From 9fed24cb7565b8aab2d2947797ceab89fbb4052c Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 8 Dec 2023 18:02:04 +0000 Subject: [PATCH] chore(schema): update --- samtranslator/schema/schema.json | 1689 ++++++++++++++++++---- schema_source/cloudformation-docs.json | 49 +- schema_source/cloudformation.schema.json | 1689 ++++++++++++++++++---- 3 files changed, 2856 insertions(+), 571 deletions(-) diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index b6e4da22a..464d7cb65 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -5526,7 +5526,7 @@ "markdownDescription": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of `method.request.{location}.{name}` , where `location` is `querystring` , `path` , or `header` and `name` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required ( `true` ) or optional ( `false` ). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates.", "patternProperties": { "^[a-zA-Z0-9]+$": { - "type": "boolean" + "type": "string" } }, "title": "RequestParameters", @@ -5668,6 +5668,9 @@ "type": "string" } }, + "required": [ + "Type" + ], "type": "object" }, "AWS::ApiGateway::Method.IntegrationResponse": { @@ -5735,7 +5738,7 @@ "markdownDescription": "A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern `method.response.header.{name}` , where `name` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in `integration.response.header.{name}` , a static value enclosed within a pair of single quotes (e.g., `'application/json'` ), or a JSON expression from the back-end response payload in the form of `integration.response.body.{JSON-expression}` , where `JSON-expression` is a valid JSON expression without the `$` prefix.)", "patternProperties": { "^[a-zA-Z0-9]+$": { - "type": "boolean" + "type": "string" } }, "title": "ResponseParameters", @@ -27300,6 +27303,11 @@ "Properties": { "additionalProperties": false, "properties": { + "AccountId": { + "markdownDescription": "The AWS account in which this custom line item will be applied to.", + "title": "AccountId", + "type": "string" + }, "BillingGroupArn": { "markdownDescription": "The Amazon Resource Name (ARN) that references the billing group where the custom line item applies to.", "title": "BillingGroupArn", @@ -29768,6 +29776,11 @@ "title": "CreatorMemberAbilities", "type": "array" }, + "CreatorPaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.PaymentConfiguration", + "markdownDescription": "An object representing the collaboration member's payment responsibilities set by the collaboration creator.", + "title": "CreatorPaymentConfiguration" + }, "DataEncryptionMetadata": { "$ref": "#/definitions/AWS::CleanRooms::Collaboration.DataEncryptionMetadata", "markdownDescription": "The settings for client-side encryption for cryptographic computing.", @@ -29888,6 +29901,11 @@ "markdownDescription": "The abilities granted to the collaboration member.\n\n*Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`", "title": "MemberAbilities", "type": "array" + }, + "PaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.PaymentConfiguration", + "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't speci\ufb01ed anyone as the member paying for query compute costs, then the member who can query is the default payer.", + "title": "PaymentConfiguration" } }, "required": [ @@ -29897,6 +29915,34 @@ ], "type": "object" }, + "AWS::CleanRooms::Collaboration.PaymentConfiguration": { + "additionalProperties": false, + "properties": { + "QueryCompute": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.QueryComputePaymentConfig", + "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator for query compute costs.", + "title": "QueryCompute" + } + }, + "required": [ + "QueryCompute" + ], + "type": "object" + }, + "AWS::CleanRooms::Collaboration.QueryComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "markdownDescription": "Indicates whether the collaboration creator has configured the collaboration member to pay for query compute costs ( `TRUE` ) or has not configured the collaboration member to pay for query compute costs ( `FALSE` ).\n\nExactly one member can be configured to pay for query compute costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query.", + "title": "IsResponsible", + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "AWS::CleanRooms::ConfiguredTable": { "additionalProperties": false, "properties": { @@ -30412,6 +30458,11 @@ "markdownDescription": "The default protected query result configuration as specified by the member who can receive results.", "title": "DefaultResultConfiguration" }, + "PaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Membership.MembershipPaymentConfiguration", + "markdownDescription": "The payment responsibilities accepted by the collaboration member.", + "title": "PaymentConfiguration" + }, "QueryLogStatus": { "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the membership.", "title": "QueryLogStatus", @@ -30453,6 +30504,20 @@ ], "type": "object" }, + "AWS::CleanRooms::Membership.MembershipPaymentConfiguration": { + "additionalProperties": false, + "properties": { + "QueryCompute": { + "$ref": "#/definitions/AWS::CleanRooms::Membership.MembershipQueryComputePaymentConfig", + "markdownDescription": "The payment responsibilities accepted by the collaboration member for query compute costs.", + "title": "QueryCompute" + } + }, + "required": [ + "QueryCompute" + ], + "type": "object" + }, "AWS::CleanRooms::Membership.MembershipProtectedQueryOutputConfiguration": { "additionalProperties": false, "properties": { @@ -30486,6 +30551,20 @@ ], "type": "object" }, + "AWS::CleanRooms::Membership.MembershipQueryComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "markdownDescription": "Indicates whether the collaboration member has accepted to pay for query compute costs ( `TRUE` ) or has not accepted to pay for query compute costs ( `FALSE` ).\n\nIf the collaboration creator has not specified anyone to pay for query compute costs, then the member who can query is the default payer.\n\nAn error message is returned for the following reasons:\n\n- If you set the value to `FALSE` but you are responsible to pay for query compute costs.\n- If you set the value to `TRUE` but you are not responsible to pay for query compute costs.", + "title": "IsResponsible", + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "AWS::CleanRooms::Membership.ProtectedQueryS3OutputConfiguration": { "additionalProperties": false, "properties": { @@ -30604,6 +30683,7 @@ } }, "required": [ + "ImageId", "InstanceType" ], "type": "object" @@ -35367,6 +35447,12 @@ "title": "BillingMode", "type": "string" }, + "FederationEnabled": { + "type": "boolean" + }, + "FederationRoleArn": { + "type": "string" + }, "IngestionEnabled": { "markdownDescription": "Specifies whether the event data store should start ingesting live events. The default is true.", "title": "IngestionEnabled", @@ -38478,6 +38564,11 @@ "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.TrafficRoutingConfig", "markdownDescription": "The configuration that specifies how the deployment traffic is routed.", "title": "TrafficRoutingConfig" + }, + "ZonalConfig": { + "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.ZonalConfig", + "markdownDescription": "", + "title": "ZonalConfig" } }, "type": "object" @@ -38522,6 +38613,26 @@ ], "type": "object" }, + "AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone": { + "additionalProperties": false, + "properties": { + "Type": { + "markdownDescription": "", + "title": "Type", + "type": "string" + }, + "Value": { + "markdownDescription": "", + "title": "Value", + "type": "number" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, "AWS::CodeDeploy::DeploymentConfig.TimeBasedCanary": { "additionalProperties": false, "properties": { @@ -38586,6 +38697,27 @@ ], "type": "object" }, + "AWS::CodeDeploy::DeploymentConfig.ZonalConfig": { + "additionalProperties": false, + "properties": { + "FirstZoneMonitorDurationInSeconds": { + "markdownDescription": "", + "title": "FirstZoneMonitorDurationInSeconds", + "type": "number" + }, + "MinimumHealthyHostsPerZone": { + "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone", + "markdownDescription": "", + "title": "MinimumHealthyHostsPerZone" + }, + "MonitorDurationInSeconds": { + "markdownDescription": "", + "title": "MonitorDurationInSeconds", + "type": "number" + } + }, + "type": "object" + }, "AWS::CodeDeploy::DeploymentGroup": { "additionalProperties": false, "properties": { @@ -38726,6 +38858,9 @@ "title": "Tags", "type": "array" }, + "TerminationHookEnabled": { + "type": "boolean" + }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39719,6 +39854,9 @@ "title": "Name", "type": "string" }, + "PipelineType": { + "type": "string" + }, "RestartExecutionOnUpdate": { "markdownDescription": "Indicates whether to rerun the CodePipeline pipeline after you update it.", "title": "RestartExecutionOnUpdate", @@ -39744,6 +39882,18 @@ "markdownDescription": "Specifies the tags applied to the pipeline.", "title": "Tags", "type": "array" + }, + "Triggers": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" + }, + "type": "array" + }, + "Variables": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" + }, + "type": "array" } }, "required": [ @@ -39951,6 +40101,51 @@ ], "type": "object" }, + "AWS::CodePipeline::Pipeline.GitConfiguration": { + "additionalProperties": false, + "properties": { + "Push": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" + }, + "type": "array" + }, + "SourceActionName": { + "type": "string" + } + }, + "required": [ + "SourceActionName" + ], + "type": "object" + }, + "AWS::CodePipeline::Pipeline.GitPushFilter": { + "additionalProperties": false, + "properties": { + "Tags": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + } + }, + "type": "object" + }, + "AWS::CodePipeline::Pipeline.GitTagFilterCriteria": { + "additionalProperties": false, + "properties": { + "Excludes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Includes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::CodePipeline::Pipeline.InputArtifact": { "additionalProperties": false, "properties": { @@ -39979,6 +40174,21 @@ ], "type": "object" }, + "AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration": { + "additionalProperties": false, + "properties": { + "GitConfiguration": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + }, + "ProviderType": { + "type": "string" + } + }, + "required": [ + "ProviderType" + ], + "type": "object" + }, "AWS::CodePipeline::Pipeline.StageDeclaration": { "additionalProperties": false, "properties": { @@ -40030,152 +40240,170 @@ ], "type": "object" }, - "AWS::CodePipeline::Webhook": { + "AWS::CodePipeline::Pipeline.VariableDeclaration": { "additionalProperties": false, "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Authentication": { - "markdownDescription": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", - "title": "Authentication", - "type": "string" - }, - "AuthenticationConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookAuthConfiguration", - "markdownDescription": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", - "title": "AuthenticationConfiguration" - }, - "Filters": { - "items": { - "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookFilterRule" - }, - "markdownDescription": "A list of rules applied to the body/payload sent in the POST request to a webhook URL. All defined rules must pass for the request to be accepted and the pipeline started.", - "title": "Filters", - "type": "array" - }, - "Name": { - "markdownDescription": "The name of the webhook.", - "title": "Name", - "type": "string" - }, - "RegisterWithThirdParty": { - "markdownDescription": "Configures a connection between the webhook that was created and the external tool with events to be detected.", - "title": "RegisterWithThirdParty", - "type": "boolean" - }, - "TargetAction": { - "markdownDescription": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.", - "title": "TargetAction", - "type": "string" - }, - "TargetPipeline": { - "markdownDescription": "The name of the pipeline you want to connect to the webhook.", - "title": "TargetPipeline", - "type": "string" - }, - "TargetPipelineVersion": { - "markdownDescription": "The version number of the pipeline to be connected to the trigger request.\n\nRequired: Yes\n\nType: Integer\n\nUpdate requires: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)", - "title": "TargetPipelineVersion", - "type": "number" - } - }, - "required": [ - "Authentication", - "AuthenticationConfiguration", - "Filters", - "TargetAction", - "TargetPipeline", - "TargetPipelineVersion" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::CodePipeline::Webhook" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::CodePipeline::Webhook.WebhookAuthConfiguration": { - "additionalProperties": false, - "properties": { - "AllowedIPRange": { - "markdownDescription": "The property used to configure acceptance of webhooks in an IP address range. For IP, only the `AllowedIPRange` property must be set. This property must be set to a valid CIDR range.", - "title": "AllowedIPRange", + "DefaultValue": { "type": "string" }, - "SecretToken": { - "markdownDescription": "The property used to configure GitHub authentication. For GITHUB_HMAC, only the `SecretToken` property must be set.", - "title": "SecretToken", - "type": "string" - } - }, - "type": "object" - }, - "AWS::CodePipeline::Webhook.WebhookFilterRule": { - "additionalProperties": false, - "properties": { - "JsonPath": { - "markdownDescription": "A JsonPath expression that is applied to the body/payload of the webhook. The value selected by the JsonPath expression must match the value specified in the `MatchEquals` field. Otherwise, the request is ignored. For more information, see [Java JsonPath implementation](https://docs.aws.amazon.com/https://github.com/json-path/JsonPath) in GitHub.", - "title": "JsonPath", + "Description": { "type": "string" }, - "MatchEquals": { - "markdownDescription": "The value selected by the `JsonPath` expression must match what is supplied in the `MatchEquals` field. Otherwise, the request is ignored. Properties from the target action configuration can be included as placeholders in this value by surrounding the action configuration key with curly brackets. For example, if the value supplied here is \"refs/heads/{Branch}\" and the target action has an action configuration property called \"Branch\" with a value of \"main\", the `MatchEquals` value is evaluated as \"refs/heads/main\". For a list of action configuration properties for built-in action types, see [Pipeline Structure Reference Action Requirements](https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) .", - "title": "MatchEquals", + "Name": { "type": "string" } }, "required": [ - "JsonPath" + "Name" ], "type": "object" }, - "AWS::CodeStar::GitHubRepository": { + "AWS::CodePipeline::Webhook": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Authentication": { + "markdownDescription": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", + "title": "Authentication", + "type": "string" + }, + "AuthenticationConfiguration": { + "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookAuthConfiguration", + "markdownDescription": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", + "title": "AuthenticationConfiguration" + }, + "Filters": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookFilterRule" + }, + "markdownDescription": "A list of rules applied to the body/payload sent in the POST request to a webhook URL. All defined rules must pass for the request to be accepted and the pipeline started.", + "title": "Filters", + "type": "array" + }, + "Name": { + "markdownDescription": "The name of the webhook.", + "title": "Name", + "type": "string" + }, + "RegisterWithThirdParty": { + "markdownDescription": "Configures a connection between the webhook that was created and the external tool with events to be detected.", + "title": "RegisterWithThirdParty", + "type": "boolean" + }, + "TargetAction": { + "markdownDescription": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.", + "title": "TargetAction", + "type": "string" + }, + "TargetPipeline": { + "markdownDescription": "The name of the pipeline you want to connect to the webhook.", + "title": "TargetPipeline", + "type": "string" + }, + "TargetPipelineVersion": { + "markdownDescription": "The version number of the pipeline to be connected to the trigger request.\n\nRequired: Yes\n\nType: Integer\n\nUpdate requires: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)", + "title": "TargetPipelineVersion", + "type": "number" + } + }, + "required": [ + "Authentication", + "AuthenticationConfiguration", + "Filters", + "TargetAction", + "TargetPipeline", + "TargetPipelineVersion" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CodePipeline::Webhook" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CodePipeline::Webhook.WebhookAuthConfiguration": { + "additionalProperties": false, + "properties": { + "AllowedIPRange": { + "markdownDescription": "The property used to configure acceptance of webhooks in an IP address range. For IP, only the `AllowedIPRange` property must be set. This property must be set to a valid CIDR range.", + "title": "AllowedIPRange", + "type": "string" + }, + "SecretToken": { + "markdownDescription": "The property used to configure GitHub authentication. For GITHUB_HMAC, only the `SecretToken` property must be set.", + "title": "SecretToken", + "type": "string" + } + }, + "type": "object" + }, + "AWS::CodePipeline::Webhook.WebhookFilterRule": { + "additionalProperties": false, + "properties": { + "JsonPath": { + "markdownDescription": "A JsonPath expression that is applied to the body/payload of the webhook. The value selected by the JsonPath expression must match the value specified in the `MatchEquals` field. Otherwise, the request is ignored. For more information, see [Java JsonPath implementation](https://docs.aws.amazon.com/https://github.com/json-path/JsonPath) in GitHub.", + "title": "JsonPath", + "type": "string" + }, + "MatchEquals": { + "markdownDescription": "The value selected by the `JsonPath` expression must match what is supplied in the `MatchEquals` field. Otherwise, the request is ignored. Properties from the target action configuration can be included as placeholders in this value by surrounding the action configuration key with curly brackets. For example, if the value supplied here is \"refs/heads/{Branch}\" and the target action has an action configuration property called \"Branch\" with a value of \"main\", the `MatchEquals` value is evaluated as \"refs/heads/main\". For a list of action configuration properties for built-in action types, see [Pipeline Structure Reference Action Requirements](https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) .", + "title": "MatchEquals", + "type": "string" + } + }, + "required": [ + "JsonPath" + ], + "type": "object" + }, + "AWS::CodeStar::GitHubRepository": { "additionalProperties": false, "properties": { "Condition": { @@ -44122,6 +44350,9 @@ "markdownDescription": "Specifies which resource types AWS Config records for configuration changes.\n\n> *High Number of AWS Config Evaluations*\n> \n> You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.\n> \n> If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.", "title": "RecordingGroup" }, + "RecordingMode": { + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", "title": "RoleARN", @@ -44205,157 +44436,197 @@ }, "type": "object" }, - "AWS::Config::ConfigurationRecorder.RecordingStrategy": { + "AWS::Config::ConfigurationRecorder.RecordingMode": { "additionalProperties": false, "properties": { - "UseOnly": { - "markdownDescription": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", - "title": "UseOnly", + "RecordingFrequency": { "type": "string" + }, + "RecordingModeOverrides": { + "items": { + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" + }, + "type": "array" } }, "required": [ - "UseOnly" + "RecordingFrequency" ], "type": "object" }, - "AWS::Config::ConformancePack": { + "AWS::Config::ConfigurationRecorder.RecordingModeOverride": { "additionalProperties": false, "properties": { - "Condition": { + "Description": { "type": "string" }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "RecordingFrequency": { "type": "string" }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "ConformancePackInputParameters": { - "items": { - "$ref": "#/definitions/AWS::Config::ConformancePack.ConformancePackInputParameter" - }, - "markdownDescription": "A list of ConformancePackInputParameter objects.", - "title": "ConformancePackInputParameters", - "type": "array" - }, - "ConformancePackName": { - "markdownDescription": "Name of the conformance pack you want to create.", - "title": "ConformancePackName", - "type": "string" - }, - "DeliveryS3Bucket": { - "markdownDescription": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.", - "title": "DeliveryS3Bucket", - "type": "string" - }, - "DeliveryS3KeyPrefix": { - "markdownDescription": "The prefix for the Amazon S3 bucket.", - "title": "DeliveryS3KeyPrefix", - "type": "string" - }, - "TemplateBody": { - "markdownDescription": "A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", - "title": "TemplateBody", - "type": "string" - }, - "TemplateS3Uri": { - "markdownDescription": "Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", - "title": "TemplateS3Uri", - "type": "string" - }, - "TemplateSSMDocumentDetails": { - "$ref": "#/definitions/AWS::Config::ConformancePack.TemplateSSMDocumentDetails", - "markdownDescription": "An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.", - "title": "TemplateSSMDocumentDetails" - } + "ResourceTypes": { + "items": { + "type": "string" }, - "required": [ - "ConformancePackName" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Config::ConformancePack" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" + "type": "array" } }, "required": [ - "Type", - "Properties" + "RecordingFrequency", + "ResourceTypes" ], "type": "object" }, - "AWS::Config::ConformancePack.ConformancePackInputParameter": { + "AWS::Config::ConfigurationRecorder.RecordingStrategy": { "additionalProperties": false, "properties": { - "ParameterName": { - "markdownDescription": "One part of a key-value pair.", - "title": "ParameterName", - "type": "string" - }, - "ParameterValue": { - "markdownDescription": "Another part of the key-value pair.", - "title": "ParameterValue", + "UseOnly": { + "markdownDescription": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", + "title": "UseOnly", "type": "string" } }, "required": [ - "ParameterName", - "ParameterValue" + "UseOnly" ], "type": "object" }, - "AWS::Config::ConformancePack.TemplateSSMDocumentDetails": { - "additionalProperties": false, - "properties": { - "DocumentName": { - "markdownDescription": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.", - "title": "DocumentName", - "type": "string" - }, - "DocumentVersion": { - "markdownDescription": "The version of the SSM document to use to create a conformance pack. By default, AWS Config uses the latest version.\n\n> This field is optional.", - "title": "DocumentVersion", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Config::DeliveryChannel": { + "AWS::Config::ConformancePack": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConformancePackInputParameters": { + "items": { + "$ref": "#/definitions/AWS::Config::ConformancePack.ConformancePackInputParameter" + }, + "markdownDescription": "A list of ConformancePackInputParameter objects.", + "title": "ConformancePackInputParameters", + "type": "array" + }, + "ConformancePackName": { + "markdownDescription": "Name of the conformance pack you want to create.", + "title": "ConformancePackName", + "type": "string" + }, + "DeliveryS3Bucket": { + "markdownDescription": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.", + "title": "DeliveryS3Bucket", + "type": "string" + }, + "DeliveryS3KeyPrefix": { + "markdownDescription": "The prefix for the Amazon S3 bucket.", + "title": "DeliveryS3KeyPrefix", + "type": "string" + }, + "TemplateBody": { + "markdownDescription": "A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", + "title": "TemplateBody", + "type": "string" + }, + "TemplateS3Uri": { + "markdownDescription": "Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", + "title": "TemplateS3Uri", + "type": "string" + }, + "TemplateSSMDocumentDetails": { + "$ref": "#/definitions/AWS::Config::ConformancePack.TemplateSSMDocumentDetails", + "markdownDescription": "An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.", + "title": "TemplateSSMDocumentDetails" + } + }, + "required": [ + "ConformancePackName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Config::ConformancePack" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Config::ConformancePack.ConformancePackInputParameter": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "markdownDescription": "One part of a key-value pair.", + "title": "ParameterName", + "type": "string" + }, + "ParameterValue": { + "markdownDescription": "Another part of the key-value pair.", + "title": "ParameterValue", + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, + "AWS::Config::ConformancePack.TemplateSSMDocumentDetails": { + "additionalProperties": false, + "properties": { + "DocumentName": { + "markdownDescription": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.", + "title": "DocumentName", + "type": "string" + }, + "DocumentVersion": { + "markdownDescription": "The version of the SSM document to use to create a conformance pack. By default, AWS Config uses the latest version.\n\n> This field is optional.", + "title": "DocumentVersion", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Config::DeliveryChannel": { "additionalProperties": false, "properties": { "Condition": { @@ -51315,6 +51586,206 @@ ], "type": "object" }, + "AWS::DMS::DataProvider": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DataProviderIdentifier": { + "type": "string" + }, + "DataProviderName": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Engine": { + "type": "string" + }, + "ExactSettings": { + "type": "boolean" + }, + "Settings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.Settings" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Engine" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::DataProvider" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DMS::DataProvider.MicrosoftSqlServerSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.MySqlSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.OracleSettings": { + "additionalProperties": false, + "properties": { + "AsmServer": { + "type": "string" + }, + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "SecretsManagerOracleAsmAccessRoleArn": { + "type": "string" + }, + "SecretsManagerOracleAsmSecretId": { + "type": "string" + }, + "SecretsManagerSecurityDbEncryptionAccessRoleArn": { + "type": "string" + }, + "SecretsManagerSecurityDbEncryptionSecretId": { + "type": "string" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.PostgreSqlSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.Settings": { + "additionalProperties": false, + "properties": { + "MicrosoftSqlServerSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings" + }, + "MySqlSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings" + }, + "OracleSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings" + }, + "PostgreSqlSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings" + } + }, + "type": "object" + }, "AWS::DMS::Endpoint": { "additionalProperties": false, "properties": { @@ -51683,6 +52154,15 @@ "title": "CurrentLsn", "type": "string" }, + "KeepCsvFiles": { + "type": "boolean" + }, + "LoadTimeout": { + "type": "number" + }, + "MaxFileSize": { + "type": "number" + }, "MaxKBytesPerRead": { "markdownDescription": "Maximum number of bytes per read, as a NUMBER value. The default is 64 KB.", "title": "MaxKBytesPerRead", @@ -51702,6 +52182,9 @@ "markdownDescription": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true.", "title": "SetDataCaptureChanges", "type": "boolean" + }, + "WriteBufferSize": { + "type": "number" } }, "type": "object" @@ -52892,6 +53375,233 @@ ], "type": "object" }, + "AWS::DMS::InstanceProfile": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AvailabilityZone": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "InstanceProfileIdentifier": { + "type": "string" + }, + "InstanceProfileName": { + "type": "string" + }, + "KmsKeyArn": { + "type": "string" + }, + "NetworkType": { + "type": "string" + }, + "PubliclyAccessible": { + "type": "boolean" + }, + "SubnetGroupIdentifier": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VpcSecurityGroups": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::InstanceProfile" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::DMS::MigrationProject": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "InstanceProfileArn": { + "type": "string" + }, + "InstanceProfileIdentifier": { + "type": "string" + }, + "InstanceProfileName": { + "type": "string" + }, + "MigrationProjectIdentifier": { + "type": "string" + }, + "MigrationProjectName": { + "type": "string" + }, + "SchemaConversionApplicationAttributes": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes" + }, + "SourceDataProviderDescriptors": { + "items": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetDataProviderDescriptors": { + "items": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" + }, + "type": "array" + }, + "TransformationRules": { + "type": "string" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::MigrationProject" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::DMS::MigrationProject.DataProviderDescriptor": { + "additionalProperties": false, + "properties": { + "DataProviderArn": { + "type": "string" + }, + "DataProviderIdentifier": { + "type": "string" + }, + "DataProviderName": { + "type": "string" + }, + "SecretsManagerAccessRoleArn": { + "type": "string" + }, + "SecretsManagerSecretId": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes": { + "additionalProperties": false, + "properties": { + "S3BucketPath": { + "type": "string" + }, + "S3BucketRoleArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::DMS::ReplicationConfig": { "additionalProperties": false, "properties": { @@ -64698,6 +65408,27 @@ }, "type": "object" }, + "AWS::EC2::LaunchTemplate.ConnectionTrackingSpecification": { + "additionalProperties": false, + "properties": { + "TcpEstablishedTimeout": { + "markdownDescription": "Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.", + "title": "TcpEstablishedTimeout", + "type": "number" + }, + "UdpStreamTimeout": { + "markdownDescription": "Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.", + "title": "UdpStreamTimeout", + "type": "number" + }, + "UdpTimeout": { + "markdownDescription": "Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.", + "title": "UdpTimeout", + "type": "number" + } + }, + "type": "object" + }, "AWS::EC2::LaunchTemplate.CpuOptions": { "additionalProperties": false, "properties": { @@ -65391,6 +66122,11 @@ "title": "AssociatePublicIpAddress", "type": "boolean" }, + "ConnectionTrackingSpecification": { + "$ref": "#/definitions/AWS::EC2::LaunchTemplate.ConnectionTrackingSpecification", + "markdownDescription": "A connection tracking specification for the network interface.", + "title": "ConnectionTrackingSpecification" + }, "DeleteOnTermination": { "markdownDescription": "Indicates whether the network interface is deleted when the instance is terminated.", "title": "DeleteOnTermination", @@ -73754,6 +74490,11 @@ "AWS::EC2::VerifiedAccessTrustProvider.DeviceOptions": { "additionalProperties": false, "properties": { + "PublicSigningKeyUrl": { + "markdownDescription": "The URL AWS Verified Access will use to verify the authenticity of the device tokens.", + "title": "PublicSigningKeyUrl", + "type": "string" + }, "TenantId": { "markdownDescription": "The ID of the tenant application with the device-identity provider.", "title": "TenantId", @@ -74669,6 +75410,9 @@ "title": "AutoScalingGroupArn", "type": "string" }, + "ManagedDraining": { + "type": "string" + }, "ManagedScaling": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.ManagedScaling", "markdownDescription": "The managed scaling settings for the Auto Scaling group capacity provider.", @@ -80614,11 +81358,20 @@ "title": "Description", "type": "string" }, + "EncryptionKeyArn": { + "type": "string" + }, "EngineSecurityGroupId": { "markdownDescription": "The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by `VpcId` .", "title": "EngineSecurityGroupId", "type": "string" }, + "IdcInstanceArn": { + "type": "string" + }, + "IdcUserAssignment": { + "type": "string" + }, "IdpAuthUrl": { "markdownDescription": "Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.", "title": "IdpAuthUrl", @@ -80655,6 +81408,9 @@ "title": "Tags", "type": "array" }, + "TrustedIdentityPropagationEnabled": { + "type": "boolean" + }, "UserRole": { "markdownDescription": "The Amazon Resource Name (ARN) of the IAM user role that will be assumed by users and groups logged in to a Studio. The permissions attached to this IAM role can be scoped down for each user or group using session policies. You only need to specify `UserRole` when you set `AuthMode` to `SSO` .", "title": "UserRole", @@ -89598,6 +90354,11 @@ "title": "Description", "type": "string" }, + "ExperimentOptions": { + "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.ExperimentTemplateExperimentOptions", + "markdownDescription": "The experiment options for an experiment template.", + "title": "ExperimentOptions" + }, "LogConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.ExperimentTemplateLogConfiguration", "markdownDescription": "The configuration for experiment logging.", @@ -89728,12 +90489,28 @@ ], "type": "object" }, + "AWS::FIS::ExperimentTemplate.ExperimentTemplateExperimentOptions": { + "additionalProperties": false, + "properties": { + "AccountTargeting": { + "markdownDescription": "The account targeting setting for an experiment template.", + "title": "AccountTargeting", + "type": "string" + }, + "EmptyTargetResolutionMode": { + "markdownDescription": "The empty target resolution mode for an experiment template.", + "title": "EmptyTargetResolutionMode", + "type": "string" + } + }, + "type": "object" + }, "AWS::FIS::ExperimentTemplate.ExperimentTemplateLogConfiguration": { "additionalProperties": false, "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", + "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -89743,7 +90520,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3 .", + "markdownDescription": "The configuration for experiment logging to Amazon S3.", "title": "S3Configuration" } }, @@ -89784,7 +90561,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The parameters for the resource type.", + "markdownDescription": "The resource type parameters.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -89871,6 +90648,90 @@ ], "type": "object" }, + "AWS::FIS::TargetAccountConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AccountId": { + "markdownDescription": "The AWS account ID of the target account.", + "title": "AccountId", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the target account.", + "title": "Description", + "type": "string" + }, + "ExperimentTemplateId": { + "markdownDescription": "The ID of the experiment template.", + "title": "ExperimentTemplateId", + "type": "string" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of an IAM role for the target account.", + "title": "RoleArn", + "type": "string" + } + }, + "required": [ + "AccountId", + "ExperimentTemplateId", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::FIS::TargetAccountConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::FMS::NotificationChannel": { "additionalProperties": false, "properties": { @@ -109102,7 +109963,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", + "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", "title": "S3Config" } }, @@ -109133,17 +109994,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket name.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket prefix.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", "title": "LogDeliveryStatus", "type": "string" } @@ -131382,9 +132243,6 @@ "title": "PackageType", "type": "string" }, - "Policy": { - "type": "object" - }, "ReservedConcurrentExecutions": { "markdownDescription": "The number of simultaneous executions to reserve for the function.", "title": "ReservedConcurrentExecutions", @@ -135967,7 +136825,7 @@ "type": "string" }, "BackupRetention": { - "markdownDescription": "A Boolean value indicating whether automated backup retention is enabled for the database.", + "markdownDescription": "A Boolean value indicating whether automated backup retention is enabled for the database. Data Import Mode is enabled when `BackupRetention` is set to `false` , and is disabled when `BackupRetention` is set to `true` .", "title": "BackupRetention", "type": "boolean" }, @@ -146155,6 +147013,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.EpochLockingSettings": { + "additionalProperties": false, + "properties": { + "CustomEpoch": { + "type": "string" + }, + "JamSyncTime": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.Esam": { "additionalProperties": false, "properties": { @@ -146230,6 +147100,9 @@ "markdownDescription": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule.", "title": "InputPrepareScheduleActions", "type": "string" + }, + "OutputStaticImageOverlayScheduleActions": { + "type": "string" } }, "type": "object" @@ -146374,6 +147247,9 @@ "title": "OutputLockingMode", "type": "string" }, + "OutputLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", "title": "OutputTimingSource", @@ -148514,6 +149390,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.OutputLockingSettings": { + "additionalProperties": false, + "properties": { + "EpochLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + }, + "PipelineLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.OutputSettings": { "additionalProperties": false, "properties": { @@ -148565,6 +149453,11 @@ "properties": {}, "type": "object" }, + "AWS::MediaLive::Channel.PipelineLockingSettings": { + "additionalProperties": false, + "properties": {}, + "type": "object" + }, "AWS::MediaLive::Channel.RawSettings": { "additionalProperties": false, "properties": {}, @@ -217609,12 +218502,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -217622,17 +218515,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -217640,12 +218533,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -217653,7 +218546,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -217814,11 +218707,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -221804,6 +222697,11 @@ "markdownDescription": "A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.", "title": "LogFilePrefix", "type": "string" + }, + "TargetObjectKeyFormat": { + "$ref": "#/definitions/AWS::S3::Bucket.TargetObjectKeyFormat", + "markdownDescription": "Amazon S3 key format for log objects. Only one format, PartitionedPrefix or SimplePrefix, is allowed.", + "title": "TargetObjectKeyFormat" } }, "type": "object" @@ -222007,6 +222905,17 @@ }, "type": "object" }, + "AWS::S3::Bucket.PartitionedPrefix": { + "additionalProperties": false, + "properties": { + "PartitionDateSource": { + "markdownDescription": "Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime.", + "title": "PartitionDateSource", + "type": "string" + } + }, + "type": "object" + }, "AWS::S3::Bucket.PublicAccessBlockConfiguration": { "additionalProperties": false, "properties": { @@ -222559,6 +223468,22 @@ ], "type": "object" }, + "AWS::S3::Bucket.TargetObjectKeyFormat": { + "additionalProperties": false, + "properties": { + "PartitionedPrefix": { + "$ref": "#/definitions/AWS::S3::Bucket.PartitionedPrefix", + "markdownDescription": "Partitioned S3 key for log objects.", + "title": "PartitionedPrefix" + }, + "SimplePrefix": { + "markdownDescription": "To use the simple format for S3 keys for log objects. To specify SimplePrefix format, set SimplePrefix to {}.", + "title": "SimplePrefix", + "type": "object" + } + }, + "type": "object" + }, "AWS::S3::Bucket.Tiering": { "additionalProperties": false, "properties": { @@ -226152,6 +227077,9 @@ "title": "Region", "type": "string" }, + "ReplayPolicy": { + "type": "object" + }, "SubscriptionRoleArn": { "markdownDescription": "This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following:\n\n- Permission to write to the Amazon Kinesis Data Firehose delivery stream\n- Amazon SNS listed as a trusted entity\n\nSpecifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see [Fanout to Amazon Kinesis Data Firehose delivery streams](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html) in the *Amazon SNS Developer Guide.*", "title": "SubscriptionRoleArn", @@ -226247,6 +227175,14 @@ "title": "DataProtectionPolicy", "type": "object" }, + "DeliveryStatusLogging": { + "items": { + "$ref": "#/definitions/AWS::SNS::Topic.LoggingConfig" + }, + "markdownDescription": "", + "title": "DeliveryStatusLogging", + "type": "array" + }, "DisplayName": { "markdownDescription": "The display name to use for an Amazon SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs.", "title": "DisplayName", @@ -226316,6 +227252,35 @@ ], "type": "object" }, + "AWS::SNS::Topic.LoggingConfig": { + "additionalProperties": false, + "properties": { + "FailureFeedbackRoleArn": { + "markdownDescription": "", + "title": "FailureFeedbackRoleArn", + "type": "string" + }, + "Protocol": { + "markdownDescription": "", + "title": "Protocol", + "type": "string" + }, + "SuccessFeedbackRoleArn": { + "markdownDescription": "", + "title": "SuccessFeedbackRoleArn", + "type": "string" + }, + "SuccessFeedbackSampleRate": { + "markdownDescription": "", + "title": "SuccessFeedbackSampleRate", + "type": "string" + } + }, + "required": [ + "Protocol" + ], + "type": "object" + }, "AWS::SNS::Topic.Subscription": { "additionalProperties": false, "properties": { @@ -255379,6 +256344,163 @@ }, "type": "object" }, + "AWS::WorkSpacesThinClient::Environment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DesiredSoftwareSetId": { + "markdownDescription": "The ID of the software set to apply.", + "title": "DesiredSoftwareSetId", + "type": "string" + }, + "DesktopArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the desktop to stream from Amazon WorkSpaces , WorkSpaces Web, or AppStream 2.0 .", + "title": "DesktopArn", + "type": "string" + }, + "DesktopEndpoint": { + "markdownDescription": "The URL for the identity provider login (only for environments that use AppStream 2.0 ).", + "title": "DesktopEndpoint", + "type": "string" + }, + "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt the environment.", + "title": "KmsKeyArn", + "type": "string" + }, + "MaintenanceWindow": { + "$ref": "#/definitions/AWS::WorkSpacesThinClient::Environment.MaintenanceWindow", + "markdownDescription": "A specification for a time window to apply software updates.", + "title": "MaintenanceWindow" + }, + "Name": { + "markdownDescription": "The name of the environment.", + "title": "Name", + "type": "string" + }, + "SoftwareSetUpdateMode": { + "markdownDescription": "An option to define which software updates to apply.", + "title": "SoftwareSetUpdateMode", + "type": "string" + }, + "SoftwareSetUpdateSchedule": { + "markdownDescription": "An option to define if software updates should be applied within a maintenance window.", + "title": "SoftwareSetUpdateSchedule", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "DesktopArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::WorkSpacesThinClient::Environment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::WorkSpacesThinClient::Environment.MaintenanceWindow": { + "additionalProperties": false, + "properties": { + "ApplyTimeOf": { + "markdownDescription": "The option to set the maintenance window during the device local time or Universal Coordinated Time (UTC).", + "title": "ApplyTimeOf", + "type": "string" + }, + "DaysOfTheWeek": { + "items": { + "type": "string" + }, + "markdownDescription": "The days of the week during which the maintenance window is open.", + "title": "DaysOfTheWeek", + "type": "array" + }, + "EndTimeHour": { + "markdownDescription": "The hour for the maintenance window end ( `00` - `23` ).", + "title": "EndTimeHour", + "type": "number" + }, + "EndTimeMinute": { + "markdownDescription": "The minutes for the maintenance window end ( `00` - `59` ).", + "title": "EndTimeMinute", + "type": "number" + }, + "StartTimeHour": { + "markdownDescription": "The hour for the maintenance window start ( `00` - `23` ).", + "title": "StartTimeHour", + "type": "number" + }, + "StartTimeMinute": { + "markdownDescription": "The minutes past the hour for the maintenance window start ( `00` - `59` ).", + "title": "StartTimeMinute", + "type": "number" + }, + "Type": { + "markdownDescription": "An option to select the default or custom maintenance window.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::WorkSpacesWeb::BrowserSettings": { "additionalProperties": false, "properties": { @@ -265244,12 +266366,21 @@ { "$ref": "#/definitions/AWS::DMS::Certificate" }, + { + "$ref": "#/definitions/AWS::DMS::DataProvider" + }, { "$ref": "#/definitions/AWS::DMS::Endpoint" }, { "$ref": "#/definitions/AWS::DMS::EventSubscription" }, + { + "$ref": "#/definitions/AWS::DMS::InstanceProfile" + }, + { + "$ref": "#/definitions/AWS::DMS::MigrationProject" + }, { "$ref": "#/definitions/AWS::DMS::ReplicationConfig" }, @@ -265871,6 +267002,9 @@ { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate" }, + { + "$ref": "#/definitions/AWS::FIS::TargetAccountConfiguration" + }, { "$ref": "#/definitions/AWS::FMS::NotificationChannel" }, @@ -267929,6 +269063,9 @@ { "$ref": "#/definitions/AWS::WorkSpaces::Workspace" }, + { + "$ref": "#/definitions/AWS::WorkSpacesThinClient::Environment" + }, { "$ref": "#/definitions/AWS::WorkSpacesWeb::BrowserSettings" }, diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 196203793..5cfff1012 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -5886,12 +5886,17 @@ "ComputePlatform": "The destination platform type for the deployment ( `Lambda` , `Server` , or `ECS` ).", "DeploymentConfigName": "A name for the deployment configuration. If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the deployment configuration name. For more information, see [Name Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "MinimumHealthyHosts": "The minimum number of healthy instances that should be available at any time during the deployment. There are two parameters expected in the input: type and value.\n\nThe type parameter takes either of the following values:\n\n- HOST_COUNT: The value parameter represents the minimum number of healthy instances as an absolute value.\n- FLEET_PERCENT: The value parameter represents the minimum number of healthy instances as a percentage of the total number of instances in the deployment. If you specify FLEET_PERCENT, at the start of the deployment, AWS CodeDeploy converts the percentage to the equivalent number of instance and rounds up fractional instances.\n\nThe value parameter takes an integer.\n\nFor example, to set a minimum of 95% healthy instance, specify a type of FLEET_PERCENT and a value of 95.\n\nFor more information about instance health, see [CodeDeploy Instance Health](https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-health.html) in the AWS CodeDeploy User Guide.", - "TrafficRoutingConfig": "The configuration that specifies how the deployment traffic is routed." + "TrafficRoutingConfig": "The configuration that specifies how the deployment traffic is routed.", + "ZonalConfig": "" }, "AWS::CodeDeploy::DeploymentConfig MinimumHealthyHosts": { "Type": "The minimum healthy instance type:\n\n- HOST_COUNT: The minimum number of healthy instance as an absolute value.\n- FLEET_PERCENT: The minimum number of healthy instance as a percentage of the total number of instance in the deployment.\n\nIn an example of nine instance, if a HOST_COUNT of six is specified, deploy to up to three instances at a time. The deployment is successful if six or more instances are deployed to successfully. Otherwise, the deployment fails. If a FLEET_PERCENT of 40 is specified, deploy to up to five instance at a time. The deployment is successful if four or more instance are deployed to successfully. Otherwise, the deployment fails.\n\n> In a call to `GetDeploymentConfig` , CodeDeployDefault.OneAtATime returns a minimum healthy instance type of MOST_CONCURRENCY and a value of 1. This means a deployment to only one instance at a time. (You cannot set the type to MOST_CONCURRENCY, only to HOST_COUNT or FLEET_PERCENT.) In addition, with CodeDeployDefault.OneAtATime, AWS CodeDeploy attempts to ensure that all instances but one are kept in a healthy state during the deployment. Although this allows one instance at a time to be taken offline for a new deployment, it also means that if the deployment to the last instance fails, the overall deployment is still successful. \n\nFor more information, see [AWS CodeDeploy Instance Health](https://docs.aws.amazon.com//codedeploy/latest/userguide/instances-health.html) in the *AWS CodeDeploy User Guide* .", "Value": "The minimum healthy instance value." }, + "AWS::CodeDeploy::DeploymentConfig MinimumHealthyHostsPerZone": { + "Type": "", + "Value": "" + }, "AWS::CodeDeploy::DeploymentConfig TimeBasedCanary": { "CanaryInterval": "The number of minutes between the first and second traffic shifts of a `TimeBasedCanary` deployment.", "CanaryPercentage": "The percentage of traffic to shift in the first increment of a `TimeBasedCanary` deployment." @@ -5905,6 +5910,11 @@ "TimeBasedLinear": "A configuration that shifts traffic from one version of a Lambda function or Amazon ECS task set to another in equal increments, with an equal number of minutes between each increment. The original and target Lambda function versions or Amazon ECS task sets are specified in the deployment's AppSpec file.", "Type": "The type of traffic shifting ( `TimeBasedCanary` or `TimeBasedLinear` ) used by a deployment configuration." }, + "AWS::CodeDeploy::DeploymentConfig ZonalConfig": { + "FirstZoneMonitorDurationInSeconds": "", + "MinimumHealthyHostsPerZone": "", + "MonitorDurationInSeconds": "" + }, "AWS::CodeDeploy::DeploymentGroup": { "AlarmConfiguration": "Information about the Amazon CloudWatch alarms that are associated with the deployment group.", "ApplicationName": "The name of an existing CodeDeploy application to associate this deployment group with.", @@ -11302,6 +11312,7 @@ "UserTrustProviderType": "The type of user-based trust provider." }, "AWS::EC2::VerifiedAccessTrustProvider DeviceOptions": { + "PublicSigningKeyUrl": "The URL AWS Verified Access will use to verify the authenticity of the device tokens.", "TenantId": "The ID of the tenant application with the device-identity provider." }, "AWS::EC2::VerifiedAccessTrustProvider OidcOptions": { @@ -13816,9 +13827,9 @@ "EmptyTargetResolutionMode": "The empty target resolution mode for an experiment template." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateLogConfiguration": { - "CloudWatchLogsConfiguration": "The configuration for experiment logging to CloudWatch Logs .", + "CloudWatchLogsConfiguration": "The configuration for experiment logging to Amazon CloudWatch Logs.", "LogSchemaVersion": "The schema version.", - "S3Configuration": "The configuration for experiment logging to Amazon S3 ." + "S3Configuration": "The configuration for experiment logging to Amazon S3." }, "AWS::FIS::ExperimentTemplate ExperimentTemplateStopCondition": { "Source": "The source for the stop condition.", @@ -13826,7 +13837,7 @@ }, "AWS::FIS::ExperimentTemplate ExperimentTemplateTarget": { "Filters": "The filters to apply to identify target resources using specific attributes.", - "Parameters": "The parameters for the resource type.", + "Parameters": "The resource type parameters.", "ResourceArns": "The Amazon Resource Names (ARNs) of the targets.", "ResourceTags": "The tags for the target resources.", "ResourceType": "The resource type.", @@ -16630,7 +16641,7 @@ "PerformanceScoreThreshold": "The health event threshold percentage set for performance scores. When the overall performance score is at or below this percentage, Internet Monitor creates a health event." }, "AWS::InternetMonitor::Monitor InternetMeasurementsLogDelivery": { - "S3Config": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3." + "S3Config": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs." }, "AWS::InternetMonitor::Monitor LocalHealthEventsConfig": { "HealthScoreThreshold": "The health event threshold percentage set for a local health score.", @@ -16638,9 +16649,9 @@ "Status": "The status of whether Internet Monitor creates a health event based on a threshold percentage set for a local health score. The status can be `ENABLED` or `DISABLED` ." }, "AWS::InternetMonitor::Monitor S3Config": { - "BucketName": "The Amazon S3 bucket name for internet measurements publishing.", - "BucketPrefix": "An optional Amazon S3 bucket prefix for internet measurements publishing.", - "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise." + "BucketName": "The Amazon S3 bucket name.", + "BucketPrefix": "The Amazon S3 bucket prefix.", + "LogDeliveryStatus": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket." }, "AWS::InternetMonitor::Monitor Tag": { "Key": "", @@ -21053,7 +21064,7 @@ }, "AWS::Lightsail::Database": { "AvailabilityZone": "The Availability Zone for the database.", - "BackupRetention": "A Boolean value indicating whether automated backup retention is enabled for the database.", + "BackupRetention": "A Boolean value indicating whether automated backup retention is enabled for the database. Data Import Mode is enabled when `BackupRetention` is set to `false` , and is disabled when `BackupRetention` is set to `true` .", "CaCertificateIdentifier": "The certificate associated with the database.", "MasterDatabaseName": "The meaning of this parameter differs according to the database engine you use.\n\n*MySQL*\n\nThe name of the database to create when the Lightsail database resource is created. If this parameter isn't specified, no database is created in the database resource.\n\nConstraints:\n\n- Must contain 1-64 letters or numbers.\n- Must begin with a letter. Subsequent characters can be letters, underscores, or numbers (0-9).\n- Can't be a word reserved by the specified database engine.\n\nFor more information about reserved words in MySQL, see the Keywords and Reserved Words articles for [MySQL 5.6](https://docs.aws.amazon.com/https://dev.mysql.com/doc/refman/5.6/en/keywords.html) , [MySQL 5.7](https://docs.aws.amazon.com/https://dev.mysql.com/doc/refman/5.7/en/keywords.html) , and [MySQL 8.0](https://docs.aws.amazon.com/https://dev.mysql.com/doc/refman/8.0/en/keywords.html) .\n\n*PostgreSQL*\n\nThe name of the database to create when the Lightsail database resource is created. If this parameter isn't specified, a database named `postgres` is created in the database resource.\n\nConstraints:\n\n- Must contain 1-63 letters or numbers.\n- Must begin with a letter. Subsequent characters can be letters, underscores, or numbers (0-9).\n- Can't be a word reserved by the specified database engine.\n\nFor more information about reserved words in PostgreSQL, see the SQL Key Words articles for [PostgreSQL 9.6](https://docs.aws.amazon.com/https://www.postgresql.org/docs/9.6/sql-keywords-appendix.html) , [PostgreSQL 10](https://docs.aws.amazon.com/https://www.postgresql.org/docs/10/sql-keywords-appendix.html) , [PostgreSQL 11](https://docs.aws.amazon.com/https://www.postgresql.org/docs/11/sql-keywords-appendix.html) , and [PostgreSQL 12](https://docs.aws.amazon.com/https://www.postgresql.org/docs/12/sql-keywords-appendix.html) .", "MasterUserPassword": "The password for the primary user of the database. The password can include any printable ASCII character except the following: /, \", or @. It cannot contain spaces.\n\n> The `MasterUserPassword` and `RotateMasterUserPassword` parameters cannot be used together in the same template. \n\n*MySQL*\n\nConstraints: Must contain 8-41 characters.\n\n*PostgreSQL*\n\nConstraints: Must contain 8-128 characters.", @@ -35677,14 +35688,14 @@ "Value": "The tag value." }, "AWS::RolesAnywhere::Profile": { - "DurationSeconds": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", - "Enabled": "Indicates whether the profile is enabled.", - "ManagedPolicyArns": "A list of managed policy ARNs that apply to the vended session credentials.", - "Name": "The name of the profile.", - "RequireInstanceProperties": "Specifies whether instance properties are required in temporary credential requests with this profile.", - "RoleArns": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", - "SessionPolicy": "A session policy that applies to the trust boundary of the vended session credentials.", - "Tags": "The tags to attach to the profile." + "DurationSeconds": "The number of seconds vended session credentials will be valid for", + "Enabled": "The enabled status of the resource.", + "ManagedPolicyArns": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", + "Name": "The customer specified name of the resource.", + "RequireInstanceProperties": "Specifies whether instance properties are required in CreateSession requests with this profile.", + "RoleArns": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", + "SessionPolicy": "A session policy that will applied to the trust boundary of the vended session credentials.", + "Tags": "A list of Tags." }, "AWS::RolesAnywhere::Profile Tag": { "Key": "The tag key.", @@ -35704,8 +35715,8 @@ "Threshold": "The number of days before a notification event. This value is required for a notification setting that is enabled." }, "AWS::RolesAnywhere::TrustAnchor Source": { - "SourceData": "The data field of the trust anchor depending on its type.", - "SourceType": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region." + "SourceData": "A union object representing the data field of the TrustAnchor depending on its type", + "SourceType": "The type of the TrustAnchor." }, "AWS::RolesAnywhere::TrustAnchor SourceData": { "AcmPcaArn": "The root certificate of the AWS Private Certificate Authority specified by this ARN is used in trust validation for temporary credential requests. Included for trust anchors of type `AWS_ACM_PCA` .\n\n> This field is not supported in your region.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index 62e05250e..1fce33b7d 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -5526,7 +5526,7 @@ "markdownDescription": "A key-value map defining required or optional method request parameters that can be accepted by API Gateway. A key is a method request parameter name matching the pattern of `method.request.{location}.{name}` , where `location` is `querystring` , `path` , or `header` and `name` is a valid and unique parameter name. The value associated with the key is a Boolean flag indicating whether the parameter is required ( `true` ) or optional ( `false` ). The method request parameter names defined here are available in Integration to be mapped to integration request parameters or templates.", "patternProperties": { "^[a-zA-Z0-9]+$": { - "type": "boolean" + "type": "string" } }, "title": "RequestParameters", @@ -5668,6 +5668,9 @@ "type": "string" } }, + "required": [ + "Type" + ], "type": "object" }, "AWS::ApiGateway::Method.IntegrationResponse": { @@ -5735,7 +5738,7 @@ "markdownDescription": "A key-value map specifying required or optional response parameters that API Gateway can send back to the caller. A key defines a method response header and the value specifies whether the associated method response header is required or not. The expression of the key must match the pattern `method.response.header.{name}` , where `name` is a valid and unique header name. API Gateway passes certain integration response data to the method response headers specified here according to the mapping you prescribe in the API's IntegrationResponse. The integration response data that can be mapped include an integration response header expressed in `integration.response.header.{name}` , a static value enclosed within a pair of single quotes (e.g., `'application/json'` ), or a JSON expression from the back-end response payload in the form of `integration.response.body.{JSON-expression}` , where `JSON-expression` is a valid JSON expression without the `$` prefix.)", "patternProperties": { "^[a-zA-Z0-9]+$": { - "type": "boolean" + "type": "string" } }, "title": "ResponseParameters", @@ -27272,6 +27275,11 @@ "Properties": { "additionalProperties": false, "properties": { + "AccountId": { + "markdownDescription": "The AWS account in which this custom line item will be applied to.", + "title": "AccountId", + "type": "string" + }, "BillingGroupArn": { "markdownDescription": "The Amazon Resource Name (ARN) that references the billing group where the custom line item applies to.", "title": "BillingGroupArn", @@ -29740,6 +29748,11 @@ "title": "CreatorMemberAbilities", "type": "array" }, + "CreatorPaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.PaymentConfiguration", + "markdownDescription": "An object representing the collaboration member's payment responsibilities set by the collaboration creator.", + "title": "CreatorPaymentConfiguration" + }, "DataEncryptionMetadata": { "$ref": "#/definitions/AWS::CleanRooms::Collaboration.DataEncryptionMetadata", "markdownDescription": "The settings for client-side encryption for cryptographic computing.", @@ -29860,6 +29873,11 @@ "markdownDescription": "The abilities granted to the collaboration member.\n\n*Allowed Values* : `CAN_QUERY` | `CAN_RECEIVE_RESULTS`", "title": "MemberAbilities", "type": "array" + }, + "PaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.PaymentConfiguration", + "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator.\n\nIf the collaboration creator hasn't speci\ufb01ed anyone as the member paying for query compute costs, then the member who can query is the default payer.", + "title": "PaymentConfiguration" } }, "required": [ @@ -29869,6 +29887,34 @@ ], "type": "object" }, + "AWS::CleanRooms::Collaboration.PaymentConfiguration": { + "additionalProperties": false, + "properties": { + "QueryCompute": { + "$ref": "#/definitions/AWS::CleanRooms::Collaboration.QueryComputePaymentConfig", + "markdownDescription": "The collaboration member's payment responsibilities set by the collaboration creator for query compute costs.", + "title": "QueryCompute" + } + }, + "required": [ + "QueryCompute" + ], + "type": "object" + }, + "AWS::CleanRooms::Collaboration.QueryComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "markdownDescription": "Indicates whether the collaboration creator has configured the collaboration member to pay for query compute costs ( `TRUE` ) or has not configured the collaboration member to pay for query compute costs ( `FALSE` ).\n\nExactly one member can be configured to pay for query compute costs. An error is returned if the collaboration creator sets a `TRUE` value for more than one member in the collaboration.\n\nIf the collaboration creator hasn't specified anyone as the member paying for query compute costs, then the member who can query is the default payer. An error is returned if the collaboration creator sets a `FALSE` value for the member who can query.", + "title": "IsResponsible", + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "AWS::CleanRooms::ConfiguredTable": { "additionalProperties": false, "properties": { @@ -30384,6 +30430,11 @@ "markdownDescription": "The default protected query result configuration as specified by the member who can receive results.", "title": "DefaultResultConfiguration" }, + "PaymentConfiguration": { + "$ref": "#/definitions/AWS::CleanRooms::Membership.MembershipPaymentConfiguration", + "markdownDescription": "The payment responsibilities accepted by the collaboration member.", + "title": "PaymentConfiguration" + }, "QueryLogStatus": { "markdownDescription": "An indicator as to whether query logging has been enabled or disabled for the membership.", "title": "QueryLogStatus", @@ -30425,6 +30476,20 @@ ], "type": "object" }, + "AWS::CleanRooms::Membership.MembershipPaymentConfiguration": { + "additionalProperties": false, + "properties": { + "QueryCompute": { + "$ref": "#/definitions/AWS::CleanRooms::Membership.MembershipQueryComputePaymentConfig", + "markdownDescription": "The payment responsibilities accepted by the collaboration member for query compute costs.", + "title": "QueryCompute" + } + }, + "required": [ + "QueryCompute" + ], + "type": "object" + }, "AWS::CleanRooms::Membership.MembershipProtectedQueryOutputConfiguration": { "additionalProperties": false, "properties": { @@ -30458,6 +30523,20 @@ ], "type": "object" }, + "AWS::CleanRooms::Membership.MembershipQueryComputePaymentConfig": { + "additionalProperties": false, + "properties": { + "IsResponsible": { + "markdownDescription": "Indicates whether the collaboration member has accepted to pay for query compute costs ( `TRUE` ) or has not accepted to pay for query compute costs ( `FALSE` ).\n\nIf the collaboration creator has not specified anyone to pay for query compute costs, then the member who can query is the default payer.\n\nAn error message is returned for the following reasons:\n\n- If you set the value to `FALSE` but you are responsible to pay for query compute costs.\n- If you set the value to `TRUE` but you are not responsible to pay for query compute costs.", + "title": "IsResponsible", + "type": "boolean" + } + }, + "required": [ + "IsResponsible" + ], + "type": "object" + }, "AWS::CleanRooms::Membership.ProtectedQueryS3OutputConfiguration": { "additionalProperties": false, "properties": { @@ -30576,6 +30655,7 @@ } }, "required": [ + "ImageId", "InstanceType" ], "type": "object" @@ -35339,6 +35419,12 @@ "title": "BillingMode", "type": "string" }, + "FederationEnabled": { + "type": "boolean" + }, + "FederationRoleArn": { + "type": "string" + }, "IngestionEnabled": { "markdownDescription": "Specifies whether the event data store should start ingesting live events. The default is true.", "title": "IngestionEnabled", @@ -38450,6 +38536,11 @@ "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.TrafficRoutingConfig", "markdownDescription": "The configuration that specifies how the deployment traffic is routed.", "title": "TrafficRoutingConfig" + }, + "ZonalConfig": { + "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.ZonalConfig", + "markdownDescription": "", + "title": "ZonalConfig" } }, "type": "object" @@ -38494,6 +38585,26 @@ ], "type": "object" }, + "AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone": { + "additionalProperties": false, + "properties": { + "Type": { + "markdownDescription": "", + "title": "Type", + "type": "string" + }, + "Value": { + "markdownDescription": "", + "title": "Value", + "type": "number" + } + }, + "required": [ + "Type", + "Value" + ], + "type": "object" + }, "AWS::CodeDeploy::DeploymentConfig.TimeBasedCanary": { "additionalProperties": false, "properties": { @@ -38558,6 +38669,27 @@ ], "type": "object" }, + "AWS::CodeDeploy::DeploymentConfig.ZonalConfig": { + "additionalProperties": false, + "properties": { + "FirstZoneMonitorDurationInSeconds": { + "markdownDescription": "", + "title": "FirstZoneMonitorDurationInSeconds", + "type": "number" + }, + "MinimumHealthyHostsPerZone": { + "$ref": "#/definitions/AWS::CodeDeploy::DeploymentConfig.MinimumHealthyHostsPerZone", + "markdownDescription": "", + "title": "MinimumHealthyHostsPerZone" + }, + "MonitorDurationInSeconds": { + "markdownDescription": "", + "title": "MonitorDurationInSeconds", + "type": "number" + } + }, + "type": "object" + }, "AWS::CodeDeploy::DeploymentGroup": { "additionalProperties": false, "properties": { @@ -38698,6 +38830,9 @@ "title": "Tags", "type": "array" }, + "TerminationHookEnabled": { + "type": "boolean" + }, "TriggerConfigurations": { "items": { "$ref": "#/definitions/AWS::CodeDeploy::DeploymentGroup.TriggerConfig" @@ -39691,6 +39826,9 @@ "title": "Name", "type": "string" }, + "PipelineType": { + "type": "string" + }, "RestartExecutionOnUpdate": { "markdownDescription": "Indicates whether to rerun the CodePipeline pipeline after you update it.", "title": "RestartExecutionOnUpdate", @@ -39716,6 +39854,18 @@ "markdownDescription": "Specifies the tags applied to the pipeline.", "title": "Tags", "type": "array" + }, + "Triggers": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration" + }, + "type": "array" + }, + "Variables": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.VariableDeclaration" + }, + "type": "array" } }, "required": [ @@ -39923,6 +40073,51 @@ ], "type": "object" }, + "AWS::CodePipeline::Pipeline.GitConfiguration": { + "additionalProperties": false, + "properties": { + "Push": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitPushFilter" + }, + "type": "array" + }, + "SourceActionName": { + "type": "string" + } + }, + "required": [ + "SourceActionName" + ], + "type": "object" + }, + "AWS::CodePipeline::Pipeline.GitPushFilter": { + "additionalProperties": false, + "properties": { + "Tags": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitTagFilterCriteria" + } + }, + "type": "object" + }, + "AWS::CodePipeline::Pipeline.GitTagFilterCriteria": { + "additionalProperties": false, + "properties": { + "Excludes": { + "items": { + "type": "string" + }, + "type": "array" + }, + "Includes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, "AWS::CodePipeline::Pipeline.InputArtifact": { "additionalProperties": false, "properties": { @@ -39951,6 +40146,21 @@ ], "type": "object" }, + "AWS::CodePipeline::Pipeline.PipelineTriggerDeclaration": { + "additionalProperties": false, + "properties": { + "GitConfiguration": { + "$ref": "#/definitions/AWS::CodePipeline::Pipeline.GitConfiguration" + }, + "ProviderType": { + "type": "string" + } + }, + "required": [ + "ProviderType" + ], + "type": "object" + }, "AWS::CodePipeline::Pipeline.StageDeclaration": { "additionalProperties": false, "properties": { @@ -40002,152 +40212,170 @@ ], "type": "object" }, - "AWS::CodePipeline::Webhook": { + "AWS::CodePipeline::Pipeline.VariableDeclaration": { "additionalProperties": false, "properties": { - "Condition": { - "type": "string" - }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "Authentication": { - "markdownDescription": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", - "title": "Authentication", - "type": "string" - }, - "AuthenticationConfiguration": { - "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookAuthConfiguration", - "markdownDescription": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", - "title": "AuthenticationConfiguration" - }, - "Filters": { - "items": { - "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookFilterRule" - }, - "markdownDescription": "A list of rules applied to the body/payload sent in the POST request to a webhook URL. All defined rules must pass for the request to be accepted and the pipeline started.", - "title": "Filters", - "type": "array" - }, - "Name": { - "markdownDescription": "The name of the webhook.", - "title": "Name", - "type": "string" - }, - "RegisterWithThirdParty": { - "markdownDescription": "Configures a connection between the webhook that was created and the external tool with events to be detected.", - "title": "RegisterWithThirdParty", - "type": "boolean" - }, - "TargetAction": { - "markdownDescription": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.", - "title": "TargetAction", - "type": "string" - }, - "TargetPipeline": { - "markdownDescription": "The name of the pipeline you want to connect to the webhook.", - "title": "TargetPipeline", - "type": "string" - }, - "TargetPipelineVersion": { - "markdownDescription": "The version number of the pipeline to be connected to the trigger request.\n\nRequired: Yes\n\nType: Integer\n\nUpdate requires: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)", - "title": "TargetPipelineVersion", - "type": "number" - } - }, - "required": [ - "Authentication", - "AuthenticationConfiguration", - "Filters", - "TargetAction", - "TargetPipeline", - "TargetPipelineVersion" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::CodePipeline::Webhook" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" - } - }, - "required": [ - "Type", - "Properties" - ], - "type": "object" - }, - "AWS::CodePipeline::Webhook.WebhookAuthConfiguration": { - "additionalProperties": false, - "properties": { - "AllowedIPRange": { - "markdownDescription": "The property used to configure acceptance of webhooks in an IP address range. For IP, only the `AllowedIPRange` property must be set. This property must be set to a valid CIDR range.", - "title": "AllowedIPRange", + "DefaultValue": { "type": "string" }, - "SecretToken": { - "markdownDescription": "The property used to configure GitHub authentication. For GITHUB_HMAC, only the `SecretToken` property must be set.", - "title": "SecretToken", - "type": "string" - } - }, - "type": "object" - }, - "AWS::CodePipeline::Webhook.WebhookFilterRule": { - "additionalProperties": false, - "properties": { - "JsonPath": { - "markdownDescription": "A JsonPath expression that is applied to the body/payload of the webhook. The value selected by the JsonPath expression must match the value specified in the `MatchEquals` field. Otherwise, the request is ignored. For more information, see [Java JsonPath implementation](https://docs.aws.amazon.com/https://github.com/json-path/JsonPath) in GitHub.", - "title": "JsonPath", + "Description": { "type": "string" }, - "MatchEquals": { - "markdownDescription": "The value selected by the `JsonPath` expression must match what is supplied in the `MatchEquals` field. Otherwise, the request is ignored. Properties from the target action configuration can be included as placeholders in this value by surrounding the action configuration key with curly brackets. For example, if the value supplied here is \"refs/heads/{Branch}\" and the target action has an action configuration property called \"Branch\" with a value of \"main\", the `MatchEquals` value is evaluated as \"refs/heads/main\". For a list of action configuration properties for built-in action types, see [Pipeline Structure Reference Action Requirements](https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) .", - "title": "MatchEquals", + "Name": { "type": "string" } }, "required": [ - "JsonPath" + "Name" ], "type": "object" }, - "AWS::CodeStar::GitHubRepository": { + "AWS::CodePipeline::Webhook": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Authentication": { + "markdownDescription": "Supported options are GITHUB_HMAC, IP, and UNAUTHENTICATED.\n\n- For information about the authentication scheme implemented by GITHUB_HMAC, see [Securing your webhooks](https://docs.aws.amazon.com/https://developer.github.com/webhooks/securing/) on the GitHub Developer website.\n- IP rejects webhooks trigger requests unless they originate from an IP address in the IP range whitelisted in the authentication configuration.\n- UNAUTHENTICATED accepts all webhook trigger requests regardless of origin.", + "title": "Authentication", + "type": "string" + }, + "AuthenticationConfiguration": { + "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookAuthConfiguration", + "markdownDescription": "Properties that configure the authentication applied to incoming webhook trigger requests. The required properties depend on the authentication type. For GITHUB_HMAC, only the `SecretToken` property must be set. For IP, only the `AllowedIPRange` property must be set to a valid CIDR range. For UNAUTHENTICATED, no properties can be set.", + "title": "AuthenticationConfiguration" + }, + "Filters": { + "items": { + "$ref": "#/definitions/AWS::CodePipeline::Webhook.WebhookFilterRule" + }, + "markdownDescription": "A list of rules applied to the body/payload sent in the POST request to a webhook URL. All defined rules must pass for the request to be accepted and the pipeline started.", + "title": "Filters", + "type": "array" + }, + "Name": { + "markdownDescription": "The name of the webhook.", + "title": "Name", + "type": "string" + }, + "RegisterWithThirdParty": { + "markdownDescription": "Configures a connection between the webhook that was created and the external tool with events to be detected.", + "title": "RegisterWithThirdParty", + "type": "boolean" + }, + "TargetAction": { + "markdownDescription": "The name of the action in a pipeline you want to connect to the webhook. The action must be from the source (first) stage of the pipeline.", + "title": "TargetAction", + "type": "string" + }, + "TargetPipeline": { + "markdownDescription": "The name of the pipeline you want to connect to the webhook.", + "title": "TargetPipeline", + "type": "string" + }, + "TargetPipelineVersion": { + "markdownDescription": "The version number of the pipeline to be connected to the trigger request.\n\nRequired: Yes\n\nType: Integer\n\nUpdate requires: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)", + "title": "TargetPipelineVersion", + "type": "number" + } + }, + "required": [ + "Authentication", + "AuthenticationConfiguration", + "Filters", + "TargetAction", + "TargetPipeline", + "TargetPipelineVersion" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::CodePipeline::Webhook" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::CodePipeline::Webhook.WebhookAuthConfiguration": { + "additionalProperties": false, + "properties": { + "AllowedIPRange": { + "markdownDescription": "The property used to configure acceptance of webhooks in an IP address range. For IP, only the `AllowedIPRange` property must be set. This property must be set to a valid CIDR range.", + "title": "AllowedIPRange", + "type": "string" + }, + "SecretToken": { + "markdownDescription": "The property used to configure GitHub authentication. For GITHUB_HMAC, only the `SecretToken` property must be set.", + "title": "SecretToken", + "type": "string" + } + }, + "type": "object" + }, + "AWS::CodePipeline::Webhook.WebhookFilterRule": { + "additionalProperties": false, + "properties": { + "JsonPath": { + "markdownDescription": "A JsonPath expression that is applied to the body/payload of the webhook. The value selected by the JsonPath expression must match the value specified in the `MatchEquals` field. Otherwise, the request is ignored. For more information, see [Java JsonPath implementation](https://docs.aws.amazon.com/https://github.com/json-path/JsonPath) in GitHub.", + "title": "JsonPath", + "type": "string" + }, + "MatchEquals": { + "markdownDescription": "The value selected by the `JsonPath` expression must match what is supplied in the `MatchEquals` field. Otherwise, the request is ignored. Properties from the target action configuration can be included as placeholders in this value by surrounding the action configuration key with curly brackets. For example, if the value supplied here is \"refs/heads/{Branch}\" and the target action has an action configuration property called \"Branch\" with a value of \"main\", the `MatchEquals` value is evaluated as \"refs/heads/main\". For a list of action configuration properties for built-in action types, see [Pipeline Structure Reference Action Requirements](https://docs.aws.amazon.com/codepipeline/latest/userguide/reference-pipeline-structure.html#action-requirements) .", + "title": "MatchEquals", + "type": "string" + } + }, + "required": [ + "JsonPath" + ], + "type": "object" + }, + "AWS::CodeStar::GitHubRepository": { "additionalProperties": false, "properties": { "Condition": { @@ -44094,6 +44322,9 @@ "markdownDescription": "Specifies which resource types AWS Config records for configuration changes.\n\n> *High Number of AWS Config Evaluations*\n> \n> You may notice increased activity in your account during your initial month recording with AWS Config when compared to subsequent months. During the initial bootstrapping process, AWS Config runs evaluations on all the resources in your account that you have selected for AWS Config to record.\n> \n> If you are running ephemeral workloads, you may see increased activity from AWS Config as it records configuration changes associated with creating and deleting these temporary resources. An *ephemeral workload* is a temporary use of computing resources that are loaded and run when needed. Examples include Amazon Elastic Compute Cloud ( Amazon EC2 ) Spot Instances, Amazon EMR jobs, and AWS Auto Scaling . If you want to avoid the increased activity from running ephemeral workloads, you can run these types of workloads in a separate account with AWS Config turned off to avoid increased configuration recording and rule evaluations.", "title": "RecordingGroup" }, + "RecordingMode": { + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingMode" + }, "RoleARN": { "markdownDescription": "Amazon Resource Name (ARN) of the IAM role assumed by AWS Config and used by the configuration recorder. For more information, see [Permissions for the IAM Role Assigned](https://docs.aws.amazon.com/config/latest/developerguide/iamrole-permissions.html) to AWS Config in the AWS Config Developer Guide.\n\n> *Pre-existing AWS Config role*\n> \n> If you have used an AWS service that uses AWS Config , such as AWS Security Hub or AWS Control Tower , and an AWS Config role has already been created, make sure that the IAM role that you use when setting up AWS Config keeps the same minimum permissions as the already created AWS Config role. You must do this so that the other AWS service continues to run as expected.\n> \n> For example, if AWS Control Tower has an IAM role that allows AWS Config to read Amazon Simple Storage Service ( Amazon S3 ) objects, make sure that the same permissions are granted within the IAM role you use when setting up AWS Config . Otherwise, it may interfere with how AWS Control Tower operates. For more information about IAM roles for AWS Config , see [*Identity and Access Management for AWS Config*](https://docs.aws.amazon.com/config/latest/developerguide/security-iam.html) in the *AWS Config Developer Guide* .", "title": "RoleARN", @@ -44177,157 +44408,197 @@ }, "type": "object" }, - "AWS::Config::ConfigurationRecorder.RecordingStrategy": { + "AWS::Config::ConfigurationRecorder.RecordingMode": { "additionalProperties": false, "properties": { - "UseOnly": { - "markdownDescription": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", - "title": "UseOnly", + "RecordingFrequency": { "type": "string" + }, + "RecordingModeOverrides": { + "items": { + "$ref": "#/definitions/AWS::Config::ConfigurationRecorder.RecordingModeOverride" + }, + "type": "array" } }, "required": [ - "UseOnly" + "RecordingFrequency" ], "type": "object" }, - "AWS::Config::ConformancePack": { + "AWS::Config::ConfigurationRecorder.RecordingModeOverride": { "additionalProperties": false, "properties": { - "Condition": { + "Description": { "type": "string" }, - "DeletionPolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], + "RecordingFrequency": { "type": "string" }, - "DependsOn": { - "anyOf": [ - { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - { - "items": { - "pattern": "^[a-zA-Z0-9]+$", - "type": "string" - }, - "type": "array" - } - ] - }, - "Metadata": { - "type": "object" - }, - "Properties": { - "additionalProperties": false, - "properties": { - "ConformancePackInputParameters": { - "items": { - "$ref": "#/definitions/AWS::Config::ConformancePack.ConformancePackInputParameter" - }, - "markdownDescription": "A list of ConformancePackInputParameter objects.", - "title": "ConformancePackInputParameters", - "type": "array" - }, - "ConformancePackName": { - "markdownDescription": "Name of the conformance pack you want to create.", - "title": "ConformancePackName", - "type": "string" - }, - "DeliveryS3Bucket": { - "markdownDescription": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.", - "title": "DeliveryS3Bucket", - "type": "string" - }, - "DeliveryS3KeyPrefix": { - "markdownDescription": "The prefix for the Amazon S3 bucket.", - "title": "DeliveryS3KeyPrefix", - "type": "string" - }, - "TemplateBody": { - "markdownDescription": "A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", - "title": "TemplateBody", - "type": "string" - }, - "TemplateS3Uri": { - "markdownDescription": "Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", - "title": "TemplateS3Uri", - "type": "string" - }, - "TemplateSSMDocumentDetails": { - "$ref": "#/definitions/AWS::Config::ConformancePack.TemplateSSMDocumentDetails", - "markdownDescription": "An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.", - "title": "TemplateSSMDocumentDetails" - } + "ResourceTypes": { + "items": { + "type": "string" }, - "required": [ - "ConformancePackName" - ], - "type": "object" - }, - "Type": { - "enum": [ - "AWS::Config::ConformancePack" - ], - "type": "string" - }, - "UpdateReplacePolicy": { - "enum": [ - "Delete", - "Retain", - "Snapshot" - ], - "type": "string" + "type": "array" } }, "required": [ - "Type", - "Properties" + "RecordingFrequency", + "ResourceTypes" ], "type": "object" }, - "AWS::Config::ConformancePack.ConformancePackInputParameter": { + "AWS::Config::ConfigurationRecorder.RecordingStrategy": { "additionalProperties": false, "properties": { - "ParameterName": { - "markdownDescription": "One part of a key-value pair.", - "title": "ParameterName", - "type": "string" - }, - "ParameterValue": { - "markdownDescription": "Another part of the key-value pair.", - "title": "ParameterValue", + "UseOnly": { + "markdownDescription": "The recording strategy for the configuration recorder.\n\n- If you set this option to `ALL_SUPPORTED_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, excluding the global IAM resource types. You also must set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` . When AWS Config adds support for a new resource type, AWS Config automatically starts recording resources of that type. For a list of supported resource types, see [Supported Resource Types](https://docs.aws.amazon.com/config/latest/developerguide/resource-config-reference.html#supported-resources) in the *AWS Config developer guide* .\n- If you set this option to `INCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for only the resource types that you specify in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n- If you set this option to `EXCLUSION_BY_RESOURCE_TYPES` , AWS Config records configuration changes for all supported resource types, except the resource types that you specify to exclude from being recorded in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) .\n\n> *Required and optional fields*\n> \n> The `recordingStrategy` field is optional when you set the `allSupported` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) to `true` .\n> \n> The `recordingStrategy` field is optional when you list resource types in the `resourceTypes` field of [RecordingGroup](https://docs.aws.amazon.com/config/latest/APIReference/API_RecordingGroup.html) .\n> \n> The `recordingStrategy` field is required if you list resource types to exclude from recording in the `resourceTypes` field of [ExclusionByResourceTypes](https://docs.aws.amazon.com/config/latest/APIReference/API_ExclusionByResourceTypes.html) . > *Overriding fields*\n> \n> If you choose `EXCLUSION_BY_RESOURCE_TYPES` for the recording strategy, the `exclusionByResourceTypes` field will override other properties in the request.\n> \n> For example, even if you set `includeGlobalResourceTypes` to false, global IAM resource types will still be automatically recorded in this option unless those resource types are specifically listed as exclusions in the `resourceTypes` field of `exclusionByResourceTypes` . > *Global resource types and the exclusion recording strategy*\n> \n> By default, if you choose the `EXCLUSION_BY_RESOURCE_TYPES` recording strategy, when AWS Config adds support for a new resource type in the Region where you set up the configuration recorder, including global resource types, AWS Config starts recording resources of that type automatically.\n> \n> Unless specifically listed as exclusions, `AWS::RDS::GlobalCluster` will be recorded automatically in all supported AWS Config Regions were the configuration recorder is enabled.\n> \n> IAM users, groups, roles, and customer managed policies will be recorded in the Region where you set up the configuration recorder if that is a Region where AWS Config was available before February 2022. You cannot be record the global IAM resouce types in Regions supported by AWS Config after February 2022. This list where you cannot record the global IAM resource types includes the following Regions:\n> \n> - Asia Pacific (Hyderabad)\n> - Asia Pacific (Melbourne)\n> - Europe (Spain)\n> - Europe (Zurich)\n> - Israel (Tel Aviv)\n> - Middle East (UAE)", + "title": "UseOnly", "type": "string" } }, "required": [ - "ParameterName", - "ParameterValue" + "UseOnly" ], "type": "object" }, - "AWS::Config::ConformancePack.TemplateSSMDocumentDetails": { - "additionalProperties": false, - "properties": { - "DocumentName": { - "markdownDescription": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.", - "title": "DocumentName", - "type": "string" - }, - "DocumentVersion": { - "markdownDescription": "The version of the SSM document to use to create a conformance pack. By default, AWS Config uses the latest version.\n\n> This field is optional.", - "title": "DocumentVersion", - "type": "string" - } - }, - "type": "object" - }, - "AWS::Config::DeliveryChannel": { + "AWS::Config::ConformancePack": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "ConformancePackInputParameters": { + "items": { + "$ref": "#/definitions/AWS::Config::ConformancePack.ConformancePackInputParameter" + }, + "markdownDescription": "A list of ConformancePackInputParameter objects.", + "title": "ConformancePackInputParameters", + "type": "array" + }, + "ConformancePackName": { + "markdownDescription": "Name of the conformance pack you want to create.", + "title": "ConformancePackName", + "type": "string" + }, + "DeliveryS3Bucket": { + "markdownDescription": "The name of the Amazon S3 bucket where AWS Config stores conformance pack templates.", + "title": "DeliveryS3Bucket", + "type": "string" + }, + "DeliveryS3KeyPrefix": { + "markdownDescription": "The prefix for the Amazon S3 bucket.", + "title": "DeliveryS3KeyPrefix", + "type": "string" + }, + "TemplateBody": { + "markdownDescription": "A string containing full conformance pack template body. Structure containing the template body with a minimum length of 1 byte and a maximum length of 51,200 bytes.\n\n> You can only use a YAML template with two resource types: config rule ( `AWS::Config::ConfigRule` ) and a remediation action ( `AWS::Config::RemediationConfiguration` ).", + "title": "TemplateBody", + "type": "string" + }, + "TemplateS3Uri": { + "markdownDescription": "Location of file containing the template body (s3://bucketname/prefix). The uri must point to the conformance pack template (max size: 300 KB) that is located in an Amazon S3 bucket.\n\n> You must have access to read Amazon S3 bucket.", + "title": "TemplateS3Uri", + "type": "string" + }, + "TemplateSSMDocumentDetails": { + "$ref": "#/definitions/AWS::Config::ConformancePack.TemplateSSMDocumentDetails", + "markdownDescription": "An object that contains the name or Amazon Resource Name (ARN) of the AWS Systems Manager document (SSM document) and the version of the SSM document that is used to create a conformance pack.", + "title": "TemplateSSMDocumentDetails" + } + }, + "required": [ + "ConformancePackName" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::Config::ConformancePack" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::Config::ConformancePack.ConformancePackInputParameter": { + "additionalProperties": false, + "properties": { + "ParameterName": { + "markdownDescription": "One part of a key-value pair.", + "title": "ParameterName", + "type": "string" + }, + "ParameterValue": { + "markdownDescription": "Another part of the key-value pair.", + "title": "ParameterValue", + "type": "string" + } + }, + "required": [ + "ParameterName", + "ParameterValue" + ], + "type": "object" + }, + "AWS::Config::ConformancePack.TemplateSSMDocumentDetails": { + "additionalProperties": false, + "properties": { + "DocumentName": { + "markdownDescription": "The name or Amazon Resource Name (ARN) of the SSM document to use to create a conformance pack. If you use the document name, AWS Config checks only your account and AWS Region for the SSM document. If you want to use an SSM document from another Region or account, you must provide the ARN.", + "title": "DocumentName", + "type": "string" + }, + "DocumentVersion": { + "markdownDescription": "The version of the SSM document to use to create a conformance pack. By default, AWS Config uses the latest version.\n\n> This field is optional.", + "title": "DocumentVersion", + "type": "string" + } + }, + "type": "object" + }, + "AWS::Config::DeliveryChannel": { "additionalProperties": false, "properties": { "Condition": { @@ -51287,6 +51558,206 @@ ], "type": "object" }, + "AWS::DMS::DataProvider": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DataProviderIdentifier": { + "type": "string" + }, + "DataProviderName": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "Engine": { + "type": "string" + }, + "ExactSettings": { + "type": "boolean" + }, + "Settings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.Settings" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + } + }, + "required": [ + "Engine" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::DataProvider" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::DMS::DataProvider.MicrosoftSqlServerSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.MySqlSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.OracleSettings": { + "additionalProperties": false, + "properties": { + "AsmServer": { + "type": "string" + }, + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "SecretsManagerOracleAsmAccessRoleArn": { + "type": "string" + }, + "SecretsManagerOracleAsmSecretId": { + "type": "string" + }, + "SecretsManagerSecurityDbEncryptionAccessRoleArn": { + "type": "string" + }, + "SecretsManagerSecurityDbEncryptionSecretId": { + "type": "string" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.PostgreSqlSettings": { + "additionalProperties": false, + "properties": { + "CertificateArn": { + "type": "string" + }, + "DatabaseName": { + "type": "string" + }, + "Port": { + "type": "number" + }, + "ServerName": { + "type": "string" + }, + "SslMode": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::DataProvider.Settings": { + "additionalProperties": false, + "properties": { + "MicrosoftSqlServerSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.MicrosoftSqlServerSettings" + }, + "MySqlSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.MySqlSettings" + }, + "OracleSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.OracleSettings" + }, + "PostgreSqlSettings": { + "$ref": "#/definitions/AWS::DMS::DataProvider.PostgreSqlSettings" + } + }, + "type": "object" + }, "AWS::DMS::Endpoint": { "additionalProperties": false, "properties": { @@ -51655,6 +52126,15 @@ "title": "CurrentLsn", "type": "string" }, + "KeepCsvFiles": { + "type": "boolean" + }, + "LoadTimeout": { + "type": "number" + }, + "MaxFileSize": { + "type": "number" + }, "MaxKBytesPerRead": { "markdownDescription": "Maximum number of bytes per read, as a NUMBER value. The default is 64 KB.", "title": "MaxKBytesPerRead", @@ -51674,6 +52154,9 @@ "markdownDescription": "Enables ongoing replication (CDC) as a BOOLEAN value. The default is true.", "title": "SetDataCaptureChanges", "type": "boolean" + }, + "WriteBufferSize": { + "type": "number" } }, "type": "object" @@ -52864,6 +53347,233 @@ ], "type": "object" }, + "AWS::DMS::InstanceProfile": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AvailabilityZone": { + "type": "string" + }, + "Description": { + "type": "string" + }, + "InstanceProfileIdentifier": { + "type": "string" + }, + "InstanceProfileName": { + "type": "string" + }, + "KmsKeyArn": { + "type": "string" + }, + "NetworkType": { + "type": "string" + }, + "PubliclyAccessible": { + "type": "boolean" + }, + "SubnetGroupIdentifier": { + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "VpcSecurityGroups": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::InstanceProfile" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::DMS::MigrationProject": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "Description": { + "type": "string" + }, + "InstanceProfileArn": { + "type": "string" + }, + "InstanceProfileIdentifier": { + "type": "string" + }, + "InstanceProfileName": { + "type": "string" + }, + "MigrationProjectIdentifier": { + "type": "string" + }, + "MigrationProjectName": { + "type": "string" + }, + "SchemaConversionApplicationAttributes": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes" + }, + "SourceDataProviderDescriptors": { + "items": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" + }, + "type": "array" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "type": "array" + }, + "TargetDataProviderDescriptors": { + "items": { + "$ref": "#/definitions/AWS::DMS::MigrationProject.DataProviderDescriptor" + }, + "type": "array" + }, + "TransformationRules": { + "type": "string" + } + }, + "type": "object" + }, + "Type": { + "enum": [ + "AWS::DMS::MigrationProject" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, + "AWS::DMS::MigrationProject.DataProviderDescriptor": { + "additionalProperties": false, + "properties": { + "DataProviderArn": { + "type": "string" + }, + "DataProviderIdentifier": { + "type": "string" + }, + "DataProviderName": { + "type": "string" + }, + "SecretsManagerAccessRoleArn": { + "type": "string" + }, + "SecretsManagerSecretId": { + "type": "string" + } + }, + "type": "object" + }, + "AWS::DMS::MigrationProject.SchemaConversionApplicationAttributes": { + "additionalProperties": false, + "properties": { + "S3BucketPath": { + "type": "string" + }, + "S3BucketRoleArn": { + "type": "string" + } + }, + "type": "object" + }, "AWS::DMS::ReplicationConfig": { "additionalProperties": false, "properties": { @@ -64663,6 +65373,27 @@ }, "type": "object" }, + "AWS::EC2::LaunchTemplate.ConnectionTrackingSpecification": { + "additionalProperties": false, + "properties": { + "TcpEstablishedTimeout": { + "markdownDescription": "Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.", + "title": "TcpEstablishedTimeout", + "type": "number" + }, + "UdpStreamTimeout": { + "markdownDescription": "Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.", + "title": "UdpStreamTimeout", + "type": "number" + }, + "UdpTimeout": { + "markdownDescription": "Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.", + "title": "UdpTimeout", + "type": "number" + } + }, + "type": "object" + }, "AWS::EC2::LaunchTemplate.CpuOptions": { "additionalProperties": false, "properties": { @@ -65356,6 +66087,11 @@ "title": "AssociatePublicIpAddress", "type": "boolean" }, + "ConnectionTrackingSpecification": { + "$ref": "#/definitions/AWS::EC2::LaunchTemplate.ConnectionTrackingSpecification", + "markdownDescription": "A connection tracking specification for the network interface.", + "title": "ConnectionTrackingSpecification" + }, "DeleteOnTermination": { "markdownDescription": "Indicates whether the network interface is deleted when the instance is terminated.", "title": "DeleteOnTermination", @@ -73719,6 +74455,11 @@ "AWS::EC2::VerifiedAccessTrustProvider.DeviceOptions": { "additionalProperties": false, "properties": { + "PublicSigningKeyUrl": { + "markdownDescription": "The URL AWS Verified Access will use to verify the authenticity of the device tokens.", + "title": "PublicSigningKeyUrl", + "type": "string" + }, "TenantId": { "markdownDescription": "The ID of the tenant application with the device-identity provider.", "title": "TenantId", @@ -74634,6 +75375,9 @@ "title": "AutoScalingGroupArn", "type": "string" }, + "ManagedDraining": { + "type": "string" + }, "ManagedScaling": { "$ref": "#/definitions/AWS::ECS::CapacityProvider.ManagedScaling", "markdownDescription": "The managed scaling settings for the Auto Scaling group capacity provider.", @@ -80579,11 +81323,20 @@ "title": "Description", "type": "string" }, + "EncryptionKeyArn": { + "type": "string" + }, "EngineSecurityGroupId": { "markdownDescription": "The ID of the Amazon EMR Studio Engine security group. The Engine security group allows inbound network traffic from the Workspace security group, and it must be in the same VPC specified by `VpcId` .", "title": "EngineSecurityGroupId", "type": "string" }, + "IdcInstanceArn": { + "type": "string" + }, + "IdcUserAssignment": { + "type": "string" + }, "IdpAuthUrl": { "markdownDescription": "Your identity provider's authentication endpoint. Amazon EMR Studio redirects federated users to this endpoint for authentication when logging in to a Studio with the Studio URL.", "title": "IdpAuthUrl", @@ -80620,6 +81373,9 @@ "title": "Tags", "type": "array" }, + "TrustedIdentityPropagationEnabled": { + "type": "boolean" + }, "UserRole": { "markdownDescription": "The Amazon Resource Name (ARN) of the IAM user role that will be assumed by users and groups logged in to a Studio. The permissions attached to this IAM role can be scoped down for each user or group using session policies. You only need to specify `UserRole` when you set `AuthMode` to `SSO` .", "title": "UserRole", @@ -89556,6 +90312,11 @@ "title": "Description", "type": "string" }, + "ExperimentOptions": { + "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.ExperimentTemplateExperimentOptions", + "markdownDescription": "The experiment options for an experiment template.", + "title": "ExperimentOptions" + }, "LogConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.ExperimentTemplateLogConfiguration", "markdownDescription": "The configuration for experiment logging.", @@ -89686,12 +90447,28 @@ ], "type": "object" }, + "AWS::FIS::ExperimentTemplate.ExperimentTemplateExperimentOptions": { + "additionalProperties": false, + "properties": { + "AccountTargeting": { + "markdownDescription": "The account targeting setting for an experiment template.", + "title": "AccountTargeting", + "type": "string" + }, + "EmptyTargetResolutionMode": { + "markdownDescription": "The empty target resolution mode for an experiment template.", + "title": "EmptyTargetResolutionMode", + "type": "string" + } + }, + "type": "object" + }, "AWS::FIS::ExperimentTemplate.ExperimentTemplateLogConfiguration": { "additionalProperties": false, "properties": { "CloudWatchLogsConfiguration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.CloudWatchLogsConfiguration", - "markdownDescription": "The configuration for experiment logging to CloudWatch Logs .", + "markdownDescription": "The configuration for experiment logging to Amazon CloudWatch Logs.", "title": "CloudWatchLogsConfiguration" }, "LogSchemaVersion": { @@ -89701,7 +90478,7 @@ }, "S3Configuration": { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate.S3Configuration", - "markdownDescription": "The configuration for experiment logging to Amazon S3 .", + "markdownDescription": "The configuration for experiment logging to Amazon S3.", "title": "S3Configuration" } }, @@ -89742,7 +90519,7 @@ }, "Parameters": { "additionalProperties": true, - "markdownDescription": "The parameters for the resource type.", + "markdownDescription": "The resource type parameters.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -89829,6 +90606,90 @@ ], "type": "object" }, + "AWS::FIS::TargetAccountConfiguration": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "AccountId": { + "markdownDescription": "The AWS account ID of the target account.", + "title": "AccountId", + "type": "string" + }, + "Description": { + "markdownDescription": "The description of the target account.", + "title": "Description", + "type": "string" + }, + "ExperimentTemplateId": { + "markdownDescription": "The ID of the experiment template.", + "title": "ExperimentTemplateId", + "type": "string" + }, + "RoleArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of an IAM role for the target account.", + "title": "RoleArn", + "type": "string" + } + }, + "required": [ + "AccountId", + "ExperimentTemplateId", + "RoleArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::FIS::TargetAccountConfiguration" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, "AWS::FMS::NotificationChannel": { "additionalProperties": false, "properties": { @@ -109060,7 +109921,7 @@ "properties": { "S3Config": { "$ref": "#/definitions/AWS::InternetMonitor::Monitor.S3Config", - "markdownDescription": "The configuration for publishing Amazon CloudWatch Internet Monitor internet measurements to Amazon S3.", + "markdownDescription": "The configuration information for publishing Internet Monitor internet measurements to Amazon S3. The configuration includes the bucket name and (optionally) prefix for the S3 bucket to store the measurements, and the delivery status. The delivery status is `ENABLED` or `DISABLED` , depending on whether you choose to deliver internet measurements to S3 logs.", "title": "S3Config" } }, @@ -109091,17 +109952,17 @@ "additionalProperties": false, "properties": { "BucketName": { - "markdownDescription": "The Amazon S3 bucket name for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket name.", "title": "BucketName", "type": "string" }, "BucketPrefix": { - "markdownDescription": "An optional Amazon S3 bucket prefix for internet measurements publishing.", + "markdownDescription": "The Amazon S3 bucket prefix.", "title": "BucketPrefix", "type": "string" }, "LogDeliveryStatus": { - "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket. The delivery status is `ENABLED` if you choose to deliver internet measurements to an S3 bucket, and `DISABLED` otherwise.", + "markdownDescription": "The status of publishing Internet Monitor internet measurements to an Amazon S3 bucket.", "title": "LogDeliveryStatus", "type": "string" } @@ -131333,9 +132194,6 @@ "title": "PackageType", "type": "string" }, - "Policy": { - "type": "object" - }, "ReservedConcurrentExecutions": { "markdownDescription": "The number of simultaneous executions to reserve for the function.", "title": "ReservedConcurrentExecutions", @@ -135918,7 +136776,7 @@ "type": "string" }, "BackupRetention": { - "markdownDescription": "A Boolean value indicating whether automated backup retention is enabled for the database.", + "markdownDescription": "A Boolean value indicating whether automated backup retention is enabled for the database. Data Import Mode is enabled when `BackupRetention` is set to `false` , and is disabled when `BackupRetention` is set to `true` .", "title": "BackupRetention", "type": "boolean" }, @@ -146106,6 +146964,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.EpochLockingSettings": { + "additionalProperties": false, + "properties": { + "CustomEpoch": { + "type": "string" + }, + "JamSyncTime": { + "type": "string" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.Esam": { "additionalProperties": false, "properties": { @@ -146181,6 +147051,9 @@ "markdownDescription": "Enables the Input Prepare feature. You can create Input Prepare actions in the schedule only if this feature is enabled.\nIf you disable the feature on an existing schedule, make sure that you first delete all input prepare actions from the schedule.", "title": "InputPrepareScheduleActions", "type": "string" + }, + "OutputStaticImageOverlayScheduleActions": { + "type": "string" } }, "type": "object" @@ -146325,6 +147198,9 @@ "title": "OutputLockingMode", "type": "string" }, + "OutputLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.OutputLockingSettings" + }, "OutputTimingSource": { "markdownDescription": "Indicates whether the rate of frames emitted by the Live encoder should be paced by its system clock (which optionally might be locked to another source through NTP) or should be locked to the clock of the source that is providing the input stream.", "title": "OutputTimingSource", @@ -148465,6 +149341,18 @@ }, "type": "object" }, + "AWS::MediaLive::Channel.OutputLockingSettings": { + "additionalProperties": false, + "properties": { + "EpochLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.EpochLockingSettings" + }, + "PipelineLockingSettings": { + "$ref": "#/definitions/AWS::MediaLive::Channel.PipelineLockingSettings" + } + }, + "type": "object" + }, "AWS::MediaLive::Channel.OutputSettings": { "additionalProperties": false, "properties": { @@ -148516,6 +149404,11 @@ "properties": {}, "type": "object" }, + "AWS::MediaLive::Channel.PipelineLockingSettings": { + "additionalProperties": false, + "properties": {}, + "type": "object" + }, "AWS::MediaLive::Channel.RawSettings": { "additionalProperties": false, "properties": {}, @@ -217560,12 +218453,12 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "Sets the maximum number of seconds that vended temporary credentials through [CreateSession](https://docs.aws.amazon.com/rolesanywhere/latest/userguide/authentication-create-session.html) will be valid for, between 900 and 3600.", + "markdownDescription": "The number of seconds vended session credentials will be valid for", "title": "DurationSeconds", "type": "number" }, "Enabled": { - "markdownDescription": "Indicates whether the profile is enabled.", + "markdownDescription": "The enabled status of the resource.", "title": "Enabled", "type": "boolean" }, @@ -217573,17 +218466,17 @@ "items": { "type": "string" }, - "markdownDescription": "A list of managed policy ARNs that apply to the vended session credentials.", + "markdownDescription": "A list of managed policy ARNs. Managed policies identified by this list will be applied to the vended session credentials.", "title": "ManagedPolicyArns", "type": "array" }, "Name": { - "markdownDescription": "The name of the profile.", + "markdownDescription": "The customer specified name of the resource.", "title": "Name", "type": "string" }, "RequireInstanceProperties": { - "markdownDescription": "Specifies whether instance properties are required in temporary credential requests with this profile.", + "markdownDescription": "Specifies whether instance properties are required in CreateSession requests with this profile.", "title": "RequireInstanceProperties", "type": "boolean" }, @@ -217591,12 +218484,12 @@ "items": { "type": "string" }, - "markdownDescription": "A list of IAM role ARNs. During `CreateSession` , if a matching role ARN is provided, the properties in this profile will be applied to the intersection session policy.", + "markdownDescription": "A list of IAM role ARNs that can be assumed when this profile is specified in a CreateSession request.", "title": "RoleArns", "type": "array" }, "SessionPolicy": { - "markdownDescription": "A session policy that applies to the trust boundary of the vended session credentials.", + "markdownDescription": "A session policy that will applied to the trust boundary of the vended session credentials.", "title": "SessionPolicy", "type": "string" }, @@ -217604,7 +218497,7 @@ "items": { "$ref": "#/definitions/Tag" }, - "markdownDescription": "The tags to attach to the profile.", + "markdownDescription": "A list of Tags.", "title": "Tags", "type": "array" } @@ -217765,11 +218658,11 @@ "properties": { "SourceData": { "$ref": "#/definitions/AWS::RolesAnywhere::TrustAnchor.SourceData", - "markdownDescription": "The data field of the trust anchor depending on its type.", + "markdownDescription": "A union object representing the data field of the TrustAnchor depending on its type", "title": "SourceData" }, "SourceType": { - "markdownDescription": "The type of the TrustAnchor.\n\n> `AWS_ACM_PCA` is not an allowed value in your region.", + "markdownDescription": "The type of the TrustAnchor.", "title": "SourceType", "type": "string" } @@ -221748,6 +222641,11 @@ "markdownDescription": "A prefix for all log object keys. If you store log files from multiple Amazon S3 buckets in a single bucket, you can use a prefix to distinguish which log files came from which bucket.", "title": "LogFilePrefix", "type": "string" + }, + "TargetObjectKeyFormat": { + "$ref": "#/definitions/AWS::S3::Bucket.TargetObjectKeyFormat", + "markdownDescription": "Amazon S3 key format for log objects. Only one format, PartitionedPrefix or SimplePrefix, is allowed.", + "title": "TargetObjectKeyFormat" } }, "type": "object" @@ -221951,6 +222849,17 @@ }, "type": "object" }, + "AWS::S3::Bucket.PartitionedPrefix": { + "additionalProperties": false, + "properties": { + "PartitionDateSource": { + "markdownDescription": "Specifies the partition date source for the partitioned prefix. PartitionDateSource can be EventTime or DeliveryTime.", + "title": "PartitionDateSource", + "type": "string" + } + }, + "type": "object" + }, "AWS::S3::Bucket.PublicAccessBlockConfiguration": { "additionalProperties": false, "properties": { @@ -222503,6 +223412,22 @@ ], "type": "object" }, + "AWS::S3::Bucket.TargetObjectKeyFormat": { + "additionalProperties": false, + "properties": { + "PartitionedPrefix": { + "$ref": "#/definitions/AWS::S3::Bucket.PartitionedPrefix", + "markdownDescription": "Partitioned S3 key for log objects.", + "title": "PartitionedPrefix" + }, + "SimplePrefix": { + "markdownDescription": "To use the simple format for S3 keys for log objects. To specify SimplePrefix format, set SimplePrefix to {}.", + "title": "SimplePrefix", + "type": "object" + } + }, + "type": "object" + }, "AWS::S3::Bucket.Tiering": { "additionalProperties": false, "properties": { @@ -226096,6 +227021,9 @@ "title": "Region", "type": "string" }, + "ReplayPolicy": { + "type": "object" + }, "SubscriptionRoleArn": { "markdownDescription": "This property applies only to Amazon Kinesis Data Firehose delivery stream subscriptions. Specify the ARN of the IAM role that has the following:\n\n- Permission to write to the Amazon Kinesis Data Firehose delivery stream\n- Amazon SNS listed as a trusted entity\n\nSpecifying a valid ARN for this attribute is required for Kinesis Data Firehose delivery stream subscriptions. For more information, see [Fanout to Amazon Kinesis Data Firehose delivery streams](https://docs.aws.amazon.com/sns/latest/dg/sns-firehose-as-subscriber.html) in the *Amazon SNS Developer Guide.*", "title": "SubscriptionRoleArn", @@ -226184,6 +227112,14 @@ "title": "DataProtectionPolicy", "type": "object" }, + "DeliveryStatusLogging": { + "items": { + "$ref": "#/definitions/AWS::SNS::Topic.LoggingConfig" + }, + "markdownDescription": "", + "title": "DeliveryStatusLogging", + "type": "array" + }, "DisplayName": { "markdownDescription": "The display name to use for an Amazon SNS topic with SMS subscriptions. The display name must be maximum 100 characters long, including hyphens (-), underscores (_), spaces, and tabs.", "title": "DisplayName", @@ -226253,6 +227189,35 @@ ], "type": "object" }, + "AWS::SNS::Topic.LoggingConfig": { + "additionalProperties": false, + "properties": { + "FailureFeedbackRoleArn": { + "markdownDescription": "", + "title": "FailureFeedbackRoleArn", + "type": "string" + }, + "Protocol": { + "markdownDescription": "", + "title": "Protocol", + "type": "string" + }, + "SuccessFeedbackRoleArn": { + "markdownDescription": "", + "title": "SuccessFeedbackRoleArn", + "type": "string" + }, + "SuccessFeedbackSampleRate": { + "markdownDescription": "", + "title": "SuccessFeedbackSampleRate", + "type": "string" + } + }, + "required": [ + "Protocol" + ], + "type": "object" + }, "AWS::SNS::Topic.Subscription": { "additionalProperties": false, "properties": { @@ -255302,6 +256267,163 @@ }, "type": "object" }, + "AWS::WorkSpacesThinClient::Environment": { + "additionalProperties": false, + "properties": { + "Condition": { + "type": "string" + }, + "DeletionPolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + }, + "DependsOn": { + "anyOf": [ + { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + { + "items": { + "pattern": "^[a-zA-Z0-9]+$", + "type": "string" + }, + "type": "array" + } + ] + }, + "Metadata": { + "type": "object" + }, + "Properties": { + "additionalProperties": false, + "properties": { + "DesiredSoftwareSetId": { + "markdownDescription": "The ID of the software set to apply.", + "title": "DesiredSoftwareSetId", + "type": "string" + }, + "DesktopArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the desktop to stream from Amazon WorkSpaces , WorkSpaces Web, or AppStream 2.0 .", + "title": "DesktopArn", + "type": "string" + }, + "DesktopEndpoint": { + "markdownDescription": "The URL for the identity provider login (only for environments that use AppStream 2.0 ).", + "title": "DesktopEndpoint", + "type": "string" + }, + "KmsKeyArn": { + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Key Management Service key used to encrypt the environment.", + "title": "KmsKeyArn", + "type": "string" + }, + "MaintenanceWindow": { + "$ref": "#/definitions/AWS::WorkSpacesThinClient::Environment.MaintenanceWindow", + "markdownDescription": "A specification for a time window to apply software updates.", + "title": "MaintenanceWindow" + }, + "Name": { + "markdownDescription": "The name of the environment.", + "title": "Name", + "type": "string" + }, + "SoftwareSetUpdateMode": { + "markdownDescription": "An option to define which software updates to apply.", + "title": "SoftwareSetUpdateMode", + "type": "string" + }, + "SoftwareSetUpdateSchedule": { + "markdownDescription": "An option to define if software updates should be applied within a maintenance window.", + "title": "SoftwareSetUpdateSchedule", + "type": "string" + }, + "Tags": { + "items": { + "$ref": "#/definitions/Tag" + }, + "markdownDescription": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) .", + "title": "Tags", + "type": "array" + } + }, + "required": [ + "DesktopArn" + ], + "type": "object" + }, + "Type": { + "enum": [ + "AWS::WorkSpacesThinClient::Environment" + ], + "type": "string" + }, + "UpdateReplacePolicy": { + "enum": [ + "Delete", + "Retain", + "Snapshot" + ], + "type": "string" + } + }, + "required": [ + "Type", + "Properties" + ], + "type": "object" + }, + "AWS::WorkSpacesThinClient::Environment.MaintenanceWindow": { + "additionalProperties": false, + "properties": { + "ApplyTimeOf": { + "markdownDescription": "The option to set the maintenance window during the device local time or Universal Coordinated Time (UTC).", + "title": "ApplyTimeOf", + "type": "string" + }, + "DaysOfTheWeek": { + "items": { + "type": "string" + }, + "markdownDescription": "The days of the week during which the maintenance window is open.", + "title": "DaysOfTheWeek", + "type": "array" + }, + "EndTimeHour": { + "markdownDescription": "The hour for the maintenance window end ( `00` - `23` ).", + "title": "EndTimeHour", + "type": "number" + }, + "EndTimeMinute": { + "markdownDescription": "The minutes for the maintenance window end ( `00` - `59` ).", + "title": "EndTimeMinute", + "type": "number" + }, + "StartTimeHour": { + "markdownDescription": "The hour for the maintenance window start ( `00` - `23` ).", + "title": "StartTimeHour", + "type": "number" + }, + "StartTimeMinute": { + "markdownDescription": "The minutes past the hour for the maintenance window start ( `00` - `59` ).", + "title": "StartTimeMinute", + "type": "number" + }, + "Type": { + "markdownDescription": "An option to select the default or custom maintenance window.", + "title": "Type", + "type": "string" + } + }, + "required": [ + "Type" + ], + "type": "object" + }, "AWS::WorkSpacesWeb::BrowserSettings": { "additionalProperties": false, "properties": { @@ -257631,12 +258753,21 @@ { "$ref": "#/definitions/AWS::DMS::Certificate" }, + { + "$ref": "#/definitions/AWS::DMS::DataProvider" + }, { "$ref": "#/definitions/AWS::DMS::Endpoint" }, { "$ref": "#/definitions/AWS::DMS::EventSubscription" }, + { + "$ref": "#/definitions/AWS::DMS::InstanceProfile" + }, + { + "$ref": "#/definitions/AWS::DMS::MigrationProject" + }, { "$ref": "#/definitions/AWS::DMS::ReplicationConfig" }, @@ -258258,6 +259389,9 @@ { "$ref": "#/definitions/AWS::FIS::ExperimentTemplate" }, + { + "$ref": "#/definitions/AWS::FIS::TargetAccountConfiguration" + }, { "$ref": "#/definitions/AWS::FMS::NotificationChannel" }, @@ -260316,6 +261450,9 @@ { "$ref": "#/definitions/AWS::WorkSpaces::Workspace" }, + { + "$ref": "#/definitions/AWS::WorkSpacesThinClient::Environment" + }, { "$ref": "#/definitions/AWS::WorkSpacesWeb::BrowserSettings" },