-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update L1 CloudFormation resource definitions #28878
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec`
aws-cdk-automation
added
auto-approve
contribution/core
This is a PR that came from AWS.
dependencies
This issue is a problem in a dependency or a pull request that updates a dependency file.
pr-linter/exempt-readme
The PR linter will not require README changes
pr-linter/exempt-test
The PR linter will not require test changes
pr-linter/exempt-integ-test
The PR linter will not require integ test changes
labels
Jan 26, 2024
Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Vandita2020
pushed a commit
to Vandita2020/aws-cdk
that referenced
this pull request
Jan 30, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ └ types │ └[~] type InstanceRequirements │ └ properties │ └[+] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ ├ ContainerProperties: - ContainerProperties (immutable) │ │ │ + ContainerProperties │ │ ├ EksProperties: - EksProperties (immutable) │ │ │ + EksProperties │ │ ├ NodeProperties: - NodeProperties (immutable) │ │ │ + NodeProperties │ │ ├ Parameters: - Map<string, string> ⇐ json (immutable) │ │ │ + json │ │ ├ PlatformCapabilities: - Array<string> (immutable) │ │ │ + Array<string> │ │ ├ PropagateTags: - boolean (immutable) │ │ │ + boolean │ │ ├ RetryStrategy: - RetryStrategy (immutable) │ │ │ + RetryStrategy │ │ ├ SchedulingPriority: - integer (immutable) │ │ │ + integer │ │ ├ Tags: - Map<string, string> ⇐ json (immutable) │ │ │ + json (immutable) │ │ ├ Timeout: - JobTimeout ⇐ Timeout (immutable) │ │ │ + Timeout │ │ └ Type: - string (required, immutable) │ │ + string (required) │ ├ attributes │ │ ├[-] ContainerOrchestrationType: string │ │ ├[+] Id: string │ │ ├[-] JobDefinitionArn: string │ │ ├[-] Revision: integer │ │ └[-] Status: string │ └ types │ ├[~] type AuthorizationConfig │ │ ├ - documentation: undefined │ │ │ + documentation: The authorization configuration details for the Amazon EFS file system. │ │ └ properties │ │ ├ AccessPointId: (documentation changed) │ │ └ Iam: (documentation changed) │ ├[~] type ContainerProperties │ │ └ properties │ │ ├ MountPoints: - Array<MountPoint> ⇐ Array<MountPoints> │ │ │ + Array<MountPoints> │ │ └ Volumes: - Array<Volume> ⇐ Array<Volumes> │ │ + Array<Volumes> │ ├[-] type EFSAuthorizationConfig │ │ ├ documentation: The authorization configuration details for the Amazon EFS file system. │ │ │ name: EFSAuthorizationConfig │ │ └ properties │ │ ├AccessPointId: string │ │ └Iam: string │ ├[~] type EfsVolumeConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ └ properties │ │ ├ AuthorizationConfig: (documentation changed) │ │ ├ FileSystemId: (documentation changed) │ │ ├ RootDirectory: (documentation changed) │ │ ├ TransitEncryption: (documentation changed) │ │ └ TransitEncryptionPort: (documentation changed) │ ├[-] type EFSVolumeConfiguration │ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ │ name: EFSVolumeConfiguration │ │ └ properties │ │ ├FileSystemId: string (required) │ │ ├RootDirectory: string │ │ ├TransitEncryption: string │ │ ├TransitEncryptionPort: integer │ │ └AuthorizationConfig: EFSAuthorizationConfig │ ├[-] type EksMetadata │ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* . │ │ │ name: EksMetadata │ │ └ properties │ │ └Labels: Map<string, string> │ ├[-] type EksPodProperties │ │ ├ documentation: The properties for the pod. │ │ │ name: EksPodProperties │ │ └ properties │ │ ├ServiceAccountName: string │ │ ├HostNetwork: boolean │ │ ├DnsPolicy: string │ │ ├Containers: Array<EksContainer> │ │ ├Volumes: Array<EksVolume> │ │ └Metadata: EksMetadata │ ├[~] type EksProperties │ │ └ properties │ │ └ PodProperties: - EksPodProperties ⇐ PodProperties │ │ + PodProperties │ ├[-] type Host │ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ │ │ name: Host │ │ └ properties │ │ └SourcePath: string │ ├[-] type JobTimeout │ │ ├ documentation: An object that represents a job timeout configuration. │ │ │ name: JobTimeout │ │ └ properties │ │ └AttemptDurationSeconds: integer │ ├[~] type LogConfiguration │ │ └ properties │ │ └ Options: - Map<string, string> ⇐ json │ │ + json │ ├[-] type MountPoint │ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ │ name: MountPoint │ │ └ properties │ │ ├ContainerPath: string │ │ ├ReadOnly: boolean │ │ └SourceVolume: string │ ├[~] type MountPoints │ │ ├ - documentation: undefined │ │ │ + documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ └ properties │ │ ├ ContainerPath: (documentation changed) │ │ ├ ReadOnly: (documentation changed) │ │ └ SourceVolume: (documentation changed) │ ├[~] type Resources │ │ └ properties │ │ ├ Limits: - Map<string, string> ⇐ json │ │ │ + json │ │ └ Requests: - Map<string, string> ⇐ json │ │ + json │ ├[~] type Timeout │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents a job timeout configuration. │ │ └ properties │ │ └ AttemptDurationSeconds: (documentation changed) │ ├[-] type Volume │ │ ├ documentation: A data volume that's used in a job's container properties. │ │ │ name: Volume │ │ └ properties │ │ ├Host: Host │ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration │ │ └Name: string │ ├[~] type Volumes │ │ ├ - documentation: undefined │ │ │ + documentation: A list of volumes that are associated with the job. │ │ └ properties │ │ ├ EfsVolumeConfiguration: (documentation changed) │ │ ├ Host: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] type VolumesHost │ ├ - documentation: undefined │ │ + documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ └ properties │ └ SourcePath: (documentation changed) ├[~] service aws-cloud9 │ └ resources │ └[~] resource AWS::Cloud9::EnvironmentEC2 │ └ properties │ └ ImageId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedEventSelector │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ - `readOnly` │ │ - `eventSource` │ │ - `eventName` │ │ - `eventCategory` │ │ - `resources.type` │ │ - `resources.ARN` │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ *Supported CloudTrail event record fields for management events* │ │ - `eventCategory` (required) │ │ - `eventSource` │ │ - `readOnly` │ │ *Supported CloudTrail event record fields for data events* │ │ - `eventCategory` (required) │ │ - `resources.type` (required) │ │ - `readOnly` │ │ - `eventName` │ │ - `resources.ARN` │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type AdvancedEventSelector │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ - `readOnly` │ - `eventSource` │ - `eventName` │ - `eventCategory` │ - `resources.type` │ - `resources.ARN` │ You cannot apply both event selectors and advanced event selectors to a trail. │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ You cannot apply both event selectors and advanced event selectors to a trail. │ *Supported CloudTrail event record fields for management events* │ - `eventCategory` (required) │ - `eventSource` │ - `readOnly` │ *Supported CloudTrail event record fields for data events* │ - `eventCategory` (required) │ - `resources.type` (required) │ - `readOnly` │ - `eventName` │ - `resources.ARN` │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . ├[~] service aws-codebuild │ └ resources │ ├[+] resource AWS::CodeBuild::Fleet │ │ ├ name: Fleet │ │ │ cloudFormationType: AWS::CodeBuild::Fleet │ │ │ documentation: The `AWS::CodeBuild::Fleet` resource configures a compute fleet, a set of dedicated instances for your build environment. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├Name: string │ │ │ ├BaseCapacity: integer │ │ │ ├EnvironmentType: string │ │ │ ├ComputeType: string │ │ │ └Tags: Array<tag> │ │ └ attributes │ │ └Arn: string │ └[~] resource AWS::CodeBuild::Project │ └ types │ └[~] type Environment │ └ properties │ └ Type: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::IdentityPool │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[~] resource AWS::Cognito::IdentityPoolRoleAttachment │ │ └ attributes │ │ └ Id: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolIdentityProvider │ └ properties │ ├ AttributeMapping: - json │ │ + Map<string, string> ⇐ json │ └ ProviderDetails: - json │ + Map<string, string> ⇐ json (required) ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::Rule │ └ types │ └[~] type FieldValue │ └ - documentation: The value of the field. │ + documentation: Object for case field values. ├[~] service aws-datasync │ └ resources │ └[~] resource AWS::DataSync::LocationS3 │ ├ properties │ │ ├ Subdirectory: (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ └[~] type S3Config │ ├ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket. │ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* . │ │ + documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket. │ │ For more information, see [Accessing S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) . │ └ properties │ └ BucketAccessRoleArn: (documentation changed) ├[~] service aws-datazone │ └ resources │ ├[~] resource AWS::DataZone::DataSource │ │ ├ - documentation: Definition of AWS::DataZone::DataSource Resource Type │ │ │ + documentation: The `AWS::DataZone::DataSource` resource specifies an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone. │ │ ├ properties │ │ │ ├ AssetFormsInput: (documentation changed) │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ Recommendation: (documentation changed) │ │ ├ attributes │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastRunAssetCount: (documentation changed) │ │ │ ├ LastRunAt: (documentation changed) │ │ │ ├ LastRunStatus: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ ├[~] type DataSourceConfigurationInput │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The configuration of the data source. │ │ │ └ properties │ │ │ ├ GlueRunConfiguration: (documentation changed) │ │ │ └ RedshiftRunConfiguration: (documentation changed) │ │ ├[~] type FilterExpression │ │ │ ├ - documentation: The search filter expression. │ │ │ │ + documentation: A filter expression in Amazon DataZone. │ │ │ └ properties │ │ │ ├ Expression: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ ├[~] type GlueRunConfigurationInput │ │ │ └ - documentation: undefined │ │ │ + documentation: The configuration details of the AWS Glue data source. │ │ ├[~] type RecommendationConfiguration │ │ │ └ - documentation: The recommendation to be updated as part of the UpdateDataSource action. │ │ │ + documentation: The recommendation configuration for the data source. │ │ ├[~] type RedshiftClusterStorage │ │ │ └ - documentation: The name of an Amazon Redshift cluster. │ │ │ + documentation: The details of the Amazon Redshift cluster storage. │ │ ├[~] type RedshiftCredentialConfiguration │ │ │ └ - documentation: The ARN of a secret manager for an Amazon Redshift cluster. │ │ │ + documentation: The details of the credentials required to access an Amazon Redshift cluster. │ │ ├[~] type RedshiftRunConfigurationInput │ │ │ ├ - documentation: The configuration details of the Amazon Redshift data source. │ │ │ │ + documentation: The relational filter configurations included in the configuration details of the Amazon Redshift data source. │ │ │ └ properties │ │ │ ├ DataAccessRole: (documentation changed) │ │ │ ├ RedshiftCredentialConfiguration: (documentation changed) │ │ │ └ RelationalFilterConfigurations: (documentation changed) │ │ ├[~] type RedshiftStorage │ │ │ ├ - documentation: The details of the Amazon Redshift cluster source. │ │ │ │ + documentation: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run. │ │ │ └ properties │ │ │ ├ RedshiftClusterSource: (documentation changed) │ │ │ └ RedshiftServerlessSource: (documentation changed) │ │ └[~] type ScheduleConfiguration │ │ ├ - documentation: The schedule of the data source runs. │ │ │ + documentation: The details of the schedule of the data source runs. │ │ └ properties │ │ └ Timezone: (documentation changed) │ ├[~] resource AWS::DataZone::Domain │ │ ├ - documentation: A domain is an organizing entity for connecting together assets, users, and their projects │ │ │ + documentation: The `AWS::DataZone::Domain` resource specifies an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects. │ │ ├ properties │ │ │ └ SingleSignOn: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastUpdatedAt: (documentation changed) │ │ │ └ PortalUrl: (documentation changed) │ │ └ types │ │ └[~] type SingleSignOn │ │ └ - documentation: The single-sign on configuration of the Amazon DataZone domain. │ │ + documentation: The single sign-on details in Amazon DataZone. │ ├[~] resource AWS::DataZone::Environment │ │ ├ - documentation: Definition of AWS::DataZone::Environment Resource Type │ │ │ + documentation: The `AWS::DataZone::Environment` resource specifies an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentProfileIdentifier: (documentation changed) │ │ │ ├ GlossaryTerms: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ UserParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ AwsAccountId: (documentation changed) │ │ │ ├ AwsAccountRegion: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ EnvironmentProfileId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ ├ Provider: (documentation changed) │ │ │ └ Status: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ ├ - documentation: The parameter details of an environment. │ │ │ + documentation: The parameter details of the environment. │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentBlueprintConfiguration │ │ ├ - documentation: Definition of AWS::DataZone::EnvironmentBlueprintConfiguration Resource Type │ │ │ + documentation: The configuration details of an environment blueprint. │ │ ├ properties │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnabledRegions: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ ManageAccessRoleArn: (documentation changed) │ │ │ ├ ProvisioningRoleArn: (documentation changed) │ │ │ └ RegionalParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type RegionalParameter │ │ ├ - documentation: undefined │ │ │ + documentation: The regional parameters in the environment blueprint. │ │ └ properties │ │ ├ Parameters: (documentation changed) │ │ └ Region: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentProfile │ │ ├ - documentation: AWS Datazone Environment Profile is pre-configured set of resources and blueprints that provide reusable templates for creating environments. │ │ │ + documentation: The details of an environment profile. │ │ ├ properties │ │ │ ├ AwsAccountId: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ AwsAccountRegion: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ ProjectIdentifier: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ CreatedBy: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::Project │ │ ├ - documentation: Amazon DataZone projects are business use case–based groupings of people, assets (data), and tools used to simplify access to the AWS analytics. │ │ │ + documentation: The `AWS::DataZone::Project` resource specifies an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ DomainId: (documentation changed) │ │ └ Id: (documentation changed) │ └[~] resource AWS::DataZone::SubscriptionTarget │ ├ - documentation: Subscription targets enables one to access the data to which you have subscribed in your projects. │ │ + documentation: The `AWS::DataZone::SubscriptionTarget` resource specifies an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed. │ ├ properties │ │ ├ ApplicableAssetTypes: (documentation changed) │ │ ├ AuthorizedPrincipals: (documentation changed) │ │ ├ DomainIdentifier: (documentation changed) │ │ └ EnvironmentIdentifier: (documentation changed) │ └ attributes │ ├ DomainId: (documentation changed) │ ├ EnvironmentId: (documentation changed) │ └ Id: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Instance │ │ └ properties │ │ └ ElasticGpuSpecifications: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[~] type LaunchTemplateData │ │ │ └ properties │ │ │ └ ElasticGpuSpecifications: (documentation changed) │ │ └[~] type TagSpecification │ │ └ properties │ │ └ ResourceType: (documentation changed) │ ├[~] resource AWS::EC2::NetworkAclEntry │ │ ├ properties │ │ │ ├ CidrBlock: (documentation changed) │ │ │ ├ Icmp: (documentation changed) │ │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ │ └ PortRange: (documentation changed) │ │ └ types │ │ └[~] type Icmp │ │ └ properties │ │ └ Code: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroup │ │ ├ properties │ │ │ └ VpcId: (documentation changed) │ │ └ types │ │ ├[~] type Egress │ │ │ ├ - documentation: Adds the specified egress rules to a security group for use with a VPC. │ │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ │ Use `SecurityGroup.Ingress` and `SecurityGroup.Egress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ └ properties │ │ │ ├ FromPort: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ └[~] type Ingress │ │ ├ - documentation: Adds an inbound rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ ├ SourceSecurityGroupId: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupEgress │ │ ├ - documentation: Adds the specified egress rules to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ Use `AWS::EC2::SecurityGroupIngress` and `AWS::EC2::SecurityGroupEgress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupIngress │ │ └ - documentation: Adds an inbound rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ You must specify only one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ ├[~] resource AWS::EC2::Subnet │ │ └ properties │ │ ├ AssignIpv6AddressOnCreation: (documentation changed) │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::SubnetCidrBlock │ └ properties │ └ Ipv6CidrBlock: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type AwsVpcConfiguration │ │ │ └ - documentation: An object representing the networking details for a task or service. │ │ │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ │ ├[~] type DeploymentConfiguration │ │ │ └ properties │ │ │ └ MinimumHealthyPercent: (documentation changed) │ │ ├[~] type ServiceConnectService │ │ │ └ properties │ │ │ ├ Timeout: (documentation changed) │ │ │ └ Tls: (documentation changed) │ │ ├[~] type ServiceConnectTlsCertificateAuthority │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the AWS Private Certificate Authority certificate. │ │ │ └ properties │ │ │ └ AwsPcaAuthorityArn: (documentation changed) │ │ ├[~] type ServiceConnectTlsConfiguration │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the configuration for Service Connect TLS. │ │ │ └ properties │ │ │ ├ IssuerCertificateAuthority: (documentation changed) │ │ │ ├ KmsKey: (documentation changed) │ │ │ └ RoleArn: (documentation changed) │ │ └[~] type TimeoutConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents the timeout configurations for Service Connect. │ │ │ > If `idleTimeout` is set to a time that is less than `perRequestTimeout` , the connection will close when the `idleTimeout` is reached and not the `perRequestTimeout` . │ │ └ properties │ │ ├ IdleTimeoutSeconds: (documentation changed) │ │ └ PerRequestTimeoutSeconds: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ └ SystemControls: (documentation changed) │ │ └[~] type Ulimit │ │ └ - documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `4096` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ │ + documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `65535` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ └[~] resource AWS::ECS::TaskSet │ ├ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ You can create a maximum of 5 tasks sets for a deployment. │ │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . │ └ types │ └[~] type AwsVpcConfiguration │ └ - documentation: An object representing the networking details for a task or service. │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Cluster │ └ - documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Managing Cluster Authentication](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . │ + documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ServerlessCache │ ├ attributes │ │ ├ Endpoint.Port: - integer │ │ │ + integer ⇐ string │ │ └ ReaderEndpoint.Port: - integer │ │ + integer ⇐ string │ └ types │ └[~] type Endpoint │ └ properties │ └ Port: - integer │ + integer ⇐ string ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer │ └ properties │ └ EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: (documentation changed) ├[~] service aws-fis │ └ resources │ └[~] resource AWS::FIS::ExperimentTemplate │ ├ - documentation: Specifies an experiment template. │ │ An experiment template includes the following components: │ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags. │ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment. │ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm. │ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an experiment template. │ └ types │ ├[~] type ExperimentTemplateAction │ │ └ - documentation: Specifies an action for an experiment template. │ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an action for an experiment template. │ ├[~] type ExperimentTemplateLogConfiguration │ │ ├ - documentation: Specifies the configuration for experiment logging. │ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes the configuration for experiment logging. │ │ └ properties │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ └ S3Configuration: (documentation changed) │ ├[~] type ExperimentTemplateStopCondition │ │ └ - documentation: Specifies a stop condition for an experiment template. │ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes a stop condition for an experiment template. │ ├[~] type ExperimentTemplateTarget │ │ ├ - documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags. │ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes a target for an experiment template. │ │ └ properties │ │ └ Parameters: (documentation changed) │ └[~] type ExperimentTemplateTargetFilter │ └ - documentation: Specifies a filter used for the target resource input in an experiment template. │ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* . │ + documentation: Describes a filter used for the target resources in an experiment template. ├[~] service aws-guardduty │ └ resources │ └[~] resource AWS::GuardDuty::Filter │ ├ properties │ │ ├ Action: - string (required) │ │ │ + string │ │ ├ Description: - string (required) │ │ │ + string │ │ ├ DetectorId: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Name: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Rank: - integer (required) │ │ │ + integer │ │ └ Tags: - Array<tag> │ │ + Array<TagItem> ⇐ Array<tag> │ └ types │ ├[~] type FindingCriteria │ │ └ properties │ │ ├ Criterion: - json │ │ │ + Map<string, Condition> ⇐ json │ │ └ ItemType: (documentation changed) │ └[+] type TagItem │ ├ name: TagItem │ └ properties │ ├Key: string (required) │ └Value: string (required) ├[~] service aws-internetmonitor │ └ resources │ └[~] resource AWS::InternetMonitor::Monitor │ └ types │ ├[~] type InternetMeasurementsLogDelivery │ │ └ properties │ │ └ S3Config: (documentation changed) │ └[~] type S3Config │ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs. │ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise. │ │ The measurements are also published to Amazon CloudWatch Logs. │ └ properties │ ├ BucketName: (documentation changed) │ ├ BucketPrefix: (documentation changed) │ └ LogDeliveryStatus: (documentation changed) ├[~] service aws-ivs │ └ resources │ ├[~] resource AWS::IVS::Channel │ │ └ - documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/APIReference/API_CreateChannel.html) in the *Amazon Interactive Video Service API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ │ + documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_CreateChannel.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ ├[~] resource AWS::IVS::PlaybackKeyPair │ │ └ - documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html) in the *Amazon Interactive Video Service User Guide* . │ │ + documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/private-channels.html) in the *Amazon IVS Low-Latency Streaming User Guide* . │ ├[~] resource AWS::IVS::RecordingConfiguration │ │ ├ - documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/APIReference/API_RecordingConfiguration.html) in the *Amazon Interactive Video Service API Reference* . │ │ │ + documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_RecordingConfiguration.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ └ types │ │ ├[~] type RenditionConfiguration │ │ │ └ properties │ │ │ └ Renditions: (documentation changed) │ │ └[~] type ThumbnailConfiguration │ │ └ properties │ │ ├ Resolution: (documentation changed) │ │ └ TargetIntervalSeconds: (documentation changed) │ └[~] resource AWS::IVS::Stage │ ├ - documentation: Resource Definition for type AWS::IVS::Stage. │ │ + documentation: The `AWS::IVS::Stage` resource specifies an stage. A stage is a virtual space where participants can exchange video in real time. For more information, see [CreateStage](https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_CreateStage.html) in the *Amazon IVS Real-Time Streaming API Reference* . │ ├ properties │ │ ├ Name: (documentation changed) │ │ └ Tags: (documentation changed) │ └ attributes │ ├ ActiveSessionId: (documentation changed) │ └ Arn: (documentation changed) ├[~] service aws-kendra │ └ resources │ └[~] resource AWS::Kendra::Faq │ └ properties │ └[+] LanguageCode: string ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ └[+] SnowflakeDestinationConfiguration: SnowflakeDestinationConfiguration │ └ types │ ├[+] type SnowflakeDestinationConfiguration │ │ ├ name: SnowflakeDestinationConfiguration │ │ └ properties │ │ ├AccountUrl: string (required) │ │ ├PrivateKey: string (required) │ │ ├KeyPassphrase: string │ │ ├User: string (required) │ │ ├Database: string (required) │ │ ├Schema: string (required) │ │ ├Table: string (required) │ │ ├SnowflakeRoleConfiguration: SnowflakeRoleConfiguration │ │ ├DataLoadingOption: string │ │ ├MetaDataColumnName: string │ │ ├ContentColumnName: string │ │ ├SnowflakeVpcConfiguration: SnowflakeVpcConfiguration (immutable) │ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions │ │ ├ProcessingConfiguration: ProcessingConfiguration │ │ ├RoleARN: string (required) │ │ ├RetryOptions: SnowflakeRetryOptions │ │ ├S3BackupMode: string │ │ └S3Configuration: S3DestinationConfiguration (required) │ ├[+] type SnowflakeRetryOptions │ │ ├ name: SnowflakeRetryOptions │ │ └ properties │ │ └DurationInSeconds: integer │ ├[+] type SnowflakeRoleConfiguration │ │ ├ name: SnowflakeRoleConfiguration │ │ └ properties │ │ ├Enabled: boolean │ │ └SnowflakeRole: string │ └[+] type SnowflakeVpcConfiguration │ ├ name: SnowflakeVpcConfiguration │ └ properties │ └PrivateLinkVpceId: string (required) ├[~] service aws-lakeformation │ └ resources │ └[~] resource AWS::LakeFormation::Resource │ └ properties │ └ HybridAccessEnabled: (documentation changed) ├[~] service aws-networkmanager │ └ resources │ └[~] resource AWS::NetworkManager::Device │ └ attributes │ └ CreatedAt: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ └ types │ ├[~] type ClusterConfig │ │ └ properties │ │ └ ColdStorageOptions: (documentation changed) │ └[~] type ColdStorageOptions │ ├ - documentation: Specifies options for cold storage. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ │ + documentation: Container for the parameters required to enable cold storage for an OpenSearch Service domain. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ └ properties │ └ Enabled: (documentation changed) ├[~] service aws-route53 │ └ resources │ └[~] resource AWS::Route53::RecordSetGroup │ └ attributes │ └ Id: (documentation changed) ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::FirewallRuleGroup │ └ types │ └[~] type FirewallRule │ └ properties │ └[+] Qtype: string ├[~] service aws-servicecatalogappregistry │ └ resources │ └[~] resource AWS::ServiceCatalogAppRegistry::Application │ └ attributes │ ├ ApplicationTagKey: (documentation changed) │ └ ApplicationTagValue: (documentation changed) ├[+] service aws-ssmguiconnect │ ├ capitalized: SSMGuiConnect │ │ cloudFormationNamespace: AWS::SSMGuiConnect │ │ name: aws-ssmguiconnect │ │ shortName: ssmguiconnect │ └ resources │ └resource AWS::SSMGuiConnect::Preferences │ ├ name: Preferences │ │ cloudFormationType: AWS::SSMGuiConnect::Preferences │ │ documentation: Definition of AWS::SSMGuiConnect::Preferences Resource Type │ ├ properties │ │ └IdleConnection: Array<IdleConnectionPreferences> │ ├ attributes │ │ └AccountId: string │ └ types │ ├type IdleConnectionPreferences │ │├ documentation: Idle Connection Preferences │ ││ name: IdleConnectionPreferences │ │└ properties │ │ ├Timeout: IdleConnectionTimeout │ │ └Alert: IdleConnectionAlert │ ├type IdleConnectionTimeout │ │├ name: IdleConnectionTimeout │ │└ properties │ │ ├Type: string │ │ └Value: integer (required, default=10) │ └type IdleConnectionAlert │ ├ name: IdleConnectionAlert │ └ properties │ ├Type: string │ └Value: integer (required, default=1) └[~] service aws-transfer └ resources └[~] resource AWS::Transfer::Connector └ types └[~] type SftpConfig └ properties └ TrustedHostKeys: (documentation changed) ```
2 tasks
SankyRed
pushed a commit
that referenced
this pull request
Feb 8, 2024
Updates the L1 CloudFormation resource definitions with the latest changes from `@aws-cdk/aws-service-spec` **L1 CloudFormation resource definition changes:** ``` ├[~] service aws-autoscaling │ └ resources │ └[~] resource AWS::AutoScaling::AutoScalingGroup │ └ types │ └[~] type InstanceRequirements │ └ properties │ └[+] MaxSpotPriceAsPercentageOfOptimalOnDemandPrice: integer ├[~] service aws-batch │ └ resources │ └[~] resource AWS::Batch::JobDefinition │ ├ properties │ │ ├ ContainerProperties: - ContainerProperties (immutable) │ │ │ + ContainerProperties │ │ ├ EksProperties: - EksProperties (immutable) │ │ │ + EksProperties │ │ ├ NodeProperties: - NodeProperties (immutable) │ │ │ + NodeProperties │ │ ├ Parameters: - Map<string, string> ⇐ json (immutable) │ │ │ + json │ │ ├ PlatformCapabilities: - Array<string> (immutable) │ │ │ + Array<string> │ │ ├ PropagateTags: - boolean (immutable) │ │ │ + boolean │ │ ├ RetryStrategy: - RetryStrategy (immutable) │ │ │ + RetryStrategy │ │ ├ SchedulingPriority: - integer (immutable) │ │ │ + integer │ │ ├ Tags: - Map<string, string> ⇐ json (immutable) │ │ │ + json (immutable) │ │ ├ Timeout: - JobTimeout ⇐ Timeout (immutable) │ │ │ + Timeout │ │ └ Type: - string (required, immutable) │ │ + string (required) │ ├ attributes │ │ ├[-] ContainerOrchestrationType: string │ │ ├[+] Id: string │ │ ├[-] JobDefinitionArn: string │ │ ├[-] Revision: integer │ │ └[-] Status: string │ └ types │ ├[~] type AuthorizationConfig │ │ ├ - documentation: undefined │ │ │ + documentation: The authorization configuration details for the Amazon EFS file system. │ │ └ properties │ │ ├ AccessPointId: (documentation changed) │ │ └ Iam: (documentation changed) │ ├[~] type ContainerProperties │ │ └ properties │ │ ├ MountPoints: - Array<MountPoint> ⇐ Array<MountPoints> │ │ │ + Array<MountPoints> │ │ └ Volumes: - Array<Volume> ⇐ Array<Volumes> │ │ + Array<Volumes> │ ├[-] type EFSAuthorizationConfig │ │ ├ documentation: The authorization configuration details for the Amazon EFS file system. │ │ │ name: EFSAuthorizationConfig │ │ └ properties │ │ ├AccessPointId: string │ │ └Iam: string │ ├[~] type EfsVolumeConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ └ properties │ │ ├ AuthorizationConfig: (documentation changed) │ │ ├ FileSystemId: (documentation changed) │ │ ├ RootDirectory: (documentation changed) │ │ ├ TransitEncryption: (documentation changed) │ │ └ TransitEncryptionPort: (documentation changed) │ ├[-] type EFSVolumeConfiguration │ │ ├ documentation: This is used when you're using an Amazon Elastic File System file system for job storage. For more information, see [Amazon EFS Volumes](https://docs.aws.amazon.com/batch/latest/userguide/efs-volumes.html) in the *AWS Batch User Guide* . │ │ │ name: EFSVolumeConfiguration │ │ └ properties │ │ ├FileSystemId: string (required) │ │ ├RootDirectory: string │ │ ├TransitEncryption: string │ │ ├TransitEncryptionPort: integer │ │ └AuthorizationConfig: EFSAuthorizationConfig │ ├[-] type EksMetadata │ │ ├ documentation: Describes and uniquely identifies Kubernetes resources. For example, the compute environment that a pod runs in or the `jobID` for a job running in the pod. For more information, see [Understanding Kubernetes Objects](https://docs.aws.amazon.com/https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) in the *Kubernetes documentation* . │ │ │ name: EksMetadata │ │ └ properties │ │ └Labels: Map<string, string> │ ├[-] type EksPodProperties │ │ ├ documentation: The properties for the pod. │ │ │ name: EksPodProperties │ │ └ properties │ │ ├ServiceAccountName: string │ │ ├HostNetwork: boolean │ │ ├DnsPolicy: string │ │ ├Containers: Array<EksContainer> │ │ ├Volumes: Array<EksVolume> │ │ └Metadata: EksMetadata │ ├[~] type EksProperties │ │ └ properties │ │ └ PodProperties: - EksPodProperties ⇐ PodProperties │ │ + PodProperties │ ├[-] type Host │ │ ├ documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ │ │ name: Host │ │ └ properties │ │ └SourcePath: string │ ├[-] type JobTimeout │ │ ├ documentation: An object that represents a job timeout configuration. │ │ │ name: JobTimeout │ │ └ properties │ │ └AttemptDurationSeconds: integer │ ├[~] type LogConfiguration │ │ └ properties │ │ └ Options: - Map<string, string> ⇐ json │ │ + json │ ├[-] type MountPoint │ │ ├ documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ │ name: MountPoint │ │ └ properties │ │ ├ContainerPath: string │ │ ├ReadOnly: boolean │ │ └SourceVolume: string │ ├[~] type MountPoints │ │ ├ - documentation: undefined │ │ │ + documentation: Details for a Docker volume mount point that's used in a job's container properties. This parameter maps to `Volumes` in the [Create a container](https://docs.aws.amazon.com/https://docs.docker.com/engine/api/v1.43/#tag/Container/operation/ContainerCreate) section of the *Docker Remote API* and the `--volume` option to docker run. │ │ └ properties │ │ ├ ContainerPath: (documentation changed) │ │ ├ ReadOnly: (documentation changed) │ │ └ SourceVolume: (documentation changed) │ ├[~] type Resources │ │ └ properties │ │ ├ Limits: - Map<string, string> ⇐ json │ │ │ + json │ │ └ Requests: - Map<string, string> ⇐ json │ │ + json │ ├[~] type Timeout │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents a job timeout configuration. │ │ └ properties │ │ └ AttemptDurationSeconds: (documentation changed) │ ├[-] type Volume │ │ ├ documentation: A data volume that's used in a job's container properties. │ │ │ name: Volume │ │ └ properties │ │ ├Host: Host │ │ ├EfsVolumeConfiguration: EFSVolumeConfiguration │ │ └Name: string │ ├[~] type Volumes │ │ ├ - documentation: undefined │ │ │ + documentation: A list of volumes that are associated with the job. │ │ └ properties │ │ ├ EfsVolumeConfiguration: (documentation changed) │ │ ├ Host: (documentation changed) │ │ └ Name: (documentation changed) │ └[~] type VolumesHost │ ├ - documentation: undefined │ │ + documentation: Determine whether your data volume persists on the host container instance and where it's stored. If this parameter is empty, then the Docker daemon assigns a host path for your data volume. However, the data isn't guaranteed to persist after the containers that are associated with it stop running. │ └ properties │ └ SourcePath: (documentation changed) ├[~] service aws-cloud9 │ └ resources │ └[~] resource AWS::Cloud9::EnvironmentEC2 │ └ properties │ └ ImageId: (documentation changed) ├[~] service aws-cloudtrail │ └ resources │ ├[~] resource AWS::CloudTrail::EventDataStore │ │ └ types │ │ └[~] type AdvancedEventSelector │ │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ - `readOnly` │ │ - `eventSource` │ │ - `eventName` │ │ - `eventCategory` │ │ - `resources.type` │ │ - `resources.ARN` │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ │ You cannot apply both event selectors and advanced event selectors to a trail. │ │ *Supported CloudTrail event record fields for management events* │ │ - `eventCategory` (required) │ │ - `eventSource` │ │ - `readOnly` │ │ *Supported CloudTrail event record fields for data events* │ │ - `eventCategory` (required) │ │ - `resources.type` (required) │ │ - `readOnly` │ │ - `eventName` │ │ - `resources.ARN` │ │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . │ └[~] resource AWS::CloudTrail::Trail │ └ types │ └[~] type AdvancedEventSelector │ └ - documentation: Advanced event selectors let you create fine-grained selectors for the following AWS CloudTrail event record fields. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ - `readOnly` │ - `eventSource` │ - `eventName` │ - `eventCategory` │ - `resources.type` │ - `resources.ARN` │ You cannot apply both event selectors and advanced event selectors to a trail. │ + documentation: Advanced event selectors let you create fine-grained selectors for CloudTrail management and data events. They help you control costs by logging only those events that are important to you. For more information about advanced event selectors, see [Logging management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html) and [Logging data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html) in the *AWS CloudTrail User Guide* . │ You cannot apply both event selectors and advanced event selectors to a trail. │ *Supported CloudTrail event record fields for management events* │ - `eventCategory` (required) │ - `eventSource` │ - `readOnly` │ *Supported CloudTrail event record fields for data events* │ - `eventCategory` (required) │ - `resources.type` (required) │ - `readOnly` │ - `eventName` │ - `resources.ARN` │ > For event data stores for CloudTrail Insights events, AWS Config configuration items, Audit Manager evidence, or events outside of AWS , the only supported field is `eventCategory` . ├[~] service aws-codebuild │ └ resources │ ├[+] resource AWS::CodeBuild::Fleet │ │ ├ name: Fleet │ │ │ cloudFormationType: AWS::CodeBuild::Fleet │ │ │ documentation: The `AWS::CodeBuild::Fleet` resource configures a compute fleet, a set of dedicated instances for your build environment. │ │ │ tagInformation: {"tagPropertyName":"Tags","variant":"standard"} │ │ ├ properties │ │ │ ├Name: string │ │ │ ├BaseCapacity: integer │ │ │ ├EnvironmentType: string │ │ │ ├ComputeType: string │ │ │ └Tags: Array<tag> │ │ └ attributes │ │ └Arn: string │ └[~] resource AWS::CodeBuild::Project │ └ types │ └[~] type Environment │ └ properties │ └ Type: (documentation changed) ├[~] service aws-cognito │ └ resources │ ├[~] resource AWS::Cognito::IdentityPool │ │ └ attributes │ │ └ Id: (documentation changed) │ ├[~] resource AWS::Cognito::IdentityPoolRoleAttachment │ │ └ attributes │ │ └ Id: (documentation changed) │ └[~] resource AWS::Cognito::UserPoolIdentityProvider │ └ properties │ ├ AttributeMapping: - json │ │ + Map<string, string> ⇐ json │ └ ProviderDetails: - json │ + Map<string, string> ⇐ json (required) ├[~] service aws-connect │ └ resources │ └[~] resource AWS::Connect::Rule │ └ types │ └[~] type FieldValue │ └ - documentation: The value of the field. │ + documentation: Object for case field values. ├[~] service aws-datasync │ └ resources │ └[~] resource AWS::DataSync::LocationS3 │ ├ properties │ │ ├ Subdirectory: (documentation changed) │ │ └ Tags: (documentation changed) │ └ types │ └[~] type S3Config │ ├ - documentation: The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role used to access an Amazon S3 bucket. │ │ For detailed information about using such a role, see [Creating a Location for Amazon S3](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html) in the *AWS DataSync User Guide* . │ │ + documentation: Specifies the Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role that DataSync uses to access your S3 bucket. │ │ For more information, see [Accessing S3 buckets](https://docs.aws.amazon.com/datasync/latest/userguide/create-s3-location.html#create-s3-location-access) . │ └ properties │ └ BucketAccessRoleArn: (documentation changed) ├[~] service aws-datazone │ └ resources │ ├[~] resource AWS::DataZone::DataSource │ │ ├ - documentation: Definition of AWS::DataZone::DataSource Resource Type │ │ │ + documentation: The `AWS::DataZone::DataSource` resource specifies an Amazon DataZone data source that is used to import technical metadata of assets (data) from the source databases or data warehouses into Amazon DataZone. │ │ ├ properties │ │ │ ├ AssetFormsInput: (documentation changed) │ │ │ ├ Configuration: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ Recommendation: (documentation changed) │ │ ├ attributes │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastRunAssetCount: (documentation changed) │ │ │ ├ LastRunAt: (documentation changed) │ │ │ ├ LastRunStatus: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ ├[~] type DataSourceConfigurationInput │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: The configuration of the data source. │ │ │ └ properties │ │ │ ├ GlueRunConfiguration: (documentation changed) │ │ │ └ RedshiftRunConfiguration: (documentation changed) │ │ ├[~] type FilterExpression │ │ │ ├ - documentation: The search filter expression. │ │ │ │ + documentation: A filter expression in Amazon DataZone. │ │ │ └ properties │ │ │ ├ Expression: (documentation changed) │ │ │ └ Type: (documentation changed) │ │ ├[~] type GlueRunConfigurationInput │ │ │ └ - documentation: undefined │ │ │ + documentation: The configuration details of the AWS Glue data source. │ │ ├[~] type RecommendationConfiguration │ │ │ └ - documentation: The recommendation to be updated as part of the UpdateDataSource action. │ │ │ + documentation: The recommendation configuration for the data source. │ │ ├[~] type RedshiftClusterStorage │ │ │ └ - documentation: The name of an Amazon Redshift cluster. │ │ │ + documentation: The details of the Amazon Redshift cluster storage. │ │ ├[~] type RedshiftCredentialConfiguration │ │ │ └ - documentation: The ARN of a secret manager for an Amazon Redshift cluster. │ │ │ + documentation: The details of the credentials required to access an Amazon Redshift cluster. │ │ ├[~] type RedshiftRunConfigurationInput │ │ │ ├ - documentation: The configuration details of the Amazon Redshift data source. │ │ │ │ + documentation: The relational filter configurations included in the configuration details of the Amazon Redshift data source. │ │ │ └ properties │ │ │ ├ DataAccessRole: (documentation changed) │ │ │ ├ RedshiftCredentialConfiguration: (documentation changed) │ │ │ └ RelationalFilterConfigurations: (documentation changed) │ │ ├[~] type RedshiftStorage │ │ │ ├ - documentation: The details of the Amazon Redshift cluster source. │ │ │ │ + documentation: The details of the Amazon Redshift storage as part of the configuration of an Amazon Redshift data source run. │ │ │ └ properties │ │ │ ├ RedshiftClusterSource: (documentation changed) │ │ │ └ RedshiftServerlessSource: (documentation changed) │ │ └[~] type ScheduleConfiguration │ │ ├ - documentation: The schedule of the data source runs. │ │ │ + documentation: The details of the schedule of the data source runs. │ │ └ properties │ │ └ Timezone: (documentation changed) │ ├[~] resource AWS::DataZone::Domain │ │ ├ - documentation: A domain is an organizing entity for connecting together assets, users, and their projects │ │ │ + documentation: The `AWS::DataZone::Domain` resource specifies an Amazon DataZone domain. You can use domains to organize your assets, users, and their projects. │ │ ├ properties │ │ │ └ SingleSignOn: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ LastUpdatedAt: (documentation changed) │ │ │ └ PortalUrl: (documentation changed) │ │ └ types │ │ └[~] type SingleSignOn │ │ └ - documentation: The single-sign on configuration of the Amazon DataZone domain. │ │ + documentation: The single sign-on details in Amazon DataZone. │ ├[~] resource AWS::DataZone::Environment │ │ ├ - documentation: Definition of AWS::DataZone::Environment Resource Type │ │ │ + documentation: The `AWS::DataZone::Environment` resource specifies an Amazon DataZone environment, which is a collection of zero or more configured resources with a given set of IAM principals who can operate on those resources. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentProfileIdentifier: (documentation changed) │ │ │ ├ GlossaryTerms: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ ├ ProjectIdentifier: (documentation changed) │ │ │ └ UserParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ AwsAccountId: (documentation changed) │ │ │ ├ AwsAccountRegion: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ EnvironmentProfileId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ ├ Provider: (documentation changed) │ │ │ └ Status: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ ├ - documentation: The parameter details of an environment. │ │ │ + documentation: The parameter details of the environment. │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentBlueprintConfiguration │ │ ├ - documentation: Definition of AWS::DataZone::EnvironmentBlueprintConfiguration Resource Type │ │ │ + documentation: The configuration details of an environment blueprint. │ │ ├ properties │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnabledRegions: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ ManageAccessRoleArn: (documentation changed) │ │ │ ├ ProvisioningRoleArn: (documentation changed) │ │ │ └ RegionalParameters: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type RegionalParameter │ │ ├ - documentation: undefined │ │ │ + documentation: The regional parameters in the environment blueprint. │ │ └ properties │ │ ├ Parameters: (documentation changed) │ │ └ Region: (documentation changed) │ ├[~] resource AWS::DataZone::EnvironmentProfile │ │ ├ - documentation: AWS Datazone Environment Profile is pre-configured set of resources and blueprints that provide reusable templates for creating environments. │ │ │ + documentation: The details of an environment profile. │ │ ├ properties │ │ │ ├ AwsAccountId: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ AwsAccountRegion: - string │ │ │ │ + string (required) │ │ │ │ (documentation changed) │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ ├ EnvironmentBlueprintIdentifier: (documentation changed) │ │ │ ├ Name: (documentation changed) │ │ │ └ ProjectIdentifier: (documentation changed) │ │ ├ attributes │ │ │ ├ CreatedAt: (documentation changed) │ │ │ ├ CreatedBy: (documentation changed) │ │ │ ├ DomainId: (documentation changed) │ │ │ ├ EnvironmentBlueprintId: (documentation changed) │ │ │ ├ Id: (documentation changed) │ │ │ ├ ProjectId: (documentation changed) │ │ │ └ UpdatedAt: (documentation changed) │ │ └ types │ │ └[~] type EnvironmentParameter │ │ └ properties │ │ ├ Name: (documentation changed) │ │ └ Value: (documentation changed) │ ├[~] resource AWS::DataZone::Project │ │ ├ - documentation: Amazon DataZone projects are business use case–based groupings of people, assets (data), and tools used to simplify access to the AWS analytics. │ │ │ + documentation: The `AWS::DataZone::Project` resource specifies an Amazon DataZone project. Projects enable a group of users to collaborate on various business use cases that involve publishing, discovering, subscribing to, and consuming data in the Amazon DataZone catalog. Project members consume assets from the Amazon DataZone catalog and produce new assets using one or more analytical workflows. │ │ ├ properties │ │ │ ├ Description: (documentation changed) │ │ │ ├ DomainIdentifier: (documentation changed) │ │ │ └ Name: (documentation changed) │ │ └ attributes │ │ ├ CreatedAt: (documentation changed) │ │ ├ DomainId: (documentation changed) │ │ └ Id: (documentation changed) │ └[~] resource AWS::DataZone::SubscriptionTarget │ ├ - documentation: Subscription targets enables one to access the data to which you have subscribed in your projects. │ │ + documentation: The `AWS::DataZone::SubscriptionTarget` resource specifies an Amazon DataZone subscription target. Subscription targets enable you to access the data to which you have subscribed in your projects. A subscription target specifies the location (for example, a database or a schema) and the required permissions (for example, an IAM role) that Amazon DataZone can use to establish a connection with the source data and to create the necessary grants so that members of the Amazon DataZone project can start querying the data to which they have subscribed. │ ├ properties │ │ ├ ApplicableAssetTypes: (documentation changed) │ │ ├ AuthorizedPrincipals: (documentation changed) │ │ ├ DomainIdentifier: (documentation changed) │ │ └ EnvironmentIdentifier: (documentation changed) │ └ attributes │ ├ DomainId: (documentation changed) │ ├ EnvironmentId: (documentation changed) │ └ Id: (documentation changed) ├[~] service aws-ec2 │ └ resources │ ├[~] resource AWS::EC2::Instance │ │ └ properties │ │ └ ElasticGpuSpecifications: (documentation changed) │ ├[~] resource AWS::EC2::LaunchTemplate │ │ └ types │ │ ├[~] type LaunchTemplateData │ │ │ └ properties │ │ │ └ ElasticGpuSpecifications: (documentation changed) │ │ └[~] type TagSpecification │ │ └ properties │ │ └ ResourceType: (documentation changed) │ ├[~] resource AWS::EC2::NetworkAclEntry │ │ ├ properties │ │ │ ├ CidrBlock: (documentation changed) │ │ │ ├ Icmp: (documentation changed) │ │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ │ └ PortRange: (documentation changed) │ │ └ types │ │ └[~] type Icmp │ │ └ properties │ │ └ Code: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroup │ │ ├ properties │ │ │ └ VpcId: (documentation changed) │ │ └ types │ │ ├[~] type Egress │ │ │ ├ - documentation: Adds the specified egress rules to a security group for use with a VPC. │ │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ │ Use `SecurityGroup.Ingress` and `SecurityGroup.Egress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ │ └ properties │ │ │ ├ FromPort: (documentation changed) │ │ │ └ ToPort: (documentation changed) │ │ └[~] type Ingress │ │ ├ - documentation: Adds an inbound rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ │ The EC2 Security Group Rule is an embedded property of the `AWS::EC2::SecurityGroup` type. │ │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP address ranges that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ ├ SourceSecurityGroupId: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupEgress │ │ ├ - documentation: Adds the specified egress rules to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified destination IPv4 or IPv6 CIDR address ranges, or to the specified destination security groups for the same VPC. │ │ │ You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes. │ │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `DestinationPrefixListId` , or `DestinationSecurityGroupId` . │ │ │ You must specify a destination security group ( `DestinationPrefixListId` or `DestinationSecurityGroupId` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ │ Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur. │ │ │ For more information about VPC security group limits, see [Amazon VPC Limits](https://docs.aws.amazon.com/vpc/latest/userguide/amazon-vpc-limits.html) . │ │ │ Use `AWS::EC2::SecurityGroupIngress` and `AWS::EC2::SecurityGroupEgress` only when necessary, typically to allow security groups to reference each other in ingress and egress rules. Otherwise, use the embedded ingress and egress rules of the security group. For more information, see [Amazon EC2 Security Groups](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html) . │ │ │ + documentation: Adds the specified outbound (egress) rule to a security group. │ │ │ An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a destination security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ │ You must specify exactly one of the following destinations: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully but the rule is not added to the security group. │ │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. To specify all types or all codes, use -1. │ │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ │ └ properties │ │ ├ FromPort: (documentation changed) │ │ └ ToPort: (documentation changed) │ ├[~] resource AWS::EC2::SecurityGroupIngress │ │ └ - documentation: Adds an inbound rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances associated with the specified security group. │ │ You must specify only one of the following properties: `CidrIp` , `CidrIpv6` , `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` . │ │ You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify a port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes. │ │ You must specify a source security group ( `SourcePrefixListId` , `SourceSecurityGroupId` , or `SourceSecurityGroupName` ) or a CIDR range ( `CidrIp` or `CidrIpv6` ). If you do not specify one of these parameters, the stack will launch successfully but the rule will not be added to the security group. │ │ Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur. │ │ + documentation: Adds an inbound (ingress) rule to a security group. │ │ An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 address range, the IP addresses that are specified by a prefix list, or the instances that are associated with a source security group. For more information, see [Security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/security-group-rules.html) . │ │ You must specify only one of the following sources: an IPv4 or IPv6 address range, a prefix list, or a security group. Otherwise, the stack launches successfully, but the rule is not added to the security group. │ │ You must specify a protocol for each rule (for example, TCP). If the protocol is TCP or UDP, you must also specify a port or port range. If the protocol is ICMP or ICMPv6, you must also specify the ICMP/ICMPv6 type and code. │ │ Rule changes are propagated to instances associated with the security group as quickly as possible. However, a small delay might occur. │ ├[~] resource AWS::EC2::Subnet │ │ └ properties │ │ ├ AssignIpv6AddressOnCreation: (documentation changed) │ │ ├ Ipv6CidrBlock: (documentation changed) │ │ └ Ipv6CidrBlocks: (documentation changed) │ └[~] resource AWS::EC2::SubnetCidrBlock │ └ properties │ └ Ipv6CidrBlock: (documentation changed) ├[~] service aws-ecs │ └ resources │ ├[~] resource AWS::ECS::Service │ │ └ types │ │ ├[~] type AwsVpcConfiguration │ │ │ └ - documentation: An object representing the networking details for a task or service. │ │ │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` │ │ ├[~] type DeploymentConfiguration │ │ │ └ properties │ │ │ └ MinimumHealthyPercent: (documentation changed) │ │ ├[~] type ServiceConnectService │ │ │ └ properties │ │ │ ├ Timeout: (documentation changed) │ │ │ └ Tls: (documentation changed) │ │ ├[~] type ServiceConnectTlsCertificateAuthority │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the AWS Private Certificate Authority certificate. │ │ │ └ properties │ │ │ └ AwsPcaAuthorityArn: (documentation changed) │ │ ├[~] type ServiceConnectTlsConfiguration │ │ │ ├ - documentation: undefined │ │ │ │ + documentation: An object that represents the configuration for Service Connect TLS. │ │ │ └ properties │ │ │ ├ IssuerCertificateAuthority: (documentation changed) │ │ │ ├ KmsKey: (documentation changed) │ │ │ └ RoleArn: (documentation changed) │ │ └[~] type TimeoutConfiguration │ │ ├ - documentation: undefined │ │ │ + documentation: An object that represents the timeout configurations for Service Connect. │ │ │ > If `idleTimeout` is set to a time that is less than `perRequestTimeout` , the connection will close when the `idleTimeout` is reached and not the `perRequestTimeout` . │ │ └ properties │ │ ├ IdleTimeoutSeconds: (documentation changed) │ │ └ PerRequestTimeoutSeconds: (documentation changed) │ ├[~] resource AWS::ECS::TaskDefinition │ │ └ types │ │ ├[~] type ContainerDefinition │ │ │ └ properties │ │ │ └ SystemControls: (documentation changed) │ │ └[~] type Ulimit │ │ └ - documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `4096` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ │ + documentation: The `ulimit` settings to pass to the container. │ │ Amazon ECS tasks hosted on AWS Fargate use the default resource limit values set by the operating system with the exception of the `nofile` resource limit parameter which AWS Fargate overrides. The `nofile` resource limit sets a restriction on the number of open files that a container can use. The default `nofile` soft limit is `1024` and the default hard limit is `65535` . │ │ You can specify the `ulimit` settings for a container in a task definition. │ └[~] resource AWS::ECS::TaskSet │ ├ - documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ You can create a maximum of 5 tasks sets for a deployment. │ │ + documentation: Create a task set in the specified cluster and service. This is used when a service uses the `EXTERNAL` deployment controller type. For more information, see [Amazon ECS deployment types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-types.html) in the *Amazon Elastic Container Service Developer Guide* . │ │ For information about the maximum number of task sets and otther quotas, see [Amazon ECS service quotas](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-quotas.html) in the *Amazon Elastic Container Service Developer Guide* . │ └ types │ └[~] type AwsVpcConfiguration │ └ - documentation: An object representing the networking details for a task or service. │ + documentation: An object representing the networking details for a task or service. For example `awsvpcConfiguration={subnets=["subnet-12344321"],securityGroups=["sg-12344321"]}` ├[~] service aws-eks │ └ resources │ └[~] resource AWS::EKS::Cluster │ └ - documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Managing Cluster Authentication](https://docs.aws.amazon.com/eks/latest/userguide/managing-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . │ + documentation: Creates an Amazon EKS control plane. │ The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. │ The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). │ Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. │ You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . │ You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . │ > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . │ In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . ├[~] service aws-elasticache │ └ resources │ └[~] resource AWS::ElastiCache::ServerlessCache │ ├ attributes │ │ ├ Endpoint.Port: - integer │ │ │ + integer ⇐ string │ │ └ ReaderEndpoint.Port: - integer │ │ + integer ⇐ string │ └ types │ └[~] type Endpoint │ └ properties │ └ Port: - integer │ + integer ⇐ string ├[~] service aws-elasticloadbalancingv2 │ └ resources │ └[~] resource AWS::ElasticLoadBalancingV2::LoadBalancer │ └ properties │ └ EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic: (documentation changed) ├[~] service aws-fis │ └ resources │ └[~] resource AWS::FIS::ExperimentTemplate │ ├ - documentation: Specifies an experiment template. │ │ An experiment template includes the following components: │ │ - *Targets* : A target can be a specific resource in your AWS environment, or one or more resources that match criteria that you specify, for example, resources that have specific tags. │ │ - *Actions* : The actions to carry out on the target. You can specify multiple actions, the duration of each action, and when to start each action during an experiment. │ │ - *Stop conditions* : If a stop condition is triggered while an experiment is running, the experiment is automatically stopped. You can define a stop condition as a CloudWatch alarm. │ │ For more information, see [Experiment templates](https://docs.aws.amazon.com/fis/latest/userguide/experiment-templates.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an experiment template. │ └ types │ ├[~] type ExperimentTemplateAction │ │ └ - documentation: Specifies an action for an experiment template. │ │ For more information, see [Actions](https://docs.aws.amazon.com/fis/latest/userguide/actions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes an action for an experiment template. │ ├[~] type ExperimentTemplateLogConfiguration │ │ ├ - documentation: Specifies the configuration for experiment logging. │ │ │ For more information, see [Experiment logging](https://docs.aws.amazon.com/fis/latest/userguide/monitoring-logging.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes the configuration for experiment logging. │ │ └ properties │ │ ├ CloudWatchLogsConfiguration: (documentation changed) │ │ └ S3Configuration: (documentation changed) │ ├[~] type ExperimentTemplateStopCondition │ │ └ - documentation: Specifies a stop condition for an experiment template. │ │ For more information, see [Stop conditions](https://docs.aws.amazon.com/fis/latest/userguide/stop-conditions.html) in the *AWS Fault Injection Service User Guide* . │ │ + documentation: Describes a stop condition for an experiment template. │ ├[~] type ExperimentTemplateTarget │ │ ├ - documentation: Specifies a target for an experiment. You must specify at least one Amazon Resource Name (ARN) or at least one resource tag. You cannot specify both ARNs and tags. │ │ │ For more information, see [Targets](https://docs.aws.amazon.com/fis/latest/userguide/targets.html) in the *AWS Fault Injection Service User Guide* . │ │ │ + documentation: Describes a target for an experiment template. │ │ └ properties │ │ └ Parameters: (documentation changed) │ └[~] type ExperimentTemplateTargetFilter │ └ - documentation: Specifies a filter used for the target resource input in an experiment template. │ For more information, see [Resource filters](https://docs.aws.amazon.com/fis/latest/userguide/targets.html#target-filters) in the *AWS Fault Injection Service User Guide* . │ + documentation: Describes a filter used for the target resources in an experiment template. ├[~] service aws-guardduty │ └ resources │ └[~] resource AWS::GuardDuty::Filter │ ├ properties │ │ ├ Action: - string (required) │ │ │ + string │ │ ├ Description: - string (required) │ │ │ + string │ │ ├ DetectorId: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Name: - string (required, immutable) │ │ │ + string (immutable) │ │ ├ Rank: - integer (required) │ │ │ + integer │ │ └ Tags: - Array<tag> │ │ + Array<TagItem> ⇐ Array<tag> │ └ types │ ├[~] type FindingCriteria │ │ └ properties │ │ ├ Criterion: - json │ │ │ + Map<string, Condition> ⇐ json │ │ └ ItemType: (documentation changed) │ └[+] type TagItem │ ├ name: TagItem │ └ properties │ ├Key: string (required) │ └Value: string (required) ├[~] service aws-internetmonitor │ └ resources │ └[~] resource AWS::InternetMonitor::Monitor │ └ types │ ├[~] type InternetMeasurementsLogDelivery │ │ └ properties │ │ └ S3Config: (documentation changed) │ └[~] type S3Config │ ├ - documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs. │ │ + documentation: The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) bucket prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` if you choose to deliver internet measurements to S3 logs, and `DISABLED` otherwise. │ │ The measurements are also published to Amazon CloudWatch Logs. │ └ properties │ ├ BucketName: (documentation changed) │ ├ BucketPrefix: (documentation changed) │ └ LogDeliveryStatus: (documentation changed) ├[~] service aws-ivs │ └ resources │ ├[~] resource AWS::IVS::Channel │ │ └ - documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/APIReference/API_CreateChannel.html) in the *Amazon Interactive Video Service API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ │ + documentation: The `AWS::IVS::Channel` resource specifies an channel. A channel stores configuration information related to your live stream. For more information, see [CreateChannel](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_CreateChannel.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ > By default, the IVS API CreateChannel endpoint creates a stream key in addition to a channel. The Channel resource *does not* create a stream key; to create a stream key, use the StreamKey resource instead. │ ├[~] resource AWS::IVS::PlaybackKeyPair │ │ └ - documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/userguide/private-channels.html) in the *Amazon Interactive Video Service User Guide* . │ │ + documentation: The `AWS::IVS::PlaybackKeyPair` resource specifies an playback key pair. uses a public playback key to validate playback tokens that have been signed with the corresponding private key. For more information, see [Setting Up Private Channels](https://docs.aws.amazon.com/ivs/latest/LowLatencyUserGuide/private-channels.html) in the *Amazon IVS Low-Latency Streaming User Guide* . │ ├[~] resource AWS::IVS::RecordingConfiguration │ │ ├ - documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/APIReference/API_RecordingConfiguration.html) in the *Amazon Interactive Video Service API Reference* . │ │ │ + documentation: The `AWS::IVS::RecordingConfiguration` resource specifies an recording configuration. A recording configuration enables the recording of a channel’s live streams to a data store. Multiple channels can reference the same recording configuration. For more information, see [RecordingConfiguration](https://docs.aws.amazon.com/ivs/latest/LowLatencyAPIReference/API_RecordingConfiguration.html) in the *Amazon IVS Low-Latency Streaming API Reference* . │ │ └ types │ │ ├[~] type RenditionConfiguration │ │ │ └ properties │ │ │ └ Renditions: (documentation changed) │ │ └[~] type ThumbnailConfiguration │ │ └ properties │ │ ├ Resolution: (documentation changed) │ │ └ TargetIntervalSeconds: (documentation changed) │ └[~] resource AWS::IVS::Stage │ ├ - documentation: Resource Definition for type AWS::IVS::Stage. │ │ + documentation: The `AWS::IVS::Stage` resource specifies an stage. A stage is a virtual space where participants can exchange video in real time. For more information, see [CreateStage](https://docs.aws.amazon.com/ivs/latest/RealTimeAPIReference/API_CreateStage.html) in the *Amazon IVS Real-Time Streaming API Reference* . │ ├ properties │ │ ├ Name: (documentation changed) │ │ └ Tags: (documentation changed) │ └ attributes │ ├ ActiveSessionId: (documentation changed) │ └ Arn: (documentation changed) ├[~] service aws-kendra │ └ resources │ └[~] resource AWS::Kendra::Faq │ └ properties │ └[+] LanguageCode: string ├[~] service aws-kinesisfirehose │ └ resources │ └[~] resource AWS::KinesisFirehose::DeliveryStream │ ├ properties │ │ └[+] SnowflakeDestinationConfiguration: SnowflakeDestinationConfiguration │ └ types │ ├[+] type SnowflakeDestinationConfiguration │ │ ├ name: SnowflakeDestinationConfiguration │ │ └ properties │ │ ├AccountUrl: string (required) │ │ ├PrivateKey: string (required) │ │ ├KeyPassphrase: string │ │ ├User: string (required) │ │ ├Database: string (required) │ │ ├Schema: string (required) │ │ ├Table: string (required) │ │ ├SnowflakeRoleConfiguration: SnowflakeRoleConfiguration │ │ ├DataLoadingOption: string │ │ ├MetaDataColumnName: string │ │ ├ContentColumnName: string │ │ ├SnowflakeVpcConfiguration: SnowflakeVpcConfiguration (immutable) │ │ ├CloudWatchLoggingOptions: CloudWatchLoggingOptions │ │ ├ProcessingConfiguration: ProcessingConfiguration │ │ ├RoleARN: string (required) │ │ ├RetryOptions: SnowflakeRetryOptions │ │ ├S3BackupMode: string │ │ └S3Configuration: S3DestinationConfiguration (required) │ ├[+] type SnowflakeRetryOptions │ │ ├ name: SnowflakeRetryOptions │ │ └ properties │ │ └DurationInSeconds: integer │ ├[+] type SnowflakeRoleConfiguration │ │ ├ name: SnowflakeRoleConfiguration │ │ └ properties │ │ ├Enabled: boolean │ │ └SnowflakeRole: string │ └[+] type SnowflakeVpcConfiguration │ ├ name: SnowflakeVpcConfiguration │ └ properties │ └PrivateLinkVpceId: string (required) ├[~] service aws-lakeformation │ └ resources │ └[~] resource AWS::LakeFormation::Resource │ └ properties │ └ HybridAccessEnabled: (documentation changed) ├[~] service aws-networkmanager │ └ resources │ └[~] resource AWS::NetworkManager::Device │ └ attributes │ └ CreatedAt: (documentation changed) ├[~] service aws-opensearchservice │ └ resources │ └[~] resource AWS::OpenSearchService::Domain │ └ types │ ├[~] type ClusterConfig │ │ └ properties │ │ └ ColdStorageOptions: (documentation changed) │ └[~] type ColdStorageOptions │ ├ - documentation: Specifies options for cold storage. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ │ + documentation: Container for the parameters required to enable cold storage for an OpenSearch Service domain. For more information, see [Cold storage for Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/cold-storage.html) . │ └ properties │ └ Enabled: (documentation changed) ├[~] service aws-route53 │ └ resources │ └[~] resource AWS::Route53::RecordSetGroup │ └ attributes │ └ Id: (documentation changed) ├[~] service aws-route53resolver │ └ resources │ └[~] resource AWS::Route53Resolver::FirewallRuleGroup │ └ types │ └[~] type FirewallRule │ └ properties │ └[+] Qtype: string ├[~] service aws-servicecatalogappregistry │ └ resources │ └[~] resource AWS::ServiceCatalogAppRegistry::Application │ └ attributes │ ├ ApplicationTagKey: (documentation changed) │ └ ApplicationTagValue: (documentation changed) ├[+] service aws-ssmguiconnect │ ├ capitalized: SSMGuiConnect │ │ cloudFormationNamespace: AWS::SSMGuiConnect │ │ name: aws-ssmguiconnect │ │ shortName: ssmguiconnect │ └ resources │ └resource AWS::SSMGuiConnect::Preferences │ ├ name: Preferences │ │ cloudFormationType: AWS::SSMGuiConnect::Preferences │ │ documentation: Definition of AWS::SSMGuiConnect::Preferences Resource Type │ ├ properties │ │ └IdleConnection: Array<IdleConnectionPreferences> │ ├ attributes │ │ └AccountId: string │ └ types │ ├type IdleConnectionPreferences │ │├ documentation: Idle Connection Preferences │ ││ name: IdleConnectionPreferences │ │└ properties │ │ ├Timeout: IdleConnectionTimeout │ │ └Alert: IdleConnectionAlert │ ├type IdleConnectionTimeout │ │├ name: IdleConnectionTimeout │ │└ properties │ │ ├Type: string │ │ └Value: integer (required, default=10) │ └type IdleConnectionAlert │ ├ name: IdleConnectionAlert │ └ properties │ ├Type: string │ └Value: integer (required, default=1) └[~] service aws-transfer └ resources └[~] resource AWS::Transfer::Connector └ types └[~] type SftpConfig └ properties └ TrustedHostKeys: (documentation changed) ```
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
auto-approve
contribution/core
This is a PR that came from AWS.
dependencies
This issue is a problem in a dependency or a pull request that updates a dependency file.
p2
pr-linter/exempt-integ-test
The PR linter will not require integ test changes
pr-linter/exempt-readme
The PR linter will not require README changes
pr-linter/exempt-test
The PR linter will not require test changes
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates the L1 CloudFormation resource definitions with the latest changes from
@aws-cdk/aws-service-spec
L1 CloudFormation resource definition changes: