feat: update L1 CloudFormation resource definitions #29530
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
aws-cdk-automation
added
auto-approve
contribution/core
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
|
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
ahammond
pushed a commit
to ahammond/aws-cdk
that referenced
this pull request
Mar 26, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-appconfig │ └ resources │ ├[~] resource AWS::AppConfig::Deployment │ │ ├ properties │ │ │ └[+] DynamicExtensionParameters: Array<DynamicExtensionParameters> (immutable) │ │ └ types │ │ └[+] type DynamicExtensionParameters │ │ ├ name: DynamicExtensionParameters │ │ └ properties │ │ ├ExtensionReference: string │ │ ├ParameterName: string │ │ └ParameterValue: string │ ├[~] resource AWS::AppConfig::Extension │ │ ├ - documentation: Creates an AWS AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AWS AppConfig workflow of creating or deploying a configuration. │ │ │ You can create your own extensions or use the AWS authored extensions provided by AWS AppConfig . For an AWS AppConfig extension that uses AWS Lambda , you must create a Lambda function to perform any computation and processing defined in the extension. If you plan to create custom versions of the AWS authored notification extensions, you only need to specify an Amazon Resource Name (ARN) in the `Uri` field for the new extension version. │ │ │ - For a custom EventBridge notification extension, enter the ARN of the EventBridge default events in the `Uri` field. │ │ │ - For a custom Amazon SNS notification extension, enter the ARN of an Amazon SNS topic in the `Uri` field. │ │ │ - For a custom Amazon SQS notification extension, enter the ARN of an Amazon SQS message queue in the `Uri` field. │ │ │ For more information about extensions, see [Working with AWS AppConfig extensions](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . │ │ │ + documentation: Creates an AWS AppConfig extension. An extension augments your ability to inject logic or behavior at different points during the AWS AppConfig workflow of creating or deploying a configuration. │ │ │ You can create your own extensions or use the AWS authored extensions provided by AWS AppConfig . For an AWS AppConfig extension that uses AWS Lambda , you must create a Lambda function to perform any computation and processing defined in the extension. If you plan to create custom versions of the AWS authored notification extensions, you only need to specify an Amazon Resource Name (ARN) in the `Uri` field for the new extension version. │ │ │ - For a custom EventBridge notification extension, enter the ARN of the EventBridge default events in the `Uri` field. │ │ │ - For a custom Amazon SNS notification extension, enter the ARN of an Amazon SNS topic in the `Uri` field. │ │ │ - For a custom Amazon SQS notification extension, enter the ARN of an Amazon SQS message queue in the `Uri` field. │ │ │ For more information about extensions, see [Extending workflows](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . │ │ └ types │ │ └[~] type Parameter │ │ ├ - documentation: A value such as an Amazon Resource Name (ARN) or an Amazon Simple Notification Service topic entered in an extension when invoked. Parameter values are specified in an extension association. For more information about extensions, see [Working with AWS AppConfig extensions](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . │ │ │ + documentation: A value such as an Amazon Resource Name (ARN) or an Amazon Simple Notification Service topic entered in an extension when invoked. Parameter values are specified in an extension association. For more information about extensions, see [Extending workflows](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . │ │ └ properties │ │ └[+] Dynamic: boolean │ └[~] resource AWS::AppConfig::ExtensionAssociation │ └ - documentation: When you create an extension or configure an AWS authored extension, you associate the extension with an AWS AppConfig application, environment, or configuration profile. For example, you can choose to run the `AWS AppConfig deployment events to Amazon SNS` AWS authored extension and receive notifications on an Amazon SNS topic anytime a configuration deployment is started for a specific application. Defining which extension to associate with an AWS AppConfig resource is called an *extension association* . An extension association is a specified relationship between an extension and an AWS AppConfig resource, such as an application or a configuration profile. For more information about extensions and associations, see [Working with AWS AppConfig extensions](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . │ + documentation: When you create an extension or configure an AWS authored extension, you associate the extension with an AWS AppConfig application, environment, or configuration profile. For example, you can choose to run the `AWS AppConfig deployment events to Amazon SNS` AWS authored extension and receive notifications on an Amazon SNS topic anytime a configuration deployment is started for a specific application. Defining which extension to associate with an AWS AppConfig resource is called an *extension association* . An extension association is a specified relationship between an extension and an AWS AppConfig resource, such as an application or a configuration profile. For more information about extensions and associations, see [Extending workflows](https://docs.aws.amazon.com/appconfig/latest/userguide/working-with-appconfig-extensions.html) in the *AWS AppConfig User Guide* . ├[~] service aws-applicationinsights │ └ resources │ └[~] resource AWS::ApplicationInsights::Application │ └ properties │ └ AttachMissingPermission: (documentation changed) ├[~] service aws-backup │ └ resources │ └[~] resource AWS::Backup::ReportPlan │ └ types │ └[~] type ReportSetting │ └ properties │ ├ Accounts: (documentation changed) │ └ Regions: (documentation changed) ├[~] service aws-batch │ └ resources │ ├[~] resource AWS::Batch::JobDefinition │ │ ├ properties │ │ │ └ EcsProperties: (documentation changed) │ │ └ types │ │ ├[~] type EcsProperties │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that contains the properties for the Amazon ECS resources of a job. │ │ │ └ properties │ │ │ └ TaskProperties: (documentation changed) │ │ ├[~] type EcsTaskProperties │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The properties for a task definition that describes the container and volume definitions of an Amazon ECS task. You can specify which Docker images to use, the required resources, and other configurations related to launching the task definition through an Amazon ECS service or task. │ │ │ └ properties │ │ │ ├ Containers: (documentation changed) │ │ │ ├ EphemeralStorage: (documentation changed) │ │ │ ├ ExecutionRoleArn: (documentation changed) │ │ │ ├ IpcMode: (documentation changed) │ │ │ ├ NetworkConfiguration: (documentation changed) │ │ │ ├ PidMode: (documentation changed) │ │ │ ├ PlatformVersion: (documentation changed) │ │ │ ├ RuntimePlatform: (documentation changed) │ │ │ ├ TaskRoleArn: (documentation changed) │ │ │ └ Volumes: (documentation changed) │ │ ├[~] type NodeRangeProperty │ │ │ └ properties │ │ │ ├ EcsProperties: (documentation changed) │ │ │ └ InstanceTypes: (documentation changed) │ │ ├[~] type PodProperties │ │ │ └ properties │ │ │ ├ InitContainers: (documentation changed) │ │ │ └ ShareProcessNamespace: (documentation changed) │ │ ├[~] type TaskContainerDependency │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: A list of containers that this task depends on. │ │ │ └ properties │ │ │ ├ Condition: (documentation changed) │ │ │ └ ContainerName: (documentation changed) │ │ └[~] type TaskContainerProperties │ │ ├ - documentation: undefined │ │ │ + documentation: Container properties are used for Amazon ECS-based job definitions. These properties to describe the container that's launched as part of a job. │ │ └ properties │ │ ├ Command: (documentation changed) │ │ ├ DependsOn: (documentation changed) │ │ ├ Environment: (documentation changed) │ │ ├ Essential: (documentation changed) │ │ ├ Image: (documentation changed) │ │ ├ LinuxParameters: (documentation changed) │ │ ├ LogConfiguration: (documentation changed) │ │ ├ MountPoints: (documentation changed) │ │ ├ Name: (documentation changed) │ │ ├ Privileged: (documentation changed) │ │ ├ ReadonlyRootFilesystem: (documentation changed) │ │ ├ RepositoryCredentials: (documentation changed) │ │ ├ ResourceRequirements: (documentation changed) │ │ ├ Secrets: (documentation changed) │ │ ├ Ulimits: (documentation changed) │ │ └ User: (documentation changed) │ └[~] resource AWS::Batch::JobQueue │ ├ properties │ │ └[+] JobStateTimeLimitActions: Array<JobStateTimeLimitAction> │ └ types │ └[+] type JobStateTimeLimitAction │ ├ name: JobStateTimeLimitAction │ └ properties │ ├Action: string (required) │ ├MaxTimeSeconds: integer (required) │ ├Reason: string (required) │ └State: string (required) ├[~] service aws-cloudformation │ └ resources │ └[~] resource AWS::CloudFormation::TypeActivation │ └ - documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [SetTypeConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) in the *CloudFormation User Guide* . │ + documentation: Activates a public third-party extension, making it available for use in stack templates. For more information, see [Using public extensions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-public.html) in