domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. """ __args__ = dict() __args__['domainName'] = domain_name @@ -122,7 +122,7 @@ def get_domain_name_output(domain_name: Optional[pulumi.Input[str]] = None, You can use a custom domain name to provide a URL that's more intuitive and easier to recall. For more information about using custom domain names, see [Set up Custom Domain Name for an API in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-custom-domains.html) in the *API Gateway Developer Guide*. - :param str domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported. + :param str domain_name: The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported. """ __args__ = dict() __args__['domainName'] = domain_name diff --git a/sdk/python/pulumi_aws_native/apigatewayv2/outputs.py b/sdk/python/pulumi_aws_native/apigatewayv2/outputs.py index 782eaf7285..6d1d1014ef 100644 --- a/sdk/python/pulumi_aws_native/apigatewayv2/outputs.py +++ b/sdk/python/pulumi_aws_native/apigatewayv2/outputs.py @@ -236,7 +236,7 @@ def issuer(self) -> Optional[str]: class DomainNameConfiguration(dict): """ The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. """ @staticmethod def __key_warning(key: str): @@ -271,7 +271,7 @@ def __init__(__self__, *, security_policy: Optional[str] = None): """ The ``DomainNameConfiguration`` property type specifies the configuration for an API's domain name. - ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. + ``DomainNameConfiguration`` is a property of the [AWS::ApiGatewayV2::DomainName](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigatewayv2-domainname.html) resource. :param str certificate_arn: An AWS-managed certificate that will be used by the edge-optimized endpoint for this domain name. AWS Certificate Manager is the only supported source. :param str certificate_name: The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name. :param str endpoint_type: The endpoint type. diff --git a/sdk/python/pulumi_aws_native/autoscaling/_inputs.py b/sdk/python/pulumi_aws_native/autoscaling/_inputs.py index 727d6294a2..49091f3e8f 100644 --- a/sdk/python/pulumi_aws_native/autoscaling/_inputs.py +++ b/sdk/python/pulumi_aws_native/autoscaling/_inputs.py @@ -53,6 +53,8 @@ 'AutoScalingGroupTagPropertyArgsDict', 'AutoScalingGroupTotalLocalStorageGbRequestArgs', 'AutoScalingGroupTotalLocalStorageGbRequestArgsDict', + 'AutoScalingGroupTrafficSourceIdentifierArgs', + 'AutoScalingGroupTrafficSourceIdentifierArgsDict', 'AutoScalingGroupVCpuCountRequestArgs', 'AutoScalingGroupVCpuCountRequestArgsDict', 'LaunchConfigurationBlockDeviceMappingArgs', @@ -2303,6 +2305,40 @@ def min(self, value: Optional[pulumi.Input[float]]): pulumi.set(self, "min", value) +if not MYPY: + class AutoScalingGroupTrafficSourceIdentifierArgsDict(TypedDict): + identifier: pulumi.Input[str] + type: pulumi.Input[str] +elif False: + AutoScalingGroupTrafficSourceIdentifierArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class AutoScalingGroupTrafficSourceIdentifierArgs: + def __init__(__self__, *, + identifier: pulumi.Input[str], + type: pulumi.Input[str]): + pulumi.set(__self__, "identifier", identifier) + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def identifier(self) -> pulumi.Input[str]: + return pulumi.get(self, "identifier") + + @identifier.setter + def identifier(self, value: pulumi.Input[str]): + pulumi.set(self, "identifier", value) + + @property + @pulumi.getter + def type(self) -> pulumi.Input[str]: + return pulumi.get(self, "type") + + @type.setter + def type(self, value: pulumi.Input[str]): + pulumi.set(self, "type", value) + + if not MYPY: class AutoScalingGroupVCpuCountRequestArgsDict(TypedDict): """ diff --git a/sdk/python/pulumi_aws_native/autoscaling/auto_scaling_group.py b/sdk/python/pulumi_aws_native/autoscaling/auto_scaling_group.py index 6b08463435..31d57674f5 100644 --- a/sdk/python/pulumi_aws_native/autoscaling/auto_scaling_group.py +++ b/sdk/python/pulumi_aws_native/autoscaling/auto_scaling_group.py @@ -50,6 +50,7 @@ def __init__(__self__, *, tags: Optional[pulumi.Input[Sequence[pulumi.Input['AutoScalingGroupTagPropertyArgs']]]] = None, target_group_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, termination_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + traffic_sources: Optional[pulumi.Input[Sequence[pulumi.Input['AutoScalingGroupTrafficSourceIdentifierArgs']]]] = None, vpc_zone_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None): """ The set of arguments for constructing a AutoScalingGroup resource. @@ -78,7 +79,7 @@ def __init__(__self__, *, :param pulumi.Input[int] health_check_grace_period: The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the ``InService`` state. For more information, see [Set the health check grace period for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide*. Default: ``0`` seconds :param pulumi.Input[str] health_check_type: A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. :param pulumi.Input[str] instance_id: The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. If you specify ``LaunchTemplate``, ``MixedInstancesPolicy``, or ``LaunchConfigurationName``, don't specify ``InstanceId``. @@ -164,6 +165,8 @@ def __init__(__self__, *, pulumi.set(__self__, "target_group_arns", target_group_arns) if termination_policies is not None: pulumi.set(__self__, "termination_policies", termination_policies) + if traffic_sources is not None: + pulumi.set(__self__, "traffic_sources", traffic_sources) if vpc_zone_identifier is not None: pulumi.set(__self__, "vpc_zone_identifier", vpc_zone_identifier) @@ -317,7 +320,7 @@ def health_check_grace_period(self, value: Optional[pulumi.Input[int]]): def health_check_type(self) -> Optional[pulumi.Input[str]]: """ A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. """ return pulumi.get(self, "health_check_type") @@ -534,6 +537,15 @@ def termination_policies(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[st def termination_policies(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "termination_policies", value) + @property + @pulumi.getter(name="trafficSources") + def traffic_sources(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['AutoScalingGroupTrafficSourceIdentifierArgs']]]]: + return pulumi.get(self, "traffic_sources") + + @traffic_sources.setter + def traffic_sources(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['AutoScalingGroupTrafficSourceIdentifierArgs']]]]): + pulumi.set(self, "traffic_sources", value) + @property @pulumi.getter(name="vpcZoneIdentifier") def vpc_zone_identifier(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: @@ -584,6 +596,7 @@ def __init__(__self__, tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AutoScalingGroupTagPropertyArgs', 'AutoScalingGroupTagPropertyArgsDict']]]]] = None, target_group_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, termination_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + traffic_sources: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AutoScalingGroupTrafficSourceIdentifierArgs', 'AutoScalingGroupTrafficSourceIdentifierArgsDict']]]]] = None, vpc_zone_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): """ @@ -616,7 +629,7 @@ def __init__(__self__, :param pulumi.Input[int] health_check_grace_period: The amount of time, in seconds, that Amazon EC2 Auto Scaling waits before checking the health status of an EC2 instance that has come into service and marking it unhealthy due to a failed health check. This is useful if your instances do not immediately pass their health checks after they enter the ``InService`` state. For more information, see [Set the health check grace period for an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/health-check-grace-period.html) in the *Amazon EC2 Auto Scaling User Guide*. Default: ``0`` seconds :param pulumi.Input[str] health_check_type: A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. :param pulumi.Input[str] instance_id: The ID of the instance used to base the launch configuration on. For more information, see [Create an Auto Scaling group using an EC2 instance](https://docs.aws.amazon.com/autoscaling/ec2/userguide/create-asg-from-instance.html) in the *Amazon EC2 Auto Scaling User Guide*. If you specify ``LaunchTemplate``, ``MixedInstancesPolicy``, or ``LaunchConfigurationName``, don't specify ``InstanceId``. @@ -705,6 +718,7 @@ def _internal_init(__self__, tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AutoScalingGroupTagPropertyArgs', 'AutoScalingGroupTagPropertyArgsDict']]]]] = None, target_group_arns: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, termination_policies: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, + traffic_sources: Optional[pulumi.Input[Sequence[pulumi.Input[Union['AutoScalingGroupTrafficSourceIdentifierArgs', 'AutoScalingGroupTrafficSourceIdentifierArgsDict']]]]] = None, vpc_zone_identifier: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) @@ -748,6 +762,7 @@ def _internal_init(__self__, __props__.__dict__["tags"] = tags __props__.__dict__["target_group_arns"] = target_group_arns __props__.__dict__["termination_policies"] = termination_policies + __props__.__dict__["traffic_sources"] = traffic_sources __props__.__dict__["vpc_zone_identifier"] = vpc_zone_identifier replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["autoScalingGroupName", "instanceId"]) opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) @@ -802,6 +817,7 @@ def get(resource_name: str, __props__.__dict__["tags"] = None __props__.__dict__["target_group_arns"] = None __props__.__dict__["termination_policies"] = None + __props__.__dict__["traffic_sources"] = None __props__.__dict__["vpc_zone_identifier"] = None return AutoScalingGroup(resource_name, opts=opts, __props__=__props__) @@ -894,7 +910,7 @@ def health_check_grace_period(self) -> pulumi.Output[Optional[int]]: def health_check_type(self) -> pulumi.Output[Optional[str]]: """ A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. """ return pulumi.get(self, "health_check_type") @@ -1056,6 +1072,11 @@ def termination_policies(self) -> pulumi.Output[Optional[Sequence[str]]]: """ return pulumi.get(self, "termination_policies") + @property + @pulumi.getter(name="trafficSources") + def traffic_sources(self) -> pulumi.Output[Optional[Sequence['outputs.AutoScalingGroupTrafficSourceIdentifier']]]: + return pulumi.get(self, "traffic_sources") + @property @pulumi.getter(name="vpcZoneIdentifier") def vpc_zone_identifier(self) -> pulumi.Output[Optional[Sequence[str]]]: diff --git a/sdk/python/pulumi_aws_native/autoscaling/get_auto_scaling_group.py b/sdk/python/pulumi_aws_native/autoscaling/get_auto_scaling_group.py index 6e7be18ada..08a9c57359 100644 --- a/sdk/python/pulumi_aws_native/autoscaling/get_auto_scaling_group.py +++ b/sdk/python/pulumi_aws_native/autoscaling/get_auto_scaling_group.py @@ -24,7 +24,7 @@ @pulumi.output_type class GetAutoScalingGroupResult: - def __init__(__self__, availability_zones=None, capacity_rebalance=None, context=None, cooldown=None, default_instance_warmup=None, desired_capacity=None, desired_capacity_type=None, health_check_grace_period=None, health_check_type=None, instance_maintenance_policy=None, launch_configuration_name=None, launch_template=None, lifecycle_hook_specification_list=None, load_balancer_names=None, max_instance_lifetime=None, max_size=None, metrics_collection=None, min_size=None, mixed_instances_policy=None, new_instances_protected_from_scale_in=None, notification_configuration=None, notification_configurations=None, placement_group=None, service_linked_role_arn=None, tags=None, target_group_arns=None, termination_policies=None, vpc_zone_identifier=None): + def __init__(__self__, availability_zones=None, capacity_rebalance=None, context=None, cooldown=None, default_instance_warmup=None, desired_capacity=None, desired_capacity_type=None, health_check_grace_period=None, health_check_type=None, instance_maintenance_policy=None, launch_configuration_name=None, launch_template=None, lifecycle_hook_specification_list=None, load_balancer_names=None, max_instance_lifetime=None, max_size=None, metrics_collection=None, min_size=None, mixed_instances_policy=None, new_instances_protected_from_scale_in=None, notification_configuration=None, notification_configurations=None, placement_group=None, service_linked_role_arn=None, tags=None, target_group_arns=None, termination_policies=None, traffic_sources=None, vpc_zone_identifier=None): if availability_zones and not isinstance(availability_zones, list): raise TypeError("Expected argument 'availability_zones' to be a list") pulumi.set(__self__, "availability_zones", availability_zones) @@ -106,6 +106,9 @@ def __init__(__self__, availability_zones=None, capacity_rebalance=None, context if termination_policies and not isinstance(termination_policies, list): raise TypeError("Expected argument 'termination_policies' to be a list") pulumi.set(__self__, "termination_policies", termination_policies) + if traffic_sources and not isinstance(traffic_sources, list): + raise TypeError("Expected argument 'traffic_sources' to be a list") + pulumi.set(__self__, "traffic_sources", traffic_sources) if vpc_zone_identifier and not isinstance(vpc_zone_identifier, list): raise TypeError("Expected argument 'vpc_zone_identifier' to be a list") pulumi.set(__self__, "vpc_zone_identifier", vpc_zone_identifier) @@ -189,7 +192,7 @@ def health_check_grace_period(self) -> Optional[int]: def health_check_type(self) -> Optional[str]: """ A comma-separated value string of one or more health check types. - The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. + The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*. Only specify ``EC2`` if you must clear a value that was previously set. """ return pulumi.get(self, "health_check_type") @@ -342,6 +345,11 @@ def termination_policies(self) -> Optional[Sequence[str]]: """ return pulumi.get(self, "termination_policies") + @property + @pulumi.getter(name="trafficSources") + def traffic_sources(self) -> Optional[Sequence['outputs.AutoScalingGroupTrafficSourceIdentifier']]: + return pulumi.get(self, "traffic_sources") + @property @pulumi.getter(name="vpcZoneIdentifier") def vpc_zone_identifier(self) -> Optional[Sequence[str]]: @@ -387,6 +395,7 @@ def __await__(self): tags=self.tags, target_group_arns=self.target_group_arns, termination_policies=self.termination_policies, + traffic_sources=self.traffic_sources, vpc_zone_identifier=self.vpc_zone_identifier) @@ -436,6 +445,7 @@ def get_auto_scaling_group(auto_scaling_group_name: Optional[str] = None, tags=pulumi.get(__ret__, 'tags'), target_group_arns=pulumi.get(__ret__, 'target_group_arns'), termination_policies=pulumi.get(__ret__, 'termination_policies'), + traffic_sources=pulumi.get(__ret__, 'traffic_sources'), vpc_zone_identifier=pulumi.get(__ret__, 'vpc_zone_identifier')) def get_auto_scaling_group_output(auto_scaling_group_name: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetAutoScalingGroupResult]: @@ -482,4 +492,5 @@ def get_auto_scaling_group_output(auto_scaling_group_name: Optional[pulumi.Input tags=pulumi.get(__response__, 'tags'), target_group_arns=pulumi.get(__response__, 'target_group_arns'), termination_policies=pulumi.get(__response__, 'termination_policies'), + traffic_sources=pulumi.get(__response__, 'traffic_sources'), vpc_zone_identifier=pulumi.get(__response__, 'vpc_zone_identifier'))) diff --git a/sdk/python/pulumi_aws_native/autoscaling/outputs.py b/sdk/python/pulumi_aws_native/autoscaling/outputs.py index 09e8910b0b..d92ab869d0 100644 --- a/sdk/python/pulumi_aws_native/autoscaling/outputs.py +++ b/sdk/python/pulumi_aws_native/autoscaling/outputs.py @@ -35,6 +35,7 @@ 'AutoScalingGroupNotificationConfiguration', 'AutoScalingGroupTagProperty', 'AutoScalingGroupTotalLocalStorageGbRequest', + 'AutoScalingGroupTrafficSourceIdentifier', 'AutoScalingGroupVCpuCountRequest', 'LaunchConfigurationBlockDevice', 'LaunchConfigurationBlockDeviceMapping', @@ -1713,6 +1714,25 @@ def min(self) -> Optional[float]: return pulumi.get(self, "min") +@pulumi.output_type +class AutoScalingGroupTrafficSourceIdentifier(dict): + def __init__(__self__, *, + identifier: str, + type: str): + pulumi.set(__self__, "identifier", identifier) + pulumi.set(__self__, "type", type) + + @property + @pulumi.getter + def identifier(self) -> str: + return pulumi.get(self, "identifier") + + @property + @pulumi.getter + def type(self) -> str: + return pulumi.get(self, "type") + + @pulumi.output_type class AutoScalingGroupVCpuCountRequest(dict): """ diff --git a/sdk/python/pulumi_aws_native/backup/__init__.py b/sdk/python/pulumi_aws_native/backup/__init__.py index c38e479f07..2bd037a73e 100644 --- a/sdk/python/pulumi_aws_native/backup/__init__.py +++ b/sdk/python/pulumi_aws_native/backup/__init__.py @@ -14,9 +14,11 @@ from .get_backup_selection import * from .get_backup_vault import * from .get_framework import * +from .get_logically_air_gapped_backup_vault import * from .get_report_plan import * from .get_restore_testing_plan import * from .get_restore_testing_selection import * +from .logically_air_gapped_backup_vault import * from .report_plan import * from .restore_testing_plan import * from .restore_testing_selection import * diff --git a/sdk/python/pulumi_aws_native/backup/_inputs.py b/sdk/python/pulumi_aws_native/backup/_inputs.py index 6520f31494..4a580fe185 100644 --- a/sdk/python/pulumi_aws_native/backup/_inputs.py +++ b/sdk/python/pulumi_aws_native/backup/_inputs.py @@ -46,6 +46,8 @@ 'FrameworkControlArgsDict', 'FrameworkTagArgs', 'FrameworkTagArgsDict', + 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', + 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict', 'ReportDeliveryChannelPropertiesArgs', 'ReportDeliveryChannelPropertiesArgsDict', 'ReportSettingPropertiesArgs', @@ -1336,6 +1338,40 @@ def value(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "value", value) +if not MYPY: + class LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict(TypedDict): + backup_vault_events: pulumi.Input[Sequence[pulumi.Input[str]]] + sns_topic_arn: pulumi.Input[str] +elif False: + LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class LogicallyAirGappedBackupVaultNotificationObjectTypeArgs: + def __init__(__self__, *, + backup_vault_events: pulumi.Input[Sequence[pulumi.Input[str]]], + sns_topic_arn: pulumi.Input[str]): + pulumi.set(__self__, "backup_vault_events", backup_vault_events) + pulumi.set(__self__, "sns_topic_arn", sns_topic_arn) + + @property + @pulumi.getter(name="backupVaultEvents") + def backup_vault_events(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + return pulumi.get(self, "backup_vault_events") + + @backup_vault_events.setter + def backup_vault_events(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "backup_vault_events", value) + + @property + @pulumi.getter(name="snsTopicArn") + def sns_topic_arn(self) -> pulumi.Input[str]: + return pulumi.get(self, "sns_topic_arn") + + @sns_topic_arn.setter + def sns_topic_arn(self, value: pulumi.Input[str]): + pulumi.set(self, "sns_topic_arn", value) + + if not MYPY: class ReportDeliveryChannelPropertiesArgsDict(TypedDict): """ diff --git a/sdk/python/pulumi_aws_native/backup/get_logically_air_gapped_backup_vault.py b/sdk/python/pulumi_aws_native/backup/get_logically_air_gapped_backup_vault.py new file mode 100644 index 0000000000..c4c9dac32d --- /dev/null +++ b/sdk/python/pulumi_aws_native/backup/get_logically_air_gapped_backup_vault.py @@ -0,0 +1,138 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs + +__all__ = [ + 'GetLogicallyAirGappedBackupVaultResult', + 'AwaitableGetLogicallyAirGappedBackupVaultResult', + 'get_logically_air_gapped_backup_vault', + 'get_logically_air_gapped_backup_vault_output', +] + +@pulumi.output_type +class GetLogicallyAirGappedBackupVaultResult: + def __init__(__self__, access_policy=None, backup_vault_arn=None, backup_vault_tags=None, encryption_key_arn=None, notifications=None, vault_state=None, vault_type=None): + if access_policy and not isinstance(access_policy, dict): + raise TypeError("Expected argument 'access_policy' to be a dict") + pulumi.set(__self__, "access_policy", access_policy) + if backup_vault_arn and not isinstance(backup_vault_arn, str): + raise TypeError("Expected argument 'backup_vault_arn' to be a str") + pulumi.set(__self__, "backup_vault_arn", backup_vault_arn) + if backup_vault_tags and not isinstance(backup_vault_tags, dict): + raise TypeError("Expected argument 'backup_vault_tags' to be a dict") + pulumi.set(__self__, "backup_vault_tags", backup_vault_tags) + if encryption_key_arn and not isinstance(encryption_key_arn, str): + raise TypeError("Expected argument 'encryption_key_arn' to be a str") + pulumi.set(__self__, "encryption_key_arn", encryption_key_arn) + if notifications and not isinstance(notifications, dict): + raise TypeError("Expected argument 'notifications' to be a dict") + pulumi.set(__self__, "notifications", notifications) + if vault_state and not isinstance(vault_state, str): + raise TypeError("Expected argument 'vault_state' to be a str") + pulumi.set(__self__, "vault_state", vault_state) + if vault_type and not isinstance(vault_type, str): + raise TypeError("Expected argument 'vault_type' to be a str") + pulumi.set(__self__, "vault_type", vault_type) + + @property + @pulumi.getter(name="accessPolicy") + def access_policy(self) -> Optional[Any]: + """ + Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + """ + return pulumi.get(self, "access_policy") + + @property + @pulumi.getter(name="backupVaultArn") + def backup_vault_arn(self) -> Optional[str]: + return pulumi.get(self, "backup_vault_arn") + + @property + @pulumi.getter(name="backupVaultTags") + def backup_vault_tags(self) -> Optional[Mapping[str, str]]: + return pulumi.get(self, "backup_vault_tags") + + @property + @pulumi.getter(name="encryptionKeyArn") + def encryption_key_arn(self) -> Optional[str]: + return pulumi.get(self, "encryption_key_arn") + + @property + @pulumi.getter + def notifications(self) -> Optional['outputs.LogicallyAirGappedBackupVaultNotificationObjectType']: + return pulumi.get(self, "notifications") + + @property + @pulumi.getter(name="vaultState") + def vault_state(self) -> Optional[str]: + return pulumi.get(self, "vault_state") + + @property + @pulumi.getter(name="vaultType") + def vault_type(self) -> Optional[str]: + return pulumi.get(self, "vault_type") + + +class AwaitableGetLogicallyAirGappedBackupVaultResult(GetLogicallyAirGappedBackupVaultResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetLogicallyAirGappedBackupVaultResult( + access_policy=self.access_policy, + backup_vault_arn=self.backup_vault_arn, + backup_vault_tags=self.backup_vault_tags, + encryption_key_arn=self.encryption_key_arn, + notifications=self.notifications, + vault_state=self.vault_state, + vault_type=self.vault_type) + + +def get_logically_air_gapped_backup_vault(backup_vault_name: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetLogicallyAirGappedBackupVaultResult: + """ + Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + """ + __args__ = dict() + __args__['backupVaultName'] = backup_vault_name + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('aws-native:backup:getLogicallyAirGappedBackupVault', __args__, opts=opts, typ=GetLogicallyAirGappedBackupVaultResult).value + + return AwaitableGetLogicallyAirGappedBackupVaultResult( + access_policy=pulumi.get(__ret__, 'access_policy'), + backup_vault_arn=pulumi.get(__ret__, 'backup_vault_arn'), + backup_vault_tags=pulumi.get(__ret__, 'backup_vault_tags'), + encryption_key_arn=pulumi.get(__ret__, 'encryption_key_arn'), + notifications=pulumi.get(__ret__, 'notifications'), + vault_state=pulumi.get(__ret__, 'vault_state'), + vault_type=pulumi.get(__ret__, 'vault_type')) +def get_logically_air_gapped_backup_vault_output(backup_vault_name: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetLogicallyAirGappedBackupVaultResult]: + """ + Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + """ + __args__ = dict() + __args__['backupVaultName'] = backup_vault_name + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('aws-native:backup:getLogicallyAirGappedBackupVault', __args__, opts=opts, typ=GetLogicallyAirGappedBackupVaultResult) + return __ret__.apply(lambda __response__: GetLogicallyAirGappedBackupVaultResult( + access_policy=pulumi.get(__response__, 'access_policy'), + backup_vault_arn=pulumi.get(__response__, 'backup_vault_arn'), + backup_vault_tags=pulumi.get(__response__, 'backup_vault_tags'), + encryption_key_arn=pulumi.get(__response__, 'encryption_key_arn'), + notifications=pulumi.get(__response__, 'notifications'), + vault_state=pulumi.get(__response__, 'vault_state'), + vault_type=pulumi.get(__response__, 'vault_type'))) diff --git a/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py b/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py new file mode 100644 index 0000000000..301828abd0 --- /dev/null +++ b/sdk/python/pulumi_aws_native/backup/logically_air_gapped_backup_vault.py @@ -0,0 +1,291 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from . import outputs +from ._inputs import * + +__all__ = ['LogicallyAirGappedBackupVaultArgs', 'LogicallyAirGappedBackupVault'] + +@pulumi.input_type +class LogicallyAirGappedBackupVaultArgs: + def __init__(__self__, *, + max_retention_days: pulumi.Input[int], + min_retention_days: pulumi.Input[int], + access_policy: Optional[Any] = None, + backup_vault_name: Optional[pulumi.Input[str]] = None, + backup_vault_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + notifications: Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']] = None, + vault_state: Optional[pulumi.Input[str]] = None, + vault_type: Optional[pulumi.Input[str]] = None): + """ + The set of arguments for constructing a LogicallyAirGappedBackupVault resource. + :param Any access_policy: Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + """ + pulumi.set(__self__, "max_retention_days", max_retention_days) + pulumi.set(__self__, "min_retention_days", min_retention_days) + if access_policy is not None: + pulumi.set(__self__, "access_policy", access_policy) + if backup_vault_name is not None: + pulumi.set(__self__, "backup_vault_name", backup_vault_name) + if backup_vault_tags is not None: + pulumi.set(__self__, "backup_vault_tags", backup_vault_tags) + if notifications is not None: + pulumi.set(__self__, "notifications", notifications) + if vault_state is not None: + pulumi.set(__self__, "vault_state", vault_state) + if vault_type is not None: + pulumi.set(__self__, "vault_type", vault_type) + + @property + @pulumi.getter(name="maxRetentionDays") + def max_retention_days(self) -> pulumi.Input[int]: + return pulumi.get(self, "max_retention_days") + + @max_retention_days.setter + def max_retention_days(self, value: pulumi.Input[int]): + pulumi.set(self, "max_retention_days", value) + + @property + @pulumi.getter(name="minRetentionDays") + def min_retention_days(self) -> pulumi.Input[int]: + return pulumi.get(self, "min_retention_days") + + @min_retention_days.setter + def min_retention_days(self, value: pulumi.Input[int]): + pulumi.set(self, "min_retention_days", value) + + @property + @pulumi.getter(name="accessPolicy") + def access_policy(self) -> Optional[Any]: + """ + Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + """ + return pulumi.get(self, "access_policy") + + @access_policy.setter + def access_policy(self, value: Optional[Any]): + pulumi.set(self, "access_policy", value) + + @property + @pulumi.getter(name="backupVaultName") + def backup_vault_name(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "backup_vault_name") + + @backup_vault_name.setter + def backup_vault_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "backup_vault_name", value) + + @property + @pulumi.getter(name="backupVaultTags") + def backup_vault_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + return pulumi.get(self, "backup_vault_tags") + + @backup_vault_tags.setter + def backup_vault_tags(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "backup_vault_tags", value) + + @property + @pulumi.getter + def notifications(self) -> Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']]: + return pulumi.get(self, "notifications") + + @notifications.setter + def notifications(self, value: Optional[pulumi.Input['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs']]): + pulumi.set(self, "notifications", value) + + @property + @pulumi.getter(name="vaultState") + def vault_state(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vault_state") + + @vault_state.setter + def vault_state(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vault_state", value) + + @property + @pulumi.getter(name="vaultType") + def vault_type(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "vault_type") + + @vault_type.setter + def vault_type(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "vault_type", value) + + +class LogicallyAirGappedBackupVault(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_policy: Optional[Any] = None, + backup_vault_name: Optional[pulumi.Input[str]] = None, + backup_vault_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + max_retention_days: Optional[pulumi.Input[int]] = None, + min_retention_days: Optional[pulumi.Input[int]] = None, + notifications: Optional[pulumi.Input[Union['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict']]] = None, + vault_state: Optional[pulumi.Input[str]] = None, + vault_type: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param Any access_policy: Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: LogicallyAirGappedBackupVaultArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Resource Type definition for AWS::Backup::LogicallyAirGappedBackupVault + + :param str resource_name: The name of the resource. + :param LogicallyAirGappedBackupVaultArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(LogicallyAirGappedBackupVaultArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + access_policy: Optional[Any] = None, + backup_vault_name: Optional[pulumi.Input[str]] = None, + backup_vault_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + max_retention_days: Optional[pulumi.Input[int]] = None, + min_retention_days: Optional[pulumi.Input[int]] = None, + notifications: Optional[pulumi.Input[Union['LogicallyAirGappedBackupVaultNotificationObjectTypeArgs', 'LogicallyAirGappedBackupVaultNotificationObjectTypeArgsDict']]] = None, + vault_state: Optional[pulumi.Input[str]] = None, + vault_type: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = LogicallyAirGappedBackupVaultArgs.__new__(LogicallyAirGappedBackupVaultArgs) + + __props__.__dict__["access_policy"] = access_policy + __props__.__dict__["backup_vault_name"] = backup_vault_name + __props__.__dict__["backup_vault_tags"] = backup_vault_tags + if max_retention_days is None and not opts.urn: + raise TypeError("Missing required property 'max_retention_days'") + __props__.__dict__["max_retention_days"] = max_retention_days + if min_retention_days is None and not opts.urn: + raise TypeError("Missing required property 'min_retention_days'") + __props__.__dict__["min_retention_days"] = min_retention_days + __props__.__dict__["notifications"] = notifications + __props__.__dict__["vault_state"] = vault_state + __props__.__dict__["vault_type"] = vault_type + __props__.__dict__["backup_vault_arn"] = None + __props__.__dict__["encryption_key_arn"] = None + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["backupVaultName", "maxRetentionDays", "minRetentionDays"]) + opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) + super(LogicallyAirGappedBackupVault, __self__).__init__( + 'aws-native:backup:LogicallyAirGappedBackupVault', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'LogicallyAirGappedBackupVault': + """ + Get an existing LogicallyAirGappedBackupVault resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = LogicallyAirGappedBackupVaultArgs.__new__(LogicallyAirGappedBackupVaultArgs) + + __props__.__dict__["access_policy"] = None + __props__.__dict__["backup_vault_arn"] = None + __props__.__dict__["backup_vault_name"] = None + __props__.__dict__["backup_vault_tags"] = None + __props__.__dict__["encryption_key_arn"] = None + __props__.__dict__["max_retention_days"] = None + __props__.__dict__["min_retention_days"] = None + __props__.__dict__["notifications"] = None + __props__.__dict__["vault_state"] = None + __props__.__dict__["vault_type"] = None + return LogicallyAirGappedBackupVault(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="accessPolicy") + def access_policy(self) -> pulumi.Output[Optional[Any]]: + """ + Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property. + """ + return pulumi.get(self, "access_policy") + + @property + @pulumi.getter(name="backupVaultArn") + def backup_vault_arn(self) -> pulumi.Output[str]: + return pulumi.get(self, "backup_vault_arn") + + @property + @pulumi.getter(name="backupVaultName") + def backup_vault_name(self) -> pulumi.Output[str]: + return pulumi.get(self, "backup_vault_name") + + @property + @pulumi.getter(name="backupVaultTags") + def backup_vault_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + return pulumi.get(self, "backup_vault_tags") + + @property + @pulumi.getter(name="encryptionKeyArn") + def encryption_key_arn(self) -> pulumi.Output[str]: + return pulumi.get(self, "encryption_key_arn") + + @property + @pulumi.getter(name="maxRetentionDays") + def max_retention_days(self) -> pulumi.Output[int]: + return pulumi.get(self, "max_retention_days") + + @property + @pulumi.getter(name="minRetentionDays") + def min_retention_days(self) -> pulumi.Output[int]: + return pulumi.get(self, "min_retention_days") + + @property + @pulumi.getter + def notifications(self) -> pulumi.Output[Optional['outputs.LogicallyAirGappedBackupVaultNotificationObjectType']]: + return pulumi.get(self, "notifications") + + @property + @pulumi.getter(name="vaultState") + def vault_state(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "vault_state") + + @property + @pulumi.getter(name="vaultType") + def vault_type(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "vault_type") + diff --git a/sdk/python/pulumi_aws_native/backup/outputs.py b/sdk/python/pulumi_aws_native/backup/outputs.py index cab9757918..bae6885ec6 100644 --- a/sdk/python/pulumi_aws_native/backup/outputs.py +++ b/sdk/python/pulumi_aws_native/backup/outputs.py @@ -32,6 +32,7 @@ 'FrameworkControlControlScopeProperties', 'FrameworkControlInputParameter', 'FrameworkTag', + 'LogicallyAirGappedBackupVaultNotificationObjectType', 'ReportDeliveryChannelProperties', 'ReportSettingProperties', 'RestoreTestingPlanRestoreTestingRecoveryPointSelection', @@ -1108,6 +1109,44 @@ def value(self) -> Optional[str]: return pulumi.get(self, "value") +@pulumi.output_type +class LogicallyAirGappedBackupVaultNotificationObjectType(dict): + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "backupVaultEvents": + suggest = "backup_vault_events" + elif key == "snsTopicArn": + suggest = "sns_topic_arn" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in LogicallyAirGappedBackupVaultNotificationObjectType. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + LogicallyAirGappedBackupVaultNotificationObjectType.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + LogicallyAirGappedBackupVaultNotificationObjectType.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + backup_vault_events: Sequence[str], + sns_topic_arn: str): + pulumi.set(__self__, "backup_vault_events", backup_vault_events) + pulumi.set(__self__, "sns_topic_arn", sns_topic_arn) + + @property + @pulumi.getter(name="backupVaultEvents") + def backup_vault_events(self) -> Sequence[str]: + return pulumi.get(self, "backup_vault_events") + + @property + @pulumi.getter(name="snsTopicArn") + def sns_topic_arn(self) -> str: + return pulumi.get(self, "sns_topic_arn") + + @pulumi.output_type class ReportDeliveryChannelProperties(dict): """ diff --git a/sdk/python/pulumi_aws_native/cognito/get_user_pool_identity_provider.py b/sdk/python/pulumi_aws_native/cognito/get_user_pool_identity_provider.py index a510de5a67..7042dbd5df 100644 --- a/sdk/python/pulumi_aws_native/cognito/get_user_pool_identity_provider.py +++ b/sdk/python/pulumi_aws_native/cognito/get_user_pool_identity_provider.py @@ -23,13 +23,10 @@ @pulumi.output_type class GetUserPoolIdentityProviderResult: - def __init__(__self__, attribute_mapping=None, id=None, idp_identifiers=None, provider_details=None): + def __init__(__self__, attribute_mapping=None, idp_identifiers=None, provider_details=None): if attribute_mapping and not isinstance(attribute_mapping, dict): raise TypeError("Expected argument 'attribute_mapping' to be a dict") pulumi.set(__self__, "attribute_mapping", attribute_mapping) - if id and not isinstance(id, str): - raise TypeError("Expected argument 'id' to be a str") - pulumi.set(__self__, "id", id) if idp_identifiers and not isinstance(idp_identifiers, list): raise TypeError("Expected argument 'idp_identifiers' to be a list") pulumi.set(__self__, "idp_identifiers", idp_identifiers) @@ -39,22 +36,12 @@ def __init__(__self__, attribute_mapping=None, id=None, idp_identifiers=None, pr @property @pulumi.getter(name="attributeMapping") - def attribute_mapping(self) -> Optional[Any]: + def attribute_mapping(self) -> Optional[Mapping[str, str]]: """ A mapping of IdP attributes to standard and custom user pool attributes. - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. """ return pulumi.get(self, "attribute_mapping") - @property - @pulumi.getter - def id(self) -> Optional[str]: - """ - The resource ID. - """ - return pulumi.get(self, "id") - @property @pulumi.getter(name="idpIdentifiers") def idp_identifiers(self) -> Optional[Sequence[str]]: @@ -65,7 +52,7 @@ def idp_identifiers(self) -> Optional[Sequence[str]]: @property @pulumi.getter(name="providerDetails") - def provider_details(self) -> Optional[Any]: + def provider_details(self) -> Optional[Mapping[str, str]]: """ The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their @@ -96,8 +83,6 @@ def provider_details(self) -> Optional[Any]: - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. """ return pulumi.get(self, "provider_details") @@ -109,43 +94,46 @@ def __await__(self): yield self return GetUserPoolIdentityProviderResult( attribute_mapping=self.attribute_mapping, - id=self.id, idp_identifiers=self.idp_identifiers, provider_details=self.provider_details) -def get_user_pool_identity_provider(id: Optional[str] = None, +def get_user_pool_identity_provider(provider_name: Optional[str] = None, + user_pool_id: Optional[str] = None, opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetUserPoolIdentityProviderResult: """ Resource Type definition for AWS::Cognito::UserPoolIdentityProvider - :param str id: The resource ID. + :param str provider_name: The IdP name. + :param str user_pool_id: The user pool ID. """ __args__ = dict() - __args__['id'] = id + __args__['providerName'] = provider_name + __args__['userPoolId'] = user_pool_id opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke('aws-native:cognito:getUserPoolIdentityProvider', __args__, opts=opts, typ=GetUserPoolIdentityProviderResult).value return AwaitableGetUserPoolIdentityProviderResult( attribute_mapping=pulumi.get(__ret__, 'attribute_mapping'), - id=pulumi.get(__ret__, 'id'), idp_identifiers=pulumi.get(__ret__, 'idp_identifiers'), provider_details=pulumi.get(__ret__, 'provider_details')) -def get_user_pool_identity_provider_output(id: Optional[pulumi.Input[str]] = None, +def get_user_pool_identity_provider_output(provider_name: Optional[pulumi.Input[str]] = None, + user_pool_id: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetUserPoolIdentityProviderResult]: """ Resource Type definition for AWS::Cognito::UserPoolIdentityProvider - :param str id: The resource ID. + :param str provider_name: The IdP name. + :param str user_pool_id: The user pool ID. """ __args__ = dict() - __args__['id'] = id + __args__['providerName'] = provider_name + __args__['userPoolId'] = user_pool_id opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('aws-native:cognito:getUserPoolIdentityProvider', __args__, opts=opts, typ=GetUserPoolIdentityProviderResult) return __ret__.apply(lambda __response__: GetUserPoolIdentityProviderResult( attribute_mapping=pulumi.get(__response__, 'attribute_mapping'), - id=pulumi.get(__response__, 'id'), idp_identifiers=pulumi.get(__response__, 'idp_identifiers'), provider_details=pulumi.get(__response__, 'provider_details'))) diff --git a/sdk/python/pulumi_aws_native/cognito/user_pool_identity_provider.py b/sdk/python/pulumi_aws_native/cognito/user_pool_identity_provider.py index 2b3ca6e368..493fd94652 100644 --- a/sdk/python/pulumi_aws_native/cognito/user_pool_identity_provider.py +++ b/sdk/python/pulumi_aws_native/cognito/user_pool_identity_provider.py @@ -19,21 +19,15 @@ @pulumi.input_type class UserPoolIdentityProviderArgs: def __init__(__self__, *, + provider_details: pulumi.Input[Mapping[str, pulumi.Input[str]]], provider_type: pulumi.Input[str], user_pool_id: pulumi.Input[str], - attribute_mapping: Optional[Any] = None, + attribute_mapping: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, idp_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - provider_details: Optional[Any] = None, provider_name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a UserPoolIdentityProvider resource. - :param pulumi.Input[str] provider_type: The IdP type. - :param pulumi.Input[str] user_pool_id: The user pool ID. - :param Any attribute_mapping: A mapping of IdP attributes to standard and custom user pool attributes. - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - :param pulumi.Input[Sequence[pulumi.Input[str]]] idp_identifiers: A list of IdP identifiers. - :param Any provider_details: The scopes, URLs, and identifiers for your external identity provider. The following + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_details: The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP `authorize_scopes` values must match the values listed here. @@ -62,21 +56,62 @@ def __init__(__self__, *, - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. + :param pulumi.Input[str] provider_type: The IdP type. + :param pulumi.Input[str] user_pool_id: The user pool ID. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attribute_mapping: A mapping of IdP attributes to standard and custom user pool attributes. + :param pulumi.Input[Sequence[pulumi.Input[str]]] idp_identifiers: A list of IdP identifiers. :param pulumi.Input[str] provider_name: The IdP name. """ + pulumi.set(__self__, "provider_details", provider_details) pulumi.set(__self__, "provider_type", provider_type) pulumi.set(__self__, "user_pool_id", user_pool_id) if attribute_mapping is not None: pulumi.set(__self__, "attribute_mapping", attribute_mapping) if idp_identifiers is not None: pulumi.set(__self__, "idp_identifiers", idp_identifiers) - if provider_details is not None: - pulumi.set(__self__, "provider_details", provider_details) if provider_name is not None: pulumi.set(__self__, "provider_name", provider_name) + @property + @pulumi.getter(name="providerDetails") + def provider_details(self) -> pulumi.Input[Mapping[str, pulumi.Input[str]]]: + """ + The scopes, URLs, and identifiers for your external identity provider. The following + examples describe the provider detail keys for each IdP type. These values and their + schema are subject to change. Social IdP `authorize_scopes` values must match + the values listed here. + + - **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` . + + Create or update request: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }` + + Describe response: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }` + - **SAML** - Create or update request with Metadata URL: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }` + + Create or update request with Metadata file: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }` + + The value of `MetadataFile` must be the plaintext metadata document with all quote (") characters escaped by backslashes. + + Describe response: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }` + - **LoginWithAmazon** - Create or update request: `"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"` + + Describe response: `"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }` + - **Google** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }` + + Describe response: `"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }` + - **SignInWithApple** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }` + + Describe response: `"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }` + - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` + + Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` + """ + return pulumi.get(self, "provider_details") + + @provider_details.setter + def provider_details(self, value: pulumi.Input[Mapping[str, pulumi.Input[str]]]): + pulumi.set(self, "provider_details", value) + @property @pulumi.getter(name="providerType") def provider_type(self) -> pulumi.Input[str]: @@ -103,16 +138,14 @@ def user_pool_id(self, value: pulumi.Input[str]): @property @pulumi.getter(name="attributeMapping") - def attribute_mapping(self) -> Optional[Any]: + def attribute_mapping(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ A mapping of IdP attributes to standard and custom user pool attributes. - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. """ return pulumi.get(self, "attribute_mapping") @attribute_mapping.setter - def attribute_mapping(self, value: Optional[Any]): + def attribute_mapping(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): pulumi.set(self, "attribute_mapping", value) @property @@ -127,48 +160,6 @@ def idp_identifiers(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] def idp_identifiers(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): pulumi.set(self, "idp_identifiers", value) - @property - @pulumi.getter(name="providerDetails") - def provider_details(self) -> Optional[Any]: - """ - The scopes, URLs, and identifiers for your external identity provider. The following - examples describe the provider detail keys for each IdP type. These values and their - schema are subject to change. Social IdP `authorize_scopes` values must match - the values listed here. - - - **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` . - - Create or update request: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }` - - Describe response: `"ProviderDetails": { "attributes_request_method": "GET", "attributes_url": "https://auth.example.com/userInfo", "attributes_url_add_attributes": "false", "authorize_scopes": "openid profile email", "authorize_url": "https://auth.example.com/authorize", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "jwks_uri": "https://auth.example.com/.well-known/jwks.json", "oidc_issuer": "https://auth.example.com", "token_url": "https://example.com/token" }` - - **SAML** - Create or update request with Metadata URL: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256" }` - - Create or update request with Metadata file: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "MetadataFile": "[metadata XML]", "RequestSigningAlgorithm": "rsa-sha256" }` - - The value of `MetadataFile` must be the plaintext metadata document with all quote (") characters escaped by backslashes. - - Describe response: `"ProviderDetails": { "IDPInit": "true", "IDPSignout": "true", "EncryptedResponses" : "true", "ActiveEncryptionCertificate": "[certificate]", "MetadataURL": "https://auth.example.com/sso/saml/metadata", "RequestSigningAlgorithm": "rsa-sha256", "SLORedirectBindingURI": "https://auth.example.com/slo/saml", "SSORedirectBindingURI": "https://auth.example.com/sso/saml" }` - - **LoginWithAmazon** - Create or update request: `"ProviderDetails": { "authorize_scopes": "profile postal_code", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret"` - - Describe response: `"ProviderDetails": { "attributes_url": "https://api.amazon.com/user/profile", "attributes_url_add_attributes": "false", "authorize_scopes": "profile postal_code", "authorize_url": "https://www.amazon.com/ap/oa", "client_id": "amzn1.application-oa2-client.1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "POST", "token_url": "https://api.amazon.com/auth/o2/token" }` - - **Google** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email profile openid", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret" }` - - Describe response: `"ProviderDetails": { "attributes_url": "https://people.googleapis.com/v1/people/me?personFields=", "attributes_url_add_attributes": "true", "authorize_scopes": "email profile openid", "authorize_url": "https://accounts.google.com/o/oauth2/v2/auth", "client_id": "1example23456789.apps.googleusercontent.com", "client_secret": "provider-app-client-secret", "oidc_issuer": "https://accounts.google.com", "token_request_method": "POST", "token_url": "https://www.googleapis.com/oauth2/v4/token" }` - - **SignInWithApple** - Create or update request: `"ProviderDetails": { "authorize_scopes": "email name", "client_id": "com.example.cognito", "private_key": "1EXAMPLE", "key_id": "2EXAMPLE", "team_id": "3EXAMPLE" }` - - Describe response: `"ProviderDetails": { "attributes_url_add_attributes": "false", "authorize_scopes": "email name", "authorize_url": "https://appleid.apple.com/auth/authorize", "client_id": "com.example.cognito", "key_id": "1EXAMPLE", "oidc_issuer": "https://appleid.apple.com", "team_id": "2EXAMPLE", "token_request_method": "POST", "token_url": "https://appleid.apple.com/auth/token" }` - - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` - - Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. - """ - return pulumi.get(self, "provider_details") - - @provider_details.setter - def provider_details(self, value: Optional[Any]): - pulumi.set(self, "provider_details", value) - @property @pulumi.getter(name="providerName") def provider_name(self) -> Optional[pulumi.Input[str]]: @@ -187,9 +178,9 @@ class UserPoolIdentityProvider(pulumi.CustomResource): def __init__(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, - attribute_mapping: Optional[Any] = None, + attribute_mapping: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, idp_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - provider_details: Optional[Any] = None, + provider_details: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, provider_name: Optional[pulumi.Input[str]] = None, provider_type: Optional[pulumi.Input[str]] = None, user_pool_id: Optional[pulumi.Input[str]] = None, @@ -199,11 +190,9 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param Any attribute_mapping: A mapping of IdP attributes to standard and custom user pool attributes. - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] attribute_mapping: A mapping of IdP attributes to standard and custom user pool attributes. :param pulumi.Input[Sequence[pulumi.Input[str]]] idp_identifiers: A list of IdP identifiers. - :param Any provider_details: The scopes, URLs, and identifiers for your external identity provider. The following + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] provider_details: The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their schema are subject to change. Social IdP `authorize_scopes` values must match the values listed here. @@ -232,8 +221,6 @@ def __init__(__self__, - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. :param pulumi.Input[str] provider_name: The IdP name. :param pulumi.Input[str] provider_type: The IdP type. :param pulumi.Input[str] user_pool_id: The user pool ID. @@ -262,9 +249,9 @@ def __init__(__self__, resource_name: str, *args, **kwargs): def _internal_init(__self__, resource_name: str, opts: Optional[pulumi.ResourceOptions] = None, - attribute_mapping: Optional[Any] = None, + attribute_mapping: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, idp_identifiers: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, - provider_details: Optional[Any] = None, + provider_details: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, provider_name: Optional[pulumi.Input[str]] = None, provider_type: Optional[pulumi.Input[str]] = None, user_pool_id: Optional[pulumi.Input[str]] = None, @@ -279,6 +266,8 @@ def _internal_init(__self__, __props__.__dict__["attribute_mapping"] = attribute_mapping __props__.__dict__["idp_identifiers"] = idp_identifiers + if provider_details is None and not opts.urn: + raise TypeError("Missing required property 'provider_details'") __props__.__dict__["provider_details"] = provider_details __props__.__dict__["provider_name"] = provider_name if provider_type is None and not opts.urn: @@ -287,7 +276,6 @@ def _internal_init(__self__, if user_pool_id is None and not opts.urn: raise TypeError("Missing required property 'user_pool_id'") __props__.__dict__["user_pool_id"] = user_pool_id - __props__.__dict__["aws_id"] = None replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["providerName", "providerType", "userPoolId"]) opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) super(UserPoolIdentityProvider, __self__).__init__( @@ -313,7 +301,6 @@ def get(resource_name: str, __props__ = UserPoolIdentityProviderArgs.__new__(UserPoolIdentityProviderArgs) __props__.__dict__["attribute_mapping"] = None - __props__.__dict__["aws_id"] = None __props__.__dict__["idp_identifiers"] = None __props__.__dict__["provider_details"] = None __props__.__dict__["provider_name"] = None @@ -323,22 +310,12 @@ def get(resource_name: str, @property @pulumi.getter(name="attributeMapping") - def attribute_mapping(self) -> pulumi.Output[Optional[Any]]: + def attribute_mapping(self) -> pulumi.Output[Optional[Mapping[str, str]]]: """ A mapping of IdP attributes to standard and custom user pool attributes. - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. """ return pulumi.get(self, "attribute_mapping") - @property - @pulumi.getter(name="awsId") - def aws_id(self) -> pulumi.Output[str]: - """ - The resource ID. - """ - return pulumi.get(self, "aws_id") - @property @pulumi.getter(name="idpIdentifiers") def idp_identifiers(self) -> pulumi.Output[Optional[Sequence[str]]]: @@ -349,7 +326,7 @@ def idp_identifiers(self) -> pulumi.Output[Optional[Sequence[str]]]: @property @pulumi.getter(name="providerDetails") - def provider_details(self) -> pulumi.Output[Optional[Any]]: + def provider_details(self) -> pulumi.Output[Mapping[str, str]]: """ The scopes, URLs, and identifiers for your external identity provider. The following examples describe the provider detail keys for each IdP type. These values and their @@ -380,8 +357,6 @@ def provider_details(self) -> pulumi.Output[Optional[Any]]: - **Facebook** - Create or update request: `"ProviderDetails": { "api_version": "v17.0", "authorize_scopes": "public_profile, email", "client_id": "1example23456789", "client_secret": "provider-app-client-secret" }` Describe response: `"ProviderDetails": { "api_version": "v17.0", "attributes_url": "https://graph.facebook.com/v17.0/me?fields=", "attributes_url_add_attributes": "true", "authorize_scopes": "public_profile, email", "authorize_url": "https://www.facebook.com/v17.0/dialog/oauth", "client_id": "1example23456789", "client_secret": "provider-app-client-secret", "token_request_method": "GET", "token_url": "https://graph.facebook.com/v17.0/oauth/access_token" }` - - Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property. """ return pulumi.get(self, "provider_details") diff --git a/sdk/python/pulumi_aws_native/ec2/capacity_reservation.py b/sdk/python/pulumi_aws_native/ec2/capacity_reservation.py index 05531a9b26..6bdc00361e 100644 --- a/sdk/python/pulumi_aws_native/ec2/capacity_reservation.py +++ b/sdk/python/pulumi_aws_native/ec2/capacity_reservation.py @@ -33,7 +33,8 @@ def __init__(__self__, *, out_post_arn: Optional[pulumi.Input[str]] = None, placement_group_arn: Optional[pulumi.Input[str]] = None, tag_specifications: Optional[pulumi.Input[Sequence[pulumi.Input['CapacityReservationTagSpecificationArgs']]]] = None, - tenancy: Optional[pulumi.Input[str]] = None): + tenancy: Optional[pulumi.Input[str]] = None, + unused_reservation_billing_owner_id: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a CapacityReservation resource. :param pulumi.Input[str] availability_zone: The Availability Zone in which to create the Capacity Reservation. @@ -89,6 +90,8 @@ def __init__(__self__, *, pulumi.set(__self__, "tag_specifications", tag_specifications) if tenancy is not None: pulumi.set(__self__, "tenancy", tenancy) + if unused_reservation_billing_owner_id is not None: + pulumi.set(__self__, "unused_reservation_billing_owner_id", unused_reservation_billing_owner_id) @property @pulumi.getter(name="availabilityZone") @@ -263,6 +266,15 @@ def tenancy(self) -> Optional[pulumi.Input[str]]: def tenancy(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "tenancy", value) + @property + @pulumi.getter(name="unusedReservationBillingOwnerId") + def unused_reservation_billing_owner_id(self) -> Optional[pulumi.Input[str]]: + return pulumi.get(self, "unused_reservation_billing_owner_id") + + @unused_reservation_billing_owner_id.setter + def unused_reservation_billing_owner_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "unused_reservation_billing_owner_id", value) + class CapacityReservation(pulumi.CustomResource): @overload @@ -282,6 +294,7 @@ def __init__(__self__, placement_group_arn: Optional[pulumi.Input[str]] = None, tag_specifications: Optional[pulumi.Input[Sequence[pulumi.Input[Union['CapacityReservationTagSpecificationArgs', 'CapacityReservationTagSpecificationArgsDict']]]]] = None, tenancy: Optional[pulumi.Input[str]] = None, + unused_reservation_billing_owner_id: Optional[pulumi.Input[str]] = None, __props__=None): """ Resource Type definition for AWS::EC2::CapacityReservation @@ -356,6 +369,7 @@ def _internal_init(__self__, placement_group_arn: Optional[pulumi.Input[str]] = None, tag_specifications: Optional[pulumi.Input[Sequence[pulumi.Input[Union['CapacityReservationTagSpecificationArgs', 'CapacityReservationTagSpecificationArgsDict']]]]] = None, tenancy: Optional[pulumi.Input[str]] = None, + unused_reservation_billing_owner_id: Optional[pulumi.Input[str]] = None, __props__=None): opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) if not isinstance(opts, pulumi.ResourceOptions): @@ -386,6 +400,7 @@ def _internal_init(__self__, __props__.__dict__["placement_group_arn"] = placement_group_arn __props__.__dict__["tag_specifications"] = tag_specifications __props__.__dict__["tenancy"] = tenancy + __props__.__dict__["unused_reservation_billing_owner_id"] = unused_reservation_billing_owner_id __props__.__dict__["available_instance_count"] = None __props__.__dict__["aws_id"] = None __props__.__dict__["total_instance_count"] = None @@ -429,6 +444,7 @@ def get(resource_name: str, __props__.__dict__["tag_specifications"] = None __props__.__dict__["tenancy"] = None __props__.__dict__["total_instance_count"] = None + __props__.__dict__["unused_reservation_billing_owner_id"] = None return CapacityReservation(resource_name, opts=opts, __props__=__props__) @property @@ -576,3 +592,8 @@ def total_instance_count(self) -> pulumi.Output[int]: """ return pulumi.get(self, "total_instance_count") + @property + @pulumi.getter(name="unusedReservationBillingOwnerId") + def unused_reservation_billing_owner_id(self) -> pulumi.Output[Optional[str]]: + return pulumi.get(self, "unused_reservation_billing_owner_id") + diff --git a/sdk/python/pulumi_aws_native/ec2/get_vpc_endpoint.py b/sdk/python/pulumi_aws_native/ec2/get_vpc_endpoint.py index 49ed14cbd7..63dadcaf2b 100644 --- a/sdk/python/pulumi_aws_native/ec2/get_vpc_endpoint.py +++ b/sdk/python/pulumi_aws_native/ec2/get_vpc_endpoint.py @@ -95,7 +95,8 @@ def network_interface_ids(self) -> Optional[Sequence[str]]: def policy_document(self) -> Optional[Any]: """ An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. """ diff --git a/sdk/python/pulumi_aws_native/ec2/vpc_endpoint.py b/sdk/python/pulumi_aws_native/ec2/vpc_endpoint.py index 999a7c85d3..77441d8b3a 100644 --- a/sdk/python/pulumi_aws_native/ec2/vpc_endpoint.py +++ b/sdk/python/pulumi_aws_native/ec2/vpc_endpoint.py @@ -33,7 +33,8 @@ def __init__(__self__, *, :param pulumi.Input[str] service_name: The name of the endpoint service. :param pulumi.Input[str] vpc_id: The ID of the VPC. :param Any policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. :param pulumi.Input[bool] private_dns_enabled: Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. @@ -90,7 +91,8 @@ def vpc_id(self, value: pulumi.Input[str]): def policy_document(self) -> Optional[Any]: """ An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. """ @@ -191,7 +193,8 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param Any policy_document: An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. :param pulumi.Input[bool] private_dns_enabled: Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, ``kinesis.us-east-1.amazonaws.com``), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service. @@ -350,7 +353,8 @@ def network_interface_ids(self) -> pulumi.Output[Sequence[str]]: def policy_document(self) -> pulumi.Output[Optional[Any]]: """ An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints. - For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint. + For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section: + ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ "Version":"2012-10-17", "Statement": [{ "Effect":"Allow", "Principal":"*", "Action":["logs:Describe*","logs:Get*","logs:List*","logs:FilterLogEvents"], "Resource":"*" }] }'`` Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property. """ diff --git a/sdk/python/pulumi_aws_native/ecs/_inputs.py b/sdk/python/pulumi_aws_native/ecs/_inputs.py index 092f0e8e49..1a1b1808b9 100644 --- a/sdk/python/pulumi_aws_native/ecs/_inputs.py +++ b/sdk/python/pulumi_aws_native/ecs/_inputs.py @@ -2140,7 +2140,16 @@ class ServiceLogConfigurationArgsDict(TypedDict): """ options: NotRequired[pulumi.Input[Mapping[str, pulumi.Input[str]]]] """ - The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` """ secret_options: NotRequired[pulumi.Input[Sequence[pulumi.Input['ServiceSecretArgsDict']]]] """ @@ -2171,7 +2180,16 @@ def __init__(__self__, *, For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*. For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html). If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. - :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + :param pulumi.Input[Mapping[str, pulumi.Input[str]]] options: The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` :param pulumi.Input[Sequence[pulumi.Input['ServiceSecretArgs']]] secret_options: The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. """ if log_driver is not None: @@ -2202,7 +2220,16 @@ def log_driver(self, value: Optional[pulumi.Input[str]]): @pulumi.getter def options(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: """ - The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` """ return pulumi.get(self, "options") diff --git a/sdk/python/pulumi_aws_native/ecs/capacity_provider.py b/sdk/python/pulumi_aws_native/ecs/capacity_provider.py index 349fb44a33..f727ff2f8a 100644 --- a/sdk/python/pulumi_aws_native/ecs/capacity_provider.py +++ b/sdk/python/pulumi_aws_native/ecs/capacity_provider.py @@ -24,7 +24,7 @@ @pulumi.input_type class CapacityProviderArgs: def __init__(__self__, *, - auto_scaling_group_provider: pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs'], + auto_scaling_group_provider: Optional[pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs']] = None, name: Optional[pulumi.Input[str]] = None, tags: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]] = None): """ @@ -43,7 +43,8 @@ def __init__(__self__, *, - Tag keys and values are case-sensitive. - Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit. """ - pulumi.set(__self__, "auto_scaling_group_provider", auto_scaling_group_provider) + if auto_scaling_group_provider is not None: + pulumi.set(__self__, "auto_scaling_group_provider", auto_scaling_group_provider) if name is not None: pulumi.set(__self__, "name", name) if tags is not None: @@ -51,14 +52,14 @@ def __init__(__self__, *, @property @pulumi.getter(name="autoScalingGroupProvider") - def auto_scaling_group_provider(self) -> pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs']: + def auto_scaling_group_provider(self) -> Optional[pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs']]: """ The Auto Scaling group settings for the capacity provider. """ return pulumi.get(self, "auto_scaling_group_provider") @auto_scaling_group_provider.setter - def auto_scaling_group_provider(self, value: pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs']): + def auto_scaling_group_provider(self, value: Optional[pulumi.Input['CapacityProviderAutoScalingGroupProviderArgs']]): pulumi.set(self, "auto_scaling_group_provider", value) @property @@ -264,7 +265,7 @@ def __init__(__self__, @overload def __init__(__self__, resource_name: str, - args: CapacityProviderArgs, + args: Optional[CapacityProviderArgs] = None, opts: Optional[pulumi.ResourceOptions] = None): """ Resource Type definition for AWS::ECS::CapacityProvider. @@ -432,8 +433,6 @@ def _internal_init(__self__, raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') __props__ = CapacityProviderArgs.__new__(CapacityProviderArgs) - if auto_scaling_group_provider is None and not opts.urn: - raise TypeError("Missing required property 'auto_scaling_group_provider'") __props__.__dict__["auto_scaling_group_provider"] = auto_scaling_group_provider __props__.__dict__["name"] = name __props__.__dict__["tags"] = tags @@ -468,7 +467,7 @@ def get(resource_name: str, @property @pulumi.getter(name="autoScalingGroupProvider") - def auto_scaling_group_provider(self) -> pulumi.Output['outputs.CapacityProviderAutoScalingGroupProvider']: + def auto_scaling_group_provider(self) -> pulumi.Output[Optional['outputs.CapacityProviderAutoScalingGroupProvider']]: """ The Auto Scaling group settings for the capacity provider. """ diff --git a/sdk/python/pulumi_aws_native/ecs/outputs.py b/sdk/python/pulumi_aws_native/ecs/outputs.py index 1d8538721f..042461c213 100644 --- a/sdk/python/pulumi_aws_native/ecs/outputs.py +++ b/sdk/python/pulumi_aws_native/ecs/outputs.py @@ -1737,7 +1737,16 @@ def __init__(__self__, *, For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*. For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html). If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software. - :param Mapping[str, str] options: The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + :param Mapping[str, str] options: The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` :param Sequence['ServiceSecret'] secret_options: The secrets to pass to the log configuration. For more information, see [Specifying sensitive data](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/specifying-sensitive-data.html) in the *Amazon Elastic Container Service Developer Guide*. """ if log_driver is not None: @@ -1764,7 +1773,16 @@ def log_driver(self) -> Optional[str]: @pulumi.getter def options(self) -> Optional[Mapping[str, str]]: """ - The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` + The configuration options to send to the log driver. + The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following: + + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. + To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``. + When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker. + Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``. + When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``. + When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``. + When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options. + This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'`` """ return pulumi.get(self, "options") diff --git a/sdk/python/pulumi_aws_native/elasticache/get_serverless_cache.py b/sdk/python/pulumi_aws_native/elasticache/get_serverless_cache.py index 1a68823a8c..e5659df2c9 100644 --- a/sdk/python/pulumi_aws_native/elasticache/get_serverless_cache.py +++ b/sdk/python/pulumi_aws_native/elasticache/get_serverless_cache.py @@ -26,7 +26,7 @@ @pulumi.output_type class GetServerlessCacheResult: - def __init__(__self__, arn=None, cache_usage_limits=None, create_time=None, daily_snapshot_time=None, description=None, endpoint=None, full_engine_version=None, reader_endpoint=None, security_group_ids=None, snapshot_retention_limit=None, status=None, tags=None, user_group_id=None): + def __init__(__self__, arn=None, cache_usage_limits=None, create_time=None, daily_snapshot_time=None, description=None, endpoint=None, engine=None, full_engine_version=None, major_engine_version=None, reader_endpoint=None, security_group_ids=None, snapshot_retention_limit=None, status=None, tags=None, user_group_id=None): if arn and not isinstance(arn, str): raise TypeError("Expected argument 'arn' to be a str") pulumi.set(__self__, "arn", arn) @@ -45,9 +45,15 @@ def __init__(__self__, arn=None, cache_usage_limits=None, create_time=None, dail if endpoint and not isinstance(endpoint, dict): raise TypeError("Expected argument 'endpoint' to be a dict") pulumi.set(__self__, "endpoint", endpoint) + if engine and not isinstance(engine, str): + raise TypeError("Expected argument 'engine' to be a str") + pulumi.set(__self__, "engine", engine) if full_engine_version and not isinstance(full_engine_version, str): raise TypeError("Expected argument 'full_engine_version' to be a str") pulumi.set(__self__, "full_engine_version", full_engine_version) + if major_engine_version and not isinstance(major_engine_version, str): + raise TypeError("Expected argument 'major_engine_version' to be a str") + pulumi.set(__self__, "major_engine_version", major_engine_version) if reader_endpoint and not isinstance(reader_endpoint, dict): raise TypeError("Expected argument 'reader_endpoint' to be a dict") pulumi.set(__self__, "reader_endpoint", reader_endpoint) @@ -115,6 +121,14 @@ def endpoint(self) -> Optional['outputs.ServerlessCacheEndpoint']: """ return pulumi.get(self, "endpoint") + @property + @pulumi.getter + def engine(self) -> Optional[str]: + """ + The engine name of the Serverless Cache. + """ + return pulumi.get(self, "engine") + @property @pulumi.getter(name="fullEngineVersion") def full_engine_version(self) -> Optional[str]: @@ -123,6 +137,14 @@ def full_engine_version(self) -> Optional[str]: """ return pulumi.get(self, "full_engine_version") + @property + @pulumi.getter(name="majorEngineVersion") + def major_engine_version(self) -> Optional[str]: + """ + The major engine version of the Serverless Cache. + """ + return pulumi.get(self, "major_engine_version") + @property @pulumi.getter(name="readerEndpoint") def reader_endpoint(self) -> Optional['outputs.ServerlessCacheEndpoint']: @@ -184,7 +206,9 @@ def __await__(self): daily_snapshot_time=self.daily_snapshot_time, description=self.description, endpoint=self.endpoint, + engine=self.engine, full_engine_version=self.full_engine_version, + major_engine_version=self.major_engine_version, reader_endpoint=self.reader_endpoint, security_group_ids=self.security_group_ids, snapshot_retention_limit=self.snapshot_retention_limit, @@ -213,7 +237,9 @@ def get_serverless_cache(serverless_cache_name: Optional[str] = None, daily_snapshot_time=pulumi.get(__ret__, 'daily_snapshot_time'), description=pulumi.get(__ret__, 'description'), endpoint=pulumi.get(__ret__, 'endpoint'), + engine=pulumi.get(__ret__, 'engine'), full_engine_version=pulumi.get(__ret__, 'full_engine_version'), + major_engine_version=pulumi.get(__ret__, 'major_engine_version'), reader_endpoint=pulumi.get(__ret__, 'reader_endpoint'), security_group_ids=pulumi.get(__ret__, 'security_group_ids'), snapshot_retention_limit=pulumi.get(__ret__, 'snapshot_retention_limit'), @@ -239,7 +265,9 @@ def get_serverless_cache_output(serverless_cache_name: Optional[pulumi.Input[str daily_snapshot_time=pulumi.get(__response__, 'daily_snapshot_time'), description=pulumi.get(__response__, 'description'), endpoint=pulumi.get(__response__, 'endpoint'), + engine=pulumi.get(__response__, 'engine'), full_engine_version=pulumi.get(__response__, 'full_engine_version'), + major_engine_version=pulumi.get(__response__, 'major_engine_version'), reader_endpoint=pulumi.get(__response__, 'reader_endpoint'), security_group_ids=pulumi.get(__response__, 'security_group_ids'), snapshot_retention_limit=pulumi.get(__response__, 'snapshot_retention_limit'), diff --git a/sdk/python/pulumi_aws_native/elasticache/serverless_cache.py b/sdk/python/pulumi_aws_native/elasticache/serverless_cache.py index bc448c826d..8524263c7b 100644 --- a/sdk/python/pulumi_aws_native/elasticache/serverless_cache.py +++ b/sdk/python/pulumi_aws_native/elasticache/serverless_cache.py @@ -399,7 +399,7 @@ def _internal_init(__self__, __props__.__dict__["create_time"] = None __props__.__dict__["full_engine_version"] = None __props__.__dict__["status"] = None - replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["engine", "kmsKeyId", "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]"]) + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["kmsKeyId", "serverlessCacheName", "snapshotArnsToRestore[*]", "subnetIds[*]"]) opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) super(ServerlessCache, __self__).__init__( 'aws-native:elasticache:ServerlessCache', diff --git a/sdk/python/pulumi_aws_native/imagebuilder/_enums.py b/sdk/python/pulumi_aws_native/imagebuilder/_enums.py index a60b58c1d5..e985a67b53 100644 --- a/sdk/python/pulumi_aws_native/imagebuilder/_enums.py +++ b/sdk/python/pulumi_aws_native/imagebuilder/_enums.py @@ -18,6 +18,7 @@ 'ImageRecipeEbsInstanceBlockDeviceSpecificationVolumeType', 'ImageWorkflowConfigurationOnFailure', 'InfrastructureConfigurationInstanceMetadataOptionsHttpTokens', + 'InfrastructureConfigurationPlacementTenancy', 'LifecyclePolicyActionType', 'LifecyclePolicyFilterType', 'LifecyclePolicyResourceType', @@ -33,6 +34,7 @@ class ComponentPlatform(str, Enum): """ WINDOWS = "Windows" LINUX = "Linux" + MAC_OS = "macOS" class ComponentType(str, Enum): @@ -138,6 +140,15 @@ class InfrastructureConfigurationInstanceMetadataOptionsHttpTokens(str, Enum): OPTIONAL = "optional" +class InfrastructureConfigurationPlacementTenancy(str, Enum): + """ + Tenancy + """ + DEFAULT = "default" + DEDICATED = "dedicated" + HOST = "host" + + class LifecyclePolicyActionType(str, Enum): """ The action type of the policy detail. diff --git a/sdk/python/pulumi_aws_native/imagebuilder/_inputs.py b/sdk/python/pulumi_aws_native/imagebuilder/_inputs.py index e46afa0c03..0b7bb5ff57 100644 --- a/sdk/python/pulumi_aws_native/imagebuilder/_inputs.py +++ b/sdk/python/pulumi_aws_native/imagebuilder/_inputs.py @@ -84,6 +84,8 @@ 'InfrastructureConfigurationInstanceMetadataOptionsArgsDict', 'InfrastructureConfigurationLoggingArgs', 'InfrastructureConfigurationLoggingArgsDict', + 'InfrastructureConfigurationPlacementArgs', + 'InfrastructureConfigurationPlacementArgsDict', 'InfrastructureConfigurationS3LogsArgs', 'InfrastructureConfigurationS3LogsArgsDict', 'LifecyclePolicyActionArgs', @@ -2667,6 +2669,102 @@ def s3_logs(self, value: Optional[pulumi.Input['InfrastructureConfigurationS3Log pulumi.set(self, "s3_logs", value) +if not MYPY: + class InfrastructureConfigurationPlacementArgsDict(TypedDict): + """ + The placement options + """ + availability_zone: NotRequired[pulumi.Input[str]] + """ + AvailabilityZone + """ + host_id: NotRequired[pulumi.Input[str]] + """ + HostId + """ + host_resource_group_arn: NotRequired[pulumi.Input[str]] + """ + HostResourceGroupArn + """ + tenancy: NotRequired[pulumi.Input['InfrastructureConfigurationPlacementTenancy']] + """ + Tenancy + """ +elif False: + InfrastructureConfigurationPlacementArgsDict: TypeAlias = Mapping[str, Any] + +@pulumi.input_type +class InfrastructureConfigurationPlacementArgs: + def __init__(__self__, *, + availability_zone: Optional[pulumi.Input[str]] = None, + host_id: Optional[pulumi.Input[str]] = None, + host_resource_group_arn: Optional[pulumi.Input[str]] = None, + tenancy: Optional[pulumi.Input['InfrastructureConfigurationPlacementTenancy']] = None): + """ + The placement options + :param pulumi.Input[str] availability_zone: AvailabilityZone + :param pulumi.Input[str] host_id: HostId + :param pulumi.Input[str] host_resource_group_arn: HostResourceGroupArn + :param pulumi.Input['InfrastructureConfigurationPlacementTenancy'] tenancy: Tenancy + """ + if availability_zone is not None: + pulumi.set(__self__, "availability_zone", availability_zone) + if host_id is not None: + pulumi.set(__self__, "host_id", host_id) + if host_resource_group_arn is not None: + pulumi.set(__self__, "host_resource_group_arn", host_resource_group_arn) + if tenancy is not None: + pulumi.set(__self__, "tenancy", tenancy) + + @property + @pulumi.getter(name="availabilityZone") + def availability_zone(self) -> Optional[pulumi.Input[str]]: + """ + AvailabilityZone + """ + return pulumi.get(self, "availability_zone") + + @availability_zone.setter + def availability_zone(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "availability_zone", value) + + @property + @pulumi.getter(name="hostId") + def host_id(self) -> Optional[pulumi.Input[str]]: + """ + HostId + """ + return pulumi.get(self, "host_id") + + @host_id.setter + def host_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "host_id", value) + + @property + @pulumi.getter(name="hostResourceGroupArn") + def host_resource_group_arn(self) -> Optional[pulumi.Input[str]]: + """ + HostResourceGroupArn + """ + return pulumi.get(self, "host_resource_group_arn") + + @host_resource_group_arn.setter + def host_resource_group_arn(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "host_resource_group_arn", value) + + @property + @pulumi.getter + def tenancy(self) -> Optional[pulumi.Input['InfrastructureConfigurationPlacementTenancy']]: + """ + Tenancy + """ + return pulumi.get(self, "tenancy") + + @tenancy.setter + def tenancy(self, value: Optional[pulumi.Input['InfrastructureConfigurationPlacementTenancy']]): + pulumi.set(self, "tenancy", value) + + if not MYPY: class InfrastructureConfigurationS3LogsArgsDict(TypedDict): """ diff --git a/sdk/python/pulumi_aws_native/imagebuilder/get_infrastructure_configuration.py b/sdk/python/pulumi_aws_native/imagebuilder/get_infrastructure_configuration.py index 87fb252a9d..86c04ea89d 100644 --- a/sdk/python/pulumi_aws_native/imagebuilder/get_infrastructure_configuration.py +++ b/sdk/python/pulumi_aws_native/imagebuilder/get_infrastructure_configuration.py @@ -25,7 +25,7 @@ @pulumi.output_type class GetInfrastructureConfigurationResult: - def __init__(__self__, arn=None, description=None, instance_metadata_options=None, instance_profile_name=None, instance_types=None, key_pair=None, logging=None, resource_tags=None, security_group_ids=None, sns_topic_arn=None, subnet_id=None, tags=None, terminate_instance_on_failure=None): + def __init__(__self__, arn=None, description=None, instance_metadata_options=None, instance_profile_name=None, instance_types=None, key_pair=None, logging=None, placement=None, resource_tags=None, security_group_ids=None, sns_topic_arn=None, subnet_id=None, tags=None, terminate_instance_on_failure=None): if arn and not isinstance(arn, str): raise TypeError("Expected argument 'arn' to be a str") pulumi.set(__self__, "arn", arn) @@ -47,6 +47,9 @@ def __init__(__self__, arn=None, description=None, instance_metadata_options=Non if logging and not isinstance(logging, dict): raise TypeError("Expected argument 'logging' to be a dict") pulumi.set(__self__, "logging", logging) + if placement and not isinstance(placement, dict): + raise TypeError("Expected argument 'placement' to be a dict") + pulumi.set(__self__, "placement", placement) if resource_tags and not isinstance(resource_tags, dict): raise TypeError("Expected argument 'resource_tags' to be a dict") pulumi.set(__self__, "resource_tags", resource_tags) @@ -122,6 +125,14 @@ def logging(self) -> Optional['outputs.InfrastructureConfigurationLogging']: """ return pulumi.get(self, "logging") + @property + @pulumi.getter + def placement(self) -> Optional['outputs.InfrastructureConfigurationPlacement']: + """ + The placement option settings for the infrastructure configuration. + """ + return pulumi.get(self, "placement") + @property @pulumi.getter(name="resourceTags") def resource_tags(self) -> Optional[Mapping[str, str]]: @@ -184,6 +195,7 @@ def __await__(self): instance_types=self.instance_types, key_pair=self.key_pair, logging=self.logging, + placement=self.placement, resource_tags=self.resource_tags, security_group_ids=self.security_group_ids, sns_topic_arn=self.sns_topic_arn, @@ -213,6 +225,7 @@ def get_infrastructure_configuration(arn: Optional[str] = None, instance_types=pulumi.get(__ret__, 'instance_types'), key_pair=pulumi.get(__ret__, 'key_pair'), logging=pulumi.get(__ret__, 'logging'), + placement=pulumi.get(__ret__, 'placement'), resource_tags=pulumi.get(__ret__, 'resource_tags'), security_group_ids=pulumi.get(__ret__, 'security_group_ids'), sns_topic_arn=pulumi.get(__ret__, 'sns_topic_arn'), @@ -239,6 +252,7 @@ def get_infrastructure_configuration_output(arn: Optional[pulumi.Input[str]] = N instance_types=pulumi.get(__response__, 'instance_types'), key_pair=pulumi.get(__response__, 'key_pair'), logging=pulumi.get(__response__, 'logging'), + placement=pulumi.get(__response__, 'placement'), resource_tags=pulumi.get(__response__, 'resource_tags'), security_group_ids=pulumi.get(__response__, 'security_group_ids'), sns_topic_arn=pulumi.get(__response__, 'sns_topic_arn'), diff --git a/sdk/python/pulumi_aws_native/imagebuilder/infrastructure_configuration.py b/sdk/python/pulumi_aws_native/imagebuilder/infrastructure_configuration.py index c99da041e5..a43da17de5 100644 --- a/sdk/python/pulumi_aws_native/imagebuilder/infrastructure_configuration.py +++ b/sdk/python/pulumi_aws_native/imagebuilder/infrastructure_configuration.py @@ -29,6 +29,7 @@ def __init__(__self__, *, key_pair: Optional[pulumi.Input[str]] = None, logging: Optional[pulumi.Input['InfrastructureConfigurationLoggingArgs']] = None, name: Optional[pulumi.Input[str]] = None, + placement: Optional[pulumi.Input['InfrastructureConfigurationPlacementArgs']] = None, resource_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, security_group_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, sns_topic_arn: Optional[pulumi.Input[str]] = None, @@ -44,6 +45,7 @@ def __init__(__self__, *, :param pulumi.Input[str] key_pair: The EC2 key pair of the infrastructure configuration.. :param pulumi.Input['InfrastructureConfigurationLoggingArgs'] logging: The logging configuration of the infrastructure configuration. :param pulumi.Input[str] name: The name of the infrastructure configuration. + :param pulumi.Input['InfrastructureConfigurationPlacementArgs'] placement: The placement option settings for the infrastructure configuration. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] resource_tags: The tags attached to the resource created by Image Builder. :param pulumi.Input[Sequence[pulumi.Input[str]]] security_group_ids: The security group IDs of the infrastructure configuration. :param pulumi.Input[str] sns_topic_arn: The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration. @@ -64,6 +66,8 @@ def __init__(__self__, *, pulumi.set(__self__, "logging", logging) if name is not None: pulumi.set(__self__, "name", name) + if placement is not None: + pulumi.set(__self__, "placement", placement) if resource_tags is not None: pulumi.set(__self__, "resource_tags", resource_tags) if security_group_ids is not None: @@ -161,6 +165,18 @@ def name(self) -> Optional[pulumi.Input[str]]: def name(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "name", value) + @property + @pulumi.getter + def placement(self) -> Optional[pulumi.Input['InfrastructureConfigurationPlacementArgs']]: + """ + The placement option settings for the infrastructure configuration. + """ + return pulumi.get(self, "placement") + + @placement.setter + def placement(self, value: Optional[pulumi.Input['InfrastructureConfigurationPlacementArgs']]): + pulumi.set(self, "placement", value) + @property @pulumi.getter(name="resourceTags") def resource_tags(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: @@ -246,6 +262,7 @@ def __init__(__self__, key_pair: Optional[pulumi.Input[str]] = None, logging: Optional[pulumi.Input[Union['InfrastructureConfigurationLoggingArgs', 'InfrastructureConfigurationLoggingArgsDict']]] = None, name: Optional[pulumi.Input[str]] = None, + placement: Optional[pulumi.Input[Union['InfrastructureConfigurationPlacementArgs', 'InfrastructureConfigurationPlacementArgsDict']]] = None, resource_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, security_group_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, sns_topic_arn: Optional[pulumi.Input[str]] = None, @@ -265,6 +282,7 @@ def __init__(__self__, :param pulumi.Input[str] key_pair: The EC2 key pair of the infrastructure configuration.. :param pulumi.Input[Union['InfrastructureConfigurationLoggingArgs', 'InfrastructureConfigurationLoggingArgsDict']] logging: The logging configuration of the infrastructure configuration. :param pulumi.Input[str] name: The name of the infrastructure configuration. + :param pulumi.Input[Union['InfrastructureConfigurationPlacementArgs', 'InfrastructureConfigurationPlacementArgsDict']] placement: The placement option settings for the infrastructure configuration. :param pulumi.Input[Mapping[str, pulumi.Input[str]]] resource_tags: The tags attached to the resource created by Image Builder. :param pulumi.Input[Sequence[pulumi.Input[str]]] security_group_ids: The security group IDs of the infrastructure configuration. :param pulumi.Input[str] sns_topic_arn: The SNS Topic Amazon Resource Name (ARN) of the infrastructure configuration. @@ -303,6 +321,7 @@ def _internal_init(__self__, key_pair: Optional[pulumi.Input[str]] = None, logging: Optional[pulumi.Input[Union['InfrastructureConfigurationLoggingArgs', 'InfrastructureConfigurationLoggingArgsDict']]] = None, name: Optional[pulumi.Input[str]] = None, + placement: Optional[pulumi.Input[Union['InfrastructureConfigurationPlacementArgs', 'InfrastructureConfigurationPlacementArgsDict']]] = None, resource_tags: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, security_group_ids: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]] = None, sns_topic_arn: Optional[pulumi.Input[str]] = None, @@ -327,6 +346,7 @@ def _internal_init(__self__, __props__.__dict__["key_pair"] = key_pair __props__.__dict__["logging"] = logging __props__.__dict__["name"] = name + __props__.__dict__["placement"] = placement __props__.__dict__["resource_tags"] = resource_tags __props__.__dict__["security_group_ids"] = security_group_ids __props__.__dict__["sns_topic_arn"] = sns_topic_arn @@ -366,6 +386,7 @@ def get(resource_name: str, __props__.__dict__["key_pair"] = None __props__.__dict__["logging"] = None __props__.__dict__["name"] = None + __props__.__dict__["placement"] = None __props__.__dict__["resource_tags"] = None __props__.__dict__["security_group_ids"] = None __props__.__dict__["sns_topic_arn"] = None @@ -438,6 +459,14 @@ def name(self) -> pulumi.Output[str]: """ return pulumi.get(self, "name") + @property + @pulumi.getter + def placement(self) -> pulumi.Output[Optional['outputs.InfrastructureConfigurationPlacement']]: + """ + The placement option settings for the infrastructure configuration. + """ + return pulumi.get(self, "placement") + @property @pulumi.getter(name="resourceTags") def resource_tags(self) -> pulumi.Output[Optional[Mapping[str, str]]]: diff --git a/sdk/python/pulumi_aws_native/imagebuilder/outputs.py b/sdk/python/pulumi_aws_native/imagebuilder/outputs.py index ae212b19e7..8d0b8aa304 100644 --- a/sdk/python/pulumi_aws_native/imagebuilder/outputs.py +++ b/sdk/python/pulumi_aws_native/imagebuilder/outputs.py @@ -51,6 +51,7 @@ 'ImageWorkflowParameter', 'InfrastructureConfigurationInstanceMetadataOptions', 'InfrastructureConfigurationLogging', + 'InfrastructureConfigurationPlacement', 'InfrastructureConfigurationS3Logs', 'LifecyclePolicyAction', 'LifecyclePolicyAmiExclusionRules', @@ -2240,6 +2241,86 @@ def s3_logs(self) -> Optional['outputs.InfrastructureConfigurationS3Logs']: return pulumi.get(self, "s3_logs") +@pulumi.output_type +class InfrastructureConfigurationPlacement(dict): + """ + The placement options + """ + @staticmethod + def __key_warning(key: str): + suggest = None + if key == "availabilityZone": + suggest = "availability_zone" + elif key == "hostId": + suggest = "host_id" + elif key == "hostResourceGroupArn": + suggest = "host_resource_group_arn" + + if suggest: + pulumi.log.warn(f"Key '{key}' not found in InfrastructureConfigurationPlacement. Access the value via the '{suggest}' property getter instead.") + + def __getitem__(self, key: str) -> Any: + InfrastructureConfigurationPlacement.__key_warning(key) + return super().__getitem__(key) + + def get(self, key: str, default = None) -> Any: + InfrastructureConfigurationPlacement.__key_warning(key) + return super().get(key, default) + + def __init__(__self__, *, + availability_zone: Optional[str] = None, + host_id: Optional[str] = None, + host_resource_group_arn: Optional[str] = None, + tenancy: Optional['InfrastructureConfigurationPlacementTenancy'] = None): + """ + The placement options + :param str availability_zone: AvailabilityZone + :param str host_id: HostId + :param str host_resource_group_arn: HostResourceGroupArn + :param 'InfrastructureConfigurationPlacementTenancy' tenancy: Tenancy + """ + if availability_zone is not None: + pulumi.set(__self__, "availability_zone", availability_zone) + if host_id is not None: + pulumi.set(__self__, "host_id", host_id) + if host_resource_group_arn is not None: + pulumi.set(__self__, "host_resource_group_arn", host_resource_group_arn) + if tenancy is not None: + pulumi.set(__self__, "tenancy", tenancy) + + @property + @pulumi.getter(name="availabilityZone") + def availability_zone(self) -> Optional[str]: + """ + AvailabilityZone + """ + return pulumi.get(self, "availability_zone") + + @property + @pulumi.getter(name="hostId") + def host_id(self) -> Optional[str]: + """ + HostId + """ + return pulumi.get(self, "host_id") + + @property + @pulumi.getter(name="hostResourceGroupArn") + def host_resource_group_arn(self) -> Optional[str]: + """ + HostResourceGroupArn + """ + return pulumi.get(self, "host_resource_group_arn") + + @property + @pulumi.getter + def tenancy(self) -> Optional['InfrastructureConfigurationPlacementTenancy']: + """ + Tenancy + """ + return pulumi.get(self, "tenancy") + + @pulumi.output_type class InfrastructureConfigurationS3Logs(dict): """ diff --git a/sdk/python/pulumi_aws_native/ivs/_inputs.py b/sdk/python/pulumi_aws_native/ivs/_inputs.py index b37fb7e2b4..71434a56d1 100644 --- a/sdk/python/pulumi_aws_native/ivs/_inputs.py +++ b/sdk/python/pulumi_aws_native/ivs/_inputs.py @@ -362,11 +362,11 @@ class VideoPropertiesArgsDict(TypedDict): """ height: NotRequired[pulumi.Input[int]] """ - Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. """ width: NotRequired[pulumi.Input[int]] """ - Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. """ elif False: VideoPropertiesArgsDict: TypeAlias = Mapping[str, Any] @@ -382,8 +382,8 @@ def __init__(__self__, *, Video configuration. Default: video resolution 1280x720, bitrate 2500 kbps, 30 fps :param pulumi.Input[int] bitrate: Bitrate for generated output, in bps. Default: 2500000. :param pulumi.Input[float] framerate: Video frame rate, in fps. Default: 30. - :param pulumi.Input[int] height: Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. - :param pulumi.Input[int] width: Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + :param pulumi.Input[int] height: Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + :param pulumi.Input[int] width: Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. """ if bitrate is not None: pulumi.set(__self__, "bitrate", bitrate) @@ -422,7 +422,7 @@ def framerate(self, value: Optional[pulumi.Input[float]]): @pulumi.getter def height(self) -> Optional[pulumi.Input[int]]: """ - Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. """ return pulumi.get(self, "height") @@ -434,7 +434,7 @@ def height(self, value: Optional[pulumi.Input[int]]): @pulumi.getter def width(self) -> Optional[pulumi.Input[int]]: """ - Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. """ return pulumi.get(self, "width") diff --git a/sdk/python/pulumi_aws_native/ivs/outputs.py b/sdk/python/pulumi_aws_native/ivs/outputs.py index a8a2a8c677..01c2d56f83 100644 --- a/sdk/python/pulumi_aws_native/ivs/outputs.py +++ b/sdk/python/pulumi_aws_native/ivs/outputs.py @@ -324,8 +324,8 @@ def __init__(__self__, *, Video configuration. Default: video resolution 1280x720, bitrate 2500 kbps, 30 fps :param int bitrate: Bitrate for generated output, in bps. Default: 2500000. :param float framerate: Video frame rate, in fps. Default: 30. - :param int height: Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. - :param int width: Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + :param int height: Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + :param int width: Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. """ if bitrate is not None: pulumi.set(__self__, "bitrate", bitrate) @@ -356,7 +356,7 @@ def framerate(self) -> Optional[float]: @pulumi.getter def height(self) -> Optional[int]: """ - Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. + Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720. """ return pulumi.get(self, "height") @@ -364,7 +364,7 @@ def height(self) -> Optional[int]: @pulumi.getter def width(self) -> Optional[int]: """ - Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. + Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280. """ return pulumi.get(self, "width") diff --git a/sdk/python/pulumi_aws_native/memorydb/cluster.py b/sdk/python/pulumi_aws_native/memorydb/cluster.py index 5cd5b710d2..ffc6589ada 100644 --- a/sdk/python/pulumi_aws_native/memorydb/cluster.py +++ b/sdk/python/pulumi_aws_native/memorydb/cluster.py @@ -31,6 +31,7 @@ def __init__(__self__, *, cluster_name: Optional[pulumi.Input[str]] = None, data_tiering: Optional[pulumi.Input['ClusterDataTieringStatus']] = None, description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, engine_version: Optional[pulumi.Input[str]] = None, final_snapshot_name: Optional[pulumi.Input[str]] = None, kms_key_id: Optional[pulumi.Input[str]] = None, @@ -60,6 +61,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster_name: The name of the cluster. This value must be unique as it also serves as the cluster identifier. :param pulumi.Input['ClusterDataTieringStatus'] data_tiering: Enables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. :param pulumi.Input[str] description: An optional description of the cluster. + :param pulumi.Input[str] engine: The engine type used by the cluster. :param pulumi.Input[str] engine_version: The Redis engine version used by the cluster. :param pulumi.Input[str] final_snapshot_name: The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. :param pulumi.Input[str] kms_key_id: The ID of the KMS key used to encrypt the cluster. @@ -93,6 +95,8 @@ def __init__(__self__, *, pulumi.set(__self__, "data_tiering", data_tiering) if description is not None: pulumi.set(__self__, "description", description) + if engine is not None: + pulumi.set(__self__, "engine", engine) if engine_version is not None: pulumi.set(__self__, "engine_version", engine_version) if final_snapshot_name is not None: @@ -216,6 +220,18 @@ def description(self) -> Optional[pulumi.Input[str]]: def description(self, value: Optional[pulumi.Input[str]]): pulumi.set(self, "description", value) + @property + @pulumi.getter + def engine(self) -> Optional[pulumi.Input[str]]: + """ + The engine type used by the cluster. + """ + return pulumi.get(self, "engine") + + @engine.setter + def engine(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "engine", value) + @property @pulumi.getter(name="engineVersion") def engine_version(self) -> Optional[pulumi.Input[str]]: @@ -446,6 +462,7 @@ def __init__(__self__, cluster_name: Optional[pulumi.Input[str]] = None, data_tiering: Optional[pulumi.Input['ClusterDataTieringStatus']] = None, description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, engine_version: Optional[pulumi.Input[str]] = None, final_snapshot_name: Optional[pulumi.Input[str]] = None, kms_key_id: Optional[pulumi.Input[str]] = None, @@ -479,6 +496,7 @@ def __init__(__self__, :param pulumi.Input[str] cluster_name: The name of the cluster. This value must be unique as it also serves as the cluster identifier. :param pulumi.Input['ClusterDataTieringStatus'] data_tiering: Enables data tiering. Data tiering is only supported for clusters using the r6gd node type. This parameter must be set when using r6gd nodes. :param pulumi.Input[str] description: An optional description of the cluster. + :param pulumi.Input[str] engine: The engine type used by the cluster. :param pulumi.Input[str] engine_version: The Redis engine version used by the cluster. :param pulumi.Input[str] final_snapshot_name: The user-supplied name of a final cluster snapshot. This is the unique name that identifies the snapshot. MemoryDB creates the snapshot, and then deletes the cluster immediately afterward. :param pulumi.Input[str] kms_key_id: The ID of the KMS key used to encrypt the cluster. @@ -531,6 +549,7 @@ def _internal_init(__self__, cluster_name: Optional[pulumi.Input[str]] = None, data_tiering: Optional[pulumi.Input['ClusterDataTieringStatus']] = None, description: Optional[pulumi.Input[str]] = None, + engine: Optional[pulumi.Input[str]] = None, engine_version: Optional[pulumi.Input[str]] = None, final_snapshot_name: Optional[pulumi.Input[str]] = None, kms_key_id: Optional[pulumi.Input[str]] = None, @@ -567,6 +586,7 @@ def _internal_init(__self__, __props__.__dict__["cluster_name"] = cluster_name __props__.__dict__["data_tiering"] = data_tiering __props__.__dict__["description"] = description + __props__.__dict__["engine"] = engine __props__.__dict__["engine_version"] = engine_version __props__.__dict__["final_snapshot_name"] = final_snapshot_name __props__.__dict__["kms_key_id"] = kms_key_id @@ -622,6 +642,7 @@ def get(resource_name: str, __props__.__dict__["cluster_name"] = None __props__.__dict__["data_tiering"] = None __props__.__dict__["description"] = None + __props__.__dict__["engine"] = None __props__.__dict__["engine_version"] = None __props__.__dict__["final_snapshot_name"] = None __props__.__dict__["kms_key_id"] = None @@ -703,6 +724,14 @@ def description(self) -> pulumi.Output[Optional[str]]: """ return pulumi.get(self, "description") + @property + @pulumi.getter + def engine(self) -> pulumi.Output[Optional[str]]: + """ + The engine type used by the cluster. + """ + return pulumi.get(self, "engine") + @property @pulumi.getter(name="engineVersion") def engine_version(self) -> pulumi.Output[Optional[str]]: diff --git a/sdk/python/pulumi_aws_native/memorydb/get_cluster.py b/sdk/python/pulumi_aws_native/memorydb/get_cluster.py index 63f3ac5bc4..39c117dd28 100644 --- a/sdk/python/pulumi_aws_native/memorydb/get_cluster.py +++ b/sdk/python/pulumi_aws_native/memorydb/get_cluster.py @@ -25,7 +25,7 @@ @pulumi.output_type class GetClusterResult: - def __init__(__self__, acl_name=None, arn=None, auto_minor_version_upgrade=None, cluster_endpoint=None, description=None, engine_version=None, maintenance_window=None, node_type=None, num_replicas_per_shard=None, num_shards=None, parameter_group_name=None, parameter_group_status=None, security_group_ids=None, snapshot_retention_limit=None, snapshot_window=None, sns_topic_arn=None, sns_topic_status=None, status=None, tags=None): + def __init__(__self__, acl_name=None, arn=None, auto_minor_version_upgrade=None, cluster_endpoint=None, description=None, engine=None, engine_version=None, maintenance_window=None, node_type=None, num_replicas_per_shard=None, num_shards=None, parameter_group_name=None, parameter_group_status=None, security_group_ids=None, snapshot_retention_limit=None, snapshot_window=None, sns_topic_arn=None, sns_topic_status=None, status=None, tags=None): if acl_name and not isinstance(acl_name, str): raise TypeError("Expected argument 'acl_name' to be a str") pulumi.set(__self__, "acl_name", acl_name) @@ -41,6 +41,9 @@ def __init__(__self__, acl_name=None, arn=None, auto_minor_version_upgrade=None, if description and not isinstance(description, str): raise TypeError("Expected argument 'description' to be a str") pulumi.set(__self__, "description", description) + if engine and not isinstance(engine, str): + raise TypeError("Expected argument 'engine' to be a str") + pulumi.set(__self__, "engine", engine) if engine_version and not isinstance(engine_version, str): raise TypeError("Expected argument 'engine_version' to be a str") pulumi.set(__self__, "engine_version", engine_version) @@ -126,6 +129,14 @@ def description(self) -> Optional[str]: """ return pulumi.get(self, "description") + @property + @pulumi.getter + def engine(self) -> Optional[str]: + """ + The engine type used by the cluster. + """ + return pulumi.get(self, "engine") + @property @pulumi.getter(name="engineVersion") def engine_version(self) -> Optional[str]: @@ -250,6 +261,7 @@ def __await__(self): auto_minor_version_upgrade=self.auto_minor_version_upgrade, cluster_endpoint=self.cluster_endpoint, description=self.description, + engine=self.engine, engine_version=self.engine_version, maintenance_window=self.maintenance_window, node_type=self.node_type, @@ -285,6 +297,7 @@ def get_cluster(cluster_name: Optional[str] = None, auto_minor_version_upgrade=pulumi.get(__ret__, 'auto_minor_version_upgrade'), cluster_endpoint=pulumi.get(__ret__, 'cluster_endpoint'), description=pulumi.get(__ret__, 'description'), + engine=pulumi.get(__ret__, 'engine'), engine_version=pulumi.get(__ret__, 'engine_version'), maintenance_window=pulumi.get(__ret__, 'maintenance_window'), node_type=pulumi.get(__ret__, 'node_type'), @@ -317,6 +330,7 @@ def get_cluster_output(cluster_name: Optional[pulumi.Input[str]] = None, auto_minor_version_upgrade=pulumi.get(__response__, 'auto_minor_version_upgrade'), cluster_endpoint=pulumi.get(__response__, 'cluster_endpoint'), description=pulumi.get(__response__, 'description'), + engine=pulumi.get(__response__, 'engine'), engine_version=pulumi.get(__response__, 'engine_version'), maintenance_window=pulumi.get(__response__, 'maintenance_window'), node_type=pulumi.get(__response__, 'node_type'), diff --git a/sdk/python/pulumi_aws_native/pcaconnectorad/get_connector.py b/sdk/python/pulumi_aws_native/pcaconnectorad/get_connector.py index a89a5c0c38..1f6fc28586 100644 --- a/sdk/python/pulumi_aws_native/pcaconnectorad/get_connector.py +++ b/sdk/python/pulumi_aws_native/pcaconnectorad/get_connector.py @@ -23,10 +23,13 @@ @pulumi.output_type class GetConnectorResult: - def __init__(__self__, connector_arn=None): + def __init__(__self__, connector_arn=None, tags=None): if connector_arn and not isinstance(connector_arn, str): raise TypeError("Expected argument 'connector_arn' to be a str") pulumi.set(__self__, "connector_arn", connector_arn) + if tags and not isinstance(tags, dict): + raise TypeError("Expected argument 'tags' to be a dict") + pulumi.set(__self__, "tags", tags) @property @pulumi.getter(name="connectorArn") @@ -36,6 +39,14 @@ def connector_arn(self) -> Optional[str]: """ return pulumi.get(self, "connector_arn") + @property + @pulumi.getter + def tags(self) -> Optional[Mapping[str, str]]: + """ + Metadata assigned to a connector consisting of a key-value pair. + """ + return pulumi.get(self, "tags") + class AwaitableGetConnectorResult(GetConnectorResult): # pylint: disable=using-constant-test @@ -43,7 +54,8 @@ def __await__(self): if False: yield self return GetConnectorResult( - connector_arn=self.connector_arn) + connector_arn=self.connector_arn, + tags=self.tags) def get_connector(connector_arn: Optional[str] = None, @@ -60,7 +72,8 @@ def get_connector(connector_arn: Optional[str] = None, __ret__ = pulumi.runtime.invoke('aws-native:pcaconnectorad:getConnector', __args__, opts=opts, typ=GetConnectorResult).value return AwaitableGetConnectorResult( - connector_arn=pulumi.get(__ret__, 'connector_arn')) + connector_arn=pulumi.get(__ret__, 'connector_arn'), + tags=pulumi.get(__ret__, 'tags')) def get_connector_output(connector_arn: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetConnectorResult]: """ @@ -74,4 +87,5 @@ def get_connector_output(connector_arn: Optional[pulumi.Input[str]] = None, opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('aws-native:pcaconnectorad:getConnector', __args__, opts=opts, typ=GetConnectorResult) return __ret__.apply(lambda __response__: GetConnectorResult( - connector_arn=pulumi.get(__response__, 'connector_arn'))) + connector_arn=pulumi.get(__response__, 'connector_arn'), + tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/pcaconnectorad/get_directory_registration.py b/sdk/python/pulumi_aws_native/pcaconnectorad/get_directory_registration.py index ec918e2e1f..d52fb7af4d 100644 --- a/sdk/python/pulumi_aws_native/pcaconnectorad/get_directory_registration.py +++ b/sdk/python/pulumi_aws_native/pcaconnectorad/get_directory_registration.py @@ -23,10 +23,13 @@ @pulumi.output_type class GetDirectoryRegistrationResult: - def __init__(__self__, directory_registration_arn=None): + def __init__(__self__, directory_registration_arn=None, tags=None): if directory_registration_arn and not isinstance(directory_registration_arn, str): raise TypeError("Expected argument 'directory_registration_arn' to be a str") pulumi.set(__self__, "directory_registration_arn", directory_registration_arn) + if tags and not isinstance(tags, dict): + raise TypeError("Expected argument 'tags' to be a dict") + pulumi.set(__self__, "tags", tags) @property @pulumi.getter(name="directoryRegistrationArn") @@ -36,6 +39,14 @@ def directory_registration_arn(self) -> Optional[str]: """ return pulumi.get(self, "directory_registration_arn") + @property + @pulumi.getter + def tags(self) -> Optional[Mapping[str, str]]: + """ + Metadata assigned to a directory registration consisting of a key-value pair. + """ + return pulumi.get(self, "tags") + class AwaitableGetDirectoryRegistrationResult(GetDirectoryRegistrationResult): # pylint: disable=using-constant-test @@ -43,7 +54,8 @@ def __await__(self): if False: yield self return GetDirectoryRegistrationResult( - directory_registration_arn=self.directory_registration_arn) + directory_registration_arn=self.directory_registration_arn, + tags=self.tags) def get_directory_registration(directory_registration_arn: Optional[str] = None, @@ -60,7 +72,8 @@ def get_directory_registration(directory_registration_arn: Optional[str] = None, __ret__ = pulumi.runtime.invoke('aws-native:pcaconnectorad:getDirectoryRegistration', __args__, opts=opts, typ=GetDirectoryRegistrationResult).value return AwaitableGetDirectoryRegistrationResult( - directory_registration_arn=pulumi.get(__ret__, 'directory_registration_arn')) + directory_registration_arn=pulumi.get(__ret__, 'directory_registration_arn'), + tags=pulumi.get(__ret__, 'tags')) def get_directory_registration_output(directory_registration_arn: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetDirectoryRegistrationResult]: """ @@ -74,4 +87,5 @@ def get_directory_registration_output(directory_registration_arn: Optional[pulum opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('aws-native:pcaconnectorad:getDirectoryRegistration', __args__, opts=opts, typ=GetDirectoryRegistrationResult) return __ret__.apply(lambda __response__: GetDirectoryRegistrationResult( - directory_registration_arn=pulumi.get(__response__, 'directory_registration_arn'))) + directory_registration_arn=pulumi.get(__response__, 'directory_registration_arn'), + tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/pcaconnectorad/get_template.py b/sdk/python/pulumi_aws_native/pcaconnectorad/get_template.py index 21e7ef351b..eeb7f3ef82 100644 --- a/sdk/python/pulumi_aws_native/pcaconnectorad/get_template.py +++ b/sdk/python/pulumi_aws_native/pcaconnectorad/get_template.py @@ -13,6 +13,8 @@ else: from typing_extensions import NotRequired, TypedDict, TypeAlias from .. import _utilities +from . import outputs +from ._enums import * __all__ = [ 'GetTemplateResult', @@ -23,11 +25,33 @@ @pulumi.output_type class GetTemplateResult: - def __init__(__self__, template_arn=None): + def __init__(__self__, definition=None, tags=None, template_arn=None): + if definition and not isinstance(definition, dict): + raise TypeError("Expected argument 'definition' to be a dict") + pulumi.set(__self__, "definition", definition) + if tags and not isinstance(tags, dict): + raise TypeError("Expected argument 'tags' to be a dict") + pulumi.set(__self__, "tags", tags) if template_arn and not isinstance(template_arn, str): raise TypeError("Expected argument 'template_arn' to be a str") pulumi.set(__self__, "template_arn", template_arn) + @property + @pulumi.getter + def definition(self) -> Optional[Any]: + """ + Template configuration to define the information included in certificates. Define certificate validity and renewal periods, certificate request handling and enrollment options, key usage extensions, application policies, and cryptography settings. + """ + return pulumi.get(self, "definition") + + @property + @pulumi.getter + def tags(self) -> Optional[Mapping[str, str]]: + """ + Metadata assigned to a template consisting of a key-value pair. + """ + return pulumi.get(self, "tags") + @property @pulumi.getter(name="templateArn") def template_arn(self) -> Optional[str]: @@ -43,6 +67,8 @@ def __await__(self): if False: yield self return GetTemplateResult( + definition=self.definition, + tags=self.tags, template_arn=self.template_arn) @@ -60,6 +86,8 @@ def get_template(template_arn: Optional[str] = None, __ret__ = pulumi.runtime.invoke('aws-native:pcaconnectorad:getTemplate', __args__, opts=opts, typ=GetTemplateResult).value return AwaitableGetTemplateResult( + definition=pulumi.get(__ret__, 'definition'), + tags=pulumi.get(__ret__, 'tags'), template_arn=pulumi.get(__ret__, 'template_arn')) def get_template_output(template_arn: Optional[pulumi.Input[str]] = None, opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetTemplateResult]: @@ -74,4 +102,6 @@ def get_template_output(template_arn: Optional[pulumi.Input[str]] = None, opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) __ret__ = pulumi.runtime.invoke_output('aws-native:pcaconnectorad:getTemplate', __args__, opts=opts, typ=GetTemplateResult) return __ret__.apply(lambda __response__: GetTemplateResult( + definition=pulumi.get(__response__, 'definition'), + tags=pulumi.get(__response__, 'tags'), template_arn=pulumi.get(__response__, 'template_arn'))) diff --git a/sdk/python/pulumi_aws_native/qbusiness/get_web_experience.py b/sdk/python/pulumi_aws_native/qbusiness/get_web_experience.py index 79b7ffcd96..4919d722ca 100644 --- a/sdk/python/pulumi_aws_native/qbusiness/get_web_experience.py +++ b/sdk/python/pulumi_aws_native/qbusiness/get_web_experience.py @@ -97,6 +97,11 @@ def identity_provider_configuration(self) -> Optional[Any]: @property @pulumi.getter def origins(self) -> Optional[Sequence[str]]: + """ + Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + + > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + """ return pulumi.get(self, "origins") @property diff --git a/sdk/python/pulumi_aws_native/qbusiness/web_experience.py b/sdk/python/pulumi_aws_native/qbusiness/web_experience.py index fa78ad4452..2c1c79d48c 100644 --- a/sdk/python/pulumi_aws_native/qbusiness/web_experience.py +++ b/sdk/python/pulumi_aws_native/qbusiness/web_experience.py @@ -37,6 +37,9 @@ def __init__(__self__, *, The set of arguments for constructing a WebExperience resource. :param pulumi.Input[str] application_id: The identifier of the Amazon Q Business web experience. :param pulumi.Input[Union['WebExperienceIdentityProviderConfiguration0PropertiesArgs', 'WebExperienceIdentityProviderConfiguration1PropertiesArgs']] identity_provider_configuration: Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. + :param pulumi.Input[Sequence[pulumi.Input[str]]] origins: Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + + > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . :param pulumi.Input[str] role_arn: The Amazon Resource Name (ARN) of the service role attached to your web experience. > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -91,6 +94,11 @@ def identity_provider_configuration(self, value: Optional[pulumi.Input[Union['We @property @pulumi.getter def origins(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + + > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + """ return pulumi.get(self, "origins") @origins.setter @@ -194,6 +202,9 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] application_id: The identifier of the Amazon Q Business web experience. :param pulumi.Input[Union[Union['WebExperienceIdentityProviderConfiguration0PropertiesArgs', 'WebExperienceIdentityProviderConfiguration0PropertiesArgsDict'], Union['WebExperienceIdentityProviderConfiguration1PropertiesArgs', 'WebExperienceIdentityProviderConfiguration1PropertiesArgsDict']]] identity_provider_configuration: Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience. + :param pulumi.Input[Sequence[pulumi.Input[str]]] origins: Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + + > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . :param pulumi.Input[str] role_arn: The Amazon Resource Name (ARN) of the service role attached to your web experience. > You must provide this value if you're using IAM Identity Center to manage end user access to your application. If you're using legacy identity management to manage user access, you don't need to provide this value. @@ -338,6 +349,11 @@ def identity_provider_configuration(self) -> pulumi.Output[Optional[Any]]: @property @pulumi.getter def origins(self) -> pulumi.Output[Optional[Sequence[str]]]: + """ + Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified). + + > You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` . + """ return pulumi.get(self, "origins") @property diff --git a/sdk/python/pulumi_aws_native/redshift/__init__.py b/sdk/python/pulumi_aws_native/redshift/__init__.py index d045d5451e..de37acb447 100644 --- a/sdk/python/pulumi_aws_native/redshift/__init__.py +++ b/sdk/python/pulumi_aws_native/redshift/__init__.py @@ -18,7 +18,9 @@ from .get_endpoint_access import * from .get_endpoint_authorization import * from .get_event_subscription import * +from .get_integration import * from .get_scheduled_action import * +from .integration import * from .scheduled_action import * from ._inputs import * from . import outputs diff --git a/sdk/python/pulumi_aws_native/redshift/get_integration.py b/sdk/python/pulumi_aws_native/redshift/get_integration.py new file mode 100644 index 0000000000..7cca6520bc --- /dev/null +++ b/sdk/python/pulumi_aws_native/redshift/get_integration.py @@ -0,0 +1,120 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from .. import outputs as _root_outputs + +__all__ = [ + 'GetIntegrationResult', + 'AwaitableGetIntegrationResult', + 'get_integration', + 'get_integration_output', +] + +@pulumi.output_type +class GetIntegrationResult: + def __init__(__self__, create_time=None, integration_arn=None, integration_name=None, tags=None): + if create_time and not isinstance(create_time, str): + raise TypeError("Expected argument 'create_time' to be a str") + pulumi.set(__self__, "create_time", create_time) + if integration_arn and not isinstance(integration_arn, str): + raise TypeError("Expected argument 'integration_arn' to be a str") + pulumi.set(__self__, "integration_arn", integration_arn) + if integration_name and not isinstance(integration_name, str): + raise TypeError("Expected argument 'integration_name' to be a str") + pulumi.set(__self__, "integration_name", integration_name) + if tags and not isinstance(tags, list): + raise TypeError("Expected argument 'tags' to be a list") + pulumi.set(__self__, "tags", tags) + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> Optional[str]: + """ + The time (UTC) when the integration was created. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter(name="integrationArn") + def integration_arn(self) -> Optional[str]: + """ + The Amazon Resource Name (ARN) of the integration. + """ + return pulumi.get(self, "integration_arn") + + @property + @pulumi.getter(name="integrationName") + def integration_name(self) -> Optional[str]: + """ + The name of the integration. + """ + return pulumi.get(self, "integration_name") + + @property + @pulumi.getter + def tags(self) -> Optional[Sequence['_root_outputs.Tag']]: + """ + An array of key-value pairs to apply to this resource. + """ + return pulumi.get(self, "tags") + + +class AwaitableGetIntegrationResult(GetIntegrationResult): + # pylint: disable=using-constant-test + def __await__(self): + if False: + yield self + return GetIntegrationResult( + create_time=self.create_time, + integration_arn=self.integration_arn, + integration_name=self.integration_name, + tags=self.tags) + + +def get_integration(integration_arn: Optional[str] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> AwaitableGetIntegrationResult: + """ + Integration from a source AWS service to a Redshift cluster + + + :param str integration_arn: The Amazon Resource Name (ARN) of the integration. + """ + __args__ = dict() + __args__['integrationArn'] = integration_arn + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke('aws-native:redshift:getIntegration', __args__, opts=opts, typ=GetIntegrationResult).value + + return AwaitableGetIntegrationResult( + create_time=pulumi.get(__ret__, 'create_time'), + integration_arn=pulumi.get(__ret__, 'integration_arn'), + integration_name=pulumi.get(__ret__, 'integration_name'), + tags=pulumi.get(__ret__, 'tags')) +def get_integration_output(integration_arn: Optional[pulumi.Input[str]] = None, + opts: Optional[pulumi.InvokeOptions] = None) -> pulumi.Output[GetIntegrationResult]: + """ + Integration from a source AWS service to a Redshift cluster + + + :param str integration_arn: The Amazon Resource Name (ARN) of the integration. + """ + __args__ = dict() + __args__['integrationArn'] = integration_arn + opts = pulumi.InvokeOptions.merge(_utilities.get_invoke_opts_defaults(), opts) + __ret__ = pulumi.runtime.invoke_output('aws-native:redshift:getIntegration', __args__, opts=opts, typ=GetIntegrationResult) + return __ret__.apply(lambda __response__: GetIntegrationResult( + create_time=pulumi.get(__response__, 'create_time'), + integration_arn=pulumi.get(__response__, 'integration_arn'), + integration_name=pulumi.get(__response__, 'integration_name'), + tags=pulumi.get(__response__, 'tags'))) diff --git a/sdk/python/pulumi_aws_native/redshift/integration.py b/sdk/python/pulumi_aws_native/redshift/integration.py new file mode 100644 index 0000000000..3915dfd88e --- /dev/null +++ b/sdk/python/pulumi_aws_native/redshift/integration.py @@ -0,0 +1,287 @@ +# coding=utf-8 +# *** WARNING: this file was generated by pulumi-language-python. *** +# *** Do not edit by hand unless you're certain you know what you are doing! *** + +import copy +import warnings +import sys +import pulumi +import pulumi.runtime +from typing import Any, Mapping, Optional, Sequence, Union, overload +if sys.version_info >= (3, 11): + from typing import NotRequired, TypedDict, TypeAlias +else: + from typing_extensions import NotRequired, TypedDict, TypeAlias +from .. import _utilities +from .. import _inputs as _root_inputs +from .. import outputs as _root_outputs + +__all__ = ['IntegrationArgs', 'Integration'] + +@pulumi.input_type +class IntegrationArgs: + def __init__(__self__, *, + source_arn: pulumi.Input[str], + target_arn: pulumi.Input[str], + additional_encryption_context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + integration_name: Optional[pulumi.Input[str]] = None, + kms_key_id: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]] = None): + """ + The set of arguments for constructing a Integration resource. + :param pulumi.Input[str] source_arn: The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + :param pulumi.Input[str] target_arn: The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + :param pulumi.Input[str] integration_name: The name of the integration. + :param pulumi.Input[str] kms_key_id: An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + :param pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]] tags: An array of key-value pairs to apply to this resource. + """ + pulumi.set(__self__, "source_arn", source_arn) + pulumi.set(__self__, "target_arn", target_arn) + if additional_encryption_context is not None: + pulumi.set(__self__, "additional_encryption_context", additional_encryption_context) + if integration_name is not None: + pulumi.set(__self__, "integration_name", integration_name) + if kms_key_id is not None: + pulumi.set(__self__, "kms_key_id", kms_key_id) + if tags is not None: + pulumi.set(__self__, "tags", tags) + + @property + @pulumi.getter(name="sourceArn") + def source_arn(self) -> pulumi.Input[str]: + """ + The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + """ + return pulumi.get(self, "source_arn") + + @source_arn.setter + def source_arn(self, value: pulumi.Input[str]): + pulumi.set(self, "source_arn", value) + + @property + @pulumi.getter(name="targetArn") + def target_arn(self) -> pulumi.Input[str]: + """ + The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + """ + return pulumi.get(self, "target_arn") + + @target_arn.setter + def target_arn(self, value: pulumi.Input[str]): + pulumi.set(self, "target_arn", value) + + @property + @pulumi.getter(name="additionalEncryptionContext") + def additional_encryption_context(self) -> Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]: + return pulumi.get(self, "additional_encryption_context") + + @additional_encryption_context.setter + def additional_encryption_context(self, value: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]]): + pulumi.set(self, "additional_encryption_context", value) + + @property + @pulumi.getter(name="integrationName") + def integration_name(self) -> Optional[pulumi.Input[str]]: + """ + The name of the integration. + """ + return pulumi.get(self, "integration_name") + + @integration_name.setter + def integration_name(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "integration_name", value) + + @property + @pulumi.getter(name="kmsKeyId") + def kms_key_id(self) -> Optional[pulumi.Input[str]]: + """ + An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + """ + return pulumi.get(self, "kms_key_id") + + @kms_key_id.setter + def kms_key_id(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "kms_key_id", value) + + @property + @pulumi.getter + def tags(self) -> Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]]: + """ + An array of key-value pairs to apply to this resource. + """ + return pulumi.get(self, "tags") + + @tags.setter + def tags(self, value: Optional[pulumi.Input[Sequence[pulumi.Input['_root_inputs.TagArgs']]]]): + pulumi.set(self, "tags", value) + + +class Integration(pulumi.CustomResource): + @overload + def __init__(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + additional_encryption_context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + integration_name: Optional[pulumi.Input[str]] = None, + kms_key_id: Optional[pulumi.Input[str]] = None, + source_arn: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]]] = None, + target_arn: Optional[pulumi.Input[str]] = None, + __props__=None): + """ + Integration from a source AWS service to a Redshift cluster + + :param str resource_name: The name of the resource. + :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] integration_name: The name of the integration. + :param pulumi.Input[str] kms_key_id: An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + :param pulumi.Input[str] source_arn: The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + :param pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]] tags: An array of key-value pairs to apply to this resource. + :param pulumi.Input[str] target_arn: The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + """ + ... + @overload + def __init__(__self__, + resource_name: str, + args: IntegrationArgs, + opts: Optional[pulumi.ResourceOptions] = None): + """ + Integration from a source AWS service to a Redshift cluster + + :param str resource_name: The name of the resource. + :param IntegrationArgs args: The arguments to use to populate this resource's properties. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + ... + def __init__(__self__, resource_name: str, *args, **kwargs): + resource_args, opts = _utilities.get_resource_args_opts(IntegrationArgs, pulumi.ResourceOptions, *args, **kwargs) + if resource_args is not None: + __self__._internal_init(resource_name, opts, **resource_args.__dict__) + else: + __self__._internal_init(resource_name, *args, **kwargs) + + def _internal_init(__self__, + resource_name: str, + opts: Optional[pulumi.ResourceOptions] = None, + additional_encryption_context: Optional[pulumi.Input[Mapping[str, pulumi.Input[str]]]] = None, + integration_name: Optional[pulumi.Input[str]] = None, + kms_key_id: Optional[pulumi.Input[str]] = None, + source_arn: Optional[pulumi.Input[str]] = None, + tags: Optional[pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.TagArgs', '_root_inputs.TagArgsDict']]]]] = None, + target_arn: Optional[pulumi.Input[str]] = None, + __props__=None): + opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts) + if not isinstance(opts, pulumi.ResourceOptions): + raise TypeError('Expected resource options to be a ResourceOptions instance') + if opts.id is None: + if __props__ is not None: + raise TypeError('__props__ is only valid when passed in combination with a valid opts.id to get an existing resource') + __props__ = IntegrationArgs.__new__(IntegrationArgs) + + __props__.__dict__["additional_encryption_context"] = additional_encryption_context + __props__.__dict__["integration_name"] = integration_name + __props__.__dict__["kms_key_id"] = kms_key_id + if source_arn is None and not opts.urn: + raise TypeError("Missing required property 'source_arn'") + __props__.__dict__["source_arn"] = source_arn + __props__.__dict__["tags"] = tags + if target_arn is None and not opts.urn: + raise TypeError("Missing required property 'target_arn'") + __props__.__dict__["target_arn"] = target_arn + __props__.__dict__["create_time"] = None + __props__.__dict__["integration_arn"] = None + replace_on_changes = pulumi.ResourceOptions(replace_on_changes=["additionalEncryptionContext.*", "kmsKeyId", "sourceArn", "targetArn"]) + opts = pulumi.ResourceOptions.merge(opts, replace_on_changes) + super(Integration, __self__).__init__( + 'aws-native:redshift:Integration', + resource_name, + __props__, + opts) + + @staticmethod + def get(resource_name: str, + id: pulumi.Input[str], + opts: Optional[pulumi.ResourceOptions] = None) -> 'Integration': + """ + Get an existing Integration resource's state with the given name, id, and optional extra + properties used to qualify the lookup. + + :param str resource_name: The unique name of the resulting resource. + :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. + :param pulumi.ResourceOptions opts: Options for the resource. + """ + opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) + + __props__ = IntegrationArgs.__new__(IntegrationArgs) + + __props__.__dict__["additional_encryption_context"] = None + __props__.__dict__["create_time"] = None + __props__.__dict__["integration_arn"] = None + __props__.__dict__["integration_name"] = None + __props__.__dict__["kms_key_id"] = None + __props__.__dict__["source_arn"] = None + __props__.__dict__["tags"] = None + __props__.__dict__["target_arn"] = None + return Integration(resource_name, opts=opts, __props__=__props__) + + @property + @pulumi.getter(name="additionalEncryptionContext") + def additional_encryption_context(self) -> pulumi.Output[Optional[Mapping[str, str]]]: + return pulumi.get(self, "additional_encryption_context") + + @property + @pulumi.getter(name="createTime") + def create_time(self) -> pulumi.Output[str]: + """ + The time (UTC) when the integration was created. + """ + return pulumi.get(self, "create_time") + + @property + @pulumi.getter(name="integrationArn") + def integration_arn(self) -> pulumi.Output[str]: + """ + The Amazon Resource Name (ARN) of the integration. + """ + return pulumi.get(self, "integration_arn") + + @property + @pulumi.getter(name="integrationName") + def integration_name(self) -> pulumi.Output[Optional[str]]: + """ + The name of the integration. + """ + return pulumi.get(self, "integration_name") + + @property + @pulumi.getter(name="kmsKeyId") + def kms_key_id(self) -> pulumi.Output[Optional[str]]: + """ + An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used. + """ + return pulumi.get(self, "kms_key_id") + + @property + @pulumi.getter(name="sourceArn") + def source_arn(self) -> pulumi.Output[str]: + """ + The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable + """ + return pulumi.get(self, "source_arn") + + @property + @pulumi.getter + def tags(self) -> pulumi.Output[Optional[Sequence['_root_outputs.Tag']]]: + """ + An array of key-value pairs to apply to this resource. + """ + return pulumi.get(self, "tags") + + @property + @pulumi.getter(name="targetArn") + def target_arn(self) -> pulumi.Output[str]: + """ + The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf + """ + return pulumi.get(self, "target_arn") + diff --git a/sdk/python/pulumi_aws_native/s3/_enums.py b/sdk/python/pulumi_aws_native/s3/_enums.py index 110efcbd65..af9e484235 100644 --- a/sdk/python/pulumi_aws_native/s3/_enums.py +++ b/sdk/python/pulumi_aws_native/s3/_enums.py @@ -276,6 +276,7 @@ class BucketRuleStatus(str, Enum): class BucketServerSideEncryptionByDefaultSseAlgorithm(str, Enum): """ Server-side encryption algorithm to use for the default encryption. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. """ AWSKMS = "aws:kms" AES256 = "AES256" diff --git a/sdk/python/pulumi_aws_native/s3/_inputs.py b/sdk/python/pulumi_aws_native/s3/_inputs.py index 02333db3b0..718ae2698c 100644 --- a/sdk/python/pulumi_aws_native/s3/_inputs.py +++ b/sdk/python/pulumi_aws_native/s3/_inputs.py @@ -3835,24 +3835,32 @@ def rules(self, value: pulumi.Input[Sequence[pulumi.Input['BucketFilterRuleArgs' if not MYPY: class BucketServerSideEncryptionByDefaultArgsDict(TypedDict): """ - Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. """ sse_algorithm: pulumi.Input['BucketServerSideEncryptionByDefaultSseAlgorithm'] """ Server-side encryption algorithm to use for the default encryption. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. """ kms_master_key_id: NotRequired[pulumi.Input[str]] """ - AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. """ elif False: BucketServerSideEncryptionByDefaultArgsDict: TypeAlias = Mapping[str, Any] @@ -3863,18 +3871,26 @@ def __init__(__self__, *, sse_algorithm: pulumi.Input['BucketServerSideEncryptionByDefaultSseAlgorithm'], kms_master_key_id: Optional[pulumi.Input[str]] = None): """ - Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. :param pulumi.Input['BucketServerSideEncryptionByDefaultSseAlgorithm'] sse_algorithm: Server-side encryption algorithm to use for the default encryption. - :param pulumi.Input[str] kms_master_key_id: AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. + :param pulumi.Input[str] kms_master_key_id: AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. """ pulumi.set(__self__, "sse_algorithm", sse_algorithm) if kms_master_key_id is not None: @@ -3885,6 +3901,7 @@ def __init__(__self__, *, def sse_algorithm(self) -> pulumi.Input['BucketServerSideEncryptionByDefaultSseAlgorithm']: """ Server-side encryption algorithm to use for the default encryption. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. """ return pulumi.get(self, "sse_algorithm") @@ -3896,15 +3913,20 @@ def sse_algorithm(self, value: pulumi.Input['BucketServerSideEncryptionByDefault @pulumi.getter(name="kmsMasterKeyId") def kms_master_key_id(self) -> Optional[pulumi.Input[str]]: """ - AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. """ return pulumi.get(self, "kms_master_key_id") @@ -3917,7 +3939,8 @@ def kms_master_key_id(self, value: Optional[pulumi.Input[str]]): class BucketServerSideEncryptionRuleArgsDict(TypedDict): """ Specifies the default server-side encryption configuration. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. """ bucket_key_enabled: NotRequired[pulumi.Input[bool]] """ @@ -3938,7 +3961,8 @@ def __init__(__self__, *, server_side_encryption_by_default: Optional[pulumi.Input['BucketServerSideEncryptionByDefaultArgs']] = None): """ Specifies the default server-side encryption configuration. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. :param pulumi.Input[bool] bucket_key_enabled: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. :param pulumi.Input['BucketServerSideEncryptionByDefaultArgs'] server_side_encryption_by_default: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. diff --git a/sdk/python/pulumi_aws_native/s3/outputs.py b/sdk/python/pulumi_aws_native/s3/outputs.py index a5a292a344..9e38275ede 100644 --- a/sdk/python/pulumi_aws_native/s3/outputs.py +++ b/sdk/python/pulumi_aws_native/s3/outputs.py @@ -3075,8 +3075,10 @@ def rules(self) -> Sequence['outputs.BucketFilterRule']: @pulumi.output_type class BucketServerSideEncryptionByDefault(dict): """ - Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. """ @staticmethod def __key_warning(key: str): @@ -3101,18 +3103,26 @@ def __init__(__self__, *, sse_algorithm: 'BucketServerSideEncryptionByDefaultSseAlgorithm', kms_master_key_id: Optional[str] = None): """ - Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. For more information, see [PUT Bucket encryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html) in the *Amazon S3 API Reference*. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + Describes the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. For more information, see [PutBucketEncryption](https://docs.aws.amazon.com/AmazonS3/latest/API/RESTBucketPUTencryption.html). + + *General purpose buckets* - If you don't specify a customer managed key at configuration, Amazon S3 automatically creates an AWS KMS key (``aws/s3``) in your AWS account the first time that you add an object encrypted with SSE-KMS to a bucket. By default, Amazon S3 uses this KMS key for SSE-KMS. + + *Directory buckets* - Your SSE-KMS configuration can only support 1 [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) per directory bucket for the lifetime of the bucket. The [managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) (``aws/s3``) isn't supported. + + *Directory buckets* - For directory buckets, there are only two supported options for server-side encryption: SSE-S3 and SSE-KMS. :param 'BucketServerSideEncryptionByDefaultSseAlgorithm' sse_algorithm: Server-side encryption algorithm to use for the default encryption. - :param str kms_master_key_id: AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. + :param str kms_master_key_id: AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. """ pulumi.set(__self__, "sse_algorithm", sse_algorithm) if kms_master_key_id is not None: @@ -3123,6 +3133,7 @@ def __init__(__self__, *, def sse_algorithm(self) -> 'BucketServerSideEncryptionByDefaultSseAlgorithm': """ Server-side encryption algorithm to use for the default encryption. + For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``. """ return pulumi.get(self, "sse_algorithm") @@ -3130,15 +3141,20 @@ def sse_algorithm(self) -> 'BucketServerSideEncryptionByDefaultSseAlgorithm': @pulumi.getter(name="kmsMasterKeyId") def kms_master_key_id(self) -> Optional[str]: """ - AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. - You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. + + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``. + + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``. + + You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key. + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` + Key Alias: ``alias/alias-name`` - If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. - If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). - Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. + If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy). + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. + + Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*. """ return pulumi.get(self, "kms_master_key_id") @@ -3147,7 +3163,8 @@ def kms_master_key_id(self) -> Optional[str]: class BucketServerSideEncryptionRule(dict): """ Specifies the default server-side encryption configuration. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. """ @staticmethod def __key_warning(key: str): @@ -3173,7 +3190,8 @@ def __init__(__self__, *, server_side_encryption_by_default: Optional['outputs.BucketServerSideEncryptionByDefault'] = None): """ Specifies the default server-side encryption configuration. - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. + + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported. :param bool bucket_key_enabled: Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Setting the ``BucketKeyEnabled`` element to ``true`` causes Amazon S3 to use an S3 Bucket Key. By default, S3 Bucket Key is not enabled. For more information, see [Amazon S3 Bucket Keys](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html) in the *Amazon S3 User Guide*. :param 'BucketServerSideEncryptionByDefault' server_side_encryption_by_default: Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied. diff --git a/sdk/python/pulumi_aws_native/wisdom/knowledge_base.py b/sdk/python/pulumi_aws_native/wisdom/knowledge_base.py index e1b97efbfb..c6b931012a 100644 --- a/sdk/python/pulumi_aws_native/wisdom/knowledge_base.py +++ b/sdk/python/pulumi_aws_native/wisdom/knowledge_base.py @@ -38,7 +38,7 @@ def __init__(__self__, *, :param pulumi.Input[str] name: The name of the knowledge base. :param pulumi.Input['KnowledgeBaseRenderingConfigurationArgs'] rendering_configuration: Information about how to render the content. :param pulumi.Input['KnowledgeBaseServerSideEncryptionConfigurationArgs'] server_side_encryption_configuration: This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* . - :param pulumi.Input['KnowledgeBaseSourceConfigurationArgs'] source_configuration: The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + :param pulumi.Input['KnowledgeBaseSourceConfigurationArgs'] source_configuration: The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. :param pulumi.Input[Sequence[pulumi.Input['_root_inputs.CreateOnlyTagArgs']]] tags: The tags used to organize, track, or control access for this resource. """ pulumi.set(__self__, "knowledge_base_type", knowledge_base_type) @@ -119,7 +119,7 @@ def server_side_encryption_configuration(self, value: Optional[pulumi.Input['Kno @pulumi.getter(name="sourceConfiguration") def source_configuration(self) -> Optional[pulumi.Input['KnowledgeBaseSourceConfigurationArgs']]: """ - The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. """ return pulumi.get(self, "source_configuration") @@ -163,7 +163,7 @@ def __init__(__self__, :param pulumi.Input[str] name: The name of the knowledge base. :param pulumi.Input[Union['KnowledgeBaseRenderingConfigurationArgs', 'KnowledgeBaseRenderingConfigurationArgsDict']] rendering_configuration: Information about how to render the content. :param pulumi.Input[Union['KnowledgeBaseServerSideEncryptionConfigurationArgs', 'KnowledgeBaseServerSideEncryptionConfigurationArgsDict']] server_side_encryption_configuration: This customer managed key must have a policy that allows `kms:CreateGrant` and `kms:DescribeKey` permissions to the IAM identity using the key to invoke Wisdom. For more information about setting up a customer managed key for Wisdom, see [Enable Amazon Connect Wisdom for your instance](https://docs.aws.amazon.com/connect/latest/adminguide/enable-wisdom.html) . For information about valid ID values, see [Key identifiers (KeyId)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id) in the *AWS Key Management Service Developer Guide* . - :param pulumi.Input[Union['KnowledgeBaseSourceConfigurationArgs', 'KnowledgeBaseSourceConfigurationArgsDict']] source_configuration: The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + :param pulumi.Input[Union['KnowledgeBaseSourceConfigurationArgs', 'KnowledgeBaseSourceConfigurationArgsDict']] source_configuration: The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. :param pulumi.Input[Sequence[pulumi.Input[Union['_root_inputs.CreateOnlyTagArgs', '_root_inputs.CreateOnlyTagArgsDict']]]] tags: The tags used to organize, track, or control access for this resource. """ ... @@ -312,7 +312,7 @@ def server_side_encryption_configuration(self) -> pulumi.Output[Optional['output @pulumi.getter(name="sourceConfiguration") def source_configuration(self) -> pulumi.Output[Optional['outputs.KnowledgeBaseSourceConfiguration']]: """ - The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases. + The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases. """ return pulumi.get(self, "source_configuration")