diff --git a/.gitignore b/.gitignore index 819a3dec..17be668a 100644 --- a/.gitignore +++ b/.gitignore @@ -116,3 +116,5 @@ dist test-reports/ lib/ + +**/cdk.out diff --git a/examples/eventbridge-sns/Pulumi.yaml b/examples/eventbridge-sns/Pulumi.yaml new file mode 100644 index 00000000..4a0c7c7e --- /dev/null +++ b/examples/eventbridge-sns/Pulumi.yaml @@ -0,0 +1,3 @@ +name: pulumi-aws-eventbridge-sns +runtime: nodejs +description: Eventbridge SNS example for CDK diff --git a/examples/eventbridge-sns/index.handler.ts b/examples/eventbridge-sns/index.handler.ts new file mode 100644 index 00000000..8e954d41 --- /dev/null +++ b/examples/eventbridge-sns/index.handler.ts @@ -0,0 +1,56 @@ +import { EventBridgeClient, PutEventsCommand } from '@aws-sdk/client-eventbridge'; +let client: EventBridgeClient; + +export const handler = async function (event, context) { + if (!client) { + client = new EventBridgeClient(); + } + + const eventBusName = process.env.BUS_NAME; + await client.send( + new PutEventsCommand({ + Entries: [ + { + // Event envelope fields + Source: 'custom.myATMapp', + EventBusName: eventBusName, + DetailType: 'transaction', + Time: new Date(), + // Main event body + Detail: JSON.stringify({ + action: 'withdrawal', + location: 'MA-BOS-01', + amount: 300, + result: 'approved', + transactionId: '123456', + cardPresent: true, + partnerBank: 'Example Bank', + remainingFunds: 722.34, + }), + }, + { + // Event envelope fields + Source: 'custom.myATMapp', + EventBusName: eventBusName, + DetailType: 'transaction', + Time: new Date(), + + // Main event body + Detail: JSON.stringify({ + action: 'withdrawal', + location: 'NY-NYC-002', + amount: 60, + result: 'denied', + transactionId: '123458', + cardPresent: true, + remainingFunds: 5.77, + }), + }, + ], + }), + ); + + return { + statusCode: 200, + }; +}; diff --git a/examples/eventbridge-sns/index.ts b/examples/eventbridge-sns/index.ts new file mode 100644 index 00000000..511056b9 --- /dev/null +++ b/examples/eventbridge-sns/index.ts @@ -0,0 +1,79 @@ +import * as pulumicdk from '@pulumi/cdk'; +import { + aws_events, + aws_events_targets, + aws_lambda, + aws_lambda_nodejs, + aws_sns, + aws_sns_subscriptions, + aws_sqs, +} from 'aws-cdk-lib'; + +class EventBridgeSnsStack extends pulumicdk.Stack { + constructor(id: string) { + super(id); + + const eventBus = new aws_events.EventBus(this, 'Bus'); + const handler = new aws_lambda_nodejs.NodejsFunction(this, 'handler', { + runtime: aws_lambda.Runtime.NODEJS_LATEST, + environment: { + BUS_NAME: eventBus.eventBusName, + }, + }); + eventBus.grantPutEventsTo(handler); + + // create an archive so we can replay events later + eventBus.archive('archive', { + eventPattern: { + source: ['custom.myATMapp'], + }, + }); + + const approvedRule = new aws_events.Rule(this, 'approved-rule', { + eventBus, + description: 'Approved transactions', + eventPattern: { + source: ['custom.myATMapp'], + detailType: ['transaction'], + detail: { + result: ['approved'], + }, + }, + }); + + const approvedTopic = new aws_sns.Topic(this, 'approved-topic'); + + approvedRule.addTarget(new aws_events_targets.SnsTopic(approvedTopic)); + + const approvedQueue = new aws_sqs.Queue(this, 'approved-queue'); + approvedTopic.addSubscription( + new aws_sns_subscriptions.SqsSubscription(approvedQueue, { + rawMessageDelivery: true, + }), + ); + + const deniedRule = new aws_events.Rule(this, 'denied-rule', { + eventBus, + description: 'Denied transactions', + eventPattern: { + source: ['custom.myATMapp'], + detailType: ['transaction'], + detail: { + result: ['denied'], + }, + }, + }); + const deniedTopic = new aws_sns.Topic(this, 'denied-topic'); + deniedRule.addTarget(new aws_events_targets.SnsTopic(deniedTopic)); + + const deniedQueue = new aws_sqs.Queue(this, 'denied-queue'); + deniedTopic.addSubscription( + new aws_sns_subscriptions.SqsSubscription(deniedQueue, { + rawMessageDelivery: true, + }), + ); + this.synth(); + } +} + +new EventBridgeSnsStack('eventbridge-sns-stack'); diff --git a/examples/eventbridge-sns/package.json b/examples/eventbridge-sns/package.json new file mode 100644 index 00000000..cd8d15fb --- /dev/null +++ b/examples/eventbridge-sns/package.json @@ -0,0 +1,15 @@ +{ + "name": "pulumi-aws-cdk", + "devDependencies": { + "@types/node": "^20.0.0" + }, + "dependencies": { + "@aws-sdk/client-eventbridge": "^3.678.0", + "@pulumi/aws-native": "^1.0.0", + "@pulumi/cdk": "^0.5.0", + "@pulumi/pulumi": "^3.0.0", + "aws-cdk-lib": "2.149.0", + "constructs": "10.3.0", + "esbuild": "^0.24.0" + } +} diff --git a/examples/eventbridge-sns/tsconfig.json b/examples/eventbridge-sns/tsconfig.json new file mode 100644 index 00000000..2666e28e --- /dev/null +++ b/examples/eventbridge-sns/tsconfig.json @@ -0,0 +1,18 @@ +{ + "compilerOptions": { + "strict": true, + "outDir": "bin", + "target": "es2016", + "module": "commonjs", + "moduleResolution": "node", + "sourceMap": true, + "experimentalDecorators": true, + "pretty": true, + "noFallthroughCasesInSwitch": true, + "noImplicitReturns": true, + "forceConsistentCasingInFileNames": true + }, + "files": [ + "index.ts" + ] +} \ No newline at end of file diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index f0385f69..7d04de58 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -111,6 +111,15 @@ func TestCloudFront(t *testing.T) { integration.ProgramTest(t, &test) } +func TestEventBridgeSNS(t *testing.T) { + test := getJSBaseOptions(t). + With(integration.ProgramTestOptions{ + Dir: filepath.Join(getCwd(t), "eventbridge-sns"), + }) + + integration.ProgramTest(t, &test) +} + func TestAPIWebsocketLambdaDynamoDB(t *testing.T) { test := getJSBaseOptions(t). With(integration.ProgramTestOptions{ diff --git a/schemas/aws-native-metadata.json b/schemas/aws-native-metadata.json index 6b998bf0..6d8f7112 100644 --- a/schemas/aws-native-metadata.json +++ b/schemas/aws-native-metadata.json @@ -426,6 +426,112 @@ "sourceAccount" ] }, + "aws-native:amazonmq:Configuration": { + "cf": "AWS::AmazonMQ::Configuration", + "inputs": { + "authenticationStrategy": { + "type": "string", + "description": "The authentication strategy associated with the configuration. The default is SIMPLE." + }, + "data": { + "type": "string", + "description": "The base64-encoded XML configuration." + }, + "description": { + "type": "string", + "description": "The description of the configuration." + }, + "engineType": { + "type": "string", + "description": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations." + }, + "engineVersion": { + "type": "string", + "description": "The version of the broker engine." + }, + "name": { + "type": "string", + "description": "The name of the configuration." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Create tags when creating the configuration." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon MQ configuration." + }, + "authenticationStrategy": { + "type": "string", + "description": "The authentication strategy associated with the configuration. The default is SIMPLE.", + "replaceOnChanges": true + }, + "awsId": { + "type": "string", + "description": "The ID of the Amazon MQ configuration." + }, + "data": { + "type": "string", + "description": "The base64-encoded XML configuration." + }, + "description": { + "type": "string", + "description": "The description of the configuration." + }, + "engineType": { + "type": "string", + "description": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.", + "replaceOnChanges": true + }, + "engineVersion": { + "type": "string", + "description": "The version of the broker engine.", + "replaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The name of the configuration.", + "replaceOnChanges": true + }, + "revision": { + "type": "string", + "description": "The revision number of the configuration." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Create tags when creating the configuration." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "data", + "engineType" + ], + "createOnly": [ + "authenticationStrategy", + "engineType", + "engineVersion", + "name" + ], + "writeOnly": [ + "data" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:amplify:App": { "cf": "AWS::Amplify::App", "inputs": { @@ -445,6 +551,10 @@ "type": "string", "description": "The build specification (build spec) for an Amplify app." }, + "cacheConfig": { + "$ref": "#/types/aws-native:amplify:AppCacheConfig", + "description": "The cache configuration for the Amplify app. If you don't specify the cache configuration `type` , Amplify uses the default `AMPLIFY_MANAGED` setting." + }, "customHeaders": { "type": "string", "description": "The custom HTTP headers for an Amplify app." @@ -485,7 +595,7 @@ }, "platform": { "$ref": "#/types/aws-native:amplify:AppPlatform", - "description": "The platform for the Amplify app. For a static app, set the platform type to `WEB` . For a dynamic server-side rendered (SSR) app, set the platform type to `WEB_COMPUTE` . For an app requiring Amplify Hosting's original SSR support only, set the platform type to `WEB_DYNAMIC` ." + "description": "The platform for the Amplify app. For a static app, set the platform type to `WEB` . For a dynamic server-side rendered (SSR) app, set the platform type to `WEB_COMPUTE` . For an app requiring Amplify Hosting's original SSR support only, set the platform type to `WEB_DYNAMIC` .\n\nIf you are deploying an SSG only app with Next.js version 14 or later, you must set the platform type to `WEB_COMPUTE` and set the artifacts `baseDirectory` to `.next` in the application's build settings. For an example of the build specification settings, see [Amplify build settings for a Next.js 14 SSG application](https://docs.aws.amazon.com/amplify/latest/userguide/deploy-nextjs-app.html#build-setting-detection-ssg-14) in the *Amplify Hosting User Guide* ." }, "repository": { "type": "string", @@ -528,6 +638,10 @@ "type": "string", "description": "The build specification (build spec) for an Amplify app." }, + "cacheConfig": { + "$ref": "#/types/aws-native:amplify:AppCacheConfig", + "description": "The cache configuration for the Amplify app. If you don't specify the cache configuration `type` , Amplify uses the default `AMPLIFY_MANAGED` setting." + }, "customHeaders": { "type": "string", "description": "The custom HTTP headers for an Amplify app." @@ -572,7 +686,7 @@ }, "platform": { "$ref": "#/types/aws-native:amplify:AppPlatform", - "description": "The platform for the Amplify app. For a static app, set the platform type to `WEB` . For a dynamic server-side rendered (SSR) app, set the platform type to `WEB_COMPUTE` . For an app requiring Amplify Hosting's original SSR support only, set the platform type to `WEB_DYNAMIC` ." + "description": "The platform for the Amplify app. For a static app, set the platform type to `WEB` . For a dynamic server-side rendered (SSR) app, set the platform type to `WEB_COMPUTE` . For an app requiring Amplify Hosting's original SSR support only, set the platform type to `WEB_DYNAMIC` .\n\nIf you are deploying an SSG only app with Next.js version 14 or later, you must set the platform type to `WEB_COMPUTE` and set the artifacts `baseDirectory` to `.next` in the application's build settings. For an example of the build specification settings, see [Amplify build settings for a Next.js 14 SSG application](https://docs.aws.amazon.com/amplify/latest/userguide/deploy-nextjs-app.html#build-setting-detection-ssg-14) in the *Amplify Hosting User Guide* ." }, "repository": { "type": "string", @@ -1339,7 +1453,7 @@ "inputs": { "customerId": { "type": "string", - "description": "An MKT customer identifier, when integrating with the AWS SaaS Marketplace." + "description": "An AWS Marketplace customer identifier, when integrating with the AWS SaaS Marketplace." }, "description": { "type": "string", @@ -1351,7 +1465,7 @@ }, "generateDistinctId": { "type": "boolean", - "description": "Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used." + "description": "Specifies whether ( `true` ) or not ( `false` ) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used." }, "name": { "type": "string", @@ -1369,7 +1483,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters." + "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with `aws:` . The tag value can be up to 256 characters." }, "value": { "type": "string", @@ -1383,7 +1497,7 @@ }, "customerId": { "type": "string", - "description": "An MKT customer identifier, when integrating with the AWS SaaS Marketplace." + "description": "An AWS Marketplace customer identifier, when integrating with the AWS SaaS Marketplace." }, "description": { "type": "string", @@ -1395,7 +1509,7 @@ }, "generateDistinctId": { "type": "boolean", - "description": "Specifies whether (``true``) or not (``false``) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used.", + "description": "Specifies whether ( `true` ) or not ( `false` ) the key identifier is distinct from the created API key value. This parameter is deprecated and should not be used.", "replaceOnChanges": true }, "name": { @@ -1415,7 +1529,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters." + "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with `aws:` . The tag value can be up to 256 characters." }, "value": { "type": "string", @@ -1457,15 +1571,15 @@ }, "authorizerUri": { "type": "string", - "description": "Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``." + "description": "Specifies the authorizer's Uniform Resource Identifier (URI). For `TOKEN` or `REQUEST` authorizers, this must be a well-formed Lambda function URI, for example, `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations` . In general, the URI has this form `arn:aws:apigateway:{region}:lambda:path/{service_api}` , where `{region}` is the same as the region hosting the Lambda function, `path` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial `/` . For Lambda functions, this is usually of the form `/2015-03-31/functions/[FunctionARN]/invocations` ." }, "identitySource": { "type": "string", - "description": "The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional." + "description": "The identity source for which authorization is requested. For a `TOKEN` or `COGNITO_USER_POOLS` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is `Auth` , the header mapping expression is `method.request.header.Auth` . For the `REQUEST` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an `Auth` header, a `Name` query string parameter are defined as identity sources, this value is `method.request.header.Auth, method.request.querystring.Name` . These parameters will be used to derive the authorization caching key and to perform runtime validation of the `REQUEST` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional." }, "identityValidationExpression": { "type": "string", - "description": "A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the ``REQUEST`` authorizer." + "description": "A validation expression for the incoming identity token. For `TOKEN` authorizers, this value is a regular expression. For `COGNITO_USER_POOLS` authorizers, API Gateway will match the `aud` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the `REQUEST` authorizer." }, "name": { "type": "string", @@ -1476,7 +1590,7 @@ "items": { "type": "string" }, - "description": "A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined." + "description": "A list of the Amazon Cognito user pool ARNs for the `COGNITO_USER_POOLS` authorizer. Each element is of this format: `arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}` . For a `TOKEN` or `REQUEST` authorizer, this is not defined." }, "restApiId": { "type": "string", @@ -1484,7 +1598,7 @@ }, "type": { "type": "string", - "description": "The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool." + "description": "The authorizer type. Valid values are `TOKEN` for a Lambda function using a single authorization token submitted in a custom header, `REQUEST` for a Lambda function using incoming request parameters, and `COGNITO_USER_POOLS` for using an Amazon Cognito user pool." } }, "outputs": { @@ -1506,15 +1620,15 @@ }, "authorizerUri": { "type": "string", - "description": "Specifies the authorizer's Uniform Resource Identifier (URI). For ``TOKEN`` or ``REQUEST`` authorizers, this must be a well-formed Lambda function URI, for example, ``arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations``. In general, the URI has this form ``arn:aws:apigateway:{region}:lambda:path/{service_api}``, where ``{region}`` is the same as the region hosting the Lambda function, ``path`` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial ``/``. For Lambda functions, this is usually of the form ``/2015-03-31/functions/[FunctionARN]/invocations``." + "description": "Specifies the authorizer's Uniform Resource Identifier (URI). For `TOKEN` or `REQUEST` authorizers, this must be a well-formed Lambda function URI, for example, `arn:aws:apigateway:us-west-2:lambda:path/2015-03-31/functions/arn:aws:lambda:us-west-2:{account_id}:function:{lambda_function_name}/invocations` . In general, the URI has this form `arn:aws:apigateway:{region}:lambda:path/{service_api}` , where `{region}` is the same as the region hosting the Lambda function, `path` indicates that the remaining substring in the URI should be treated as the path to the resource, including the initial `/` . For Lambda functions, this is usually of the form `/2015-03-31/functions/[FunctionARN]/invocations` ." }, "identitySource": { "type": "string", - "description": "The identity source for which authorization is requested. For a ``TOKEN`` or ``COGNITO_USER_POOLS`` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is ``Auth``, the header mapping expression is ``method.request.header.Auth``. For the ``REQUEST`` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an ``Auth`` header, a ``Name`` query string parameter are defined as identity sources, this value is ``method.request.header.Auth, method.request.querystring.Name``. These parameters will be used to derive the authorization caching key and to perform runtime validation of the ``REQUEST`` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional." + "description": "The identity source for which authorization is requested. For a `TOKEN` or `COGNITO_USER_POOLS` authorizer, this is required and specifies the request header mapping expression for the custom header holding the authorization token submitted by the client. For example, if the token header name is `Auth` , the header mapping expression is `method.request.header.Auth` . For the `REQUEST` authorizer, this is required when authorization caching is enabled. The value is a comma-separated string of one or more mapping expressions of the specified request parameters. For example, if an `Auth` header, a `Name` query string parameter are defined as identity sources, this value is `method.request.header.Auth, method.request.querystring.Name` . These parameters will be used to derive the authorization caching key and to perform runtime validation of the `REQUEST` authorizer by verifying all of the identity-related request parameters are present, not null and non-empty. Only when this is true does the authorizer invoke the authorizer Lambda function, otherwise, it returns a 401 Unauthorized response without calling the Lambda function. The valid value is a string of comma-separated mapping expressions of the specified request parameters. When the authorization caching is not enabled, this property is optional." }, "identityValidationExpression": { "type": "string", - "description": "A validation expression for the incoming identity token. For ``TOKEN`` authorizers, this value is a regular expression. For ``COGNITO_USER_POOLS`` authorizers, API Gateway will match the ``aud`` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the ``REQUEST`` authorizer." + "description": "A validation expression for the incoming identity token. For `TOKEN` authorizers, this value is a regular expression. For `COGNITO_USER_POOLS` authorizers, API Gateway will match the `aud` field of the incoming token from the client against the specified regular expression. It will invoke the authorizer's Lambda function when there is a match. Otherwise, it will return a 401 Unauthorized response without calling the Lambda function. The validation expression does not apply to the `REQUEST` authorizer." }, "name": { "type": "string", @@ -1525,7 +1639,7 @@ "items": { "type": "string" }, - "description": "A list of the Amazon Cognito user pool ARNs for the ``COGNITO_USER_POOLS`` authorizer. Each element is of this format: ``arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}``. For a ``TOKEN`` or ``REQUEST`` authorizer, this is not defined." + "description": "A list of the Amazon Cognito user pool ARNs for the `COGNITO_USER_POOLS` authorizer. Each element is of this format: `arn:aws:cognito-idp:{region}:{account_id}:userpool/{user_pool_id}` . For a `TOKEN` or `REQUEST` authorizer, this is not defined." }, "restApiId": { "type": "string", @@ -1534,7 +1648,7 @@ }, "type": { "type": "string", - "description": "The authorizer type. Valid values are ``TOKEN`` for a Lambda function using a single authorization token submitted in a custom header, ``REQUEST`` for a Lambda function using incoming request parameters, and ``COGNITO_USER_POOLS`` for using an Amazon Cognito user pool." + "description": "The authorizer type. Valid values are `TOKEN` for a Lambda function using a single authorization token submitted in a custom header, `REQUEST` for a Lambda function using incoming request parameters, and `COGNITO_USER_POOLS` for using an Amazon Cognito user pool." } }, "autoNamingSpec": { @@ -1993,7 +2107,7 @@ "items": { "type": "string" }, - "description": "A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes." + "description": "A list of authorization scopes configured on the method. The scopes are used with a `COGNITO_USER_POOLS` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes." }, "authorizationType": { "type": "string", @@ -2001,7 +2115,7 @@ }, "authorizerId": { "type": "string", - "description": "The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``." + "description": "The identifier of an authorizer to use on this method. The method's authorization type must be `CUSTOM` or `COGNITO_USER_POOLS` ." }, "httpMethod": { "type": "string", @@ -2009,7 +2123,7 @@ }, "integration": { "$ref": "#/types/aws-native:apigateway:MethodIntegration", - "description": "Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration." + "description": "Represents an `HTTP` , `HTTP_PROXY` , `AWS` , `AWS_PROXY` , or Mock integration." }, "methodResponses": { "type": "array", @@ -2020,7 +2134,7 @@ }, "operationName": { "type": "string", - "description": "A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example." + "description": "A human-friendly operation identifier for the method. For example, you can assign the `operationName` of `ListPets` for the `GET /pets` method in the `PetStore` example." }, "requestModels": { "type": "object", @@ -2041,7 +2155,7 @@ } ] }, - "description": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates." + "description": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of `method.request.{location}.{name}` , where `location` is `querystring` , `path` , or `header` and `name` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required ( `true` ) or optional ( `false` ). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates." }, "requestValidatorId": { "type": "string", @@ -2066,7 +2180,7 @@ "items": { "type": "string" }, - "description": "A list of authorization scopes configured on the method. The scopes are used with a ``COGNITO_USER_POOLS`` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes." + "description": "A list of authorization scopes configured on the method. The scopes are used with a `COGNITO_USER_POOLS` authorizer to authorize the method invocation. The authorization works by matching the method scopes against the scopes parsed from the access token in the incoming request. The method invocation is authorized if any method scopes matches a claimed scope in the access token. Otherwise, the invocation is not authorized. When the method scope is configured, the client must provide an access token instead of an identity token for authorization purposes." }, "authorizationType": { "type": "string", @@ -2074,7 +2188,7 @@ }, "authorizerId": { "type": "string", - "description": "The identifier of an authorizer to use on this method. The method's authorization type must be ``CUSTOM`` or ``COGNITO_USER_POOLS``." + "description": "The identifier of an authorizer to use on this method. The method's authorization type must be `CUSTOM` or `COGNITO_USER_POOLS` ." }, "httpMethod": { "type": "string", @@ -2083,7 +2197,7 @@ }, "integration": { "$ref": "#/types/aws-native:apigateway:MethodIntegration", - "description": "Represents an ``HTTP``, ``HTTP_PROXY``, ``AWS``, ``AWS_PROXY``, or Mock integration." + "description": "Represents an `HTTP` , `HTTP_PROXY` , `AWS` , `AWS_PROXY` , or Mock integration." }, "methodResponses": { "type": "array", @@ -2094,7 +2208,7 @@ }, "operationName": { "type": "string", - "description": "A human-friendly operation identifier for the method. For example, you can assign the ``operationName`` of ``ListPets`` for the ``GET /pets`` method in the ``PetStore`` example." + "description": "A human-friendly operation identifier for the method. For example, you can assign the `operationName` of `ListPets` for the `GET /pets` method in the `PetStore` example." }, "requestModels": { "type": "object", @@ -2115,7 +2229,7 @@ } ] }, - "description": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required (``true``) or optional (``false``). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates." + "description": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of `method.request.{location}.{name}` , where `location` is `querystring` , `path` , or `header` and `name` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required ( `true` ) or optional ( `false` ). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates." }, "requestValidatorId": { "type": "string", @@ -2164,7 +2278,7 @@ }, "schema": { "$ref": "pulumi.json#/Any", - "description": "The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include \"\\*/\" characters in the description of any properties because such \"\\*/\" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::ApiGateway::Model` for more information about the expected schema for this property." + "description": "The schema for the model. For `application/json` models, this should be JSON schema draft 4 model. Do not include \"\\*/\" characters in the description of any properties because such \"\\*/\" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::ApiGateway::Model` for more information about the expected schema for this property." } }, "outputs": { @@ -2189,7 +2303,7 @@ }, "schema": { "$ref": "pulumi.json#/Any", - "description": "The schema for the model. For ``application/json`` models, this should be JSON schema draft 4 model. Do not include \"\\*/\" characters in the description of any properties because such \"\\*/\" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::ApiGateway::Model` for more information about the expected schema for this property." + "description": "The schema for the model. For `application/json` models, this should be JSON schema draft 4 model. Do not include \"\\*/\" characters in the description of any properties because such \"\\*/\" characters may be interpreted as the closing marker for comments in some languages, such as Java or JavaScript, causing the installation of your API's SDK generated by API Gateway to fail.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::ApiGateway::Model` for more information about the expected schema for this property." } }, "autoNamingSpec": { @@ -2221,7 +2335,7 @@ }, "validateRequestParameters": { "type": "boolean", - "description": "A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``)." + "description": "A Boolean flag to indicate whether to validate request parameters ( `true` ) or not ( `false` )." } }, "outputs": { @@ -2245,7 +2359,7 @@ }, "validateRequestParameters": { "type": "boolean", - "description": "A Boolean flag to indicate whether to validate request parameters (``true``) or not (``false``)." + "description": "A Boolean flag to indicate whether to validate request parameters ( `true` ) or not ( `false` )." } }, "autoNamingSpec": { @@ -2312,7 +2426,7 @@ "inputs": { "apiKeySourceType": { "type": "string", - "description": "The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer." + "description": "The source of the API key for metering requests according to a usage plan. Valid values are: `HEADER` to read the API key from the `X-API-Key` header of a request. `AUTHORIZER` to read the API key from the `UsageIdentifierKey` from a custom authorizer." }, "binaryMediaTypes": { "type": "array", @@ -2339,7 +2453,7 @@ }, "disableExecuteApiEndpoint": { "type": "boolean", - "description": "Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint" + "description": "Specifies whether clients can invoke your API by using the default `execute-api` endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint" }, "endpointConfiguration": { "$ref": "#/types/aws-native:apigateway:RestApiEndpointConfiguration", @@ -2347,7 +2461,7 @@ }, "failOnWarnings": { "type": "boolean", - "description": "A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``." + "description": "A query parameter to indicate whether to rollback the API update ( `true` ) or not ( `false` ) when a warning is encountered. The default value is `false` ." }, "minimumCompressionSize": { "type": "integer", @@ -2366,7 +2480,7 @@ "additionalProperties": { "type": "string" }, - "description": "Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``." + "description": "Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set `ignore=documentation` as a `parameters` value, as in the AWS CLI command of `aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'` ." }, "policy": { "$ref": "pulumi.json#/Any", @@ -2377,13 +2491,13 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters." + "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with `aws:` . The tag value can be up to 256 characters." } }, "outputs": { "apiKeySourceType": { "type": "string", - "description": "The source of the API key for metering requests according to a usage plan. Valid values are: ``HEADER`` to read the API key from the ``X-API-Key`` header of a request. ``AUTHORIZER`` to read the API key from the ``UsageIdentifierKey`` from a custom authorizer." + "description": "The source of the API key for metering requests according to a usage plan. Valid values are: `HEADER` to read the API key from the `X-API-Key` header of a request. `AUTHORIZER` to read the API key from the `UsageIdentifierKey` from a custom authorizer." }, "binaryMediaTypes": { "type": "array", @@ -2410,7 +2524,7 @@ }, "disableExecuteApiEndpoint": { "type": "boolean", - "description": "Specifies whether clients can invoke your API by using the default ``execute-api`` endpoint. By default, clients can invoke your API with the default ``https://{api_id}.execute-api.{region}.amazonaws.com`` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint" + "description": "Specifies whether clients can invoke your API by using the default `execute-api` endpoint. By default, clients can invoke your API with the default `https://{api_id}.execute-api.{region}.amazonaws.com` endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint" }, "endpointConfiguration": { "$ref": "#/types/aws-native:apigateway:RestApiEndpointConfiguration", @@ -2418,7 +2532,7 @@ }, "failOnWarnings": { "type": "boolean", - "description": "A query parameter to indicate whether to rollback the API update (``true``) or not (``false``) when a warning is encountered. The default value is ``false``." + "description": "A query parameter to indicate whether to rollback the API update ( `true` ) or not ( `false` ) when a warning is encountered. The default value is `false` ." }, "minimumCompressionSize": { "type": "integer", @@ -2437,7 +2551,7 @@ "additionalProperties": { "type": "string" }, - "description": "Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ``ignore=documentation`` as a ``parameters`` value, as in the AWS CLI command of ``aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'``." + "description": "Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set `ignore=documentation` as a `parameters` value, as in the AWS CLI command of `aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'` ." }, "policy": { "$ref": "pulumi.json#/Any", @@ -2456,7 +2570,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with ``aws:``. The tag value can be up to 256 characters." + "description": "The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with `aws:` . The tag value can be up to 256 characters." } }, "autoNamingSpec": { @@ -2485,11 +2599,11 @@ }, "cacheClusterEnabled": { "type": "boolean", - "description": "Specifies whether a cache cluster is enabled for the stage." + "description": "Specifies whether a cache cluster is enabled for the stage. To activate a method-level cache, set `CachingEnabled` to `true` for a method." }, "cacheClusterSize": { "type": "string", - "description": "The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html)." + "description": "The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html) ." }, "canarySetting": { "$ref": "#/types/aws-native:apigateway:StageCanarySetting", @@ -2516,7 +2630,7 @@ "items": { "$ref": "#/types/aws-native:apigateway:StageMethodSetting" }, - "description": "A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\\*/\\*`` for overriding all methods in the stage." + "description": "A map that defines the method settings for a Stage resource. Keys (designated as `/{method_setting_key` below) are method paths defined as `{resource_path}/{http_method}` for an individual method override, or `/\\*/\\*` for overriding all methods in the stage." }, "restApiId": { "type": "string", @@ -2552,11 +2666,11 @@ }, "cacheClusterEnabled": { "type": "boolean", - "description": "Specifies whether a cache cluster is enabled for the stage." + "description": "Specifies whether a cache cluster is enabled for the stage. To activate a method-level cache, set `CachingEnabled` to `true` for a method." }, "cacheClusterSize": { "type": "string", - "description": "The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html)." + "description": "The stage's cache capacity in GB. For more information about choosing a cache size, see [Enabling API caching to enhance responsiveness](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html) ." }, "canarySetting": { "$ref": "#/types/aws-native:apigateway:StageCanarySetting", @@ -2583,7 +2697,7 @@ "items": { "$ref": "#/types/aws-native:apigateway:StageMethodSetting" }, - "description": "A map that defines the method settings for a Stage resource. Keys (designated as ``/{method_setting_key`` below) are method paths defined as ``{resource_path}/{http_method}`` for an individual method override, or ``/\\*/\\*`` for overriding all methods in the stage." + "description": "A map that defines the method settings for a Stage resource. Keys (designated as `/{method_setting_key` below) are method paths defined as `{resource_path}/{http_method}` for an individual method override, or `/\\*/\\*` for overriding all methods in the stage." }, "restApiId": { "type": "string", @@ -2780,7 +2894,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner." + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner." } }, "outputs": { @@ -2804,7 +2918,7 @@ "items": { "type": "string" }, - "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS-account of the API owner.", + "description": "The ARN of the network load balancer of the VPC targeted by the VPC link. The network load balancer must be owned by the same AWS account of the API owner.", "replaceOnChanges": true }, "vpcLinkId": { @@ -3226,7 +3340,7 @@ "inputs": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -3255,7 +3369,7 @@ "outputs": { "domainName": { "type": "string", - "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters are not supported.", + "description": "The custom domain name for your API in Amazon API Gateway. Uppercase letters and the underscore (``_``) character are not supported.", "language": { "csharp": { "name": "DomainNameValue" @@ -3853,7 +3967,7 @@ "additionalProperties": { "type": "string" }, - "description": "This resource type use map for Tags, suggest to use List of Tag" + "description": "The collection of tags. Each tag element is associated with a given resource." } }, "outputs": { @@ -3882,7 +3996,7 @@ "additionalProperties": { "type": "string" }, - "description": "This resource type use map for Tags, suggest to use List of Tag" + "description": "The collection of tags. Each tag element is associated with a given resource." }, "vpcLinkId": { "type": "string", @@ -4799,7 +4913,8 @@ }, "required": [ "applicationSourceConfig", - "description" + "description", + "namespace" ], "irreversibleNames": { "awsId": "Id" @@ -5358,9 +5473,13 @@ "type": "string", "description": "The name of this SLO." }, + "requestBasedSli": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSli", + "description": "A structure containing information about the performance metric that this SLO monitors, if this is a request-based SLO." + }, "sli": { "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveSli", - "description": "A structure containing information about the performance metric that this SLO monitors." + "description": "A structure containing information about the performance metric that this SLO monitors, if this is a period-based SLO." }, "tags": { "type": "array", @@ -5383,6 +5502,10 @@ "type": "string", "description": "An optional description for this SLO. Default is 'No description'" }, + "evaluationType": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveEvaluationType", + "description": "Displays whether this is a period-based SLO or a request-based SLO." + }, "goal": { "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveGoal", "description": "This structure contains the attributes that determine the goal of an SLO. This includes the time period for evaluation and the attainment threshold." @@ -5396,9 +5519,13 @@ "description": "The name of this SLO.", "replaceOnChanges": true }, + "requestBasedSli": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSli", + "description": "A structure containing information about the performance metric that this SLO monitors, if this is a request-based SLO." + }, "sli": { "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveSli", - "description": "A structure containing information about the performance metric that this SLO monitors." + "description": "A structure containing information about the performance metric that this SLO monitors, if this is a period-based SLO." }, "tags": { "type": "array", @@ -5411,9 +5538,6 @@ "autoNamingSpec": { "sdkName": "name" }, - "required": [ - "sli" - ], "createOnly": [ "name" ], @@ -6652,6 +6776,137 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:appsync:DataSource": { + "cf": "AWS::AppSync::DataSource", + "inputs": { + "apiId": { + "type": "string", + "description": "Unique AWS AppSync GraphQL API identifier where this data source will be created." + }, + "description": { + "type": "string", + "description": "The description of the data source." + }, + "dynamoDbConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceDynamoDbConfig", + "description": "AWS Region and TableName for an Amazon DynamoDB table in your account." + }, + "elasticsearchConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceElasticsearchConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account.\nAs of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service. This property is deprecated. For new data sources, use OpenSearchServiceConfig to specify an OpenSearch Service data source." + }, + "eventBridgeConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceEventBridgeConfig", + "description": "ARN for the EventBridge bus." + }, + "httpConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceHttpConfig", + "description": "Endpoints for an HTTP data source." + }, + "lambdaConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceLambdaConfig", + "description": "An ARN of a Lambda function in valid ARN format. This can be the ARN of a Lambda function that exists in the current account or in another account." + }, + "metricsConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceMetricsConfig", + "description": "Enables or disables enhanced data source metrics for specified data sources. Note that `MetricsConfig` won't be used unless the `dataSourceLevelMetricsBehavior` value is set to `PER_DATA_SOURCE_METRICS` . If the `dataSourceLevelMetricsBehavior` is set to `FULL_REQUEST_DATA_SOURCE_METRICS` instead, `MetricsConfig` will be ignored. However, you can still set its value.\n\n`MetricsConfig` can be `ENABLED` or `DISABLED` ." + }, + "name": { + "type": "string", + "description": "Friendly name for you to identify your AppSync data source after creation." + }, + "openSearchServiceConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceOpenSearchServiceConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account." + }, + "relationalDatabaseConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceRelationalDatabaseConfig", + "description": "Relational Database configuration of the relational database data source." + }, + "serviceRoleArn": { + "type": "string", + "description": "The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source." + }, + "type": { + "type": "string", + "description": "The type of the data source." + } + }, + "outputs": { + "apiId": { + "type": "string", + "description": "Unique AWS AppSync GraphQL API identifier where this data source will be created.", + "replaceOnChanges": true + }, + "dataSourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the API key, such as arn:aws:appsync:us-east-1:123456789012:apis/graphqlapiid/datasources/datasourcename." + }, + "description": { + "type": "string", + "description": "The description of the data source." + }, + "dynamoDbConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceDynamoDbConfig", + "description": "AWS Region and TableName for an Amazon DynamoDB table in your account." + }, + "elasticsearchConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceElasticsearchConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account.\nAs of September 2021, Amazon Elasticsearch Service is Amazon OpenSearch Service. This property is deprecated. For new data sources, use OpenSearchServiceConfig to specify an OpenSearch Service data source." + }, + "eventBridgeConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceEventBridgeConfig", + "description": "ARN for the EventBridge bus." + }, + "httpConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceHttpConfig", + "description": "Endpoints for an HTTP data source." + }, + "lambdaConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceLambdaConfig", + "description": "An ARN of a Lambda function in valid ARN format. This can be the ARN of a Lambda function that exists in the current account or in another account." + }, + "metricsConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceMetricsConfig", + "description": "Enables or disables enhanced data source metrics for specified data sources. Note that `MetricsConfig` won't be used unless the `dataSourceLevelMetricsBehavior` value is set to `PER_DATA_SOURCE_METRICS` . If the `dataSourceLevelMetricsBehavior` is set to `FULL_REQUEST_DATA_SOURCE_METRICS` instead, `MetricsConfig` will be ignored. However, you can still set its value.\n\n`MetricsConfig` can be `ENABLED` or `DISABLED` ." + }, + "name": { + "type": "string", + "description": "Friendly name for you to identify your AppSync data source after creation.", + "replaceOnChanges": true + }, + "openSearchServiceConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceOpenSearchServiceConfig", + "description": "AWS Region and Endpoints for an Amazon OpenSearch Service domain in your account." + }, + "relationalDatabaseConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceRelationalDatabaseConfig", + "description": "Relational Database configuration of the relational database data source." + }, + "serviceRoleArn": { + "type": "string", + "description": "The AWS Identity and Access Management service role ARN for the data source. The system assumes this role when accessing the data source." + }, + "type": { + "type": "string", + "description": "The type of the data source." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "apiId", + "type" + ], + "createOnly": [ + "apiId", + "name" + ], + "irreversibleNames": { + "dynamoDbConfig": "DynamoDBConfig" + } + }, "aws-native:appsync:DomainName": { "cf": "AWS::AppSync::DomainName", "inputs": { @@ -7967,7 +8222,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -8065,6 +8320,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -8116,7 +8377,7 @@ }, "healthCheckType": { "type": "string", - "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." + "description": "A comma-separated value string of one or more health check types.\n The valid values are ``EC2``, ``EBS``, ``ELB``, and ``VPC_LATTICE``. ``EC2`` is the default health check and cannot be disabled. For more information, see [Health checks for instances in an Auto Scaling group](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-health-checks.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Only specify ``EC2`` if you must clear a value that was previously set." }, "instanceId": { "type": "string", @@ -8215,6 +8476,12 @@ }, "description": "A policy or a list of policies that are used to select the instance to terminate. These policies are executed in the order that you list them. For more information, see [Configure termination policies for Amazon EC2 Auto Scaling](https://docs.aws.amazon.com/autoscaling/ec2/userguide/ec2-auto-scaling-termination-policies.html) in the *Amazon EC2 Auto Scaling User Guide*.\n Valid values: ``Default`` | ``AllocationStrategy`` | ``ClosestToNextInstanceHour`` | ``NewestInstance`` | ``OldestInstance`` | ``OldestLaunchConfiguration`` | ``OldestLaunchTemplate`` | ``arn:aws:lambda:region:account-id:function:my-function:my-alias``" }, + "trafficSources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier" + } + }, "vpcZoneIdentifier": { "type": "array", "items": { @@ -8920,6 +9187,10 @@ }, "description": "Returns one or more capabilities associated with this partnership." }, + "capabilityOptions": { + "$ref": "#/types/aws-native:b2bi:PartnershipCapabilityOptions", + "description": "Contains the details for an Outbound EDI capability." + }, "email": { "type": "string" }, @@ -8950,6 +9221,10 @@ }, "description": "Returns one or more capabilities associated with this partnership." }, + "capabilityOptions": { + "$ref": "#/types/aws-native:b2bi:PartnershipCapabilityOptions", + "description": "Contains the details for an Outbound EDI capability." + }, "createdAt": { "type": "string", "description": "Returns a timestamp for creation date and time of the partnership." @@ -9001,6 +9276,7 @@ "maxLength": 254 }, "required": [ + "capabilities", "email", "profileId" ], @@ -9108,24 +9384,38 @@ "cf": "AWS::B2BI::Transformer", "inputs": { "ediType": { - "$ref": "#/types/aws-native:b2bi:TransformerEdiTypeProperties", - "description": "Returns the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents." + "$ref": "#/types/aws-native:b2bi:TransformerEdiTypeProperties" }, "fileFormat": { - "$ref": "#/types/aws-native:b2bi:TransformerFileFormat", - "description": "Returns that the currently supported file formats for EDI transformations are `JSON` and `XML` ." + "$ref": "#/types/aws-native:b2bi:TransformerFileFormat" + }, + "inputConversion": { + "$ref": "#/types/aws-native:b2bi:TransformerInputConversion", + "description": "Returns a structure that contains the format options for the transformation." + }, + "mapping": { + "$ref": "#/types/aws-native:b2bi:TransformerMapping", + "description": "Returns the structure that contains the mapping template and its language (either XSLT or JSONATA)." }, "mappingTemplate": { "type": "string", - "description": "Returns a sample EDI document that is used by a transformer as a guide for processing the EDI data." + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." }, "name": { "type": "string", "description": "Returns the descriptive name for the transformer." }, + "outputConversion": { + "$ref": "#/types/aws-native:b2bi:TransformerOutputConversion", + "description": "Returns the `OutputConversion` object, which contains the format options for the outbound transformation." + }, "sampleDocument": { "type": "string", - "description": "Returns a sample EDI document that is used by a transformer as a guide for processing the EDI data." + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." + }, + "sampleDocuments": { + "$ref": "#/types/aws-native:b2bi:TransformerSampleDocuments", + "description": "Returns a structure that contains the Amazon S3 bucket and an array of the corresponding keys used to identify the location for your sample documents." }, "status": { "$ref": "#/types/aws-native:b2bi:TransformerStatus", @@ -9145,16 +9435,22 @@ "description": "Returns a timestamp indicating when the transformer was created. For example, `2023-07-20T19:58:44.624Z` ." }, "ediType": { - "$ref": "#/types/aws-native:b2bi:TransformerEdiTypeProperties", - "description": "Returns the details for the EDI standard that is being used for the transformer. Currently, only X12 is supported. X12 is a set of standards and corresponding messages that define specific business documents." + "$ref": "#/types/aws-native:b2bi:TransformerEdiTypeProperties" }, "fileFormat": { - "$ref": "#/types/aws-native:b2bi:TransformerFileFormat", - "description": "Returns that the currently supported file formats for EDI transformations are `JSON` and `XML` ." + "$ref": "#/types/aws-native:b2bi:TransformerFileFormat" + }, + "inputConversion": { + "$ref": "#/types/aws-native:b2bi:TransformerInputConversion", + "description": "Returns a structure that contains the format options for the transformation." + }, + "mapping": { + "$ref": "#/types/aws-native:b2bi:TransformerMapping", + "description": "Returns the structure that contains the mapping template and its language (either XSLT or JSONATA)." }, "mappingTemplate": { "type": "string", - "description": "Returns a sample EDI document that is used by a transformer as a guide for processing the EDI data." + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." }, "modifiedAt": { "type": "string", @@ -9164,9 +9460,17 @@ "type": "string", "description": "Returns the descriptive name for the transformer." }, + "outputConversion": { + "$ref": "#/types/aws-native:b2bi:TransformerOutputConversion", + "description": "Returns the `OutputConversion` object, which contains the format options for the outbound transformation." + }, "sampleDocument": { "type": "string", - "description": "Returns a sample EDI document that is used by a transformer as a guide for processing the EDI data." + "description": "This shape is deprecated: This is a legacy trait. Please use input-conversion or output-conversion." + }, + "sampleDocuments": { + "$ref": "#/types/aws-native:b2bi:TransformerSampleDocuments", + "description": "Returns a structure that contains the Amazon S3 bucket and an array of the corresponding keys used to identify the location for your sample documents." }, "status": { "$ref": "#/types/aws-native:b2bi:TransformerStatus", @@ -9194,9 +9498,6 @@ "maxLength": 254 }, "required": [ - "ediType", - "fileFormat", - "mappingTemplate", "status" ], "tagsProperty": "tags", @@ -9472,6 +9773,92 @@ "tagsProperty": "frameworkTags", "tagsStyle": "keyValueArray" }, + "aws-native:backup:LogicallyAirGappedBackupVault": { + "cf": "AWS::Backup::LogicallyAirGappedBackupVault", + "inputs": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultName": { + "type": "string" + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "maxRetentionDays": { + "type": "integer" + }, + "minRetentionDays": { + "type": "integer" + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "outputs": { + "accessPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Search the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Backup::LogicallyAirGappedBackupVault` for more information about the expected schema for this property." + }, + "backupVaultArn": { + "type": "string" + }, + "backupVaultName": { + "type": "string", + "replaceOnChanges": true + }, + "backupVaultTags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "encryptionKeyArn": { + "type": "string" + }, + "maxRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "minRetentionDays": { + "type": "integer", + "replaceOnChanges": true + }, + "notifications": { + "$ref": "#/types/aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType" + }, + "vaultState": { + "type": "string" + }, + "vaultType": { + "type": "string" + } + }, + "autoNamingSpec": { + "sdkName": "backupVaultName" + }, + "required": [ + "maxRetentionDays", + "minRetentionDays" + ], + "createOnly": [ + "backupVaultName", + "maxRetentionDays", + "minRetentionDays" + ], + "tagsProperty": "backupVaultTags", + "tagsStyle": "stringMap" + }, "aws-native:backup:ReportPlan": { "cf": "AWS::Backup::ReportPlan", "inputs": { @@ -9563,6 +9950,9 @@ "type": "string", "description": "Optional. This is the timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone." }, + "scheduleStatus": { + "$ref": "#/types/aws-native:backup:RestoreTestingPlanRestoreTestingScheduleStatus" + }, "startWindowHours": { "type": "integer", "description": "Defaults to 24 hours.\n\nA value in hours after a restore test is scheduled before a job will be canceled if it doesn't start successfully. This value is optional. If this value is included, this parameter has a maximum value of 168 hours (one week)." @@ -9597,6 +9987,9 @@ "type": "string", "description": "Optional. This is the timezone in which the schedule expression is set. By default, ScheduleExpressions are in UTC. You can modify this to a specified timezone." }, + "scheduleStatus": { + "$ref": "#/types/aws-native:backup:RestoreTestingPlanRestoreTestingScheduleStatus" + }, "startWindowHours": { "type": "integer", "description": "Defaults to 24 hours.\n\nA value in hours after a restore test is scheduled before a job will be canceled if it doesn't start successfully. This value is optional. If this value is included, this parameter has a maximum value of 168 hours (one week)." @@ -9826,6 +10219,10 @@ "$ref": "#/types/aws-native:batch:ComputeEnvironmentComputeResources", "description": "The ComputeResources property type specifies details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. For more information, see [Compute Environments](https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) in the ** ." }, + "context": { + "type": "string", + "description": "Reserved." + }, "eksConfiguration": { "$ref": "#/types/aws-native:batch:ComputeEnvironmentEksConfiguration", "description": "The details for the Amazon EKS cluster that supports the compute environment." @@ -9876,6 +10273,10 @@ "$ref": "#/types/aws-native:batch:ComputeEnvironmentComputeResources", "description": "The ComputeResources property type specifies details of the compute resources managed by the compute environment. This parameter is required for managed compute environments. For more information, see [Compute Environments](https://docs.aws.amazon.com/batch/latest/userguide/compute_environments.html) in the ** ." }, + "context": { + "type": "string", + "description": "Reserved." + }, "eksConfiguration": { "$ref": "#/types/aws-native:batch:ComputeEnvironmentEksConfiguration", "description": "The details for the Amazon EKS cluster that supports the compute environment.", @@ -13762,7 +14163,7 @@ "items": { "type": "string" }, - "description": "The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI)." + "description": "The Amazon SNS topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI)." }, "parameters": { "type": "object", @@ -13796,7 +14197,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified." + "description": "Key-value pairs to associate with this stack. CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified." }, "templateBody": { "$ref": "pulumi.json#/Any", @@ -13848,7 +14249,7 @@ "items": { "type": "string" }, - "description": "The Amazon Simple Notification Service (Amazon SNS) topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI)." + "description": "The Amazon SNS topic ARNs to publish stack related events. You can find your Amazon SNS topic ARNs using the Amazon SNS console or your Command Line Interface (CLI)." }, "outputs": { "type": "array", @@ -13866,7 +14267,7 @@ }, "parentId": { "type": "string", - "description": "For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.\n\nFor more information, see [Working with Nested Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* ." + "description": "For nested stacks--stacks created as resources for another stack--the stack ID of the direct parent of this stack. For the first level of nested stacks, the root stack is also the parent stack.\n\nFor more information, see [Embed stacks within other stacks using nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* ." }, "roleArn": { "type": "string", @@ -13874,7 +14275,7 @@ }, "rootId": { "type": "string", - "description": "For nested stacks--stacks created as resources for another stack--the stack ID of the top-level stack to which the nested stack ultimately belongs.\n\nFor more information, see [Working with Nested Stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* ." + "description": "For nested stacks--stacks created as resources for another stack--the stack ID of the top-level stack to which the nested stack ultimately belongs.\n\nFor more information, see [Embed stacks within other stacks using nested stacks](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-nested-stacks.html) in the *AWS CloudFormation User Guide* ." }, "stackId": { "type": "string", @@ -13906,7 +14307,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "Key-value pairs to associate with this stack. AWS CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified." + "description": "Key-value pairs to associate with this stack. CloudFormation also propagates these tags to the resources created in the stack. A maximum number of 50 tags can be specified." }, "templateBody": { "$ref": "pulumi.json#/Any", @@ -15261,7 +15662,7 @@ }, "period": { "type": "integer", - "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10" + "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10" }, "statistic": { "type": "string", @@ -15272,7 +15673,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the `cloudwatch:TagResource` permission.\n\nTags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values." + "description": "A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the ``cloudwatch:TagResource`` permission.\n Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values." }, "threshold": { "type": "number", @@ -15374,7 +15775,7 @@ }, "period": { "type": "integer", - "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10" + "description": "The period, in seconds, over which the statistic is applied. This is required for an alarm based on a metric. Valid values are 10, 30, 60, and any multiple of 60.\n For an alarm based on a math expression, you can't specify ``Period``, and instead you use the ``Metrics`` parameter.\n *Minimum:* 10" }, "statistic": { "type": "string", @@ -15385,7 +15786,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the `cloudwatch:TagResource` permission.\n\nTags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values." + "description": "A list of key-value pairs to associate with the alarm. You can associate as many as 50 tags with an alarm. To be able to associate tags with the alarm when you create the alarm, you must have the ``cloudwatch:TagResource`` permission.\n Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values." }, "threshold": { "type": "number", @@ -17398,18 +17799,18 @@ "inputs": { "accountRecoverySetting": { "$ref": "#/types/aws-native:cognito:UserPoolAccountRecoverySetting", - "description": "Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email." + "description": "The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email." }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The configuration for creating a new user profile." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* .\n\n\u003e This user pool property cannot be updated." + "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* ." }, "autoVerifiedAttributes": { "type": "array", @@ -17426,28 +17827,34 @@ "$ref": "#/types/aws-native:cognito:UserPoolDeviceConfiguration", "description": "The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.\n\n\u003e When you provide a value for any `DeviceConfiguration` field, you activate the Amazon Cognito device-remembering feature." }, + "emailAuthenticationMessage": { + "type": "string" + }, + "emailAuthenticationSubject": { + "type": "string" + }, "emailConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolEmailConfiguration", "description": "The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool." }, "emailVerificationMessage": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "emailVerificationSubject": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "enabledMfas": { "type": "array", "items": { "type": "string" }, - "description": "Enables MFA on a specified user pool. To disable all MFAs after it has been enabled, set MfaConfiguration to \"OFF\" and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to \"OFF\". Can be one of the following values:\n\n- `SMS_MFA` - Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided.\n- `SOFTWARE_TOKEN_MFA` - Enables software token MFA for the user pool.\n\nAllowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA`" + "description": "Set enabled MFA options on a specified user pool. To disable all MFAs after it has been enabled, set `MfaConfiguration` to `OFF` and remove EnabledMfas. MFAs can only be all disabled if `MfaConfiguration` is `OFF` . After you enable `SMS_MFA` , you can only disable it by setting `MfaConfiguration` to `OFF` . Can be one of the following values:\n\n- `SMS_MFA` - Enables MFA with SMS for the user pool. To select this option, you must also provide values for `SmsConfiguration` .\n- `SOFTWARE_TOKEN_MFA` - Enables software token MFA for the user pool.\n- `EMAIL_OTP` - Enables MFA with email for the user pool. To select this option, you must provide values for `EmailConfiguration` and within those, set `EmailSendingAccount` to `DEVELOPER` .\n\nAllowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA` | `EMAIL_OTP`" }, "lambdaConfig": { "$ref": "#/types/aws-native:cognito:UserPoolLambdaConfig", - "description": "The Lambda trigger configuration information for the new user pool.\n\n\u003e In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.\n\u003e \n\u003e For more information on using the Lambda API to add permission, see [AddPermission](https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html) .\n\u003e \n\u003e For adding permission using the AWS CLI , see [add-permission](https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html) ." + "description": "A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them." }, "mfaConfiguration": { "type": "string", @@ -17455,18 +17862,18 @@ }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "The policy associated with a user pool." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." }, "schema": { "type": "array", "items": { "$ref": "#/types/aws-native:cognito:UserPoolSchemaAttribute" }, - "description": "The schema attributes for the new user pool. These attributes can be standard or custom attributes.\n\n\u003e During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute." + "description": "An array of schema attributes for the new user pool. These attributes can be standard or custom attributes." }, "smsAuthenticationMessage": { "type": "string", - "description": "A string representing the SMS authentication message." + "description": "The contents of the SMS authentication message." }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", @@ -17474,7 +17881,7 @@ }, "smsVerificationMessage": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "userAttributeUpdateSettings": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeUpdateSettings", @@ -17500,32 +17907,32 @@ "items": { "type": "string" }, - "description": "Determines whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values: `phone_number` or `email` .\n\nThis user pool property cannot be updated." + "description": "Specifies whether a user can use an email address or phone number as a username when they sign up." }, "usernameConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolUsernameConfiguration", - "description": "You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to `False` , users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set." + "description": "Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `email@example.com` or `EMaiL@eXamplE.Com` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.\n\nThis configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) ." }, "verificationMessageTemplate": { "$ref": "#/types/aws-native:cognito:UserPoolVerificationMessageTemplate", - "description": "The template for the verification message that the user sees when the app requests permission to access the user's information." + "description": "The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.\n\nSet the email message type that corresponds to your `DefaultEmailOption` selection. For `CONFIRM_WITH_LINK` , specify an `EmailMessageByLink` and leave `EmailMessage` blank. For `CONFIRM_WITH_CODE` , specify an `EmailMessage` and leave `EmailMessageByLink` blank. When you supply both parameters with either choice, Amazon Cognito returns an error." } }, "outputs": { "accountRecoverySetting": { "$ref": "#/types/aws-native:cognito:UserPoolAccountRecoverySetting", - "description": "Use this setting to define which verified available method a user can use to recover their password when they call `ForgotPassword` . It allows you to define a preferred method when a user has more than one method available. With this setting, SMS does not qualify for a valid password recovery mechanism if the user also has SMS MFA enabled. In the absence of this setting, Cognito uses the legacy behavior to determine the recovery method where SMS is preferred over email." + "description": "The available verified method a user can use to recover their password when they call `ForgotPassword` . You can use this setting to define a preferred method when a user has more than one method available. With this setting, SMS doesn't qualify for a valid password recovery mechanism if the user also has SMS multi-factor authentication (MFA) activated. In the absence of this setting, Amazon Cognito uses the legacy behavior to determine the recovery method where SMS is preferred through email." }, "adminCreateUserConfig": { "$ref": "#/types/aws-native:cognito:UserPoolAdminCreateUserConfig", - "description": "The configuration for creating a new user profile." + "description": "The settings for administrator creation of users in a user pool. Contains settings for allowing user sign-up, customizing invitation messages to new users, and the amount of time before temporary passwords expire.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." }, "aliasAttributes": { "type": "array", "items": { "type": "string" }, - "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* .\n\n\u003e This user pool property cannot be updated." + "description": "Attributes supported as an alias for this user pool. Possible values: *phone_number* , *email* , or *preferred_username* ." }, "arn": { "type": "string", @@ -17546,28 +17953,34 @@ "$ref": "#/types/aws-native:cognito:UserPoolDeviceConfiguration", "description": "The device-remembering configuration for a user pool. A null value indicates that you have deactivated device remembering in your user pool.\n\n\u003e When you provide a value for any `DeviceConfiguration` field, you activate the Amazon Cognito device-remembering feature." }, + "emailAuthenticationMessage": { + "type": "string" + }, + "emailAuthenticationSubject": { + "type": "string" + }, "emailConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolEmailConfiguration", "description": "The email configuration of your user pool. The email configuration type sets your preferred sending method, AWS Region, and sender for messages from your user pool." }, "emailVerificationMessage": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "emailVerificationSubject": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "enabledMfas": { "type": "array", "items": { "type": "string" }, - "description": "Enables MFA on a specified user pool. To disable all MFAs after it has been enabled, set MfaConfiguration to \"OFF\" and remove EnabledMfas. MFAs can only be all disabled if MfaConfiguration is OFF. Once SMS_MFA is enabled, SMS_MFA can only be disabled by setting MfaConfiguration to \"OFF\". Can be one of the following values:\n\n- `SMS_MFA` - Enables SMS MFA for the user pool. SMS_MFA can only be enabled if SMS configuration is provided.\n- `SOFTWARE_TOKEN_MFA` - Enables software token MFA for the user pool.\n\nAllowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA`" + "description": "Set enabled MFA options on a specified user pool. To disable all MFAs after it has been enabled, set `MfaConfiguration` to `OFF` and remove EnabledMfas. MFAs can only be all disabled if `MfaConfiguration` is `OFF` . After you enable `SMS_MFA` , you can only disable it by setting `MfaConfiguration` to `OFF` . Can be one of the following values:\n\n- `SMS_MFA` - Enables MFA with SMS for the user pool. To select this option, you must also provide values for `SmsConfiguration` .\n- `SOFTWARE_TOKEN_MFA` - Enables software token MFA for the user pool.\n- `EMAIL_OTP` - Enables MFA with email for the user pool. To select this option, you must provide values for `EmailConfiguration` and within those, set `EmailSendingAccount` to `DEVELOPER` .\n\nAllowed values: `SMS_MFA` | `SOFTWARE_TOKEN_MFA` | `EMAIL_OTP`" }, "lambdaConfig": { "$ref": "#/types/aws-native:cognito:UserPoolLambdaConfig", - "description": "The Lambda trigger configuration information for the new user pool.\n\n\u003e In a push model, event sources (such as Amazon S3 and custom applications) need permission to invoke a function. So you must make an extra call to add permission for these event sources to invoke your Lambda function.\n\u003e \n\u003e For more information on using the Lambda API to add permission, see [AddPermission](https://docs.aws.amazon.com/lambda/latest/dg/API_AddPermission.html) .\n\u003e \n\u003e For adding permission using the AWS CLI , see [add-permission](https://docs.aws.amazon.com/cli/latest/reference/lambda/add-permission.html) ." + "description": "A collection of user pool Lambda triggers. Amazon Cognito invokes triggers at several possible stages of authentication operations. Triggers can modify the outcome of the operations that invoked them." }, "mfaConfiguration": { "type": "string", @@ -17575,11 +17988,11 @@ }, "policies": { "$ref": "#/types/aws-native:cognito:UserPoolPolicies", - "description": "The policy associated with a user pool." + "description": "A list of user pool policies. Contains the policy that sets password-complexity requirements.\n\nThis data type is a request and response parameter of [CreateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_CreateUserPool.html) and [UpdateUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UpdateUserPool.html) , and a response parameter of [DescribeUserPool](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_DescribeUserPool.html) ." }, "providerName": { "type": "string", - "description": "The provider name of the Amazon Cognito user pool, specified as a `String` ." + "description": "A friendly name for the IdP." }, "providerUrl": { "type": "string", @@ -17590,11 +18003,11 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolSchemaAttribute" }, - "description": "The schema attributes for the new user pool. These attributes can be standard or custom attributes.\n\n\u003e During a user pool update, you can add new schema attributes but you cannot modify or delete an existing schema attribute." + "description": "An array of schema attributes for the new user pool. These attributes can be standard or custom attributes." }, "smsAuthenticationMessage": { "type": "string", - "description": "A string representing the SMS authentication message." + "description": "The contents of the SMS authentication message." }, "smsConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolSmsConfiguration", @@ -17602,7 +18015,7 @@ }, "smsVerificationMessage": { "type": "string", - "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_VerificationMessageTemplateType.html) ." + "description": "This parameter is no longer used. See [VerificationMessageTemplateType](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cognito-userpool-verificationmessagetemplate.html) ." }, "userAttributeUpdateSettings": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeUpdateSettings", @@ -17632,15 +18045,15 @@ "items": { "type": "string" }, - "description": "Determines whether email addresses or phone numbers can be specified as user names when a user signs up. Possible values: `phone_number` or `email` .\n\nThis user pool property cannot be updated." + "description": "Specifies whether a user can use an email address or phone number as a username when they sign up." }, "usernameConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolUsernameConfiguration", - "description": "You can choose to set case sensitivity on the username input for the selected sign-in option. For example, when this is set to `False` , users will be able to sign in using either \"username\" or \"Username\". This configuration is immutable once it has been set." + "description": "Case sensitivity on the username input for the selected sign-in option. When case sensitivity is set to `False` (case insensitive), users can sign in with any combination of capital and lowercase letters. For example, `username` , `USERNAME` , or `UserName` , or for email, `email@example.com` or `EMaiL@eXamplE.Com` . For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, Amazon Cognito treats any variation in case as the same user, and prevents a case variation from being assigned to the same attribute for a different user.\n\nThis configuration is immutable after you set it. For more information, see [UsernameConfigurationType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UsernameConfigurationType.html) ." }, "verificationMessageTemplate": { "$ref": "#/types/aws-native:cognito:UserPoolVerificationMessageTemplate", - "description": "The template for the verification message that the user sees when the app requests permission to access the user's information." + "description": "The template for the verification message that your user pool delivers to users who set an email address or phone number attribute.\n\nSet the email message type that corresponds to your `DefaultEmailOption` selection. For `CONFIRM_WITH_LINK` , specify an `EmailMessageByLink` and leave `EmailMessage` blank. For `CONFIRM_WITH_CODE` , specify an `EmailMessage` and leave `EmailMessageByLink` blank. When you supply both parameters with either choice, Amazon Cognito returns an error." } }, "autoNamingSpec": { @@ -17662,7 +18075,7 @@ "inputs": { "accessTokenValidity": { "type": "integer", - "description": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with their access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours." + "description": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with\ntheir access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your access\ntokens are valid for one hour." }, "allowedOAuthFlows": { "type": "array", @@ -17726,7 +18139,7 @@ }, "idTokenValidity": { "type": "integer", - "description": "The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.\n\nThe default time unit for `IdTokenValidity` in an API request is hours." + "description": "The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.\n\nThe default time unit for `IdTokenValidity` in an API request is hours. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your ID\ntokens are valid for one hour." }, "logoutUrls": { "type": "array", @@ -17737,18 +18150,18 @@ }, "preventUserExistenceErrors": { "type": "string", - "description": "Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool." + "description": "Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool.\n\nValid values include:\n\n- `ENABLED` - This prevents user existence-related errors.\n- `LEGACY` - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.\n\nDefaults to `LEGACY` when you don't provide a value." }, "readAttributes": { "type": "array", "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", - "description": "The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session and retrieve new access and ID tokens for 10 days.\n\nThe default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days." + "description": "The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session\nand retrieve new access and ID tokens for 10 days.\n\nThe default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your refresh\ntokens are valid for 30 days." }, "supportedIdentityProviders": { "type": "array", @@ -17776,7 +18189,7 @@ "outputs": { "accessTokenValidity": { "type": "integer", - "description": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with their access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours." + "description": "The access token time limit. After this limit expires, your user can't use their access token. To specify the time unit for `AccessTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `AccessTokenValidity` to `10` and `TokenValidityUnits` to `hours` , your user can authorize access with\ntheir access token for 10 hours.\n\nThe default time unit for `AccessTokenValidity` in an API request is hours. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your access\ntokens are valid for one hour." }, "allowedOAuthFlows": { "type": "array", @@ -17848,7 +18261,7 @@ }, "idTokenValidity": { "type": "integer", - "description": "The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.\n\nThe default time unit for `IdTokenValidity` in an API request is hours." + "description": "The ID token time limit. After this limit expires, your user can't use their ID token. To specify the time unit for `IdTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `IdTokenValidity` as `10` and `TokenValidityUnits` as `hours` , your user can authenticate their session with their ID token for 10 hours.\n\nThe default time unit for `IdTokenValidity` in an API request is hours. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your ID\ntokens are valid for one hour." }, "logoutUrls": { "type": "array", @@ -17862,18 +18275,18 @@ }, "preventUserExistenceErrors": { "type": "string", - "description": "Use this setting to choose which errors and responses are returned by Cognito APIs during authentication, account confirmation, and password recovery when the user does not exist in the user pool. When set to `ENABLED` and the user does not exist, authentication returns an error indicating either the username or password was incorrect, and account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs will return a `UserNotFoundException` exception if the user does not exist in the user pool." + "description": "Errors and responses that you want Amazon Cognito APIs to return during authentication, account confirmation, and password recovery when the user doesn't exist in the user pool. When set to `ENABLED` and the user doesn't exist, authentication returns an error indicating either the username or password was incorrect. Account confirmation and password recovery return a response indicating a code was sent to a simulated destination. When set to `LEGACY` , those APIs return a `UserNotFoundException` exception if the user doesn't exist in the user pool.\n\nValid values include:\n\n- `ENABLED` - This prevents user existence-related errors.\n- `LEGACY` - This represents the early behavior of Amazon Cognito where user existence related errors aren't prevented.\n\nDefaults to `LEGACY` when you don't provide a value." }, "readAttributes": { "type": "array", "items": { "type": "string" }, - "description": "The list of user attributes that you want your app client to have read-only access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." + "description": "The list of user attributes that you want your app client to have read access to. After your user authenticates in your app, their access token authorizes them to read their own attribute value for any attribute in this list. An example of this kind of activity is when your user selects a link to view their profile information. Your app makes a [GetUser](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GetUser.html) API request to retrieve and display your user's profile data.\n\nWhen you don't specify the `ReadAttributes` for your app client, your app can read the values of `email_verified` , `phone_number_verified` , and the Standard attributes of your user pool. When your user pool app client has read access to these default attributes, `ReadAttributes` doesn't return any information. Amazon Cognito only populates `ReadAttributes` in the API response if you have specified your own custom set of read attributes." }, "refreshTokenValidity": { "type": "integer", - "description": "The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session and retrieve new access and ID tokens for 10 days.\n\nThe default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days." + "description": "The refresh token time limit. After this limit expires, your user can't use their refresh token. To specify the time unit for `RefreshTokenValidity` as `seconds` , `minutes` , `hours` , or `days` , set a `TokenValidityUnits` value in your API request.\n\nFor example, when you set `RefreshTokenValidity` as `10` and `TokenValidityUnits` as `days` , your user can refresh their session\nand retrieve new access and ID tokens for 10 days.\n\nThe default time unit for `RefreshTokenValidity` in an API request is days. You can't set `RefreshTokenValidity` to 0. If you do, Amazon Cognito overrides the value with the default value of 30 days. *Valid range* is displayed below in seconds.\n\nIf you don't specify otherwise in the configuration of your app client, your refresh\ntokens are valid for 30 days." }, "supportedIdentityProviders": { "type": "array", @@ -17926,11 +18339,11 @@ }, "domain": { "type": "string", - "description": "The domain name for the domain that hosts the sign-up and sign-in pages for your application. For example: `auth.example.com` . If you're using a prefix domain, this field denotes the first part of the domain before `.auth.[region].amazoncognito.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names." + "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names." }, "userPoolId": { "type": "string", - "description": "The user pool ID for the user pool where you want to associate a user pool domain." + "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating." } }, "outputs": { @@ -17948,12 +18361,12 @@ }, "domain": { "type": "string", - "description": "The domain name for the domain that hosts the sign-up and sign-in pages for your application. For example: `auth.example.com` . If you're using a prefix domain, this field denotes the first part of the domain before `.auth.[region].amazoncognito.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.", + "description": "The domain name for the custom domain that hosts the sign-up and sign-in pages for your application. One example might be `auth.example.com` .\n\nThis string can include only lowercase letters, numbers, and hyphens. Don't use a hyphen for the first or last character. Use periods to separate subdomain names.", "replaceOnChanges": true }, "userPoolId": { "type": "string", - "description": "The user pool ID for the user pool where you want to associate a user pool domain.", + "description": "The ID of the user pool that is associated with the custom domain whose certificate you're updating.", "replaceOnChanges": true } }, @@ -18032,8 +18445,11 @@ "cf": "AWS::Cognito::UserPoolIdentityProvider", "inputs": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -18043,8 +18459,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -18061,12 +18480,11 @@ }, "outputs": { "attributeMapping": { - "$ref": "pulumi.json#/Any", - "description": "A mapping of IdP attributes to standard and custom user pool attributes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." - }, - "awsId": { - "type": "string", - "description": "The resource ID." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "A mapping of IdP attributes to standard and custom user pool attributes." }, "idpIdentifiers": { "type": "array", @@ -18076,8 +18494,11 @@ "description": "A list of IdP identifiers." }, "providerDetails": { - "$ref": "pulumi.json#/Any", - "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Cognito::UserPoolIdentityProvider` for more information about the expected schema for this property." + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The scopes, URLs, and identifiers for your external identity provider. The following\nexamples describe the provider detail keys for each IdP type. These values and their\nschema are subject to change. Social IdP `authorize_scopes` values must match\nthe values listed here.\n\n- **OpenID Connect (OIDC)** - Amazon Cognito accepts the following elements when it can't discover endpoint URLs from `oidc_issuer` : `attributes_url` , `authorize_url` , `jwks_uri` , `token_url` .\n\nCreate or update request: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_request_method\": \"GET\", \"attributes_url\": \"https://auth.example.com/userInfo\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"openid profile email\", \"authorize_url\": \"https://auth.example.com/authorize\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"jwks_uri\": \"https://auth.example.com/.well-known/jwks.json\", \"oidc_issuer\": \"https://auth.example.com\", \"token_url\": \"https://example.com/token\" }`\n- **SAML** - Create or update request with Metadata URL: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nCreate or update request with Metadata file: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"MetadataFile\": \"[metadata XML]\", \"RequestSigningAlgorithm\": \"rsa-sha256\" }`\n\nThe value of `MetadataFile` must be the plaintext metadata document with all quote (\") characters escaped by backslashes.\n\nDescribe response: `\"ProviderDetails\": { \"IDPInit\": \"true\", \"IDPSignout\": \"true\", \"EncryptedResponses\" : \"true\", \"ActiveEncryptionCertificate\": \"[certificate]\", \"MetadataURL\": \"https://auth.example.com/sso/saml/metadata\", \"RequestSigningAlgorithm\": \"rsa-sha256\", \"SLORedirectBindingURI\": \"https://auth.example.com/slo/saml\", \"SSORedirectBindingURI\": \"https://auth.example.com/sso/saml\" }`\n- **LoginWithAmazon** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"profile postal_code\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\"`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://api.amazon.com/user/profile\", \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"profile postal_code\", \"authorize_url\": \"https://www.amazon.com/ap/oa\", \"client_id\": \"amzn1.application-oa2-client.1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"POST\", \"token_url\": \"https://api.amazon.com/auth/o2/token\" }`\n- **Google** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email profile openid\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url\": \"https://people.googleapis.com/v1/people/me?personFields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"email profile openid\", \"authorize_url\": \"https://accounts.google.com/o/oauth2/v2/auth\", \"client_id\": \"1example23456789.apps.googleusercontent.com\", \"client_secret\": \"provider-app-client-secret\", \"oidc_issuer\": \"https://accounts.google.com\", \"token_request_method\": \"POST\", \"token_url\": \"https://www.googleapis.com/oauth2/v4/token\" }`\n- **SignInWithApple** - Create or update request: `\"ProviderDetails\": { \"authorize_scopes\": \"email name\", \"client_id\": \"com.example.cognito\", \"private_key\": \"1EXAMPLE\", \"key_id\": \"2EXAMPLE\", \"team_id\": \"3EXAMPLE\" }`\n\nDescribe response: `\"ProviderDetails\": { \"attributes_url_add_attributes\": \"false\", \"authorize_scopes\": \"email name\", \"authorize_url\": \"https://appleid.apple.com/auth/authorize\", \"client_id\": \"com.example.cognito\", \"key_id\": \"1EXAMPLE\", \"oidc_issuer\": \"https://appleid.apple.com\", \"team_id\": \"2EXAMPLE\", \"token_request_method\": \"POST\", \"token_url\": \"https://appleid.apple.com/auth/token\" }`\n- **Facebook** - Create or update request: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"authorize_scopes\": \"public_profile, email\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\" }`\n\nDescribe response: `\"ProviderDetails\": { \"api_version\": \"v17.0\", \"attributes_url\": \"https://graph.facebook.com/v17.0/me?fields=\", \"attributes_url_add_attributes\": \"true\", \"authorize_scopes\": \"public_profile, email\", \"authorize_url\": \"https://www.facebook.com/v17.0/dialog/oauth\", \"client_id\": \"1example23456789\", \"client_secret\": \"provider-app-client-secret\", \"token_request_method\": \"GET\", \"token_url\": \"https://graph.facebook.com/v17.0/oauth/access_token\" }`" }, "providerName": { "type": "string", @@ -18099,6 +18520,7 @@ "sdkName": "providerName" }, "required": [ + "providerDetails", "providerType", "userPoolId" ], @@ -18106,17 +18528,14 @@ "providerName", "providerType", "userPoolId" - ], - "irreversibleNames": { - "awsId": "Id" - } + ] }, "aws-native:cognito:UserPoolResourceServer": { "cf": "AWS::Cognito::UserPoolResourceServer", "inputs": { "identifier": { "type": "string", - "description": "A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example: `https://my-weather-api.example.com` ." + "description": "A unique resource server identifier for the resource server. The identifier can be an API friendly name like `solar-system-data` . You can also set an API URL like `https://solar-system-data-api.example.com` as your identifier.\n\nAmazon Cognito represents scopes in the access token in the format `$resource-server-identifier/$scope` . Longer scope-identifier strings increase the size of your access tokens." }, "name": { "type": "string", @@ -18137,7 +18556,7 @@ "outputs": { "identifier": { "type": "string", - "description": "A unique resource server identifier for the resource server. This could be an HTTPS endpoint where the resource server is located. For example: `https://my-weather-api.example.com` .", + "description": "A unique resource server identifier for the resource server. The identifier can be an API friendly name like `solar-system-data` . You can also set an API URL like `https://solar-system-data-api.example.com` as your identifier.\n\nAmazon Cognito represents scopes in the access token in the format `$resource-server-identifier/$scope` . Longer scope-identifier strings increase the size of your access tokens.", "replaceOnChanges": true }, "name": { @@ -18174,46 +18593,46 @@ "inputs": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The account takeover risk configuration object, including the `NotifyConfiguration` object and `Actions` to take if there is an account takeover." + "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." }, "clientId": { "type": "string", - "description": "The app client ID. You can specify the risk configuration for a single client (with a specific ClientId) or for all clients (by setting the ClientId to `ALL` )." + "description": "The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings." }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "The compromised credentials risk configuration object, including the `EventFilter` and the `EventAction` ." + "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", - "description": "The configuration to override the risk decision." + "description": "Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges." }, "userPoolId": { "type": "string", - "description": "The user pool ID." + "description": "The ID of the user pool that has the risk configuration applied." } }, "outputs": { "accountTakeoverRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverRiskConfigurationType", - "description": "The account takeover risk configuration object, including the `NotifyConfiguration` object and `Actions` to take if there is an account takeover." + "description": "The settings for automated responses and notification templates for adaptive authentication with advanced security features." }, "clientId": { "type": "string", - "description": "The app client ID. You can specify the risk configuration for a single client (with a specific ClientId) or for all clients (by setting the ClientId to `ALL` ).", + "description": "The app client where this configuration is applied. When this parameter isn't present, the risk configuration applies to all user pool app clients that don't have client-level settings.", "replaceOnChanges": true }, "compromisedCredentialsRiskConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsRiskConfigurationType", - "description": "The compromised credentials risk configuration object, including the `EventFilter` and the `EventAction` ." + "description": "Settings for compromised-credentials actions and authentication types with advanced security features in full-function `ENFORCED` mode." }, "riskExceptionConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentRiskExceptionConfigurationType", - "description": "The configuration to override the risk decision." + "description": "Exceptions to the risk evaluation configuration, including always-allow and always-block IP address ranges." }, "userPoolId": { "type": "string", - "description": "The user pool ID.", + "description": "The ID of the user pool that has the risk configuration applied.", "replaceOnChanges": true } }, @@ -18231,7 +18650,7 @@ "inputs": { "clientId": { "type": "string", - "description": "The client ID for the client app. You can specify the UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to `ALL` )." + "description": "The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings.." }, "css": { "type": "string", @@ -18245,7 +18664,7 @@ "outputs": { "clientId": { "type": "string", - "description": "The client ID for the client app. You can specify the UI customization settings for a single client (with a specific clientId) or for all clients (by setting the clientId to `ALL` ).", + "description": "The app client ID for your UI customization. When this value isn't present, the customization applies to all user pool app clients that don't have client-level settings..", "replaceOnChanges": true }, "css": { @@ -18300,7 +18719,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values." + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter." }, "userPoolId": { "type": "string", @@ -18350,7 +18769,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolUserAttributeType" }, - "description": "An array of name-value pairs that contain user attributes and attribute values.", + "description": "An array of name-value pairs that contain user attributes and attribute values to be set for the user to be created. You can create a user without specifying any attributes other than `Username` . However, any attributes that you specify as required (when creating a user pool or in the *Attributes* tab of the console) either you should supply (in your call to `AdminCreateUser` ) or the user should supply (when they sign up in response to your welcome message).\n\nFor custom attributes, you must prepend the `custom:` prefix to the attribute name.\n\nTo send a message inviting the user to sign up, you must specify the user's email address or phone number. You can do this in your call to AdminCreateUser or in the *Users* tab of the Amazon Cognito console for managing your user pools.\n\nIn your call to `AdminCreateUser` , you can set the `email_verified` attribute to `True` , and you can set the `phone_number_verified` attribute to `True` . You can also do this by calling [AdminUpdateUserAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_AdminUpdateUserAttributes.html) .\n\n- *email* : The email address of the user to whom the message that contains the code and username will be sent. Required if the `email_verified` attribute is set to `True` , or if `\"EMAIL\"` is specified in the `DesiredDeliveryMediums` parameter.\n- *phone_number* : The phone number of the user to whom the message that contains the code and username will be sent. Required if the `phone_number_verified` attribute is set to `True` , or if `\"SMS\"` is specified in the `DesiredDeliveryMediums` parameter.", "replaceOnChanges": true }, "userPoolId": { @@ -18408,7 +18827,8 @@ "description": "The user pool ID for the user pool." }, "username": { - "type": "string" + "type": "string", + "description": "The user's username." } }, "outputs": { @@ -18424,6 +18844,7 @@ }, "username": { "type": "string", + "description": "The user's username.", "replaceOnChanges": true } }, @@ -19158,6 +19579,106 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:connect:AgentStatus": { + "cf": "AWS::Connect::AgentStatus", + "inputs": { + "description": { + "type": "string", + "description": "The description of the status." + }, + "displayOrder": { + "type": "integer", + "description": "The display order of the status." + }, + "instanceArn": { + "type": "string", + "description": "The identifier of the Amazon Connect instance." + }, + "name": { + "type": "string", + "description": "The name of the status." + }, + "resetOrderNumber": { + "type": "boolean", + "description": "A number indicating the reset order of the agent status." + }, + "state": { + "$ref": "#/types/aws-native:connect:AgentStatusState", + "description": "The state of the status." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "type": { + "$ref": "#/types/aws-native:connect:AgentStatusType", + "description": "The type of agent status." + } + }, + "outputs": { + "agentStatusArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the agent status." + }, + "description": { + "type": "string", + "description": "The description of the status." + }, + "displayOrder": { + "type": "integer", + "description": "The display order of the status." + }, + "instanceArn": { + "type": "string", + "description": "The identifier of the Amazon Connect instance." + }, + "lastModifiedRegion": { + "type": "string", + "description": "Last modified region." + }, + "lastModifiedTime": { + "type": "number", + "description": "Last modified time." + }, + "name": { + "type": "string", + "description": "The name of the status." + }, + "resetOrderNumber": { + "type": "boolean", + "description": "A number indicating the reset order of the agent status." + }, + "state": { + "$ref": "#/types/aws-native:connect:AgentStatusState", + "description": "The state of the status." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "type": { + "$ref": "#/types/aws-native:connect:AgentStatusType", + "description": "The type of agent status." + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 127 + }, + "required": [ + "instanceArn", + "state" + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:connect:ApprovedOrigin": { "cf": "AWS::Connect::ApprovedOrigin", "inputs": { @@ -20929,6 +21450,50 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:connect:UserHierarchyStructure": { + "cf": "AWS::Connect::UserHierarchyStructure", + "inputs": { + "instanceArn": { + "type": "string", + "description": "The identifier of the Amazon Connect instance." + }, + "userHierarchyStructure": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureProperties", + "description": "Information about the hierarchy structure.", + "language": { + "csharp": { + "name": "UserHierarchyStructureValue" + } + } + } + }, + "outputs": { + "instanceArn": { + "type": "string", + "description": "The identifier of the Amazon Connect instance.", + "replaceOnChanges": true + }, + "userHierarchyStructure": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureProperties", + "description": "Information about the hierarchy structure.", + "language": { + "csharp": { + "name": "UserHierarchyStructureValue" + } + } + }, + "userHierarchyStructureArn": { + "type": "string", + "description": "The identifier of the User Hierarchy Structure." + } + }, + "required": [ + "instanceArn" + ], + "createOnly": [ + "instanceArn" + ] + }, "aws-native:connect:View": { "cf": "AWS::Connect::View", "inputs": { @@ -22311,7 +22876,7 @@ "tags": { "type": "array", "items": { - "$ref": "#/types/aws-native:index:Tag" + "$ref": "#/types/aws-native:index:CreateOnlyTag" }, "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." }, @@ -22340,9 +22905,10 @@ "tags": { "type": "array", "items": { - "$ref": "#/types/aws-native:index:Tag" + "$ref": "#/types/aws-native:index:CreateOnlyTag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." + "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "replaceOnChanges": true }, "targetArn": { "type": "string", @@ -22361,10 +22927,11 @@ ], "createOnly": [ "name", + "tags", "targetArn" ], "tagsProperty": "tags", - "tagsStyle": "keyValueArray" + "tagsStyle": "keyValueArrayCreateOnly" }, "aws-native:databrew:Schedule": { "cf": "AWS::DataBrew::Schedule", @@ -24304,10 +24871,22 @@ "type": "string", "description": "The identifier of the Amazon DataZone domain in which the environment would be created." }, + "environmentAccountIdentifier": { + "type": "string", + "description": "The AWS account in which the Amazon DataZone environment is created." + }, + "environmentAccountRegion": { + "type": "string", + "description": "The AWS region in which the Amazon DataZone environment is created." + }, "environmentProfileIdentifier": { "type": "string", "description": "The ID of the environment profile with which the Amazon DataZone environment would be created." }, + "environmentRoleArn": { + "type": "string", + "description": "Environment role arn for custom aws environment permissions" + }, "glossaryTerms": { "type": "array", "items": { @@ -24365,6 +24944,16 @@ "description": "The identifier of the Amazon DataZone domain in which the environment would be created.", "replaceOnChanges": true }, + "environmentAccountIdentifier": { + "type": "string", + "description": "The AWS account in which the Amazon DataZone environment is created.", + "replaceOnChanges": true + }, + "environmentAccountRegion": { + "type": "string", + "description": "The AWS region in which the Amazon DataZone environment is created.", + "replaceOnChanges": true + }, "environmentBlueprintId": { "type": "string", "description": "The ID of the blueprint with which the Amazon DataZone environment was created." @@ -24378,6 +24967,10 @@ "description": "The ID of the environment profile with which the Amazon DataZone environment would be created.", "replaceOnChanges": true }, + "environmentRoleArn": { + "type": "string", + "description": "Environment role arn for custom aws environment permissions" + }, "glossaryTerms": { "type": "array", "items": { @@ -24426,24 +25019,114 @@ }, "required": [ "domainIdentifier", - "environmentProfileIdentifier", "projectIdentifier" ], "createOnly": [ "domainIdentifier", + "environmentAccountIdentifier", + "environmentAccountRegion", "environmentProfileIdentifier", "projectIdentifier", "userParameters" ], "writeOnly": [ "domainIdentifier", + "environmentAccountIdentifier", + "environmentAccountRegion", "environmentProfileIdentifier", + "environmentRoleArn", "projectIdentifier" ], "irreversibleNames": { "awsId": "Id" } }, + "aws-native:datazone:EnvironmentActions": { + "cf": "AWS::DataZone::EnvironmentActions", + "inputs": { + "description": { + "type": "string", + "description": "The description of the Amazon DataZone environment action." + }, + "domainIdentifier": { + "type": "string", + "description": "The identifier of the Amazon DataZone domain in which the environment would be created." + }, + "environmentIdentifier": { + "type": "string", + "description": "The identifier of the Amazon DataZone environment in which the action is taking place" + }, + "identifier": { + "type": "string", + "description": "The ID of the Amazon DataZone environment action." + }, + "name": { + "type": "string", + "description": "The name of the environment action." + }, + "parameters": { + "$ref": "#/types/aws-native:datazone:EnvironmentActionsAwsConsoleLinkParameters", + "description": "The parameters of the environment action." + } + }, + "outputs": { + "awsId": { + "type": "string", + "description": "The ID of the Amazon DataZone environment action." + }, + "description": { + "type": "string", + "description": "The description of the Amazon DataZone environment action." + }, + "domainId": { + "type": "string", + "description": "The identifier of the Amazon DataZone domain in which the environment is created." + }, + "domainIdentifier": { + "type": "string", + "description": "The identifier of the Amazon DataZone domain in which the environment would be created.", + "replaceOnChanges": true + }, + "environmentId": { + "type": "string", + "description": "The identifier of the Amazon DataZone environment in which the action is taking place" + }, + "environmentIdentifier": { + "type": "string", + "description": "The identifier of the Amazon DataZone environment in which the action is taking place", + "replaceOnChanges": true + }, + "identifier": { + "type": "string", + "description": "The ID of the Amazon DataZone environment action." + }, + "name": { + "type": "string", + "description": "The name of the environment action." + }, + "parameters": { + "$ref": "#/types/aws-native:datazone:EnvironmentActionsAwsConsoleLinkParameters", + "description": "The parameters of the environment action." + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 64 + }, + "createOnly": [ + "domainIdentifier", + "environmentIdentifier" + ], + "writeOnly": [ + "domainIdentifier", + "environmentIdentifier", + "identifier" + ], + "irreversibleNames": { + "awsId": "Id" + } + }, "aws-native:datazone:EnvironmentBlueprintConfiguration": { "cf": "AWS::DataZone::EnvironmentBlueprintConfiguration", "inputs": { @@ -27663,6 +28346,9 @@ "tenancy": { "type": "string", "description": "Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:\n\n- `default` - The Capacity Reservation is created on hardware that is shared with other AWS accounts .\n- `dedicated` - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single AWS account ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "outputs": { @@ -27741,6 +28427,9 @@ "totalInstanceCount": { "type": "integer", "description": "Returns the total number of instances for which the Capacity Reservation reserves capacity. For example: `15` ." + }, + "unusedReservationBillingOwnerId": { + "type": "string" } }, "required": [ @@ -27760,6 +28449,9 @@ "tagSpecifications", "tenancy" ], + "writeOnly": [ + "unusedReservationBillingOwnerId" + ], "irreversibleNames": { "awsId": "Id" } @@ -30403,7 +31095,7 @@ "items": { "type": "string" }, - "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*." + "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*." }, "secondaryPrivateIpAddressCount": { "type": "integer", @@ -30457,7 +31149,7 @@ "items": { "type": "string" }, - "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon VPC User Guide*." + "description": "Secondary EIP allocation IDs. For more information, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/nat-gateway-working-with.html) in the *Amazon VPC User Guide*." }, "secondaryPrivateIpAddressCount": { "type": "integer", @@ -32073,13 +32765,6 @@ "type": "string", "description": "The IPv6 CIDR block.\n If you specify ``AssignIpv6AddressOnCreation``, you must also specify an IPv6 CIDR block." }, - "ipv6CidrBlocks": { - "type": "array", - "items": { - "type": "string" - }, - "description": "The IPv6 network ranges for the subnet, in CIDR notation." - }, "ipv6IpamPoolId": { "type": "string", "description": "An IPv6 IPAM pool ID for the subnet." @@ -32163,7 +32848,7 @@ "items": { "type": "string" }, - "description": "The IPv6 network ranges for the subnet, in CIDR notation." + "description": "The IPv6 CIDR blocks that are associated with the subnet." }, "ipv6IpamPoolId": { "type": "string", @@ -32429,6 +33114,10 @@ "type": "string", "description": "The ID of the default propagation route table." }, + "securityGroupReferencingSupport": { + "type": "string", + "description": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.\n\nFor important information about this feature, see [Create a transit gateway](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) in the *AWS Transit Gateway Guide* ." + }, "tags": { "type": "array", "items": { @@ -32491,6 +33180,10 @@ "type": "string", "description": "The ID of the default propagation route table." }, + "securityGroupReferencingSupport": { + "type": "string", + "description": "Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.\n\nFor important information about this feature, see [Create a transit gateway](https://docs.aws.amazon.com/vpc/latest/tgw/tgw-transit-gateways.html#create-tgw) in the *AWS Transit Gateway Guide* ." + }, "tags": { "type": "array", "items": { @@ -33075,7 +33768,7 @@ "tags": { "type": "array", "items": { - "$ref": "#/types/aws-native:index:CreateOnlyTag" + "$ref": "#/types/aws-native:index:Tag" }, "description": "Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted." }, @@ -33088,10 +33781,9 @@ "tags": { "type": "array", "items": { - "$ref": "#/types/aws-native:index:CreateOnlyTag" + "$ref": "#/types/aws-native:index:Tag" }, - "description": "Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted.", - "replaceOnChanges": true + "description": "Tags are composed of a Key/Value pair. You can use tags to categorize and track each parameter group. The tag value null is permitted." }, "transitGatewayId": { "type": "string", @@ -33107,11 +33799,10 @@ "transitGatewayId" ], "createOnly": [ - "tags", "transitGatewayId" ], "tagsProperty": "tags", - "tagsStyle": "keyValueArrayCreateOnly" + "tagsStyle": "keyValueArray" }, "aws-native:ec2:TransitGatewayRouteTableAssociation": { "cf": "AWS::EC2::TransitGatewayRouteTableAssociation", @@ -33778,11 +34469,11 @@ }, "encrypted": { "type": "boolean", - "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances)." + "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances)." }, "iops": { "type": "integer", - "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes." + "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes." }, "kmsKeyId": { "type": "string", @@ -33790,7 +34481,7 @@ }, "multiAttachEnabled": { "type": "boolean", - "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume." + "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume." }, "outpostArn": { "type": "string", @@ -33817,7 +34508,7 @@ }, "volumeType": { "type": "string", - "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*.\n Default: ``gp2``" + "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html).\n Default: ``gp2``" } }, "outputs": { @@ -33831,11 +34522,11 @@ }, "encrypted": { "type": "boolean", - "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-by-default) in the *Amazon Elastic Compute Cloud User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances)." + "description": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to ``true`` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide*.\n Encrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances)." }, "iops": { "type": "integer", - "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes." + "description": "The number of I/O operations per second (IOPS). For ``gp3``, ``io1``, and ``io2`` volumes, this represents the number of IOPS that are provisioned for the volume. For ``gp2`` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n The following are the supported values for each volume type:\n + ``gp3``: 3,000 - 16,000 IOPS\n + ``io1``: 100 - 64,000 IOPS\n + ``io2``: 100 - 256,000 IOPS\n \n For ``io2`` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html). On other instances, you can achieve performance up to 32,000 IOPS.\n This parameter is required for ``io1`` and ``io2`` volumes. The default for ``gp3`` volumes is 3,000 IOPS. This parameter is not supported for ``gp2``, ``st1``, ``sc1``, or ``standard`` volumes." }, "kmsKeyId": { "type": "string", @@ -33843,7 +34534,7 @@ }, "multiAttachEnabled": { "type": "boolean", - "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume." + "description": "Indicates whether Amazon EBS Multi-Attach is enabled.\n CFNlong does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume." }, "outpostArn": { "type": "string", @@ -33874,7 +34565,7 @@ }, "volumeType": { "type": "string", - "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html) in the *Amazon Elastic Compute Cloud User Guide*.\n Default: ``gp2``" + "description": "The volume type. This parameter can be one of the following values:\n + General Purpose SSD: ``gp2`` | ``gp3`` \n + Provisioned IOPS SSD: ``io1`` | ``io2`` \n + Throughput Optimized HDD: ``st1`` \n + Cold HDD: ``sc1`` \n + Magnetic: ``standard`` \n \n For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html).\n Default: ``gp2``" } }, "required": [ @@ -34166,7 +34857,7 @@ "inputs": { "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -34231,7 +34922,7 @@ }, "policyDocument": { "$ref": "pulumi.json#/Any", - "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. CFNlong converts YAML policies to JSON format before calling the API to create or modify the VPC endpoint.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." + "description": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n For CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and CFNlong converts the policy to JSON format before calling the API actions for privatelink. Alternatively, you can include the JSON directly in the YAML, as shown in the following ``Properties`` section:\n ``Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::EC2::VPCEndpoint` for more information about the expected schema for this property." }, "privateDnsEnabled": { "type": "boolean", @@ -34627,6 +35318,26 @@ "type": "boolean", "description": "Indicate whether to enable acceleration for the VPN connection.\n Default: ``false``" }, + "localIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``0.0.0.0/0``" + }, + "localIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``::/0``" + }, + "outsideIpAddressType": { + "type": "string", + "description": "The type of IPv4 address assigned to the outside interface of the customer gateway device.\n Valid values: ``PrivateIpv4`` | ``PublicIpv4`` \n Default: ``PublicIpv4``" + }, + "remoteIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n Default: ``0.0.0.0/0``" + }, + "remoteIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the AWS side of the VPN connection.\n Default: ``::/0``" + }, "staticRoutesOnly": { "type": "boolean", "description": "Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.\n If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``." @@ -34642,6 +35353,14 @@ "type": "string", "description": "The ID of the transit gateway associated with the VPN connection.\n You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both." }, + "transportTransitGatewayAttachmentId": { + "type": "string", + "description": "The transit gateway attachment ID to use for the VPN tunnel.\n Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``." + }, + "tunnelInsideIpVersion": { + "type": "string", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.\n Default: ``ipv4``" + }, "type": { "type": "string", "description": "The type of VPN connection." @@ -34669,6 +35388,31 @@ "description": "Indicate whether to enable acceleration for the VPN connection.\n Default: ``false``", "replaceOnChanges": true }, + "localIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``0.0.0.0/0``", + "replaceOnChanges": true + }, + "localIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the customer gateway (on-premises) side of the VPN connection.\n Default: ``::/0``", + "replaceOnChanges": true + }, + "outsideIpAddressType": { + "type": "string", + "description": "The type of IPv4 address assigned to the outside interface of the customer gateway device.\n Valid values: ``PrivateIpv4`` | ``PublicIpv4`` \n Default: ``PublicIpv4``", + "replaceOnChanges": true + }, + "remoteIpv4NetworkCidr": { + "type": "string", + "description": "The IPv4 CIDR on the AWS side of the VPN connection.\n Default: ``0.0.0.0/0``", + "replaceOnChanges": true + }, + "remoteIpv6NetworkCidr": { + "type": "string", + "description": "The IPv6 CIDR on the AWS side of the VPN connection.\n Default: ``::/0``", + "replaceOnChanges": true + }, "staticRoutesOnly": { "type": "boolean", "description": "Indicates whether the VPN connection uses static routes only. Static routes must be used for devices that don't support BGP.\n If you are creating a VPN connection for a device that does not support Border Gateway Protocol (BGP), you must specify ``true``.", @@ -34686,6 +35430,16 @@ "description": "The ID of the transit gateway associated with the VPN connection.\n You must specify either ``TransitGatewayId`` or ``VpnGatewayId``, but not both.", "replaceOnChanges": true }, + "transportTransitGatewayAttachmentId": { + "type": "string", + "description": "The transit gateway attachment ID to use for the VPN tunnel.\n Required if ``OutsideIpAddressType`` is set to ``PrivateIpv4``.", + "replaceOnChanges": true + }, + "tunnelInsideIpVersion": { + "type": "string", + "description": "Indicate whether the VPN tunnels process IPv4 or IPv6 traffic.\n Default: ``ipv4``", + "replaceOnChanges": true + }, "type": { "type": "string", "description": "The type of VPN connection.", @@ -34716,8 +35470,15 @@ "createOnly": [ "customerGatewayId", "enableAcceleration", + "localIpv4NetworkCidr", + "localIpv6NetworkCidr", + "outsideIpAddressType", + "remoteIpv4NetworkCidr", + "remoteIpv6NetworkCidr", "staticRoutesOnly", "transitGatewayId", + "transportTransitGatewayAttachmentId", + "tunnelInsideIpVersion", "type", "vpnGatewayId", "vpnTunnelOptionsSpecifications" @@ -35170,9 +35931,6 @@ "autoNamingSpec": { "sdkName": "name" }, - "required": [ - "autoScalingGroupProvider" - ], "createOnly": [ "autoScalingGroupProvider/AutoScalingGroupArn", "name" @@ -35464,7 +36222,7 @@ }, "propagateTags": { "$ref": "#/types/aws-native:ecs:ServicePropagateTags", - "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n The default is ``NONE``." + "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n You must set this to a value other than ``NONE`` when you use Cost Explorer. For more information, see [Amazon ECS usage reports](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/usage-reports.html) in the *Amazon Elastic Container Service Developer Guide*.\n The default is ``NONE``." }, "role": { "type": "string", @@ -35586,7 +36344,7 @@ }, "propagateTags": { "$ref": "#/types/aws-native:ecs:ServicePropagateTags", - "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n The default is ``NONE``." + "description": "Specifies whether to propagate the tags from the task definition to the task. If no value is specified, the tags aren't propagated. Tags can only be propagated to the task during task creation. To add tags to a task after task creation, use the [TagResource](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_TagResource.html) API action.\n You must set this to a value other than ``NONE`` when you use Cost Explorer. For more information, see [Amazon ECS usage reports](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/usage-reports.html) in the *Amazon Elastic Container Service Developer Guide*.\n The default is ``NONE``." }, "role": { "type": "string", @@ -35880,6 +36638,13 @@ "aws-native:ecs:TaskSet": { "cf": "AWS::ECS::TaskSet", "inputs": { + "capacityProviderStrategy": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ecs:TaskSetCapacityProviderStrategyItem" + }, + "description": "The capacity provider strategy that are associated with the task set." + }, "cluster": { "type": "string", "description": "The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in." @@ -35939,6 +36704,14 @@ "type": "string", "description": "The ID of the task set." }, + "capacityProviderStrategy": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ecs:TaskSetCapacityProviderStrategyItem" + }, + "description": "The capacity provider strategy that are associated with the task set.", + "replaceOnChanges": true + }, "cluster": { "type": "string", "description": "The short name or full Amazon Resource Name (ARN) of the cluster that hosts the service to create the task set in.", @@ -36008,6 +36781,7 @@ "taskDefinition" ], "createOnly": [ + "capacityProviderStrategy", "cluster", "externalId", "launchType", @@ -36545,7 +37319,7 @@ }, "bootstrapSelfManagedAddons": { "type": "boolean", - "description": "Set this value to false to avoid creating the default networking addons when the cluster is created." + "description": "Set this value to false to avoid creating the default networking add-ons when the cluster is created." }, "encryptionConfig": { "type": "array", @@ -36592,6 +37366,9 @@ "version": { "type": "string", "description": "The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used." + }, + "zonalShiftConfig": { + "$ref": "#/types/aws-native:eks:ClusterZonalShiftConfig" } }, "outputs": { @@ -36609,7 +37386,7 @@ }, "bootstrapSelfManagedAddons": { "type": "boolean", - "description": "Set this value to false to avoid creating the default networking addons when the cluster is created.", + "description": "Set this value to false to avoid creating the default networking add-ons when the cluster is created.", "replaceOnChanges": true }, "certificateAuthorityData": { @@ -36682,6 +37459,9 @@ "version": { "type": "string", "description": "The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used." + }, + "zonalShiftConfig": { + "$ref": "#/types/aws-native:eks:ClusterZonalShiftConfig" } }, "autoNamingSpec": { @@ -37472,8 +38252,7 @@ }, "engine": { "type": "string", - "description": "The engine name of the Serverless Cache.", - "replaceOnChanges": true + "description": "The engine name of the Serverless Cache." }, "finalSnapshotName": { "type": "string", @@ -37490,8 +38269,7 @@ }, "majorEngineVersion": { "type": "string", - "description": "The major engine version of the Serverless Cache.", - "replaceOnChanges": true + "description": "The major engine version of the Serverless Cache." }, "readerEndpoint": { "$ref": "#/types/aws-native:elasticache:ServerlessCacheEndpoint", @@ -37552,9 +38330,7 @@ "engine" ], "createOnly": [ - "engine", "kmsKeyId", - "majorEngineVersion", "serverlessCacheName", "snapshotArnsToRestore", "subnetIds" @@ -38169,6 +38945,13 @@ }, "description": "The actions for the default rule. You cannot define a condition for a default rule.\n To create additional rules for an Application Load Balancer, use [AWS::ElasticLoadBalancingV2::ListenerRule](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-listenerrule.html)." }, + "listenerAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:elasticloadbalancingv2:ListenerAttribute" + }, + "description": "The listener attributes." + }, "loadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the load balancer." @@ -38216,6 +38999,13 @@ "type": "string", "description": "The Amazon Resource Name (ARN) of the listener." }, + "listenerAttributes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:elasticloadbalancingv2:ListenerAttribute" + }, + "description": "The listener attributes." + }, "loadBalancerArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the load balancer.", @@ -39633,6 +40423,10 @@ "type": "string", "description": "The description of the MatchingWorkflow" }, + "incrementalRunConfig": { + "$ref": "#/types/aws-native:entityresolution:MatchingWorkflowIncrementalRunConfig", + "description": "An object which defines an incremental run type and has only `incrementalRunType` as a field." + }, "inputSourceConfig": { "type": "array", "items": { @@ -39675,6 +40469,10 @@ "type": "string", "description": "The description of the MatchingWorkflow" }, + "incrementalRunConfig": { + "$ref": "#/types/aws-native:entityresolution:MatchingWorkflowIncrementalRunConfig", + "description": "An object which defines an incremental run type and has only `incrementalRunType` as a field." + }, "inputSourceConfig": { "type": "array", "items": { @@ -42643,6 +43441,17 @@ "$ref": "#/types/aws-native:gamelift:ContainerGroupDefinitionSchedulingStrategy", "description": "Specifies whether the container group includes replica or daemon containers." }, + "sourceVersionNumber": { + "type": "integer", + "description": "A specific ContainerGroupDefinition version to be updated" + }, + "supportContainerDefinitions": { + "type": "array", + "items": { + "$ref": "pulumi.json#/Any" + }, + "description": "A collection of support container definitions that define the containers in this group." + }, "tags": { "type": "array", "items": { @@ -42691,6 +43500,25 @@ "description": "Specifies whether the container group includes replica or daemon containers.", "replaceOnChanges": true }, + "sourceVersionNumber": { + "type": "integer", + "description": "A specific ContainerGroupDefinition version to be updated" + }, + "status": { + "$ref": "#/types/aws-native:gamelift:ContainerGroupDefinitionStatus", + "description": "A string indicating ContainerGroupDefinition status." + }, + "statusReason": { + "type": "string", + "description": "A string indicating the reason for ContainerGroupDefinition status." + }, + "supportContainerDefinitions": { + "type": "array", + "items": { + "$ref": "pulumi.json#/Any" + }, + "description": "A collection of support container definitions that define the containers in this group." + }, "tags": { "type": "array", "items": { @@ -42756,7 +43584,7 @@ }, "containerGroupsConfiguration": { "$ref": "#/types/aws-native:gamelift:FleetContainerGroupsConfiguration", - "description": "*This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.*\n\nConfiguration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` .\n\n*Used with:* `CreateFleet`" + "description": "*This data type is used with the Amazon GameLift containers feature, which is currently in public preview.*\n\nConfiguration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` .\n\n*Used with:* `CreateFleet`" }, "description": { "type": "string", @@ -42889,7 +43717,7 @@ }, "containerGroupsConfiguration": { "$ref": "#/types/aws-native:gamelift:FleetContainerGroupsConfiguration", - "description": "*This data type is currently not available. It is under improvement as we respond to customer feedback from the Containers public preview.*\n\nConfiguration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` .\n\n*Used with:* `CreateFleet`", + "description": "*This data type is used with the Amazon GameLift containers feature, which is currently in public preview.*\n\nConfiguration details for a set of container groups, for use when creating a fleet with compute type `CONTAINER` .\n\n*Used with:* `CreateFleet`", "replaceOnChanges": true }, "description": { @@ -43996,6 +44824,144 @@ "acceleratorArn" ] }, + "aws-native:glue:Crawler": { + "cf": "AWS::Glue::Crawler", + "inputs": { + "classifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of UTF-8 strings that specify the names of custom classifiers that are associated with the crawler." + }, + "configuration": { + "type": "string", + "description": "Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior." + }, + "crawlerSecurityConfiguration": { + "type": "string", + "description": "The name of the SecurityConfiguration structure to be used by this crawler." + }, + "databaseName": { + "type": "string", + "description": "The name of the database in which the crawler's output is stored." + }, + "description": { + "type": "string", + "description": "A description of the crawler." + }, + "lakeFormationConfiguration": { + "$ref": "#/types/aws-native:glue:CrawlerLakeFormationConfiguration", + "description": "Specifies whether the crawler should use AWS Lake Formation credentials for the crawler instead of the IAM role credentials." + }, + "name": { + "type": "string", + "description": "The name of the crawler." + }, + "recrawlPolicy": { + "$ref": "#/types/aws-native:glue:CrawlerRecrawlPolicy", + "description": "A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run." + }, + "role": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data." + }, + "schedule": { + "$ref": "#/types/aws-native:glue:CrawlerSchedule", + "description": "For scheduled crawlers, the schedule when the crawler runs." + }, + "schemaChangePolicy": { + "$ref": "#/types/aws-native:glue:CrawlerSchemaChangePolicy", + "description": "The policy that specifies update and delete behaviors for the crawler. The policy tells the crawler what to do in the event that it detects a change in a table that already exists in the customer's database at the time of the crawl. The `SchemaChangePolicy` does not affect whether or how new tables and partitions are added. New tables and partitions are always created regardless of the `SchemaChangePolicy` on a crawler.\n\nThe SchemaChangePolicy consists of two components, `UpdateBehavior` and `DeleteBehavior` ." + }, + "tablePrefix": { + "type": "string", + "description": "The prefix added to the names of tables that are created." + }, + "tags": { + "$ref": "pulumi.json#/Any", + "description": "The tags to use with this crawler.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Crawler` for more information about the expected schema for this property." + }, + "targets": { + "$ref": "#/types/aws-native:glue:CrawlerTargets", + "description": "A collection of targets to crawl." + } + }, + "outputs": { + "classifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of UTF-8 strings that specify the names of custom classifiers that are associated with the crawler." + }, + "configuration": { + "type": "string", + "description": "Crawler configuration information. This versioned JSON string allows users to specify aspects of a crawler's behavior." + }, + "crawlerSecurityConfiguration": { + "type": "string", + "description": "The name of the SecurityConfiguration structure to be used by this crawler." + }, + "databaseName": { + "type": "string", + "description": "The name of the database in which the crawler's output is stored." + }, + "description": { + "type": "string", + "description": "A description of the crawler." + }, + "lakeFormationConfiguration": { + "$ref": "#/types/aws-native:glue:CrawlerLakeFormationConfiguration", + "description": "Specifies whether the crawler should use AWS Lake Formation credentials for the crawler instead of the IAM role credentials." + }, + "name": { + "type": "string", + "description": "The name of the crawler.", + "replaceOnChanges": true + }, + "recrawlPolicy": { + "$ref": "#/types/aws-native:glue:CrawlerRecrawlPolicy", + "description": "A policy that specifies whether to crawl the entire dataset again, or to crawl only folders that were added since the last crawler run." + }, + "role": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of an IAM role that's used to access customer resources, such as Amazon Simple Storage Service (Amazon S3) data." + }, + "schedule": { + "$ref": "#/types/aws-native:glue:CrawlerSchedule", + "description": "For scheduled crawlers, the schedule when the crawler runs." + }, + "schemaChangePolicy": { + "$ref": "#/types/aws-native:glue:CrawlerSchemaChangePolicy", + "description": "The policy that specifies update and delete behaviors for the crawler. The policy tells the crawler what to do in the event that it detects a change in a table that already exists in the customer's database at the time of the crawl. The `SchemaChangePolicy` does not affect whether or how new tables and partitions are added. New tables and partitions are always created regardless of the `SchemaChangePolicy` on a crawler.\n\nThe SchemaChangePolicy consists of two components, `UpdateBehavior` and `DeleteBehavior` ." + }, + "tablePrefix": { + "type": "string", + "description": "The prefix added to the names of tables that are created." + }, + "tags": { + "$ref": "pulumi.json#/Any", + "description": "The tags to use with this crawler.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Crawler` for more information about the expected schema for this property." + }, + "targets": { + "$ref": "#/types/aws-native:glue:CrawlerTargets", + "description": "A collection of targets to crawl." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "role", + "targets" + ], + "createOnly": [ + "name" + ], + "tagsProperty": "tags", + "tagsStyle": "untyped" + }, "aws-native:glue:Database": { "cf": "AWS::Glue::Database", "inputs": { @@ -44038,6 +45004,210 @@ "databaseName" ] }, + "aws-native:glue:Job": { + "cf": "AWS::Glue::Job", + "inputs": { + "allocatedCapacity": { + "type": "number", + "description": "The number of capacity units that are allocated to this job." + }, + "command": { + "$ref": "#/types/aws-native:glue:JobCommand", + "description": "The code that executes a job." + }, + "connections": { + "$ref": "#/types/aws-native:glue:JobConnectionsList", + "description": "Specifies the connections used by a job" + }, + "defaultArguments": { + "$ref": "pulumi.json#/Any", + "description": "The default arguments for this job, specified as name-value pairs.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "description": { + "type": "string", + "description": "A description of the job." + }, + "executionClass": { + "type": "string", + "description": "Indicates whether the job is run with a standard or flexible execution class." + }, + "executionProperty": { + "$ref": "#/types/aws-native:glue:JobExecutionProperty", + "description": "The maximum number of concurrent runs that are allowed for this job." + }, + "glueVersion": { + "type": "string", + "description": "Glue version determines the versions of Apache Spark and Python that AWS Glue supports." + }, + "jobMode": { + "type": "string", + "description": "Property description not available." + }, + "jobRunQueuingEnabled": { + "type": "boolean", + "description": "Property description not available." + }, + "logUri": { + "type": "string", + "description": "This field is reserved for future use." + }, + "maintenanceWindow": { + "type": "string", + "description": "Property description not available." + }, + "maxCapacity": { + "type": "number", + "description": "The number of AWS Glue data processing units (DPUs) that can be allocated when this job runs." + }, + "maxRetries": { + "type": "number", + "description": "The maximum number of times to retry this job after a JobRun fails" + }, + "name": { + "type": "string", + "description": "The name you assign to the job definition" + }, + "nonOverridableArguments": { + "$ref": "pulumi.json#/Any", + "description": "Non-overridable arguments for this job, specified as name-value pairs.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "notificationProperty": { + "$ref": "#/types/aws-native:glue:JobNotificationProperty", + "description": "Specifies configuration properties of a notification." + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined workerType that are allocated when a job runs." + }, + "role": { + "type": "string", + "description": "The name or Amazon Resource Name (ARN) of the IAM role associated with this job." + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the SecurityConfiguration structure to be used with this job." + }, + "tags": { + "$ref": "pulumi.json#/Any", + "description": "The tags to use with this job.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "timeout": { + "type": "integer", + "description": "The maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status." + }, + "workerType": { + "$ref": "#/types/aws-native:glue:JobWorkerType", + "description": "TThe type of predefined worker that is allocated when a job runs." + } + }, + "outputs": { + "allocatedCapacity": { + "type": "number", + "description": "The number of capacity units that are allocated to this job." + }, + "command": { + "$ref": "#/types/aws-native:glue:JobCommand", + "description": "The code that executes a job." + }, + "connections": { + "$ref": "#/types/aws-native:glue:JobConnectionsList", + "description": "Specifies the connections used by a job" + }, + "defaultArguments": { + "$ref": "pulumi.json#/Any", + "description": "The default arguments for this job, specified as name-value pairs.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "description": { + "type": "string", + "description": "A description of the job." + }, + "executionClass": { + "type": "string", + "description": "Indicates whether the job is run with a standard or flexible execution class." + }, + "executionProperty": { + "$ref": "#/types/aws-native:glue:JobExecutionProperty", + "description": "The maximum number of concurrent runs that are allowed for this job." + }, + "glueVersion": { + "type": "string", + "description": "Glue version determines the versions of Apache Spark and Python that AWS Glue supports." + }, + "jobMode": { + "type": "string", + "description": "Property description not available." + }, + "jobRunQueuingEnabled": { + "type": "boolean", + "description": "Property description not available." + }, + "logUri": { + "type": "string", + "description": "This field is reserved for future use." + }, + "maintenanceWindow": { + "type": "string", + "description": "Property description not available." + }, + "maxCapacity": { + "type": "number", + "description": "The number of AWS Glue data processing units (DPUs) that can be allocated when this job runs." + }, + "maxRetries": { + "type": "number", + "description": "The maximum number of times to retry this job after a JobRun fails" + }, + "name": { + "type": "string", + "description": "The name you assign to the job definition", + "replaceOnChanges": true + }, + "nonOverridableArguments": { + "$ref": "pulumi.json#/Any", + "description": "Non-overridable arguments for this job, specified as name-value pairs.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "notificationProperty": { + "$ref": "#/types/aws-native:glue:JobNotificationProperty", + "description": "Specifies configuration properties of a notification." + }, + "numberOfWorkers": { + "type": "integer", + "description": "The number of workers of a defined workerType that are allocated when a job runs." + }, + "role": { + "type": "string", + "description": "The name or Amazon Resource Name (ARN) of the IAM role associated with this job." + }, + "securityConfiguration": { + "type": "string", + "description": "The name of the SecurityConfiguration structure to be used with this job." + }, + "tags": { + "$ref": "pulumi.json#/Any", + "description": "The tags to use with this job.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Glue::Job` for more information about the expected schema for this property." + }, + "timeout": { + "type": "integer", + "description": "The maximum time that a job run can consume resources before it is terminated and enters TIMEOUT status." + }, + "workerType": { + "$ref": "#/types/aws-native:glue:JobWorkerType", + "description": "TThe type of predefined worker that is allocated when a job runs." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "command", + "role" + ], + "createOnly": [ + "name" + ], + "tagsProperty": "tags", + "tagsStyle": "untyped" + }, "aws-native:glue:Registry": { "cf": "AWS::Glue::Registry", "inputs": { @@ -44185,8 +45355,7 @@ }, "required": [ "compatibility", - "dataFormat", - "schemaDefinition" + "dataFormat" ], "createOnly": [ "dataFormat", @@ -44394,6 +45563,66 @@ "tagsProperty": "tags", "tagsStyle": "untyped" }, + "aws-native:glue:UsageProfile": { + "cf": "AWS::Glue::UsageProfile", + "inputs": { + "configuration": { + "$ref": "#/types/aws-native:glue:UsageProfileProfileConfiguration", + "description": "UsageProfile configuration for supported service ex: (Jobs, Sessions)." + }, + "description": { + "type": "string", + "description": "The description of the UsageProfile." + }, + "name": { + "type": "string", + "description": "The name of the UsageProfile." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "The tags to be applied to this UsageProfiles." + } + }, + "outputs": { + "configuration": { + "$ref": "#/types/aws-native:glue:UsageProfileProfileConfiguration", + "description": "UsageProfile configuration for supported service ex: (Jobs, Sessions)." + }, + "createdOn": { + "type": "string", + "description": "Creation time." + }, + "description": { + "type": "string", + "description": "The description of the UsageProfile." + }, + "name": { + "type": "string", + "description": "The name of the UsageProfile.", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "The tags to be applied to this UsageProfiles." + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 5, + "maxLength": 128 + }, + "createOnly": [ + "name" + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:grafana:Workspace": { "cf": "AWS::Grafana::Workspace", "inputs": { @@ -45103,7 +46332,7 @@ }, "detectorId": { "type": "string", - "description": "The ID of the detector belonging to the GuardDuty account that you want to create a filter for." + "description": "The detector ID associated with the GuardDuty account for which you want to create a filter.\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API." }, "findingCriteria": { "$ref": "#/types/aws-native:guardduty:FilterFindingCriteria", @@ -45136,7 +46365,7 @@ }, "detectorId": { "type": "string", - "description": "The ID of the detector belonging to the GuardDuty account that you want to create a filter for.", + "description": "The detector ID associated with the GuardDuty account for which you want to create a filter.\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.", "replaceOnChanges": true }, "findingCriteria": { @@ -45185,7 +46414,7 @@ }, "detectorId": { "type": "string", - "description": "The unique ID of the detector of the GuardDuty account that you want to create an IPSet for." + "description": "The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API." }, "format": { "type": "string", @@ -45217,7 +46446,7 @@ }, "detectorId": { "type": "string", - "description": "The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.", + "description": "The unique ID of the detector of the GuardDuty account for which you want to create an IPSet.\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.", "replaceOnChanges": true }, "format": { @@ -45457,7 +46686,7 @@ }, "detectorId": { "type": "string", - "description": "The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for." + "description": "The unique ID of the detector of the GuardDuty account for which you want to create a `ThreatIntelSet` .\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API." }, "format": { "type": "string", @@ -45490,7 +46719,7 @@ }, "detectorId": { "type": "string", - "description": "The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.", + "description": "The unique ID of the detector of the GuardDuty account for which you want to create a `ThreatIntelSet` .\n\nTo find the `detectorId` in the current Region, see the\nSettings page in the GuardDuty console, or run the [ListDetectors](https://docs.aws.amazon.com/guardduty/latest/APIReference/API_ListDetectors.html) API.", "replaceOnChanges": true }, "format": { @@ -45860,7 +47089,8 @@ "createOnly": [ "instanceProfileName", "path" - ] + ], + "tagsProperty": "tags" }, "aws-native:iam:ManagedPolicy": { "cf": "AWS::IAM::ManagedPolicy", @@ -47561,6 +48791,10 @@ "type": "string", "description": "The name of the infrastructure configuration." }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -47632,6 +48866,10 @@ "description": "The name of the infrastructure configuration.", "replaceOnChanges": true }, + "placement": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacement", + "description": "The placement option settings for the infrastructure configuration." + }, "resourceTags": { "type": "object", "additionalProperties": { @@ -48935,10 +50173,22 @@ "aws-native:iot:DomainConfiguration": { "cf": "AWS::IoT::DomainConfiguration", "inputs": { + "applicationProtocol": { + "$ref": "#/types/aws-native:iot:DomainConfigurationApplicationProtocol", + "description": "An enumerated string that specifies the application-layer protocol.\n\n\u003e This property isn't available in China." + }, + "authenticationType": { + "$ref": "#/types/aws-native:iot:DomainConfigurationAuthenticationType", + "description": "An enumerated string that specifies the authentication type.\n\n\u003e This property isn't available in China." + }, "authorizerConfig": { "$ref": "#/types/aws-native:iot:DomainConfigurationAuthorizerConfig", "description": "An object that specifies the authorization service for a domain." }, + "clientCertificateConfig": { + "$ref": "#/types/aws-native:iot:DomainConfigurationClientCertificateConfig", + "description": "An object that specifies the client certificate configuration for a domain.\n\n\u003e This property isn't available in China." + }, "domainConfigurationName": { "type": "string", "description": "The name of the domain configuration. This value must be unique to a region." @@ -48983,14 +50233,26 @@ } }, "outputs": { + "applicationProtocol": { + "$ref": "#/types/aws-native:iot:DomainConfigurationApplicationProtocol", + "description": "An enumerated string that specifies the application-layer protocol.\n\n\u003e This property isn't available in China." + }, "arn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the domain configuration." }, + "authenticationType": { + "$ref": "#/types/aws-native:iot:DomainConfigurationAuthenticationType", + "description": "An enumerated string that specifies the authentication type.\n\n\u003e This property isn't available in China." + }, "authorizerConfig": { "$ref": "#/types/aws-native:iot:DomainConfigurationAuthorizerConfig", "description": "An object that specifies the authorization service for a domain." }, + "clientCertificateConfig": { + "$ref": "#/types/aws-native:iot:DomainConfigurationClientCertificateConfig", + "description": "An object that specifies the client certificate configuration for a domain.\n\n\u003e This property isn't available in China." + }, "domainConfigurationName": { "type": "string", "description": "The name of the domain configuration. This value must be unique to a region.", @@ -50747,7 +52009,7 @@ }, "alarmModelDescription": { "type": "string", - "description": "A brief description of the alarm model." + "description": "The description of the alarm model." }, "alarmModelName": { "type": "string", @@ -50759,22 +52021,22 @@ }, "key": { "type": "string", - "description": "The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value." + "description": "An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm." }, "roleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations." + "description": "The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*." }, "severity": { "type": "integer", - "description": "A non-negative integer that reflects the severity level of the alarm.\n\n" + "description": "A non-negative integer that reflects the severity level of the alarm." }, "tags": { "type": "array", "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*.\n You can create up to 50 tags for one alarm model." } }, "outputs": { @@ -50788,7 +52050,7 @@ }, "alarmModelDescription": { "type": "string", - "description": "A brief description of the alarm model." + "description": "The description of the alarm model." }, "alarmModelName": { "type": "string", @@ -50801,23 +52063,23 @@ }, "key": { "type": "string", - "description": "The value used to identify a alarm instance. When a device or system sends input, a new alarm instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding alarm instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct alarm instance, the device must send a message payload that contains the same attribute-value.", + "description": "An input attribute used as a key to create an alarm. ITE routes [inputs](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Input.html) associated with this key to the alarm.", "replaceOnChanges": true }, "roleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations." + "description": "The ARN of the IAM role that allows the alarm to perform actions and access AWS resources. For more information, see [Amazon Resource Names (ARNs)](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) in the *General Reference*." }, "severity": { "type": "integer", - "description": "A non-negative integer that reflects the severity level of the alarm.\n\n" + "description": "A non-negative integer that reflects the severity level of the alarm." }, "tags": { "type": "array", "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "A list of key-value pairs that contain metadata for the alarm model. The tags help you manage the alarm model. For more information, see [Tagging your resources](https://docs.aws.amazon.com/iotevents/latest/developerguide/tagging-iotevents.html) in the *Developer Guide*.\n You can create up to 50 tags for one alarm model." } }, "autoNamingSpec": { @@ -50857,18 +52119,18 @@ }, "key": { "type": "string", - "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value." + "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. \n This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value." }, "roleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations." + "description": "The ARN of the role that grants permission to ITE to perform its operations." }, "tags": { "type": "array", "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." } }, "outputs": { @@ -50891,19 +52153,19 @@ }, "key": { "type": "string", - "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. AWS IoT Events can continue to route input to its corresponding detector instance based on this identifying information.\n\nThis parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", + "description": "The value used to identify a detector instance. When a device or system sends input, a new detector instance with a unique key value is created. ITE can continue to route input to its corresponding detector instance based on this identifying information. \n This parameter uses a JSON-path expression to select the attribute-value pair in the message payload that is used for identification. To route the message to the correct detector instance, the device must send a message payload that contains the same attribute-value.", "replaceOnChanges": true }, "roleArn": { "type": "string", - "description": "The ARN of the role that grants permission to AWS IoT Events to perform its operations." + "description": "The ARN of the role that grants permission to ITE to perform its operations." }, "tags": { "type": "array", "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." } }, "autoNamingSpec": { @@ -50942,7 +52204,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." } }, "outputs": { @@ -50964,7 +52226,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." + "description": "An array of key-value pairs to apply to this resource.\n For more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html)." } }, "autoNamingSpec": { @@ -54475,6 +55737,47 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:kinesis:ResourcePolicy": { + "cf": "AWS::Kinesis::ResourcePolicy", + "inputs": { + "resourceArn": { + "type": "string", + "description": "The ARN of the AWS Kinesis resource to which the policy applies." + }, + "resourcePolicy": { + "$ref": "pulumi.json#/Any", + "description": "A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Kinesis::ResourcePolicy` for more information about the expected schema for this property.", + "language": { + "csharp": { + "name": "ResourcePolicyValue" + } + } + } + }, + "outputs": { + "resourceArn": { + "type": "string", + "description": "The ARN of the AWS Kinesis resource to which the policy applies.", + "replaceOnChanges": true + }, + "resourcePolicy": { + "$ref": "pulumi.json#/Any", + "description": "A policy document containing permissions to add to the specified resource. In IAM, you must provide policy documents in JSON format. However, in CloudFormation you can provide the policy in JSON or YAML format because CloudFormation converts YAML to JSON before submitting it to IAM.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Kinesis::ResourcePolicy` for more information about the expected schema for this property.", + "language": { + "csharp": { + "name": "ResourcePolicyValue" + } + } + } + }, + "required": [ + "resourceArn", + "resourcePolicy" + ], + "createOnly": [ + "resourceArn" + ] + }, "aws-native:kinesis:Stream": { "cf": "AWS::Kinesis::Stream", "inputs": { @@ -54675,11 +55978,11 @@ }, "deliveryStreamName": { "type": "string", - "description": "The name of the delivery stream." + "description": "The name of the Firehose stream." }, "deliveryStreamType": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamType", - "description": "The delivery stream type. This can be one of the following values:\n\n- `DirectPut` : Provider applications access the delivery stream directly.\n- `KinesisStreamAsSource` : The delivery stream uses a Kinesis data stream as a source." + "description": "The Firehose stream type. This can be one of the following values:\n\n- `DirectPut` : Provider applications access the Firehose stream directly.\n- `KinesisStreamAsSource` : The Firehose stream uses a Kinesis data stream as a source." }, "elasticsearchDestinationConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamElasticsearchDestinationConfiguration", @@ -54695,7 +55998,7 @@ }, "icebergDestinationConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamIcebergDestinationConfiguration", - "description": "Specifies the destination configure settings for Apache Iceberg Table.\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "Specifies the destination configure settings for Apache Iceberg Table." }, "kinesisStreamSourceConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamKinesisStreamSourceConfiguration", @@ -54726,7 +56029,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the AWS Billing and Cost Management User Guide.\n\nYou can specify up to 50 tags when creating a delivery stream.\n\nIf you specify tags in the `CreateDeliveryStream` action, Amazon Data Firehose performs an additional authorization on the `firehose:TagDeliveryStream` action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose delivery streams with IAM resource tags will fail with an `AccessDeniedException` such as following.\n\n*AccessDeniedException*\n\nUser: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.\n\nFor an example IAM policy, see [Tag example.](https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html#API_CreateDeliveryStream_Examples)" + "description": "A set of tags to assign to the Firehose stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the Firehose stream. For more information about tags, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the AWS Billing and Cost Management User Guide.\n\nYou can specify up to 50 tags when creating a Firehose stream.\n\nIf you specify tags in the `CreateDeliveryStream` action, Amazon Data Firehose performs an additional authorization on the `firehose:TagDeliveryStream` action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose Firehose streams with IAM resource tags will fail with an `AccessDeniedException` such as following.\n\n*AccessDeniedException*\n\nUser: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.\n\nFor an example IAM policy, see [Tag example.](https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html#API_CreateDeliveryStream_Examples)" } }, "outputs": { @@ -54748,12 +56051,12 @@ }, "deliveryStreamName": { "type": "string", - "description": "The name of the delivery stream.", + "description": "The name of the Firehose stream.", "replaceOnChanges": true }, "deliveryStreamType": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamType", - "description": "The delivery stream type. This can be one of the following values:\n\n- `DirectPut` : Provider applications access the delivery stream directly.\n- `KinesisStreamAsSource` : The delivery stream uses a Kinesis data stream as a source.", + "description": "The Firehose stream type. This can be one of the following values:\n\n- `DirectPut` : Provider applications access the Firehose stream directly.\n- `KinesisStreamAsSource` : The Firehose stream uses a Kinesis data stream as a source.", "replaceOnChanges": true }, "elasticsearchDestinationConfiguration": { @@ -54770,7 +56073,7 @@ }, "icebergDestinationConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamIcebergDestinationConfiguration", - "description": "Specifies the destination configure settings for Apache Iceberg Table.\n\nAmazon Data Firehose is in preview release and is subject to change.", + "description": "Specifies the destination configure settings for Apache Iceberg Table.", "replaceOnChanges": true }, "kinesisStreamSourceConfiguration": { @@ -54804,7 +56107,7 @@ "items": { "$ref": "#/types/aws-native:index:Tag" }, - "description": "A set of tags to assign to the delivery stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the delivery stream. For more information about tags, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the AWS Billing and Cost Management User Guide.\n\nYou can specify up to 50 tags when creating a delivery stream.\n\nIf you specify tags in the `CreateDeliveryStream` action, Amazon Data Firehose performs an additional authorization on the `firehose:TagDeliveryStream` action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose delivery streams with IAM resource tags will fail with an `AccessDeniedException` such as following.\n\n*AccessDeniedException*\n\nUser: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.\n\nFor an example IAM policy, see [Tag example.](https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html#API_CreateDeliveryStream_Examples)" + "description": "A set of tags to assign to the Firehose stream. A tag is a key-value pair that you can define and assign to AWS resources. Tags are metadata. For example, you can add friendly names and descriptions or other types of information that can help you distinguish the Firehose stream. For more information about tags, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the AWS Billing and Cost Management User Guide.\n\nYou can specify up to 50 tags when creating a Firehose stream.\n\nIf you specify tags in the `CreateDeliveryStream` action, Amazon Data Firehose performs an additional authorization on the `firehose:TagDeliveryStream` action to verify if users have permissions to create tags. If you do not provide this permission, requests to create new Firehose Firehose streams with IAM resource tags will fail with an `AccessDeniedException` such as following.\n\n*AccessDeniedException*\n\nUser: arn:aws:sts::x:assumed-role/x/x is not authorized to perform: firehose:TagDeliveryStream on resource: arn:aws:firehose:us-east-1:x:deliverystream/x with an explicit deny in an identity-based policy.\n\nFor an example IAM policy, see [Tag example.](https://docs.aws.amazon.com/firehose/latest/APIReference/API_CreateDeliveryStream.html#API_CreateDeliveryStream_Examples)" } }, "autoNamingSpec": { @@ -55569,6 +56872,13 @@ "description": { "type": "string", "description": "A description of the CodeSigningConfig" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags to apply to CodeSigningConfig resource" } }, "outputs": { @@ -55591,11 +56901,20 @@ "description": { "type": "string", "description": "A description of the CodeSigningConfig" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags to apply to CodeSigningConfig resource" } }, "required": [ "allowedPublishers" - ] + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" }, "aws-native:lambda:EventInvokeConfig": { "cf": "AWS::Lambda::EventInvokeConfig", @@ -55698,11 +57017,11 @@ "items": { "$ref": "#/types/aws-native:lambda:EventSourceMappingFunctionResponseTypesItem" }, - "description": "(Streams and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``" + "description": "(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``" }, "kmsKeyArn": { "type": "string", - "description": "The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics) ." + "description": "The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics)." }, "maximumBatchingWindowInSeconds": { "type": "integer", @@ -55754,6 +57073,13 @@ "type": "number", "description": "With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future." }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags to add to the event source mapping.\n You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update." + }, "topics": { "type": "array", "items": { @@ -55801,6 +57127,10 @@ "description": "The Amazon Resource Name (ARN) of the event source.\n + *Amazon Kinesis* – The ARN of the data stream or a stream consumer.\n + *Amazon DynamoDB Streams* – The ARN of the stream.\n + *Amazon Simple Queue Service* – The ARN of the queue.\n + *Amazon Managed Streaming for Apache Kafka* – The ARN of the cluster or the ARN of the VPC connection (for [cross-account event source mappings](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#msk-multi-vpc)).\n + *Amazon MQ* – The ARN of the broker.\n + *Amazon DocumentDB* – The ARN of the DocumentDB change stream.", "replaceOnChanges": true }, + "eventSourceMappingArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the event source mapping." + }, "filterCriteria": { "$ref": "#/types/aws-native:lambda:EventSourceMappingFilterCriteria", "description": "An object that defines the filter criteria that determine whether Lambda should process an event. For more information, see [Lambda event filtering](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html)." @@ -55814,11 +57144,11 @@ "items": { "$ref": "#/types/aws-native:lambda:EventSourceMappingFunctionResponseTypesItem" }, - "description": "(Streams and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``" + "description": "(Kinesis, DynamoDB Streams, and SQS) A list of current response type enums applied to the event source mapping.\n Valid Values: ``ReportBatchItemFailures``" }, "kmsKeyArn": { "type": "string", - "description": "The ARN of the AWS Key Management Service ( AWS KMS ) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics) ." + "description": "The ARN of the KMSlong (KMS) customer managed key that Lambda uses to encrypt your function's [filter criteria](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventfiltering.html#filtering-basics)." }, "maximumBatchingWindowInSeconds": { "type": "integer", @@ -55874,6 +57204,13 @@ "description": "With ``StartingPosition`` set to ``AT_TIMESTAMP``, the time from which to start reading, in Unix time seconds. ``StartingPositionTimestamp`` cannot be in the future.", "replaceOnChanges": true }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags to add to the event source mapping.\n You must have the ``lambda:TagResource``, ``lambda:UntagResource``, and ``lambda:ListTags`` permissions for your [principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) to manage the CFN stack. If you don't have these permissions, there might be unexpected behavior with stack-level tags propagating to the resource during resource creation and update." + }, "topics": { "type": "array", "items": { @@ -55900,7 +57237,9 @@ "irreversibleNames": { "awsId": "Id", "documentDbEventSourceConfig": "DocumentDBEventSourceConfig" - } + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" }, "aws-native:lambda:Function": { "cf": "AWS::Lambda::Function", @@ -56505,10 +57844,6 @@ "type": "string", "description": "The name of the Lambda function." }, - "policy": { - "$ref": "pulumi.json#/Any", - "description": "The resource policy of your function\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Lambda::Version` for more information about the expected schema for this property." - }, "provisionedConcurrencyConfig": { "$ref": "#/types/aws-native:lambda:VersionProvisionedConcurrencyConfiguration", "description": "Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property." @@ -56538,10 +57873,6 @@ "description": "The name of the Lambda function.", "replaceOnChanges": true }, - "policy": { - "$ref": "pulumi.json#/Any", - "description": "The resource policy of your function\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::Lambda::Version` for more information about the expected schema for this property." - }, "provisionedConcurrencyConfig": { "$ref": "#/types/aws-native:lambda:VersionProvisionedConcurrencyConfiguration", "description": "Specifies a provisioned concurrency configuration for a function's version. Updates are not supported for this property.", @@ -60663,7 +61994,7 @@ }, "maintenance": { "$ref": "#/types/aws-native:mediaconnect:FlowMaintenance", - "description": "The maintenance settings you want to use for the flow. " + "description": "The maintenance settings you want to use for the flow." }, "mediaStreams": { "type": "array", @@ -60684,6 +62015,10 @@ "$ref": "#/types/aws-native:mediaconnect:FlowFailoverConfig", "description": "The source failover config of the flow." }, + "sourceMonitoringConfig": { + "$ref": "#/types/aws-native:mediaconnect:FlowSourceMonitoringConfig", + "description": "The source monitoring config of the flow." + }, "vpcInterfaces": { "type": "array", "items": { @@ -60712,7 +62047,7 @@ }, "maintenance": { "$ref": "#/types/aws-native:mediaconnect:FlowMaintenance", - "description": "The maintenance settings you want to use for the flow. " + "description": "The maintenance settings you want to use for the flow." }, "mediaStreams": { "type": "array", @@ -60734,6 +62069,10 @@ "$ref": "#/types/aws-native:mediaconnect:FlowFailoverConfig", "description": "The source failover config of the flow." }, + "sourceMonitoringConfig": { + "$ref": "#/types/aws-native:mediaconnect:FlowSourceMonitoringConfig", + "description": "The source monitoring config of the flow." + }, "vpcInterfaces": { "type": "array", "items": { @@ -61317,6 +62656,584 @@ "networks" ] }, + "aws-native:medialive:ChannelPlacementGroup": { + "cf": "AWS::MediaLive::ChannelPlacementGroup", + "inputs": { + "clusterId": { + "type": "string", + "description": "The ID of the cluster the node is on." + }, + "name": { + "type": "string", + "description": "The name of the channel placement group." + }, + "nodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of nodes added to the channel placement group" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The ARN of the channel placement group." + }, + "awsId": { + "type": "string", + "description": "Unique internal identifier." + }, + "channels": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of channel IDs added to the channel placement group." + }, + "clusterId": { + "type": "string", + "description": "The ID of the cluster the node is on.", + "replaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The name of the channel placement group." + }, + "nodes": { + "type": "array", + "items": { + "type": "string" + }, + "description": "List of nodes added to the channel placement group" + }, + "state": { + "$ref": "#/types/aws-native:medialive:ChannelPlacementGroupState" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "createOnly": [ + "clusterId" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, + "aws-native:medialive:CloudWatchAlarmTemplate": { + "cf": "AWS::MediaLive::CloudWatchAlarmTemplate", + "inputs": { + "comparisonOperator": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateComparisonOperator", + "description": "The comparison operator used to compare the specified statistic and the threshold." + }, + "datapointsToAlarm": { + "type": "number", + "description": "The number of datapoints within the evaluation period that must be breaching to trigger the alarm." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "evaluationPeriods": { + "type": "number", + "description": "The number of periods over which data is compared to the specified threshold." + }, + "groupIdentifier": { + "type": "string", + "description": "A cloudwatch alarm template group's identifier. Can be either be its id or current name." + }, + "metricName": { + "type": "string", + "description": "The name of the metric associated with the alarm. Must be compatible with targetResourceType." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "period": { + "type": "number", + "description": "The period, in seconds, over which the specified statistic is applied." + }, + "statistic": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateStatistic", + "description": "The statistic to apply to the alarm's metric data." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "targetResourceType": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateTargetResourceType", + "description": "The resource type this template should dynamically generate CloudWatch metric alarms for." + }, + "threshold": { + "type": "number", + "description": "The threshold value to compare with the specified statistic." + }, + "treatMissingData": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateTreatMissingData", + "description": "Specifies how missing data points are treated when evaluating the alarm's condition." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "A cloudwatch alarm template's ARN (Amazon Resource Name)" + }, + "awsId": { + "type": "string", + "description": "A cloudwatch alarm template's id. AWS provided templates have ids that start with `aws-`" + }, + "comparisonOperator": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateComparisonOperator", + "description": "The comparison operator used to compare the specified statistic and the threshold." + }, + "createdAt": { + "type": "string", + "description": "The date and time of resource creation." + }, + "datapointsToAlarm": { + "type": "number", + "description": "The number of datapoints within the evaluation period that must be breaching to trigger the alarm." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "evaluationPeriods": { + "type": "number", + "description": "The number of periods over which data is compared to the specified threshold." + }, + "groupId": { + "type": "string", + "description": "A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-`" + }, + "groupIdentifier": { + "type": "string", + "description": "A cloudwatch alarm template group's identifier. Can be either be its id or current name." + }, + "identifier": { + "type": "string" + }, + "metricName": { + "type": "string", + "description": "The name of the metric associated with the alarm. Must be compatible with targetResourceType." + }, + "modifiedAt": { + "type": "string", + "description": "The date and time of latest resource modification." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "period": { + "type": "number", + "description": "The period, in seconds, over which the specified statistic is applied." + }, + "statistic": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateStatistic", + "description": "The statistic to apply to the alarm's metric data." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + }, + "targetResourceType": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateTargetResourceType", + "description": "The resource type this template should dynamically generate CloudWatch metric alarms for." + }, + "threshold": { + "type": "number", + "description": "The threshold value to compare with the specified statistic." + }, + "treatMissingData": { + "$ref": "#/types/aws-native:medialive:CloudWatchAlarmTemplateTreatMissingData", + "description": "Specifies how missing data points are treated when evaluating the alarm's condition." + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "required": [ + "comparisonOperator", + "evaluationPeriods", + "groupIdentifier", + "metricName", + "period", + "statistic", + "targetResourceType", + "threshold", + "treatMissingData" + ], + "createOnly": [ + "tags" + ], + "writeOnly": [ + "groupIdentifier" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, + "aws-native:medialive:CloudWatchAlarmTemplateGroup": { + "cf": "AWS::MediaLive::CloudWatchAlarmTemplateGroup", + "inputs": { + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "A cloudwatch alarm template group's ARN (Amazon Resource Name)" + }, + "awsId": { + "type": "string", + "description": "A cloudwatch alarm template group's id. AWS provided template groups have ids that start with `aws-`" + }, + "createdAt": { + "type": "string", + "description": "The date and time of resource creation." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "identifier": { + "type": "string" + }, + "modifiedAt": { + "type": "string", + "description": "The date and time of latest resource modification." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "replaceOnChanges": true + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "createOnly": [ + "name", + "tags" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, + "aws-native:medialive:Cluster": { + "cf": "AWS::MediaLive::Cluster", + "inputs": { + "clusterType": { + "$ref": "#/types/aws-native:medialive:ClusterType" + }, + "instanceRoleArn": { + "type": "string", + "description": "The IAM role your nodes will use." + }, + "name": { + "type": "string", + "description": "The user-specified name of the Cluster to be created." + }, + "networkSettings": { + "$ref": "#/types/aws-native:medialive:ClusterNetworkSettings" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The ARN of the Cluster." + }, + "awsId": { + "type": "string", + "description": "The unique ID of the Cluster." + }, + "channelIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The MediaLive Channels that are currently running on Nodes in this Cluster." + }, + "clusterType": { + "$ref": "#/types/aws-native:medialive:ClusterType", + "replaceOnChanges": true + }, + "instanceRoleArn": { + "type": "string", + "description": "The IAM role your nodes will use.", + "replaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The user-specified name of the Cluster to be created." + }, + "networkSettings": { + "$ref": "#/types/aws-native:medialive:ClusterNetworkSettings" + }, + "state": { + "$ref": "#/types/aws-native:medialive:ClusterState" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "createOnly": [ + "clusterType", + "instanceRoleArn" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, + "aws-native:medialive:EventBridgeRuleTemplate": { + "cf": "AWS::MediaLive::EventBridgeRuleTemplate", + "inputs": { + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "eventTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:EventBridgeRuleTemplateTarget" + }, + "description": "Placeholder documentation for __listOfEventBridgeRuleTemplateTarget" + }, + "eventType": { + "$ref": "#/types/aws-native:medialive:EventBridgeRuleTemplateEventType", + "description": "The type of event to match with the rule." + }, + "groupIdentifier": { + "type": "string", + "description": "An eventbridge rule template group's identifier. Can be either be its id or current name." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "An eventbridge rule template's ARN (Amazon Resource Name)" + }, + "awsId": { + "type": "string", + "description": "An eventbridge rule template's id. AWS provided templates have ids that start with `aws-`" + }, + "createdAt": { + "type": "string", + "description": "Placeholder documentation for __timestampIso8601" + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "eventTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:EventBridgeRuleTemplateTarget" + }, + "description": "Placeholder documentation for __listOfEventBridgeRuleTemplateTarget" + }, + "eventType": { + "$ref": "#/types/aws-native:medialive:EventBridgeRuleTemplateEventType", + "description": "The type of event to match with the rule." + }, + "groupId": { + "type": "string", + "description": "An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-`" + }, + "groupIdentifier": { + "type": "string", + "description": "An eventbridge rule template group's identifier. Can be either be its id or current name." + }, + "identifier": { + "type": "string", + "description": "Placeholder documentation for __string" + }, + "modifiedAt": { + "type": "string", + "description": "Placeholder documentation for __timestampIso8601" + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "required": [ + "eventType", + "groupIdentifier" + ], + "createOnly": [ + "tags" + ], + "writeOnly": [ + "groupIdentifier" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, + "aws-native:medialive:EventBridgeRuleTemplateGroup": { + "cf": "AWS::MediaLive::EventBridgeRuleTemplateGroup", + "inputs": { + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "An eventbridge rule template group's ARN (Amazon Resource Name)" + }, + "awsId": { + "type": "string", + "description": "An eventbridge rule template group's id. AWS provided template groups have ids that start with `aws-`" + }, + "createdAt": { + "type": "string", + "description": "The date and time of resource creation." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "identifier": { + "type": "string" + }, + "modifiedAt": { + "type": "string", + "description": "The date and time of latest resource modification." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region.", + "replaceOnChanges": true + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "createOnly": [ + "name", + "tags" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, "aws-native:medialive:Multiplex": { "cf": "AWS::MediaLive::Multiplex", "inputs": { @@ -61495,6 +63412,330 @@ "preferredChannelPipeline" ] }, + "aws-native:medialive:Network": { + "cf": "AWS::MediaLive::Network", + "inputs": { + "ipPools": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:NetworkIpPool" + }, + "description": "The list of IP address cidr pools for the network" + }, + "name": { + "type": "string", + "description": "The user-specified name of the Network to be created." + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:NetworkRoute" + }, + "description": "The routes for the network" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The ARN of the Network." + }, + "associatedClusterIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "awsId": { + "type": "string", + "description": "The unique ID of the Network." + }, + "ipPools": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:NetworkIpPool" + }, + "description": "The list of IP address cidr pools for the network" + }, + "name": { + "type": "string", + "description": "The user-specified name of the Network to be created." + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:NetworkRoute" + }, + "description": "The routes for the network" + }, + "state": { + "$ref": "#/types/aws-native:medialive:NetworkState", + "description": "The current state of the Network." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "ipPools" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, + "aws-native:medialive:SdiSource": { + "cf": "AWS::MediaLive::SdiSource", + "inputs": { + "mode": { + "$ref": "#/types/aws-native:medialive:SdiSourceMode" + }, + "name": { + "type": "string", + "description": "The name of the SdiSource." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + }, + "type": { + "$ref": "#/types/aws-native:medialive:SdiSourceType" + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The unique arn of the SdiSource." + }, + "awsId": { + "type": "string", + "description": "The unique identifier of the SdiSource." + }, + "inputs": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of inputs currently using this SDI source." + }, + "mode": { + "$ref": "#/types/aws-native:medialive:SdiSourceMode" + }, + "name": { + "type": "string", + "description": "The name of the SdiSource." + }, + "state": { + "$ref": "#/types/aws-native:medialive:SdiSourceState" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A collection of key-value pairs." + }, + "type": { + "$ref": "#/types/aws-native:medialive:SdiSourceType" + } + }, + "autoNamingSpec": { + "sdkName": "name" + }, + "required": [ + "type" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, + "aws-native:medialive:SignalMap": { + "cf": "AWS::MediaLive::SignalMap", + "inputs": { + "cloudWatchAlarmTemplateGroupIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A cloudwatch alarm template group's identifier. Can be either be its id or current name." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "discoveryEntryPointArn": { + "type": "string", + "description": "A top-level supported AWS resource ARN to discovery a signal map from." + }, + "eventBridgeRuleTemplateGroupIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An eventbridge rule template group's identifier. Can be either be its id or current name." + }, + "forceRediscovery": { + "type": "boolean", + "description": "If true, will force a rediscovery of a signal map if an unchanged discoveryEntryPointArn is provided." + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "A signal map's ARN (Amazon Resource Name)" + }, + "awsId": { + "type": "string", + "description": "A signal map's id." + }, + "cloudWatchAlarmTemplateGroupIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A cloudwatch alarm template group's identifier. Can be either be its id or current name." + }, + "cloudWatchAlarmTemplateGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An alarm template group's id." + }, + "createdAt": { + "type": "string", + "description": "The date and time of resource creation." + }, + "description": { + "type": "string", + "description": "A resource's optional description." + }, + "discoveryEntryPointArn": { + "type": "string", + "description": "A top-level supported AWS resource ARN to discovery a signal map from." + }, + "errorMessage": { + "type": "string", + "description": "Error message associated with a failed creation or failed update attempt of a signal map." + }, + "eventBridgeRuleTemplateGroupIdentifiers": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An eventbridge rule template group's identifier. Can be either be its id or current name." + }, + "eventBridgeRuleTemplateGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "An eventbridge rule template group's id." + }, + "failedMediaResourceMap": { + "type": "object", + "additionalProperties": { + "$ref": "#/types/aws-native:medialive:SignalMapMediaResource" + } + }, + "forceRediscovery": { + "type": "boolean", + "description": "If true, will force a rediscovery of a signal map if an unchanged discoveryEntryPointArn is provided." + }, + "identifier": { + "type": "string" + }, + "lastDiscoveredAt": { + "type": "string", + "description": "The date and time of latest discovery." + }, + "lastSuccessfulMonitorDeployment": { + "$ref": "#/types/aws-native:medialive:SignalMapSuccessfulMonitorDeployment" + }, + "mediaResourceMap": { + "type": "object", + "additionalProperties": { + "$ref": "#/types/aws-native:medialive:SignalMapMediaResource" + } + }, + "modifiedAt": { + "type": "string", + "description": "The date and time of latest resource modification." + }, + "monitorChangesPendingDeployment": { + "type": "boolean", + "description": "If true, there are pending monitor changes for this signal map that can be deployed." + }, + "monitorDeployment": { + "$ref": "#/types/aws-native:medialive:SignalMapMonitorDeployment" + }, + "name": { + "type": "string", + "description": "A resource's name. Names must be unique within the scope of a resource type in a specific region." + }, + "status": { + "$ref": "#/types/aws-native:medialive:SignalMapStatus", + "description": "A signal map's current status, which is dependent on its lifecycle actions or associated jobs." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "required": [ + "discoveryEntryPointArn" + ], + "createOnly": [ + "tags" + ], + "writeOnly": [ + "cloudWatchAlarmTemplateGroupIdentifiers", + "eventBridgeRuleTemplateGroupIdentifiers", + "forceRediscovery" + ], + "irreversibleNames": { + "awsId": "Id" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, "aws-native:mediapackage:Asset": { "cf": "AWS::MediaPackage::Asset", "inputs": { @@ -61985,7 +64226,8 @@ "description": "\u003cp\u003eEnter any descriptive text that helps you to identify the channel.\u003c/p\u003e" }, "inputType": { - "$ref": "#/types/aws-native:mediapackagev2:ChannelInputType" + "$ref": "#/types/aws-native:mediapackagev2:ChannelInputType", + "description": "The input type will be an immutable field which will be used to define whether the channel will allow CMAF ingest or HLS ingest. If unprovided, it will default to HLS to preserve current behavior.\n\nThe allowed values are:\n\n- `HLS` - The HLS streaming specification (which defines M3U8 manifests and TS segments).\n- `CMAF` - The DASH-IF CMAF Ingest specification (which defines CMAF segments with optional DASH manifests)." }, "tags": { "type": "array", @@ -62033,6 +64275,7 @@ }, "inputType": { "$ref": "#/types/aws-native:mediapackagev2:ChannelInputType", + "description": "The input type will be an immutable field which will be used to define whether the channel will allow CMAF ingest or HLS ingest. If unprovided, it will default to HLS to preserve current behavior.\n\nThe allowed values are:\n\n- `HLS` - The HLS streaming specification (which defines M3U8 manifests and TS segments).\n- `CMAF` - The DASH-IF CMAF Ingest specification (which defines CMAF segments with optional DASH manifests).", "replaceOnChanges": true }, "modifiedAt": { @@ -62196,7 +64439,8 @@ "description": "\u003cp\u003eEnter any descriptive text that helps you to identify the origin endpoint.\u003c/p\u003e" }, "forceEndpointErrorConfiguration": { - "$ref": "#/types/aws-native:mediapackagev2:OriginEndpointForceEndpointErrorConfiguration" + "$ref": "#/types/aws-native:mediapackagev2:OriginEndpointForceEndpointErrorConfiguration", + "description": "The failover settings for the endpoint." }, "hlsManifests": { "type": "array", @@ -62273,7 +64517,8 @@ "description": "\u003cp\u003eEnter any descriptive text that helps you to identify the origin endpoint.\u003c/p\u003e" }, "forceEndpointErrorConfiguration": { - "$ref": "#/types/aws-native:mediapackagev2:OriginEndpointForceEndpointErrorConfiguration" + "$ref": "#/types/aws-native:mediapackagev2:OriginEndpointForceEndpointErrorConfiguration", + "description": "The failover settings for the endpoint." }, "hlsManifestUrls": { "type": "array", @@ -62333,7 +64578,8 @@ }, "required": [ "channelGroupName", - "channelName" + "channelName", + "containerType" ], "createOnly": [ "channelGroupName", @@ -63025,6 +65271,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -63142,6 +65392,10 @@ "type": "string", "description": "An optional description of the cluster." }, + "engine": { + "type": "string", + "description": "The engine type used by the cluster." + }, "engineVersion": { "type": "string", "description": "The Redis engine version used by the cluster." @@ -63523,52 +65777,41 @@ "cf": "AWS::MSK::Cluster", "inputs": { "brokerNodeGroupInfo": { - "$ref": "#/types/aws-native:msk:ClusterBrokerNodeGroupInfo", - "description": "Information about the broker nodes in the cluster." + "$ref": "#/types/aws-native:msk:ClusterBrokerNodeGroupInfo" }, "clientAuthentication": { - "$ref": "#/types/aws-native:msk:ClusterClientAuthentication", - "description": "Includes all client authentication related information." + "$ref": "#/types/aws-native:msk:ClusterClientAuthentication" }, "clusterName": { - "type": "string", - "description": "The name of the cluster." + "type": "string" }, "configurationInfo": { - "$ref": "#/types/aws-native:msk:ClusterConfigurationInfo", - "description": "Represents the configuration that you want MSK to use for the cluster." + "$ref": "#/types/aws-native:msk:ClusterConfigurationInfo" }, "currentVersion": { "type": "string", "description": "The current version of the MSK cluster" }, "encryptionInfo": { - "$ref": "#/types/aws-native:msk:ClusterEncryptionInfo", - "description": "Includes all encryption-related information." + "$ref": "#/types/aws-native:msk:ClusterEncryptionInfo" }, "enhancedMonitoring": { - "$ref": "#/types/aws-native:msk:ClusterEnhancedMonitoring", - "description": "Specifies the level of monitoring for the MSK cluster. The possible values are `DEFAULT` , `PER_BROKER` , and `PER_TOPIC_PER_BROKER` ." + "$ref": "#/types/aws-native:msk:ClusterEnhancedMonitoring" }, "kafkaVersion": { - "type": "string", - "description": "The version of Apache Kafka. You can use Amazon MSK to create clusters that use Apache Kafka versions 1.1.1 and 2.2.1." + "type": "string" }, "loggingInfo": { - "$ref": "#/types/aws-native:msk:ClusterLoggingInfo", - "description": "Logging Info details." + "$ref": "#/types/aws-native:msk:ClusterLoggingInfo" }, "numberOfBrokerNodes": { - "type": "integer", - "description": "The number of broker nodes in the cluster." + "type": "integer" }, "openMonitoring": { - "$ref": "#/types/aws-native:msk:ClusterOpenMonitoring", - "description": "The settings for open monitoring." + "$ref": "#/types/aws-native:msk:ClusterOpenMonitoring" }, "storageMode": { - "$ref": "#/types/aws-native:msk:ClusterStorageMode", - "description": "This controls storage mode for supported storage tiers." + "$ref": "#/types/aws-native:msk:ClusterStorageMode" }, "tags": { "type": "object", @@ -63583,53 +65826,42 @@ "type": "string" }, "brokerNodeGroupInfo": { - "$ref": "#/types/aws-native:msk:ClusterBrokerNodeGroupInfo", - "description": "Information about the broker nodes in the cluster." + "$ref": "#/types/aws-native:msk:ClusterBrokerNodeGroupInfo" }, "clientAuthentication": { - "$ref": "#/types/aws-native:msk:ClusterClientAuthentication", - "description": "Includes all client authentication related information." + "$ref": "#/types/aws-native:msk:ClusterClientAuthentication" }, "clusterName": { "type": "string", - "description": "The name of the cluster.", "replaceOnChanges": true }, "configurationInfo": { - "$ref": "#/types/aws-native:msk:ClusterConfigurationInfo", - "description": "Represents the configuration that you want MSK to use for the cluster." + "$ref": "#/types/aws-native:msk:ClusterConfigurationInfo" }, "currentVersion": { "type": "string", "description": "The current version of the MSK cluster" }, "encryptionInfo": { - "$ref": "#/types/aws-native:msk:ClusterEncryptionInfo", - "description": "Includes all encryption-related information." + "$ref": "#/types/aws-native:msk:ClusterEncryptionInfo" }, "enhancedMonitoring": { - "$ref": "#/types/aws-native:msk:ClusterEnhancedMonitoring", - "description": "Specifies the level of monitoring for the MSK cluster. The possible values are `DEFAULT` , `PER_BROKER` , and `PER_TOPIC_PER_BROKER` ." + "$ref": "#/types/aws-native:msk:ClusterEnhancedMonitoring" }, "kafkaVersion": { - "type": "string", - "description": "The version of Apache Kafka. You can use Amazon MSK to create clusters that use Apache Kafka versions 1.1.1 and 2.2.1." + "type": "string" }, "loggingInfo": { - "$ref": "#/types/aws-native:msk:ClusterLoggingInfo", - "description": "Logging Info details." + "$ref": "#/types/aws-native:msk:ClusterLoggingInfo" }, "numberOfBrokerNodes": { - "type": "integer", - "description": "The number of broker nodes in the cluster." + "type": "integer" }, "openMonitoring": { - "$ref": "#/types/aws-native:msk:ClusterOpenMonitoring", - "description": "The settings for open monitoring." + "$ref": "#/types/aws-native:msk:ClusterOpenMonitoring" }, "storageMode": { - "$ref": "#/types/aws-native:msk:ClusterStorageMode", - "description": "This controls storage mode for supported storage tiers." + "$ref": "#/types/aws-native:msk:ClusterStorageMode" }, "tags": { "type": "object", @@ -63699,8 +65931,7 @@ "cf": "AWS::MSK::Configuration", "inputs": { "description": { - "type": "string", - "description": "The description of the configuration." + "type": "string" }, "kafkaVersionsList": { "type": "array", @@ -63709,16 +65940,13 @@ } }, "latestRevision": { - "$ref": "#/types/aws-native:msk:ConfigurationLatestRevision", - "description": "Latest revision of the configuration." + "$ref": "#/types/aws-native:msk:ConfigurationLatestRevision" }, "name": { - "type": "string", - "description": "The name of the configuration. Configuration names are strings that match the regex \"^[0-9A-Za-z][0-9A-Za-z-]{0,}$\"." + "type": "string" }, "serverProperties": { - "type": "string", - "description": "Contents of the server.properties file. When using the API, you must ensure that the contents of the file are base64 encoded. When using the console, the SDK, or the CLI, the contents of server.properties can be in plaintext." + "type": "string" } }, "outputs": { @@ -63726,8 +65954,7 @@ "type": "string" }, "description": { - "type": "string", - "description": "The description of the configuration." + "type": "string" }, "kafkaVersionsList": { "type": "array", @@ -63737,17 +65964,14 @@ "replaceOnChanges": true }, "latestRevision": { - "$ref": "#/types/aws-native:msk:ConfigurationLatestRevision", - "description": "Latest revision of the configuration." + "$ref": "#/types/aws-native:msk:ConfigurationLatestRevision" }, "name": { "type": "string", - "description": "The name of the configuration. Configuration names are strings that match the regex \"^[0-9A-Za-z][0-9A-Za-z-]{0,}$\".", "replaceOnChanges": true }, "serverProperties": { - "type": "string", - "description": "Contents of the server.properties file. When using the API, you must ensure that the contents of the file are base64 encoded. When using the console, the SDK, or the CLI, the contents of server.properties can be in plaintext." + "type": "string" } }, "autoNamingSpec": { @@ -63875,8 +66099,7 @@ "cf": "AWS::MSK::ServerlessCluster", "inputs": { "clientAuthentication": { - "$ref": "#/types/aws-native:msk:ServerlessClusterClientAuthentication", - "description": "Includes all client authentication information." + "$ref": "#/types/aws-native:msk:ServerlessClusterClientAuthentication" }, "clusterName": { "type": "string" @@ -63901,7 +66124,6 @@ }, "clientAuthentication": { "$ref": "#/types/aws-native:msk:ServerlessClusterClientAuthentication", - "description": "Includes all client authentication information.", "replaceOnChanges": true }, "clusterName": { @@ -63953,30 +66175,26 @@ "type": "array", "items": { "type": "string" - }, - "description": "The list of subnets in the client VPC to connect to." + } }, "securityGroups": { "type": "array", "items": { "type": "string" - }, - "description": "The security groups to attach to the ENIs for the broker nodes." + } }, "tags": { "type": "object", "additionalProperties": { "type": "string" - }, - "description": "Create tags when creating the VPC connection." + } }, "targetClusterArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the target cluster" }, "vpcId": { - "type": "string", - "description": "The VPC id of the remote client." + "type": "string" } }, "outputs": { @@ -63994,7 +66212,6 @@ "items": { "type": "string" }, - "description": "The list of subnets in the client VPC to connect to.", "replaceOnChanges": true }, "securityGroups": { @@ -64002,15 +66219,13 @@ "items": { "type": "string" }, - "description": "The security groups to attach to the ENIs for the broker nodes.", "replaceOnChanges": true }, "tags": { "type": "object", "additionalProperties": { "type": "string" - }, - "description": "Create tags when creating the VPC connection." + } }, "targetClusterArn": { "type": "string", @@ -64019,7 +66234,6 @@ }, "vpcId": { "type": "string", - "description": "The VPC id of the remote client.", "replaceOnChanges": true } }, @@ -68158,6 +70372,9 @@ "$ref": "#/types/aws-native:opensearchservice:DomainOffPeakWindowOptions", "description": "Options for a domain's off-peak window, during which OpenSearch Service can perform mandatory configuration changes on the domain." }, + "skipShardMigrationWait": { + "type": "boolean" + }, "snapshotOptions": { "$ref": "#/types/aws-native:opensearchservice:DomainSnapshotOptions", "description": "*DEPRECATED* . The automated snapshot configuration for the OpenSearch Service domain indexes." @@ -68271,6 +70488,9 @@ "serviceSoftwareOptions": { "$ref": "#/types/aws-native:opensearchservice:DomainServiceSoftwareOptions" }, + "skipShardMigrationWait": { + "type": "boolean" + }, "snapshotOptions": { "$ref": "#/types/aws-native:opensearchservice:DomainSnapshotOptions", "description": "*DEPRECATED* . The automated snapshot configuration for the OpenSearch Service domain indexes." @@ -68298,6 +70518,7 @@ "domainName" ], "writeOnly": [ + "advancedSecurityOptions/JwtOptions/PublicKey", "advancedSecurityOptions/MasterUserOptions", "advancedSecurityOptions/SamlOptions/MasterBackendRole", "advancedSecurityOptions/SamlOptions/MasterUserName" @@ -68800,7 +71021,7 @@ }, "type": { "$ref": "#/types/aws-native:organizations:PolicyType", - "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY" + "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY" } }, "outputs": { @@ -68844,7 +71065,7 @@ }, "type": { "$ref": "#/types/aws-native:organizations:PolicyType", - "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY", + "description": "The type of policy to create. You can specify one of the following values: AISERVICES_OPT_OUT_POLICY, BACKUP_POLICY, SERVICE_CONTROL_POLICY, TAG_POLICY, CHATBOT_POLICY", "replaceOnChanges": true } }, @@ -69500,12 +71721,6 @@ "directoryId", "vpcInformation" ], - "writeOnly": [ - "certificateAuthorityArn", - "directoryId", - "tags", - "vpcInformation" - ], "tagsProperty": "tags", "tagsStyle": "stringMap" }, @@ -69548,10 +71763,6 @@ "createOnly": [ "directoryId" ], - "writeOnly": [ - "directoryId", - "tags" - ], "tagsProperty": "tags", "tagsStyle": "stringMap" }, @@ -69676,11 +71887,7 @@ "name" ], "writeOnly": [ - "connectorArn", - "definition", - "name", - "reenrollAllCertificateHolders", - "tags" + "reenrollAllCertificateHolders" ], "tagsProperty": "tags", "tagsStyle": "stringMap" @@ -69738,6 +71945,107 @@ "groupDisplayName" ] }, + "aws-native:pcaconnectorscep:Challenge": { + "cf": "AWS::PCAConnectorSCEP::Challenge", + "inputs": { + "connectorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the connector." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "challengeArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the challenge." + }, + "connectorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the connector.", + "replaceOnChanges": true + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "required": [ + "connectorArn" + ], + "createOnly": [ + "connectorArn" + ], + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, + "aws-native:pcaconnectorscep:Connector": { + "cf": "AWS::PCAConnectorSCEP::Connector", + "inputs": { + "certificateAuthorityArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the certificate authority associated with the connector." + }, + "mobileDeviceManagement": { + "$ref": "#/types/aws-native:pcaconnectorscep:ConnectorMobileDeviceManagement", + "description": "Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure `MobileDeviceManagement` , then the connector is for general-purpose use and this object is empty." + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + } + }, + "outputs": { + "certificateAuthorityArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the certificate authority associated with the connector.", + "replaceOnChanges": true + }, + "connectorArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the connector." + }, + "endpoint": { + "type": "string", + "description": "The connector's HTTPS public SCEP URL." + }, + "mobileDeviceManagement": { + "$ref": "#/types/aws-native:pcaconnectorscep:ConnectorMobileDeviceManagement", + "description": "Contains settings relevant to the mobile device management system that you chose for the connector. If you didn't configure `MobileDeviceManagement` , then the connector is for general-purpose use and this object is empty.", + "replaceOnChanges": true + }, + "openIdConfiguration": { + "$ref": "#/types/aws-native:pcaconnectorscep:ConnectorOpenIdConfiguration" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "type": { + "$ref": "#/types/aws-native:pcaconnectorscep:ConnectorType", + "description": "The connector type." + } + }, + "required": [ + "certificateAuthorityArn" + ], + "createOnly": [ + "certificateAuthorityArn", + "mobileDeviceManagement" + ], + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, "aws-native:personalize:Dataset": { "cf": "AWS::Personalize::Dataset", "inputs": { @@ -70116,6 +72424,10 @@ "$ref": "#/types/aws-native:pipes:PipeEnrichmentParameters", "description": "The parameters required to set up enrichment on your pipe." }, + "kmsKeyIdentifier": { + "type": "string", + "description": "The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.\n\nTo update a pipe that is using the default AWS owned key to use a customer managed key instead, or update a pipe that is using a customer managed key to use a different customer managed key, specify a customer managed key identifier.\n\nTo update a pipe that is using a customer managed key to use the default AWS owned key , specify an empty string.\n\nFor more information, see [Managing keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) in the *AWS Key Management Service Developer Guide* ." + }, "logConfiguration": { "$ref": "#/types/aws-native:pipes:PipeLogConfiguration", "description": "The logging configuration settings for the pipe." @@ -70181,6 +72493,10 @@ "$ref": "#/types/aws-native:pipes:PipeEnrichmentParameters", "description": "The parameters required to set up enrichment on your pipe." }, + "kmsKeyIdentifier": { + "type": "string", + "description": "The identifier of the AWS KMS customer managed key for EventBridge to use, if you choose to use a customer managed key to encrypt pipe data. The identifier can be the key Amazon Resource Name (ARN), KeyId, key alias, or key alias ARN.\n\nTo update a pipe that is using the default AWS owned key to use a customer managed key instead, or update a pipe that is using a customer managed key to use a different customer managed key, specify a customer managed key identifier.\n\nTo update a pipe that is using a customer managed key to use the default AWS owned key , specify an empty string.\n\nFor more information, see [Managing keys](https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html) in the *AWS Key Management Service Developer Guide* ." + }, "lastModifiedTime": { "type": "string", "description": "When the pipe was last updated, in [ISO-8601 format](https://docs.aws.amazon.com/https://www.w3.org/TR/NOTE-datetime) (YYYY-MM-DDThh:mm:ss.sTZD)." @@ -70249,10 +72565,10 @@ "sourceParameters/ManagedStreamingKafkaParameters/TopicName", "sourceParameters/RabbitMqBrokerParameters/QueueName", "sourceParameters/RabbitMqBrokerParameters/VirtualHost", - "sourceParameters/SelfManagedApacheKafkaParameters/AdditionalBootstrapServers", - "sourceParameters/SelfManagedApacheKafkaParameters/ConsumerGroupId", - "sourceParameters/SelfManagedApacheKafkaParameters/StartingPosition", - "sourceParameters/SelfManagedApacheKafkaParameters/TopicName" + "sourceParameters/SelfManagedKafkaParameters/AdditionalBootstrapServers", + "sourceParameters/SelfManagedKafkaParameters/ConsumerGroupId", + "sourceParameters/SelfManagedKafkaParameters/StartingPosition", + "sourceParameters/SelfManagedKafkaParameters/TopicName" ], "writeOnly": [ "sourceParameters", @@ -70515,7 +72831,8 @@ "description": "Configuration information for the file upload during chat feature." }, "autoSubscriptionConfiguration": { - "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionConfiguration" + "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionConfiguration", + "description": "Subscription configuration information for an Amazon Q Business application using IAM identity federation for user management." }, "clientIdsForOidc": { "type": "array", @@ -70536,17 +72853,20 @@ "description": "Provides the identifier of the AWS KMS key used to encrypt data indexed by Amazon Q Business. Amazon Q Business doesn't support asymmetric keys." }, "iamIdentityProviderArn": { - "type": "string" + "type": "string", + "description": "The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application." }, "identityCenterInstanceArn": { "type": "string", "description": "The Amazon Resource Name (ARN) of the IAM Identity Center instance you are either creating for—or connecting to—your Amazon Q Business application.\n\n*Required* : `Yes`" }, "identityType": { - "$ref": "#/types/aws-native:qbusiness:ApplicationIdentityType" + "$ref": "#/types/aws-native:qbusiness:ApplicationIdentityType", + "description": "The authentication type being used by a Amazon Q Business application." }, "personalizationConfiguration": { - "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationConfiguration" + "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationConfiguration", + "description": "Configuration information about chat response personalization. For more information, see [Personalizing chat responses](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/personalizing-chat-responses.html) ." }, "qAppsConfiguration": { "$ref": "#/types/aws-native:qbusiness:ApplicationQAppsConfiguration", @@ -70554,7 +72874,7 @@ }, "roleArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon CloudWatch logs and metrics." + "description": "The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon CloudWatch logs and metrics. If this property is not specified, Amazon Q Business will create a [service linked role (SLR)](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/using-service-linked-roles.html#slr-permissions) and use it as the application's role." }, "tags": { "type": "array", @@ -70578,7 +72898,8 @@ "description": "Configuration information for the file upload during chat feature." }, "autoSubscriptionConfiguration": { - "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionConfiguration" + "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionConfiguration", + "description": "Subscription configuration information for an Amazon Q Business application using IAM identity federation for user management." }, "clientIdsForOidc": { "type": "array", @@ -70606,6 +72927,7 @@ }, "iamIdentityProviderArn": { "type": "string", + "description": "The Amazon Resource Name (ARN) of an identity provider being used by an Amazon Q Business application.", "replaceOnChanges": true }, "identityCenterApplicationArn": { @@ -70618,10 +72940,12 @@ }, "identityType": { "$ref": "#/types/aws-native:qbusiness:ApplicationIdentityType", + "description": "The authentication type being used by a Amazon Q Business application.", "replaceOnChanges": true }, "personalizationConfiguration": { - "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationConfiguration" + "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationConfiguration", + "description": "Configuration information about chat response personalization. For more information, see [Personalizing chat responses](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/personalizing-chat-responses.html) ." }, "qAppsConfiguration": { "$ref": "#/types/aws-native:qbusiness:ApplicationQAppsConfiguration", @@ -70629,7 +72953,7 @@ }, "roleArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon CloudWatch logs and metrics." + "description": "The Amazon Resource Name (ARN) of an IAM role with permissions to access your Amazon CloudWatch logs and metrics. If this property is not specified, Amazon Q Business will create a [service linked role (SLR)](https://docs.aws.amazon.com/amazonq/latest/qbusiness-ug/using-service-linked-roles.html#slr-permissions) and use it as the application's role." }, "status": { "$ref": "#/types/aws-native:qbusiness:ApplicationStatus", @@ -71161,7 +73485,15 @@ { "$ref": "#/types/aws-native:qbusiness:WebExperienceIdentityProviderConfiguration1Properties" } - ] + ], + "description": "Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience." + }, + "origins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -71213,7 +73545,15 @@ { "$ref": "#/types/aws-native:qbusiness:WebExperienceIdentityProviderConfiguration1Properties" } - ] + ], + "description": "Provides information about the identity provider (IdP) used to authenticate end users of an Amazon Q Business web experience." + }, + "origins": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Sets the website domain origins that are allowed to embed the Amazon Q Business web experience. The *domain origin* refers to the base URL for accessing a website including the protocol ( `http/https` ), the domain name, and the port number (if specified).\n\n\u003e You must only submit a *base URL* and not a full path. For example, `https://docs.aws.amazon.com` ." }, "roleArn": { "type": "string", @@ -71394,6 +73734,12 @@ }, "description": "\u003cp\u003eErrors associated with the analysis.\u003c/p\u003e" }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "name": { "type": "string", "description": "\u003cp\u003eThe descriptive name of the analysis.\u003c/p\u003e" @@ -71476,6 +73822,12 @@ }, "description": "\u003cp\u003eErrors associated with the analysis.\u003c/p\u003e" }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "lastUpdatedTime": { "type": "string", "description": "\u003cp\u003eThe time that the analysis was last updated.\u003c/p\u003e" @@ -71541,6 +73893,7 @@ ], "writeOnly": [ "definition", + "folderArns", "parameters", "sourceEntity", "status", @@ -71567,6 +73920,12 @@ "definition": { "$ref": "#/types/aws-native:quicksight:DashboardVersionDefinition" }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "linkEntities": { "type": "array", "items": { @@ -71643,6 +74002,12 @@ "definition": { "$ref": "#/types/aws-native:quicksight:DashboardVersionDefinition" }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "lastPublishedTime": { "type": "string", "description": "\u003cp\u003eThe last time that this dashboard was published.\u003c/p\u003e" @@ -71720,6 +74085,7 @@ "writeOnly": [ "dashboardPublishOptions", "definition", + "folderArns", "linkSharingConfiguration", "parameters", "sourceEntity", @@ -71777,6 +74143,13 @@ }, "description": "The folder that contains fields and nested subfolders for your dataset." }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "\u003cp\u003eWhen you create the dataset, Amazon QuickSight adds the dataset to these folders.\u003c/p\u003e" + }, "importMode": { "$ref": "#/types/aws-native:quicksight:DataSetImportMode", "description": "Indicates whether you want to import the data into SPICE." @@ -71885,6 +74258,13 @@ }, "description": "The folder that contains fields and nested subfolders for your dataset." }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + }, + "description": "\u003cp\u003eWhen you create the dataset, Amazon QuickSight adds the dataset to these folders.\u003c/p\u003e" + }, "importMode": { "$ref": "#/types/aws-native:quicksight:DataSetImportMode", "description": "Indicates whether you want to import the data into SPICE." @@ -71956,6 +74336,7 @@ ], "writeOnly": [ "fieldFolders", + "folderArns", "ingestionWaitPolicy" ], "tagsProperty": "tags", @@ -71991,6 +74372,12 @@ "$ref": "#/types/aws-native:quicksight:DataSourceErrorInfo", "description": "Error information from the last update or the creation of the data source." }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "name": { "type": "string", "description": "A display name for the data source." @@ -72060,6 +74447,12 @@ "$ref": "#/types/aws-native:quicksight:DataSourceErrorInfo", "description": "Error information from the last update or the creation of the data source." }, + "folderArns": { + "type": "array", + "items": { + "type": "string" + } + }, "lastUpdatedTime": { "type": "string", "description": "\u003cp\u003eThe last time that this data source was updated.\u003c/p\u003e" @@ -72114,7 +74507,125 @@ "type" ], "writeOnly": [ - "credentials" + "credentials", + "folderArns" + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, + "aws-native:quicksight:Folder": { + "cf": "AWS::QuickSight::Folder", + "inputs": { + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account where you want to create the folder." + }, + "folderId": { + "type": "string", + "description": "The ID of the folder." + }, + "folderType": { + "$ref": "#/types/aws-native:quicksight:FolderType", + "description": "The type of folder it is." + }, + "name": { + "type": "string", + "description": "A display name for the folder." + }, + "parentFolderArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the folder." + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:quicksight:FolderResourcePermission" + }, + "description": "A structure that describes the principals and the resource-level permissions of a folder.\n\nTo specify no permissions, omit `Permissions` ." + }, + "sharingModel": { + "$ref": "#/types/aws-native:quicksight:FolderSharingModel", + "description": "The sharing scope of the folder." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags for the folders that you want to apply overrides to." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "\u003cp\u003eThe Amazon Resource Name (ARN) for the folder.\u003c/p\u003e" + }, + "awsAccountId": { + "type": "string", + "description": "The ID for the AWS account where you want to create the folder.", + "replaceOnChanges": true + }, + "createdTime": { + "type": "string", + "description": "\u003cp\u003eThe time that the folder was created.\u003c/p\u003e" + }, + "folderId": { + "type": "string", + "description": "The ID of the folder.", + "replaceOnChanges": true + }, + "folderType": { + "$ref": "#/types/aws-native:quicksight:FolderType", + "description": "The type of folder it is.", + "replaceOnChanges": true + }, + "lastUpdatedTime": { + "type": "string", + "description": "\u003cp\u003eThe time that the folder was last updated.\u003c/p\u003e" + }, + "name": { + "type": "string", + "description": "A display name for the folder." + }, + "parentFolderArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) for the folder.", + "replaceOnChanges": true + }, + "permissions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:quicksight:FolderResourcePermission" + }, + "description": "A structure that describes the principals and the resource-level permissions of a folder.\n\nTo specify no permissions, omit `Permissions` ." + }, + "sharingModel": { + "$ref": "#/types/aws-native:quicksight:FolderSharingModel", + "description": "The sharing scope of the folder.", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "A list of tags for the folders that you want to apply overrides to." + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 200 + }, + "createOnly": [ + "awsAccountId", + "folderId", + "folderType", + "parentFolderArn", + "sharingModel" + ], + "writeOnly": [ + "parentFolderArn" ], "tagsProperty": "tags", "tagsStyle": "keyValueArray" @@ -73603,7 +76114,7 @@ }, "dbSnapshotIdentifier": { "type": "string", - "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``DeleteAutomatedBackups`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PerformanceInsightsKMSKeyId`` \n + ``PerformanceInsightsRetentionPeriod`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an encrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster." + "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an unencrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster." }, "dbSubnetGroupName": { "type": "string", @@ -73945,7 +76456,7 @@ }, "dbSnapshotIdentifier": { "type": "string", - "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``DeleteAutomatedBackups`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PerformanceInsightsKMSKeyId`` \n + ``PerformanceInsightsRetentionPeriod`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an encrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster." + "description": "The name or Amazon Resource Name (ARN) of the DB snapshot that's used to restore the DB instance. If you're restoring from a shared manual DB snapshot, you must specify the ARN of the snapshot.\n By specifying this property, you can create a DB instance from the specified DB snapshot. If the ``DBSnapshotIdentifier`` property is an empty string or the ``AWS::RDS::DBInstance`` declaration has no ``DBSnapshotIdentifier`` property, AWS CloudFormation creates a new database. If the property contains a value (other than an empty string), AWS CloudFormation creates a database from the specified snapshot. If a snapshot with the specified name doesn't exist, AWS CloudFormation can't create the database and it rolls back the stack.\n Some DB instance properties aren't valid when you restore from a snapshot, such as the ``MasterUsername`` and ``MasterUserPassword`` properties. For information about the properties that you can specify, see the ``RestoreDBInstanceFromDBSnapshot`` action in the *Amazon RDS API Reference*.\n After you restore a DB instance with a ``DBSnapshotIdentifier`` property, you must specify the same ``DBSnapshotIdentifier`` property for any future updates to the DB instance. When you specify this property for an update, the DB instance is not restored from the DB snapshot again, and the data in the database is not changed. However, if you don't specify the ``DBSnapshotIdentifier`` property, an empty DB instance is created, and the original DB instance is deleted. If you specify a property that is different from the previous snapshot restore property, a new DB instance is restored from the specified ``DBSnapshotIdentifier`` property, and the original DB instance is deleted.\n If you specify the ``DBSnapshotIdentifier`` property to restore a DB instance (as opposed to specifying it for DB instance updates), then don't specify the following properties:\n + ``CharacterSetName`` \n + ``DBClusterIdentifier`` \n + ``DBName`` \n + ``KmsKeyId`` \n + ``MasterUsername`` \n + ``MasterUserPassword`` \n + ``PromotionTier`` \n + ``SourceDBInstanceIdentifier`` \n + ``SourceRegion`` \n + ``StorageEncrypted`` (for an unencrypted snapshot)\n + ``Timezone`` \n \n *Amazon Aurora* \n Not applicable. Snapshot restore is managed by the DB cluster." }, "dbSubnetGroupName": { "type": "string", @@ -74731,9 +77242,6 @@ "createOnly": [ "dbSubnetGroupName" ], - "writeOnly": [ - "subnetIds" - ], "irreversibleNames": { "dbSubnetGroupDescription": "DBSubnetGroupDescription", "dbSubnetGroupName": "DBSubnetGroupName" @@ -74867,6 +77375,13 @@ "storageEncrypted": { "type": "boolean", "description": " The storage encryption setting for the new global database cluster.\nIf you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." } }, "outputs": { @@ -74901,6 +77416,13 @@ "type": "boolean", "description": " The storage encryption setting for the new global database cluster.\nIf you specify the SourceDBClusterIdentifier property, don't specify this property. The value is inherited from the cluster.", "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." } }, "createOnly": [ @@ -74911,7 +77433,9 @@ ], "irreversibleNames": { "sourceDbClusterIdentifier": "SourceDBClusterIdentifier" - } + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" }, "aws-native:rds:Integration": { "cf": "AWS::RDS::Integration", @@ -76076,6 +78600,103 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:redshift:Integration": { + "cf": "AWS::Redshift::Integration", + "inputs": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used." + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf" + } + }, + "outputs": { + "additionalEncryptionContext": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "replaceOnChanges": true + }, + "createTime": { + "type": "string", + "description": "The time (UTC) when the integration was created." + }, + "integrationArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the integration." + }, + "integrationName": { + "type": "string", + "description": "The name of the integration." + }, + "kmsKeyId": { + "type": "string", + "description": "An KMS key identifier for the key to use to encrypt the integration. If you don't specify an encryption key, the default AWS owned KMS key is used.", + "replaceOnChanges": true + }, + "sourceArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the database to use as the source for replication, for example, arn:aws:dynamodb:us-east-2:123412341234:table/dynamotable", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "An array of key-value pairs to apply to this resource." + }, + "targetArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Redshift data warehouse to use as the target for replication, for example, arn:aws:redshift:us-east-2:123412341234:namespace:e43aab3e-10a3-4ec4-83d4-f227ff9bfbcf", + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "integrationName", + "minLength": 1, + "maxLength": 64 + }, + "required": [ + "sourceArn", + "targetArn" + ], + "createOnly": [ + "additionalEncryptionContext", + "kmsKeyId", + "sourceArn", + "targetArn" + ], + "irreversibleNames": { + "kmsKeyId": "KMSKeyId" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:redshift:ScheduledAction": { "cf": "AWS::Redshift::ScheduledAction", "inputs": { @@ -78585,9 +81206,6 @@ "createOnly": [ "name" ], - "writeOnly": [ - "tags" - ], "irreversibleNames": { "awsId": "Id" }, @@ -78599,7 +81217,7 @@ "inputs": { "arn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the profile association." + "description": "The Amazon Resource Name (ARN) of the profile association." }, "name": { "type": "string", @@ -78624,7 +81242,7 @@ "outputs": { "arn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the profile association." + "description": "The Amazon Resource Name (ARN) of the profile association." }, "awsId": { "type": "string", @@ -78666,8 +81284,7 @@ "resourceId" ], "writeOnly": [ - "arn", - "tags" + "arn" ], "irreversibleNames": { "awsId": "Id" @@ -79863,10 +82480,6 @@ "aws-native:route53resolver:ResolverRule": { "cf": "AWS::Route53Resolver::ResolverRule", "inputs": { - "delegationRecord": { - "type": "string", - "description": "The name server domain for queries to be delegated to if a query matches the delegation record." - }, "domainName": { "type": "string", "description": "DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps" @@ -79903,10 +82516,6 @@ "type": "string", "description": "The Amazon Resource Name (ARN) of the resolver rule." }, - "delegationRecord": { - "type": "string", - "description": "The name server domain for queries to be delegated to if a query matches the delegation record." - }, "domainName": { "type": "string", "description": "DNS queries for this domain name are forwarded to the IP addresses that are specified in TargetIps" @@ -80183,8 +82792,7 @@ "tags" ], "writeOnly": [ - "s3PrefixType", - "tags" + "s3PrefixType" ], "irreversibleNames": { "s3PrefixType": "S3PrefixType" @@ -80286,9 +82894,6 @@ "createOnly": [ "tags" ], - "writeOnly": [ - "tags" - ], "tagsProperty": "tags", "tagsStyle": "keyValueArrayCreateOnly" }, @@ -80865,6 +83470,10 @@ "aws-native:s3express:DirectoryBucket": { "cf": "AWS::S3Express::DirectoryBucket", "inputs": { + "bucketEncryption": { + "$ref": "#/types/aws-native:s3express:DirectoryBucketBucketEncryption", + "description": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* ." + }, "bucketName": { "type": "string", "description": "Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name." @@ -80883,6 +83492,14 @@ "type": "string", "description": "Returns the Amazon Resource Name (ARN) of the specified bucket." }, + "availabilityZoneName": { + "type": "string", + "description": "Returns the code for the Availability Zone where the directory bucket was created." + }, + "bucketEncryption": { + "$ref": "#/types/aws-native:s3express:DirectoryBucketBucketEncryption", + "description": "Specifies default encryption for a bucket using server-side encryption with Amazon S3 managed keys (SSE-S3) or AWS KMS keys (SSE-KMS). For information about default encryption for directory buckets, see [Setting and monitoring default encryption for directory buckets](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-bucket-encryption.html) in the *Amazon S3 User Guide* ." + }, "bucketName": { "type": "string", "description": "Specifies a name for the bucket. The bucket name must contain only lowercase letters, numbers, and hyphens (-). A directory bucket name must be unique in the chosen Availability Zone. The bucket name must also follow the format 'bucket_base_name--az_id--x-s3' (for example, 'DOC-EXAMPLE-BUCKET--usw2-az1--x-s3'). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the bucket name.", @@ -81422,6 +84039,111 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArrayCreateOnly" }, + "aws-native:sagemaker:Cluster": { + "cf": "AWS::SageMaker::Cluster", + "inputs": { + "clusterName": { + "type": "string", + "description": "The name of the HyperPod Cluster." + }, + "instanceGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:sagemaker:ClusterInstanceGroup" + }, + "description": "The instance groups of the SageMaker HyperPod cluster." + }, + "nodeRecovery": { + "$ref": "#/types/aws-native:sagemaker:ClusterNodeRecovery", + "description": "If node auto-recovery is set to true, faulty nodes will be replaced or rebooted when a failure is detected. If set to false, nodes will be labelled when a fault is detected." + }, + "orchestrator": { + "$ref": "#/types/aws-native:sagemaker:ClusterOrchestrator", + "description": "The orchestrator type for the SageMaker HyperPod cluster. Currently, `'eks'` is the only available option." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Custom tags for managing the SageMaker HyperPod cluster as an AWS resource. You can add tags to your cluster in the same way you add them in other AWS services that support tagging." + }, + "vpcConfig": { + "$ref": "#/types/aws-native:sagemaker:ClusterVpcConfig", + "description": "Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC. For more information, see [Give SageMaker Access to Resources in your Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-give-access.html) ." + } + }, + "outputs": { + "clusterArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the HyperPod Cluster." + }, + "clusterName": { + "type": "string", + "description": "The name of the HyperPod Cluster.", + "replaceOnChanges": true + }, + "clusterStatus": { + "$ref": "#/types/aws-native:sagemaker:ClusterStatus", + "description": "The status of the HyperPod Cluster." + }, + "creationTime": { + "type": "string", + "description": "The time at which the HyperPod cluster was created." + }, + "failureMessage": { + "type": "string", + "description": "The failure message of the HyperPod Cluster." + }, + "instanceGroups": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:sagemaker:ClusterInstanceGroup" + }, + "description": "The instance groups of the SageMaker HyperPod cluster." + }, + "nodeRecovery": { + "$ref": "#/types/aws-native:sagemaker:ClusterNodeRecovery", + "description": "If node auto-recovery is set to true, faulty nodes will be replaced or rebooted when a failure is detected. If set to false, nodes will be labelled when a fault is detected." + }, + "orchestrator": { + "$ref": "#/types/aws-native:sagemaker:ClusterOrchestrator", + "description": "The orchestrator type for the SageMaker HyperPod cluster. Currently, `'eks'` is the only available option.", + "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Custom tags for managing the SageMaker HyperPod cluster as an AWS resource. You can add tags to your cluster in the same way you add them in other AWS services that support tagging." + }, + "vpcConfig": { + "$ref": "#/types/aws-native:sagemaker:ClusterVpcConfig", + "description": "Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC. For more information, see [Give SageMaker Access to Resources in your Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-give-access.html) .", + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "clusterName", + "minLength": 1, + "maxLength": 63 + }, + "required": [ + "instanceGroups" + ], + "createOnly": [ + "clusterName", + "instanceGroups/*/ExecutionRole", + "instanceGroups/*/InstanceGroupName", + "instanceGroups/*/InstanceType", + "instanceGroups/*/ThreadsPerCore", + "orchestrator", + "vpcConfig" + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:sagemaker:DataQualityJobDefinition": { "cf": "AWS::SageMaker::DataQualityJobDefinition", "inputs": { @@ -84312,6 +87034,48 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:secretsmanager:SecretTargetAttachment": { + "cf": "AWS::SecretsManager::SecretTargetAttachment", + "inputs": { + "secretId": { + "type": "string", + "description": "The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition." + }, + "targetId": { + "type": "string", + "description": "The ID of the database or cluster." + }, + "targetType": { + "type": "string", + "description": "A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:\n\n- AWS::RDS::DBInstance\n- AWS::RDS::DBCluster\n- AWS::Redshift::Cluster\n- AWS::RedshiftServerless::Namespace\n- AWS::DocDB::DBInstance\n- AWS::DocDB::DBCluster\n- AWS::DocDBElastic::Cluster" + } + }, + "outputs": { + "awsId": { + "type": "string" + }, + "secretId": { + "type": "string", + "description": "The ARN or name of the secret. To reference a secret also created in this template, use the see [Ref](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-ref.html) function with the secret's logical ID. This field is unique for each target attachment definition." + }, + "targetId": { + "type": "string", + "description": "The ID of the database or cluster." + }, + "targetType": { + "type": "string", + "description": "A string that defines the type of service or database associated with the secret. This value instructs Secrets Manager how to update the secret with the details of the service or database. This value must be one of the following:\n\n- AWS::RDS::DBInstance\n- AWS::RDS::DBCluster\n- AWS::Redshift::Cluster\n- AWS::RedshiftServerless::Namespace\n- AWS::DocDB::DBInstance\n- AWS::DocDB::DBCluster\n- AWS::DocDBElastic::Cluster" + } + }, + "required": [ + "secretId", + "targetId", + "targetType" + ], + "irreversibleNames": { + "awsId": "Id" + } + }, "aws-native:securityhub:AutomationRule": { "cf": "AWS::SecurityHub::AutomationRule", "inputs": { @@ -84320,7 +87084,7 @@ "items": { "$ref": "#/types/aws-native:securityhub:AutomationRulesAction" }, - "description": "One or more actions to update finding fields if a finding matches the conditions specified in `Criteria` ." + "description": "One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``." }, "criteria": { "$ref": "#/types/aws-native:securityhub:AutomationRulesFindingFilters", @@ -84360,7 +87124,7 @@ "items": { "$ref": "#/types/aws-native:securityhub:AutomationRulesAction" }, - "description": "One or more actions to update finding fields if a finding matches the conditions specified in `Criteria` ." + "description": "One or more actions to update finding fields if a finding matches the conditions specified in ``Criteria``." }, "createdAt": { "type": "string", @@ -84415,6 +87179,12 @@ "minLength": 1, "maxLength": 256 }, + "required": [ + "actions", + "criteria", + "description", + "ruleOrder" + ], "tagsProperty": "tags", "tagsStyle": "stringMap" }, @@ -84511,22 +87281,22 @@ "inputs": { "adminAccountId": { "type": "string", - "description": "The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account" + "description": "The AWS-account identifier of the account to designate as the Security Hub administrator account." } }, "outputs": { "adminAccountId": { "type": "string", - "description": "The Amazon Web Services account identifier of the account to designate as the Security Hub administrator account", + "description": "The AWS-account identifier of the account to designate as the Security Hub administrator account.", "replaceOnChanges": true }, "delegatedAdminIdentifier": { "type": "string", - "description": "The identifier of the DelegatedAdmin being created and assigned as the unique identifier" + "description": "The ID of the delegated Security Hub administrator account, in the format of `accountID/Region` ." }, "status": { "$ref": "#/types/aws-native:securityhub:DelegatedAdminStatus", - "description": "The current status of the Security Hub administrator account. Indicates whether the account is currently enabled as a Security Hub administrator" + "description": "Whether the delegated Security Hub administrator is set for the organization." } }, "required": [ @@ -84542,35 +87312,35 @@ "inputs": { "regionLinkingMode": { "$ref": "#/types/aws-native:securityhub:FindingAggregatorRegionLinkingMode", - "description": "Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions" + "description": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.\n The selected option also determines how to use the Regions provided in the Regions list.\n The options are as follows:\n + ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. \n + ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions." }, "regions": { "type": "array", "items": { "type": "string" }, - "description": "The list of excluded Regions or included Regions" + "description": "If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED``, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.\n If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS``, then this is a space-separated list of Regions that do replicate and send findings to the home Region. \n An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS``." } }, "outputs": { "findingAggregationRegion": { "type": "string", - "description": "The aggregation Region of the FindingAggregator" + "description": "The home Region. Findings generated in linked Regions are replicated and sent to the home Region." }, "findingAggregatorArn": { "type": "string", - "description": "The ARN of the FindingAggregator being created and assigned as the unique identifier" + "description": "The ARN of the finding aggregator. You use the finding aggregator ARN to retrieve details for, update, and delete the finding aggregator." }, "regionLinkingMode": { "$ref": "#/types/aws-native:securityhub:FindingAggregatorRegionLinkingMode", - "description": "Indicates whether to link all Regions, all Regions except for a list of excluded Regions, or a list of included Regions" + "description": "Indicates whether to aggregate findings from all of the available Regions in the current partition. Also determines whether to automatically aggregate findings from new Regions as Security Hub supports them and you opt into them.\n The selected option also determines how to use the Regions provided in the Regions list.\n The options are as follows:\n + ``ALL_REGIONS`` - Aggregates findings from all of the Regions where Security Hub is enabled. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``ALL_REGIONS_EXCEPT_SPECIFIED`` - Aggregates findings from all of the Regions where Security Hub is enabled, except for the Regions listed in the ``Regions`` parameter. When you choose this option, Security Hub also automatically aggregates findings from new Regions as Security Hub supports them and you opt into them. \n + ``SPECIFIED_REGIONS`` - Aggregates findings only from the Regions listed in the ``Regions`` parameter. Security Hub does not automatically aggregate findings from new Regions. \n + ``NO_REGIONS`` - Aggregates no data because no Regions are selected as linked Regions." }, "regions": { "type": "array", "items": { "type": "string" }, - "description": "The list of excluded Regions or included Regions" + "description": "If ``RegionLinkingMode`` is ``ALL_REGIONS_EXCEPT_SPECIFIED``, then this is a space-separated list of Regions that don't replicate and send findings to the home Region.\n If ``RegionLinkingMode`` is ``SPECIFIED_REGIONS``, then this is a space-separated list of Regions that do replicate and send findings to the home Region. \n An ``InvalidInputException`` error results if you populate this field while ``RegionLinkingMode`` is ``NO_REGIONS``." } }, "required": [ @@ -84881,7 +87651,7 @@ "items": { "$ref": "#/types/aws-native:securityhub:StandardsControl" }, - "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``" + "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``" }, "standardsArn": { "type": "string", @@ -84894,7 +87664,7 @@ "items": { "$ref": "#/types/aws-native:securityhub:StandardsControl" }, - "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``" + "description": "Specifies which controls are to be disabled in a standard. \n *Maximum*: ``100``" }, "standardsArn": { "type": "string", @@ -87020,6 +89790,120 @@ "snapshotS3Location": "SnapshotS3Location" } }, + "aws-native:sns:Subscription": { + "cf": "AWS::SNS::Subscription", + "inputs": { + "deliveryPolicy": { + "$ref": "pulumi.json#/Any", + "description": "The delivery policy JSON assigned to the subscription. Enables the subscriber to define the message delivery retry strategy in the case of an HTTP/S endpoint subscribed to the topic.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "endpoint": { + "type": "string", + "description": "The subscription's endpoint. The endpoint value depends on the protocol that you specify. " + }, + "filterPolicy": { + "$ref": "pulumi.json#/Any", + "description": "The filter policy JSON assigned to the subscription. Enables the subscriber to filter out unwanted messages.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "filterPolicyScope": { + "type": "string", + "description": "This attribute lets you choose the filtering scope by using one of the following string value types: MessageAttributes (default) and MessageBody." + }, + "protocol": { + "type": "string", + "description": "The subscription's protocol." + }, + "rawMessageDelivery": { + "type": "boolean", + "description": "When set to true, enables raw message delivery. Raw messages don't contain any JSON formatting and can be sent to Amazon SQS and HTTP/S endpoints." + }, + "redrivePolicy": { + "$ref": "pulumi.json#/Any", + "description": "When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors are held in the dead-letter queue for further analysis or reprocessing.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "region": { + "type": "string", + "description": "For cross-region subscriptions, the region in which the topic resides.If no region is specified, AWS CloudFormation uses the region of the caller as the default." + }, + "replayPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Specifies whether Amazon SNS resends the notification to the subscription when a message's attribute changes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "subscriptionRoleArn": { + "type": "string", + "description": "This property applies only to Amazon Data Firehose delivery stream subscriptions." + }, + "topicArn": { + "type": "string", + "description": "The ARN of the topic to subscribe to." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "Arn of the subscription" + }, + "deliveryPolicy": { + "$ref": "pulumi.json#/Any", + "description": "The delivery policy JSON assigned to the subscription. Enables the subscriber to define the message delivery retry strategy in the case of an HTTP/S endpoint subscribed to the topic.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "endpoint": { + "type": "string", + "description": "The subscription's endpoint. The endpoint value depends on the protocol that you specify. ", + "replaceOnChanges": true + }, + "filterPolicy": { + "$ref": "pulumi.json#/Any", + "description": "The filter policy JSON assigned to the subscription. Enables the subscriber to filter out unwanted messages.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "filterPolicyScope": { + "type": "string", + "description": "This attribute lets you choose the filtering scope by using one of the following string value types: MessageAttributes (default) and MessageBody." + }, + "protocol": { + "type": "string", + "description": "The subscription's protocol.", + "replaceOnChanges": true + }, + "rawMessageDelivery": { + "type": "boolean", + "description": "When set to true, enables raw message delivery. Raw messages don't contain any JSON formatting and can be sent to Amazon SQS and HTTP/S endpoints." + }, + "redrivePolicy": { + "$ref": "pulumi.json#/Any", + "description": "When specified, sends undeliverable messages to the specified Amazon SQS dead-letter queue. Messages that can't be delivered due to client errors are held in the dead-letter queue for further analysis or reprocessing.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "region": { + "type": "string", + "description": "For cross-region subscriptions, the region in which the topic resides.If no region is specified, AWS CloudFormation uses the region of the caller as the default." + }, + "replayPolicy": { + "$ref": "pulumi.json#/Any", + "description": "Specifies whether Amazon SNS resends the notification to the subscription when a message's attribute changes.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SNS::Subscription` for more information about the expected schema for this property." + }, + "subscriptionRoleArn": { + "type": "string", + "description": "This property applies only to Amazon Data Firehose delivery stream subscriptions." + }, + "topicArn": { + "type": "string", + "description": "The ARN of the topic to subscribe to.", + "replaceOnChanges": true + } + }, + "required": [ + "protocol", + "topicArn" + ], + "createOnly": [ + "endpoint", + "protocol", + "topicArn" + ], + "writeOnly": [ + "region" + ] + }, "aws-native:sns:Topic": { "cf": "AWS::SNS::Topic", "inputs": { @@ -87244,7 +90128,7 @@ }, "fifoQueue": { "type": "boolean", - "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*." + "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*." }, "fifoThroughputLimit": { "type": "string", @@ -87256,7 +90140,7 @@ }, "kmsMasterKeyId": { "type": "string", - "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper" + "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (for example ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Security best practices for Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) in the *Key Management Service Developer Guide*" }, "maximumMessageSize": { "type": "integer", @@ -87268,7 +90152,7 @@ }, "queueName": { "type": "string", - "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name." + "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name." }, "receiveMessageWaitTimeSeconds": { "type": "integer", @@ -87276,11 +90160,11 @@ }, "redriveAllowPolicy": { "$ref": "pulumi.json#/Any", - "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." + "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." }, "redrivePolicy": { "$ref": "pulumi.json#/Any", - "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." + "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is received by a consumer of the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." }, "sqsManagedSseEnabled": { "type": "boolean", @@ -87317,7 +90201,7 @@ }, "fifoQueue": { "type": "boolean", - "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.", + "description": "If set to true, creates a FIFO queue. If you don't specify this property, SQS creates a standard queue. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*.", "replaceOnChanges": true }, "fifoThroughputLimit": { @@ -87330,7 +90214,7 @@ }, "kmsMasterKeyId": { "type": "string", - "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (e.g. ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Best Practices](https://docs.aws.amazon.com/https://d0.awsstatic.com/whitepapers/aws-kms-best-practices.pdf) whitepaper" + "description": "The ID of an AWS Key Management Service (KMS) for SQS, or a custom KMS. To use the AWS managed KMS for SQS, specify a (default) alias ARN, alias name (for example ``alias/aws/sqs``), key ARN, or key ID. For more information, see the following:\n + [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html) in the *Developer Guide* \n + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) in the *API Reference* \n + [Request Parameters](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html#API_DescribeKey_RequestParameters) in the *Key Management Service API Reference* \n + The Key Management Service (KMS) section of the [Security best practices for Key Management Service](https://docs.aws.amazon.com/kms/latest/developerguide/best-practices.html) in the *Key Management Service Developer Guide*" }, "maximumMessageSize": { "type": "integer", @@ -87342,7 +90226,7 @@ }, "queueName": { "type": "string", - "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", + "description": "A name for the queue. To create a FIFO queue, the name of your FIFO queue must end with the ``.fifo`` suffix. For more information, see [Amazon SQS FIFO queues](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-fifo-queues.html) in the *Developer Guide*.\n If you don't specify a name, CFN generates a unique physical ID and uses that ID for the queue name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) in the *User Guide*. \n If you specify a name, you can't perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "replaceOnChanges": true }, "queueUrl": { @@ -87355,11 +90239,11 @@ }, "redriveAllowPolicy": { "$ref": "pulumi.json#/Any", - "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." + "description": "The string that includes the parameters for the permissions for the dead-letter queue redrive permission and which source queues can specify dead-letter queues as a JSON object. The parameters are as follows:\n + ``redrivePermission``: The permission type that defines which source queues can specify the current queue as the dead-letter queue. Valid values are:\n + ``allowAll``: (Default) Any source queues in this AWS account in the same Region can specify this queue as the dead-letter queue.\n + ``denyAll``: No source queues can specify this queue as the dead-letter queue.\n + ``byQueue``: Only queues specified by the ``sourceQueueArns`` parameter can specify this queue as the dead-letter queue.\n \n + ``sourceQueueArns``: The Amazon Resource Names (ARN)s of the source queues that can specify this queue as the dead-letter queue and redrive messages. You can specify this parameter only when the ``redrivePermission`` parameter is set to ``byQueue``. You can specify up to 10 source queue ARNs. To allow more than 10 source queues to specify dead-letter queues, set the ``redrivePermission`` parameter to ``allowAll``.\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." }, "redrivePolicy": { "$ref": "pulumi.json#/Any", - "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is delivered to the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." + "description": "The string that includes the parameters for the dead-letter queue functionality of the source queue as a JSON object. The parameters are as follows:\n + ``deadLetterTargetArn``: The Amazon Resource Name (ARN) of the dead-letter queue to which SQS moves messages after the value of ``maxReceiveCount`` is exceeded.\n + ``maxReceiveCount``: The number of times a message is received by a consumer of the source queue before being moved to the dead-letter queue. When the ``ReceiveCount`` for a message exceeds the ``maxReceiveCount`` for a queue, SQS moves the message to the dead-letter-queue.\n \n The dead-letter queue of a FIFO queue must also be a FIFO queue. Similarly, the dead-letter queue of a standard queue must also be a standard queue.\n *JSON* \n ``{ \"deadLetterTargetArn\" : String, \"maxReceiveCount\" : Integer }`` \n *YAML* \n ``deadLetterTargetArn : String`` \n ``maxReceiveCount : Integer``\n\nSearch the [CloudFormation User Guide](https://docs.aws.amazon.com/cloudformation/) for `AWS::SQS::Queue` for more information about the expected schema for this property." }, "sqsManagedSseEnabled": { "type": "boolean", @@ -88585,19 +91469,23 @@ "type": "array", "items": { "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerConfigurationDefinition" - } + }, + "description": "The definition of the Quick Setup configuration that the configuration manager deploys." }, "description": { - "type": "string" + "type": "string", + "description": "The description of the configuration." }, "name": { - "type": "string" + "type": "string", + "description": "The name of the configuration" }, "tags": { "type": "object", "additionalProperties": { "type": "string" - } + }, + "description": "Key-value pairs of metadata to assign to the configuration manager." } }, "outputs": { @@ -88605,34 +91493,42 @@ "type": "array", "items": { "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerConfigurationDefinition" - } + }, + "description": "The definition of the Quick Setup configuration that the configuration manager deploys." }, "createdAt": { - "type": "string" + "type": "string", + "description": "The datetime stamp when the configuration manager was created." }, "description": { - "type": "string" + "type": "string", + "description": "The description of the configuration." }, "lastModifiedAt": { - "type": "string" + "type": "string", + "description": "The datetime stamp when the configuration manager was last updated." }, "managerArn": { - "type": "string" + "type": "string", + "description": "The ARN of the Quick Setup configuration." }, "name": { - "type": "string" + "type": "string", + "description": "The name of the configuration" }, "statusSummaries": { "type": "array", "items": { "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerStatusSummary" - } + }, + "description": "Summaries of the state of the configuration manager. These summaries include an aggregate of the statuses from the configuration definition associated with the configuration manager. This includes deployment statuses, association statuses, drift statuses, health checks, and more." }, "tags": { "type": "object", "additionalProperties": { "type": "string" - } + }, + "description": "Key-value pairs of metadata to assign to the configuration manager." } }, "autoNamingSpec": { @@ -89593,6 +92489,13 @@ "type": "string", "description": "Name of the canary." }, + "resourcesToReplicateTags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:synthetics:CanaryResourceToTag" + }, + "description": "List of resources which canary tags should be replicated to." + }, "runConfig": { "$ref": "#/types/aws-native:synthetics:CanaryRunConfig", "description": "Provide canary run configuration" @@ -89663,6 +92566,13 @@ "description": "Name of the canary.", "replaceOnChanges": true }, + "resourcesToReplicateTags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:synthetics:CanaryResourceToTag" + }, + "description": "List of resources which canary tags should be replicated to." + }, "runConfig": { "$ref": "#/types/aws-native:synthetics:CanaryRunConfig", "description": "Provide canary run configuration" @@ -89722,6 +92632,7 @@ "code/S3ObjectVersion", "code/Script", "deleteLambdaResourcesOnCanaryDeletion", + "resourcesToReplicateTags", "runConfig/EnvironmentVariables", "startCanaryAfterCreation", "visualReference" @@ -90819,6 +93730,188 @@ "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, + "aws-native:transfer:Server": { + "cf": "AWS::Transfer::Server", + "inputs": { + "certificate": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n\u003e The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer." + }, + "domain": { + "$ref": "#/types/aws-native:transfer:ServerDomain", + "description": "Specifies the domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3." + }, + "endpointDetails": { + "$ref": "#/types/aws-native:transfer:ServerEndpointDetails", + "description": "The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint." + }, + "endpointType": { + "$ref": "#/types/aws-native:transfer:ServerEndpointType", + "description": "The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.\n\n\u003e After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType` = `VPC` .\n\u003e \n\u003e For more information, see [Discontinuing the use of VPC_ENDPOINT](https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint) .\n\u003e \n\u003e It is recommended that you use `VPC` as the `EndpointType` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT` ." + }, + "identityProviderDetails": { + "$ref": "#/types/aws-native:transfer:ServerIdentityProviderDetails", + "description": "Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED` ." + }, + "identityProviderType": { + "$ref": "#/types/aws-native:transfer:ServerIdentityProviderType", + "description": "The mode of authentication for a server. The default value is `SERVICE_MANAGED` , which allows you to store and access user credentials within the AWS Transfer Family service.\n\nUse `AWS_DIRECTORY_SERVICE` to provide access to Active Directory groups in AWS Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in AWS using AD Connector. This option also requires you to provide a Directory ID by using the `IdentityProviderDetails` parameter.\n\nUse the `API_GATEWAY` value to integrate with an identity provider of your choosing. The `API_GATEWAY` setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the `IdentityProviderDetails` parameter.\n\nUse the `AWS_LAMBDA` value to directly use an AWS Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the `Function` parameter for the `IdentityProviderDetails` data type." + }, + "loggingRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs." + }, + "postAuthenticationLoginBanner": { + "type": "string", + "description": "Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.\n\n\u003e The SFTP protocol does not support post-authentication display banners." + }, + "preAuthenticationLoginBanner": { + "type": "string", + "description": "Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:\n\n`This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.`" + }, + "protocolDetails": { + "$ref": "#/types/aws-native:transfer:ServerProtocolDetails", + "description": "The protocol settings that are configured for your server.\n\n- To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.\n- To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP` . If you set the `SetStatOption` parameter to `ENABLE_NO_OP` , Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call.\n- To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter.\n- `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported.\n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`" + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:transfer:ServerProtocol" + }, + "description": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n\u003e - If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n\u003e - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n\u003e - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n\u003e - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n\u003e - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`" + }, + "s3StorageOptions": { + "$ref": "#/types/aws-native:transfer:ServerS3StorageOptions", + "description": "Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.\n\nBy default, home directory mappings have a `TYPE` of `DIRECTORY` . If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` `Type` to `FILE` if you want a mapping to have a file target." + }, + "securityPolicyName": { + "type": "string", + "description": "Specifies the name of the security policy for the server." + }, + "structuredLogDestinations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the log groups to which your server logs are sent.\n\nTo specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:\n\n`arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*`\n\nFor example, `arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*`\n\nIf you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an `update-server` call. For example:\n\n`update-server --server-id s-1234567890abcdef0 --structured-log-destinations`" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Key-value pairs that can be used to group and search for servers." + }, + "workflowDetails": { + "$ref": "#/types/aws-native:transfer:ServerWorkflowDetails", + "description": "Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.\n\nIn addition to a workflow to execute when a file is uploaded completely, `WorkflowDetails` can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects." + } + }, + "outputs": { + "arn": { + "type": "string", + "description": "The Amazon Resource Name associated with the server, in the form `arn:aws:transfer:region: *account-id* :server/ *server-id* /` .\n\nAn example of a server ARN is: `arn:aws:transfer:us-east-1:123456789012:server/s-01234567890abcdef` ." + }, + "as2ServiceManagedEgressIpAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of egress IP addresses of this server. These IP addresses are only relevant for servers that use the AS2 protocol. They are used for sending asynchronous MDNs. These IP addresses are assigned automatically when you create an AS2 server. Additionally, if you update an existing server and add the AS2 protocol, static IP addresses are assigned as well." + }, + "certificate": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n\u003e The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer." + }, + "domain": { + "$ref": "#/types/aws-native:transfer:ServerDomain", + "description": "Specifies the domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3.", + "replaceOnChanges": true + }, + "endpointDetails": { + "$ref": "#/types/aws-native:transfer:ServerEndpointDetails", + "description": "The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint." + }, + "endpointType": { + "$ref": "#/types/aws-native:transfer:ServerEndpointType", + "description": "The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.\n\n\u003e After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType` = `VPC` .\n\u003e \n\u003e For more information, see [Discontinuing the use of VPC_ENDPOINT](https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint) .\n\u003e \n\u003e It is recommended that you use `VPC` as the `EndpointType` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT` ." + }, + "identityProviderDetails": { + "$ref": "#/types/aws-native:transfer:ServerIdentityProviderDetails", + "description": "Required when `IdentityProviderType` is set to `AWS_DIRECTORY_SERVICE` , `AWS _LAMBDA` or `API_GATEWAY` . Accepts an array containing all of the information required to use a directory in `AWS_DIRECTORY_SERVICE` or invoke a customer-supplied authentication API, including the API Gateway URL. Cannot be specified when `IdentityProviderType` is set to `SERVICE_MANAGED` ." + }, + "identityProviderType": { + "$ref": "#/types/aws-native:transfer:ServerIdentityProviderType", + "description": "The mode of authentication for a server. The default value is `SERVICE_MANAGED` , which allows you to store and access user credentials within the AWS Transfer Family service.\n\nUse `AWS_DIRECTORY_SERVICE` to provide access to Active Directory groups in AWS Directory Service for Microsoft Active Directory or Microsoft Active Directory in your on-premises environment or in AWS using AD Connector. This option also requires you to provide a Directory ID by using the `IdentityProviderDetails` parameter.\n\nUse the `API_GATEWAY` value to integrate with an identity provider of your choosing. The `API_GATEWAY` setting requires you to provide an Amazon API Gateway endpoint URL to call for authentication by using the `IdentityProviderDetails` parameter.\n\nUse the `AWS_LAMBDA` value to directly use an AWS Lambda function as your identity provider. If you choose this value, you must specify the ARN for the Lambda function in the `Function` parameter for the `IdentityProviderDetails` data type.", + "replaceOnChanges": true + }, + "loggingRole": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that allows a server to turn on Amazon CloudWatch logging for Amazon S3 or Amazon EFSevents. When set, you can view user activity in your CloudWatch logs." + }, + "postAuthenticationLoginBanner": { + "type": "string", + "description": "Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.\n\n\u003e The SFTP protocol does not support post-authentication display banners." + }, + "preAuthenticationLoginBanner": { + "type": "string", + "description": "Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:\n\n`This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.`" + }, + "protocolDetails": { + "$ref": "#/types/aws-native:transfer:ServerProtocolDetails", + "description": "The protocol settings that are configured for your server.\n\n- To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.\n- To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP` . If you set the `SetStatOption` parameter to `ENABLE_NO_OP` , Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call.\n- To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter.\n- `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported.\n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`" + }, + "protocols": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:transfer:ServerProtocol" + }, + "description": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n\u003e - If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n\u003e - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n\u003e - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n\u003e - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n\u003e - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`" + }, + "s3StorageOptions": { + "$ref": "#/types/aws-native:transfer:ServerS3StorageOptions", + "description": "Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.\n\nBy default, home directory mappings have a `TYPE` of `DIRECTORY` . If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` `Type` to `FILE` if you want a mapping to have a file target." + }, + "securityPolicyName": { + "type": "string", + "description": "Specifies the name of the security policy for the server." + }, + "serverId": { + "type": "string", + "description": "The service-assigned ID of the server that is created.\n\nAn example `ServerId` is `s-01234567890abcdef` ." + }, + "structuredLogDestinations": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specifies the log groups to which your server logs are sent.\n\nTo specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:\n\n`arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*`\n\nFor example, `arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*`\n\nIf you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an `update-server` call. For example:\n\n`update-server --server-id s-1234567890abcdef0 --structured-log-destinations`" + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + }, + "description": "Key-value pairs that can be used to group and search for servers." + }, + "workflowDetails": { + "$ref": "#/types/aws-native:transfer:ServerWorkflowDetails", + "description": "Specifies the workflow ID for the workflow to assign and the execution role that's used for executing the workflow.\n\nIn addition to a workflow to execute when a file is uploaded completely, `WorkflowDetails` can also contain a workflow ID (and execution role) for a workflow to execute on partial upload. A partial upload occurs when a file is open when the session disconnects." + } + }, + "createOnly": [ + "domain", + "identityProviderType" + ], + "writeOnly": [ + "identityProviderType" + ], + "irreversibleNames": { + "s3StorageOptions": "S3StorageOptions" + }, + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" + }, "aws-native:transfer:Workflow": { "cf": "AWS::Transfer::Workflow", "inputs": { @@ -92556,6 +95649,137 @@ "webAclArn": "WebACLArn" } }, + "aws-native:wisdom:AiPrompt": { + "cf": "AWS::Wisdom::AIPrompt", + "inputs": { + "apiFormat": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptApiFormat", + "description": "The API format used for this AI Prompt." + }, + "assistantId": { + "type": "string", + "description": "The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN." + }, + "description": { + "type": "string", + "description": "The description of the AI Prompt." + }, + "modelId": { + "type": "string", + "description": "The identifier of the model used for this AI Prompt. Model Ids supported are: `CLAUDE_3_HAIKU_20240307_V1` ." + }, + "name": { + "type": "string", + "description": "The name of the AI Prompt" + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags used to organize, track, or control access for this resource." + }, + "templateConfiguration": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptTemplateConfiguration", + "description": "The configuration of the prompt template for this AI Prompt." + }, + "templateType": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptTemplateType", + "description": "The type of the prompt template for this AI Prompt." + }, + "type": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptType", + "description": "The type of this AI Prompt." + } + }, + "outputs": { + "aiPromptArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the AI Prompt." + }, + "aiPromptId": { + "type": "string", + "description": "The identifier of the Amazon Q in Connect AI prompt." + }, + "apiFormat": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptApiFormat", + "description": "The API format used for this AI Prompt.", + "replaceOnChanges": true + }, + "assistantArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the Amazon Q in Connect assistant." + }, + "assistantId": { + "type": "string", + "description": "The identifier of the Amazon Q in Connect assistant. Can be either the ID or the ARN. URLs cannot contain the ARN.", + "replaceOnChanges": true + }, + "description": { + "type": "string", + "description": "The description of the AI Prompt." + }, + "modelId": { + "type": "string", + "description": "The identifier of the model used for this AI Prompt. Model Ids supported are: `CLAUDE_3_HAIKU_20240307_V1` .", + "replaceOnChanges": true + }, + "name": { + "type": "string", + "description": "The name of the AI Prompt", + "replaceOnChanges": true + }, + "tags": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "The tags used to organize, track, or control access for this resource.", + "replaceOnChanges": true + }, + "templateConfiguration": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptTemplateConfiguration", + "description": "The configuration of the prompt template for this AI Prompt." + }, + "templateType": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptTemplateType", + "description": "The type of the prompt template for this AI Prompt.", + "replaceOnChanges": true + }, + "type": { + "$ref": "#/types/aws-native:wisdom:AiPromptAiPromptType", + "description": "The type of this AI Prompt.", + "replaceOnChanges": true + } + }, + "autoNamingSpec": { + "sdkName": "name", + "minLength": 1, + "maxLength": 255 + }, + "required": [ + "apiFormat", + "modelId", + "templateConfiguration", + "templateType", + "type" + ], + "createOnly": [ + "apiFormat", + "assistantId", + "modelId", + "name", + "tags", + "templateType", + "type" + ], + "irreversibleNames": { + "aiPromptArn": "AIPromptArn", + "aiPromptId": "AIPromptId" + }, + "tagsProperty": "tags", + "tagsStyle": "stringMap" + }, "aws-native:wisdom:Assistant": { "cf": "AWS::Wisdom::Assistant", "inputs": { @@ -92738,7 +95962,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases." + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases." }, "tags": { "type": "array", @@ -92783,7 +96007,7 @@ }, "sourceConfiguration": { "$ref": "#/types/aws-native:wisdom:KnowledgeBaseSourceConfiguration", - "description": "The source of the knowledge base content. Only set this argument for EXTERNAL knowledge bases.", + "description": "The source of the knowledge base content. Only set this argument for EXTERNAL or Managed knowledge bases.", "replaceOnChanges": true }, "tags": { @@ -93224,6 +96448,12 @@ "portalArn": { "type": "string", "description": "The ARN of the identity provider." + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } } }, "outputs": { @@ -93250,6 +96480,12 @@ "type": "string", "description": "The ARN of the identity provider.", "replaceOnChanges": true + }, + "tags": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:index:Tag" + } } }, "autoNamingSpec": { @@ -93266,7 +96502,9 @@ ], "writeOnly": [ "portalArn" - ] + ], + "tagsProperty": "tags", + "tagsStyle": "keyValueArray" }, "aws-native:workspacesweb:IpAccessSettings": { "cf": "AWS::WorkSpacesWeb::IpAccessSettings", @@ -93765,8 +97003,7 @@ "additionalProperties": { "type": "string" }, - "description": "The additional encryption context of the user settings.", - "replaceOnChanges": true + "description": "The additional encryption context of the user settings." }, "associatedPortalArns": { "type": "array", @@ -93785,8 +97022,7 @@ }, "customerManagedKey": { "type": "string", - "description": "The customer managed key used to encrypt sensitive information in the user settings.", - "replaceOnChanges": true + "description": "The customer managed key used to encrypt sensitive information in the user settings." }, "deepLinkAllowed": { "$ref": "#/types/aws-native:workspacesweb:UserSettingsEnabledType", @@ -93835,10 +97071,6 @@ "printAllowed", "uploadAllowed" ], - "createOnly": [ - "additionalEncryptionContext", - "customerManagedKey" - ], "tagsProperty": "tags", "tagsStyle": "keyValueArray" }, @@ -94148,9 +97380,6 @@ "type": "string", "description": "Name inserted into the certificate *CRL Distribution Points* extension that enables the use of an alias for the CRL distribution point. Use this value if you don't want the name of your S3 bucket to be public.\n\n\u003e The content of a Canonical Name (CNAME) record must conform to [RFC2396](https://docs.aws.amazon.com/https://www.ietf.org/rfc/rfc2396.txt) restrictions on the use of special characters in URIs. Additionally, the value of the CNAME must not include a protocol prefix such as \"http://\" or \"https://\"." }, - "customPath": { - "type": "string" - }, "enabled": { "type": "boolean", "description": "Boolean value that specifies whether certificate revocation lists (CRLs) are enabled. You can use this value to enable certificate revocation for a new CA when you call the `CreateCertificateAuthority` operation or for an existing CA when you call the `UpdateCertificateAuthority` operation." @@ -94159,12 +97388,6 @@ "type": "integer", "description": "Validity period of the CRL in days." }, - "partitioningEnabled": { - "type": "boolean" - }, - "retainExpiredCertificates": { - "type": "boolean" - }, "s3BucketName": { "type": "string", "description": "Name of the S3 bucket that contains the CRL. If you do not provide a value for the *CustomCname* argument, the name of your S3 bucket is placed into the *CRL Distribution Points* extension of the issued certificate. You can change the name of your bucket by calling the [UpdateCertificateAuthority](https://docs.aws.amazon.com/privateca/latest/APIReference/API_UpdateCertificateAuthority.html) operation. You must specify a [bucket policy](https://docs.aws.amazon.com/privateca/latest/userguide/PcaCreateCa.html#s3-policies) that allows AWS Private CA to write the CRL to your bucket.\n\n\u003e The `S3BucketName` parameter must conform to the [S3 bucket naming rules](https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html) ." @@ -94714,6 +97937,19 @@ } } }, + "aws-native:amazonmq:ConfigurationTagsEntry": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key in a key-value pair." + }, + "value": { + "type": "string", + "description": "The value in a key-value pair." + } + } + }, "aws-native:amplify:AppAutoBranchCreationConfig": { "type": "object", "properties": { @@ -94789,6 +98025,18 @@ } } }, + "aws-native:amplify:AppCacheConfig": { + "type": "object", + "properties": { + "type": { + "$ref": "#/types/aws-native:amplify:AppCacheConfigType", + "description": "The type of cache configuration to use for an Amplify app.\n\nThe `AMPLIFY_MANAGED` cache configuration automatically applies an optimized cache configuration for your app based on its platform, routing rules, and rewrite rules. This is the default setting.\n\nThe `AMPLIFY_MANAGED_NO_COOKIES` cache configuration type is the same as `AMPLIFY_MANAGED` , except that it excludes all cookies from the cache key." + } + } + }, + "aws-native:amplify:AppCacheConfigType": { + "type": "string" + }, "aws-native:amplify:AppCustomRule": { "type": "object", "properties": { @@ -95867,11 +99115,11 @@ "properties": { "destinationArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with ``amazon-apigateway-``." + "description": "The Amazon Resource Name (ARN) of the CloudWatch Logs log group or Kinesis Data Firehose delivery stream to receive access logs. If you specify a Kinesis Data Firehose delivery stream, the stream name must begin with `amazon-apigateway-` ." }, "format": { "type": "string", - "description": "A single line format of the access logs of data, as specified by selected $context variables. The format must include at least ``$context.requestId``." + "description": "A single line format of the access logs of data, as specified by selected $context variables. The format must include at least `$context.requestId` ." } } }, @@ -95940,7 +99188,7 @@ }, "loggingLevel": { "type": "string", - "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events." + "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are `OFF` , `ERROR` , and `INFO` . Choose `ERROR` to write only error-level entries to CloudWatch Logs, or choose `INFO` to include all `ERROR` events as well as extra informational events." }, "metricsEnabled": { "type": "boolean", @@ -95969,7 +99217,7 @@ }, "cacheClusterEnabled": { "type": "boolean", - "description": "Specifies whether a cache cluster is enabled for the stage." + "description": "Specifies whether a cache cluster is enabled for the stage. To activate a method-level cache, set `CachingEnabled` to `true` for a method." }, "cacheClusterSize": { "type": "string", @@ -96068,23 +99316,23 @@ "properties": { "method": { "type": "string", - "description": "The HTTP verb of a method. It is a valid field for the API entity types of ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any method. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``method`` attribute must match that of the parent entity exactly." + "description": "The HTTP verb of a method. It is a valid field for the API entity types of `METHOD` , `PATH_PARAMETER` , `QUERY_PARAMETER` , `REQUEST_HEADER` , `REQUEST_BODY` , `RESPONSE` , `RESPONSE_HEADER` , and `RESPONSE_BODY` . The default value is `*` for any method. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other `location` attributes, the child entity's `method` attribute must match that of the parent entity exactly." }, "name": { "type": "string", - "description": "The name of the targeted API entity. It is a valid and required field for the API entity types of ``AUTHORIZER``, ``MODEL``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY`` and ``RESPONSE_HEADER``. It is an invalid field for any other entity type." + "description": "The name of the targeted API entity. It is a valid and required field for the API entity types of `AUTHORIZER` , `MODEL` , `PATH_PARAMETER` , `QUERY_PARAMETER` , `REQUEST_HEADER` , `REQUEST_BODY` and `RESPONSE_HEADER` . It is an invalid field for any other entity type." }, "path": { "type": "string", - "description": "The URL path of the target. It is a valid field for the API entity types of ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``/`` for the root resource. When an applicable child entity inherits the content of another entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``path`` attribute must match that of the parent entity as a prefix." + "description": "The URL path of the target. It is a valid field for the API entity types of `RESOURCE` , `METHOD` , `PATH_PARAMETER` , `QUERY_PARAMETER` , `REQUEST_HEADER` , `REQUEST_BODY` , `RESPONSE` , `RESPONSE_HEADER` , and `RESPONSE_BODY` . The default value is `/` for the root resource. When an applicable child entity inherits the content of another entity of the same type with more general specifications of the other `location` attributes, the child entity's `path` attribute must match that of the parent entity as a prefix." }, "statusCode": { "type": "string", - "description": "The HTTP status code of a response. It is a valid field for the API entity types of ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. The default value is ``*`` for any status code. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other ``location`` attributes, the child entity's ``statusCode`` attribute must match that of the parent entity exactly." + "description": "The HTTP status code of a response. It is a valid field for the API entity types of `RESPONSE` , `RESPONSE_HEADER` , and `RESPONSE_BODY` . The default value is `*` for any status code. When an applicable child entity inherits the content of an entity of the same type with more general specifications of the other `location` attributes, the child entity's `statusCode` attribute must match that of the parent entity exactly." }, "type": { "$ref": "#/types/aws-native:apigateway:DocumentationPartLocationType", - "description": "The type of API entity to which the documentation content applies. Valid values are ``API``, ``AUTHORIZER``, ``MODEL``, ``RESOURCE``, ``METHOD``, ``PATH_PARAMETER``, ``QUERY_PARAMETER``, ``REQUEST_HEADER``, ``REQUEST_BODY``, ``RESPONSE``, ``RESPONSE_HEADER``, and ``RESPONSE_BODY``. Content inheritance does not apply to any entity of the ``API``, ``AUTHORIZER``, ``METHOD``, ``MODEL``, ``REQUEST_BODY``, or ``RESOURCE`` type." + "description": "The type of API entity to which the documentation content applies. Valid values are `API` , `AUTHORIZER` , `MODEL` , `RESOURCE` , `METHOD` , `PATH_PARAMETER` , `QUERY_PARAMETER` , `REQUEST_HEADER` , `REQUEST_BODY` , `RESPONSE` , `RESPONSE_HEADER` , and `RESPONSE_BODY` . Content inheritance does not apply to any entity of the `API` , `AUTHORIZER` , `METHOD` , `MODEL` , `REQUEST_BODY` , or `RESOURCE` type." } } }, @@ -96137,31 +99385,31 @@ "items": { "type": "string" }, - "description": "A list of request parameters whose values API Gateway caches. To be valid values for ``cacheKeyParameters``, these parameters must also be specified for Method ``requestParameters``." + "description": "A list of request parameters whose values API Gateway caches. To be valid values for `cacheKeyParameters` , these parameters must also be specified for Method `requestParameters` ." }, "cacheNamespace": { "type": "string", - "description": "Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the ``cacheNamespace``. You can specify the same ``cacheNamespace`` across resources to return the same cached data for requests to different resources." + "description": "Specifies a group of related cached parameters. By default, API Gateway uses the resource ID as the `cacheNamespace` . You can specify the same `cacheNamespace` across resources to return the same cached data for requests to different resources." }, "connectionId": { "type": "string", - "description": "The ID of the VpcLink used for the integration when ``connectionType=VPC_LINK`` and undefined, otherwise." + "description": "The ID of the VpcLink used for the integration when `connectionType=VPC_LINK` and undefined, otherwise." }, "connectionType": { "$ref": "#/types/aws-native:apigateway:MethodIntegrationConnectionType", - "description": "The type of the network connection to the integration endpoint. The valid value is ``INTERNET`` for connections through the public routable internet or ``VPC_LINK`` for private connections between API Gateway and a network load balancer in a VPC. The default value is ``INTERNET``." + "description": "The type of the network connection to the integration endpoint. The valid value is `INTERNET` for connections through the public routable internet or `VPC_LINK` for private connections between API Gateway and a network load balancer in a VPC. The default value is `INTERNET` ." }, "contentHandling": { "$ref": "#/types/aws-native:apigateway:MethodIntegrationContentHandling", - "description": "Specifies how to handle request payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors:\n If this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the ``passthroughBehavior`` is configured to support payload pass-through." + "description": "Specifies how to handle request payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT` , with the following behaviors:\n\nIf this property is not defined, the request payload will be passed through from the method request to integration request without modification, provided that the `passthroughBehavior` is configured to support payload pass-through." }, "credentials": { "type": "string", - "description": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string ``arn:aws:iam::\\*:user/\\*``. To use resource-based permissions on supported AWS services, specify null." + "description": "Specifies the credentials required for the integration, if any. For AWS integrations, three options are available. To specify an IAM Role for API Gateway to assume, use the role's Amazon Resource Name (ARN). To require that the caller's identity be passed through from the request, specify the string `arn:aws:iam::\\*:user/\\*` . To use resource-based permissions on supported AWS services, specify null." }, "integrationHttpMethod": { "type": "string", - "description": "Specifies the integration's HTTP method type. For the Type property, if you specify ``MOCK``, this property is optional. For Lambda integrations, you must set the integration method to ``POST``. For all other types, you must specify this property." + "description": "Specifies the integration's HTTP method type. For the Type property, if you specify `MOCK` , this property is optional. For Lambda integrations, you must set the integration method to `POST` . For all other types, you must specify this property." }, "integrationResponses": { "type": "array", @@ -96172,14 +99420,14 @@ }, "passthroughBehavior": { "$ref": "#/types/aws-native:apigateway:MethodIntegrationPassthroughBehavior", - "description": "Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in ``requestTemplates``. The valid value is one of the following: ``WHEN_NO_MATCH``: passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. ``WHEN_NO_TEMPLATES``: passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response. ``NEVER``: rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request." + "description": "Specifies how the method request body of an unmapped content type will be passed through the integration request to the back end without transformation. A content type is unmapped if no mapping template is defined in the integration or the content type does not match any of the mapped content types, as specified in `requestTemplates` . The valid value is one of the following: `WHEN_NO_MATCH` : passes the method request body through the integration request to the back end without transformation when the method request content type does not match any content type associated with the mapping templates defined in the integration request. `WHEN_NO_TEMPLATES` : passes the method request body through the integration request to the back end without transformation when no mapping template is defined in the integration request. If a template is defined when this option is selected, the method request of an unmapped content-type will be rejected with an HTTP 415 Unsupported Media Type response. `NEVER` : rejects the method request with an HTTP 415 Unsupported Media Type response when either the method request content type does not match any content type associated with the mapping templates defined in the integration request or no mapping template is defined in the integration request." }, "requestParameters": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of ``method.request.{location}.{name}``, where ``location`` is ``querystring``, ``path``, or ``header`` and ``name`` must be a valid and unique method request parameter name." + "description": "A key-value map specifying request parameters that are passed from the method request to the back end. The key is an integration request parameter name and the associated value is a method request parameter value or static value that must be enclosed within single quotes and pre-encoded as required by the back end. The method request parameter value must match the pattern of `method.request.{location}.{name}` , where `location` is `querystring` , `path` , or `header` and `name` must be a valid and unique method request parameter name." }, "requestTemplates": { "type": "object", @@ -96194,11 +99442,11 @@ }, "type": { "$ref": "#/types/aws-native:apigateway:MethodIntegrationType", - "description": "Specifies an API method integration type. The valid value is one of the following:\n For the HTTP and HTTP proxy integrations, each integration can specify a protocol (``http/https``), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with a ``connectionType`` of ``VPC_LINK`` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC." + "description": "Specifies an API method integration type. The valid value is one of the following:\n\nFor the HTTP and HTTP proxy integrations, each integration can specify a protocol ( `http/https` ), port and path. Standard 80 and 443 ports are supported as well as custom ports above 1024. An HTTP or HTTP proxy integration with a `connectionType` of `VPC_LINK` is referred to as a private integration and uses a VpcLink to connect API Gateway to a network load balancer of a VPC." }, "uri": { "type": "string", - "description": "Specifies Uniform Resource Identifier (URI) of the integration endpoint.\n For ``HTTP`` or ``HTTP_PROXY`` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If ``connectionType`` is ``VPC_LINK`` specify the Network Load Balancer DNS name. For ``AWS`` or ``AWS_PROXY`` integrations, the URI is of the form ``arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}``. Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}\u0026{p1}={v1}\u0026p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either ``arn:aws:apigateway:us-west-2:s3:action/GetObject\u0026Bucket={bucket}\u0026Key={key}`` or ``arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}``" + "description": "Specifies Uniform Resource Identifier (URI) of the integration endpoint.\n\nFor `HTTP` or `HTTP_PROXY` integrations, the URI must be a fully formed, encoded HTTP(S) URL according to the RFC-3986 specification for standard integrations. If `connectionType` is `VPC_LINK` specify the Network Load Balancer DNS name. For `AWS` or `AWS_PROXY` integrations, the URI is of the form `arn:aws:apigateway:{region}:{subdomain.service|service}:path|action/{service_api}` . Here, {Region} is the API Gateway region (e.g., us-east-1); {service} is the name of the integrated AWS service (e.g., s3); and {subdomain} is a designated subdomain supported by certain AWS service for fast host-name lookup. action can be used for an AWS service action-based API, using an Action={name}\u0026{p1}={v1}\u0026p2={v2}... query string. The ensuing {service_api} refers to a supported action {name} plus any required input parameters. Alternatively, path can be used for an AWS service path-based API. The ensuing service_api refers to the path to an AWS service resource, including the region of the integrated AWS service, if applicable. For example, for integration with the S3 API of GetObject, the uri can be either `arn:aws:apigateway:us-west-2:s3:action/GetObject\u0026Bucket={bucket}\u0026Key={key}` or `arn:aws:apigateway:us-west-2:s3:path/{bucket}/{key}`" } } }, @@ -96216,14 +99464,14 @@ "properties": { "contentHandling": { "$ref": "#/types/aws-native:apigateway:MethodIntegrationResponseContentHandling", - "description": "Specifies how to handle response payload content type conversions. Supported values are ``CONVERT_TO_BINARY`` and ``CONVERT_TO_TEXT``, with the following behaviors:\n If this property is not defined, the response payload will be passed through from the integration response to the method response without modification." + "description": "Specifies how to handle response payload content type conversions. Supported values are `CONVERT_TO_BINARY` and `CONVERT_TO_TEXT` , with the following behaviors:\n\nIf this property is not defined, the response payload will be passed through from the integration response to the method response without modification." }, "responseParameters": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of ``method.response.header.{name}``, where ``name`` is a valid and unique header name. The mapped non-static value must match the pattern of ``integration.response.header.{name}`` or ``integration.response.body.{JSON-expression}``, where ``name`` is a valid and unique response header name and ``JSON-expression`` is a valid JSON expression without the ``$`` prefix." + "description": "A key-value map specifying response parameters that are passed to the method response from the back end. The key is a method response header parameter name and the mapped value is an integration response header value, a static value enclosed within a pair of single quotes, or a JSON expression from the integration response body. The mapping key must match the pattern of `method.response.header.{name}` , where `name` is a valid and unique header name. The mapped non-static value must match the pattern of `integration.response.header.{name}` or `integration.response.body.{JSON-expression}` , where `name` is a valid and unique response header name and `JSON-expression` is a valid JSON expression without the `$` prefix." }, "responseTemplates": { "type": "object", @@ -96234,7 +99482,7 @@ }, "selectionPattern": { "type": "string", - "description": "Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the ``.+`` regex to match error response. However, make sure that the error response does not contain any newline (``\\n``) character in such cases. If the back end is an LAMlong function, the LAMlong function error header is matched. For all other HTTP and AWS back ends, the HTTP status code is matched." + "description": "Specifies the regular expression (regex) pattern used to choose an integration response based on the response from the back end. For example, if the success response returns nothing and the error response returns some string, you could use the `.+` regex to match error response. However, make sure that the error response does not contain any newline ( `\\n` ) character in such cases. If the back end is an AWS Lambda function, the AWS Lambda function error header is matched. For all other HTTP and AWS back ends, the HTTP status code is matched." }, "statusCode": { "type": "string", @@ -96270,7 +99518,7 @@ } ] }, - "description": "A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern ``method.response.header.{name}``, where ``name`` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in ``integration.response.header.{name}``, a static value enclosed within a pair of single quotes (e.g., ``'application/json'``), or a JSON expression from the back-end response payload in the form of ``integration.response.body.{JSON-expression}``, where ``JSON-expression`` is a valid JSON expression without the ``$`` prefix.)" + "description": "A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern `method.response.header.{name}` , where `name` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in `integration.response.header.{name}` , a static value enclosed within a pair of single quotes (e.g., `'application/json'` ), or a JSON expression from the back-end response payload in the form of `integration.response.body.{JSON-expression}` , where `JSON-expression` is a valid JSON expression without the `$` prefix.)" }, "statusCode": { "type": "string", @@ -96286,14 +99534,14 @@ "items": { "type": "string" }, - "description": "A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is ``\"EDGE\"``. For a regional API and its custom domain name, the endpoint type is ``REGIONAL``. For a private API, the endpoint type is ``PRIVATE``." + "description": "A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is `\"EDGE\"` . For a regional API and its custom domain name, the endpoint type is `REGIONAL` . For a private API, the endpoint type is `PRIVATE` ." }, "vpcEndpointIds": { "type": "array", "items": { "type": "string" }, - "description": "A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for ``PRIVATE`` endpoint type." + "description": "A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for `PRIVATE` endpoint type." } } }, @@ -96393,7 +99641,7 @@ }, "loggingLevel": { "type": "string", - "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are ``OFF``, ``ERROR``, and ``INFO``. Choose ``ERROR`` to write only error-level entries to CloudWatch Logs, or choose ``INFO`` to include all ``ERROR`` events as well as extra informational events." + "description": "Specifies the logging level for this method, which affects the log entries pushed to Amazon CloudWatch Logs. Valid values are `OFF` , `ERROR` , and `INFO` . Choose `ERROR` to write only error-level entries to CloudWatch Logs, or choose `INFO` to include all `ERROR` events as well as extra informational events." }, "metricsEnabled": { "type": "boolean", @@ -96483,12 +99731,10 @@ "type": "object", "properties": { "burstLimit": { - "type": "integer", - "description": "The API target request burst rate limit. This allows more requests through for a period of time than the target rate limit." + "type": "integer" }, "rateLimit": { - "type": "number", - "description": "The API target request rate limit." + "type": "number" } } }, @@ -98298,7 +101544,8 @@ "type": "object", "properties": { "maxPageSize": { - "type": "integer" + "type": "integer", + "description": "The maximum number of records that Amazon AppFlow receives in each page of the response from your SAP application. For transfers of OData records, the maximum page size is 3,000. For transfers of data that comes from an ODP provider, the maximum page size is 10,000." } } }, @@ -98306,7 +101553,8 @@ "type": "object", "properties": { "maxParallelism": { - "type": "integer" + "type": "integer", + "description": "The maximum number of processes that Amazon AppFlow runs at the same time when it retrieves your data from your SAP application." } } }, @@ -98318,10 +101566,12 @@ "description": "The object path specified in the SAPOData flow source." }, "paginationConfig": { - "$ref": "#/types/aws-native:appflow:FlowSapoDataPaginationConfig" + "$ref": "#/types/aws-native:appflow:FlowSapoDataPaginationConfig", + "description": "Sets the page size for each concurrent process that transfers OData records from your SAP instance." }, "parallelismConfig": { - "$ref": "#/types/aws-native:appflow:FlowSapoDataParallelismConfig" + "$ref": "#/types/aws-native:appflow:FlowSapoDataParallelismConfig", + "description": "Sets the number of concurrent processes that transfers OData records from your SAP instance." } } }, @@ -99572,6 +102822,9 @@ "aws-native:applicationsignals:ServiceLevelObjectiveDurationUnit": { "type": "string" }, + "aws-native:applicationsignals:ServiceLevelObjectiveEvaluationType": { + "type": "string" + }, "aws-native:applicationsignals:ServiceLevelObjectiveGoal": { "type": "object", "properties": { @@ -99667,6 +102920,79 @@ } } }, + "aws-native:applicationsignals:ServiceLevelObjectiveMonitoredRequestCountMetric": { + "type": "object", + "properties": { + "badCountMetric": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveMetricDataQuery" + }, + "description": "If you want to count \"bad requests\" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as \"bad requests\" in this structure." + }, + "goodCountMetric": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveMetricDataQuery" + }, + "description": "If you want to count \"good requests\" to determine the percentage of successful requests for this request-based SLO, specify the metric to use as \"good requests\" in this structure." + } + } + }, + "aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSli": { + "type": "object", + "properties": { + "comparisonOperator": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliComparisonOperator", + "description": "The arithmetic operation used when comparing the specified metric to the threshold." + }, + "metricThreshold": { + "type": "number", + "description": "The value that the SLI metric is compared to." + }, + "requestBasedSliMetric": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliMetric", + "description": "A structure that contains information about the metric that the SLO monitors." + } + } + }, + "aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliComparisonOperator": { + "type": "string" + }, + "aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliMetric": { + "type": "object", + "properties": { + "keyAttributes": { + "type": "object", + "additionalProperties": { + "type": "string" + }, + "description": "This is a string-to-string map that contains information about the type of object that this SLO is related to. It can include the following fields.\n\n- `Type` designates the type of object that this SLO is related to.\n- `ResourceType` specifies the type of the resource. This field is used only when the value of the `Type` field is `Resource` or `AWS::Resource` .\n- `Name` specifies the name of the object. This is used only if the value of the `Type` field is `Service` , `RemoteService` , or `AWS::Service` .\n- `Identifier` identifies the resource objects of this resource. This is used only if the value of the `Type` field is `Resource` or `AWS::Resource` .\n- `Environment` specifies the location where this object is hosted, or what it belongs to." + }, + "metricType": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliMetricMetricType", + "description": "If the SLO monitors either the LATENCY or AVAILABILITY metric that Application Signals collects, this field displays which of those metrics is used." + }, + "monitoredRequestCountMetric": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveMonitoredRequestCountMetric", + "description": "Use this structure to define the metric that you want to use as the \"good request\" or \"bad request\" value for a request-based SLO. This value observed for the metric defined in `TotalRequestCountMetric` will be divided by the number found for `MonitoredRequestCountMetric` to determine the percentage of successful requests that this SLO tracks." + }, + "operationName": { + "type": "string", + "description": "If the SLO monitors a specific operation of the service, this field displays that operation name." + }, + "totalRequestCountMetric": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:applicationsignals:ServiceLevelObjectiveMetricDataQuery" + }, + "description": "This structure defines the metric that is used as the \"total requests\" number for a request-based SLO. The number observed for this metric is divided by the number of \"good requests\" or \"bad requests\" that is observed for the metric defined in `MonitoredRequestCountMetric`." + } + } + }, + "aws-native:applicationsignals:ServiceLevelObjectiveRequestBasedSliMetricMetricType": { + "type": "string" + }, "aws-native:applicationsignals:ServiceLevelObjectiveRollingInterval": { "type": "object", "properties": { @@ -100389,6 +103715,176 @@ } } }, + "aws-native:appsync:DataSourceAuthorizationConfig": { + "type": "object", + "properties": { + "authorizationType": { + "type": "string", + "description": "The authorization type that the HTTP endpoint requires." + }, + "awsIamConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceAwsIamConfig", + "description": "The AWS Identity and Access Management settings." + } + } + }, + "aws-native:appsync:DataSourceAwsIamConfig": { + "type": "object", + "properties": { + "signingRegion": { + "type": "string", + "description": "The signing Region for AWS Identity and Access Management authorization." + }, + "signingServiceName": { + "type": "string", + "description": "The signing service name for AWS Identity and Access Management authorization." + } + } + }, + "aws-native:appsync:DataSourceDeltaSyncConfig": { + "type": "object", + "properties": { + "baseTableTtl": { + "type": "string", + "description": "The number of minutes that an Item is stored in the data source." + }, + "deltaSyncTableName": { + "type": "string", + "description": "The Delta Sync table name." + }, + "deltaSyncTableTtl": { + "type": "string", + "description": "The number of minutes that a Delta Sync log entry is stored in the Delta Sync table." + } + }, + "irreversibleNames": { + "baseTableTtl": "BaseTableTTL", + "deltaSyncTableTtl": "DeltaSyncTableTTL" + } + }, + "aws-native:appsync:DataSourceDynamoDbConfig": { + "type": "object", + "properties": { + "awsRegion": { + "type": "string", + "description": "The AWS Region." + }, + "deltaSyncConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceDeltaSyncConfig", + "description": "The DeltaSyncConfig for a versioned datasource." + }, + "tableName": { + "type": "string", + "description": "The table name." + }, + "useCallerCredentials": { + "type": "boolean", + "description": "Set to TRUE to use AWS Identity and Access Management with this data source." + }, + "versioned": { + "type": "boolean", + "description": "Set to TRUE to use Conflict Detection and Resolution with this data source." + } + } + }, + "aws-native:appsync:DataSourceElasticsearchConfig": { + "type": "object", + "properties": { + "awsRegion": { + "type": "string", + "description": "The AWS Region." + }, + "endpoint": { + "type": "string", + "description": "The endpoint." + } + } + }, + "aws-native:appsync:DataSourceEventBridgeConfig": { + "type": "object", + "properties": { + "eventBusArn": { + "type": "string", + "description": "ARN for the EventBridge bus." + } + } + }, + "aws-native:appsync:DataSourceHttpConfig": { + "type": "object", + "properties": { + "authorizationConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceAuthorizationConfig", + "description": "The authorization configuration." + }, + "endpoint": { + "type": "string", + "description": "The endpoint." + } + } + }, + "aws-native:appsync:DataSourceLambdaConfig": { + "type": "object", + "properties": { + "lambdaFunctionArn": { + "type": "string", + "description": "The ARN for the Lambda function." + } + } + }, + "aws-native:appsync:DataSourceMetricsConfig": { + "type": "string" + }, + "aws-native:appsync:DataSourceOpenSearchServiceConfig": { + "type": "object", + "properties": { + "awsRegion": { + "type": "string", + "description": "The AWS Region." + }, + "endpoint": { + "type": "string", + "description": "The endpoint." + } + } + }, + "aws-native:appsync:DataSourceRdsHttpEndpointConfig": { + "type": "object", + "properties": { + "awsRegion": { + "type": "string", + "description": "AWS Region for RDS HTTP endpoint." + }, + "awsSecretStoreArn": { + "type": "string", + "description": "The ARN for database credentials stored in AWS Secrets Manager." + }, + "databaseName": { + "type": "string", + "description": "Logical database name." + }, + "dbClusterIdentifier": { + "type": "string", + "description": "Amazon RDS cluster Amazon Resource Name (ARN)." + }, + "schema": { + "type": "string", + "description": "Logical schema name." + } + } + }, + "aws-native:appsync:DataSourceRelationalDatabaseConfig": { + "type": "object", + "properties": { + "rdsHttpEndpointConfig": { + "$ref": "#/types/aws-native:appsync:DataSourceRdsHttpEndpointConfig", + "description": "Information about the Amazon RDS resource." + }, + "relationalDatabaseSourceType": { + "type": "string", + "description": "The type of relational data source." + } + } + }, "aws-native:appsync:FunctionConfigurationAppSyncRuntime": { "type": "object", "properties": { @@ -100730,7 +104226,7 @@ "properties": { "s3AclOption": { "$ref": "#/types/aws-native:athena:WorkGroupS3AclOption", - "description": "The Amazon S3 canned ACL that Athena should specify when storing query results. Currently the only supported canned ACL is `BUCKET_OWNER_FULL_CONTROL` . If a query runs in a workgroup and the workgroup overrides client-side settings, then the Amazon S3 canned ACL specified in the workgroup's settings is used for all queries that run in the workgroup. For more information about Amazon S3 canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* ." + "description": "The Amazon S3 canned ACL that Athena should specify when storing query results, including data files inserted by Athena as the result of statements like CTAS or INSERT INTO. Currently the only supported canned ACL is `BUCKET_OWNER_FULL_CONTROL` . If a query runs in a workgroup and the workgroup overrides client-side settings, then the Amazon S3 canned ACL specified in the workgroup's settings is used for all queries that run in the workgroup. For more information about Amazon S3 canned ACLs, see [Canned ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl) in the *Amazon S3 User Guide* ." } }, "irreversibleNames": { @@ -100754,7 +104250,7 @@ }, "enforceWorkGroupConfiguration": { "type": "boolean", - "description": "If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." + "description": "If set to \"true\", the settings for the workgroup override client-side settings. If set to \"false\", client-side settings are used. For more information, see [Override client-side settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." }, "engineVersion": { "$ref": "#/types/aws-native:athena:WorkGroupEngineVersion", @@ -100774,7 +104270,7 @@ }, "resultConfiguration": { "$ref": "#/types/aws-native:athena:WorkGroupResultConfiguration", - "description": "Specifies the location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. For more information, see [Working with Query Results, Output Files, and Query History](https://docs.aws.amazon.com/athena/latest/ug/querying.html) ." + "description": "Specifies the location in Amazon S3 where query results are stored and the encryption option, if any, used for query results. For more information, see [Work with query results and recent queries](https://docs.aws.amazon.com/athena/latest/ug/querying.html) ." } } }, @@ -100863,7 +104359,7 @@ }, "encryptionConfiguration": { "$ref": "#/types/aws-native:athena:WorkGroupEncryptionConfiguration", - "description": "If query results are encrypted in Amazon S3, indicates the encryption option used (for example, `SSE_KMS` or `CSE_KMS` ) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See `EnforceWorkGroupConfiguration` and [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." + "description": "If query results are encrypted in Amazon S3, indicates the encryption option used (for example, `SSE_KMS` or `CSE_KMS` ) and key information. This is a client-side setting. If workgroup settings override client-side settings, then the query uses the encryption configuration that is specified for the workgroup, and also uses the location for storing query results specified in the workgroup. See `EnforceWorkGroupConfiguration` and [Override client-side settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." }, "expectedBucketOwner": { "type": "string", @@ -100871,7 +104367,7 @@ }, "outputLocation": { "type": "string", - "description": "The location in Amazon S3 where your query results are stored, such as `s3://path/to/query/bucket/` . To run a query, you must specify the query results location using either a client-side setting for individual queries or a location specified by the workgroup. If workgroup settings override client-side settings, then the query uses the location specified for the workgroup. If no query location is set, Athena issues an error. For more information, see [Working with Query Results, Output Files, and Query History](https://docs.aws.amazon.com/athena/latest/ug/querying.html) and `EnforceWorkGroupConfiguration` ." + "description": "The location in Amazon S3 where your query results are stored, such as `s3://path/to/query/bucket/` . To run a query, you must specify the query results location using either a client-side setting for individual queries or a location specified by the workgroup. If workgroup settings override client-side settings, then the query uses the location specified for the workgroup. If no query location is set, Athena issues an error. For more information, see [Work with query results and recent queries](https://docs.aws.amazon.com/athena/latest/ug/querying.html) and `EnforceWorkGroupConfiguration` ." } } }, @@ -100900,7 +104396,7 @@ }, "removeEncryptionConfiguration": { "type": "boolean", - "description": "If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the EncryptionConfiguration in ResultConfigurationUpdates (the client-side setting), the EncryptionConfiguration in the workgroup's ResultConfiguration will be updated with the new value. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." + "description": "If set to \"true\", indicates that the previously-specified encryption configuration (also known as the client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the EncryptionConfiguration in ResultConfigurationUpdates (the client-side setting), the EncryptionConfiguration in the workgroup's ResultConfiguration will be updated with the new value. For more information, see [Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." }, "removeExpectedBucketOwner": { "type": "boolean", @@ -100908,7 +104404,7 @@ }, "removeOutputLocation": { "type": "boolean", - "description": "If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the OutputLocation in ResultConfigurationUpdates (the client-side setting), the OutputLocation in the workgroup's ResultConfiguration will be updated with the new value. For more information, see [Workgroup Settings Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." + "description": "If set to \"true\", indicates that the previously-specified query results location (also known as a client-side setting) for queries in this workgroup should be ignored and set to null. If set to \"false\" or not set, and a value is present in the OutputLocation in ResultConfigurationUpdates (the client-side setting), the OutputLocation in the workgroup's ResultConfiguration will be updated with the new value. For more information, see [Override Client-Side Settings](https://docs.aws.amazon.com/athena/latest/ug/workgroups-settings-override.html) ." } } }, @@ -100951,7 +104447,7 @@ "properties": { "serviceName": { "type": "string", - "description": "The name of the AWS-service ." + "description": "The name of the AWS service ." } } }, @@ -101507,6 +105003,17 @@ } } }, + "aws-native:autoscaling:AutoScalingGroupTrafficSourceIdentifier": { + "type": "object", + "properties": { + "identifier": { + "type": "string" + }, + "type": { + "type": "string" + } + } + }, "aws-native:autoscaling:AutoScalingGroupVCpuCountRequest": { "type": "object", "properties": { @@ -101955,9 +105462,15 @@ } } }, + "aws-native:b2bi:CapabilityDirection": { + "type": "string" + }, "aws-native:b2bi:CapabilityEdiConfiguration": { "type": "object", "properties": { + "capabilityDirection": { + "$ref": "#/types/aws-native:b2bi:CapabilityDirection" + }, "inputLocation": { "$ref": "#/types/aws-native:b2bi:CapabilityS3Location" }, @@ -102038,6 +105551,37 @@ "aws-native:b2bi:CapabilityX12Version": { "type": "string" }, + "aws-native:b2bi:PartnershipCapabilityOptions": { + "type": "object", + "properties": { + "outboundEdi": { + "$ref": "#/types/aws-native:b2bi:PartnershipOutboundEdiOptionsProperties", + "description": "A structure that contains the outbound EDI options." + } + } + }, + "aws-native:b2bi:PartnershipOutboundEdiOptions0Properties": { + "type": "object", + "properties": { + "x12": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12Envelope" + } + }, + "irreversibleNames": { + "x12": "X12" + } + }, + "aws-native:b2bi:PartnershipOutboundEdiOptionsProperties": { + "type": "object", + "properties": { + "x12": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12Envelope" + } + }, + "irreversibleNames": { + "x12": "X12" + } + }, "aws-native:b2bi:PartnershipTag": { "type": "object", "properties": { @@ -102051,6 +105595,85 @@ } } }, + "aws-native:b2bi:PartnershipX12Delimiters": { + "type": "object", + "properties": { + "componentSeparator": { + "type": "string" + }, + "dataElementSeparator": { + "type": "string" + }, + "segmentTerminator": { + "type": "string" + } + } + }, + "aws-native:b2bi:PartnershipX12Envelope": { + "type": "object", + "properties": { + "common": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12OutboundEdiHeaders" + } + } + }, + "aws-native:b2bi:PartnershipX12FunctionalGroupHeaders": { + "type": "object", + "properties": { + "applicationReceiverCode": { + "type": "string" + }, + "applicationSenderCode": { + "type": "string" + }, + "responsibleAgencyCode": { + "type": "string" + } + } + }, + "aws-native:b2bi:PartnershipX12InterchangeControlHeaders": { + "type": "object", + "properties": { + "acknowledgmentRequestedCode": { + "type": "string" + }, + "receiverId": { + "type": "string" + }, + "receiverIdQualifier": { + "type": "string" + }, + "repetitionSeparator": { + "type": "string" + }, + "senderId": { + "type": "string" + }, + "senderIdQualifier": { + "type": "string" + }, + "usageIndicatorCode": { + "type": "string" + } + } + }, + "aws-native:b2bi:PartnershipX12OutboundEdiHeaders": { + "type": "object", + "properties": { + "delimiters": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12Delimiters" + }, + "functionalGroupHeaders": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12FunctionalGroupHeaders" + }, + "interchangeControlHeaders": { + "$ref": "#/types/aws-native:b2bi:PartnershipX12InterchangeControlHeaders" + }, + "validateEdi": { + "type": "boolean" + } + } + }, "aws-native:b2bi:ProfileLogging": { "type": "string" }, @@ -102092,6 +105715,92 @@ "aws-native:b2bi:TransformerFileFormat": { "type": "string" }, + "aws-native:b2bi:TransformerFormatOptions0Properties": { + "type": "object", + "properties": { + "x12": { + "$ref": "#/types/aws-native:b2bi:TransformerX12Details" + } + }, + "irreversibleNames": { + "x12": "X12" + } + }, + "aws-native:b2bi:TransformerFormatOptionsProperties": { + "type": "object", + "properties": { + "x12": { + "$ref": "#/types/aws-native:b2bi:TransformerX12Details" + } + }, + "irreversibleNames": { + "x12": "X12" + } + }, + "aws-native:b2bi:TransformerFromFormat": { + "type": "string" + }, + "aws-native:b2bi:TransformerInputConversion": { + "type": "object", + "properties": { + "formatOptions": { + "$ref": "#/types/aws-native:b2bi:TransformerFormatOptionsProperties" + }, + "fromFormat": { + "$ref": "#/types/aws-native:b2bi:TransformerFromFormat" + } + } + }, + "aws-native:b2bi:TransformerMapping": { + "type": "object", + "properties": { + "template": { + "type": "string" + }, + "templateLanguage": { + "$ref": "#/types/aws-native:b2bi:TransformerMappingTemplateLanguage" + } + } + }, + "aws-native:b2bi:TransformerMappingTemplateLanguage": { + "type": "string" + }, + "aws-native:b2bi:TransformerOutputConversion": { + "type": "object", + "properties": { + "formatOptions": { + "$ref": "#/types/aws-native:b2bi:TransformerFormatOptionsProperties" + }, + "toFormat": { + "$ref": "#/types/aws-native:b2bi:TransformerToFormat" + } + } + }, + "aws-native:b2bi:TransformerSampleDocumentKeys": { + "type": "object", + "properties": { + "input": { + "type": "string" + }, + "output": { + "type": "string" + } + } + }, + "aws-native:b2bi:TransformerSampleDocuments": { + "type": "object", + "properties": { + "bucketName": { + "type": "string" + }, + "keys": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:b2bi:TransformerSampleDocumentKeys" + } + } + } + }, "aws-native:b2bi:TransformerStatus": { "type": "string" }, @@ -102108,6 +105817,9 @@ } } }, + "aws-native:b2bi:TransformerToFormat": { + "type": "string" + }, "aws-native:b2bi:TransformerX12Details": { "type": "object", "properties": { @@ -102447,6 +106159,23 @@ } } }, + "aws-native:backup:LogicallyAirGappedBackupVaultNotificationObjectType": { + "type": "object", + "properties": { + "backupVaultEvents": { + "type": "array", + "items": { + "type": "string" + } + }, + "snsTopicArn": { + "type": "string" + } + }, + "irreversibleNames": { + "snsTopicArn": "SNSTopicArn" + } + }, "aws-native:backup:ReportDeliveryChannelProperties": { "type": "object", "properties": { @@ -102561,6 +106290,9 @@ "aws-native:backup:RestoreTestingPlanRestoreTestingRecoveryPointType": { "type": "string" }, + "aws-native:backup:RestoreTestingPlanRestoreTestingScheduleStatus": { + "type": "string" + }, "aws-native:backup:RestoreTestingPlanTag": { "type": "object", "properties": { @@ -102931,7 +106663,7 @@ "items": { "$ref": "#/types/aws-native:batch:JobDefinitionEcsTaskProperties" }, - "description": "An object that contains the properties for the Amazon ECS task definition of a job.\n\n\u003e This object is currently limited to one element." + "description": "An object that contains the properties for the Amazon ECS task definition of a job.\n\n\u003e This object is currently limited to one task element. However, the task element can run up to 10 containers." } } }, @@ -103408,7 +107140,7 @@ "items": { "$ref": "#/types/aws-native:batch:JobDefinitionEksContainer" }, - "description": "The properties of the container that's used on the Amazon EKS pod." + "description": "The properties of the container that's used on the Amazon EKS pod.\n\n\u003e This object is limited to 10 elements." }, "dnsPolicy": { "type": "string", @@ -103429,7 +107161,7 @@ "items": { "$ref": "#/types/aws-native:batch:JobDefinitionEksContainer" }, - "description": "These containers run before application containers, always runs to completion, and must complete successfully before the next container starts. These containers are registered with the Amazon EKS Connector agent and persists the registration information in the Kubernetes backend data store. For more information, see [Init Containers](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) in the *Kubernetes documentation* .\n\n\u003e This object is limited to 10 elements" + "description": "These containers run before application containers, always runs to completion, and must complete successfully before the next container starts. These containers are registered with the Amazon EKS Connector agent and persists the registration information in the Kubernetes backend data store. For more information, see [Init Containers](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/workloads/pods/init-containers/) in the *Kubernetes documentation* .\n\n\u003e This object is limited to 10 elements." }, "metadata": { "$ref": "#/types/aws-native:batch:JobDefinitionMetadata", @@ -106116,7 +109848,7 @@ }, "vectorKnowledgeBaseConfiguration": { "$ref": "#/types/aws-native:bedrock:KnowledgeBaseVectorKnowledgeBaseConfiguration", - "description": "Contains details about the embeddings model that'sused to convert the data source." + "description": "Contains details about the model that's used to convert the data source into vector embeddings." } } }, @@ -108113,7 +111845,7 @@ "properties": { "key": { "type": "string", - "description": "*Required* . A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by Amazon Web Services ( AWS ) have the reserved prefix: `aws:` ." + "description": "*Required* . A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by AWS have the reserved prefix: `aws:` ." }, "value": { "type": "string", @@ -110024,7 +113756,7 @@ "properties": { "key": { "type": "string", - "description": "A unique identifier for the tag. The combination of tag keys and values can help you organize and categorize your resources." + "description": "A string that you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources." }, "value": { "type": "string", @@ -110491,6 +114223,13 @@ "$ref": "#/types/aws-native:codepipeline:PipelineActionTypeId", "description": "Specifies the action type and the provider of the action." }, + "commands": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The shell commands to run with your compute action in CodePipeline." + }, "configuration": { "$ref": "pulumi.json#/Any", "description": "The action's configuration. These are key-value pairs that specify input values for an action." @@ -110517,6 +114256,13 @@ }, "description": "The name or ID of the result of the action declaration, such as a test or build artifact. While the field is not a required parameter, most actions have an action configuration that requires a specified quantity of output artifacts. To refer to the action configuration specification by action provider, see the [Action structure reference](https://docs.aws.amazon.com/codepipeline/latest/userguide/action-reference.html) in the *AWS CodePipeline User Guide* ." }, + "outputVariables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The list of variables that are to be exported from the compute action." + }, "region": { "type": "string", "description": "The action declaration's AWS Region, such as us-east-1." @@ -110800,6 +114546,13 @@ "aws-native:codepipeline:PipelineOutputArtifact": { "type": "object", "properties": { + "files": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The files that you want to associate with the output artifact that will be exported from the compute action." + }, "name": { "type": "string", "description": "The name of the output of an artifact, such as \"My App\"." @@ -111191,7 +114944,7 @@ "items": { "$ref": "#/types/aws-native:cognito:UserPoolRecoveryOption" }, - "description": "The list of `RecoveryOptionTypes` ." + "description": "The list of options and priorities for user message delivery in forgot-password operations. Sets or displays user pool preferences for email or SMS message priority, whether users should fall back to a second delivery method, and whether passwords should only be reset by administrators." } } }, @@ -111212,15 +114965,15 @@ "properties": { "allowAdminCreateUserOnly": { "type": "boolean", - "description": "Set to `True` if only the administrator is allowed to create user profiles. Set to `False` if users can sign themselves up via an app." + "description": "The setting for allowing self-service sign-up. When `true` , only administrators can create new user profiles. When `false` , users can register themselves and create a new user profile with the [SignUp](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_SignUp.html) operation." }, "inviteMessageTemplate": { "$ref": "#/types/aws-native:cognito:UserPoolInviteMessageTemplate", - "description": "The message template to be used for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) ." + "description": "The template for the welcome message to new users.\n\nSee also [Customizing User Invitation Messages](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pool-settings-message-customizations.html#cognito-user-pool-settings-user-invitation-message-customization) ." }, "unusedAccountValidityDays": { "type": "integer", - "description": "The user account expiration limit, in days, after which a new account that hasn't signed in is no longer usable. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `\"RESEND\"` for the `MessageAction` parameter. The default value for this parameter is 7.\n\n\u003e If you set a value for `TemporaryPasswordValidityDays` in `PasswordPolicy` , that value will be used, and `UnusedAccountValidityDays` will be no longer be an available parameter for that user pool." + "description": "This parameter is no longer in use. Configure the duration of temporary passwords with the `TemporaryPasswordValidityDays` parameter of [PasswordPolicyType](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_PasswordPolicyType.html) . For older user pools that have a `UnusedAccountValidityDays` configuration, that value is effective until you set a value for `TemporaryPasswordValidityDays` .\n\nThe password expiration limit in days for administrator-created users. When this time expires, the user can't sign in with their temporary password. To reset the account after that time limit, you must call `AdminCreateUser` again, specifying `RESEND` for the `MessageAction` parameter.\n\nThe default value for this parameter is 7." } } }, @@ -111237,19 +114990,19 @@ "properties": { "applicationArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of an Amazon Pinpoint project. You can use the Amazon Pinpoint project for integration with the chosen user pool client. Amazon Cognito publishes events to the Amazon Pinpoint project that the app ARN declares." + "description": "The Amazon Resource Name (ARN) of an Amazon Pinpoint project that you want to connect to your user pool app client. Amazon Cognito publishes events to the Amazon Pinpoint project that `ApplicationArn` declares. You can also configure your application to pass an endpoint ID in the `AnalyticsMetadata` parameter of sign-in operations. The endpoint ID is information about the destination for push notifications" }, "applicationId": { "type": "string", - "description": "The application ID for an Amazon Pinpoint application." + "description": "Your Amazon Pinpoint project ID." }, "externalId": { "type": "string", - "description": "The external ID." + "description": "The [external ID](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) of the role that Amazon Cognito assumes to send analytics data to Amazon Pinpoint." }, "roleArn": { "type": "string", - "description": "The ARN of an AWS Identity and Access Management role that authorizes Amazon Cognito to publish events to Amazon Pinpoint analytics." + "description": "The ARN of an AWS Identity and Access Management role that has the permissions required for Amazon Cognito to publish events to Amazon Pinpoint analytics." }, "userDataShared": { "type": "boolean", @@ -111262,15 +115015,15 @@ "properties": { "accessToken": { "type": "string", - "description": "A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `AccessTokenValidity` parameter. The default `AccessTokenValidity` time unit is hours. `AccessTokenValidity` duration can range from five minutes to one day." + "description": "A time unit for the value that you set in the `AccessTokenValidity` parameter. The default `AccessTokenValidity` time unit is `hours` . `AccessTokenValidity` duration can range from five minutes to one day." }, "idToken": { "type": "string", - "description": "A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `IdTokenValidity` parameter. The default `IdTokenValidity` time unit is hours. `IdTokenValidity` duration can range from five minutes to one day." + "description": "A time unit for the value that you set in the `IdTokenValidity` parameter. The default `IdTokenValidity` time unit is `hours` . `IdTokenValidity` duration can range from five minutes to one day." }, "refreshToken": { "type": "string", - "description": "A time unit of `seconds` , `minutes` , `hours` , or `days` for the value that you set in the `RefreshTokenValidity` parameter. The default `RefreshTokenValidity` time unit is days. `RefreshTokenValidity` duration can range from 60 minutes to 10 years." + "description": "A time unit for the value that you set in the `RefreshTokenValidity` parameter. The default `RefreshTokenValidity` time unit is `days` . `RefreshTokenValidity` duration can range from 60 minutes to 10 years." } } }, @@ -111279,11 +115032,11 @@ "properties": { "lambdaArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send email notifications to users." + "description": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger." }, "lambdaVersion": { "type": "string", - "description": "The Lambda version represents the signature of the \"request\" attribute in the \"event\" information that Amazon Cognito passes to your custom email sender AWS Lambda function. The only supported value is `V1_0` ." + "description": "The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.\n\nYou must use a `LambdaVersion` of `V1_0` with a custom sender function." } } }, @@ -111292,11 +115045,11 @@ "properties": { "lambdaArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the AWS Lambda function that Amazon Cognito triggers to send SMS notifications to users." + "description": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger." }, "lambdaVersion": { "type": "string", - "description": "The Lambda version represents the signature of the \"request\" attribute in the \"event\" information Amazon Cognito passes to your custom SMS sender Lambda function. The only supported value is `V1_0` ." + "description": "The user pool trigger version of the request that Amazon Cognito sends to your Lambda function. Higher-numbered versions add fields that support new features.\n\nYou must use a `LambdaVersion` of `V1_0` with a custom sender function." } } }, @@ -111327,7 +115080,7 @@ "properties": { "configurationSet": { "type": "string", - "description": "The set of configuration rules that can be applied to emails sent using Amazon SES. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:\n\n- Event publishing – Amazon SES can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as SNS and CloudWatch.\n- IP pool management – When leasing dedicated IP addresses with Amazon SES, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets." + "description": "The set of configuration rules that can be applied to emails sent using Amazon Simple Email Service. A configuration set is applied to an email by including a reference to the configuration set in the headers of the email. Once applied, all of the rules in that configuration set are applied to the email. Configuration sets can be used to apply the following types of rules to emails:\n\n- **Event publishing** - Amazon Simple Email Service can track the number of send, delivery, open, click, bounce, and complaint events for each email sent. Use event publishing to send information about these events to other AWS services such as and Amazon CloudWatch\n- **IP pool management** - When leasing dedicated IP addresses with Amazon Simple Email Service, you can create groups of IP addresses, called dedicated IP pools. You can then associate the dedicated IP pools with configuration sets." }, "emailSendingAccount": { "type": "string", @@ -111335,7 +115088,7 @@ }, "from": { "type": "string", - "description": "Identifies either the sender's email address or the sender's name with their email address. For example, `testuser@example.com` or `Test User \u003ctestuser@example.com\u003e` . This address appears before the body of the email." + "description": "Either the sender’s email address or the sender’s name with their email address. For example, `testuser@example.com` or `Test User \u003ctestuser@example.com\u003e` . This address appears before the body of the email." }, "replyToEmailAddress": { "type": "string", @@ -111372,59 +115125,59 @@ "properties": { "createAuthChallenge": { "type": "string", - "description": "Creates an authentication challenge." + "description": "The configuration of a create auth challenge Lambda trigger, one of three triggers in the sequence of the [custom authentication challenge triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." }, "customEmailSender": { "$ref": "#/types/aws-native:cognito:UserPoolCustomEmailSender", - "description": "A custom email sender AWS Lambda trigger." + "description": "The configuration of a custom email sender Lambda trigger. This trigger routes all email notifications from a user pool to a Lambda function that delivers the message using custom logic." }, "customMessage": { "type": "string", - "description": "A custom Message AWS Lambda trigger." + "description": "A custom message Lambda trigger. This trigger is an opportunity to customize all SMS and email messages from your user pool. When a custom message trigger is active, your user pool routes all messages to a Lambda function that returns a runtime-customized message subject and body for your user pool to deliver to a user." }, "customSmsSender": { "$ref": "#/types/aws-native:cognito:UserPoolCustomSmsSender", - "description": "A custom SMS sender AWS Lambda trigger." + "description": "The configuration of a custom SMS sender Lambda trigger. This trigger routes all SMS notifications from a user pool to a Lambda function that delivers the message using custom logic." }, "defineAuthChallenge": { "type": "string", - "description": "Defines the authentication challenge." + "description": "The configuration of a define auth challenge Lambda trigger, one of three triggers in the sequence of the [custom authentication challenge triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." }, "kmsKeyId": { "type": "string", - "description": "The Amazon Resource Name of a AWS Key Management Service ( AWS KMS ) key. Amazon Cognito uses the key to encrypt codes and temporary passwords sent to `CustomEmailSender` and `CustomSMSSender` ." + "description": "The ARN of an [KMS key](https://docs.aws.amazon.com//kms/latest/developerguide/concepts.html#master_keys) . Amazon Cognito uses the key to encrypt codes and temporary passwords sent to custom sender Lambda triggers." }, "postAuthentication": { "type": "string", - "description": "A post-authentication AWS Lambda trigger." + "description": "The configuration of a [post authentication Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-authentication.html) in a user pool. This trigger can take custom actions after a user signs in." }, "postConfirmation": { "type": "string", - "description": "A post-confirmation AWS Lambda trigger." + "description": "The configuration of a [post confirmation Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-post-confirmation.html) in a user pool. This trigger can take custom actions after a user confirms their user account and their email address or phone number." }, "preAuthentication": { "type": "string", - "description": "A pre-authentication AWS Lambda trigger." + "description": "The configuration of a [pre authentication trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-authentication.html) in a user pool. This trigger can evaluate and modify user sign-in events." }, "preSignUp": { "type": "string", - "description": "A pre-registration AWS Lambda trigger." + "description": "The configuration of a [pre sign-up Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-sign-up.html) in a user pool. This trigger evaluates new users and can bypass confirmation, [link a federated user profile](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-identity-federation-consolidate-users.html) , or block sign-up requests." }, "preTokenGeneration": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the function that you want to assign to your Lambda trigger.\n\nSet this parameter for legacy purposes. If you also set an ARN in `PreTokenGenerationConfig` , its value must be identical to `PreTokenGeneration` . For new instances of pre token generation triggers, set the `LambdaArn` of `PreTokenGenerationConfig` .\n\nYou can set ``" + "description": "The legacy configuration of a [pre token generation Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html) in a user pool.\n\nSet this parameter for legacy purposes. If you also set an ARN in `PreTokenGenerationConfig` , its value must be identical to `PreTokenGeneration` . For new instances of pre token generation triggers, set the `LambdaArn` of `PreTokenGenerationConfig` ." }, "preTokenGenerationConfig": { "$ref": "#/types/aws-native:cognito:UserPoolPreTokenGenerationConfig", - "description": "The detailed configuration of a pre token generation trigger. If you also set an ARN in `PreTokenGeneration` , its value must be identical to `PreTokenGenerationConfig` ." + "description": "The detailed configuration of a [pre token generation Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-pre-token-generation.html) in a user pool. If you also set an ARN in `PreTokenGeneration` , its value must be identical to `PreTokenGenerationConfig` ." }, "userMigration": { "type": "string", - "description": "The user migration Lambda config type." + "description": "The configuration of a [migrate user Lambda trigger](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-migrate-user.html) in a user pool. This trigger can create user profiles when users sign in or attempt to reset their password with credentials that don't exist yet." }, "verifyAuthChallengeResponse": { "type": "string", - "description": "Verifies the authentication challenge response." + "description": "The configuration of a verify auth challenge Lambda trigger, one of three triggers in the sequence of the [custom authentication challenge triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/user-pool-lambda-challenge.html) ." } }, "irreversibleNames": { @@ -111458,19 +115211,19 @@ }, "requireLowercase": { "type": "boolean", - "description": "In the password policy that you have set, refers to whether you have required users to use at least one lowercase letter in their password." + "description": "The requirement in a password policy that users must include at least one lowercase letter in their password." }, "requireNumbers": { "type": "boolean", - "description": "In the password policy that you have set, refers to whether you have required users to use at least one number in their password." + "description": "The requirement in a password policy that users must include at least one number in their password." }, "requireSymbols": { "type": "boolean", - "description": "In the password policy that you have set, refers to whether you have required users to use at least one symbol in their password." + "description": "The requirement in a password policy that users must include at least one symbol in their password." }, "requireUppercase": { "type": "boolean", - "description": "In the password policy that you have set, refers to whether you have required users to use at least one uppercase letter in their password." + "description": "The requirement in a password policy that users must include at least one uppercase letter in their password." }, "temporaryPasswordValidityDays": { "type": "integer", @@ -111483,7 +115236,7 @@ "properties": { "passwordPolicy": { "$ref": "#/types/aws-native:cognito:UserPoolPasswordPolicy", - "description": "The password policy." + "description": "The password policy settings for a user pool, including complexity, history, and length requirements." } } }, @@ -111505,11 +115258,11 @@ "properties": { "name": { "type": "string", - "description": "Specifies the recovery method for a user." + "description": "The recovery method that this object sets a recovery option for." }, "priority": { "type": "integer", - "description": "A positive integer specifying priority of a method with 1 being the highest priority." + "description": "Your priority preference for using the specified attribute in account recovery. The highest priority is `1` ." } } }, @@ -111518,11 +115271,11 @@ "properties": { "scopeDescription": { "type": "string", - "description": "A description of the scope." + "description": "A friendly description of a custom scope." }, "scopeName": { "type": "string", - "description": "The name of the scope." + "description": "The name of the scope. Amazon Cognito renders custom scopes in the format `resourceServerIdentifier/ScopeName` . For example, if this parameter is `exampleScope` in the resource server with the identifier `exampleResourceServer` , you request and receive the scope `exampleResourceServer/exampleScope` ." } } }, @@ -111531,11 +115284,11 @@ "properties": { "eventAction": { "type": "string", - "description": "The action to take in response to the account takeover action. Valid values are as follows:\n\n- `BLOCK` Choosing this action will block the request.\n- `MFA_IF_CONFIGURED` Present an MFA challenge if user has configured it, else allow the request.\n- `MFA_REQUIRED` Present an MFA challenge if user has configured it, else block the request.\n- `NO_ACTION` Allow the user to sign in." + "description": "The action to take for the attempted account takeover action for the associated risk level. Valid values are as follows:\n\n- `BLOCK` : Block the request.\n- `MFA_IF_CONFIGURED` : Present an MFA challenge if possible. MFA is possible if the user pool has active MFA methods that the user can set up. For example, if the user pool only supports SMS message MFA but the user doesn't have a phone number attribute, MFA setup isn't possible. If MFA setup isn't possible, allow the request.\n- `MFA_REQUIRED` : Present an MFA challenge if possible. Block the request if a user hasn't set up MFA. To sign in with required MFA, users must have an email address or phone number attribute, or a registered TOTP factor.\n- `NO_ACTION` : Take no action. Permit sign-in." }, "notify": { "type": "boolean", - "description": "Flag specifying whether to send a notification." + "description": "Determines whether Amazon Cognito sends a user a notification message when your user pools assesses a user's session at the associated risk level." } } }, @@ -111544,15 +115297,15 @@ "properties": { "highAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "Action to take for a high risk." + "description": "The action that you assign to a high-risk assessment by advanced security features." }, "lowAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "Action to take for a low risk." + "description": "The action that you assign to a low-risk assessment by advanced security features." }, "mediumAction": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionType", - "description": "Action to take for a medium risk." + "description": "The action that you assign to a medium-risk assessment by advanced security features." } } }, @@ -111561,11 +115314,11 @@ "properties": { "actions": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentAccountTakeoverActionsType", - "description": "Account takeover risk configuration actions." + "description": "A list of account-takeover actions for each level of risk that Amazon Cognito might assess with advanced security features." }, "notifyConfiguration": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyConfigurationType", - "description": "The notify configuration used to construct email notifications." + "description": "The settings for composing and sending an email message when advanced security features assesses a risk level with adaptive authentication. When you choose to notify users in `AccountTakeoverRiskConfiguration` , Amazon Cognito sends an email message using the method and template that you set with this data type." } } }, @@ -111574,7 +115327,7 @@ "properties": { "eventAction": { "type": "string", - "description": "The event action." + "description": "The action that Amazon Cognito takes when it detects compromised credentials." } } }, @@ -111583,14 +115336,14 @@ "properties": { "actions": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentCompromisedCredentialsActionsType", - "description": "The compromised credentials risk configuration actions." + "description": "Settings for the actions that you want your user pool to take when Amazon Cognito detects compromised credentials." }, "eventFilter": { "type": "array", "items": { "type": "string" }, - "description": "Perform the action for these events. The default is to perform all events if no event filter is specified." + "description": "Settings for the sign-in activity where you want to configure compromised-credentials actions. Defaults to all events." } } }, @@ -111599,23 +115352,23 @@ "properties": { "blockEmail": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyEmailType", - "description": "Email template used when a detected risk event is blocked." + "description": "The template for the email message that your user pool sends when a detected risk event is blocked." }, "from": { "type": "string", - "description": "The email address that is sending the email. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES." + "description": "The email address that sends the email message. The address must be either individually verified with Amazon Simple Email Service, or from a domain that has been verified with Amazon SES." }, "mfaEmail": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyEmailType", - "description": "The multi-factor authentication (MFA) email template used when MFA is challenged as part of a detected risk." + "description": "The template for the email message that your user pool sends when MFA is challenged in response to a detected risk." }, "noActionEmail": { "$ref": "#/types/aws-native:cognito:UserPoolRiskConfigurationAttachmentNotifyEmailType", - "description": "The email template used when a detected risk event is allowed." + "description": "The template for the email message that your user pool sends when no action is taken in response to a detected risk." }, "replyTo": { "type": "string", - "description": "The destination to which the receiver of an email should reply to." + "description": "The reply-to email address of an email template." }, "sourceArn": { "type": "string", @@ -111628,15 +115381,15 @@ "properties": { "htmlBody": { "type": "string", - "description": "The email HTML body." + "description": "The body of an email notification formatted in HTML. Choose an `HtmlBody` or a `TextBody` to send an HTML-formatted or plaintext message, respectively." }, "subject": { "type": "string", - "description": "The email subject." + "description": "The subject of the threat protection email notification." }, "textBody": { "type": "string", - "description": "The email text body." + "description": "The body of an email notification formatted in plaintext. Choose an `HtmlBody` or a `TextBody` to send an HTML-formatted or plaintext message, respectively." } } }, @@ -111648,14 +115401,14 @@ "items": { "type": "string" }, - "description": "Overrides the risk decision to always block the pre-authentication requests. The IP range is in CIDR notation, a compact representation of an IP address and its routing prefix." + "description": "An always-block IP address list. Overrides the risk decision and always blocks authentication requests. This parameter is displayed and set in CIDR notation." }, "skippedIpRangeList": { "type": "array", "items": { "type": "string" }, - "description": "Risk detection isn't performed on the IP addresses in this range list. The IP range is in CIDR notation." + "description": "An always-allow IP address list. Risk detection isn't performed on the IP addresses in this range list. This parameter is displayed and set in CIDR notation." } }, "irreversibleNames": { @@ -111672,7 +115425,7 @@ }, "developerOnlyAttribute": { "type": "boolean", - "description": "\u003e We recommend that you use [WriteAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes) in the user pool client to control how attributes can be mutated for new use cases instead of using `DeveloperOnlyAttribute` . \n\nSpecifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users will not be able to modify this attribute using their access token." + "description": "\u003e You should use [WriteAttributes](https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_UserPoolClientType.html#CognitoUserPools-Type-UserPoolClientType-WriteAttributes) in the user pool client to control how attributes can be mutated for new use cases instead of using `DeveloperOnlyAttribute` . \n\nSpecifies whether the attribute type is developer only. This attribute can only be modified by an administrator. Users won't be able to modify this attribute using their access token. For example, `DeveloperOnlyAttribute` can be modified using AdminUpdateUserAttributes but can't be updated using UpdateUserAttributes." }, "mutable": { "type": "boolean", @@ -111701,7 +115454,7 @@ "properties": { "externalId": { "type": "string", - "description": "The external ID is a value. We recommend you use `ExternalId` to add security to your IAM role, which is used to call Amazon SNS to send SMS messages for your user pool. If you provide an `ExternalId` , the Cognito User Pool uses it when attempting to assume your IAM role. You can also set your roles trust policy to require the `ExternalID` . If you use the Cognito Management Console to create a role for SMS MFA, Cognito creates a role with the required permissions and a trust policy that uses `ExternalId` ." + "description": "The external ID provides additional security for your IAM role. You can use an `ExternalId` with the IAM role that you use with Amazon SNS to send SMS messages for your user pool. If you provide an `ExternalId` , your Amazon Cognito user pool includes it in the request to assume your IAM role. You can configure the role trust policy to require that Amazon Cognito, and any principal, provide the `ExternalID` . If you use the Amazon Cognito Management Console to create a role for SMS multi-factor authentication (MFA), Amazon Cognito creates a role with the required permissions and a trust policy that demonstrates use of the `ExternalId` .\n\nFor more information about the `ExternalId` of a role, see [How to use an external ID when granting access to your AWS resources to a third party](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html) ." }, "snsCallerArn": { "type": "string", @@ -111722,7 +115475,7 @@ }, "minLength": { "type": "string", - "description": "The minimum length." + "description": "The minimum length of a string attribute value." } } }, @@ -111756,7 +115509,7 @@ "properties": { "caseSensitive": { "type": "boolean", - "description": "Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.\n\nValid values include:\n\n- **True** - Enables case sensitivity for all username input. When this option is set to `True` , users must sign in using the exact capitalization of their given username, such as \"UserName\". This is the default value.\n- **False** - Enables case insensitivity for all username input. For example, when this option is set to `False` , users can sign in using `username` , `USERNAME` , or `UserName` . This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute." + "description": "Specifies whether user name case sensitivity will be applied for all users in the user pool through Amazon Cognito APIs. For most use cases, set case sensitivity to `False` (case insensitive) as a best practice. When usernames and email addresses are case insensitive, users can sign in as the same user when they enter a different capitalization of their user name.\n\nValid values include:\n\n- **true** - Enables case sensitivity for all username input. When this option is set to `true` , users must sign in using the exact capitalization of their given username, such as \"UserName\". This is the default value.\n- **false** - Enables case insensitivity for all username input. For example, when this option is set to `false` , users can sign in using `username` , `USERNAME` , or `UserName` . This option also enables both `preferred_username` and `email` alias to be case insensitive, in addition to the `username` attribute." } } }, @@ -111765,7 +115518,7 @@ "properties": { "defaultEmailOption": { "type": "string", - "description": "The default email option." + "description": "The configuration of verification emails to contain a clickable link or a verification code.\n\nFor link, your template body must contain link text in the format `{##Click here##}` . \"Click here\" in the example is a customizable string. For code, your template body must contain a code placeholder in the format `{####}` ." }, "emailMessage": { "type": "string", @@ -112301,6 +116054,25 @@ } } }, + "aws-native:connect:AgentStatusState": { + "type": "string" + }, + "aws-native:connect:AgentStatusTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + } + } + }, + "aws-native:connect:AgentStatusType": { + "type": "string" + }, "aws-native:connect:ConstraintsProperties": { "type": "object", "properties": { @@ -113433,6 +117205,114 @@ } } }, + "aws-native:connect:UserHierarchyStructureLevelFive": { + "type": "object", + "properties": { + "hierarchyLevelArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the hierarchy level." + }, + "hierarchyLevelId": { + "type": "string", + "description": "The identifier of the hierarchy level." + }, + "name": { + "type": "string", + "description": "The name of the hierarchy level." + } + } + }, + "aws-native:connect:UserHierarchyStructureLevelFour": { + "type": "object", + "properties": { + "hierarchyLevelArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the hierarchy level." + }, + "hierarchyLevelId": { + "type": "string", + "description": "The identifier of the hierarchy level." + }, + "name": { + "type": "string", + "description": "The name of the hierarchy level." + } + } + }, + "aws-native:connect:UserHierarchyStructureLevelOne": { + "type": "object", + "properties": { + "hierarchyLevelArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the hierarchy level." + }, + "hierarchyLevelId": { + "type": "string", + "description": "The identifier of the hierarchy level." + }, + "name": { + "type": "string", + "description": "The name of the hierarchy level." + } + } + }, + "aws-native:connect:UserHierarchyStructureLevelThree": { + "type": "object", + "properties": { + "hierarchyLevelArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the hierarchy level." + }, + "hierarchyLevelId": { + "type": "string" + }, + "name": { + "type": "string", + "description": "The name of the hierarchy level." + } + } + }, + "aws-native:connect:UserHierarchyStructureLevelTwo": { + "type": "object", + "properties": { + "hierarchyLevelArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the hierarchy level." + }, + "hierarchyLevelId": { + "type": "string", + "description": "The identifier of the hierarchy level." + }, + "name": { + "type": "string", + "description": "The name of the hierarchy level." + } + } + }, + "aws-native:connect:UserHierarchyStructureProperties": { + "type": "object", + "properties": { + "levelFive": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureLevelFive" + }, + "levelFour": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureLevelFour", + "description": "The update for level four." + }, + "levelOne": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureLevelOne", + "description": "The update for level one." + }, + "levelThree": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureLevelThree", + "description": "The update for level three." + }, + "levelTwo": { + "$ref": "#/types/aws-native:connect:UserHierarchyStructureLevelTwo", + "description": "The update for level two." + } + } + }, "aws-native:connect:UserIdentityInfo": { "type": "object", "properties": { @@ -116862,6 +120742,15 @@ "aws-native:datazone:DomainUserAssignment": { "type": "string" }, + "aws-native:datazone:EnvironmentActionsAwsConsoleLinkParameters": { + "type": "object", + "properties": { + "uri": { + "type": "string", + "description": "The URI of the console link specified as part of the environment action." + } + } + }, "aws-native:datazone:EnvironmentBlueprintConfigurationRegionalParameter": { "type": "object", "properties": { @@ -118964,7 +122853,7 @@ "items": { "$ref": "#/types/aws-native:ec2:Ec2FleetInstanceRequirementsRequestAcceleratorTypesItem" }, - "description": "The accelerator types that must be on the instance type.\n\n- To include instance types with GPU hardware, specify `gpu` .\n- To include instance types with FPGA hardware, specify `fpga` .\n- To include instance types with inference hardware, specify `inference` .\n\nDefault: Any accelerator type" + "description": "The accelerator types that must be on the instance type.\n\n- To include instance types with GPU hardware, specify `gpu` .\n- To include instance types with FPGA hardware, specify `fpga` .\n\nDefault: Any accelerator type" }, "allowedInstanceTypes": { "type": "array", @@ -121169,7 +125058,7 @@ }, "destinationPrefixListId": { "type": "string", - "description": "The prefix of the AWS-service ." + "description": "The prefix of the AWS service." }, "egressOnlyInternetGatewayId": { "type": "string", @@ -121764,6 +125653,10 @@ "ipv6Support": { "type": "string", "description": "Indicates whether to enable Ipv6 Support for Vpc Attachment. Valid Values: enable | disable" + }, + "securityGroupReferencingSupport": { + "type": "string", + "description": "Indicates whether to enable Security Group referencing support for Vpc Attachment. Valid values: enable | disable" } } }, @@ -122185,7 +126078,7 @@ "items": { "$ref": "#/types/aws-native:ec2:SpotFleetInstanceRequirementsRequestAcceleratorTypesItem" }, - "description": "The accelerator types that must be on the instance type.\n\n- To include instance types with GPU hardware, specify `gpu` .\n- To include instance types with FPGA hardware, specify `fpga` .\n- To include instance types with inference hardware, specify `inference` .\n\nDefault: Any accelerator type" + "description": "The accelerator types that must be on the instance type.\n\n- To include instance types with GPU hardware, specify `gpu` .\n- To include instance types with FPGA hardware, specify `fpga` .\n\nDefault: Any accelerator type" }, "allowedInstanceTypes": { "type": "array", @@ -123263,6 +127156,104 @@ } } }, + "aws-native:ec2:VpnConnectionCloudwatchLogOptionsSpecification": { + "type": "object", + "properties": { + "logEnabled": { + "type": "boolean", + "description": "Enable or disable VPN tunnel logging feature. Default value is `False` .\n\nValid values: `True` | `False`" + }, + "logGroupArn": { + "type": "string", + "description": "The Amazon Resource Name (ARN) of the CloudWatch log group to send logs to." + }, + "logOutputFormat": { + "$ref": "#/types/aws-native:ec2:VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat", + "description": "Set log format. Default format is `json` .\n\nValid values: `json` | `text`" + } + } + }, + "aws-native:ec2:VpnConnectionCloudwatchLogOptionsSpecificationLogOutputFormat": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionIkeVersionsRequestListValue": { + "type": "object", + "properties": { + "value": { + "$ref": "#/types/aws-native:ec2:VpnConnectionIkeVersionsRequestListValueValue", + "description": "The IKE version." + } + } + }, + "aws-native:ec2:VpnConnectionIkeVersionsRequestListValueValue": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionPhase1EncryptionAlgorithmsRequestListValue": { + "type": "object", + "properties": { + "value": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue", + "description": "The value for the encryption algorithm." + } + } + }, + "aws-native:ec2:VpnConnectionPhase1EncryptionAlgorithmsRequestListValueValue": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionPhase1IntegrityAlgorithmsRequestListValue": { + "type": "object", + "properties": { + "value": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue", + "description": "The value for the integrity algorithm." + } + } + }, + "aws-native:ec2:VpnConnectionPhase1IntegrityAlgorithmsRequestListValueValue": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionPhase1dhGroupNumbersRequestListValue": { + "type": "object", + "properties": { + "value": { + "type": "integer", + "description": "The Diffie-Hellmann group number." + } + } + }, + "aws-native:ec2:VpnConnectionPhase2EncryptionAlgorithmsRequestListValue": { + "type": "object", + "properties": { + "value": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue", + "description": "The encryption algorithm." + } + } + }, + "aws-native:ec2:VpnConnectionPhase2EncryptionAlgorithmsRequestListValueValue": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionPhase2IntegrityAlgorithmsRequestListValue": { + "type": "object", + "properties": { + "value": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue", + "description": "The integrity algorithm." + } + } + }, + "aws-native:ec2:VpnConnectionPhase2IntegrityAlgorithmsRequestListValueValue": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionPhase2dhGroupNumbersRequestListValue": { + "type": "object", + "properties": { + "value": { + "type": "integer", + "description": "The Diffie-Hellmann group number." + } + } + }, "aws-native:ec2:VpnConnectionTag": { "type": "object", "properties": { @@ -123276,19 +127267,134 @@ } } }, + "aws-native:ec2:VpnConnectionVpnTunnelLogOptionsSpecification": { + "type": "object", + "properties": { + "cloudwatchLogOptions": { + "$ref": "#/types/aws-native:ec2:VpnConnectionCloudwatchLogOptionsSpecification", + "description": "Options for sending VPN tunnel logs to CloudWatch." + } + } + }, "aws-native:ec2:VpnConnectionVpnTunnelOptionsSpecification": { "type": "object", "properties": { + "dpdTimeoutAction": { + "$ref": "#/types/aws-native:ec2:VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction", + "description": "The action to take after DPD timeout occurs. Specify `restart` to restart the IKE initiation. Specify `clear` to end the IKE session.\n\nValid Values: `clear` | `none` | `restart`\n\nDefault: `clear`" + }, + "dpdTimeoutSeconds": { + "type": "integer", + "description": "The number of seconds after which a DPD timeout occurs.\n\nConstraints: A value greater than or equal to 30.\n\nDefault: `30`" + }, + "enableTunnelLifecycleControl": { + "type": "boolean", + "description": "Turn on or off tunnel endpoint lifecycle control feature." + }, + "ikeVersions": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionIkeVersionsRequestListValue" + }, + "description": "The IKE versions that are permitted for the VPN tunnel.\n\nValid values: `ikev1` | `ikev2`" + }, + "logOptions": { + "$ref": "#/types/aws-native:ec2:VpnConnectionVpnTunnelLogOptionsSpecification", + "description": "Options for logging VPN tunnel activity." + }, + "phase1EncryptionAlgorithms": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase1EncryptionAlgorithmsRequestListValue" + }, + "description": "One or more encryption algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n\nValid values: `AES128` | `AES256` | `AES128-GCM-16` | `AES256-GCM-16`" + }, + "phase1IntegrityAlgorithms": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase1IntegrityAlgorithmsRequestListValue" + }, + "description": "One or more integrity algorithms that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n\nValid values: `SHA1` | `SHA2-256` | `SHA2-384` | `SHA2-512`" + }, + "phase1LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 1 of the IKE negotiation, in seconds.\n\nConstraints: A value between 900 and 28,800.\n\nDefault: `28800`" + }, + "phase1dhGroupNumbers": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase1dhGroupNumbersRequestListValue" + }, + "description": "One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 1 IKE negotiations.\n\nValid values: `2` | `14` | `15` | `16` | `17` | `18` | `19` | `20` | `21` | `22` | `23` | `24`" + }, + "phase2EncryptionAlgorithms": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase2EncryptionAlgorithmsRequestListValue" + }, + "description": "One or more encryption algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n\nValid values: `AES128` | `AES256` | `AES128-GCM-16` | `AES256-GCM-16`" + }, + "phase2IntegrityAlgorithms": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase2IntegrityAlgorithmsRequestListValue" + }, + "description": "One or more integrity algorithms that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n\nValid values: `SHA1` | `SHA2-256` | `SHA2-384` | `SHA2-512`" + }, + "phase2LifetimeSeconds": { + "type": "integer", + "description": "The lifetime for phase 2 of the IKE negotiation, in seconds.\n\nConstraints: A value between 900 and 3,600. The value must be less than the value for `Phase1LifetimeSeconds` .\n\nDefault: `3600`" + }, + "phase2dhGroupNumbers": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:ec2:VpnConnectionPhase2dhGroupNumbersRequestListValue" + }, + "description": "One or more Diffie-Hellman group numbers that are permitted for the VPN tunnel for phase 2 IKE negotiations.\n\nValid values: `2` | `5` | `14` | `15` | `16` | `17` | `18` | `19` | `20` | `21` | `22` | `23` | `24`" + }, "preSharedKey": { "type": "string", "description": "The pre-shared key (PSK) to establish initial authentication between the virtual private gateway and customer gateway.\n Constraints: Allowed characters are alphanumeric characters, periods (.), and underscores (_). Must be between 8 and 64 characters in length and cannot start with zero (0)." }, + "rekeyFuzzPercentage": { + "type": "integer", + "description": "The percentage of the rekey window (determined by `RekeyMarginTimeSeconds` ) during which the rekey time is randomly selected.\n\nConstraints: A value between 0 and 100.\n\nDefault: `100`" + }, + "rekeyMarginTimeSeconds": { + "type": "integer", + "description": "The margin time, in seconds, before the phase 2 lifetime expires, during which the AWS side of the VPN connection performs an IKE rekey. The exact time of the rekey is randomly selected based on the value for `RekeyFuzzPercentage` .\n\nConstraints: A value between 60 and half of `Phase2LifetimeSeconds` .\n\nDefault: `270`" + }, + "replayWindowSize": { + "type": "integer", + "description": "The number of packets in an IKE replay window.\n\nConstraints: A value between 64 and 2048.\n\nDefault: `1024`" + }, + "startupAction": { + "$ref": "#/types/aws-native:ec2:VpnConnectionVpnTunnelOptionsSpecificationStartupAction", + "description": "The action to take when the establishing the tunnel for the VPN connection. By default, your customer gateway device must initiate the IKE negotiation and bring up the tunnel. Specify `start` for AWS to initiate the IKE negotiation.\n\nValid Values: `add` | `start`\n\nDefault: `add`" + }, "tunnelInsideCidr": { "type": "string", "description": "The range of inside IP addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same virtual private gateway. \n Constraints: A size /30 CIDR block from the ``169.254.0.0/16`` range. The following CIDR blocks are reserved and cannot be used:\n + ``169.254.0.0/30`` \n + ``169.254.1.0/30`` \n + ``169.254.2.0/30`` \n + ``169.254.3.0/30`` \n + ``169.254.4.0/30`` \n + ``169.254.5.0/30`` \n + ``169.254.169.252/30``" + }, + "tunnelInsideIpv6Cidr": { + "type": "string", + "description": "The range of inside IPv6 addresses for the tunnel. Any specified CIDR blocks must be unique across all VPN connections that use the same transit gateway.\n\nConstraints: A size /126 CIDR block from the local `fd00::/8` range." } + }, + "irreversibleNames": { + "dpdTimeoutAction": "DPDTimeoutAction", + "dpdTimeoutSeconds": "DPDTimeoutSeconds", + "ikeVersions": "IKEVersions", + "phase1dhGroupNumbers": "Phase1DHGroupNumbers", + "phase2dhGroupNumbers": "Phase2DHGroupNumbers" } }, + "aws-native:ec2:VpnConnectionVpnTunnelOptionsSpecificationDpdTimeoutAction": { + "type": "string" + }, + "aws-native:ec2:VpnConnectionVpnTunnelOptionsSpecificationStartupAction": { + "type": "string" + }, "aws-native:ec2:VpnGatewayTag": { "type": "object", "properties": { @@ -123370,7 +127476,7 @@ "properties": { "encryptionType": { "$ref": "#/types/aws-native:ecr:RepositoryCreationTemplateEncryptionType", - "description": "The encryption type to use.\n\nIf you use the `KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see [Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* .\n\nIf you use the `AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see [Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* ." + "description": "The encryption type to use.\n\nIf you use the `KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.\n\nIf you use the `KMS_DSSE` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the `KMS` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.\n\nIf you use the `AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.\n\nFor more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* ." }, "kmsKey": { "type": "string", @@ -123402,7 +127508,7 @@ "properties": { "encryptionType": { "$ref": "#/types/aws-native:ecr:RepositoryEncryptionType", - "description": "The encryption type to use.\n\nIf you use the `KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created. For more information, see [Protecting data using server-side encryption with an AWS KMS key stored in AWS Key Management Service (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* .\n\nIf you use the `AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm. For more information, see [Protecting data using server-side encryption with Amazon S3-managed encryption keys (SSE-S3)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) in the *Amazon Simple Storage Service Console Developer Guide* .", + "description": "The encryption type to use.\n\nIf you use the `KMS` encryption type, the contents of the repository will be encrypted using server-side encryption with AWS Key Management Service key stored in AWS KMS . When you use AWS KMS to encrypt your data, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you already created.\n\nIf you use the `KMS_DSSE` encryption type, the contents of the repository will be encrypted with two layers of encryption using server-side encryption with the AWS KMS Management Service key stored in AWS KMS . Similar to the `KMS` encryption type, you can either use the default AWS managed AWS KMS key for Amazon ECR, or specify your own AWS KMS key, which you've already created.\n\nIf you use the `AES256` encryption type, Amazon ECR uses server-side encryption with Amazon S3-managed encryption keys which encrypts the images in the repository using an AES256 encryption algorithm.\n\nFor more information, see [Amazon ECR encryption at rest](https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html) in the *Amazon Elastic Container Registry User Guide* .", "replaceOnChanges": true }, "kmsKey": { @@ -123686,14 +127792,14 @@ "items": { "type": "string" }, - "description": "The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per ``AwsVpcConfiguration``.\n All specified security groups must be from the same VPC." + "description": "The IDs of the security groups associated with the task or service. If you don't specify a security group, the default security group for the VPC is used. There's a limit of 5 security groups that can be specified per ``awsvpcConfiguration``.\n All specified security groups must be from the same VPC." }, "subnets": { "type": "array", "items": { "type": "string" }, - "description": "The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per ``AwsVpcConfiguration``.\n All specified subnets must be from the same VPC." + "description": "The IDs of the subnets associated with the task or service. There's a limit of 16 subnets that can be specified per ``awsvpcConfiguration``.\n All specified subnets must be from the same VPC." } } }, @@ -123739,7 +127845,7 @@ }, "logConfiguration": { "$ref": "#/types/aws-native:ecs:ServiceLogConfiguration", - "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/#operation/ContainerCreate) section of the [Docker Remote API](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.35/) and the ``--log-driver`` option to [docker run](https://docs.aws.amazon.com/https://docs.docker.com/engine/reference/commandline/run/).\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition. For more information about the options for different supported log drivers, see [Configure logging drivers](https://docs.aws.amazon.com/https://docs.docker.com/engine/admin/logging/overview/) in the Docker documentation.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to." + "description": "The log configuration for the container. This parameter maps to ``LogConfig`` in the docker container create command and the ``--log-driver`` option to docker run.\n By default, containers use the same logging driver that the Docker daemon uses. However, the container might use a different logging driver than the Docker daemon by specifying a log driver configuration in the container definition.\n Understand the following when specifying a log configuration for your containers.\n + Amazon ECS currently supports a subset of the logging drivers available to the Docker daemon. Additional log drivers may be available in future releases of the Amazon ECS container agent.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``,``syslog``, ``splunk``, and ``awsfirelens``.\n + This parameter requires version 1.18 of the Docker Remote API or greater on your container instance.\n + For tasks that are hosted on Amazon EC2 instances, the Amazon ECS container agent must register the available logging drivers with the ``ECS_AVAILABLE_LOGGING_DRIVERS`` environment variable before containers placed on that instance can use these log configuration options. For more information, see [Amazon ECS container agent configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n + For tasks that are on FARGATElong, because you don't have access to the underlying infrastructure your tasks are hosted on, any additional software needed must be installed outside of the task. For example, the Fluentd output aggregators or a remote host running Logstash to send Gelf logs to." }, "namespace": { "type": "string", @@ -123858,11 +127964,11 @@ }, "maximumPercent": { "type": "integer", - "description": "If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and tasks that use the EC2 launch type, the *maximum percent* value is set to the default value and is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service." + "description": "If a service is using the rolling update (``ECS``) deployment type, the ``maximumPercent`` parameter represents an upper limit on the number of your service's tasks that are allowed in the ``RUNNING`` or ``PENDING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the ``REPLICA`` service scheduler and has a ``desiredCount`` of four tasks and a ``maximumPercent`` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default ``maximumPercent`` value for a service using the ``REPLICA`` service scheduler is 200%.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state.\n You can't specify a custom ``maximumPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type.\n If the tasks in the service use the Fargate launch type, the maximum percent value is not used, although it is returned when describing your service." }, "minimumHealthyPercent": { "type": "integer", - "description": "If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. \n For services that *do not* use a load balancer, the following should be noted:\n + A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total.\n + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. \n \n For services that *do* use a load balancer, the following should be noted:\n + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n \n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value and is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state. If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service." + "description": "If a service is using the rolling update (``ECS``) deployment type, the ``minimumHealthyPercent`` represents a lower limit on the number of your service's tasks that must remain in the ``RUNNING`` state during a deployment, as a percentage of the ``desiredCount`` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a ``desiredCount`` of four tasks and a ``minimumHealthyPercent`` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks. \n For services that *do not* use a load balancer, the following should be noted:\n + A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n + If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a ``RUNNING`` state before the task is counted towards the minimum healthy percent total.\n + If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings. \n \n For services that *do* use a load balancer, the following should be noted:\n + If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n + If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n \n The default value for a replica service for ``minimumHealthyPercent`` is 100%. The default ``minimumHealthyPercent`` value for a service using the ``DAEMON`` service schedule is 0% for the CLI, the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n The minimum number of healthy tasks during a deployment is the ``desiredCount`` multiplied by the ``minimumHealthyPercent``/100, rounded up to the nearest integer value.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the ``RUNNING`` state while the container instances are in the ``DRAINING`` state.\n You can't specify a custom ``minimumHealthyPercent`` value for a service that uses either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and has tasks that use the EC2 launch type.\n If a service is using either the blue/green (``CODE_DEPLOY``) or ``EXTERNAL`` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service." } } }, @@ -123930,14 +128036,14 @@ "properties": { "logDriver": { "type": "string", - "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``logentries``,``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Using the awslogs log driver](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Custom log routing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html) in the *Amazon Elastic Container Service Developer Guide*.\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software." + "description": "The log driver to use for the container.\n For tasks on FARGATElong, the supported log drivers are ``awslogs``, ``splunk``, and ``awsfirelens``.\n For tasks hosted on Amazon EC2 instances, the supported log drivers are ``awslogs``, ``fluentd``, ``gelf``, ``json-file``, ``journald``, ``syslog``, ``splunk``, and ``awsfirelens``.\n For more information about using the ``awslogs`` log driver, see [Send Amazon ECS logs to CloudWatch](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html) in the *Amazon Elastic Container Service Developer Guide*.\n For more information about using the ``awsfirelens`` log driver, see [Send Amazon ECS logs to an service or Partner](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_firelens.html).\n If you have a custom driver that isn't listed, you can fork the Amazon ECS container agent project that's [available on GitHub](https://docs.aws.amazon.com/https://github.com/aws/amazon-ecs-agent) and customize it to work with that driver. We encourage you to submit pull requests for changes that you would like to have included. However, we don't currently provide support for running modified copies of this software." }, "options": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "The configuration options to send to the log driver. This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" + "description": "The configuration options to send to the log driver.\n The options you can specify depend on the log driver. Some of the options you can specify when you use the ``awslogs`` log driver to route logs to Amazon CloudWatch include the following:\n + awslogs-create-group Required: No Specify whether you want the log group to be created automatically. If this option isn't specified, it defaults to false. Your IAM policy must include the logs:CreateLogGroup permission before you attempt to use awslogs-create-group. + awslogs-region Required: Yes Specify the Region that the awslogs log driver is to send your Docker logs to. You can choose to send all of your logs from clusters in different Regions to a single region in CloudWatch Logs. This is so that they're all visible in one location. Otherwise, you can separate them by Region for more granularity. Make sure that the specified log group exists in the Region that you specify with this option. + awslogs-group Required: Yes Make sure to specify a log group that the awslogs log driver sends its log streams to. + awslogs-stream-prefix Required: Yes, when using the Fargate launch type.Optional for the EC2 launch type, required for the Fargate launch type. Use the awslogs-stream-prefix option to associate a log stream with the specified prefix, the container name, and the ID of the Amazon ECS task that the container belongs to. If you specify a prefix with this option, then the log stream takes the format prefix-name/container-name/ecs-task-id. If you don't specify a prefix with this option, then the log stream is named after the container ID that's assigned by the Docker daemon on the container instance. Because it's difficult to trace logs back to the container that sent them with just the Docker container ID (which is only available on the container instance), we recommend that you specify a prefix with this option. For Amazon ECS services, you can use the service name as the prefix. Doing so, you can trace log streams to the service that the container belongs to, the name of the container that sent them, and the ID of the task that the container belongs to. You must specify a stream-prefix for your logs to have your logs appear in the Log pane when using the Amazon ECS console. + awslogs-datetime-format Required: No This option defines a multiline start pattern in Python strftime format. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. One example of a use case for using this format is for parsing output such as a stack dump, which might otherwise be logged in multiple entries. The correct pattern allows it to be captured in a single entry. For more information, see awslogs-datetime-format. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + awslogs-multiline-pattern Required: No This option defines a multiline start pattern that uses a regular expression. A log message consists of a line that matches the pattern and any following lines that don’t match the pattern. The matched line is the delimiter between log messages. For more information, see awslogs-multiline-pattern. This option is ignored if awslogs-datetime-format is also configured. You cannot configure both the awslogs-datetime-format and awslogs-multiline-pattern options. Multiline logging performs regular expression parsing and matching of all log messages. This might have a negative impact on logging performance. + mode Required: No Valid values: non-blocking | blocking This option defines the delivery mode of log messages from the container to CloudWatch Logs. The delivery mode you choose affects application availability when the flow of logs from container to CloudWatch is interrupted. If you use the blocking mode and the flow of logs to CloudWatch is interrupted, calls from container code to write to the stdout and stderr streams will block. The logging thread of the application will block as a result. This may cause the application to become unresponsive and lead to container healthcheck failure. If you use the non-blocking mode, the container's logs are instead stored in an in-memory intermediate buffer configured with the max-buffer-size option. This prevents the application from becoming unresponsive when logs cannot be sent to CloudWatch. We recommend using this mode if you want to ensure service availability and are okay with some log loss. For more information, see Preventing log loss with non-blocking mode in the awslogs container log driver. + max-buffer-size Required: No Default value: 1m When non-blocking mode is used, the max-buffer-size log option controls the size of the buffer that's used for intermediate message storage. Make sure to specify an adequate buffer size based on your application. When the buffer fills up, further logs cannot be stored. Logs that cannot be stored are lost. \n To route logs using the ``splunk`` log router, you need to specify a ``splunk-token`` and a ``splunk-url``.\n When you use the ``awsfirelens`` log router to route logs to an AWS Service or AWS Partner Network destination for log storage and analytics, you can set the ``log-driver-buffer-limit`` option to limit the number of events that are buffered in memory, before being sent to the log router container. It can help to resolve potential log loss issue because high throughput might result in memory running out for the buffer inside of Docker.\n Other options you can specify when using ``awsfirelens`` to route logs depend on the destination. When you export logs to Amazon Data Firehose, you can specify the AWS Region with ``region`` and a name for the log stream with ``delivery_stream``.\n When you export logs to Amazon Kinesis Data Streams, you can specify an AWS Region with ``region`` and a data stream name with ``stream``.\n When you export logs to Amazon OpenSearch Service, you can specify options like ``Name``, ``Host`` (OpenSearch Service endpoint without protocol), ``Port``, ``Index``, ``Type``, ``Aws_auth``, ``Aws_region``, ``Suppress_Type_Name``, and ``tls``.\n When you export logs to Amazon S3, you can specify the bucket using the ``bucket`` option. You can also specify ``region``, ``total_file_size``, ``upload_timeout``, and ``use_put_object`` as options.\n This parameter requires version 1.19 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" }, "secretOptions": { "type": "array", @@ -124026,7 +128132,7 @@ "properties": { "field": { "type": "string", - "description": "The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that is applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``CPU`` and ``MEMORY``. For the ``random`` placement strategy, this field is not used." + "description": "The field to apply the placement strategy against. For the ``spread`` placement strategy, valid values are ``instanceId`` (or ``host``, which has the same effect), or any platform or custom attribute that's applied to a container instance, such as ``attribute:ecs.availability-zone``. For the ``binpack`` placement strategy, valid values are ``cpu`` and ``memory``. For the ``random`` placement strategy, this field is not used." }, "type": { "$ref": "#/types/aws-native:ecs:ServicePlacementStrategyType", @@ -124146,11 +128252,11 @@ "items": { "type": "string" }, - "description": "The command that's passed to the container. This parameter maps to ``Cmd`` in the docker conainer create command and the ``COMMAND`` parameter to docker run. If there are multiple arguments, each argument is a separated string in the array." + "description": "The command that's passed to the container. This parameter maps to ``Cmd`` in the docker container create command and the ``COMMAND`` parameter to docker run. If there are multiple arguments, each argument is a separated string in the array." }, "cpu": { "type": "integer", - "description": "The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the docker conainer create commandand the ``--cpu-shares`` option to docker run.\n This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value.\n You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.\n Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.\n On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:\n + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.\n + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.\n + *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.\n \n On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU." + "description": "The number of ``cpu`` units reserved for the container. This parameter maps to ``CpuShares`` in the docker container create commandand the ``--cpu-shares`` option to docker run.\n This field is optional for tasks using the Fargate launch type, and the only requirement is that the total amount of CPU reserved for all containers within a task be lower than the task-level ``cpu`` value.\n You can determine the number of CPU units that are available per EC2 instance type by multiplying the vCPUs listed for that instance type on the [Amazon EC2 Instances](https://docs.aws.amazon.com/ec2/instance-types/) detail page by 1,024.\n Linux containers share unallocated CPU units with other containers on the container instance with the same ratio as their allocated amount. For example, if you run a single-container task on a single-core instance type with 512 CPU units specified for that container, and that's the only task running on the container instance, that container could use the full 1,024 CPU unit share at any given time. However, if you launched another copy of the same task on that container instance, each task is guaranteed a minimum of 512 CPU units when needed. Moreover, each container could float to higher CPU usage if the other container was not using it. If both tasks were 100% active all of the time, they would be limited to 512 CPU units.\n On Linux container instances, the Docker daemon on the container instance uses the CPU value to calculate the relative CPU share ratios for running containers. The minimum valid CPU share value that the Linux kernel allows is 2, and the maximum valid CPU share value that the Linux kernel allows is 262144. However, the CPU parameter isn't required, and you can use CPU values below 2 or above 262144 in your container definitions. For CPU values below 2 (including null) or above 262144, the behavior varies based on your Amazon ECS container agent version:\n + *Agent versions less than or equal to 1.1.0:* Null and zero CPU values are passed to Docker as 0, which Docker then converts to 1,024 CPU shares. CPU values of 1 are passed to Docker as 1, which the Linux kernel converts to two CPU shares.\n + *Agent versions greater than or equal to 1.2.0:* Null, zero, and CPU values of 1 are passed to Docker as 2.\n + *Agent versions greater than or equal to 1.84.0:* CPU values greater than 256 vCPU are passed to Docker as 256, which is equivalent to 262144 CPU shares.\n \n On Windows container instances, the CPU limit is enforced as an absolute limit, or a quota. Windows containers only have access to the specified amount of CPU that's described in the task definition. A null or zero CPU value is passed to Docker as ``0``, which Windows interprets as 1% of one CPU." }, "credentialSpecs": { "type": "array", @@ -124168,49 +128274,49 @@ }, "disableNetworking": { "type": "boolean", - "description": "When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the docker conainer create command.\n This parameter is not supported for Windows containers." + "description": "When this parameter is true, networking is off within the container. This parameter maps to ``NetworkDisabled`` in the docker container create command.\n This parameter is not supported for Windows containers." }, "dnsSearchDomains": { "type": "array", "items": { "type": "string" }, - "description": "A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the docker conainer create command and the ``--dns-search`` option to docker run.\n This parameter is not supported for Windows containers." + "description": "A list of DNS search domains that are presented to the container. This parameter maps to ``DnsSearch`` in the docker container create command and the ``--dns-search`` option to docker run.\n This parameter is not supported for Windows containers." }, "dnsServers": { "type": "array", "items": { "type": "string" }, - "description": "A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the the docker conainer create command and the ``--dns`` option to docker run.\n This parameter is not supported for Windows containers." + "description": "A list of DNS servers that are presented to the container. This parameter maps to ``Dns`` in the docker container create command and the ``--dns`` option to docker run.\n This parameter is not supported for Windows containers." }, "dockerLabels": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the docker conainer create command and the ``--label`` option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" + "description": "A key/value map of labels to add to the container. This parameter maps to ``Labels`` in the docker container create command and the ``--label`` option to docker run. This parameter requires version 1.18 of the Docker Remote API or greater on your container instance. To check the Docker Remote API version on your container instance, log in to your container instance and run the following command: ``sudo docker version --format '{{.Server.APIVersion}}'``" }, "dockerSecurityOptions": { "type": "array", "items": { "type": "string" }, - "description": "A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.\n For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.\n For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*.\n This parameter maps to ``SecurityOpt`` in the docker conainer create command and the ``--security-opt`` option to docker run.\n The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"" + "description": "A list of strings to provide custom configuration for multiple security systems. This field isn't valid for containers in tasks using the Fargate launch type.\n For Linux tasks on EC2, this parameter can be used to reference custom labels for SELinux and AppArmor multi-level security systems.\n For any tasks on EC2, this parameter can be used to reference a credential spec file that configures a container for Active Directory authentication. For more information, see [Using gMSAs for Windows Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows-gmsa.html) and [Using gMSAs for Linux Containers](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/linux-gmsa.html) in the *Amazon Elastic Container Service Developer Guide*.\n This parameter maps to ``SecurityOpt`` in the docker container create command and the ``--security-opt`` option to docker run.\n The Amazon ECS container agent running on a container instance must register with the ``ECS_SELINUX_CAPABLE=true`` or ``ECS_APPARMOR_CAPABLE=true`` environment variables before containers placed on that instance can use these security options. For more information, see [Amazon ECS Container Agent Configuration](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-agent-config.html) in the *Amazon Elastic Container Service Developer Guide*.\n Valid values: \"no-new-privileges\" | \"apparmor:PROFILE\" | \"label:value\" | \"credentialspec:CredentialSpecFilePath\"" }, "entryPoint": { "type": "array", "items": { "type": "string" }, - "description": "Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead.\n The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in tthe docker conainer create command and the ``--entrypoint`` option to docker run." + "description": "Early versions of the Amazon ECS container agent don't properly handle ``entryPoint`` parameters. If you have problems using ``entryPoint``, update your container agent or enter your commands and arguments as ``command`` array items instead.\n The entry point that's passed to the container. This parameter maps to ``Entrypoint`` in tthe docker container create command and the ``--entrypoint`` option to docker run." }, "environment": { "type": "array", "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionKeyValuePair" }, - "description": "The environment variables to pass to a container. This parameter maps to ``Env`` in the docker conainer create command and the ``--env`` option to docker run.\n We don't recommend that you use plaintext environment variables for sensitive information, such as credential data." + "description": "The environment variables to pass to a container. This parameter maps to ``Env`` in the docker container create command and the ``--env`` option to docker run.\n We don't recommend that you use plaintext environment variables for sensitive information, such as credential data." }, "environmentFiles": { "type": "array", @@ -124228,7 +128334,7 @@ "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionHostEntry" }, - "description": "A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the docker conainer create command and the ``--add-host`` option to docker run.\n This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode." + "description": "A list of hostnames and IP address mappings to append to the ``/etc/hosts`` file on the container. This parameter maps to ``ExtraHosts`` in the docker container create command and the ``--add-host`` option to docker run.\n This parameter isn't supported for Windows containers or tasks that use the ``awsvpc`` network mode." }, "firelensConfiguration": { "$ref": "#/types/aws-native:ecs:TaskDefinitionFirelensConfiguration", @@ -124236,26 +128342,26 @@ }, "healthCheck": { "$ref": "#/types/aws-native:ecs:TaskDefinitionHealthCheck", - "description": "The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the docker conainer create command and the ``HEALTHCHECK`` parameter of docker run." + "description": "The container health check command and associated configuration parameters for the container. This parameter maps to ``HealthCheck`` in the docker container create command and the ``HEALTHCHECK`` parameter of docker run." }, "hostname": { "type": "string", - "description": "The hostname to use for your container. This parameter maps to ``Hostname`` in thethe docker conainer create command and the ``--hostname`` option to docker run.\n The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode." + "description": "The hostname to use for your container. This parameter maps to ``Hostname`` in thethe docker container create command and the ``--hostname`` option to docker run.\n The ``hostname`` parameter is not supported if you're using the ``awsvpc`` network mode." }, "image": { "type": "string", - "description": "The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the docker conainer create command and the ``IMAGE`` parameter of docker run.\n + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.\n + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr.\u003cregion-name\u003e.amazonaws.com/\u003crepository-name\u003e:latest`` or ``012345678910.dkr.ecr.\u003cregion-name\u003e.amazonaws.com/\u003crepository-name\u003e@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. \n + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``).\n + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``).\n + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``)." + "description": "The image used to start a container. This string is passed directly to the Docker daemon. By default, images in the Docker Hub registry are available. Other repositories are specified with either ``repository-url/image:tag`` or ``repository-url/image@digest``. Up to 255 letters (uppercase and lowercase), numbers, hyphens, underscores, colons, periods, forward slashes, and number signs are allowed. This parameter maps to ``Image`` in the docker container create command and the ``IMAGE`` parameter of docker run.\n + When a new task starts, the Amazon ECS container agent pulls the latest version of the specified image and tag for the container to use. However, subsequent updates to a repository image aren't propagated to already running tasks.\n + Images in Amazon ECR repositories can be specified by either using the full ``registry/repository:tag`` or ``registry/repository@digest``. For example, ``012345678910.dkr.ecr.\u003cregion-name\u003e.amazonaws.com/\u003crepository-name\u003e:latest`` or ``012345678910.dkr.ecr.\u003cregion-name\u003e.amazonaws.com/\u003crepository-name\u003e@sha256:94afd1f2e64d908bc90dbca0035a5b567EXAMPLE``. \n + Images in official repositories on Docker Hub use a single name (for example, ``ubuntu`` or ``mongo``).\n + Images in other repositories on Docker Hub are qualified with an organization name (for example, ``amazon/amazon-ecs-agent``).\n + Images in other online repositories are qualified further by a domain name (for example, ``quay.io/assemblyline/ubuntu``)." }, "interactive": { "type": "boolean", - "description": "When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the docker conainer create command and the ``--interactive`` option to docker run." + "description": "When this parameter is ``true``, you can deploy containerized applications that require ``stdin`` or a ``tty`` to be allocated. This parameter maps to ``OpenStdin`` in the docker container create command and the ``--interactive`` option to docker run." }, "links": { "type": "array", "items": { "type": "string" }, - "description": "The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to ``Links`` in the docker conainer create command and the ``--link`` option to docker run.\n This parameter is not supported for Windows containers.\n Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings." + "description": "The ``links`` parameter allows containers to communicate with each other without the need for port mappings. This parameter is only supported if the network mode of a task definition is ``bridge``. The ``name:internalName`` construct is analogous to ``name:alias`` in Docker links. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed.. This parameter maps to ``Links`` in the docker container create command and the ``--link`` option to docker run.\n This parameter is not supported for Windows containers.\n Containers that are collocated on a single container instance may be able to communicate with each other without requiring links or host port mappings. Network isolation is achieved on the container instance using security groups and VPC settings." }, "linuxParameters": { "$ref": "#/types/aws-native:ecs:TaskDefinitionLinuxParameters", @@ -124271,18 +128377,18 @@ }, "memoryReservation": { "type": "integer", - "description": "The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the the docker conainer create command and the ``--memory-reservation`` option to docker run.\n If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.\n For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.\n The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. \n The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers." + "description": "The soft limit (in MiB) of memory to reserve for the container. When system memory is under heavy contention, Docker attempts to keep the container memory to this soft limit. However, your container can consume more memory when it needs to, up to either the hard limit specified with the ``memory`` parameter (if applicable), or all of the available memory on the container instance, whichever comes first. This parameter maps to ``MemoryReservation`` in the docker container create command and the ``--memory-reservation`` option to docker run.\n If a task-level memory value is not specified, you must specify a non-zero integer for one or both of ``memory`` or ``memoryReservation`` in a container definition. If you specify both, ``memory`` must be greater than ``memoryReservation``. If you specify ``memoryReservation``, then that value is subtracted from the available memory resources for the container instance where the container is placed. Otherwise, the value of ``memory`` is used.\n For example, if your container normally uses 128 MiB of memory, but occasionally bursts to 256 MiB of memory for short periods of time, you can set a ``memoryReservation`` of 128 MiB, and a ``memory`` hard limit of 300 MiB. This configuration would allow the container to only reserve 128 MiB of memory from the remaining resources on the container instance, but also allow the container to consume more memory resources when needed.\n The Docker 20.10.0 or later daemon reserves a minimum of 6 MiB of memory for a container. So, don't specify less than 6 MiB of memory for your containers. \n The Docker 19.03.13-ce or earlier daemon reserves a minimum of 4 MiB of memory for a container. So, don't specify less than 4 MiB of memory for your containers." }, "mountPoints": { "type": "array", "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionMountPoint" }, - "description": "The mount points for data volumes in your container.\n This parameter maps to ``Volumes`` in the the docker conainer create command and the ``--volume`` option to docker run.\n Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives." + "description": "The mount points for data volumes in your container.\n This parameter maps to ``Volumes`` in the docker container create command and the ``--volume`` option to docker run.\n Windows containers can mount whole directories on the same drive as ``$env:ProgramData``. Windows containers can't mount directories on a different drive, and mount point can't be across drives." }, "name": { "type": "string", - "description": "The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in tthe docker conainer create command and the ``--name`` option to docker run." + "description": "The name of a container. If you're linking multiple containers together in a task definition, the ``name`` of one container can be entered in the ``links`` of another container to connect the containers. Up to 255 letters (uppercase and lowercase), numbers, underscores, and hyphens are allowed. This parameter maps to ``name`` in tthe docker container create command and the ``--name`` option to docker run." }, "portMappings": { "type": "array", @@ -124293,15 +128399,15 @@ }, "privileged": { "type": "boolean", - "description": "When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the the docker conainer create command and the ``--privileged`` option to docker run\n This parameter is not supported for Windows containers or tasks run on FARGATElong." + "description": "When this parameter is true, the container is given elevated privileges on the host container instance (similar to the ``root`` user). This parameter maps to ``Privileged`` in the docker container create command and the ``--privileged`` option to docker run\n This parameter is not supported for Windows containers or tasks run on FARGATElong." }, "pseudoTerminal": { "type": "boolean", - "description": "When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in tthe docker conainer create command and the ``--tty`` option to docker run." + "description": "When this parameter is ``true``, a TTY is allocated. This parameter maps to ``Tty`` in tthe docker container create command and the ``--tty`` option to docker run." }, "readonlyRootFilesystem": { "type": "boolean", - "description": "When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the docker conainer create command and the ``--read-only`` option to docker run.\n This parameter is not supported for Windows containers." + "description": "When this parameter is true, the container is given read-only access to its root file system. This parameter maps to ``ReadonlyRootfs`` in the docker container create command and the ``--read-only`` option to docker run.\n This parameter is not supported for Windows containers." }, "repositoryCredentials": { "$ref": "#/types/aws-native:ecs:TaskDefinitionRepositoryCredentials", @@ -124315,7 +128421,8 @@ "description": "The type and amount of a resource to assign to a container. The only supported resource is a GPU." }, "restartPolicy": { - "$ref": "#/types/aws-native:ecs:TaskDefinitionRestartPolicy" + "$ref": "#/types/aws-native:ecs:TaskDefinitionRestartPolicy", + "description": "The restart policy for a container. When you set up a restart policy, Amazon ECS can restart the container without needing to replace the task. For more information, see [Restart individual containers in Amazon ECS tasks with container restart policies](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/container-restart-policy.html) in the *Amazon Elastic Container Service Developer Guide*." }, "secrets": { "type": "array", @@ -124337,7 +128444,7 @@ "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionSystemControl" }, - "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in tthe docker conainer create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections." + "description": "A list of namespaced kernel parameters to set in the container. This parameter maps to ``Sysctls`` in tthe docker container create command and the ``--sysctl`` option to docker run. For example, you can configure ``net.ipv4.tcp_keepalive_time`` setting to maintain longer lived connections." }, "ulimits": { "type": "array", @@ -124348,18 +128455,18 @@ }, "user": { "type": "string", - "description": "The user to use inside the container. This parameter maps to ``User`` in the docker conainer create command and the ``--user`` option to docker run.\n When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.\n You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer.\n + ``user`` \n + ``user:group`` \n + ``uid`` \n + ``uid:gid`` \n + ``user:gid`` \n + ``uid:group`` \n \n This parameter is not supported for Windows containers." + "description": "The user to use inside the container. This parameter maps to ``User`` in the docker container create command and the ``--user`` option to docker run.\n When running tasks using the ``host`` network mode, don't run containers using the root user (UID 0). We recommend using a non-root user for better security.\n You can specify the ``user`` using the following formats. If specifying a UID or GID, you must specify it as a positive integer.\n + ``user`` \n + ``user:group`` \n + ``uid`` \n + ``uid:gid`` \n + ``user:gid`` \n + ``uid:group`` \n \n This parameter is not supported for Windows containers." }, "volumesFrom": { "type": "array", "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionVolumeFrom" }, - "description": "Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in tthe docker conainer create command and the ``--volumes-from`` option to docker run." + "description": "Data volumes to mount from another container. This parameter maps to ``VolumesFrom`` in tthe docker container create command and the ``--volumes-from`` option to docker run." }, "workingDirectory": { "type": "string", - "description": "The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the docker conainer create command and the ``--workdir`` option to docker run." + "description": "The working directory to run commands inside the container in. This parameter maps to ``WorkingDir`` in the docker container create command and the ``--workdir`` option to docker run." } } }, @@ -124405,7 +128512,7 @@ }, "driver": { "type": "string", - "description": "The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to ``Driver`` in the docker conainer create command and the ``xxdriver`` option to docker volume create." + "description": "The Docker volume driver to use. The driver value must match the driver name provided by Docker because it is used for task placement. If the driver was installed using the Docker plugin CLI, use ``docker plugin ls`` to retrieve the driver name from your container instance. If the driver was installed using another method, use Docker plugin discovery to retrieve the driver name. This parameter maps to ``Driver`` in the docker container create command and the ``xxdriver`` option to docker volume create." }, "driverOpts": { "type": "object", @@ -124419,7 +128526,7 @@ "additionalProperties": { "type": "string" }, - "description": "Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the docker conainer create command and the ``xxlabel`` option to docker volume create." + "description": "Custom metadata to add to your Docker volume. This parameter maps to ``Labels`` in the docker container create command and the ``xxlabel`` option to docker volume create." }, "scope": { "type": "string", @@ -124481,10 +128588,12 @@ "type": "object", "properties": { "credentialsParameter": { - "type": "string" + "type": "string", + "description": "The authorization credential option to use. The authorization credential options can be provided using either the Amazon Resource Name (ARN) of an ASMlong secret or SSM Parameter Store parameter. The ARN refers to the stored credentials." }, "domain": { - "type": "string" + "type": "string", + "description": "A fully qualified domain name hosted by an [](https://docs.aws.amazon.com/directoryservice/latest/admin-guide/directory_microsoft_ad.html) Managed Microsoft AD (Active Directory) or self-hosted AD on Amazon EC2." } } }, @@ -124529,7 +128638,7 @@ "items": { "type": "string" }, - "description": "A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. \n When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets.\n ``[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]`` \n You don't include the double quotes and brackets when you use the AWS Management Console.\n ``CMD-SHELL, curl -f http://localhost/ || exit 1`` \n An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in tthe docker conainer create command" + "description": "A string array representing the command that the container runs to determine if it is healthy. The string array must start with ``CMD`` to run the command arguments directly, or ``CMD-SHELL`` to run the command with the container's default shell. \n When you use the AWS Management Console JSON panel, the CLIlong, or the APIs, enclose the list of commands in double quotes and brackets.\n ``[ \"CMD-SHELL\", \"curl -f http://localhost/ || exit 1\" ]`` \n You don't include the double quotes and brackets when you use the AWS Management Console.\n ``CMD-SHELL, curl -f http://localhost/ || exit 1`` \n An exit code of 0 indicates success, and non-zero exit code indicates failure. For more information, see ``HealthCheck`` in tthe docker container create command" }, "interval": { "type": "integer", @@ -124592,14 +128701,14 @@ "items": { "type": "string" }, - "description": "The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the docker conainer create command and the ``--cap-add`` option to docker run.\n Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``" + "description": "The Linux capabilities for the container that have been added to the default configuration provided by Docker. This parameter maps to ``CapAdd`` in the docker container create command and the ``--cap-add`` option to docker run.\n Tasks launched on FARGATElong only support adding the ``SYS_PTRACE`` kernel capability.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``" }, "drop": { "type": "array", "items": { "type": "string" }, - "description": "The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the docker conainer create command and the ``--cap-drop`` option to docker run.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``" + "description": "The Linux capabilities for the container that have been removed from the default configuration provided by Docker. This parameter maps to ``CapDrop`` in the docker container create command and the ``--cap-drop`` option to docker run.\n Valid values: ``\"ALL\" | \"AUDIT_CONTROL\" | \"AUDIT_WRITE\" | \"BLOCK_SUSPEND\" | \"CHOWN\" | \"DAC_OVERRIDE\" | \"DAC_READ_SEARCH\" | \"FOWNER\" | \"FSETID\" | \"IPC_LOCK\" | \"IPC_OWNER\" | \"KILL\" | \"LEASE\" | \"LINUX_IMMUTABLE\" | \"MAC_ADMIN\" | \"MAC_OVERRIDE\" | \"MKNOD\" | \"NET_ADMIN\" | \"NET_BIND_SERVICE\" | \"NET_BROADCAST\" | \"NET_RAW\" | \"SETFCAP\" | \"SETGID\" | \"SETPCAP\" | \"SETUID\" | \"SYS_ADMIN\" | \"SYS_BOOT\" | \"SYS_CHROOT\" | \"SYS_MODULE\" | \"SYS_NICE\" | \"SYS_PACCT\" | \"SYS_PTRACE\" | \"SYS_RAWIO\" | \"SYS_RESOURCE\" | \"SYS_TIME\" | \"SYS_TTY_CONFIG\" | \"SYSLOG\" | \"WAKE_ALARM\"``" } } }, @@ -124628,7 +128737,7 @@ "items": { "$ref": "#/types/aws-native:ecs:TaskDefinitionDevice" }, - "description": "Any host devices to expose to the container. This parameter maps to ``Devices`` in tthe docker conainer create command and the ``--device`` option to docker run.\n If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported." + "description": "Any host devices to expose to the container. This parameter maps to ``Devices`` in tthe docker container create command and the ``--device`` option to docker run.\n If you're using tasks that use the Fargate launch type, the ``devices`` parameter isn't supported." }, "initProcessEnabled": { "type": "boolean", @@ -124786,16 +128895,19 @@ "type": "object", "properties": { "enabled": { - "type": "boolean" + "type": "boolean", + "description": "Specifies whether a restart policy is enabled for the container." }, "ignoredExitCodes": { "type": "array", "items": { "type": "integer" - } + }, + "description": "A list of exit codes that Amazon ECS will ignore and not attempt a restart on. You can specify a maximum of 50 container exit codes. By default, Amazon ECS does not ignore any exit codes." }, "restartAttemptPeriod": { - "type": "integer" + "type": "integer", + "description": "A period of time (in seconds) that the container must run for before a restart can be attempted. A container can be restarted only once every ``restartAttemptPeriod`` seconds. If a container isn't able to run for this time period and exits early, it will not be restarted. You can set a minimum ``restartAttemptPeriod`` of 60 seconds and a maximum ``restartAttemptPeriod`` of 1800 seconds. By default, a container must run for 300 seconds before it can be restarted." } } }, @@ -124959,6 +129071,23 @@ "aws-native:ecs:TaskSetAwsVpcConfigurationAssignPublicIp": { "type": "string" }, + "aws-native:ecs:TaskSetCapacityProviderStrategyItem": { + "type": "object", + "properties": { + "base": { + "type": "integer", + "description": "The *base* value designates how many tasks, at a minimum, to run on the specified capacity provider. Only one capacity provider in a capacity provider strategy can have a *base* defined. If no value is specified, the default value of `0` is used." + }, + "capacityProvider": { + "type": "string", + "description": "The short name of the capacity provider." + }, + "weight": { + "type": "integer", + "description": "The *weight* value designates the relative percentage of the total number of tasks launched that should use the specified capacity provider. The `weight` value is taken into consideration after the `base` value, if defined, is satisfied.\n\nIf no `weight` value is specified, the default value of `0` is used. When multiple capacity providers are specified within a capacity provider strategy, at least one of the capacity providers must have a weight value greater than zero and any capacity providers with a weight of `0` can't be used to place tasks. If you specify multiple capacity providers in a strategy that all have a weight of `0` , any `RunTask` or `CreateService` actions using the capacity provider strategy will fail.\n\nAn example scenario for using weights is defining a strategy that contains two capacity providers and both have a weight of `1` , then when the `base` is satisfied, the tasks will be split evenly across the two capacity providers. Using that same logic, if you specify a weight of `1` for *capacityProviderA* and a weight of `4` for *capacityProviderB* , then for every one task that's run using *capacityProviderA* , four tasks would use *capacityProviderB* ." + } + } + }, "aws-native:ecs:TaskSetLaunchType": { "type": "string" }, @@ -125444,6 +129573,15 @@ "aws-native:eks:ClusterUpgradePolicySupportType": { "type": "string" }, + "aws-native:eks:ClusterZonalShiftConfig": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Set this value to true to enable zonal shift for the cluster." + } + } + }, "aws-native:eks:FargateProfileLabel": { "type": "object", "properties": { @@ -126073,6 +130211,19 @@ } } }, + "aws-native:elasticloadbalancingv2:ListenerAttribute": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The name of the attribute.\n The following attribute is supported by Network Load Balancers, and Gateway Load Balancers.\n + ``tcp.idle_timeout.seconds`` - The tcp idle timeout value, in seconds. The valid range is 60-6000 seconds. The default is 350 seconds." + }, + "value": { + "type": "string", + "description": "The value of the attribute." + } + } + }, "aws-native:elasticloadbalancingv2:ListenerAuthenticateCognitoConfig": { "type": "object", "properties": { @@ -127355,7 +131506,7 @@ "items": { "$ref": "#/types/aws-native:entityresolution:IdNamespaceRecordMatchingModel" }, - "description": "The comparison type. You can either choose `ONE_TO_ONE` or `MANY_TO_MANY` as the `attributeMatchingModel` .\n\nIf you choose `MANY_TO_MANY` , the system can match attributes across the sub-types of an attribute type. For example, if the value of the `Email` field of Profile A matches the value of `BusinessEmail` field of Profile B, the two profiles are matched on the `Email` attribute type.\n\nIf you choose `ONE_TO_ONE` , the system can only match attributes if the sub-types are an exact match. For example, for the `Email` attribute type, the system will only consider it a match if the value of the `Email` field of Profile A matches the value of the `Email` field of Profile B." + "description": "The type of matching record that is allowed to be used in an ID mapping workflow.\n\nIf the value is set to `ONE_SOURCE_TO_ONE_TARGET` , only one record in the source is matched to one record in the target.\n\nIf the value is set to `MANY_SOURCE_TO_ONE_TARGET` , all matching records in the source are matched to one record in the target." }, "ruleDefinitionTypes": { "type": "array", @@ -127414,6 +131565,18 @@ "aws-native:entityresolution:IdNamespaceType": { "type": "string" }, + "aws-native:entityresolution:MatchingWorkflowIncrementalRunConfig": { + "type": "object", + "properties": { + "incrementalRunType": { + "$ref": "#/types/aws-native:entityresolution:MatchingWorkflowIncrementalRunConfigIncrementalRunType", + "description": "The type of incremental run. It takes only one value: `IMMEDIATE` ." + } + } + }, + "aws-native:entityresolution:MatchingWorkflowIncrementalRunConfigIncrementalRunType": { + "type": "string" + }, "aws-native:entityresolution:MatchingWorkflowInputSource": { "type": "object", "properties": { @@ -130060,6 +134223,9 @@ "aws-native:gamelift:ContainerGroupDefinitionSchedulingStrategy": { "type": "string" }, + "aws-native:gamelift:ContainerGroupDefinitionStatus": { + "type": "string" + }, "aws-native:gamelift:ContainerGroupDefinitionTag": { "type": "object", "properties": { @@ -130201,7 +134367,7 @@ }, "locationCapacity": { "$ref": "#/types/aws-native:gamelift:FleetLocationCapacity", - "description": "Current resource capacity settings for managed EC2 fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region.\n\n*Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html)" + "description": "Current resource capacity settings for managed EC2 fleets and container fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region.\n\n*Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html)" } } }, @@ -130593,6 +134759,10 @@ "aws-native:globalaccelerator:CrossAccountAttachmentResource": { "type": "object", "properties": { + "cidr": { + "type": "string", + "description": "An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in AWS Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator\n\nFor more information, see [Bring your own IP addresses (BYOIP)](https://docs.aws.amazon.com/global-accelerator/latest/dg/using-byoip.html) in the AWS Global Accelerator Developer Guide." + }, "endpointId": { "type": "string", "description": "The endpoint ID for the endpoint that is specified as a AWS resource.\n\nAn endpoint ID for the cross-account feature is the ARN of an AWS resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator." @@ -130675,6 +134845,269 @@ "aws-native:globalaccelerator:ListenerProtocol": { "type": "string" }, + "aws-native:glue:CrawlerCatalogTarget": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection for an Amazon S3-backed Data Catalog table to be a target of the crawl when using a Catalog connection type paired with a NETWORK Connection type." + }, + "databaseName": { + "type": "string", + "description": "The name of the database to be synchronized." + }, + "dlqEventQueueArn": { + "type": "string", + "description": "A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue." + }, + "eventQueueArn": { + "type": "string", + "description": "A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs." + }, + "tables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the tables to be synchronized." + } + } + }, + "aws-native:glue:CrawlerDeltaTarget": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Delta table target." + }, + "createNativeDeltaTable": { + "type": "boolean", + "description": "Specifies whether the crawler will create native tables, to allow integration with query engines that support querying of the Delta transaction log directly." + }, + "deltaTables": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of the Amazon S3 paths to the Delta tables." + }, + "writeManifest": { + "type": "boolean", + "description": "Specifies whether to write the manifest files to the Delta table path." + } + } + }, + "aws-native:glue:CrawlerDynamoDbTarget": { + "type": "object", + "properties": { + "path": { + "type": "string", + "description": "The name of the DynamoDB table to crawl." + } + } + }, + "aws-native:glue:CrawlerIcebergTarget": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Iceberg target." + }, + "exclusions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of global patterns used to exclude from the crawl." + }, + "maximumTraversalDepth": { + "type": "integer", + "description": "The maximum depth of Amazon S3 paths that the crawler can traverse to discover the Iceberg metadata folder in your Amazon S3 path. Used to limit the crawler run time." + }, + "paths": { + "type": "array", + "items": { + "type": "string" + }, + "description": "One or more Amazon S3 paths that contains Iceberg metadata folders as s3://bucket/prefix ." + } + } + }, + "aws-native:glue:CrawlerJdbcTarget": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the JDBC target." + }, + "enableAdditionalMetadata": { + "type": "array", + "items": { + "type": "string" + }, + "description": "Specify a value of RAWTYPES or COMMENTS to enable additional metadata in table responses. RAWTYPES provides the native-level datatype. COMMENTS provides comments associated with a column or table in the database.\n\nIf you do not need additional metadata, keep the field empty." + }, + "exclusions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of glob patterns used to exclude from the crawl. For more information, see Catalog Tables with a Crawler." + }, + "path": { + "type": "string", + "description": "The path of the JDBC target." + } + } + }, + "aws-native:glue:CrawlerLakeFormationConfiguration": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Required for cross account crawls. For same account crawls as the target data, this can be left as null." + }, + "useLakeFormationCredentials": { + "type": "boolean", + "description": "Specifies whether to use AWS Lake Formation credentials for the crawler instead of the IAM role credentials." + } + } + }, + "aws-native:glue:CrawlerMongoDbTarget": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of the connection to use to connect to the Amazon DocumentDB or MongoDB target." + }, + "path": { + "type": "string", + "description": "The path of the Amazon DocumentDB or MongoDB target (database/collection)." + } + } + }, + "aws-native:glue:CrawlerRecrawlPolicy": { + "type": "object", + "properties": { + "recrawlBehavior": { + "type": "string", + "description": "Specifies whether to crawl the entire dataset again or to crawl only folders that were added since the last crawler run. A value of CRAWL_EVERYTHING specifies crawling the entire dataset again. A value of CRAWL_NEW_FOLDERS_ONLY specifies crawling only folders that were added since the last crawler run. A value of CRAWL_EVENT_MODE specifies crawling only the changes identified by Amazon S3 events." + } + } + }, + "aws-native:glue:CrawlerS3Target": { + "type": "object", + "properties": { + "connectionName": { + "type": "string", + "description": "The name of a connection which allows a job or crawler to access data in Amazon S3 within an Amazon Virtual Private Cloud environment (Amazon VPC)." + }, + "dlqEventQueueArn": { + "type": "string", + "description": "A valid Amazon dead-letter SQS ARN. For example, arn:aws:sqs:region:account:deadLetterQueue." + }, + "eventQueueArn": { + "type": "string", + "description": "A valid Amazon SQS ARN. For example, arn:aws:sqs:region:account:sqs." + }, + "exclusions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of glob patterns used to exclude from the crawl." + }, + "path": { + "type": "string", + "description": "The path to the Amazon S3 target." + }, + "sampleSize": { + "type": "integer", + "description": "Sets the number of files in each leaf folder to be crawled when crawling sample files in a dataset. If not set, all the files are crawled. A valid value is an integer between 1 and 249." + } + } + }, + "aws-native:glue:CrawlerSchedule": { + "type": "object", + "properties": { + "scheduleExpression": { + "type": "string", + "description": "A cron expression used to specify the schedule. For more information, see Time-Based Schedules for Jobs and Crawlers. For example, to run something every day at 12:15 UTC, specify cron(15 12 * * ? *)." + } + } + }, + "aws-native:glue:CrawlerSchemaChangePolicy": { + "type": "object", + "properties": { + "deleteBehavior": { + "type": "string", + "description": "The deletion behavior when the crawler finds a deleted object. A value of LOG specifies that if a table or partition is found to no longer exist, do not delete it, only log that it was found to no longer exist. A value of DELETE_FROM_DATABASE specifies that if a table or partition is found to have been removed, delete it from the database. A value of DEPRECATE_IN_DATABASE specifies that if a table has been found to no longer exist, to add a property to the table that says 'DEPRECATED' and includes a timestamp with the time of deprecation." + }, + "updateBehavior": { + "type": "string", + "description": "The update behavior when the crawler finds a changed schema. A value of LOG specifies that if a table or a partition already exists, and a change is detected, do not update it, only log that a change was detected. Add new tables and new partitions (including on existing tables). A value of UPDATE_IN_DATABASE specifies that if a table or partition already exists, and a change is detected, update it. Add new tables and partitions." + } + } + }, + "aws-native:glue:CrawlerTargets": { + "type": "object", + "properties": { + "catalogTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerCatalogTarget" + }, + "description": "Specifies AWS Glue Data Catalog targets." + }, + "deltaTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerDeltaTarget" + }, + "description": "Specifies an array of Delta data store targets." + }, + "dynamoDbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerDynamoDbTarget" + }, + "description": "Specifies Amazon DynamoDB targets." + }, + "icebergTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerIcebergTarget" + }, + "description": "Specifies Apache Iceberg data store targets." + }, + "jdbcTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerJdbcTarget" + }, + "description": "Specifies JDBC targets." + }, + "mongoDbTargets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerMongoDbTarget" + }, + "description": "A list of Mongo DB targets." + }, + "s3Targets": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:glue:CrawlerS3Target" + }, + "description": "Specifies Amazon Simple Storage Service (Amazon S3) targets." + } + }, + "irreversibleNames": { + "dynamoDbTargets": "DynamoDBTargets", + "mongoDbTargets": "MongoDBTargets", + "s3Targets": "S3Targets" + } + }, "aws-native:glue:DatabaseDataLakePrincipal": { "type": "object", "properties": { @@ -130766,6 +135199,60 @@ } } }, + "aws-native:glue:JobCommand": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "The name of the job command" + }, + "pythonVersion": { + "type": "string", + "description": "The Python version being used to execute a Python shell job." + }, + "runtime": { + "type": "string", + "description": "Runtime is used to specify the versions of Ray, Python and additional libraries available in your environment" + }, + "scriptLocation": { + "type": "string", + "description": "Specifies the Amazon Simple Storage Service (Amazon S3) path to a script that executes a job" + } + } + }, + "aws-native:glue:JobConnectionsList": { + "type": "object", + "properties": { + "connections": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of connections used by the job." + } + } + }, + "aws-native:glue:JobExecutionProperty": { + "type": "object", + "properties": { + "maxConcurrentRuns": { + "type": "number", + "description": "The maximum number of concurrent runs allowed for the job." + } + } + }, + "aws-native:glue:JobNotificationProperty": { + "type": "object", + "properties": { + "notifyDelayAfter": { + "type": "integer", + "description": "It is the number of minutes to wait before sending a job run delay notification after a job run starts" + } + } + }, + "aws-native:glue:JobWorkerType": { + "type": "string" + }, "aws-native:glue:RegistryTag": { "type": "object", "properties": { @@ -130933,6 +135420,56 @@ } } }, + "aws-native:glue:UsageProfileConfigurationObject": { + "type": "object", + "properties": { + "allowedValues": { + "type": "array", + "items": { + "type": "string" + } + }, + "defaultValue": { + "type": "string" + }, + "maxValue": { + "type": "string" + }, + "minValue": { + "type": "string" + } + } + }, + "aws-native:glue:UsageProfileProfileConfiguration": { + "type": "object", + "properties": { + "jobConfiguration": { + "type": "object", + "additionalProperties": { + "$ref": "#/types/aws-native:glue:UsageProfileConfigurationObject" + } + }, + "sessionConfiguration": { + "type": "object", + "additionalProperties": { + "$ref": "#/types/aws-native:glue:UsageProfileConfigurationObject" + } + } + } + }, + "aws-native:glue:UsageProfileTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "A key to identify the tag." + }, + "value": { + "type": "string", + "description": "Corresponding tag value for the key." + } + } + }, "aws-native:grafana:WorkspaceAccountAccessType": { "type": "string" }, @@ -131712,10 +136249,12 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "Name of the object key." }, "value": { - "type": "string" + "type": "string", + "description": "Value of the tag." } } }, @@ -131767,19 +136306,24 @@ "type": "object", "properties": { "agentStatus": { - "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupAgentStatus" + "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupAgentStatus", + "description": "The status of AgentEndpoint." }, "auditResults": { - "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupAuditResults" + "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupAuditResults", + "description": "The results of the audit." }, "egressAddress": { - "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupConnectionDetails" + "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupConnectionDetails", + "description": "The egress address of AgentEndpoint." }, "ingressAddress": { - "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupRangedConnectionDetails" + "$ref": "#/types/aws-native:groundstation:DataflowEndpointGroupRangedConnectionDetails", + "description": "The ingress address of AgentEndpoint." }, "name": { - "type": "string" + "type": "string", + "description": "Name string associated with AgentEndpoint. Used as a human-readable identifier for AgentEndpoint." } } }, @@ -131909,10 +136453,12 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "Name of the object key." }, "value": { - "type": "string" + "type": "string", + "description": "Value of the tag." } } }, @@ -131933,10 +136479,12 @@ "type": "object", "properties": { "kmsAliasArn": { - "type": "string" + "type": "string", + "description": "KMS Alias Arn." }, "kmsKeyArn": { - "type": "string" + "type": "string", + "description": "KMS Key Arn." } } }, @@ -131944,10 +136492,12 @@ "type": "object", "properties": { "key": { - "type": "string" + "type": "string", + "description": "Name of the object key." }, "value": { - "type": "string" + "type": "string", + "description": "Value of the tag." } } }, @@ -133155,6 +137705,30 @@ "s3Logs": "S3Logs" } }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacement": { + "type": "object", + "properties": { + "availabilityZone": { + "type": "string", + "description": "AvailabilityZone" + }, + "hostId": { + "type": "string", + "description": "HostId" + }, + "hostResourceGroupArn": { + "type": "string", + "description": "HostResourceGroupArn" + }, + "tenancy": { + "$ref": "#/types/aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy", + "description": "Tenancy" + } + } + }, + "aws-native:imagebuilder:InfrastructureConfigurationPlacementTenancy": { + "type": "string" + }, "aws-native:imagebuilder:InfrastructureConfigurationS3Logs": { "type": "object", "properties": { @@ -134143,6 +138717,12 @@ "aws-native:iot:DimensionType": { "type": "string" }, + "aws-native:iot:DomainConfigurationApplicationProtocol": { + "type": "string" + }, + "aws-native:iot:DomainConfigurationAuthenticationType": { + "type": "string" + }, "aws-native:iot:DomainConfigurationAuthorizerConfig": { "type": "object", "properties": { @@ -134156,6 +138736,15 @@ } } }, + "aws-native:iot:DomainConfigurationClientCertificateConfig": { + "type": "object", + "properties": { + "clientCertificateCallbackArn": { + "type": "string", + "description": "The ARN of the Lambda function that IoT invokes after mutual TLS authentication during the connection.\n\n\u003e This property isn't available in China." + } + } + }, "aws-native:iot:DomainConfigurationDomainType": { "type": "string" }, @@ -136681,7 +141270,7 @@ "properties": { "enabled": { "type": "boolean", - "description": "The value must be TRUE or FALSE. If TRUE, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to NORMAL. If FALSE, you won't receive notifications. The alarm automatically changes to the NORMAL state when the input property value returns to the specified range." + "description": "The value must be ``TRUE`` or ``FALSE``. If ``TRUE``, you receive a notification when the alarm state changes. You must choose to acknowledge the notification before the alarm state can return to ``NORMAL``. If ``FALSE``, you won't receive notifications. The alarm automatically changes to the ``NORMAL`` state when the input property value returns to the specified range." } } }, @@ -136689,31 +141278,40 @@ "type": "object", "properties": { "dynamoDBv2": { - "$ref": "#/types/aws-native:iotevents:AlarmModelDynamoDBv2" + "$ref": "#/types/aws-native:iotevents:AlarmModelDynamoDBv2", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The default action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBv2Action``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``tableName`` parameter can be ``'GreenhouseTemperatureTable'``.\n + For references, you must specify either variables or input values. For example, the value for the ``tableName`` parameter can be ``$variable.ddbtableName``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``contentExpression`` parameter in ``Payload`` uses a substitution template. \n ``'{\\\"sensorID\\\": \\\"${$input.GreenhouseInput.sensor_id}\\\", \\\"temperature\\\": \\\"${$input.GreenhouseInput.temperature * 9 / 5 + 32}\\\"}'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n The value for the ``type`` parameter in ``Payload`` must be ``JSON``." }, "dynamoDb": { - "$ref": "#/types/aws-native:iotevents:AlarmModelDynamoDb" + "$ref": "#/types/aws-native:iotevents:AlarmModelDynamoDb", + "description": "Defines an action to write to the Amazon DynamoDB table that you created. The standard action payload contains all the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify.\n You must use expressions for all parameters in ``DynamoDBAction``. The expressions accept literals, operators, functions, references, and substitution templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``hashKeyType`` parameter can be ``'STRING'``.\n + For references, you must specify either variables or input values. For example, the value for the ``hashKeyField`` parameter can be ``$input.GreenhouseInput.name``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``hashKeyValue`` parameter uses a substitution template. \n ``'${$input.GreenhouseInput.temperature * 6 / 5 + 32} in Fahrenheit'`` \n + For a string concatenation, you must use ``+``. A string concatenation can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``tableName`` parameter uses a string concatenation. \n ``'GreenhouseTemperatureTable ' + $input.GreenhouseInput.date`` \n \n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*.\n If the defined payload type is a string, ``DynamoDBAction`` writes non-JSON data to the DynamoDB table as binary data. The DynamoDB console displays the data as Base64-encoded text. The value for the ``payloadField`` parameter is ``\u003cpayload-field\u003e_raw``." }, "firehose": { - "$ref": "#/types/aws-native:iotevents:AlarmModelFirehose" + "$ref": "#/types/aws-native:iotevents:AlarmModelFirehose", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon Kinesis Data Firehose delivery stream." }, "iotEvents": { - "$ref": "#/types/aws-native:iotevents:AlarmModelIotEvents" + "$ref": "#/types/aws-native:iotevents:AlarmModelIotEvents", + "description": "Sends an ITE input, passing in information about the detector model instance and the event that triggered the action." }, "iotSiteWise": { - "$ref": "#/types/aws-native:iotevents:AlarmModelIotSiteWise" + "$ref": "#/types/aws-native:iotevents:AlarmModelIotSiteWise", + "description": "Sends information about the detector model instance and the event that triggered the action to a specified asset property in ITSW.\n You must use expressions for all parameters in ``IotSiteWiseAction``. The expressions accept literals, operators, functions, references, and substitutions templates.\n **Examples**\n + For literal values, the expressions must contain single quotes. For example, the value for the ``propertyAlias`` parameter can be ``'/company/windfarm/3/turbine/7/temperature'``.\n + For references, you must specify either variables or input values. For example, the value for the ``assetId`` parameter can be ``$input.TurbineInput.assetId1``.\n + For a substitution template, you must use ``${}``, and the template must be in single quotes. A substitution template can also contain a combination of literals, operators, functions, references, and substitution templates.\n In the following example, the value for the ``propertyAlias`` parameter uses a substitution template. \n ``'company/windfarm/${$input.TemperatureInput.sensorData.windfarmID}/turbine/ ${$input.TemperatureInput.sensorData.turbineID}/temperature'`` \n \n You must specify either ``propertyAlias`` or both ``assetId`` and ``propertyId`` to identify the target asset property in ITSW.\n For more information, see [Expressions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-expressions.html) in the *Developer Guide*." }, "iotTopicPublish": { - "$ref": "#/types/aws-native:iotevents:AlarmModelIotTopicPublish" + "$ref": "#/types/aws-native:iotevents:AlarmModelIotTopicPublish", + "description": "Information required to publish the MQTT message through the IoT message broker." }, "lambda": { - "$ref": "#/types/aws-native:iotevents:AlarmModelLambda" + "$ref": "#/types/aws-native:iotevents:AlarmModelLambda", + "description": "Calls a Lambda function, passing in information about the detector model instance and the event that triggered the action." }, "sns": { - "$ref": "#/types/aws-native:iotevents:AlarmModelSns" + "$ref": "#/types/aws-native:iotevents:AlarmModelSns", + "description": "Information required to publish the Amazon SNS message." }, "sqs": { - "$ref": "#/types/aws-native:iotevents:AlarmModelSqs" + "$ref": "#/types/aws-native:iotevents:AlarmModelSqs", + "description": "Sends information about the detector model instance and the event that triggered the action to an Amazon SQS queue." } }, "irreversibleNames": { @@ -136759,11 +141357,11 @@ "properties": { "offsetInNanos": { "type": "string", - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression." + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999." }, "timeInSeconds": { "type": "string", - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression." + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199." } } }, @@ -136772,13 +141370,15 @@ "properties": { "quality": { "type": "string", - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression." + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``." }, "timestamp": { - "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyTimestamp" + "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyTimestamp", + "description": "The timestamp associated with the asset property value. The default is the current event time." }, "value": { - "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyVariant" + "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyVariant", + "description": "The value to send to an asset property." } } }, @@ -136787,19 +141387,19 @@ "properties": { "booleanValue": { "type": "string", - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value." + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value." }, "doubleValue": { "type": "string", - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double." + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double." }, "integerValue": { "type": "string", - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer." + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer." }, "stringValue": { "type": "string", - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string." + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string." } } }, @@ -136807,7 +141407,8 @@ "type": "object", "properties": { "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "tableName": { "type": "string", @@ -136820,11 +141421,11 @@ "properties": { "hashKeyField": { "type": "string", - "description": "The name of the hash key (also called the partition key)." + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table." }, "hashKeyType": { "type": "string", - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`." + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``." }, "hashKeyValue": { "type": "string", @@ -136832,22 +141433,23 @@ }, "operation": { "type": "string", - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation." + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation." }, "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "payloadField": { "type": "string", - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`." + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``." }, "rangeKeyField": { "type": "string", - "description": "The name of the range key (also called the sort key)." + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table." }, "rangeKeyType": { "type": "string", - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`." + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``." }, "rangeKeyValue": { "type": "string", @@ -136855,7 +141457,7 @@ }, "tableName": { "type": "string", - "description": "The name of the DynamoDB table." + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table." } } }, @@ -136867,7 +141469,8 @@ "description": "The name of the Kinesis Data Firehose delivery stream where the data is written." }, "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you send a message to an Amazon Data Firehose delivery stream." }, "separator": { "type": "string", @@ -136880,7 +141483,7 @@ "properties": { "disabledOnInitialization": { "type": "boolean", - "description": "The value must be TRUE or FALSE. If FALSE, all alarm instances created based on the alarm model are activated. The default value is TRUE." + "description": "The value must be ``TRUE`` or ``FALSE``. If ``FALSE``, all alarm instances created based on the alarm model are activated. The default value is ``TRUE``." } } }, @@ -136889,10 +141492,11 @@ "properties": { "inputName": { "type": "string", - "description": "The name of the AWS IoT Events input where the data is sent." + "description": "The name of the ITE input where the data is sent." }, "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you send a message to an ITE input." } } }, @@ -136901,22 +141505,23 @@ "properties": { "assetId": { "type": "string", - "description": "The ID of the asset that has the specified property. You can specify an expression." + "description": "The ID of the asset that has the specified property." }, "entryId": { "type": "string", - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression." + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier." }, "propertyAlias": { "type": "string", - "description": "The alias of the asset property. You can also specify an expression." + "description": "The alias of the asset property." }, "propertyId": { "type": "string", - "description": "The ID of the asset property. You can specify an expression." + "description": "The ID of the asset property." }, "propertyValue": { - "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyValue" + "$ref": "#/types/aws-native:iotevents:AlarmModelAssetPropertyValue", + "description": "The value to send to the asset property. This value contains timestamp, quality, and value (TQV) information." } } }, @@ -136925,10 +141530,11 @@ "properties": { "mqttTopic": { "type": "string", - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.\u003cvariable-name\u003e`) and input values (`$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e`) as the topic string." + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.\u003cvariable-name\u003e``) and input values (``$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e``) as the topic string." }, "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } } }, @@ -136940,7 +141546,8 @@ "description": "The ARN of the Lambda function that is executed." }, "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you send a message to a Lambda function." } } }, @@ -136949,11 +141556,11 @@ "properties": { "contentExpression": { "type": "string", - "description": "The content of the payload. You can use a string expression that includes quoted strings (`'\u003cstring\u003e'`), variables (`$variable.\u003cvariable-name\u003e`), input values (`$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB." + "description": "The content of the payload. You can use a string expression that includes quoted strings (``'\u003cstring\u003e'``), variables (``$variable.\u003cvariable-name\u003e``), input values (``$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB." }, "type": { "type": "string", - "description": "The value of the payload type can be either `STRING` or `JSON`." + "description": "The value of the payload type can be either ``STRING`` or ``JSON``." } } }, @@ -136966,11 +141573,11 @@ }, "inputProperty": { "type": "string", - "description": "The value on the left side of the comparison operator. You can specify an AWS IoT Events input attribute as an input property." + "description": "The value on the left side of the comparison operator. You can specify an ITE input attribute as an input property." }, "threshold": { "type": "string", - "description": "The value on the right side of the comparison operator. You can enter a number or specify an AWS IoT Events input attribute." + "description": "The value on the right side of the comparison operator. You can enter a number or specify an ITE input attribute." } } }, @@ -136981,7 +141588,8 @@ "type": "object", "properties": { "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you send a message as an Amazon SNS push notification." }, "targetArn": { "type": "string", @@ -136993,7 +141601,8 @@ "type": "object", "properties": { "payload": { - "$ref": "#/types/aws-native:iotevents:AlarmModelPayload" + "$ref": "#/types/aws-native:iotevents:AlarmModelPayload", + "description": "You can configure the action payload when you send a message to an Amazon SQS queue." }, "queueUrl": { "type": "string", @@ -137001,7 +141610,7 @@ }, "useBase64": { "type": "boolean", - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`." + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE." } }, "irreversibleNames": { @@ -137013,11 +141622,11 @@ "properties": { "key": { "type": "string", - "description": "Key of the Tag." + "description": "The tag's key." }, "value": { "type": "string", - "description": "Value of the Tag." + "description": "The tag's value." } } }, @@ -137030,11 +141639,11 @@ }, "dynamoDBv2": { "$ref": "#/types/aws-native:iotevents:DetectorModelDynamoDBv2", - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html) . A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide* ." + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). A separate column of the DynamoDB table receives one attribute-value pair in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "dynamoDb": { "$ref": "#/types/aws-native:iotevents:DetectorModelDynamoDb", - "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html) . One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *AWS IoT Events Developer Guide* ." + "description": "Writes to the DynamoDB table that you created. The default action payload contains all attribute-value pairs that have the information about the detector model instance and the event that triggered the action. You can customize the [payload](https://docs.aws.amazon.com/iotevents/latest/apireference/API_Payload.html). One column of the DynamoDB table receives all attribute-value pairs in the payload that you specify. For more information, see [Actions](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-event-actions.html) in *Developer Guide*." }, "firehose": { "$ref": "#/types/aws-native:iotevents:DetectorModelFirehose", @@ -137042,15 +141651,15 @@ }, "iotEvents": { "$ref": "#/types/aws-native:iotevents:DetectorModelIotEvents", - "description": "Sends AWS IoT Events input, which passes information about the detector model instance and the event that triggered the action." + "description": "Sends ITE input, which passes information about the detector model instance and the event that triggered the action." }, "iotSiteWise": { "$ref": "#/types/aws-native:iotevents:DetectorModelIotSiteWise", - "description": "Sends information about the detector model instance and the event that triggered the action to an asset property in AWS IoT SiteWise ." + "description": "Sends information about the detector model instance and the event that triggered the action to an asset property in ITSW ." }, "iotTopicPublish": { "$ref": "#/types/aws-native:iotevents:DetectorModelIotTopicPublish", - "description": "Publishes an MQTT message with the given topic to the AWS IoT message broker." + "description": "Publishes an MQTT message with the given topic to the IoT message broker." }, "lambda": { "$ref": "#/types/aws-native:iotevents:DetectorModelLambda", @@ -137086,11 +141695,11 @@ "properties": { "offsetInNanos": { "type": "string", - "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between `1-31556889864403199`. You can also specify an expression." + "description": "The nanosecond offset converted from ``timeInSeconds``. The valid range is between 0-999999999." }, "timeInSeconds": { "type": "string", - "description": "The nanosecond offset converted from `timeInSeconds`. The valid range is between `0-999999999`. You can also specify an expression." + "description": "The timestamp, in seconds, in the Unix epoch format. The valid range is between 1-31556889864403199." } } }, @@ -137099,7 +141708,7 @@ "properties": { "quality": { "type": "string", - "description": "The quality of the asset property value. The value must be `GOOD`, `BAD`, or `UNCERTAIN`. You can also specify an expression." + "description": "The quality of the asset property value. The value must be ``'GOOD'``, ``'BAD'``, or ``'UNCERTAIN'``." }, "timestamp": { "$ref": "#/types/aws-native:iotevents:DetectorModelAssetPropertyTimestamp", @@ -137116,19 +141725,19 @@ "properties": { "booleanValue": { "type": "string", - "description": "The asset property value is a Boolean value that must be `TRUE` or `FALSE`. You can also specify an expression. If you use an expression, the evaluated result should be a Boolean value." + "description": "The asset property value is a Boolean value that must be ``'TRUE'`` or ``'FALSE'``. You must use an expression, and the evaluated result should be a Boolean value." }, "doubleValue": { "type": "string", - "description": "The asset property value is a double. You can also specify an expression. If you use an expression, the evaluated result should be a double." + "description": "The asset property value is a double. You must use an expression, and the evaluated result should be a double." }, "integerValue": { "type": "string", - "description": "The asset property value is an integer. You can also specify an expression. If you use an expression, the evaluated result should be an integer." + "description": "The asset property value is an integer. You must use an expression, and the evaluated result should be an integer." }, "stringValue": { "type": "string", - "description": "The asset property value is a string. You can also specify an expression. If you use an expression, the evaluated result should be a string." + "description": "The asset property value is a string. You must use an expression, and the evaluated result should be a string." } } }, @@ -137162,7 +141771,7 @@ "properties": { "payload": { "$ref": "#/types/aws-native:iotevents:DetectorModelPayload", - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression` ." + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "tableName": { "type": "string", @@ -137175,11 +141784,11 @@ "properties": { "hashKeyField": { "type": "string", - "description": "The name of the hash key (also called the partition key)." + "description": "The name of the hash key (also called the partition key). The ``hashKeyField`` value must match the partition key of the target DynamoDB table." }, "hashKeyType": { "type": "string", - "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n\n* `STRING` - The hash key is a string.\n\n* `NUMBER` - The hash key is a number.\n\nIf you don't specify `hashKeyType`, the default value is `STRING`." + "description": "The data type for the hash key (also called the partition key). You can specify the following values:\n + ``'STRING'`` - The hash key is a string.\n + ``'NUMBER'`` - The hash key is a number.\n \n If you don't specify ``hashKeyType``, the default value is ``'STRING'``." }, "hashKeyValue": { "type": "string", @@ -137187,23 +141796,23 @@ }, "operation": { "type": "string", - "description": "The type of operation to perform. You can specify the following values:\n\n* `INSERT` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n\n* `UPDATE` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\n* `DELETE` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n\nIf you don't specify this parameter, AWS IoT Events triggers the `INSERT` operation." + "description": "The type of operation to perform. You can specify the following values: \n + ``'INSERT'`` - Insert data as a new item into the DynamoDB table. This item uses the specified hash key as a partition key. If you specified a range key, the item uses the range key as a sort key.\n + ``'UPDATE'`` - Update an existing item of the DynamoDB table with new data. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n + ``'DELETE'`` - Delete an existing item of the DynamoDB table. This item's partition key must match the specified hash key. If you specified a range key, the range key must match the item's sort key.\n \n If you don't specify this parameter, ITE triggers the ``'INSERT'`` operation." }, "payload": { "$ref": "#/types/aws-native:iotevents:DetectorModelPayload", - "description": "Information needed to configure the payload.\n\nBy default, AWS IoT Events generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use `contentExpression` ." + "description": "Information needed to configure the payload.\n By default, ITE generates a standard payload in JSON for any action. This action payload contains all attribute-value pairs that have the information about the detector model instance and the event triggered the action. To configure the action payload, you can use ``contentExpression``." }, "payloadField": { "type": "string", - "description": "The name of the DynamoDB column that receives the action payload.\n\nIf you don't specify this parameter, the name of the DynamoDB column is `payload`." + "description": "The name of the DynamoDB column that receives the action payload.\n If you don't specify this parameter, the name of the DynamoDB column is ``payload``." }, "rangeKeyField": { "type": "string", - "description": "The name of the range key (also called the sort key)." + "description": "The name of the range key (also called the sort key). The ``rangeKeyField`` value must match the sort key of the target DynamoDB table." }, "rangeKeyType": { "type": "string", - "description": "The data type for the range key (also called the sort key), You can specify the following values:\n\n* `STRING` - The range key is a string.\n\n* `NUMBER` - The range key is number.\n\nIf you don't specify `rangeKeyField`, the default value is `STRING`." + "description": "The data type for the range key (also called the sort key), You can specify the following values:\n + ``'STRING'`` - The range key is a string.\n + ``'NUMBER'`` - The range key is number.\n \n If you don't specify ``rangeKeyField``, the default value is ``'STRING'``." }, "rangeKeyValue": { "type": "string", @@ -137211,7 +141820,7 @@ }, "tableName": { "type": "string", - "description": "The name of the DynamoDB table." + "description": "The name of the DynamoDB table. The ``tableName`` value must match the table name of the target DynamoDB table." } } }, @@ -137230,7 +141839,7 @@ }, "condition": { "type": "string", - "description": "The Boolean expression that, when `TRUE`, causes the `actions` to be performed. If not present, the `actions` are performed (=`TRUE`). If the expression result is not a `Boolean` value, the `actions` are not performed (=`FALSE`)." + "description": "Optional. The Boolean expression that, when TRUE, causes the ``actions`` to be performed. If not present, the actions are performed (=TRUE). If the expression result is not a Boolean value, the actions are not performed (=FALSE)." }, "eventName": { "type": "string", @@ -137260,11 +141869,11 @@ "properties": { "inputName": { "type": "string", - "description": "The name of the AWS IoT Events input where the data is sent." + "description": "The name of the ITE input where the data is sent." }, "payload": { "$ref": "#/types/aws-native:iotevents:DetectorModelPayload", - "description": "You can configure the action payload when you send a message to an AWS IoT Events input." + "description": "You can configure the action payload when you send a message to an ITE input." } } }, @@ -137273,19 +141882,19 @@ "properties": { "assetId": { "type": "string", - "description": "The ID of the asset that has the specified property. You can specify an expression." + "description": "The ID of the asset that has the specified property." }, "entryId": { "type": "string", - "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier. You can also specify an expression." + "description": "A unique identifier for this entry. You can use the entry ID to track which data entry causes an error in case of failure. The default is a new unique identifier." }, "propertyAlias": { "type": "string", - "description": "The alias of the asset property. You can also specify an expression." + "description": "The alias of the asset property." }, "propertyId": { "type": "string", - "description": "The ID of the asset property. You can specify an expression." + "description": "The ID of the asset property." }, "propertyValue": { "$ref": "#/types/aws-native:iotevents:DetectorModelAssetPropertyValue", @@ -137298,11 +141907,11 @@ "properties": { "mqttTopic": { "type": "string", - "description": "The MQTT topic of the message. You can use a string expression that includes variables (`$variable.\u003cvariable-name\u003e`) and input values (`$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e`) as the topic string." + "description": "The MQTT topic of the message. You can use a string expression that includes variables (``$variable.\u003cvariable-name\u003e``) and input values (``$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e``) as the topic string." }, "payload": { "$ref": "#/types/aws-native:iotevents:DetectorModelPayload", - "description": "You can configure the action payload when you publish a message to an AWS IoT Core topic." + "description": "You can configure the action payload when you publish a message to an IoTCore topic." } } }, @@ -137327,7 +141936,7 @@ "items": { "$ref": "#/types/aws-native:iotevents:DetectorModelEvent" }, - "description": "Specifies the `actions` that are performed when the state is entered and the `condition` is `TRUE`." + "description": "Specifies the actions that are performed when the state is entered and the ``condition`` is ``TRUE``." } } }, @@ -137339,7 +141948,7 @@ "items": { "$ref": "#/types/aws-native:iotevents:DetectorModelEvent" }, - "description": "Specifies the `actions` that are performed when the state is exited and the `condition` is `TRUE`." + "description": "Specifies the ``actions`` that are performed when the state is exited and the ``condition`` is ``TRUE``." } } }, @@ -137351,14 +141960,14 @@ "items": { "$ref": "#/types/aws-native:iotevents:DetectorModelEvent" }, - "description": "Specifies the `actions` performed when the `condition` evaluates to `TRUE`." + "description": "Specifies the actions performed when the ``condition`` evaluates to TRUE." }, "transitionEvents": { "type": "array", "items": { "$ref": "#/types/aws-native:iotevents:DetectorModelTransitionEvent" }, - "description": "Specifies the `actions` performed, and the next `state` entered, when a `condition` evaluates to `TRUE`." + "description": "Specifies the actions performed, and the next state entered, when a ``condition`` evaluates to TRUE." } } }, @@ -137367,11 +141976,11 @@ "properties": { "contentExpression": { "type": "string", - "description": "The content of the payload. You can use a string expression that includes quoted strings (`'\u003cstring\u003e'`), variables (`$variable.\u003cvariable-name\u003e`), input values (`$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e`), string concatenations, and quoted strings that contain `${}` as the content. The recommended maximum size of a content expression is 1 KB." + "description": "The content of the payload. You can use a string expression that includes quoted strings (``'\u003cstring\u003e'``), variables (``$variable.\u003cvariable-name\u003e``), input values (``$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e``), string concatenations, and quoted strings that contain ``${}`` as the content. The recommended maximum size of a content expression is 1 KB." }, "type": { "type": "string", - "description": "The value of the payload type can be either `STRING` or `JSON`." + "description": "The value of the payload type can be either ``STRING`` or ``JSON``." } } }, @@ -137389,11 +141998,11 @@ "properties": { "durationExpression": { "type": "string", - "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (`$variable.\u003cvariable-name\u003e`), and input values (`$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e`) as the duration. The range of the duration is `1-31622400` seconds. To ensure accuracy, the minimum duration is `60` seconds. The evaluated result of the duration is rounded down to the nearest whole number." + "description": "The duration of the timer, in seconds. You can use a string expression that includes numbers, variables (``$variable.\u003cvariable-name\u003e``), and input values (``$input.\u003cinput-name\u003e.\u003cpath-to-datum\u003e``) as the duration. The range of the duration is 1-31622400 seconds. To ensure accuracy, the minimum duration is 60 seconds. The evaluated result of the duration is rounded down to the nearest whole number." }, "seconds": { "type": "integer", - "description": "The number of seconds until the timer expires. The minimum value is `60` seconds to ensure accuracy. The maximum value is `31622400` seconds." + "description": "The number of seconds until the timer expires. The minimum value is 60 seconds to ensure accuracy. The maximum value is 31622400 seconds." }, "timerName": { "type": "string", @@ -137440,7 +142049,7 @@ }, "useBase64": { "type": "boolean", - "description": "Set this to `TRUE` if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to `FALSE`." + "description": "Set this to TRUE if you want the data to be base-64 encoded before it is written to the queue. Otherwise, set this to FALSE." } }, "irreversibleNames": { @@ -137452,15 +142061,15 @@ "properties": { "onEnter": { "$ref": "#/types/aws-native:iotevents:DetectorModelOnEnter", - "description": "When entering this state, perform these `actions` if the `condition` is TRUE." + "description": "When entering this state, perform these ``actions`` if the ``condition`` is TRUE." }, "onExit": { "$ref": "#/types/aws-native:iotevents:DetectorModelOnExit", - "description": "When exiting this state, perform these `actions` if the specified `condition` is `TRUE` ." + "description": "When exiting this state, perform these ``actions`` if the specified ``condition`` is ``TRUE``." }, "onInput": { "$ref": "#/types/aws-native:iotevents:DetectorModelOnInput", - "description": "When an input is received and the `condition` is TRUE, perform the specified `actions` ." + "description": "When an input is received and the ``condition`` is TRUE, perform the specified ``actions``." }, "stateName": { "type": "string", @@ -137473,11 +142082,11 @@ "properties": { "key": { "type": "string", - "description": "Key of the Tag." + "description": "The tag's key." }, "value": { "type": "string", - "description": "Value of the Tag." + "description": "The tag's value." } } }, @@ -137493,11 +142102,11 @@ }, "condition": { "type": "string", - "description": "A Boolean expression that when `TRUE` causes the `actions` to be performed and the `nextState` to be entered." + "description": "Required. A Boolean expression that when TRUE causes the actions to be performed and the ``nextState`` to be entered." }, "eventName": { "type": "string", - "description": "The name of the event." + "description": "The name of the transition event." }, "nextState": { "type": "string", @@ -137510,7 +142119,7 @@ "properties": { "jsonPath": { "type": "string", - "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to AWS IoT Events (`BatchPutMessage`). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the `condition` expressions used by detectors.\n\n_Syntax_: `\u003cfield-name\u003e.\u003cfield-name\u003e...`" + "description": "An expression that specifies an attribute-value pair in a JSON structure. Use this to specify an attribute from the JSON payload that is made available by the input. Inputs are derived from messages sent to ITE (``BatchPutMessage``). Each such message contains a JSON payload. The attribute (and its paired value) specified here are available for use in the ``condition`` expressions used by detectors. \n Syntax: ``\u003cfield-name\u003e.\u003cfield-name\u003e...``" } } }, @@ -137522,7 +142131,7 @@ "items": { "$ref": "#/types/aws-native:iotevents:InputAttribute" }, - "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the AWS IoT Events system using `BatchPutMessage`. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the `condition` expressions used by detectors that monitor this input." + "description": "The attributes from the JSON payload that are made available by the input. Inputs are derived from messages sent to the ITE system using ``BatchPutMessage``. Each such message contains a JSON payload, and those attributes (and their paired values) specified here are available for use in the ``condition`` expressions used by detectors that monitor this input." } } }, @@ -137531,11 +142140,11 @@ "properties": { "key": { "type": "string", - "description": "Key of the Tag." + "description": "The tag's key." }, "value": { "type": "string", - "description": "Value of the Tag." + "description": "The tag's value." } } }, @@ -139483,12 +144092,12 @@ }, "height": { "type": "integer", - "description": "Video-resolution height. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", + "description": "Video-resolution height. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 720.", "replaceOnChanges": true }, "width": { "type": "integer", - "description": "Video-resolution width. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", + "description": "Video-resolution width. This must be an even number. Note that the maximum value is determined by width times height, such that the maximum total pixels is 2073600 (1920x1080 or 1080x1920). Default: 1280.", "replaceOnChanges": true } } @@ -142054,7 +146663,7 @@ }, "sizeInMbs": { "type": "integer", - "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\n\nWe recommend setting this parameter to a value greater than the amount of data you typically ingest into the delivery stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher." + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 5.\n\nWe recommend setting this parameter to a value greater than the amount of data you typically ingest into the Firehose stream in 10 seconds. For example, if you typically ingest data at 1 MB/sec, the value should be 10 MB or higher." } }, "irreversibleNames": { @@ -142259,7 +146868,7 @@ "properties": { "catalogArn": { "type": "string", - "description": "Specifies the Glue catalog ARN indentifier of the destination Apache Iceberg Tables. You must specify the ARN in the format `arn:aws:glue:region:account-id:catalog` .\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "Specifies the Glue catalog ARN identifier of the destination Apache Iceberg Tables. You must specify the ARN in the format `arn:aws:glue:region:account-id:catalog` ." } } }, @@ -142529,7 +147138,7 @@ }, "cloudWatchLoggingOptions": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCloudWatchLoggingOptions", - "description": "The Amazon CloudWatch logging options for your delivery stream." + "description": "The Amazon CloudWatch logging options for your Firehose stream." }, "compressionFormat": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamExtendedS3DestinationConfigurationCompressionFormat", @@ -142577,7 +147186,7 @@ }, "s3BackupMode": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamExtendedS3DestinationConfigurationS3BackupMode", - "description": "The Amazon S3 backup mode. After you create a delivery stream, you can update it to enable Amazon S3 backup if it is disabled. If backup is enabled, you can't update the delivery stream to disable it." + "description": "The Amazon S3 backup mode. After you create a Firehose stream, you can update it to enable Amazon S3 backup if it is disabled. If backup is enabled, you can't update the Firehose stream to disable it." } }, "irreversibleNames": { @@ -142712,7 +147321,7 @@ }, "catalogConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCatalogConfiguration", - "description": "Configuration describing where the destination Apache Iceberg Tables are persisted.\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "Configuration describing where the destination Apache Iceberg Tables are persisted." }, "cloudWatchLoggingOptions": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCloudWatchLoggingOptions" @@ -142722,7 +147331,7 @@ "items": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamDestinationTableConfiguration" }, - "description": "Provides a list of `DestinationTableConfigurations` which Firehose uses to deliver data to Apache Iceberg Tables. Firehose will write data with insert if table specific configuration is not provided here.\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "Provides a list of `DestinationTableConfigurations` which Firehose uses to deliver data to Apache Iceberg Tables. Firehose will write data with insert if table specific configuration is not provided here." }, "processingConfiguration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamProcessingConfiguration" @@ -142732,11 +147341,11 @@ }, "roleArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the the IAM role to be assumed by Firehose for calling Apache Iceberg Tables.\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "The Amazon Resource Name (ARN) of the IAM role to be assumed by Firehose for calling Apache Iceberg Tables." }, "s3BackupMode": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamIcebergDestinationConfigurations3BackupMode", - "description": "Describes how Firehose will backup records. Currently,S3 backup only supports `FailedDataOnly` for preview.\n\nAmazon Data Firehose is in preview release and is subject to change." + "description": "Describes how Firehose will backup records. Currently,S3 backup only supports `FailedDataOnly` ." }, "s3Configuration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamS3DestinationConfiguration" @@ -142971,7 +147580,7 @@ "properties": { "cloudWatchLoggingOptions": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCloudWatchLoggingOptions", - "description": "The CloudWatch logging options for your delivery stream." + "description": "The CloudWatch logging options for your Firehose stream." }, "clusterJdbcurl": { "type": "string", @@ -143003,7 +147612,7 @@ }, "s3BackupMode": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamRedshiftDestinationConfigurationS3BackupMode", - "description": "The Amazon S3 backup mode. After you create a delivery stream, you can update it to enable Amazon S3 backup if it is disabled. If backup is enabled, you can't update the delivery stream to disable it." + "description": "The Amazon S3 backup mode. After you create a Firehose stream, you can update it to enable Amazon S3 backup if it is disabled. If backup is enabled, you can't update the Firehose stream to disable it." }, "s3Configuration": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamS3DestinationConfiguration", @@ -143060,7 +147669,7 @@ }, "cloudWatchLoggingOptions": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCloudWatchLoggingOptions", - "description": "The CloudWatch logging options for your delivery stream." + "description": "The CloudWatch logging options for your Firehose stream." }, "compressionFormat": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamS3DestinationConfigurationCompressionFormat", @@ -143128,7 +147737,7 @@ "properties": { "enabled": { "type": "boolean", - "description": "Specifies whether you want to use the the secrets manager feature. When set as `True` the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to `False` Firehose falls back to the credentials in the destination configuration." + "description": "Specifies whether you want to use the secrets manager feature. When set as `True` the secrets manager configuration overwrites the existing secrets in the destination configuration. When it's set to `False` Firehose falls back to the credentials in the destination configuration." }, "roleArn": { "type": "string", @@ -143136,7 +147745,7 @@ }, "secretArn": { "type": "string", - "description": "The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the delivery stream and role as Firehose supports cross-account secret access. This parameter is required when *Enabled* is set to `True` ." + "description": "The ARN of the secret that stores your credentials. It must be in the same region as the Firehose stream and the role. The secret ARN can reside in a different account than the Firehose stream and role as Firehose supports cross-account secret access. This parameter is required when *Enabled* is set to `True` ." } }, "irreversibleNames": { @@ -143166,7 +147775,7 @@ }, "sizeInMbs": { "type": "integer", - "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 1." + "description": "Buffer incoming data to the specified size, in MBs, before delivering it to the destination. The default value is 128." } }, "irreversibleNames": { @@ -143324,7 +147933,7 @@ }, "cloudWatchLoggingOptions": { "$ref": "#/types/aws-native:kinesisfirehose:DeliveryStreamCloudWatchLoggingOptions", - "description": "The Amazon CloudWatch logging options for your delivery stream." + "description": "The Amazon CloudWatch logging options for your Firehose stream." }, "hecAcknowledgmentTimeoutInSeconds": { "type": "integer", @@ -143901,6 +148510,19 @@ "aws-native:lambda:CodeSigningConfigCodeSigningPoliciesUntrustedArtifactOnDeployment": { "type": "string" }, + "aws-native:lambda:CodeSigningConfigTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + } + } + }, "aws-native:lambda:EventInvokeConfigDestinationConfig": { "type": "object", "properties": { @@ -144061,6 +148683,19 @@ "aws-native:lambda:EventSourceMappingSourceAccessConfigurationType": { "type": "string" }, + "aws-native:lambda:EventSourceMappingTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key for this tag." + }, + "value": { + "type": "string", + "description": "The value for this tag." + } + } + }, "aws-native:lambda:FunctionArchitecturesItem": { "type": "string" }, @@ -145311,7 +149946,7 @@ }, "voiceSettings": { "$ref": "#/types/aws-native:lex:BotVoiceSettings", - "description": "Defines settings for using an Amazon Polly voice to communicate with a user." + "description": "Defines settings for using an Amazon Polly voice to communicate with a user.\n\nValid values include:\n\n- `standard`\n- `neural`\n- `long-form`\n- `generative`" } } }, @@ -148302,6 +152937,18 @@ } } }, + "aws-native:mediaconnect:FlowSourceMonitoringConfig": { + "type": "object", + "properties": { + "thumbnailState": { + "$ref": "#/types/aws-native:mediaconnect:FlowSourceMonitoringConfigThumbnailState", + "description": "The state of thumbnail monitoring." + } + } + }, + "aws-native:mediaconnect:FlowSourceMonitoringConfigThumbnailState": { + "type": "string" + }, "aws-native:mediaconnect:FlowSourceProtocol": { "type": "string" }, @@ -148377,6 +153024,90 @@ "aws-native:mediaconnect:GatewayState": { "type": "string" }, + "aws-native:medialive:ChannelPlacementGroupState": { + "type": "string" + }, + "aws-native:medialive:ChannelPlacementGroupTags": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "aws-native:medialive:CloudWatchAlarmTemplateComparisonOperator": { + "type": "string" + }, + "aws-native:medialive:CloudWatchAlarmTemplateStatistic": { + "type": "string" + }, + "aws-native:medialive:CloudWatchAlarmTemplateTargetResourceType": { + "type": "string" + }, + "aws-native:medialive:CloudWatchAlarmTemplateTreatMissingData": { + "type": "string" + }, + "aws-native:medialive:ClusterInterfaceMapping": { + "type": "object", + "properties": { + "logicalInterfaceName": { + "type": "string", + "description": "logical interface name, unique in the list" + }, + "networkId": { + "type": "string", + "description": "Network Id to be associated with the logical interface name, can be duplicated in list" + } + } + }, + "aws-native:medialive:ClusterNetworkSettings": { + "type": "object", + "properties": { + "defaultRoute": { + "type": "string", + "description": "Default value if the customer does not define it in channel Output API" + }, + "interfaceMappings": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:ClusterInterfaceMapping" + }, + "description": "Network mappings for the cluster" + } + } + }, + "aws-native:medialive:ClusterState": { + "type": "string" + }, + "aws-native:medialive:ClusterTags": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "aws-native:medialive:ClusterType": { + "type": "string" + }, + "aws-native:medialive:EventBridgeRuleTemplateEventType": { + "type": "string" + }, + "aws-native:medialive:EventBridgeRuleTemplateTarget": { + "type": "object", + "properties": { + "arn": { + "type": "string", + "description": "Target ARNs must be either an SNS topic or CloudWatch log group." + } + } + }, "aws-native:medialive:MultiplexOutputDestination": { "type": "object", "properties": { @@ -148543,6 +153274,134 @@ "aws-native:medialive:MultiplexprogramPreferredChannelPipeline": { "type": "string" }, + "aws-native:medialive:NetworkIpPool": { + "type": "object", + "properties": { + "cidr": { + "type": "string", + "description": "IP address cidr pool" + } + } + }, + "aws-native:medialive:NetworkRoute": { + "type": "object", + "properties": { + "cidr": { + "type": "string", + "description": "Ip address cidr" + }, + "gateway": { + "type": "string", + "description": "IP address for the route packet paths" + } + } + }, + "aws-native:medialive:NetworkState": { + "type": "string" + }, + "aws-native:medialive:NetworkTags": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "aws-native:medialive:SdiSourceMode": { + "type": "string" + }, + "aws-native:medialive:SdiSourceState": { + "type": "string" + }, + "aws-native:medialive:SdiSourceTags": { + "type": "object", + "properties": { + "key": { + "type": "string" + }, + "value": { + "type": "string" + } + } + }, + "aws-native:medialive:SdiSourceType": { + "type": "string" + }, + "aws-native:medialive:SignalMapMediaResource": { + "type": "object", + "properties": { + "destinations": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:SignalMapMediaResourceNeighbor" + }, + "description": "A direct destination neighbor to an Amazon Web Services media resource." + }, + "name": { + "type": "string", + "description": "The logical name of an AWS media resource." + }, + "sources": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:medialive:SignalMapMediaResourceNeighbor" + }, + "description": "A direct source neighbor to an Amazon Web Services media resource." + } + } + }, + "aws-native:medialive:SignalMapMediaResourceNeighbor": { + "type": "object", + "properties": { + "arn": { + "type": "string", + "description": "The ARN of a resource used in AWS media workflows." + }, + "name": { + "type": "string", + "description": "The logical name of an AWS media resource." + } + } + }, + "aws-native:medialive:SignalMapMonitorDeployment": { + "type": "object", + "properties": { + "detailsUri": { + "type": "string", + "description": "URI associated with a signal map's monitor deployment." + }, + "errorMessage": { + "type": "string", + "description": "Error message associated with a failed monitor deployment of a signal map." + }, + "status": { + "$ref": "#/types/aws-native:medialive:SignalMapMonitorDeploymentStatus", + "description": "The signal map monitor deployment status." + } + } + }, + "aws-native:medialive:SignalMapMonitorDeploymentStatus": { + "type": "string" + }, + "aws-native:medialive:SignalMapStatus": { + "type": "string" + }, + "aws-native:medialive:SignalMapSuccessfulMonitorDeployment": { + "type": "object", + "properties": { + "detailsUri": { + "type": "string", + "description": "URI associated with a signal map's monitor deployment." + }, + "status": { + "$ref": "#/types/aws-native:medialive:SignalMapMonitorDeploymentStatus", + "description": "A signal map's monitor deployment status." + } + } + }, "aws-native:mediapackage:AssetEgressEndpoint": { "type": "object", "properties": { @@ -150287,16 +155146,13 @@ "type": "object", "properties": { "cloudWatchLogs": { - "$ref": "#/types/aws-native:msk:ClusterCloudWatchLogs", - "description": "Details of the CloudWatch Logs destination for broker logs." + "$ref": "#/types/aws-native:msk:ClusterCloudWatchLogs" }, "firehose": { - "$ref": "#/types/aws-native:msk:ClusterFirehose", - "description": "Details of the Kinesis Data Firehose delivery stream that is the destination for broker logs." + "$ref": "#/types/aws-native:msk:ClusterFirehose" }, "s3": { - "$ref": "#/types/aws-native:msk:ClusterS3", - "description": "Details of the Amazon S3 destination for broker logs." + "$ref": "#/types/aws-native:msk:ClusterS3" } }, "irreversibleNames": { @@ -150308,7 +155164,6 @@ "properties": { "brokerAzDistribution": { "type": "string", - "description": "This parameter is currently not in use.", "replaceOnChanges": true }, "clientSubnets": { @@ -150316,12 +155171,10 @@ "items": { "type": "string" }, - "description": "The list of subnets to connect to in the client virtual private cloud (VPC). Amazon creates elastic network interfaces inside these subnets. Client applications use elastic network interfaces to produce and consume data.\n\nIf you use the US West (N. California) Region, specify exactly two subnets. For other Regions where Amazon MSK is available, you can specify either two or three subnets. The subnets that you specify must be in distinct Availability Zones. When you create a cluster, Amazon MSK distributes the broker nodes evenly across the subnets that you specify.\n\nClient subnets can't occupy the Availability Zone with ID `use1-az3` .", "replaceOnChanges": true }, "connectivityInfo": { - "$ref": "#/types/aws-native:msk:ClusterConnectivityInfo", - "description": "Information about the cluster's connectivity setting." + "$ref": "#/types/aws-native:msk:ClusterConnectivityInfo" }, "instanceType": { "type": "string", @@ -150332,12 +155185,10 @@ "items": { "type": "string" }, - "description": "The security groups to associate with the elastic network interfaces in order to specify who can connect to and communicate with the Amazon MSK cluster. If you don't specify a security group, Amazon MSK uses the default security group associated with the VPC. If you specify security groups that were shared with you, you must ensure that you have permissions to them. Specifically, you need the `ec2:DescribeSecurityGroups` permission.", "replaceOnChanges": true }, "storageInfo": { - "$ref": "#/types/aws-native:msk:ClusterStorageInfo", - "description": "Contains information about storage volumes attached to Amazon MSK broker nodes." + "$ref": "#/types/aws-native:msk:ClusterStorageInfo" } }, "irreversibleNames": { @@ -150348,16 +155199,13 @@ "type": "object", "properties": { "sasl": { - "$ref": "#/types/aws-native:msk:ClusterSasl", - "description": "Details for client authentication using SASL. To turn on SASL, you must also turn on `EncryptionInTransit` by setting `inCluster` to true. You must set `clientBroker` to either `TLS` or `TLS_PLAINTEXT` . If you choose `TLS_PLAINTEXT` , then you must also set `unauthenticated` to true." + "$ref": "#/types/aws-native:msk:ClusterSasl" }, "tls": { - "$ref": "#/types/aws-native:msk:ClusterTls", - "description": "Details for ClientAuthentication using TLS. To turn on TLS access control, you must also turn on `EncryptionInTransit` by setting `inCluster` to true and `clientBroker` to `TLS` ." + "$ref": "#/types/aws-native:msk:ClusterTls" }, "unauthenticated": { - "$ref": "#/types/aws-native:msk:ClusterUnauthenticated", - "description": "Details for ClientAuthentication using no authentication." + "$ref": "#/types/aws-native:msk:ClusterUnauthenticated" } } }, @@ -150365,12 +155213,10 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "Specifies whether broker logs get sent to the specified CloudWatch Logs destination." + "type": "boolean" }, "logGroup": { - "type": "string", - "description": "The CloudWatch log group that is the destination for broker logs." + "type": "string" } } }, @@ -150378,12 +155224,10 @@ "type": "object", "properties": { "arn": { - "type": "string", - "description": "ARN of the configuration to use." + "type": "string" }, "revision": { - "type": "integer", - "description": "The revision of the configuration to use." + "type": "integer" } } }, @@ -150391,12 +155235,10 @@ "type": "object", "properties": { "publicAccess": { - "$ref": "#/types/aws-native:msk:ClusterPublicAccess", - "description": "Access control settings for the cluster's brokers." + "$ref": "#/types/aws-native:msk:ClusterPublicAccess" }, "vpcConnectivity": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivity", - "description": "VPC connection control settings for brokers" + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivity" } } }, @@ -150404,12 +155246,10 @@ "type": "object", "properties": { "provisionedThroughput": { - "$ref": "#/types/aws-native:msk:ClusterProvisionedThroughput", - "description": "EBS volume provisioned throughput information." + "$ref": "#/types/aws-native:msk:ClusterProvisionedThroughput" }, "volumeSize": { - "type": "integer", - "description": "The size in GiB of the EBS volume for the data drive on each broker node." + "type": "integer" } } }, @@ -150417,8 +155257,7 @@ "type": "object", "properties": { "dataVolumeKmsKeyId": { - "type": "string", - "description": "The Amazon Resource Name (ARN) of the Amazon KMS key for encrypting data at rest. If you don't specify a KMS key, MSK creates one for you and uses it." + "type": "string" } }, "irreversibleNames": { @@ -150429,12 +155268,10 @@ "type": "object", "properties": { "clientBroker": { - "$ref": "#/types/aws-native:msk:ClusterEncryptionInTransitClientBroker", - "description": "Indicates the encryption setting for data in transit between clients and brokers. You must set it to one of the following values.\n\n`TLS` means that client-broker communication is enabled with TLS only.\n\n`TLS_PLAINTEXT` means that client-broker communication is enabled for both TLS-encrypted, as well as plaintext data.\n\n`PLAINTEXT` means that client-broker communication is enabled in plaintext only.\n\nThe default value is `TLS` ." + "$ref": "#/types/aws-native:msk:ClusterEncryptionInTransitClientBroker" }, "inCluster": { "type": "boolean", - "description": "When set to true, it indicates that data communication among the broker nodes of the cluster is encrypted. When set to false, the communication happens in plaintext.\n\nThe default value is true.", "replaceOnChanges": true } } @@ -150447,12 +155284,10 @@ "properties": { "encryptionAtRest": { "$ref": "#/types/aws-native:msk:ClusterEncryptionAtRest", - "description": "The data-volume encryption details.", "replaceOnChanges": true }, "encryptionInTransit": { - "$ref": "#/types/aws-native:msk:ClusterEncryptionInTransit", - "description": "The details for encryption in transit." + "$ref": "#/types/aws-native:msk:ClusterEncryptionInTransit" } } }, @@ -150463,12 +155298,10 @@ "type": "object", "properties": { "deliveryStream": { - "type": "string", - "description": "The Kinesis Data Firehose delivery stream that is the destination for broker logs." + "type": "string" }, "enabled": { - "type": "boolean", - "description": "Specifies whether broker logs get sent to the specified Kinesis Data Firehose delivery stream." + "type": "boolean" } } }, @@ -150476,8 +155309,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "SASL/IAM authentication is enabled or not." + "type": "boolean" } } }, @@ -150485,8 +155317,7 @@ "type": "object", "properties": { "enabledInBroker": { - "type": "boolean", - "description": "Indicates whether you want to enable or disable the JMX Exporter." + "type": "boolean" } } }, @@ -150494,8 +155325,7 @@ "type": "object", "properties": { "brokerLogs": { - "$ref": "#/types/aws-native:msk:ClusterBrokerLogs", - "description": "You can configure your MSK cluster to send broker logs to different destination types. This configuration specifies the details of these destinations." + "$ref": "#/types/aws-native:msk:ClusterBrokerLogs" } } }, @@ -150503,8 +155333,7 @@ "type": "object", "properties": { "enabledInBroker": { - "type": "boolean", - "description": "Indicates whether you want to enable or disable the Node Exporter." + "type": "boolean" } } }, @@ -150512,8 +155341,7 @@ "type": "object", "properties": { "prometheus": { - "$ref": "#/types/aws-native:msk:ClusterPrometheus", - "description": "Prometheus exporter settings." + "$ref": "#/types/aws-native:msk:ClusterPrometheus" } } }, @@ -150521,12 +155349,10 @@ "type": "object", "properties": { "jmxExporter": { - "$ref": "#/types/aws-native:msk:ClusterJmxExporter", - "description": "Indicates whether you want to enable or disable the JMX Exporter." + "$ref": "#/types/aws-native:msk:ClusterJmxExporter" }, "nodeExporter": { - "$ref": "#/types/aws-native:msk:ClusterNodeExporter", - "description": "Indicates whether you want to enable or disable the Node Exporter." + "$ref": "#/types/aws-native:msk:ClusterNodeExporter" } } }, @@ -150534,12 +155360,10 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "Provisioned throughput is enabled or not." + "type": "boolean" }, "volumeThroughput": { - "type": "integer", - "description": "Throughput value of the EBS volumes for the data drive on each kafka broker node in MiB per second." + "type": "integer" } } }, @@ -150547,8 +155371,7 @@ "type": "object", "properties": { "type": { - "type": "string", - "description": "DISABLED means that public access is turned off. SERVICE_PROVIDED_EIPS means that public access is turned on." + "type": "string" } } }, @@ -150556,16 +155379,13 @@ "type": "object", "properties": { "bucket": { - "type": "string", - "description": "The name of the S3 bucket that is the destination for broker logs." + "type": "string" }, "enabled": { - "type": "boolean", - "description": "Specifies whether broker logs get sent to the specified Amazon S3 destination." + "type": "boolean" }, "prefix": { - "type": "string", - "description": "The S3 prefix that is the destination for broker logs." + "type": "string" } } }, @@ -150573,12 +155393,10 @@ "type": "object", "properties": { "iam": { - "$ref": "#/types/aws-native:msk:ClusterIam", - "description": "Details for ClientAuthentication using IAM." + "$ref": "#/types/aws-native:msk:ClusterIam" }, "scram": { - "$ref": "#/types/aws-native:msk:ClusterScram", - "description": "Details for SASL/SCRAM client authentication." + "$ref": "#/types/aws-native:msk:ClusterScram" } } }, @@ -150586,8 +155404,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "SASL/SCRAM authentication is enabled or not." + "type": "boolean" } } }, @@ -150595,8 +155412,7 @@ "type": "object", "properties": { "ebsStorageInfo": { - "$ref": "#/types/aws-native:msk:ClusterEbsStorageInfo", - "description": "EBS volume information." + "$ref": "#/types/aws-native:msk:ClusterEbsStorageInfo" } }, "irreversibleNames": { @@ -150613,12 +155429,10 @@ "type": "array", "items": { "type": "string" - }, - "description": "List of AWS Private CA Amazon Resource Name (ARN)s." + } }, "enabled": { - "type": "boolean", - "description": "TLS authentication is enabled or not." + "type": "boolean" } } }, @@ -150626,8 +155440,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "Unauthenticated is enabled or not." + "type": "boolean" } } }, @@ -150635,8 +155448,7 @@ "type": "object", "properties": { "clientAuthentication": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityClientAuthentication", - "description": "VPC connection control settings for brokers." + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityClientAuthentication" } } }, @@ -150644,12 +155456,10 @@ "type": "object", "properties": { "sasl": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivitySasl", - "description": "Details for VpcConnectivity ClientAuthentication using SASL." + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivitySasl" }, "tls": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityTls", - "description": "Details for VpcConnectivity ClientAuthentication using TLS." + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityTls" } } }, @@ -150657,8 +155467,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "SASL/IAM authentication is enabled or not." + "type": "boolean" } } }, @@ -150666,12 +155475,10 @@ "type": "object", "properties": { "iam": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityIam", - "description": "Details for ClientAuthentication using IAM for VpcConnectivity." + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityIam" }, "scram": { - "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityScram", - "description": "Details for SASL/SCRAM client authentication for VpcConnectivity." + "$ref": "#/types/aws-native:msk:ClusterVpcConnectivityScram" } } }, @@ -150679,8 +155486,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "SASL/SCRAM authentication is enabled or not." + "type": "boolean" } } }, @@ -150688,8 +155494,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "TLS authentication is enabled or not." + "type": "boolean" } } }, @@ -150807,7 +155612,8 @@ "type": "object", "properties": { "type": { - "$ref": "#/types/aws-native:msk:ReplicatorReplicationStartingPositionType" + "$ref": "#/types/aws-native:msk:ReplicatorReplicationStartingPositionType", + "description": "The type of replication starting position." } } }, @@ -150818,7 +155624,8 @@ "type": "object", "properties": { "type": { - "$ref": "#/types/aws-native:msk:ReplicatorReplicationTopicNameConfigurationType" + "$ref": "#/types/aws-native:msk:ReplicatorReplicationTopicNameConfigurationType", + "description": "The type of replication topic name configuration, identical to upstream topic name or prefixed with source cluster alias." } } }, @@ -150879,8 +155686,7 @@ "type": "object", "properties": { "sasl": { - "$ref": "#/types/aws-native:msk:ServerlessClusterSasl", - "description": "Details for client authentication using SASL. To turn on SASL, you must also turn on `EncryptionInTransit` by setting `inCluster` to true. You must set `clientBroker` to either `TLS` or `TLS_PLAINTEXT` . If you choose `TLS_PLAINTEXT` , then you must also set `unauthenticated` to true." + "$ref": "#/types/aws-native:msk:ServerlessClusterSasl" } } }, @@ -150888,8 +155694,7 @@ "type": "object", "properties": { "enabled": { - "type": "boolean", - "description": "SASL/IAM authentication is enabled or not." + "type": "boolean" } } }, @@ -150897,8 +155702,7 @@ "type": "object", "properties": { "iam": { - "$ref": "#/types/aws-native:msk:ServerlessClusterIam", - "description": "Details for ClientAuthentication using IAM." + "$ref": "#/types/aws-native:msk:ServerlessClusterIam" } } }, @@ -151190,6 +155994,9 @@ "aws-native:networkfirewall:FirewallPolicyStatefulEngineOptions": { "type": "object", "properties": { + "flowTimeouts": { + "$ref": "#/types/aws-native:networkfirewall:FirewallPolicyStatefulEngineOptionsFlowTimeoutsProperties" + }, "ruleOrder": { "$ref": "#/types/aws-native:networkfirewall:FirewallPolicyRuleOrder", "description": "Indicates how to manage the order of stateful rule evaluation for the policy. `DEFAULT_ACTION_ORDER` is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see [Evaluation order for stateful rules](https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html) in the *AWS Network Firewall Developer Guide* ." @@ -151200,6 +156007,14 @@ } } }, + "aws-native:networkfirewall:FirewallPolicyStatefulEngineOptionsFlowTimeoutsProperties": { + "type": "object", + "properties": { + "tcpIdleTimeoutSeconds": { + "type": "integer" + } + } + }, "aws-native:networkfirewall:FirewallPolicyStatefulRuleGroupOverride": { "type": "object", "properties": { @@ -152990,6 +157805,10 @@ "type": "boolean", "description": "True to enable the internal user database." }, + "jwtOptions": { + "$ref": "#/types/aws-native:opensearchservice:DomainJwtOptions", + "description": "Container for information about the JWT configuration of the Amazon OpenSearch Service." + }, "masterUserOptions": { "$ref": "#/types/aws-native:opensearchservice:DomainMasterUserOptions", "description": "Specifies information about the master user." @@ -153000,6 +157819,7 @@ } }, "irreversibleNames": { + "jwtOptions": "JWTOptions", "samlOptions": "SAMLOptions" } }, @@ -153172,6 +157992,23 @@ } } }, + "aws-native:opensearchservice:DomainJwtOptions": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "publicKey": { + "type": "string" + }, + "rolesKey": { + "type": "string" + }, + "subjectKey": { + "type": "string" + } + } + }, "aws-native:opensearchservice:DomainLogPublishingOption": { "type": "object", "properties": { @@ -154416,6 +159253,29 @@ "aws-native:pcaconnectorad:TemplateValidityPeriodType": { "type": "string" }, + "aws-native:pcaconnectorscep:ConnectorMobileDeviceManagement": { + "type": "object" + }, + "aws-native:pcaconnectorscep:ConnectorOpenIdConfiguration": { + "type": "object", + "properties": { + "audience": { + "type": "string", + "description": "The audience value to copy into your Microsoft Entra app registration's OIDC." + }, + "issuer": { + "type": "string", + "description": "The issuer value to copy into your Microsoft Entra app registration's OIDC." + }, + "subject": { + "type": "string", + "description": "The subject value to copy into your Microsoft Entra app registration's OIDC." + } + } + }, + "aws-native:pcaconnectorscep:ConnectorType": { + "type": "string" + }, "aws-native:personalize:DatasetGroupDomain": { "type": "string" }, @@ -155505,19 +160365,19 @@ }, "maximumRecordAgeInSeconds": { "type": "integer", - "description": "(Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records." + "description": "Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records." }, "maximumRetryAttempts": { "type": "integer", - "description": "(Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source." + "description": "Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source." }, "onPartialBatchItemFailure": { "$ref": "#/types/aws-native:pipes:PipeOnPartialBatchItemFailureStreams", - "description": "(Streams only) Define how to handle item process failures. `AUTOMATIC_BISECT` halves each batch and retry each half until all the records are processed or there is one failed message left in the batch." + "description": "Define how to handle item process failures. `AUTOMATIC_BISECT` halves each batch and retry each half until all the records are processed or there is one failed message left in the batch." }, "parallelizationFactor": { "type": "integer", - "description": "(Streams only) The number of batches to process concurrently from each shard. The default value is 1." + "description": "The number of batches to process concurrently from each shard. The default value is 1." }, "startingPosition": { "$ref": "#/types/aws-native:pipes:PipeDynamoDbStreamStartPosition", @@ -155543,23 +160403,23 @@ }, "maximumRecordAgeInSeconds": { "type": "integer", - "description": "(Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records." + "description": "Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, EventBridge never discards old records." }, "maximumRetryAttempts": { "type": "integer", - "description": "(Streams only) Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source." + "description": "Discard records after the specified number of retries. The default value is -1, which sets the maximum number of retries to infinite. When MaximumRetryAttempts is infinite, EventBridge retries failed records until the record expires in the event source." }, "onPartialBatchItemFailure": { "$ref": "#/types/aws-native:pipes:PipeOnPartialBatchItemFailureStreams", - "description": "(Streams only) Define how to handle item process failures. `AUTOMATIC_BISECT` halves each batch and retry each half until all the records are processed or there is one failed message left in the batch." + "description": "Define how to handle item process failures. `AUTOMATIC_BISECT` halves each batch and retry each half until all the records are processed or there is one failed message left in the batch." }, "parallelizationFactor": { "type": "integer", - "description": "(Streams only) The number of batches to process concurrently from each shard. The default value is 1." + "description": "The number of batches to process concurrently from each shard. The default value is 1." }, "startingPosition": { "$ref": "#/types/aws-native:pipes:PipeKinesisStreamStartPosition", - "description": "(Streams only) The position in a stream from which to start reading.", + "description": "The position in a stream from which to start reading.", "replaceOnChanges": true }, "startingPositionTimestamp": { @@ -155598,7 +160458,7 @@ }, "startingPosition": { "$ref": "#/types/aws-native:pipes:PipeMskStartPosition", - "description": "(Streams only) The position in a stream from which to start reading.", + "description": "The position in a stream from which to start reading.", "replaceOnChanges": true }, "topicName": { @@ -155688,7 +160548,8 @@ "items": { "type": "string" }, - "description": "An array of server URLs." + "description": "An array of server URLs.", + "replaceOnChanges": true }, "batchSize": { "type": "integer", @@ -155696,7 +160557,8 @@ }, "consumerGroupId": { "type": "string", - "description": "The name of the destination queue to consume." + "description": "The name of the destination queue to consume.", + "replaceOnChanges": true }, "credentials": { "oneOf": [ @@ -155725,11 +160587,13 @@ }, "startingPosition": { "$ref": "#/types/aws-native:pipes:PipeSelfManagedKafkaStartPosition", - "description": "(Streams only) The position in a stream from which to start reading." + "description": "The position in a stream from which to start reading.", + "replaceOnChanges": true }, "topicName": { "type": "string", - "description": "The name of the topic that the pipe will read from." + "description": "The name of the topic that the pipe will read from.", + "replaceOnChanges": true }, "vpc": { "$ref": "#/types/aws-native:pipes:PipeSelfManagedKafkaAccessConfigurationVpc", @@ -156137,7 +161001,7 @@ }, "timestampFormat": { "type": "string", - "description": "How to format the timestamps. For example, `YYYY-MM-DDThh:mm:ss.sssTZD` .\n\nRequired if `TimeFieldType` is specified as `TIMESTAMP_FORMAT` ." + "description": "How to format the timestamps. For example, `yyyy-MM-dd'T'HH:mm:ss'Z'` .\n\nRequired if `TimeFieldType` is specified as `TIMESTAMP_FORMAT` ." }, "versionValue": { "type": "string", @@ -156212,10 +161076,12 @@ "type": "object", "properties": { "autoSubscribe": { - "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionStatus" + "$ref": "#/types/aws-native:qbusiness:ApplicationAutoSubscriptionStatus", + "description": "Describes whether automatic subscriptions are enabled for an Amazon Q Business application using IAM identity federation for user management." }, "defaultSubscriptionType": { - "$ref": "#/types/aws-native:qbusiness:ApplicationSubscriptionType" + "$ref": "#/types/aws-native:qbusiness:ApplicationSubscriptionType", + "description": "Describes the default subscription type assigned to an Amazon Q Business application using IAM identity federation for user management. If the value for `autoSubscribe` is set to `ENABLED` you must select a value for this field." } } }, @@ -156238,7 +161104,8 @@ "type": "object", "properties": { "personalizationControlMode": { - "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationControlMode" + "$ref": "#/types/aws-native:qbusiness:ApplicationPersonalizationControlMode", + "description": "An option to allow Amazon Q Business to customize chat responses using user specific metadata—specifically, location and job information—in your IAM Identity Center instance." } } }, @@ -157670,6 +162537,20 @@ "aws-native:quicksight:AnalysisCategoryFilterSelectAllOptions": { "type": "string" }, + "aws-native:quicksight:AnalysisCategoryInnerFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:AnalysisColumnIdentifier" + }, + "configuration": { + "$ref": "#/types/aws-native:quicksight:AnalysisCategoryFilterConfiguration" + }, + "defaultFilterControlConfiguration": { + "$ref": "#/types/aws-native:quicksight:AnalysisDefaultFilterControlConfiguration" + } + } + }, "aws-native:quicksight:AnalysisChartAxisLabelOptions": { "type": "object", "properties": { @@ -157828,6 +162709,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:AnalysisTooltipTarget", + "description": "Determines the target of the column tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:AnalysisVisibility", "description": "The visibility of the tooltip item." @@ -157925,6 +162810,9 @@ "$ref": "#/types/aws-native:quicksight:AnalysisChartAxisLabelOptions", "description": "The label options (label text, label visibility, and sort icon visibility) of a combo chart's secondary y-axis(line) field well." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:AnalysisSingleAxisOptions" + }, "sortConfiguration": { "$ref": "#/types/aws-native:quicksight:AnalysisComboChartSortConfiguration", "description": "The sort configuration of a `ComboChartVisual` ." @@ -158010,6 +162898,9 @@ } } }, + "aws-native:quicksight:AnalysisCommitMode": { + "type": "string" + }, "aws-native:quicksight:AnalysisComparisonConfiguration": { "type": "object", "properties": { @@ -158986,6 +163877,10 @@ "aws-native:quicksight:AnalysisDefaultDateTimePickerControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -159045,6 +163940,10 @@ "aws-native:quicksight:AnalysisDefaultFilterDropDownControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisDropDownControlDisplayOptions", "description": "The display options of a control." @@ -159136,6 +164035,10 @@ "aws-native:quicksight:AnalysisDefaultRelativeDateTimeControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `RelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -159252,6 +164155,9 @@ }, "description": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* ." }, + "queryExecutionOptions": { + "$ref": "#/types/aws-native:quicksight:AnalysisQueryExecutionOptions" + }, "sheets": { "type": "array", "items": { @@ -159273,7 +164179,8 @@ "description": "The configuration that selects all options." }, "sourceColumn": { - "$ref": "#/types/aws-native:quicksight:AnalysisColumnIdentifier" + "$ref": "#/types/aws-native:quicksight:AnalysisColumnIdentifier", + "description": "A column of a data set." }, "sourceField": { "type": "string", @@ -159554,6 +164461,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:AnalysisTooltipTarget", + "description": "Determines the target of the field tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:AnalysisVisibility", "description": "The visibility of the tooltip item." @@ -159709,6 +164620,10 @@ "$ref": "#/types/aws-native:quicksight:AnalysisCategoryFilter", "description": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* ." }, + "nestedFilter": { + "$ref": "#/types/aws-native:quicksight:AnalysisNestedFilter", + "description": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter." + }, "numericEqualityFilter": { "$ref": "#/types/aws-native:quicksight:AnalysisNumericEqualityFilter", "description": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value." @@ -159792,6 +164707,10 @@ "aws-native:quicksight:AnalysisFilterDateTimePickerControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configurationof the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -159821,6 +164740,10 @@ "$ref": "#/types/aws-native:quicksight:AnalysisCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisDropDownControlDisplayOptions", "description": "The display options of the `FilterDropDownControl` ." @@ -159970,6 +164893,10 @@ "aws-native:quicksight:AnalysisFilterRelativeDateTimeControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterRelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -161264,6 +166191,15 @@ "aws-native:quicksight:AnalysisIcon": { "type": "string" }, + "aws-native:quicksight:AnalysisInnerFilter": { + "type": "object", + "properties": { + "categoryInnerFilter": { + "$ref": "#/types/aws-native:quicksight:AnalysisCategoryInnerFilter", + "description": "A `CategoryInnerFilter` filters text values for the `NestedFilter` ." + } + } + }, "aws-native:quicksight:AnalysisInsightConfiguration": { "type": "object", "properties": { @@ -161831,6 +166767,9 @@ }, "description": "The series item configuration of a line chart." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:AnalysisSingleAxisOptions" + }, "smallMultiplesOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisSmallMultiplesOptions", "description": "The small multiples setup for the visual." @@ -162238,6 +167177,27 @@ "aws-native:quicksight:AnalysisNegativeValueDisplayMode": { "type": "string" }, + "aws-native:quicksight:AnalysisNestedFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:AnalysisColumnIdentifier", + "description": "The column that the filter is applied to." + }, + "filterId": { + "type": "string", + "description": "An identifier that uniquely identifies a filter within a dashboard, analysis, or template." + }, + "includeInnerSet": { + "type": "boolean", + "description": "A boolean condition to include or exclude the subset that is defined by the values of the nested inner filter." + }, + "innerFilter": { + "$ref": "#/types/aws-native:quicksight:AnalysisInnerFilter", + "description": "The `InnerFilter` defines the subset of data to be used with the `NestedFilter` ." + } + } + }, "aws-native:quicksight:AnalysisNullValueFormatConfiguration": { "type": "object", "properties": { @@ -162671,6 +167631,10 @@ "$ref": "#/types/aws-native:quicksight:AnalysisCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisCommitMode", + "description": "The visibility configuration of the Apply button on a `ParameterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:AnalysisDropDownControlDisplayOptions", "description": "The display options of a control." @@ -163593,6 +168557,18 @@ } } }, + "aws-native:quicksight:AnalysisQueryExecutionMode": { + "type": "string" + }, + "aws-native:quicksight:AnalysisQueryExecutionOptions": { + "type": "object", + "properties": { + "queryExecutionMode": { + "$ref": "#/types/aws-native:quicksight:AnalysisQueryExecutionMode", + "description": "A structure that describes the query execution mode." + } + } + }, "aws-native:quicksight:AnalysisRadarChartAggregatedFieldWells": { "type": "object", "properties": { @@ -164732,6 +169708,18 @@ "aws-native:quicksight:AnalysisSimpleTotalAggregationFunction": { "type": "string" }, + "aws-native:quicksight:AnalysisSingleAxisOptions": { + "type": "object", + "properties": { + "yAxisOptions": { + "$ref": "#/types/aws-native:quicksight:AnalysisYAxisOptions", + "description": "The Y axis options of a single axis configuration." + } + } + }, + "aws-native:quicksight:AnalysisSingleYAxisOption": { + "type": "string" + }, "aws-native:quicksight:AnalysisSliderControlDisplayOptions": { "type": "object", "properties": { @@ -165716,6 +170704,9 @@ } } }, + "aws-native:quicksight:AnalysisTooltipTarget": { + "type": "string" + }, "aws-native:quicksight:AnalysisTooltipTitleType": { "type": "string" }, @@ -166645,6 +171636,15 @@ "aws-native:quicksight:AnalysisWordCloudWordScaling": { "type": "string" }, + "aws-native:quicksight:AnalysisYAxisOptions": { + "type": "object", + "properties": { + "yAxis": { + "$ref": "#/types/aws-native:quicksight:AnalysisSingleYAxisOption", + "description": "The Y axis type to be used in the chart.\n\nIf you choose `PRIMARY_Y_AXIS` , the primary Y Axis is located on the leftmost vertical axis of the chart." + } + } + }, "aws-native:quicksight:DashboardAdHocFilteringOption": { "type": "object", "properties": { @@ -167525,6 +172525,20 @@ "aws-native:quicksight:DashboardCategoryFilterSelectAllOptions": { "type": "string" }, + "aws-native:quicksight:DashboardCategoryInnerFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:DashboardColumnIdentifier" + }, + "configuration": { + "$ref": "#/types/aws-native:quicksight:DashboardCategoryFilterConfiguration" + }, + "defaultFilterControlConfiguration": { + "$ref": "#/types/aws-native:quicksight:DashboardDefaultFilterControlConfiguration" + } + } + }, "aws-native:quicksight:DashboardChartAxisLabelOptions": { "type": "object", "properties": { @@ -167683,6 +172697,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:DashboardTooltipTarget", + "description": "Determines the target of the column tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:DashboardVisibility", "description": "The visibility of the tooltip item." @@ -167780,6 +172798,9 @@ "$ref": "#/types/aws-native:quicksight:DashboardChartAxisLabelOptions", "description": "The label options (label text, label visibility, and sort icon visibility) of a combo chart's secondary y-axis(line) field well." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:DashboardSingleAxisOptions" + }, "sortConfiguration": { "$ref": "#/types/aws-native:quicksight:DashboardComboChartSortConfiguration", "description": "The sort configuration of a `ComboChartVisual` ." @@ -167865,6 +172886,9 @@ } } }, + "aws-native:quicksight:DashboardCommitMode": { + "type": "string" + }, "aws-native:quicksight:DashboardComparisonConfiguration": { "type": "object", "properties": { @@ -168868,6 +173892,10 @@ "aws-native:quicksight:DashboardDefaultDateTimePickerControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -168927,6 +173955,10 @@ "aws-native:quicksight:DashboardDefaultFilterDropDownControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardDropDownControlDisplayOptions", "description": "The display options of a control." @@ -169018,6 +174050,10 @@ "aws-native:quicksight:DashboardDefaultRelativeDateTimeControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `RelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -169092,7 +174128,8 @@ "description": "The configuration that selects all options." }, "sourceColumn": { - "$ref": "#/types/aws-native:quicksight:DashboardColumnIdentifier" + "$ref": "#/types/aws-native:quicksight:DashboardColumnIdentifier", + "description": "A column of a data set." }, "sourceField": { "type": "string", @@ -169400,6 +174437,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:DashboardTooltipTarget", + "description": "Determines the target of the field tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:DashboardVisibility", "description": "The visibility of the tooltip item." @@ -169555,6 +174596,10 @@ "$ref": "#/types/aws-native:quicksight:DashboardCategoryFilter", "description": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* ." }, + "nestedFilter": { + "$ref": "#/types/aws-native:quicksight:DashboardNestedFilter", + "description": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter." + }, "numericEqualityFilter": { "$ref": "#/types/aws-native:quicksight:DashboardNumericEqualityFilter", "description": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value." @@ -169638,6 +174683,10 @@ "aws-native:quicksight:DashboardFilterDateTimePickerControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configurationof the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -169667,6 +174716,10 @@ "$ref": "#/types/aws-native:quicksight:DashboardCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardDropDownControlDisplayOptions", "description": "The display options of the `FilterDropDownControl` ." @@ -169816,6 +174869,10 @@ "aws-native:quicksight:DashboardFilterRelativeDateTimeControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterRelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -171110,6 +176167,15 @@ "aws-native:quicksight:DashboardIcon": { "type": "string" }, + "aws-native:quicksight:DashboardInnerFilter": { + "type": "object", + "properties": { + "categoryInnerFilter": { + "$ref": "#/types/aws-native:quicksight:DashboardCategoryInnerFilter", + "description": "A `CategoryInnerFilter` filters text values for the `NestedFilter` ." + } + } + }, "aws-native:quicksight:DashboardInsightConfiguration": { "type": "object", "properties": { @@ -171677,6 +176743,9 @@ }, "description": "The series item configuration of a line chart." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:DashboardSingleAxisOptions" + }, "smallMultiplesOptions": { "$ref": "#/types/aws-native:quicksight:DashboardSmallMultiplesOptions", "description": "The small multiples setup for the visual." @@ -172096,6 +177165,27 @@ "aws-native:quicksight:DashboardNegativeValueDisplayMode": { "type": "string" }, + "aws-native:quicksight:DashboardNestedFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:DashboardColumnIdentifier", + "description": "The column that the filter is applied to." + }, + "filterId": { + "type": "string", + "description": "An identifier that uniquely identifies a filter within a dashboard, analysis, or template." + }, + "includeInnerSet": { + "type": "boolean", + "description": "A boolean condition to include or exclude the subset that is defined by the values of the nested inner filter." + }, + "innerFilter": { + "$ref": "#/types/aws-native:quicksight:DashboardInnerFilter", + "description": "The `InnerFilter` defines the subset of data to be used with the `NestedFilter` ." + } + } + }, "aws-native:quicksight:DashboardNullValueFormatConfiguration": { "type": "object", "properties": { @@ -172529,6 +177619,10 @@ "$ref": "#/types/aws-native:quicksight:DashboardCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:DashboardCommitMode", + "description": "The visibility configuration of the Apply button on a `ParameterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:DashboardDropDownControlDisplayOptions", "description": "The display options of a control." @@ -174660,6 +179754,18 @@ "aws-native:quicksight:DashboardSimpleTotalAggregationFunction": { "type": "string" }, + "aws-native:quicksight:DashboardSingleAxisOptions": { + "type": "object", + "properties": { + "yAxisOptions": { + "$ref": "#/types/aws-native:quicksight:DashboardYAxisOptions", + "description": "The Y axis options of a single axis configuration." + } + } + }, + "aws-native:quicksight:DashboardSingleYAxisOption": { + "type": "string" + }, "aws-native:quicksight:DashboardSliderControlDisplayOptions": { "type": "object", "properties": { @@ -175644,6 +180750,9 @@ } } }, + "aws-native:quicksight:DashboardTooltipTarget": { + "type": "string" + }, "aws-native:quicksight:DashboardTooltipTitleType": { "type": "string" }, @@ -176711,6 +181820,15 @@ "aws-native:quicksight:DashboardWordCloudWordScaling": { "type": "string" }, + "aws-native:quicksight:DashboardYAxisOptions": { + "type": "object", + "properties": { + "yAxis": { + "$ref": "#/types/aws-native:quicksight:DashboardSingleYAxisOption", + "description": "The Y axis type to be used in the chart.\n\nIf you choose `PRIMARY_Y_AXIS` , the primary Y Axis is located on the leftmost vertical axis of the chart." + } + } + }, "aws-native:quicksight:DataSetCalculatedColumn": { "type": "object", "properties": { @@ -177531,7 +182649,8 @@ "description": "An operation that filters rows based on some condition." }, "overrideDatasetParameterOperation": { - "$ref": "#/types/aws-native:quicksight:DataSetOverrideDatasetParameterOperation" + "$ref": "#/types/aws-native:quicksight:DataSetOverrideDatasetParameterOperation", + "description": "A transform operation that overrides the dataset parameter values that are defined in another dataset." }, "projectOperation": { "$ref": "#/types/aws-native:quicksight:DataSetProjectOperation", @@ -178177,6 +183296,41 @@ } } }, + "aws-native:quicksight:FolderResourcePermission": { + "type": "object", + "properties": { + "actions": { + "type": "array", + "items": { + "type": "string" + }, + "description": "\u003cp\u003eThe IAM action to grant or revoke permissions on.\u003c/p\u003e" + }, + "principal": { + "type": "string", + "description": "\u003cp\u003eThe Amazon Resource Name (ARN) of the principal. This can be one of the\n following:\u003c/p\u003e\n \u003cul\u003e\n \u003cli\u003e\n \u003cp\u003eThe ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003eThe ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\u003c/p\u003e\n \u003c/li\u003e\n \u003cli\u003e\n \u003cp\u003eThe ARN of an Amazon Web Services account root: This is an IAM ARN rather than a QuickSight\n ARN. Use this option only to share resources (templates) across Amazon Web Services accounts.\n (This is less common.) \u003c/p\u003e\n \u003c/li\u003e\n \u003c/ul\u003e" + } + } + }, + "aws-native:quicksight:FolderSharingModel": { + "type": "string" + }, + "aws-native:quicksight:FolderTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "\u003cp\u003eTag key.\u003c/p\u003e" + }, + "value": { + "type": "string", + "description": "\u003cp\u003eTag value.\u003c/p\u003e" + } + } + }, + "aws-native:quicksight:FolderType": { + "type": "string" + }, "aws-native:quicksight:RefreshScheduleMap": { "type": "object", "properties": { @@ -179108,6 +184262,20 @@ "aws-native:quicksight:TemplateCategoryFilterSelectAllOptions": { "type": "string" }, + "aws-native:quicksight:TemplateCategoryInnerFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:TemplateColumnIdentifier" + }, + "configuration": { + "$ref": "#/types/aws-native:quicksight:TemplateCategoryFilterConfiguration" + }, + "defaultFilterControlConfiguration": { + "$ref": "#/types/aws-native:quicksight:TemplateDefaultFilterControlConfiguration" + } + } + }, "aws-native:quicksight:TemplateChartAxisLabelOptions": { "type": "object", "properties": { @@ -179308,6 +184476,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:TemplateTooltipTarget", + "description": "Determines the target of the column tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:TemplateVisibility", "description": "The visibility of the tooltip item." @@ -179405,6 +184577,9 @@ "$ref": "#/types/aws-native:quicksight:TemplateChartAxisLabelOptions", "description": "The label options (label text, label visibility, and sort icon visibility) of a combo chart's secondary y-axis(line) field well." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:TemplateSingleAxisOptions" + }, "sortConfiguration": { "$ref": "#/types/aws-native:quicksight:TemplateComboChartSortConfiguration", "description": "The sort configuration of a `ComboChartVisual` ." @@ -179490,6 +184665,9 @@ } } }, + "aws-native:quicksight:TemplateCommitMode": { + "type": "string" + }, "aws-native:quicksight:TemplateComparisonConfiguration": { "type": "object", "properties": { @@ -180453,6 +185631,10 @@ "aws-native:quicksight:TemplateDefaultDateTimePickerControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -180512,6 +185694,10 @@ "aws-native:quicksight:TemplateDefaultFilterDropDownControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateDropDownControlDisplayOptions", "description": "The display options of a control." @@ -180603,6 +185789,10 @@ "aws-native:quicksight:TemplateDefaultRelativeDateTimeControlOptions": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `RelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -180677,7 +185867,8 @@ "description": "The configuration that selects all options." }, "sourceColumn": { - "$ref": "#/types/aws-native:quicksight:TemplateColumnIdentifier" + "$ref": "#/types/aws-native:quicksight:TemplateColumnIdentifier", + "description": "A column of a data set." }, "sourceField": { "type": "string", @@ -180958,6 +186149,10 @@ "type": "string", "description": "The label of the tooltip item." }, + "tooltipTarget": { + "$ref": "#/types/aws-native:quicksight:TemplateTooltipTarget", + "description": "Determines the target of the field tooltip item in a combo chart visual." + }, "visibility": { "$ref": "#/types/aws-native:quicksight:TemplateVisibility", "description": "The visibility of the tooltip item." @@ -181113,6 +186308,10 @@ "$ref": "#/types/aws-native:quicksight:TemplateCategoryFilter", "description": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* ." }, + "nestedFilter": { + "$ref": "#/types/aws-native:quicksight:TemplateNestedFilter", + "description": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter." + }, "numericEqualityFilter": { "$ref": "#/types/aws-native:quicksight:TemplateNumericEqualityFilter", "description": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value." @@ -181196,6 +186395,10 @@ "aws-native:quicksight:TemplateFilterDateTimePickerControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configurationof the Apply button on a `DateTimePickerControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateDateTimePickerControlDisplayOptions", "description": "The display options of a control." @@ -181225,6 +186428,10 @@ "$ref": "#/types/aws-native:quicksight:TemplateCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateDropDownControlDisplayOptions", "description": "The display options of the `FilterDropDownControl` ." @@ -181374,6 +186581,10 @@ "aws-native:quicksight:TemplateFilterRelativeDateTimeControl": { "type": "object", "properties": { + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `FilterRelativeDateTimeControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateRelativeDateTimeControlDisplayOptions", "description": "The display options of a control." @@ -182668,6 +187879,15 @@ "aws-native:quicksight:TemplateIcon": { "type": "string" }, + "aws-native:quicksight:TemplateInnerFilter": { + "type": "object", + "properties": { + "categoryInnerFilter": { + "$ref": "#/types/aws-native:quicksight:TemplateCategoryInnerFilter", + "description": "A `CategoryInnerFilter` filters text values for the `NestedFilter` ." + } + } + }, "aws-native:quicksight:TemplateInsightConfiguration": { "type": "object", "properties": { @@ -183219,6 +188439,9 @@ }, "description": "The series item configuration of a line chart." }, + "singleAxisOptions": { + "$ref": "#/types/aws-native:quicksight:TemplateSingleAxisOptions" + }, "smallMultiplesOptions": { "$ref": "#/types/aws-native:quicksight:TemplateSmallMultiplesOptions", "description": "The small multiples setup for the visual." @@ -183626,6 +188849,27 @@ "aws-native:quicksight:TemplateNegativeValueDisplayMode": { "type": "string" }, + "aws-native:quicksight:TemplateNestedFilter": { + "type": "object", + "properties": { + "column": { + "$ref": "#/types/aws-native:quicksight:TemplateColumnIdentifier", + "description": "The column that the filter is applied to." + }, + "filterId": { + "type": "string", + "description": "An identifier that uniquely identifies a filter within a dashboard, analysis, or template." + }, + "includeInnerSet": { + "type": "boolean", + "description": "A boolean condition to include or exclude the subset that is defined by the values of the nested inner filter." + }, + "innerFilter": { + "$ref": "#/types/aws-native:quicksight:TemplateInnerFilter", + "description": "The `InnerFilter` defines the subset of data to be used with the `NestedFilter` ." + } + } + }, "aws-native:quicksight:TemplateNullValueFormatConfiguration": { "type": "object", "properties": { @@ -184059,6 +189303,10 @@ "$ref": "#/types/aws-native:quicksight:TemplateCascadingControlConfiguration", "description": "The values that are displayed in a control can be configured to only show values that are valid based on what's selected in other controls." }, + "commitMode": { + "$ref": "#/types/aws-native:quicksight:TemplateCommitMode", + "description": "The visibility configuration of the Apply button on a `ParameterDropDownControl` ." + }, "displayOptions": { "$ref": "#/types/aws-native:quicksight:TemplateDropDownControlDisplayOptions", "description": "The display options of a control." @@ -184948,6 +190196,18 @@ } } }, + "aws-native:quicksight:TemplateQueryExecutionMode": { + "type": "string" + }, + "aws-native:quicksight:TemplateQueryExecutionOptions": { + "type": "object", + "properties": { + "queryExecutionMode": { + "$ref": "#/types/aws-native:quicksight:TemplateQueryExecutionMode", + "description": "A structure that describes the query execution mode." + } + } + }, "aws-native:quicksight:TemplateRadarChartAggregatedFieldWells": { "type": "object", "properties": { @@ -186087,6 +191347,18 @@ "aws-native:quicksight:TemplateSimpleTotalAggregationFunction": { "type": "string" }, + "aws-native:quicksight:TemplateSingleAxisOptions": { + "type": "object", + "properties": { + "yAxisOptions": { + "$ref": "#/types/aws-native:quicksight:TemplateYAxisOptions", + "description": "The Y axis options of a single axis configuration." + } + } + }, + "aws-native:quicksight:TemplateSingleYAxisOption": { + "type": "string" + }, "aws-native:quicksight:TemplateSliderControlDisplayOptions": { "type": "object", "properties": { @@ -187068,6 +192340,9 @@ } } }, + "aws-native:quicksight:TemplateTooltipTarget": { + "type": "string" + }, "aws-native:quicksight:TemplateTooltipTitleType": { "type": "string" }, @@ -187533,6 +192808,9 @@ }, "description": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* ." }, + "queryExecutionOptions": { + "$ref": "#/types/aws-native:quicksight:TemplateQueryExecutionOptions" + }, "sheets": { "type": "array", "items": { @@ -188101,6 +193379,15 @@ "aws-native:quicksight:TemplateWordCloudWordScaling": { "type": "string" }, + "aws-native:quicksight:TemplateYAxisOptions": { + "type": "object", + "properties": { + "yAxis": { + "$ref": "#/types/aws-native:quicksight:TemplateSingleYAxisOption", + "description": "The Y axis type to be used in the chart.\n\nIf you choose `PRIMARY_Y_AXIS` , the primary Y Axis is located on the leftmost vertical axis of the chart." + } + } + }, "aws-native:quicksight:ThemeBorderStyle": { "type": "object", "properties": { @@ -188122,7 +193409,8 @@ "description": "Display options related to sheets." }, "typography": { - "$ref": "#/types/aws-native:quicksight:ThemeTypography" + "$ref": "#/types/aws-native:quicksight:ThemeTypography", + "description": "Determines the typography options." }, "uiColorPalette": { "$ref": "#/types/aws-native:quicksight:ThemeUiColorPalette", @@ -189554,6 +194842,19 @@ "aws-native:rds:GlobalClusterEngine": { "type": "string" }, + "aws-native:rds:GlobalClusterTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + } + } + }, "aws-native:rds:IntegrationTag": { "type": "object", "properties": { @@ -189667,7 +194968,7 @@ }, "s3KeyPrefix": { "type": "string", - "description": "The prefix applied to the log file names.\n\nConstraints:\n\n- Cannot exceed 512 characters\n- Cannot contain spaces( ), double quotes (\"), single quotes ('), a backslash (\\), or control characters. The hexadecimal codes for invalid characters are:\n\n- x00 to x20\n- x22\n- x27\n- x5c\n- x7f or larger" + "description": "The prefix applied to the log file names.\n\nValid characters are any letter from any language, any whitespace character, any numeric character, and the following characters: underscore ( `_` ), period ( `.` ), colon ( `:` ), slash ( `/` ), equal ( `=` ), plus ( `+` ), backslash ( `\\` ), hyphen ( `-` ), at symbol ( `@` )." } }, "irreversibleNames": { @@ -189785,6 +195086,19 @@ } } }, + "aws-native:redshift:IntegrationTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -. " + } + } + }, "aws-native:redshift:ScheduledActionState": { "type": "string" }, @@ -191518,6 +196832,10 @@ "protocol": { "$ref": "#/types/aws-native:route53resolver:ResolverRuleTargetAddressProtocol", "description": "The protocol that you want to use to forward DNS queries. " + }, + "serverNameIndication": { + "type": "string", + "description": "The SNI of the target name servers for DoH/DoH-FIPS outbound endpoints" } } }, @@ -192110,9 +197428,15 @@ "$ref": "#/types/aws-native:s3:BucketRule" }, "description": "A lifecycle rule for individual objects in an Amazon S3 bucket." + }, + "transitionDefaultMinimumObjectSize": { + "$ref": "#/types/aws-native:s3:BucketLifecycleConfigurationTransitionDefaultMinimumObjectSize" } } }, + "aws-native:s3:BucketLifecycleConfigurationTransitionDefaultMinimumObjectSize": { + "type": "string" + }, "aws-native:s3:BucketLoggingConfiguration": { "type": "object", "properties": { @@ -192659,11 +197983,11 @@ "properties": { "kmsMasterKeyId": { "type": "string", - "description": "AWS Key Management Service (KMS) customer AWS KMS key ID to use for the default encryption. This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n If you are using encryption with cross-account or AWS service operations you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. \n + *General purpose buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms`` or ``aws:kms:dsse``.\n + *Directory buckets* - This parameter is allowed if and only if ``SSEAlgorithm`` is set to ``aws:kms``.\n \n You can specify the key ID, key alias, or the Amazon Resource Name (ARN) of the KMS key.\n + Key ID: ``1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key ARN: ``arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`` \n + Key Alias: ``alias/alias-name`` \n \n If you are using encryption with cross-account or AWS service operations, you must use a fully qualified KMS key ARN. For more information, see [Using encryption for cross-account operations](https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-encryption.html#bucket-encryption-update-bucket-policy).\n + *General purpose buckets* - If you're specifying a customer managed KMS key, we recommend using a fully qualified KMS key ARN. If you use a KMS key alias instead, then KMS resolves the key within the requester’s account. This behavior can result in data that's encrypted with a KMS key that belongs to the requester, and not the bucket owner. Also, if you use a key ID, you can run into a LogDestination undeliverable error when creating a VPC flow log. \n + *Directory buckets* - When you specify an [customer managed key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk) for encryption in your directory bucket, only use the key ID or key ARN. The key alias format of the KMS key isn't supported.\n \n Amazon S3 only supports symmetric encryption KMS keys. For more information, see [Asymmetric keys in KMS](https://docs.aws.amazon.com//kms/latest/developerguide/symmetric-asymmetric.html) in the *Key Management Service Developer Guide*." }, "sseAlgorithm": { "$ref": "#/types/aws-native:s3:BucketServerSideEncryptionByDefaultSseAlgorithm", - "description": "Server-side encryption algorithm to use for the default encryption." + "description": "Server-side encryption algorithm to use for the default encryption.\n For directory buckets, there are only two supported values for server-side encryption: ``AES256`` and ``aws:kms``." } }, "irreversibleNames": { @@ -192902,7 +198226,7 @@ }, "bucketLevel": { "$ref": "#/types/aws-native:s3:StorageLensBucketLevel", - "description": "This property contains the details of the account-level bucket-level configurations for Amazon S3 Storage Lens." + "description": "This property contains the details of the account-level bucket-level configurations for Amazon S3 Storage Lens. To enable bucket-level configurations, make sure to also set the same metrics at the account level." }, "detailedStatusCodesMetrics": { "$ref": "#/types/aws-native:s3:StorageLensDetailedStatusCodesMetrics", @@ -193331,9 +198655,54 @@ } } }, + "aws-native:s3express:DirectoryBucketBucketEncryption": { + "type": "object", + "properties": { + "serverSideEncryptionConfiguration": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:s3express:DirectoryBucketServerSideEncryptionRule" + }, + "description": "Specifies the default server-side-encryption configuration." + } + } + }, "aws-native:s3express:DirectoryBucketDataRedundancy": { "type": "string" }, + "aws-native:s3express:DirectoryBucketServerSideEncryptionByDefault": { + "type": "object", + "properties": { + "kmsMasterKeyId": { + "type": "string", + "description": "AWS Key Management Service (KMS) customer managed key ID to use for the default encryption. This parameter is allowed only if SSEAlgorithm is set to aws:kms. You can specify this parameter with the key ID or the Amazon Resource Name (ARN) of the KMS key" + }, + "sseAlgorithm": { + "$ref": "#/types/aws-native:s3express:DirectoryBucketServerSideEncryptionByDefaultSseAlgorithm", + "description": "Server-side encryption algorithm to use for the default encryption.\n\n\u003e For directory buckets, there are only two supported values for server-side encryption: `AES256` and `aws:kms` ." + } + }, + "irreversibleNames": { + "kmsMasterKeyId": "KMSMasterKeyID", + "sseAlgorithm": "SSEAlgorithm" + } + }, + "aws-native:s3express:DirectoryBucketServerSideEncryptionByDefaultSseAlgorithm": { + "type": "string" + }, + "aws-native:s3express:DirectoryBucketServerSideEncryptionRule": { + "type": "object", + "properties": { + "bucketKeyEnabled": { + "type": "boolean", + "description": "Specifies whether Amazon S3 should use an S3 Bucket Key with server-side encryption using KMS (SSE-KMS) for new objects in the bucket. Existing objects are not affected. Amazon S3 Express One Zone uses an S3 Bucket Key with SSE-KMS and S3 Bucket Key cannot be disabled. It's only allowed to set the BucketKeyEnabled element to true." + }, + "serverSideEncryptionByDefault": { + "$ref": "#/types/aws-native:s3express:DirectoryBucketServerSideEncryptionByDefault", + "description": "Specifies the default server-side encryption to apply to new objects in the bucket. If a PUT Object request doesn't specify any server-side encryption, this default encryption will be applied." + } + } + }, "aws-native:s3objectlambda:AccessPointAlias": { "type": "object", "properties": { @@ -193764,6 +199133,129 @@ "aws-native:sagemaker:AppType": { "type": "string" }, + "aws-native:sagemaker:ClusterDeepHealthCheckType": { + "type": "string" + }, + "aws-native:sagemaker:ClusterInstanceGroup": { + "type": "object", + "properties": { + "currentCount": { + "type": "integer", + "description": "The number of instances that are currently in the instance group of a SageMaker HyperPod cluster." + }, + "executionRole": { + "type": "string", + "replaceOnChanges": true + }, + "instanceCount": { + "type": "integer", + "description": "The number of instances you specified to add to the instance group of a SageMaker HyperPod cluster." + }, + "instanceGroupName": { + "type": "string", + "replaceOnChanges": true + }, + "instanceStorageConfigs": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:sagemaker:ClusterInstanceStorageConfig" + } + }, + "instanceType": { + "type": "string", + "replaceOnChanges": true + }, + "lifeCycleConfig": { + "$ref": "#/types/aws-native:sagemaker:ClusterLifeCycleConfig" + }, + "onStartDeepHealthChecks": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:sagemaker:ClusterDeepHealthCheckType" + } + }, + "threadsPerCore": { + "type": "integer", + "description": "The number you specified to TreadsPerCore in CreateCluster for enabling or disabling multithreading. For instance types that support multithreading, you can specify 1 for disabling multithreading and 2 for enabling multithreading.", + "replaceOnChanges": true + } + } + }, + "aws-native:sagemaker:ClusterInstanceStorageConfig": { + "type": "object" + }, + "aws-native:sagemaker:ClusterLifeCycleConfig": { + "type": "object", + "properties": { + "onCreate": { + "type": "string", + "description": "The file name of the entrypoint script of lifecycle scripts under SourceS3Uri. This entrypoint script runs during cluster creation." + }, + "sourceS3Uri": { + "type": "string", + "description": "An Amazon S3 bucket path where your lifecycle scripts are stored." + } + }, + "irreversibleNames": { + "sourceS3Uri": "SourceS3Uri" + } + }, + "aws-native:sagemaker:ClusterNodeRecovery": { + "type": "string" + }, + "aws-native:sagemaker:ClusterOrchestrator": { + "type": "object", + "properties": { + "eks": { + "$ref": "#/types/aws-native:sagemaker:ClusterOrchestratorEksConfig", + "description": "The configuration of the Amazon EKS orchestrator cluster for the SageMaker HyperPod cluster." + } + } + }, + "aws-native:sagemaker:ClusterOrchestratorEksConfig": { + "type": "object", + "properties": { + "clusterArn": { + "type": "string", + "description": "The ARN of the EKS cluster, such as arn:aws:eks:us-west-2:123456789012:cluster/my-eks-cluster" + } + } + }, + "aws-native:sagemaker:ClusterStatus": { + "type": "string" + }, + "aws-native:sagemaker:ClusterTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + }, + "value": { + "type": "string", + "description": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -." + } + } + }, + "aws-native:sagemaker:ClusterVpcConfig": { + "type": "object", + "properties": { + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The VPC security group IDs, in the form sg-xxxxxxxx. Specify the security groups for the VPC that is specified in the Subnets field." + }, + "subnets": { + "type": "array", + "items": { + "type": "string" + }, + "description": "The ID of the subnets in the VPC to which you want to connect your training job or model." + } + } + }, "aws-native:sagemaker:DataQualityJobDefinitionBatchTransformInput": { "type": "object", "properties": { @@ -194163,6 +199655,15 @@ } } }, + "aws-native:sagemaker:DomainAppLifecycleManagement": { + "type": "object", + "properties": { + "idleSettings": { + "$ref": "#/types/aws-native:sagemaker:DomainIdleSettings", + "description": "Settings related to idle shutdown of Studio applications." + } + } + }, "aws-native:sagemaker:DomainAppNetworkAccessType": { "type": "string" }, @@ -194178,6 +199679,10 @@ "aws-native:sagemaker:DomainCodeEditorAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:DomainAppLifecycleManagement", + "description": "Settings that are used to configure and manage the lifecycle of CodeEditor applications." + }, "customImages": { "type": "array", "items": { @@ -194346,9 +199851,34 @@ } } }, + "aws-native:sagemaker:DomainIdleSettings": { + "type": "object", + "properties": { + "idleTimeoutInMinutes": { + "type": "integer", + "description": "The time that SageMaker waits after the application becomes idle before shutting it down." + }, + "lifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:DomainLifecycleManagement", + "description": "Indicates whether idle shutdown is activated for the application type." + }, + "maxIdleTimeoutInMinutes": { + "type": "integer", + "description": "The maximum value in minutes that custom idle shutdown can be set to by the user." + }, + "minIdleTimeoutInMinutes": { + "type": "integer", + "description": "The minimum value in minutes that custom idle shutdown can be set to by the user." + } + } + }, "aws-native:sagemaker:DomainJupyterLabAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:DomainAppLifecycleManagement", + "description": "Indicates whether idle shutdown is activated for JupyterLab applications." + }, "codeRepositories": { "type": "array", "items": { @@ -194415,6 +199945,9 @@ } } }, + "aws-native:sagemaker:DomainLifecycleManagement": { + "type": "string" + }, "aws-native:sagemaker:DomainMlTools": { "type": "string" }, @@ -198142,12 +203675,25 @@ } } }, + "aws-native:sagemaker:SpaceAppLifecycleManagement": { + "type": "object", + "properties": { + "idleSettings": { + "$ref": "#/types/aws-native:sagemaker:SpaceIdleSettings", + "description": "Settings related to idle shutdown of Studio applications." + } + } + }, "aws-native:sagemaker:SpaceAppType": { "type": "string" }, "aws-native:sagemaker:SpaceCodeEditorAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:SpaceAppLifecycleManagement", + "description": "Settings that are used to configure and manage the lifecycle of CodeEditor applications in a space." + }, "defaultResourceSpec": { "$ref": "#/types/aws-native:sagemaker:SpaceResourceSpec", "description": "Specifies the ARNs of a SageMaker image and SageMaker image version, and the instance type that the version runs on." @@ -198208,9 +203754,22 @@ } } }, + "aws-native:sagemaker:SpaceIdleSettings": { + "type": "object", + "properties": { + "idleTimeoutInMinutes": { + "type": "integer", + "description": "The space idle timeout value set in minutes" + } + } + }, "aws-native:sagemaker:SpaceJupyterLabAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:SpaceAppLifecycleManagement", + "description": "Settings that are used to configure and manage the lifecycle of JupyterLab applications in a space." + }, "codeRepositories": { "type": "array", "items": { @@ -198382,12 +203941,25 @@ } } }, + "aws-native:sagemaker:UserProfileAppLifecycleManagement": { + "type": "object", + "properties": { + "idleSettings": { + "$ref": "#/types/aws-native:sagemaker:UserProfileIdleSettings", + "description": "Settings related to idle shutdown of Studio applications." + } + } + }, "aws-native:sagemaker:UserProfileAppType": { "type": "string" }, "aws-native:sagemaker:UserProfileCodeEditorAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:UserProfileAppLifecycleManagement", + "description": "Settings that are used to configure and manage the lifecycle of CodeEditor applications." + }, "customImages": { "type": "array", "items": { @@ -198494,9 +204066,34 @@ } } }, + "aws-native:sagemaker:UserProfileIdleSettings": { + "type": "object", + "properties": { + "idleTimeoutInMinutes": { + "type": "integer", + "description": "The time that SageMaker waits after the application becomes idle before shutting it down." + }, + "lifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:UserProfileLifecycleManagement", + "description": "Indicates whether idle shutdown is activated for the application type." + }, + "maxIdleTimeoutInMinutes": { + "type": "integer", + "description": "The maximum value in minutes that custom idle shutdown can be set to by the user." + }, + "minIdleTimeoutInMinutes": { + "type": "integer", + "description": "The minimum value in minutes that custom idle shutdown can be set to by the user." + } + } + }, "aws-native:sagemaker:UserProfileJupyterLabAppSettings": { "type": "object", "properties": { + "appLifecycleManagement": { + "$ref": "#/types/aws-native:sagemaker:UserProfileAppLifecycleManagement", + "description": "Indicates whether idle shutdown is activated for JupyterLab applications." + }, "codeRepositories": { "type": "array", "items": { @@ -198563,6 +204160,9 @@ } } }, + "aws-native:sagemaker:UserProfileLifecycleManagement": { + "type": "string" + }, "aws-native:sagemaker:UserProfileMlTools": { "type": "string" }, @@ -199144,11 +204744,11 @@ }, "end": { "type": "string", - "description": "A timestamp that provides the end date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )" + "description": "A timestamp that provides the end date for the date filter.\n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)" }, "start": { "type": "string", - "description": "A timestamp that provides the start date for the date filter.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )" + "description": "A timestamp that provides the start date for the date filter.\n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)" } } }, @@ -199173,15 +204773,15 @@ "properties": { "comparison": { "$ref": "#/types/aws-native:securityhub:AutomationRuleMapFilterComparison", - "description": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, for the `ResourceTags` field, the filter `Department CONTAINS Security` matches findings that include the value `Security` for the `Department` tag. In the same example, a finding with a value of `Security team` for the `Department` tag is a match.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, for the `ResourceTags` field, the filter `Department EQUALS Security` matches findings that have the value `Security` for the `Department` tag.\n\n`CONTAINS` and `EQUALS` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Department CONTAINS Security OR Department CONTAINS Finance` match a finding that includes either `Security` , `Finance` , or both values.\n\nTo search for values that don't have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, for the `ResourceTags` field, the filter `Department NOT_CONTAINS Finance` matches findings that exclude the value `Finance` for the `Department` tag.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, for the `ResourceTags` field, the filter `Department NOT_EQUALS Finance` matches findings that don’t have the value `Finance` for the `Department` tag.\n\n`NOT_CONTAINS` and `NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance` match a finding that excludes both the `Security` and `Finance` values.\n\n`CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can’t have both an `EQUALS` filter and a `NOT_EQUALS` filter on the same field. Combining filters in this way returns an error.\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* ." + "description": "The condition to apply to the key value when filtering Security Hub findings with a map filter.\n To search for values that have the filter value, use one of the following comparison operators:\n + To search for values that include the filter value, use ``CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department CONTAINS Security`` matches findings that include the value ``Security`` for the ``Department`` tag. In the same example, a finding with a value of ``Security team`` for the ``Department`` tag is a match.\n + To search for values that exactly match the filter value, use ``EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department EQUALS Security`` matches findings that have the value ``Security`` for the ``Department`` tag.\n \n ``CONTAINS`` and ``EQUALS`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Department CONTAINS Security OR Department CONTAINS Finance`` match a finding that includes either ``Security``, ``Finance``, or both values.\n To search for values that don't have the filter value, use one of the following comparison operators:\n + To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_CONTAINS Finance`` matches findings that exclude the value ``Finance`` for the ``Department`` tag.\n + To search for values other than the filter value, use ``NOT_EQUALS``. For example, for the ``ResourceTags`` field, the filter ``Department NOT_EQUALS Finance`` matches findings that don’t have the value ``Finance`` for the ``Department`` tag.\n \n ``NOT_CONTAINS`` and ``NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Department NOT_CONTAINS Security AND Department NOT_CONTAINS Finance`` match a finding that excludes both the ``Security`` and ``Finance`` values.\n ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters.\n You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can’t have both an ``EQUALS`` filter and a ``NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. \n ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*." }, "key": { "type": "string", - "description": "The key of the map filter. For example, for `ResourceTags` , `Key` identifies the name of the tag. For `UserDefinedFields` , `Key` is the name of the field." + "description": "The key of the map filter. For example, for ``ResourceTags``, ``Key`` identifies the name of the tag. For ``UserDefinedFields``, ``Key`` is the name of the field." }, "value": { "type": "string", - "description": "The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called `Department` might be `Security` . If you provide `security` as the filter value, then there's no match." + "description": "The value for the key in the map filter. Filter values are case sensitive. For example, one of the values for a tag called ``Department`` might be ``Security``. If you provide ``security`` as the filter value, then there's no match." } } }, @@ -199223,7 +204823,7 @@ "properties": { "id": { "type": "string", - "description": "The product-generated identifier for a related finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The product-generated identifier for a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "productArn": { "type": "string", @@ -199239,11 +204839,11 @@ "properties": { "label": { "$ref": "#/types/aws-native:securityhub:AutomationRuleSeverityUpdateLabel", - "description": "The severity value of the finding. The allowed values are the following.\n\n- `INFORMATIONAL` - No issue was found.\n- `LOW` - The issue does not require action on its own.\n- `MEDIUM` - The issue must be addressed but not urgently.\n- `HIGH` - The issue must be addressed as a priority.\n- `CRITICAL` - The issue must be remediated immediately to avoid it escalating." + "description": "The severity value of the finding. The allowed values are the following.\n + ``INFORMATIONAL`` - No issue was found.\n + ``LOW`` - The issue does not require action on its own.\n + ``MEDIUM`` - The issue must be addressed but not urgently.\n + ``HIGH`` - The issue must be addressed as a priority.\n + ``CRITICAL`` - The issue must be remediated immediately to avoid it escalating." }, "normalized": { "type": "integer", - "description": "The normalized severity for the finding. This attribute is to be deprecated in favor of `Label` .\n\nIf you provide `Normalized` and do not provide `Label` , `Label` is set automatically as follows.\n\n- 0 - `INFORMATIONAL`\n- 1–39 - `LOW`\n- 40–69 - `MEDIUM`\n- 70–89 - `HIGH`\n- 90–100 - `CRITICAL`" + "description": "The normalized severity for the finding. This attribute is to be deprecated in favor of ``Label``.\n If you provide ``Normalized`` and don't provide ``Label``, ``Label`` is set automatically as follows.\n + 0 - ``INFORMATIONAL`` \n + 1–39 - ``LOW`` \n + 40–69 - ``MEDIUM`` \n + 70–89 - ``HIGH`` \n + 90–100 - ``CRITICAL``" }, "product": { "type": "number", @@ -199259,11 +204859,11 @@ "properties": { "comparison": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilterComparison", - "description": "The condition to apply to a string value when filtering Security Hub findings.\n\nTo search for values that have the filter value, use one of the following comparison operators:\n\n- To search for values that include the filter value, use `CONTAINS` . For example, the filter `Title CONTAINS CloudFront` matches findings that have a `Title` that includes the string CloudFront.\n- To search for values that exactly match the filter value, use `EQUALS` . For example, the filter `AwsAccountId EQUALS 123456789012` only matches findings that have an account ID of `123456789012` .\n- To search for values that start with the filter value, use `PREFIX` . For example, the filter `ResourceRegion PREFIX us` matches findings that have a `ResourceRegion` that starts with `us` . A `ResourceRegion` that starts with a different value, such as `af` , `ap` , or `ca` , doesn't match.\n\n`CONTAINS` , `EQUALS` , and `PREFIX` filters on the same field are joined by `OR` . A finding matches if it matches any one of those filters. For example, the filters `Title CONTAINS CloudFront OR Title CONTAINS CloudWatch` match a finding that includes either `CloudFront` , `CloudWatch` , or both strings in the title.\n\nTo search for values that don’t have the filter value, use one of the following comparison operators:\n\n- To search for values that exclude the filter value, use `NOT_CONTAINS` . For example, the filter `Title NOT_CONTAINS CloudFront` matches findings that have a `Title` that excludes the string CloudFront.\n- To search for values other than the filter value, use `NOT_EQUALS` . For example, the filter `AwsAccountId NOT_EQUALS 123456789012` only matches findings that have an account ID other than `123456789012` .\n- To search for values that don't start with the filter value, use `PREFIX_NOT_EQUALS` . For example, the filter `ResourceRegion PREFIX_NOT_EQUALS us` matches findings with a `ResourceRegion` that starts with a value other than `us` .\n\n`NOT_CONTAINS` , `NOT_EQUALS` , and `PREFIX_NOT_EQUALS` filters on the same field are joined by `AND` . A finding matches only if it matches all of those filters. For example, the filters `Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch` match a finding that excludes both `CloudFront` and `CloudWatch` in the title.\n\nYou can’t have both a `CONTAINS` filter and a `NOT_CONTAINS` filter on the same field. Similarly, you can't provide both an `EQUALS` filter and a `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filter on the same field. Combining filters in this way returns an error. `CONTAINS` filters can only be used with other `CONTAINS` filters. `NOT_CONTAINS` filters can only be used with other `NOT_CONTAINS` filters.\n\nYou can combine `PREFIX` filters with `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters for the same field. Security Hub first processes the `PREFIX` filters, and then the `NOT_EQUALS` or `PREFIX_NOT_EQUALS` filters.\n\nFor example, for the following filters, Security Hub first identifies findings that have resource types that start with either `AwsIam` or `AwsEc2` . It then excludes findings that have a resource type of `AwsIamPolicy` and findings that have a resource type of `AwsEc2NetworkInterface` .\n\n- `ResourceType PREFIX AwsIam`\n- `ResourceType PREFIX AwsEc2`\n- `ResourceType NOT_EQUALS AwsIamPolicy`\n- `ResourceType NOT_EQUALS AwsEc2NetworkInterface`\n\n`CONTAINS` and `NOT_CONTAINS` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *AWS Security Hub User Guide* ." + "description": "The condition to apply to a string value when filtering Security Hub findings.\n To search for values that have the filter value, use one of the following comparison operators:\n + To search for values that include the filter value, use ``CONTAINS``. For example, the filter ``Title CONTAINS CloudFront`` matches findings that have a ``Title`` that includes the string CloudFront.\n + To search for values that exactly match the filter value, use ``EQUALS``. For example, the filter ``AwsAccountId EQUALS 123456789012`` only matches findings that have an account ID of ``123456789012``.\n + To search for values that start with the filter value, use ``PREFIX``. For example, the filter ``ResourceRegion PREFIX us`` matches findings that have a ``ResourceRegion`` that starts with ``us``. A ``ResourceRegion`` that starts with a different value, such as ``af``, ``ap``, or ``ca``, doesn't match.\n \n ``CONTAINS``, ``EQUALS``, and ``PREFIX`` filters on the same field are joined by ``OR``. A finding matches if it matches any one of those filters. For example, the filters ``Title CONTAINS CloudFront OR Title CONTAINS CloudWatch`` match a finding that includes either ``CloudFront``, ``CloudWatch``, or both strings in the title.\n To search for values that don’t have the filter value, use one of the following comparison operators:\n + To search for values that exclude the filter value, use ``NOT_CONTAINS``. For example, the filter ``Title NOT_CONTAINS CloudFront`` matches findings that have a ``Title`` that excludes the string CloudFront.\n + To search for values other than the filter value, use ``NOT_EQUALS``. For example, the filter ``AwsAccountId NOT_EQUALS 123456789012`` only matches findings that have an account ID other than ``123456789012``.\n + To search for values that don't start with the filter value, use ``PREFIX_NOT_EQUALS``. For example, the filter ``ResourceRegion PREFIX_NOT_EQUALS us`` matches findings with a ``ResourceRegion`` that starts with a value other than ``us``.\n \n ``NOT_CONTAINS``, ``NOT_EQUALS``, and ``PREFIX_NOT_EQUALS`` filters on the same field are joined by ``AND``. A finding matches only if it matches all of those filters. For example, the filters ``Title NOT_CONTAINS CloudFront AND Title NOT_CONTAINS CloudWatch`` match a finding that excludes both ``CloudFront`` and ``CloudWatch`` in the title.\n You can’t have both a ``CONTAINS`` filter and a ``NOT_CONTAINS`` filter on the same field. Similarly, you can't provide both an ``EQUALS`` filter and a ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filter on the same field. Combining filters in this way returns an error. ``CONTAINS`` filters can only be used with other ``CONTAINS`` filters. ``NOT_CONTAINS`` filters can only be used with other ``NOT_CONTAINS`` filters. \n You can combine ``PREFIX`` filters with ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters for the same field. Security Hub first processes the ``PREFIX`` filters, and then the ``NOT_EQUALS`` or ``PREFIX_NOT_EQUALS`` filters.\n For example, for the following filters, Security Hub first identifies findings that have resource types that start with either ``AwsIam`` or ``AwsEc2``. It then excludes findings that have a resource type of ``AwsIamPolicy`` and findings that have a resource type of ``AwsEc2NetworkInterface``.\n + ``ResourceType PREFIX AwsIam`` \n + ``ResourceType PREFIX AwsEc2`` \n + ``ResourceType NOT_EQUALS AwsIamPolicy`` \n + ``ResourceType NOT_EQUALS AwsEc2NetworkInterface`` \n \n ``CONTAINS`` and ``NOT_CONTAINS`` operators can be used only with automation rules. For more information, see [Automation rules](https://docs.aws.amazon.com/securityhub/latest/userguide/automation-rules.html) in the *User Guide*." }, "value": { "type": "string", - "description": "The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is `Security Hub` . If you provide `security hub` as the filter value, there's no match." + "description": "The string filter value. Filter values are case sensitive. For example, the product name for control-based findings is ``Security Hub``. If you provide ``security hub`` as the filter value, there's no match." } } }, @@ -199275,7 +204875,7 @@ "properties": { "status": { "$ref": "#/types/aws-native:securityhub:AutomationRuleWorkflowUpdateStatus", - "description": "The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to `SUPPRESSED` or `RESOLVED` does not prevent a new finding for the same issue.\n\nThe allowed values are the following.\n\n- `NEW` - The initial state of a finding, before it is reviewed.\n\nSecurity Hub also resets `WorkFlowStatus` from `NOTIFIED` or `RESOLVED` to `NEW` in the following cases:\n\n- The record state changes from `ARCHIVED` to `ACTIVE` .\n- The compliance status changes from `PASSED` to either `WARNING` , `FAILED` , or `NOT_AVAILABLE` .\n- `NOTIFIED` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.\n- `RESOLVED` - The finding was reviewed and remediated and is now considered resolved.\n- `SUPPRESSED` - Indicates that you reviewed the finding and do not believe that any action is needed. The finding is no longer updated." + "description": "The status of the investigation into the finding. The workflow status is specific to an individual finding. It does not affect the generation of new findings. For example, setting the workflow status to ``SUPPRESSED`` or ``RESOLVED`` does not prevent a new finding for the same issue.\n The allowed values are the following.\n + ``NEW`` - The initial state of a finding, before it is reviewed.\n Security Hub also resets ``WorkFlowStatus`` from ``NOTIFIED`` or ``RESOLVED`` to ``NEW`` in the following cases:\n + The record state changes from ``ARCHIVED`` to ``ACTIVE``.\n + The compliance status changes from ``PASSED`` to either ``WARNING``, ``FAILED``, or ``NOT_AVAILABLE``.\n \n + ``NOTIFIED`` - Indicates that you notified the resource owner about the security issue. Used when the initial reviewer is not the resource owner, and needs intervention from the resource owner.\n + ``RESOLVED`` - The finding was reviewed and remediated and is now considered resolved.\n + ``SUPPRESSED`` - Indicates that you reviewed the finding and don't believe that any action is needed. The finding is no longer updated." } } }, @@ -199291,7 +204891,7 @@ }, "type": { "$ref": "#/types/aws-native:securityhub:AutomationRulesActionType", - "description": "Specifies that the rule action should update the `Types` finding field. The `Types` finding field classifies findings in the format of namespace/category/classifier. For more information, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *AWS Security Hub User Guide* ." + "description": "Specifies the type of action that Security Hub takes when a finding matches the defined criteria of a rule." } } }, @@ -199303,11 +204903,11 @@ "properties": { "confidence": { "type": "integer", - "description": "The rule action updates the `Confidence` field of a finding." + "description": "The rule action updates the ``Confidence`` field of a finding." }, "criticality": { "type": "integer", - "description": "The rule action updates the `Criticality` field of a finding." + "description": "The rule action updates the ``Criticality`` field of a finding." }, "note": { "$ref": "#/types/aws-native:securityhub:AutomationRuleNoteUpdate", @@ -199329,18 +204929,18 @@ "items": { "type": "string" }, - "description": "The rule action updates the `Types` field of a finding." + "description": "The rule action updates the ``Types`` field of a finding." }, "userDefinedFields": { "type": "object", "additionalProperties": { "type": "string" }, - "description": "The rule action updates the `UserDefinedFields` field of a finding." + "description": "The rule action updates the ``UserDefinedFields`` field of a finding." }, "verificationState": { "$ref": "#/types/aws-native:securityhub:AutomationRulesFindingFieldsUpdateVerificationState", - "description": "The rule action updates the `VerificationState` field of a finding." + "description": "The rule action updates the ``VerificationState`` field of a finding." }, "workflow": { "$ref": "#/types/aws-native:securityhub:AutomationRuleWorkflowUpdate", @@ -199359,245 +204959,245 @@ "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The AWS account ID in which a finding was generated.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items." + "description": "The AWS-account ID in which a finding was generated.\n Array Members: Minimum number of 1 item. Maximum number of 100 items." }, "companyName": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The name of the company for the product that generated the finding. For control-based findings, the company is AWS .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The name of the company for the product that generated the finding. For control-based findings, the company is AWS. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "complianceAssociatedStandardsId": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API response.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The unique identifier of a standard in which a control is enabled. This field consists of the resource portion of the Amazon Resource Name (ARN) returned for a standard in the [DescribeStandards](https://docs.aws.amazon.com/securityhub/1.0/APIReference/API_DescribeStandards.html) API response.\n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "complianceSecurityControlId": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The security control ID for which a finding was generated. Security control IDs are the same across standards.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The security control ID for which a finding was generated. Security control IDs are the same across standards.\n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "complianceStatus": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The result of a security check. This field is only used for findings generated from controls.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The result of a security check. This field is only used for findings generated from controls. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "confidence": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleNumberFilter" }, - "description": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. `Confidence` is scored on a 0–100 basis using a ratio scale. A value of `0` means 0 percent confidence, and a value of `100` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The likelihood that a finding accurately identifies the behavior or issue that it was intended to identify. ``Confidence`` is scored on a 0–100 basis using a ratio scale. A value of ``0`` means 0 percent confidence, and a value of ``100`` means 100 percent confidence. For example, a data exfiltration detection based on a statistical deviation of network traffic has low confidence because an actual exfiltration hasn't been verified. For more information, see [Confidence](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-confidence) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "createdAt": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleDateFilter" }, - "description": "A timestamp that indicates when this finding record was created.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A timestamp that indicates when this finding record was created. \n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)\n \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "criticality": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleNumberFilter" }, - "description": "The level of importance that is assigned to the resources that are associated with a finding. `Criticality` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of `0` means that the underlying resources have no criticality, and a score of `100` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The level of importance that is assigned to the resources that are associated with a finding. ``Criticality`` is scored on a 0–100 basis, using a ratio scale that supports only full integers. A score of ``0`` means that the underlying resources have no criticality, and a score of ``100`` is reserved for the most critical resources. For more information, see [Criticality](https://docs.aws.amazon.com/securityhub/latest/userguide/asff-top-level-attributes.html#asff-criticality) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "description": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "A finding's description.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A finding's description. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "firstObservedAt": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleDateFilter" }, - "description": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A timestamp that indicates when the potential security issue captured by a finding was first observed by the security findings product. \n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)\n \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "generatorId": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The identifier for the solution-specific component that generated a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items." + "description": "The identifier for the solution-specific component that generated a finding. \n Array Members: Minimum number of 1 item. Maximum number of 100 items." }, "id": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The product-specific identifier for a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The product-specific identifier for a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "lastObservedAt": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleDateFilter" }, - "description": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A timestamp that indicates when the potential security issue captured by a finding was most recently observed by the security findings product. \n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)\n \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "noteText": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The text of a user-defined note that's added to a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The text of a user-defined note that's added to a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "noteUpdatedAt": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleDateFilter" }, - "description": "The timestamp of when the note was updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The timestamp of when the note was updated.\n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)\n \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "noteUpdatedBy": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The principal that created a note.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The principal that created a note. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "productArn": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The Amazon Resource Name (ARN) for a third-party product that generated a finding in Security Hub. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "productName": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Provides the name of the product that generated the finding. For control-based findings, the product name is Security Hub. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "recordState": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "Provides the current state of a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Provides the current state of a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "relatedFindingsId": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The product-generated identifier for a related finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The product-generated identifier for a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "relatedFindingsProductArn": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The ARN for the product that generated a related finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The ARN for the product that generated a related finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "resourceDetailsOther": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleMapFilter" }, - "description": "Custom fields and values about the resource that a finding pertains to.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Custom fields and values about the resource that a finding pertains to. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "resourceId": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non- AWS resources, this is a unique identifier that is associated with the resource.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items." + "description": "The identifier for the given resource type. For AWS resources that are identified by Amazon Resource Names (ARNs), this is the ARN. For AWS resources that lack ARNs, this is the identifier as defined by the AWS-service that created the resource. For non-AWS resources, this is a unique identifier that is associated with the resource. \n Array Members: Minimum number of 1 item. Maximum number of 100 items." }, "resourcePartition": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The partition in which the resource that the finding pertains to is located. A partition is a group of AWS Regions . Each AWS account is scoped to one partition.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The partition in which the resource that the finding pertains to is located. A partition is a group of AWS-Regions. Each AWS-account is scoped to one partition. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "resourceRegion": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The AWS Region where the resource that a finding pertains to is located.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The AWS-Region where the resource that a finding pertains to is located. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "resourceTags": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleMapFilter" }, - "description": "A list of AWS tags associated with a resource at the time the finding was processed.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A list of AWS tags associated with a resource at the time the finding was processed. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "resourceType": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "A finding's title.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items." + "description": "A finding's title. \n Array Members: Minimum number of 1 item. Maximum number of 100 items." }, "severityLabel": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "The severity value of the finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "The severity value of the finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "sourceUrl": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "Provides a URL that links to a page about the current finding in the finding product.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Provides a URL that links to a page about the current finding in the finding product. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "title": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "A finding's title.\n\nArray Members: Minimum number of 1 item. Maximum number of 100 items." + "description": "A finding's title. \n Array Members: Minimum number of 1 item. Maximum number of 100 items." }, "type": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *AWS Security Hub User Guide* .\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "One or more finding types in the format of namespace/category/classifier that classify a finding. For a list of namespaces, classifiers, and categories, see [Types taxonomy for ASFF](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format-type-taxonomy.html) in the *User Guide*.\n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "updatedAt": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleDateFilter" }, - "description": "A timestamp that indicates when the finding record was most recently updated.\n\nThis field accepts only the specified formats. Timestamps can end with `Z` or `(\"+\" / \"-\") time-hour [\":\" time-minute]` . The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n\n- `YYYY-MM-DDTHH:MM:SSZ` (for example, `2019-01-31T23:00:00Z` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ` (for example, `2019-01-31T23:00:00.123456789Z` )\n- `YYYY-MM-DDTHH:MM:SS+HH:MM` (for example, `2024-01-04T15:25:10+17:59` )\n- `YYYY-MM-DDTHH:MM:SS-HHMM` (for example, `2024-01-04T15:25:10-1759` )\n- `YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM` (for example, `2024-01-04T15:25:10.123456789+17:59` )\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A timestamp that indicates when the finding record was most recently updated. \n This field accepts only the specified formats. Timestamps can end with ``Z`` or ``(\"+\" / \"-\") time-hour [\":\" time-minute]``. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:\n + ``YYYY-MM-DDTHH:MM:SSZ`` (for example, ``2019-01-31T23:00:00Z``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ`` (for example, ``2019-01-31T23:00:00.123456789Z``)\n + ``YYYY-MM-DDTHH:MM:SS+HH:MM`` (for example, ``2024-01-04T15:25:10+17:59``)\n + ``YYYY-MM-DDTHH:MM:SS-HHMM`` (for example, ``2024-01-04T15:25:10-1759``)\n + ``YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM`` (for example, ``2024-01-04T15:25:10.123456789+17:59``)\n \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "userDefinedFields": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleMapFilter" }, - "description": "A list of user-defined name and value string pairs added to a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "A list of user-defined name and value string pairs added to a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "verificationState": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "Provides the veracity of a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Provides the veracity of a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." }, "workflowStatus": { "type": "array", "items": { "$ref": "#/types/aws-native:securityhub:AutomationRuleStringFilter" }, - "description": "Provides information about the status of the investigation into a finding.\n\nArray Members: Minimum number of 1 item. Maximum number of 20 items." + "description": "Provides information about the status of the investigation into a finding. \n Array Members: Minimum number of 1 item. Maximum number of 20 items." } } }, @@ -199667,7 +205267,7 @@ "properties": { "securityHub": { "$ref": "#/types/aws-native:securityhub:ConfigurationPolicySecurityHubPolicy", - "description": "The AWS-service that the configuration policy applies to." + "description": "The AWS service that the configuration policy applies to." } } }, @@ -201799,7 +207399,14 @@ "type": "object", "properties": { "evaluate": { - "$ref": "#/types/aws-native:ses:MailManagerRuleSetRuleStringToEvaluateProperties" + "oneOf": [ + { + "$ref": "#/types/aws-native:ses:MailManagerRuleSetRuleStringToEvaluate0Properties" + }, + { + "$ref": "#/types/aws-native:ses:MailManagerRuleSetRuleStringToEvaluate1Properties" + } + ] }, "operator": { "$ref": "#/types/aws-native:ses:MailManagerRuleSetRuleStringOperator" @@ -201823,11 +207430,11 @@ } } }, - "aws-native:ses:MailManagerRuleSetRuleStringToEvaluateProperties": { + "aws-native:ses:MailManagerRuleSetRuleStringToEvaluate1Properties": { "type": "object", "properties": { - "attribute": { - "$ref": "#/types/aws-native:ses:MailManagerRuleSetRuleStringEmailAttribute" + "mimeHeaderAttribute": { + "type": "string" } } }, @@ -202594,11 +208201,11 @@ "properties": { "approveAfterDays": { "type": "integer", - "description": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\n\u003e This parameter is marked as not required, but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` . \n\nNot supported for Debian Server or Ubuntu Server." + "description": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n\u003e Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* ." }, "approveUntilDate": { "type": "string", - "description": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2024-12-31` .\n\n\u003e This parameter is marked as not required, but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` . \n\nNot supported for Debian Server or Ubuntu Server." + "description": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2024-12-31` .\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n\u003e Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* ." }, "complianceLevel": { "$ref": "#/types/aws-native:ssm:PatchBaselineRuleComplianceLevel", @@ -203173,26 +208780,32 @@ "type": "object", "properties": { "id": { - "type": "string" + "type": "string", + "description": "The ID of the configuration definition." }, "localDeploymentAdministrationRoleArn": { - "type": "string" + "type": "string", + "description": "The ARN of the IAM role used to administrate local configuration deployments." }, "localDeploymentExecutionRoleName": { - "type": "string" + "type": "string", + "description": "The name of the IAM role used to deploy local configurations." }, "parameters": { "type": "object", "additionalProperties": { "type": "string" - } + }, + "description": "The parameters for the configuration definition type. Parameters for configuration definitions vary based the configuration type. The following tables outline the parameters for each configuration type.\n\n- **OpsCenter (Type: AWS QuickSetupType-SSMOpsCenter)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Scheduler (Type: AWS QuickSetupType-Scheduler)** - - `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target.\n- `ICalendarString`\n\n- Description: (Required) An iCalendar formatted string containing the schedule you want Change Manager to use.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Default Host Management Configuration (Type: AWS QuickSetupType-DHMC)** - - `UpdateSSMAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Explorer (Type: AWS QuickSetupType-ResourceExplorer)** - - `SelectedAggregatorRegion`\n\n- Description: (Required) The AWS Region where you want to create the aggregator index.\n- `ReplaceExistingAggregator`\n\n- Description: (Required) A boolean value that determines whether to demote an existing aggregator if it is in a Region that differs from the value you specify for the `SelectedAggregatorRegion` .\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Change Manager (Type: AWS QuickSetupType-SSMChangeMgr)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `JobFunction`\n\n- Description: (Required) The name for the Change Manager job function.\n- `PermissionType`\n\n- Description: (Optional) Specifies whether you want to use default administrator permissions for the job function role, or provide a custom IAM policy. The valid values are `CustomPermissions` and `AdminPermissions` . The default value for the parameter is `CustomerPermissions` .\n- `CustomPermissions`\n\n- Description: (Optional) A JSON string containing the IAM policy you want your job function to use. You must provide a value for this parameter if you specify `CustomPermissions` for the `PermissionType` parameter.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **DevOps Guru (Type: AWS QuickSetupType-DevOpsGuru)** - - `AnalyseAllResources`\n\n- Description: (Optional) A boolean value that determines whether DevOps Guru analyzes all AWS CloudFormation stacks in the account. The default value is \" `false` \".\n- `EnableSnsNotifications`\n\n- Description: (Optional) A boolean value that determines whether DevOps Guru sends notifications when an insight is created. The default value is \" `true` \".\n- `EnableSsmOpsItems`\n\n- Description: (Optional) A boolean value that determines whether DevOps Guru creates an OpsCenter OpsItem when an insight is created. The default value is \" `true` \".\n- `EnableDriftRemediation`\n\n- Description: (Optional) A boolean value that determines whether a drift remediation schedule is used. The default value is \" `false` \".\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Conformance Packs (Type: AWS QuickSetupType-CFGCPacks)** - - `DelegatedAccountId`\n\n- Description: (Optional) The ID of the delegated administrator account. This parameter is required for Organization deployments.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `none` \".\n- `CPackNames`\n\n- Description: (Required) A comma separated list of AWS Config conformance packs.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **AWS Config Recording (Type: AWS QuickSetupType-CFGRecording)** - - `RecordAllResources`\n\n- Description: (Optional) A boolean value that determines whether all supported resources are recorded. The default value is \" `true` \".\n- `ResourceTypesToRecord`\n\n- Description: (Optional) A comma separated list of resource types you want to record.\n- `RecordGlobalResourceTypes`\n\n- Description: (Optional) A boolean value that determines whether global resources are recorded with all resource configurations. The default value is \" `false` \".\n- `GlobalResourceTypesRegion`\n\n- Description: (Optional) Determines the AWS Region where global resources are recorded.\n- `UseCustomBucket`\n\n- Description: (Optional) A boolean value that determines whether a custom Amazon S3 bucket is used for delivery. The default value is \" `false` \".\n- `DeliveryBucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want AWS Config to deliver configuration snapshots and configuration history files to.\n- `DeliveryBucketPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `NotificationOptions`\n\n- Description: (Optional) Determines the notification configuration for the recorder. The valid values are `NoStreaming` , `UseExistingTopic` , and `CreateTopic` . The default value is `NoStreaming` .\n- `CustomDeliveryTopicAccountId`\n\n- Description: (Optional) The ID of the AWS account where the Amazon SNS topic you want to use for notifications resides. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `CustomDeliveryTopicName`\n\n- Description: (Optional) The name of the Amazon SNS topic you want to use for notifications. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(7 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Host Management (Type: AWS QuickSetupType-SSMHostMgmt)** - - `UpdateSSMAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `UpdateEc2LaunchAgent`\n\n- Description: (Optional) A boolean value that determines whether the EC2 Launch agent is updated on the target instances every month. The default value is \" `false` \".\n- `CollectInventory`\n\n- Description: (Optional) A boolean value that determines whether the EC2 Launch agent is updated on the target instances every month. The default value is \" `true` \".\n- `ScanInstances`\n\n- Description: (Optional) A boolean value that determines whether the target instances are scanned daily for available patches. The default value is \" `true` \".\n- `InstallCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is installed on the target instances. The default value is \" `false` \".\n- `UpdateCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is updated on the target instances every month. The default value is \" `false` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Optional) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Optional) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Optional) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Distributor (Type: AWS QuickSetupType-Distributor)** - - `PackagesToInstall`\n\n- Description: (Required) A comma separated list of packages you want to install on the target instances. The valid values are `AWSEFSTools` , `AWSCWAgent` , and `AWSEC2LaunchAgent` .\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `rate(30 days)` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Patch Policy (Type: AWS QuickSetupType-PatchPolicy)** - - `PatchPolicyName`\n\n- Description: (Required) A name for the patch policy. The value you provide is applied to target Amazon EC2 instances as a tag.\n- `SelectedPatchBaselines`\n\n- Description: (Required) An array of JSON objects containing the information for the patch baselines to include in your patch policy.\n- `PatchBaselineUseDefault`\n\n- Description: (Optional) A boolean value that determines whether the selected patch baselines are all AWS provided.\n- `ConfigurationOptionsPatchOperation`\n\n- Description: (Optional) Determines whether target instances scan for available patches, or scan and install available patches. The valid values are `Scan` and `ScanAndInstall` . The default value for the parameter is `Scan` .\n- `ConfigurationOptionsScanValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances scan for available patches.\n- `ConfigurationOptionsInstallValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances install available patches.\n- `ConfigurationOptionsScanNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `ConfigurationOptionsInstallNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `RebootOption`\n\n- Description: (Optional) Determines whether instances are rebooted after patches are installed. Valid values are `RebootIfNeeded` and `NoReboot` .\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `OutputLogEnableS3`\n\n- Description: (Optional) A boolean value that determines whether command output logs are sent to Amazon S3.\n- `OutputS3Location`\n\n- Description: (Optional) A JSON string containing information about the Amazon S3 bucket where you want to store the output details of the request.\n\n- `OutputS3BucketRegion`\n\n- Description: (Optional) The AWS Region where the Amazon S3 bucket you want AWS Config to deliver command output to is located.\n- `OutputS3BucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want AWS Config to deliver command output to.\n- `OutputS3KeyPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to." }, "type": { "type": "string", + "description": "The type of the Quick Setup configuration.", "replaceOnChanges": true }, "typeVersion": { "type": "string", + "description": "The version of the Quick Setup type used.", "replaceOnChanges": true } } @@ -203204,22 +208817,27 @@ "type": "object", "properties": { "lastUpdatedAt": { - "type": "string" + "type": "string", + "description": "The datetime stamp when the status was last updated." }, "status": { - "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerStatus" + "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerStatus", + "description": "The current status." }, "statusDetails": { "type": "object", "additionalProperties": { "type": "string" - } + }, + "description": "Details about the status." }, "statusMessage": { - "type": "string" + "type": "string", + "description": "When applicable, returns an informational message relevant to the current status and status type of the status summary object. We don't recommend implementing parsing logic around this value since the messages returned can vary in format." }, "statusType": { - "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerStatusType" + "$ref": "#/types/aws-native:ssmquicksetup:ConfigurationManagerStatusType", + "description": "The type of a status summary." } } }, @@ -203619,6 +209237,9 @@ "s3ObjectVersion": "S3ObjectVersion" } }, + "aws-native:synthetics:CanaryResourceToTag": { + "type": "string" + }, "aws-native:synthetics:CanaryRunConfig": { "type": "object", "properties": { @@ -204254,6 +209875,170 @@ "aws-native:transfer:ProfileType": { "type": "string" }, + "aws-native:transfer:ServerAs2Transport": { + "type": "string" + }, + "aws-native:transfer:ServerDirectoryListingOptimization": { + "type": "string" + }, + "aws-native:transfer:ServerDomain": { + "type": "string" + }, + "aws-native:transfer:ServerEndpointDetails": { + "type": "object", + "properties": { + "addressAllocationIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of address allocation IDs that are required to attach an Elastic IP address to your server's endpoint.\n\nAn address allocation ID corresponds to the allocation ID of an Elastic IP address. This value can be retrieved from the `allocationId` field from the Amazon EC2 [Address](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_Address.html) data type. One way to retrieve this value is by calling the EC2 [DescribeAddresses](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeAddresses.html) API.\n\nThis parameter is optional. Set this parameter if you want to make your VPC endpoint public-facing. For details, see [Create an internet-facing endpoint for your server](https://docs.aws.amazon.com/transfer/latest/userguide/create-server-in-vpc.html#create-internet-facing-endpoint) .\n\n\u003e This property can only be set as follows:\n\u003e \n\u003e - `EndpointType` must be set to `VPC`\n\u003e - The Transfer Family server must be offline.\n\u003e - You cannot set this parameter for Transfer Family servers that use the FTP protocol.\n\u003e - The server must already have `SubnetIds` populated ( `SubnetIds` and `AddressAllocationIds` cannot be updated simultaneously).\n\u003e - `AddressAllocationIds` can't contain duplicates, and must be equal in length to `SubnetIds` . For example, if you have three subnet IDs, you must also specify three address allocation IDs.\n\u003e - Call the `UpdateServer` API to set or change this parameter." + }, + "securityGroupIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of security groups IDs that are available to attach to your server's endpoint.\n\n\u003e This property can only be set when `EndpointType` is set to `VPC` .\n\u003e \n\u003e You can edit the `SecurityGroupIds` property in the [UpdateServer](https://docs.aws.amazon.com/transfer/latest/userguide/API_UpdateServer.html) API only if you are changing the `EndpointType` from `PUBLIC` or `VPC_ENDPOINT` to `VPC` . To change security groups associated with your server's VPC endpoint after creation, use the Amazon EC2 [ModifyVpcEndpoint](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyVpcEndpoint.html) API." + }, + "subnetIds": { + "type": "array", + "items": { + "type": "string" + }, + "description": "A list of subnet IDs that are required to host your server endpoint in your VPC.\n\n\u003e This property can only be set when `EndpointType` is set to `VPC` ." + }, + "vpcEndpointId": { + "type": "string", + "description": "The ID of the VPC endpoint.\n\n\u003e This property can only be set when `EndpointType` is set to `VPC_ENDPOINT` ." + }, + "vpcId": { + "type": "string", + "description": "The VPC ID of the virtual private cloud in which the server's endpoint will be hosted.\n\n\u003e This property can only be set when `EndpointType` is set to `VPC` ." + } + } + }, + "aws-native:transfer:ServerEndpointType": { + "type": "string" + }, + "aws-native:transfer:ServerIdentityProviderDetails": { + "type": "object", + "properties": { + "directoryId": { + "type": "string", + "description": "The identifier of the AWS Directory Service directory that you want to use as your identity provider." + }, + "function": { + "type": "string", + "description": "The ARN for a Lambda function to use for the Identity provider." + }, + "invocationRole": { + "type": "string", + "description": "This parameter is only applicable if your `IdentityProviderType` is `API_GATEWAY` . Provides the type of `InvocationRole` used to authenticate the user account." + }, + "sftpAuthenticationMethods": { + "$ref": "#/types/aws-native:transfer:ServerSftpAuthenticationMethods", + "description": "For SFTP-enabled servers, and for custom identity providers *only* , you can specify whether to authenticate using a password, SSH key pair, or both.\n\n- `PASSWORD` - users must provide their password to connect.\n- `PUBLIC_KEY` - users must provide their private key to connect.\n- `PUBLIC_KEY_OR_PASSWORD` - users can authenticate with either their password or their key. This is the default value.\n- `PUBLIC_KEY_AND_PASSWORD` - users must provide both their private key and their password to connect. The server checks the key first, and then if the key is valid, the system prompts for a password. If the private key provided does not match the public key that is stored, authentication fails." + }, + "url": { + "type": "string", + "description": "Provides the location of the service endpoint used to authenticate users." + } + } + }, + "aws-native:transfer:ServerIdentityProviderType": { + "type": "string" + }, + "aws-native:transfer:ServerProtocol": { + "type": "string" + }, + "aws-native:transfer:ServerProtocolDetails": { + "type": "object", + "properties": { + "as2Transports": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:transfer:ServerAs2Transport" + }, + "description": "List of `As2Transport` objects." + }, + "passiveIp": { + "type": "string", + "description": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n\u003e If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response." + }, + "setStatOption": { + "$ref": "#/types/aws-native:transfer:ServerSetStatOption", + "description": "Use the `SetStatOption` to ignore the error that is generated when the client attempts to use `SETSTAT` on a file you are uploading to an S3 bucket.\n\nSome SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as `SETSTAT` when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.\n\nSet the value to `ENABLE_NO_OP` to have the Transfer Family server ignore the `SETSTAT` command, and upload files without needing to make any changes to your SFTP client. While the `SetStatOption` `ENABLE_NO_OP` setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a `SETSTAT` call.\n\n\u003e If you want to preserve the original timestamp for your file, and modify other file attributes using `SETSTAT` , you can use Amazon EFS as backend storage with Transfer Family." + }, + "tlsSessionResumptionMode": { + "$ref": "#/types/aws-native:transfer:ServerTlsSessionResumptionMode", + "description": "A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. `TlsSessionResumptionMode` determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during `CreateServer` and `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not specified during `CreateServer` , it is set to `ENFORCED` by default.\n\n- `DISABLED` : the server does not process TLS session resumption client requests and creates a new TLS session for each request.\n- `ENABLED` : the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.\n- `ENFORCED` : the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to `ENFORCED` , test your clients.\n\n\u003e Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the `ENFORCED` value, you need to test your clients." + } + } + }, + "aws-native:transfer:ServerS3StorageOptions": { + "type": "object", + "properties": { + "directoryListingOptimization": { + "$ref": "#/types/aws-native:transfer:ServerDirectoryListingOptimization", + "description": "Specifies whether or not performance for your Amazon S3 directories is optimized. This is disabled by default.\n\nBy default, home directory mappings have a `TYPE` of `DIRECTORY` . If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` `Type` to `FILE` if you want a mapping to have a file target." + } + } + }, + "aws-native:transfer:ServerSetStatOption": { + "type": "string" + }, + "aws-native:transfer:ServerSftpAuthenticationMethods": { + "type": "string" + }, + "aws-native:transfer:ServerTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The name assigned to the tag that you create." + }, + "value": { + "type": "string", + "description": "Contains one or more values that you assigned to the key name you create." + } + } + }, + "aws-native:transfer:ServerTlsSessionResumptionMode": { + "type": "string" + }, + "aws-native:transfer:ServerWorkflowDetail": { + "type": "object", + "properties": { + "executionRole": { + "type": "string", + "description": "Includes the necessary permissions for S3, EFS, and Lambda operations that Transfer can assume, so that all workflow steps can operate on the required resources" + }, + "workflowId": { + "type": "string", + "description": "A unique identifier for the workflow." + } + } + }, + "aws-native:transfer:ServerWorkflowDetails": { + "type": "object", + "properties": { + "onPartialUpload": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:transfer:ServerWorkflowDetail" + }, + "description": "A trigger that starts a workflow if a file is only partially uploaded. You can attach a workflow to a server that executes whenever there is a partial upload.\n\nA *partial upload* occurs when a file is open when the session disconnects.\n\n\u003e `OnPartialUpload` can contain a maximum of one `WorkflowDetail` object." + }, + "onUpload": { + "type": "array", + "items": { + "$ref": "#/types/aws-native:transfer:ServerWorkflowDetail" + }, + "description": "A trigger that starts a workflow: the workflow begins to execute after a file is uploaded.\n\nTo remove an associated workflow from a server, you can provide an empty `OnUpload` object, as in the following example.\n\n`aws transfer update-server --server-id s-01234567890abcdef --workflow-details '{\"OnUpload\":[]}'`\n\n\u003e `OnUpload` can contain a maximum of one `WorkflowDetail` object." + } + } + }, "aws-native:transfer:SftpConfigProperties": { "type": "object", "properties": { @@ -207713,6 +213498,18 @@ } } }, + "aws-native:wisdom:AiPromptAiPromptApiFormat": { + "type": "string" + }, + "aws-native:wisdom:AiPromptAiPromptTemplateConfiguration": { + "type": "object" + }, + "aws-native:wisdom:AiPromptAiPromptTemplateType": { + "type": "string" + }, + "aws-native:wisdom:AiPromptAiPromptType": { + "type": "string" + }, "aws-native:wisdom:AssistantAssociationAssociationData": { "type": "object", "properties": { @@ -207768,7 +213565,7 @@ "properties": { "appIntegrationArn": { "type": "string", - "description": "The Amazon Resource Name (ARN) of the AppIntegrations DataIntegration to use for ingesting content.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` as source fields.\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` as source fields.\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , your AppIntegrations DataIntegration must have an ObjectConfiguration if `objectFields` is not provided, including at least `id` , `title` , `updated_at` , and `draft` as source fields.\n- For [SharePoint](https://docs.aws.amazon.com/https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index) , your AppIntegrations DataIntegration must have a FileConfiguration, including only file extensions that are among `docx` , `pdf` , `html` , `htm` , and `txt` .\n- For [Amazon S3](https://docs.aws.amazon.com/https://aws.amazon.com/s3/) , the ObjectConfiguration and FileConfiguration of your AppIntegrations DataIntegration must be null. The `SourceURI` of your DataIntegration must use the following format: `s3://your_s3_bucket_name` .\n\n\u003e The bucket policy of the corresponding S3 bucket must allow the AWS principal `app-integrations.amazonaws.com` to perform `s3:ListBucket` , `s3:GetObject` , and `s3:GetBucketLocation` against the bucket." + "description": "The Amazon Resource Name (ARN) of the AppIntegrations DataIntegration to use for ingesting content.\n\n- For [Salesforce](https://docs.aws.amazon.com/https://developer.salesforce.com/docs/atlas.en-us.knowledge_dev.meta/knowledge_dev/sforce_api_objects_knowledge__kav.htm) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `Id` , `ArticleNumber` , `VersionNumber` , `Title` , `PublishStatus` , and `IsDeleted` as source fields.\n- For [ServiceNow](https://docs.aws.amazon.com/https://developer.servicenow.com/dev.do#!/reference/api/rome/rest/knowledge-management-api) , your AppIntegrations DataIntegration must have an ObjectConfiguration if objectFields is not provided, including at least `number` , `short_description` , `sys_mod_count` , `workflow_state` , and `active` as source fields.\n- For [Zendesk](https://docs.aws.amazon.com/https://developer.zendesk.com/api-reference/help_center/help-center-api/articles/) , your AppIntegrations DataIntegration must have an ObjectConfiguration if `objectFields` is not provided, including at least `id` , `title` , `updated_at` , and `draft` as source fields.\n- For [SharePoint](https://docs.aws.amazon.com/https://learn.microsoft.com/en-us/sharepoint/dev/sp-add-ins/sharepoint-net-server-csom-jsom-and-rest-api-index) , your AppIntegrations DataIntegration must have a FileConfiguration, including only file extensions that are among `docx` , `pdf` , `html` , `htm` , and `txt` .\n- For [Amazon S3](https://docs.aws.amazon.com/s3/) , the ObjectConfiguration and FileConfiguration of your AppIntegrations DataIntegration must be null. The `SourceURI` of your DataIntegration must use the following format: `s3://your_s3_bucket_name` .\n\n\u003e The bucket policy of the corresponding S3 bucket must allow the AWS principal `app-integrations.amazonaws.com` to perform `s3:ListBucket` , `s3:GetObject` , and `s3:GetBucketLocation` against the bucket." }, "objectFields": { "type": "array", @@ -208000,6 +213797,19 @@ } } }, + "aws-native:workspacesweb:IdentityProviderTag": { + "type": "object", + "properties": { + "key": { + "type": "string", + "description": "The key of the tag." + }, + "value": { + "type": "string", + "description": "The value of the tag" + } + } + }, "aws-native:workspacesweb:IdentityProviderType": { "type": "string" }, @@ -208357,6 +214167,12 @@ "certificateAuthorityArn" ] }, + "aws-native:amazonmq:getConfiguration": { + "cf": "AWS::AmazonMQ::Configuration", + "ids": [ + "id" + ] + }, "aws-native:amplify:getApp": { "cf": "AWS::Amplify::App", "ids": [ @@ -208770,6 +214586,12 @@ "name" ] }, + "aws-native:appsync:getDataSource": { + "cf": "AWS::AppSync::DataSource", + "ids": [ + "dataSourceArn" + ] + }, "aws-native:appsync:getDomainName": { "cf": "AWS::AppSync::DomainName", "ids": [ @@ -208948,6 +214770,12 @@ "frameworkArn" ] }, + "aws-native:backup:getLogicallyAirGappedBackupVault": { + "cf": "AWS::Backup::LogicallyAirGappedBackupVault", + "ids": [ + "backupVaultName" + ] + }, "aws-native:backup:getReportPlan": { "cf": "AWS::Backup::ReportPlan", "ids": [ @@ -209516,7 +215344,8 @@ "aws-native:cognito:getUserPoolIdentityProvider": { "cf": "AWS::Cognito::UserPoolIdentityProvider", "ids": [ - "id" + "userPoolId", + "providerName" ] }, "aws-native:cognito:getUserPoolResourceServer": { @@ -209589,6 +215418,12 @@ "queryName" ] }, + "aws-native:connect:getAgentStatus": { + "cf": "AWS::Connect::AgentStatus", + "ids": [ + "agentStatusArn" + ] + }, "aws-native:connect:getContactFlow": { "cf": "AWS::Connect::ContactFlow", "ids": [ @@ -209715,6 +215550,12 @@ "userHierarchyGroupArn" ] }, + "aws-native:connect:getUserHierarchyStructure": { + "cf": "AWS::Connect::UserHierarchyStructure", + "ids": [ + "userHierarchyStructureArn" + ] + }, "aws-native:connect:getView": { "cf": "AWS::Connect::View", "ids": [ @@ -209932,6 +215773,14 @@ "id" ] }, + "aws-native:datazone:getEnvironmentActions": { + "cf": "AWS::DataZone::EnvironmentActions", + "ids": [ + "domainId", + "environmentId", + "id" + ] + }, "aws-native:datazone:getEnvironmentBlueprintConfiguration": { "cf": "AWS::DataZone::EnvironmentBlueprintConfiguration", "ids": [ @@ -211180,12 +217029,24 @@ "listenerArn" ] }, + "aws-native:glue:getCrawler": { + "cf": "AWS::Glue::Crawler", + "ids": [ + "name" + ] + }, "aws-native:glue:getDatabase": { "cf": "AWS::Glue::Database", "ids": [ "databaseName" ] }, + "aws-native:glue:getJob": { + "cf": "AWS::Glue::Job", + "ids": [ + "name" + ] + }, "aws-native:glue:getRegistry": { "cf": "AWS::Glue::Registry", "ids": [ @@ -211210,6 +217071,12 @@ "name" ] }, + "aws-native:glue:getUsageProfile": { + "cf": "AWS::Glue::UsageProfile", + "ids": [ + "name" + ] + }, "aws-native:grafana:getWorkspace": { "cf": "AWS::Grafana::Workspace", "ids": [ @@ -211935,6 +217802,12 @@ "id" ] }, + "aws-native:kinesis:getResourcePolicy": { + "cf": "AWS::Kinesis::ResourcePolicy", + "ids": [ + "resourceArn" + ] + }, "aws-native:kinesis:getStream": { "cf": "AWS::Kinesis::Stream", "ids": [ @@ -212381,6 +218254,43 @@ "gatewayArn" ] }, + "aws-native:medialive:getChannelPlacementGroup": { + "cf": "AWS::MediaLive::ChannelPlacementGroup", + "ids": [ + "id", + "clusterId" + ] + }, + "aws-native:medialive:getCloudWatchAlarmTemplate": { + "cf": "AWS::MediaLive::CloudWatchAlarmTemplate", + "ids": [ + "identifier" + ] + }, + "aws-native:medialive:getCloudWatchAlarmTemplateGroup": { + "cf": "AWS::MediaLive::CloudWatchAlarmTemplateGroup", + "ids": [ + "identifier" + ] + }, + "aws-native:medialive:getCluster": { + "cf": "AWS::MediaLive::Cluster", + "ids": [ + "id" + ] + }, + "aws-native:medialive:getEventBridgeRuleTemplate": { + "cf": "AWS::MediaLive::EventBridgeRuleTemplate", + "ids": [ + "identifier" + ] + }, + "aws-native:medialive:getEventBridgeRuleTemplateGroup": { + "cf": "AWS::MediaLive::EventBridgeRuleTemplateGroup", + "ids": [ + "identifier" + ] + }, "aws-native:medialive:getMultiplex": { "cf": "AWS::MediaLive::Multiplex", "ids": [ @@ -212394,6 +218304,24 @@ "multiplexId" ] }, + "aws-native:medialive:getNetwork": { + "cf": "AWS::MediaLive::Network", + "ids": [ + "id" + ] + }, + "aws-native:medialive:getSdiSource": { + "cf": "AWS::MediaLive::SdiSource", + "ids": [ + "id" + ] + }, + "aws-native:medialive:getSignalMap": { + "cf": "AWS::MediaLive::SignalMap", + "ids": [ + "identifier" + ] + }, "aws-native:mediapackage:getAsset": { "cf": "AWS::MediaPackage::Asset", "ids": [ @@ -212902,6 +218830,18 @@ "templateArn" ] }, + "aws-native:pcaconnectorscep:getChallenge": { + "cf": "AWS::PCAConnectorSCEP::Challenge", + "ids": [ + "challengeArn" + ] + }, + "aws-native:pcaconnectorscep:getConnector": { + "cf": "AWS::PCAConnectorSCEP::Connector", + "ids": [ + "connectorArn" + ] + }, "aws-native:personalize:getDataset": { "cf": "AWS::Personalize::Dataset", "ids": [ @@ -213033,6 +218973,13 @@ "dataSourceId" ] }, + "aws-native:quicksight:getFolder": { + "cf": "AWS::QuickSight::Folder", + "ids": [ + "awsAccountId", + "folderId" + ] + }, "aws-native:quicksight:getTemplate": { "cf": "AWS::QuickSight::Template", "ids": [ @@ -213183,6 +219130,12 @@ "subscriptionName" ] }, + "aws-native:redshift:getIntegration": { + "cf": "AWS::Redshift::Integration", + "ids": [ + "integrationArn" + ] + }, "aws-native:redshift:getScheduledAction": { "cf": "AWS::Redshift::ScheduledAction", "ids": [ @@ -213612,6 +219565,12 @@ "appImageConfigName" ] }, + "aws-native:sagemaker:getCluster": { + "cf": "AWS::SageMaker::Cluster", + "ids": [ + "clusterArn" + ] + }, "aws-native:sagemaker:getDataQualityJobDefinition": { "cf": "AWS::SageMaker::DataQualityJobDefinition", "ids": [ @@ -213764,6 +219723,12 @@ "id" ] }, + "aws-native:secretsmanager:getSecretTargetAttachment": { + "cf": "AWS::SecretsManager::SecretTargetAttachment", + "ids": [ + "id" + ] + }, "aws-native:securityhub:getAutomationRule": { "cf": "AWS::SecurityHub::AutomationRule", "ids": [ @@ -214014,6 +219979,12 @@ "name" ] }, + "aws-native:sns:getSubscription": { + "cf": "AWS::SNS::Subscription", + "ids": [ + "arn" + ] + }, "aws-native:sns:getTopic": { "cf": "AWS::SNS::Topic", "ids": [ @@ -214253,6 +220224,12 @@ "profileId" ] }, + "aws-native:transfer:getServer": { + "cf": "AWS::Transfer::Server", + "ids": [ + "arn" + ] + }, "aws-native:transfer:getWorkflow": { "cf": "AWS::Transfer::Workflow", "ids": [ @@ -214390,6 +220367,13 @@ "scope" ] }, + "aws-native:wisdom:getAiPrompt": { + "cf": "AWS::Wisdom::AIPrompt", + "ids": [ + "aiPromptId", + "assistantId" + ] + }, "aws-native:wisdom:getAssistant": { "cf": "AWS::Wisdom::Assistant", "ids": [ @@ -214494,4 +220478,4 @@ ] } } -} +} \ No newline at end of file diff --git a/src/aws-resource-mappings.ts b/src/aws-resource-mappings.ts index 0a89b0b5..9c076e00 100644 --- a/src/aws-resource-mappings.ts +++ b/src/aws-resource-mappings.ts @@ -46,43 +46,77 @@ export function mapToAwsResource( typeName: string, rawProps: any, options: pulumi.ResourceOptions, -): ResourceMapping | undefined { +): ResourceMapping[] | undefined { const props = normalize(rawProps); switch (typeName) { // ApiGatewayV2 case 'AWS::ApiGatewayV2::Integration': - return new aws.apigatewayv2.Integration( - logicalId, - { - ...props, - requestParameters: rawProps.RequestParameters, - requestTemplates: rawProps.RequestTemplates, - responseParameters: rawProps.ResponseParameters, - tlsConfig: maybe(props.tlsConfig, () => ({ insecureSkipVerification: true })), - }, - options, - ); + return [ + new aws.apigatewayv2.Integration( + logicalId, + { + ...props, + requestParameters: rawProps.RequestParameters, + requestTemplates: rawProps.RequestTemplates, + responseParameters: rawProps.ResponseParameters, + tlsConfig: maybe(props.tlsConfig, () => ({ insecureSkipVerification: true })), + }, + options, + ), + ]; case 'AWS::ApiGatewayV2::Stage': - return new aws.apigatewayv2.Stage( - logicalId, - { - accessLogSettings: props.accessLogSettings, - apiId: props.apiId, - autoDeploy: props.autoDeploy, - clientCertificateId: props.clientCertificateId, - defaultRouteSettings: props.defaultRouteSettings, - deploymentId: props.deploymentId, - description: props.description, - name: props.stageName, - routeSettings: props.routeSettings, - stageVariables: rawProps.StageVariables, - tags: tags(props.tags), - }, - options, - ); + return [ + new aws.apigatewayv2.Stage( + logicalId, + { + accessLogSettings: props.accessLogSettings, + apiId: props.apiId, + autoDeploy: props.autoDeploy, + clientCertificateId: props.clientCertificateId, + defaultRouteSettings: props.defaultRouteSettings, + deploymentId: props.deploymentId, + description: props.description, + name: props.stageName, + routeSettings: props.routeSettings, + stageVariables: rawProps.StageVariables, + tags: tags(props.tags), + }, + options, + ), + ]; + + // SQS + // https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queuepolicy.html + case 'AWS::SQS::QueuePolicy': { + if (!Array.isArray(props.queues)) { + throw new Error('QueuePolicy has an invalid value for `queues` property'); + } + + return (props.queues || []).flatMap((q: string) => { + return new aws.sqs.QueuePolicy(logicalId, { + policy: rawProps.PolicyDocument, + queueUrl: q, + }); + }); + } + + // SNS + // https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sns-topicpolicy.html + case 'AWS::SNS::TopicPolicy': + if (!Array.isArray(props.topics)) { + throw new Error('TopicPolicy has an invalid value for `topics` property'); + } + + return (props.topics || []).flatMap((arn: string) => { + return new aws.sns.TopicPolicy(logicalId, { + policy: rawProps.PolicyDocument, + arn, + }); + }); // IAM case 'AWS::IAM::Policy': { + const resources: ResourceMapping[] = []; const policy = new aws.iam.Policy( logicalId, { @@ -90,39 +124,46 @@ export function mapToAwsResource( }, options, ); + resources.push(policy); for (let i = 0; i < (props.groups || []).length; i++) { - new aws.iam.GroupPolicyAttachment( - `${logicalId}-${i}`, - { - group: props.groups[i], - policyArn: policy.arn, - }, - options, + resources.push( + new aws.iam.GroupPolicyAttachment( + `${logicalId}-${i}`, + { + group: props.groups[i], + policyArn: policy.arn, + }, + options, + ), ); } for (let i = 0; i < (props.roles || []).length; i++) { - new aws.iam.RolePolicyAttachment( - `${logicalId}-${i}`, - { - role: props.roles[i], - policyArn: policy.arn, - }, - options, + resources.push( + new aws.iam.RolePolicyAttachment( + `${logicalId}-${i}`, + { + role: props.roles[i], + policyArn: policy.arn, + }, + options, + ), ); } for (let i = 0; i < (props.users || []).length; i++) { - new aws.iam.UserPolicyAttachment( - `${logicalId}-${i}`, - { - user: props.users[i], - policyArn: policy.arn, - }, - options, + resources.push( + new aws.iam.UserPolicyAttachment( + `${logicalId}-${i}`, + { + user: props.users[i], + policyArn: policy.arn, + }, + options, + ), ); } - return policy; + return resources; } default: diff --git a/src/cfn-resource-mappings.ts b/src/cfn-resource-mappings.ts index 09aa207e..7d736965 100644 --- a/src/cfn-resource-mappings.ts +++ b/src/cfn-resource-mappings.ts @@ -25,14 +25,14 @@ export function mapToCfnResource( typeName: string, rawProps: any, options: pulumi.ResourceOptions, -): ResourceMapping { +): ResourceMapping[] { const props = normalize(rawProps, typeName); debug(`mapToCfnResource typeName: ${typeName} props: ${JSON.stringify(props)}`); switch (typeName) { case 'AWS::S3::Bucket': // Lowercase the bucket name to comply with the Bucket resource's naming constraints, which only allow // lowercase letters. - return new s3.Bucket(logicalId.toLowerCase(), props, options); + return [new s3.Bucket(logicalId.toLowerCase(), props, options)]; default: { // When creating a generic `CfnResource` we don't have any information on the // attributes attached to the resource. We need to populate them by looking up the @@ -41,7 +41,7 @@ export function mapToCfnResource( const resource = metadata.findResource(typeName); const attributes = Object.keys(resource.outputs); - return new CfnResource(logicalId, typeName, props, attributes, options); + return [new CfnResource(logicalId, typeName, props, attributes, options)]; } } } diff --git a/src/converters/app-converter.ts b/src/converters/app-converter.ts index f4b5a36c..6702ee1c 100644 --- a/src/converters/app-converter.ts +++ b/src/converters/app-converter.ts @@ -112,10 +112,12 @@ export class StackConverter extends ArtifactConverter { const options = this.processOptions(cfn, parent); const mapped = this.mapResource(n.logicalId, cfn.Type, props, options); - const resource = pulumi.Resource.isInstance(mapped) ? mapped : mapped.resource; - const attributes = pulumi.Resource.isInstance(mapped) ? undefined : mapped.attributes; - this.resources.set(n.logicalId, { resource, attributes, resourceType: cfn.Type }); - this.constructs.set(n.construct, resource); + mapped.forEach((m) => { + const resource = pulumi.Resource.isInstance(m) ? m : m.resource; + const attributes = pulumi.Resource.isInstance(m) ? undefined : m.attributes; + this.resources.set(n.logicalId!, { resource, attributes, resourceType: cfn.Type }); + this.constructs.set(n.construct, resource); + }); debug(`Done creating resource for ${n.logicalId}`); // TODO: process template conditions @@ -186,7 +188,7 @@ export class StackConverter extends ArtifactConverter { typeName: string, props: any, options: pulumi.ResourceOptions, - ): ResourceMapping { + ): ResourceMapping[] { if (this.stackComponent.options?.remapCloudControlResource !== undefined) { const res = this.stackComponent.options.remapCloudControlResource(logicalId, typeName, props, options); if (res !== undefined) { diff --git a/src/pulumi-metadata.ts b/src/pulumi-metadata.ts index 018f85c6..38093e93 100644 --- a/src/pulumi-metadata.ts +++ b/src/pulumi-metadata.ts @@ -7,8 +7,8 @@ import { PulumiProvider } from './types'; import { debug } from '@pulumi/pulumi/log'; export class UnknownCfnType extends Error { - constructor() { - super("CfnType doesn't exist as a native type"); + constructor(cfnType: string) { + super(`CfnType ${cfnType} doesn't exist as a native type`); } } @@ -35,7 +35,7 @@ export class Metadata { if (pType in this.pulumiMetadata.resources) { return this.pulumiMetadata.resources[pType]; } - throw new UnknownCfnType(); + throw new UnknownCfnType(cfnType); } public types(): { [key: string]: PulumiType } { diff --git a/src/types.ts b/src/types.ts index 0cb3ccaa..3c35ce45 100644 --- a/src/types.ts +++ b/src/types.ts @@ -30,7 +30,7 @@ export interface StackOptions extends pulumi.ComponentResourceOptions { typeName: string, props: any, options: pulumi.ResourceOptions, - ): ResourceMapping | undefined; + ): ResourceMapping[] | undefined; } /** diff --git a/tests/aws-resource-mappings.test.ts b/tests/aws-resource-mappings.test.ts index 47af0c70..5f0f4ba1 100644 --- a/tests/aws-resource-mappings.test.ts +++ b/tests/aws-resource-mappings.test.ts @@ -9,6 +9,16 @@ jest.mock('@pulumi/aws', () => { return {}; }), }, + sqs: { + QueuePolicy: jest.fn().mockImplementation(() => { + return {}; + }), + }, + sns: { + TopicPolicy: jest.fn().mockImplementation(() => { + return {}; + }), + }, iam: { Policy: jest.fn().mockImplementation(() => { return {}; @@ -96,6 +106,122 @@ describe('AWS Resource Mappings', () => { {}, ); }); + + test('maps sns.TopicPolicy', () => { + // GIVEN + const cfnType = 'AWS::SNS::TopicPolicy'; + const logicalId = 'my-resource'; + const cfnProps = { + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sns:*'], + Resource: '*', + }, + ], + }, + Topics: ['my-topic', 'my-other-topic'], + }; + + // WHEN + mapToAwsResource(logicalId, cfnType, cfnProps, {}); + + // THEN + expect(aws.sns.TopicPolicy).toHaveBeenCalledTimes(2); + expect(aws.sns.TopicPolicy).toHaveBeenCalledWith( + logicalId, + expect.objectContaining({ + arn: 'my-topic', + policy: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sns:*'], + Resource: '*', + }, + ], + }, + }), + ); + expect(aws.sns.TopicPolicy).toHaveBeenCalledWith( + logicalId, + expect.objectContaining({ + arn: 'my-other-topic', + policy: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sns:*'], + Resource: '*', + }, + ], + }, + }), + ); + }); + + test('maps sqs.QueuePolicy', () => { + // GIVEN + const cfnType = 'AWS::SQS::QueuePolicy'; + const logicalId = 'my-resource'; + const cfnProps = { + Queues: ['my-queue', 'my-other-queue'], + PolicyDocument: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sqs:*'], + Resource: '*', + }, + ], + }, + }; + + // WHEN + mapToAwsResource(logicalId, cfnType, cfnProps, {}); + + // THEN + expect(aws.sqs.QueuePolicy).toHaveBeenCalledTimes(2); + expect(aws.sqs.QueuePolicy).toHaveBeenCalledWith( + logicalId, + expect.objectContaining({ + queueUrl: 'my-queue', + policy: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sqs:*'], + Resource: '*', + }, + ], + }, + }), + ); + + expect(aws.sqs.QueuePolicy).toHaveBeenCalledWith( + logicalId, + expect.objectContaining({ + queueUrl: 'my-other-queue', + policy: { + Version: '2012-10-17', + Statement: [ + { + Effect: 'Allow', + Action: ['sqs:*'], + Resource: '*', + }, + ], + }, + }), + ); + }); + test('maps apigatewayv2.Integration', () => { // GIVEN const cfnType = 'AWS::ApiGatewayV2::Integration';