the *AWS CloudFormation User Guide* . │ Once you have activated a public third-party extension in your account and Region, use [`SetTypeConfiguration`](https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_SetTypeConfiguration.html) to specify configuration properties for the extension. For more information, see [Configuring extensions at the account level](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/registry-register.html#registry-set-configuration) in the *CloudFormation User Guide* . ├[~] service aws-cloudfront │ └ resources │ └[~] resource AWS::CloudFront::ContinuousDeploymentPolicy │ └ types │ └[~] type SingleWeightConfig │ └ properties │ └ Weight: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedFieldSelector │ │ └ properties │ │ └ Field: (documentation changed) │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type AdvancedFieldSelector │ └ properties │ └ Field: (documentation changed) ├[~] service aws-codepipeline │ └ resources │ └[~] resource AWS::CodePipeline::Pipeline │ └ types │ └[~] type ActionDeclaration │ └ properties │ └[+] TimeoutInMinutes: integer ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::UserPool │ │ └ properties │ │ └ DeletionProtection: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolIdentityProvider │ └ properties │ └ ProviderDetails: (documentation changed) ├[~] service aws-dlm │ └ resources │ └[~] resource AWS::DLM::LifecyclePolicy │ └ types │ └[~] type CreateRule │ └ properties │ └ CronExpression: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::DHCPOptions │ │ └ properties │ │ └[+] Ipv6AddressPreferredLeaseTime: integer (immutable) │ ├[~] resource AWS::EC2::FlowLog │ │ └ properties │ │ └ DeliverLogsPermissionArn: (documentation changed) │ ├[~] resource AWS::EC2::Instance │ │ ├ attributes │ │ │ ├ Id: (documentation changed) │ │ │ ├[+] InstanceId: string │ │ │ └[+] VpcId: string │ │ └ types │ │ └[~] type HibernationOptions │ │ └ properties │ │ └ Configured: - boolean │ │ + boolean (default=false) │ ├[~] resource AWS::EC2::SecurityGroup │ │ └ types │ │ ├[~] type Egress │ │ │ ├ - documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ │ You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. │ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ └ properties │ │ │ ├ CidrIp: (documentation changed) │ │ │ ├ CidrIpv6: (documentation changed) │ │ │ ├ DestinationPrefixListId: (documentation changed) │ │ │ └ DestinationSecurityGroupId: (documentation changed) │ │ └[~] type Ingress │ │ ├ - documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ CidrIp: (documentation changed) │ │ └ CidrIpv6: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupEgress │ │ ├ - documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following destinations: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ CidrIp: (documentation changed) │ │ ├ CidrIpv6: (documentation changed) │ │ ├ DestinationPrefixListId: (documentation changed) │ │ └ DestinationSecurityGroupId: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupIngress │ │ ├ - documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify only one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 address range, an IPv6 address range, a prefix list, or a security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ CidrIp: (documentation changed) │ │ └ CidrIpv6: (documentation changed) │ └[~] resource AWS::EC2::VPCCidrBlock ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ properties │ │ └ PropagateTags: (documentation changed) │ └[~] resource AWS::ECS::TaskDefinition │ └ types │ └[~] type EphemeralStorage │ └ properties │ └ SizeInGiB: (documentation changed) ├[~] service aws-glue │ └ resources │ └[~] resource AWS::Glue::TableOptimizer │ └ properties │ └ TableOptimizerConfiguration: (documentation changed) ├[~] service aws-internetmonitor │ └ resources │ └[~] resource AWS::InternetMonitor::Monitor │ └ properties │ ├[+] IncludeLinkedAccounts: boolean │ └[+] LinkedAccountId: string ├[~] service aws-iotsitewise │ └ resources │ ├[~] resource AWS::IoTSiteWise::Asset │ │ ├ properties │ │ │ └ AssetExternalId: (documentation changed) │ │ └ types │ │ ├[~] type AssetHierarchy │ │ │ └ properties │ │ │ ├ ExternalId: (documentation changed) │ │ │ └ Id: (documentation changed) │ │ └[~] type AssetProperty │ │ └ properties │ │ ├ ExternalId: (documentation changed) │ │ └ Id: (documentation changed) │ └[~] resource AWS::IoTSiteWise::AssetModel │ ├ properties │ │ ├ AssetModelExternalId: (documentation changed) │ │ └ AssetModelType: (documentation changed) │ └ types │ ├[~] type AssetModelCompositeModel │ │ └ properties │ │ ├ ComposedAssetModelId: (documentation changed) │ │ ├ ExternalId: (documentation changed) │ │ ├ Id: (documentation changed) │ │ ├ ParentAssetModelCompositeModelExternalId: (documentation changed) │ │ └ Path: (documentation changed) │ ├[~] type AssetModelHierarchy │ │ └ properties │ │ ├ ExternalId: (documentation changed) │ │ └ Id: (documentation changed) │ ├[~] type AssetModelProperty │ │ └ properties │ │ ├ ExternalId: (documentation changed) │ │ └ Id: (documentation changed) │ ├[~] type PropertyPathDefinition │ │ ├ - documentation: The definition for property path which is used to reference properties in transforms/metrics │ │ │ + documentation: Represents one level between a composite model and the root of the asset model. │ │ └ properties │ │ └ Name: (documentation changed) │ └[~] type VariableValue │ └ properties │ ├ HierarchyExternalId: (documentation changed) │ ├ HierarchyId: (documentation changed) │ ├ PropertyExternalId: (documentation changed) │ ├ PropertyId: (documentation changed) │ └ PropertyPath: (documentation changed) ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ └ properties │ └ Tags: (documentation changed) ├[~] service aws-msk │ └ resources │ └[~] resource AWS::MSK::Replicator │ └ types │ ├[+] type ReplicationStartingPosition │ │ ├ documentation: Configuration for specifying the position in the topics to start replicating from. │ │ │ name: ReplicationStartingPosition │ │ └ properties │ │ └Type: string │ └[~] type TopicReplication │ └ properties │ └[+] StartingPosition: ReplicationStartingPosition ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ └ types │ └[~] type MasterUserOptions │ └ - documentation: Specifies information about the master user. │ Required if if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . │ + documentation: Specifies information about the master user. │ Required if `InternalUserDatabaseEnabled` is true in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) . ├[~] service aws-rds │ └ resources │ └[~] resource AWS::RDS::DBInstance │ └ properties │ └ Engine: (documentation changed) ├[~] service aws-sagemaker │ └ resources │ └[~] resource AWS::SageMaker::Model │ └ types │ └[~] type ContainerDefinition │ └ properties │ └ Environment: (documentation changed) ├[~] service aws-ssm │ └ resources │ └[~] resource AWS::SSM::PatchBaseline │ └ properties │ └ RejectedPatchesAction: (documentation changed) ├[~] service aws-transfer │ └ resources │ └[~] resource AWS::Transfer::Connector │ └ types │ └[~] type As2Config │ └ properties │ └ EncryptionAlgorithm: (documentation changed) └[~] service aws-wafv2 └ resources ├[~] resource AWS::WAFv2::LoggingConfiguration │ └ properties │ └ RedactedFields: (documentation changed) ├[~] resource AWS::WAFv2::RuleGroup │ └ types │ ├[~] type Body │ │ └ properties │ │ └ OversizeHandling: (documentation changed) │ ├[~] type FieldToMatch │ │ ├ - documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration. │ │ │ - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component. │ │ │ Example JSON for a `QueryString` field to match: │ │ │ `"FieldToMatch": { "QueryString": {} }` │ │ │ Example JSON for a `Method` field to match specification: │ │ │ `"FieldToMatch": { "Method": { "Name": "DELETE" } }` │ │ │ - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following: │ │ │ - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` . │ │ │ - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs. │ │ │ + documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration. │ │ │ - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component. │ │ │ Example JSON for a `QueryString` field to match: │ │ │ `"FieldToMatch": { "QueryString": {} }` │ │ │ Example JSON for a `Method` field to match specification: │ │ │ `"FieldToMatch": { "Method": { "Name": "DELETE" } }` │ │ │ - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following: │ │ │ - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` . │ │ │ - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs. │ │ │ - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration. │ │ └ properties │ │ ├ Body: (documentation changed) │ │ └ JsonBody: (documentation changed) │ ├[~] type JsonBody │ │ └ properties │ │ └ OversizeHandling: (documentation changed) │ ├[~] type RateBasedStatement │ │ └ properties │ │ └ EvaluationWindowSec: (documentation changed) │ ├[~] type SizeConstraintStatement │ │ └ - documentation: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. │ │ If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL `AssociationConfig` , for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size. │ │ If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long. │ │ + documentation: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. │ │ If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see `Body` and `JsonBody` settings for the `FieldToMatch` data type. │ │ If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long. │ ├[~] type Statement │ │ └ properties │ │ └ SizeConstraintStatement: (documentation changed) │ └[~] type VisibilityConfig │ └ properties │ └ SampledRequestsEnabled: (documentation changed) └[~] resource AWS::WAFv2::WebACL ├ properties │ └ AssociationConfig: (documentation changed) └ types ├[~] type AssociationConfig │ ├ - documentation: Specifies custom configurations for the associations between the web ACL and protected resources. │ │ Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to AWS WAF for inspection. The default is 16 KB (16,384 bytes). │ │ > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . │ │ + documentation: Specifies custom configurations for the associations between the web ACL and protected resources. │ │ Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes). │ │ > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . │ │ For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). │ └ properties │ └ RequestBody: (documentation changed) ├[~] type Body │ └ properties │ └ OversizeHandling: (documentation changed) ├[~] type FieldToMatch │ ├ - documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration. │ │ - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component. │ │ Example JSON for a `QueryString` field to match: │ │ `"FieldToMatch": { "QueryString": {} }` │ │ Example JSON for a `Method` field to match specification: │ │ `"FieldToMatch": { "Method": { "Name": "DELETE" } }` │ │ - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following: │ │ - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` . │ │ - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs. │ │ + documentation: Specifies a web request component to be used in a rule match statement or in a logging configuration. │ │ - In a rule statement, this is the part of the web request that you want AWS WAF to inspect. Include the single `FieldToMatch` type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in `FieldToMatch` for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component. │ │ Example JSON for a `QueryString` field to match: │ │ `"FieldToMatch": { "QueryString": {} }` │ │ Example JSON for a `Method` field to match specification: │ │ `"FieldToMatch": { "Method": { "Name": "DELETE" } }` │ │ - In a logging configuration, this is used in the `RedactedFields` property to specify a field to redact from the logging records. For this use case, note the following: │ │ - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` . │ │ - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs. │ │ - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration. │ └ properties │ ├ Body: (documentation changed) │ └ JsonBody: (documentation changed) ├[~] type JsonBody │ └ properties │ └ OversizeHandling: (documentation changed) ├[~] type RateBasedStatement │ └ properties │ └ EvaluationWindowSec: (documentation changed) ├[~] type RequestBodyAssociatedResourceTypeConfig │ ├ - documentation: Customizes the maximum size of the request body that your protected CloudFront distributions forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). │ │ > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . │ │ This is used in the `AssociationConfig` of the web ACL. │ │ + documentation: Customizes the maximum size of the request body that your protected CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources forward to AWS WAF for inspection. The default size is 16 KB (16,384 bytes). You can change the setting for any of the available resource types. │ │ > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) . │ │ Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }` │ │ For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). │ │ This is used in the `AssociationConfig` of the web ACL. │ └ properties │ └ DefaultSizeInspectionLimit: (documentation changed) ├[~] type SizeConstraintStatement │ └ - documentation: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. │ If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL `AssociationConfig` , for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size. │ If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long. │ + documentation: A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. │ If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see `Body` and `JsonBody` settings for the `FieldToMatch` data type. │ If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long. ├[~] type Statement │ └ properties │ └ SizeConstraintStatement: (documentation changed) └[~] type VisibilityConfig └ properties └ SampledRequestsEnabled: (documentation changed) ```
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the L1 CloudFormation resource definitions with the latest changes from
@aws-cdk/aws-service-specL1 CloudFormation resource definition changes: