diff --git a/.cfnlintrc.yaml b/.cfnlintrc.yaml index c4ab0b561..fee4c28be 100644 --- a/.cfnlintrc.yaml +++ b/.cfnlintrc.yaml @@ -144,6 +144,10 @@ ignore_templates: - tests/translator/output/**/function_with_metrics_config.json - tests/translator/output/**/function_with_self_managed_kafka_and_schema_registry.json # cfnlint is not updated to recognize the SchemaRegistryConfig property - tests/translator/output/**/function_with_msk_with_schema_registry_config.json # cfnlint is not updated to recognize the SchemaRegistryConfig property + - tests/translator/output/**/function_with_tenancy_config.json # cfnlint is not updated to recognize the TenancyConfig property + - tests/translator/output/**/function_with_tenancy_and_api_event.json # cfnlint is not updated to recognize the TenancyConfig property + - tests/translator/output/**/function_with_tenancy_and_httpapi_event.json # cfnlint is not updated to recognize the TenancyConfig property + - tests/translator/output/**/function_with_tenancy_config_global.json # cfnlint is not updated to recognize the TenancyConfig property ignore_checks: - E2531 # Deprecated runtime; not relevant for transform tests diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a0ab4d8d9..5ecbf6031 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -6,6 +6,7 @@ ### Checklist +- [ ] Review the [generative AI contribution guidelines](https://github.com/aws/serverless-application-model/blob/develop/CONTRIBUTING.md#ai-usage) - [ ] Adheres to the [development guidelines](https://github.com/aws/serverless-application-model/blob/develop/DEVELOPMENT_GUIDE.md#development-guidelines) - [ ] Add/update [transform tests](https://github.com/aws/serverless-application-model/blob/develop/DEVELOPMENT_GUIDE.md#unit-testing-with-multiple-python-versions) - [ ] Using correct values diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index d1a44c908..21329991c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,7 +26,7 @@ jobs: - "3.11" steps: - uses: actions/checkout@v5 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: ${{ matrix.python }} - run: make init diff --git a/.github/workflows/check_compatibility.yml b/.github/workflows/check_compatibility.yml index 0b93e47bd..dfeada548 100644 --- a/.github/workflows/check_compatibility.yml +++ b/.github/workflows/check_compatibility.yml @@ -13,7 +13,7 @@ jobs: - name: Checkout the PR uses: actions/checkout@v5 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.10" diff --git a/.github/workflows/schema.yml b/.github/workflows/schema.yml index deac5328e..a3559abd0 100644 --- a/.github/workflows/schema.yml +++ b/.github/workflows/schema.yml @@ -16,7 +16,7 @@ jobs: steps: - uses: actions/checkout@v5 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: "3.10" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ad46dd0dd..3221dae79 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -7,6 +7,17 @@ transparent and open process for evolving AWS SAM. Please read through this document before submitting any issues or pull requests to ensure we have all the necessary information to effectively respond to your bug report or contribution. +## AI Usage + +While using generative AI is allowed when contributing to this project, please keep the following points in mind: + +* Review all code yourself before you submit it. +* Understand all the code you have submitted in order to answer any questions the maintainers could have when reviewing your PR. +* Avoid being overly verbose in code and testing - extra code can be hard to review. + * For example, avoid writing unit tests that duplicate existing ones, or test libraries that you're using. +* Keep PR descriptions, comments, and follow ups concise. +* Ensure AI-generated code meets the same quality standards as human-written code. + ## Integrating AWS SAM into your tool We encourage you to modify SAM to integrate it with other frameworks and deployment providers from the community for building serverless applications. If you're building a new tool that will use AWS SAM, let us know how we can help! diff --git a/bin/run_cfn_lint.sh b/bin/run_cfn_lint.sh index eeee7e483..92c448eac 100755 --- a/bin/run_cfn_lint.sh +++ b/bin/run_cfn_lint.sh @@ -10,6 +10,22 @@ if [ ! -d "${VENV}" ]; then fi "${VENV}/bin/python" -m pip install cfn-lint --upgrade --quiet -# update cfn schema -"${VENV}/bin/cfn-lint" -u +# update cfn schema with retry logic (can fail due to network issues) +MAX_RETRIES=3 +RETRY_COUNT=0 +while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do + if "${VENV}/bin/cfn-lint" -u; then + echo "Successfully updated cfn-lint schema" + break + else + RETRY_COUNT=$((RETRY_COUNT + 1)) + if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then + echo "cfn-lint schema update failed, retrying... (attempt $RETRY_COUNT of $MAX_RETRIES)" + sleep 2 + else + echo "cfn-lint schema update failed after $MAX_RETRIES attempts" + exit 1 + fi + fi +done "${VENV}/bin/cfn-lint" --format parseable diff --git a/integration/resources/expected/single/basic_function_with_tenancy_config.json b/integration/resources/expected/single/basic_function_with_tenancy_config.json new file mode 100644 index 000000000..d4dfecb35 --- /dev/null +++ b/integration/resources/expected/single/basic_function_with_tenancy_config.json @@ -0,0 +1,10 @@ +[ + { + "LogicalResourceId": "MyLambdaFunction", + "ResourceType": "AWS::Lambda::Function" + }, + { + "LogicalResourceId": "MyLambdaFunctionRole", + "ResourceType": "AWS::IAM::Role" + } +] diff --git a/integration/resources/templates/combination/api_with_authorizer_override_api_auth.yaml b/integration/resources/templates/combination/api_with_authorizer_override_api_auth.yaml index a5641b734..ccb70abbe 100644 --- a/integration/resources/templates/combination/api_with_authorizer_override_api_auth.yaml +++ b/integration/resources/templates/combination/api_with_authorizer_override_api_auth.yaml @@ -51,14 +51,14 @@ Resources: Type: AWS::Serverless::Function Properties: InlineCode: | - exports.handler = async (event, context, callback) => { + exports.handler = async (event, context) => { return { statusCode: 200, body: 'Success' } } Handler: index.handler - Runtime: nodejs16.x + Runtime: nodejs22.x Events: LambdaRequest: Type: Api @@ -94,9 +94,9 @@ Resources: Type: AWS::Serverless::Function Properties: Handler: index.handler - Runtime: nodejs16.x + Runtime: nodejs22.x InlineCode: | - exports.handler = async (event, context, callback) => { + exports.handler = async (event, context) => { const auth = event.queryStringParameters.authorization const policyDocument = { Version: '2012-10-17', diff --git a/integration/resources/templates/combination/connector_appsync_to_eventbus.yaml b/integration/resources/templates/combination/connector_appsync_to_eventbus.yaml index bc3ca12f0..34ccef5ee 100644 --- a/integration/resources/templates/combination/connector_appsync_to_eventbus.yaml +++ b/integration/resources/templates/combination/connector_appsync_to_eventbus.yaml @@ -117,7 +117,7 @@ Resources: API_KEY: !GetAtt ApiKey.ApiKey GRAPHQL_URL: !GetAtt AppSyncApi.GraphQLUrl EventBusName: !Ref EventBus - Runtime: nodejs16.x + Runtime: nodejs22.x Handler: index.handler InlineCode: | const https = require("https"); diff --git a/integration/resources/templates/combination/function_with_msk.yaml b/integration/resources/templates/combination/function_with_msk.yaml index 6b72c36e1..91f3a0992 100644 --- a/integration/resources/templates/combination/function_with_msk.yaml +++ b/integration/resources/templates/combination/function_with_msk.yaml @@ -60,6 +60,7 @@ Resources: MyMskEvent: Type: MSK Properties: + Enabled: false StartingPosition: LATEST Stream: Ref: MyMskCluster diff --git a/integration/resources/templates/combination/function_with_msk_trigger_and_confluent_schema_registry.yaml b/integration/resources/templates/combination/function_with_msk_trigger_and_confluent_schema_registry.yaml index dedc27203..44fad6ec9 100644 --- a/integration/resources/templates/combination/function_with_msk_trigger_and_confluent_schema_registry.yaml +++ b/integration/resources/templates/combination/function_with_msk_trigger_and_confluent_schema_registry.yaml @@ -60,6 +60,7 @@ Resources: MyMskEvent: Type: MSK Properties: + Enabled: false StartingPosition: LATEST Stream: Ref: MyMskCluster diff --git a/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml b/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml index c449edbc4..6e7911075 100644 --- a/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml +++ b/integration/resources/templates/combination/function_with_msk_trigger_and_s3_onfailure_events_destinations.yaml @@ -27,6 +27,11 @@ Resources: logs:CreateLogStream, logs:PutLogEvents, s3:ListBucket] Effect: Allow Resource: '*' + - Action: [s3:PutObject, s3:ListBucket] + Effect: Allow + Resource: + - arn:aws:s3:::*/* + - arn:aws:s3:::* ManagedPolicyArns: - !Sub arn:${AWS::Partition}:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole Tags: @@ -60,6 +65,7 @@ Resources: MyMskEvent: Type: MSK Properties: + Enabled: false StartingPosition: LATEST Stream: Ref: MyMskCluster diff --git a/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml b/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml index 05b0b3e54..4c2bcf7e9 100644 --- a/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml +++ b/integration/resources/templates/combination/function_with_msk_using_managed_policy.yaml @@ -33,6 +33,7 @@ Resources: MyMskEvent: Type: MSK Properties: + Enabled: false StartingPosition: LATEST Stream: Ref: MyMskCluster diff --git a/integration/resources/templates/combination/intrinsics_serverless_function.yaml b/integration/resources/templates/combination/intrinsics_serverless_function.yaml index f7bfd8ca6..4172d4302 100644 --- a/integration/resources/templates/combination/intrinsics_serverless_function.yaml +++ b/integration/resources/templates/combination/intrinsics_serverless_function.yaml @@ -44,7 +44,7 @@ Resources: Fn::Sub: ['${filename}.handler', filename: index] Runtime: - Fn::Join: ['', [nodejs, 16.x]] + Fn::Join: ['', [nodejs, 22.x]] Role: Fn::GetAtt: [MyNewRole, Arn] diff --git a/integration/resources/templates/single/basic_function_with_tenancy_config.yaml b/integration/resources/templates/single/basic_function_with_tenancy_config.yaml new file mode 100644 index 000000000..a87100dec --- /dev/null +++ b/integration/resources/templates/single/basic_function_with_tenancy_config.yaml @@ -0,0 +1,15 @@ +Resources: + MyLambdaFunction: + Type: AWS::Serverless::Function + Properties: + Handler: index.handler + Runtime: nodejs18.x + CodeUri: ${codeuri} + MemorySize: 128 + TenancyConfig: + TenantIsolationMode: PER_TENANT + Policies: + - AWSLambdaRole + - AmazonS3ReadOnlyAccess +Metadata: + SamTransformTest: true diff --git a/integration/single/test_basic_function.py b/integration/single/test_basic_function.py index 8e7cc3aee..598a38682 100644 --- a/integration/single/test_basic_function.py +++ b/integration/single/test_basic_function.py @@ -392,3 +392,24 @@ def _assert_invoke(self, lambda_client, function_name, qualifier=None, expected_ def _verify_get_request(self, url, expected_text): response = self.verify_get_request_response(url, 200) self.assertEqual(response.text, expected_text) + + # @skipIf(current_region_does_not_support([MULTI_TENANCY]), "Multi-tenancy is not supported in this testing region") + @skipIf(True, "Multi-tenancy feature is not available to test yet") + def test_basic_function_with_tenancy_config(self): + """ + Creates a basic lambda function with TenancyConfig + """ + self.create_and_verify_stack("single/basic_function_with_tenancy_config") + + lambda_client = self.client_provider.lambda_client + function_name = self.get_physical_id_by_type("AWS::Lambda::Function") + + # Get function configuration + function_config = lambda_client.get_function_configuration(FunctionName=function_name) + + # Verify TenancyConfig is set correctly + self.assertEqual( + function_config["TenancyConfig"]["TenantIsolationMode"], + "PER_TENANT", + "Expected TenantIsolationMode to be PER_TENANT", + ) diff --git a/pytest.ini b/pytest.ini index a83694b93..c9d902448 100644 --- a/pytest.ini +++ b/pytest.ini @@ -22,3 +22,5 @@ filterwarnings = ignore::DeprecationWarning:urllib3.*: # https://github.com/boto/boto3/issues/3889 ignore:datetime.datetime.utcnow + # Boto3 will stop supporting Python3.9 starting April 29, 2026 + ignore:Boto3 will no longer support Python 3.9:boto3.exceptions.PythonDeprecationWarning diff --git a/samtranslator/__init__.py b/samtranslator/__init__.py index 9bdb12162..a0a65a3fb 100644 --- a/samtranslator/__init__.py +++ b/samtranslator/__init__.py @@ -1 +1 @@ -__version__ = "1.101.0" +__version__ = "1.102.0" diff --git a/samtranslator/internal/data/aws_managed_policies.json b/samtranslator/internal/data/aws_managed_policies.json index 506cf3306..adf8feb79 100644 --- a/samtranslator/internal/data/aws_managed_policies.json +++ b/samtranslator/internal/data/aws_managed_policies.json @@ -756,7 +756,7 @@ "AmazonGrafanaCloudWatchAccess": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaCloudWatchAccess", "AmazonGrafanaRedshiftAccess": "arn:aws:iam::aws:policy/service-role/AmazonGrafanaRedshiftAccess", "AmazonGrafanaServiceLinkedRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy", - "AmazonGuardDutyFullAccess": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess", + "AmazonGuardDutyFullAccess_v2": "arn:aws:iam::aws:policy/AmazonGuardDutyFullAccess_v2", "AmazonGuardDutyMalwareProtectionServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy", "AmazonGuardDutyReadOnlyAccess": "arn:aws:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "AmazonGuardDutyServiceRolePolicy": "arn:aws:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", @@ -1577,7 +1577,7 @@ "AmazonFreeRTOSOTAUpdate": "arn:aws-cn:iam::aws:policy/service-role/AmazonFreeRTOSOTAUpdate", "AmazonGlacierFullAccess": "arn:aws-cn:iam::aws:policy/AmazonGlacierFullAccess", "AmazonGlacierReadOnlyAccess": "arn:aws-cn:iam::aws:policy/AmazonGlacierReadOnlyAccess", - "AmazonGuardDutyFullAccess": "arn:aws-cn:iam::aws:policy/AmazonGuardDutyFullAccess", + "AmazonGuardDutyFullAccess_v2": "arn:aws-cn:iam::aws:policy/AmazonGuardDutyFullAccess_v2", "AmazonGuardDutyMalwareProtectionServiceRolePolicy": "arn:aws-cn:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy", "AmazonGuardDutyReadOnlyAccess": "arn:aws-cn:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "AmazonGuardDutyServiceRolePolicy": "arn:aws-cn:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", @@ -2200,7 +2200,7 @@ "AmazonFSxServiceRolePolicy": "arn:aws-us-gov:iam::aws:policy/aws-service-role/AmazonFSxServiceRolePolicy", "AmazonGlacierFullAccess": "arn:aws-us-gov:iam::aws:policy/AmazonGlacierFullAccess", "AmazonGlacierReadOnlyAccess": "arn:aws-us-gov:iam::aws:policy/AmazonGlacierReadOnlyAccess", - "AmazonGuardDutyFullAccess": "arn:aws-us-gov:iam::aws:policy/AmazonGuardDutyFullAccess", + "AmazonGuardDutyFullAccess_v2": "arn:aws-us-gov:iam::aws:policy/AmazonGuardDutyFullAccess_v2", "AmazonGuardDutyReadOnlyAccess": "arn:aws-us-gov:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "AmazonGuardDutyServiceRolePolicy": "arn:aws-us-gov:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", "AmazonInspector2FullAccess": "arn:aws-us-gov:iam::aws:policy/AmazonInspector2FullAccess", @@ -2608,7 +2608,7 @@ "AmazonGrafanaCloudWatchAccess": "arn:aws-eusc:iam::aws:policy/service-role/AmazonGrafanaCloudWatchAccess", "AmazonGrafanaRedshiftAccess": "arn:aws-eusc:iam::aws:policy/service-role/AmazonGrafanaRedshiftAccess", "AmazonGrafanaServiceLinkedRolePolicy": "arn:aws-eusc:iam::aws:policy/aws-service-role/AmazonGrafanaServiceLinkedRolePolicy", - "AmazonGuardDutyFullAccess": "arn:aws-eusc:iam::aws:policy/AmazonGuardDutyFullAccess", + "AmazonGuardDutyFullAccess_v2": "arn:aws-eusc:iam::aws:policy/AmazonGuardDutyFullAccess_v2", "AmazonGuardDutyMalwareProtectionServiceRolePolicy": "arn:aws-eusc:iam::aws:policy/aws-service-role/AmazonGuardDutyMalwareProtectionServiceRolePolicy", "AmazonGuardDutyReadOnlyAccess": "arn:aws-eusc:iam::aws:policy/AmazonGuardDutyReadOnlyAccess", "AmazonGuardDutyServiceRolePolicy": "arn:aws-eusc:iam::aws:policy/aws-service-role/AmazonGuardDutyServiceRolePolicy", diff --git a/samtranslator/internal/schema_source/aws_serverless_function.py b/samtranslator/internal/schema_source/aws_serverless_function.py index 260d2eae7..cca8559bc 100644 --- a/samtranslator/internal/schema_source/aws_serverless_function.py +++ b/samtranslator/internal/schema_source/aws_serverless_function.py @@ -411,6 +411,7 @@ class HttpApiEvent(BaseModel): class MSKEventProperties(BaseModel): ConsumerGroupId: Optional[PassThroughProp] = mskeventproperties("ConsumerGroupId") + Enabled: Optional[PassThroughProp] # TODO: it doesn't show up in docs yet FilterCriteria: Optional[PassThroughProp] = mskeventproperties("FilterCriteria") KmsKeyArn: Optional[PassThroughProp] # TODO: add documentation MaximumBatchingWindowInSeconds: Optional[PassThroughProp] = mskeventproperties("MaximumBatchingWindowInSeconds") @@ -521,6 +522,7 @@ class ScheduleV2Event(BaseModel): LoggingConfig = Optional[PassThroughProp] # TODO: add documentation RecursiveLoop = Optional[PassThroughProp] SourceKMSKeyArn = Optional[PassThroughProp] +TenancyConfig = Optional[PassThroughProp] class Properties(BaseModel): @@ -649,6 +651,7 @@ class Properties(BaseModel): LoggingConfig: Optional[PassThroughProp] # TODO: add documentation RecursiveLoop: Optional[PassThroughProp] # TODO: add documentation SourceKMSKeyArn: Optional[PassThroughProp] # TODO: add documentation + TenancyConfig: Optional[PassThroughProp] # TODO: add documentation class Globals(BaseModel): @@ -709,6 +712,7 @@ class Globals(BaseModel): LoggingConfig: Optional[PassThroughProp] # TODO: add documentation RecursiveLoop: Optional[PassThroughProp] # TODO: add documentation SourceKMSKeyArn: Optional[PassThroughProp] # TODO: add documentation + TenancyConfig: Optional[PassThroughProp] # TODO: add documentation class Resource(ResourceAttributes): diff --git a/samtranslator/intrinsics/actions.py b/samtranslator/intrinsics/actions.py index 60011f6a4..3018bf907 100644 --- a/samtranslator/intrinsics/actions.py +++ b/samtranslator/intrinsics/actions.py @@ -5,6 +5,31 @@ from samtranslator.model.exceptions import InvalidDocumentException, InvalidTemplateException +def _get_parameter_value(parameters: Dict[str, Any], param_name: str, default: Any = None) -> Any: + """ + Get parameter value from parameters dict, but return default (None) if + - it's a CloudFormation internal placeholder. + - param_name is not in the parameters. + + CloudFormation internal placeholders are passed during changeset creation with --include-nested-stacks + when there are cross-references between nested stacks that don't exist yet. + These placeholders should not be resolved by SAM. + + :param parameters: Dictionary of parameter values + :param param_name: Name of the parameter to retrieve + :param default: Default value to return if parameter not found or is a placeholder + :return: Parameter value, or default if not found or is a CloudFormation placeholder + """ + value = parameters.get(param_name, default) + + # Check if the value is a CloudFormation internal placeholder + # E.g. {{IntrinsicFunction:api-xx/MyStack.Outputs.API/Fn::GetAtt}} + if isinstance(value, str) and value.startswith("{{IntrinsicFunction:"): + return default + + return value + + class Action(ABC): """ Base class for intrinsic function actions. Each intrinsic function must subclass this, @@ -103,9 +128,9 @@ def resolve_parameter_refs(self, input_dict: Optional[Any], parameters: Dict[str if not isinstance(param_name, str): return input_dict - if param_name in parameters: - return parameters[param_name] - return input_dict + # Use the wrapper function to get parameter value + # It returns the original input unchanged if the parameter is a CloudFormation internal placeholder + return _get_parameter_value(parameters, param_name, input_dict) def resolve_resource_refs( self, input_dict: Optional[Any], supported_resource_refs: Dict[str, Any] @@ -193,7 +218,9 @@ def do_replacement(full_ref: str, prop_name: str) -> Any: :param prop_name: => logicalId.property :return: Either the value it resolves to. If not the original reference """ - return parameters.get(prop_name, full_ref) + # Use the wrapper function to get parameter value + # It returns the original input unchanged if the parameter is a CloudFormation internal placeholder + return _get_parameter_value(parameters, prop_name, full_ref) return self._handle_sub_action(input_dict, do_replacement) diff --git a/samtranslator/model/lambda_.py b/samtranslator/model/lambda_.py index c6fecd242..e59127723 100644 --- a/samtranslator/model/lambda_.py +++ b/samtranslator/model/lambda_.py @@ -36,6 +36,7 @@ class LambdaFunction(Resource): "RuntimeManagementConfig": GeneratedProperty(), "LoggingConfig": GeneratedProperty(), "RecursiveLoop": GeneratedProperty(), + "TenancyConfig": GeneratedProperty(), } Code: Dict[str, Any] @@ -64,6 +65,7 @@ class LambdaFunction(Resource): RuntimeManagementConfig: Optional[Dict[str, Any]] LoggingConfig: Optional[Dict[str, Any]] RecursiveLoop: Optional[str] + TenancyConfig: Optional[Dict[str, Any]] runtime_attrs = {"name": lambda self: ref(self.logical_id), "arn": lambda self: fnGetAtt(self.logical_id, "Arn")} diff --git a/samtranslator/model/sam_resources.py b/samtranslator/model/sam_resources.py index 70e7ef675..3cafe9634 100644 --- a/samtranslator/model/sam_resources.py +++ b/samtranslator/model/sam_resources.py @@ -184,6 +184,7 @@ class SamFunction(SamResourceMacro): "LoggingConfig": PassThroughProperty(False), "RecursiveLoop": PassThroughProperty(False), "SourceKMSKeyArn": PassThroughProperty(False), + "TenancyConfig": PassThroughProperty(False), } FunctionName: Optional[Intrinsicable[str]] @@ -228,6 +229,7 @@ class SamFunction(SamResourceMacro): LoggingConfig: Optional[Dict[str, Any]] RecursiveLoop: Optional[str] SourceKMSKeyArn: Optional[str] + TenancyConfig: Optional[Dict[str, Any]] event_resolver = ResourceTypeResolver( samtranslator.model.eventsources, @@ -277,6 +279,8 @@ def to_cloudformation(self, **kwargs): # type: ignore[no-untyped-def] # noqa: P if self.DeadLetterQueue: self._validate_dlq(self.DeadLetterQueue) + self._validate_tenancy_config_compatibility() + lambda_function = self._construct_lambda_function(intrinsics_resolver) resources.append(lambda_function) @@ -572,6 +576,37 @@ def _get_resolved_alias_name( return resolved_alias_name + def _validate_tenancy_config_compatibility(self) -> None: + if not self.TenancyConfig: + return + + if self.ProvisionedConcurrencyConfig: + raise InvalidResourceException( + self.logical_id, + "Provisioned concurrency is not supported for functions enabled with tenancy configuration.", + ) + + if self.FunctionUrlConfig: + raise InvalidResourceException( + self.logical_id, + "Function URL is not supported for functions enabled with tenancy configuration.", + ) + + if self.SnapStart: + raise InvalidResourceException( + self.logical_id, + "SnapStart is not supported for functions enabled with tenancy configuration.", + ) + + if self.Events: + for event in self.Events.values(): + event_type = event.get("Type") + if event_type not in ["Api", "HttpApi"]: + raise InvalidResourceException( + self.logical_id, + f"Event source '{event_type}' is not supported for functions enabled with tenancy configuration. Only Api and HttpApi event sources are supported.", + ) + def _construct_lambda_function(self, intrinsics_resolver: IntrinsicsResolver) -> LambdaFunction: """Constructs and returns the Lambda function. @@ -618,6 +653,7 @@ def _construct_lambda_function(self, intrinsics_resolver: IntrinsicsResolver) -> lambda_function.RuntimeManagementConfig = self.RuntimeManagementConfig # type: ignore[attr-defined] lambda_function.LoggingConfig = self.LoggingConfig + lambda_function.TenancyConfig = self.TenancyConfig lambda_function.RecursiveLoop = self.RecursiveLoop self._validate_package_type(lambda_function) return lambda_function diff --git a/samtranslator/plugins/globals/globals.py b/samtranslator/plugins/globals/globals.py index edd3ebe1a..341c67fc5 100644 --- a/samtranslator/plugins/globals/globals.py +++ b/samtranslator/plugins/globals/globals.py @@ -56,6 +56,7 @@ class Globals: "LoggingConfig", "RecursiveLoop", "SourceKMSKeyArn", + "TenancyConfig", ], # Everything except # DefinitionBody: because its hard to reason about merge of Swagger dictionaries @@ -101,7 +102,12 @@ class Globals: } # unreleased_properties *must be* part of supported_properties too unreleased_properties: Dict[str, List[str]] = { - SamResourceType.Function.value: ["RuntimeManagementConfig", "RecursiveLoop", "SourceKMSKeyArn"], + SamResourceType.Function.value: [ + "RuntimeManagementConfig", + "RecursiveLoop", + "SourceKMSKeyArn", + "TenancyConfig", + ], } def __init__(self, template: Dict[str, Any]) -> None: diff --git a/samtranslator/schema/schema.json b/samtranslator/schema/schema.json index b6541cf06..c67b27b57 100644 --- a/samtranslator/schema/schema.json +++ b/samtranslator/schema/schema.json @@ -1903,18 +1903,18 @@ "type": "string" }, "AutoMinorVersionUpgrade": { - "markdownDescription": "Enables automatic upgrades to new minor versions for brokers, as new broker engine versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.", + "markdownDescription": "Enables automatic upgrades to new patch versions for brokers as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window or after a manual broker reboot. Set to `true` by default, if no value is specified.\n\n> Must be set to `true` for ActiveMQ brokers version 5.18 and above and for RabbitMQ brokers version 3.13 and above.", "title": "AutoMinorVersionUpgrade", "type": "boolean" }, "BrokerName": { - "markdownDescription": "The name of the broker. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including C CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", + "markdownDescription": "Required. The broker's name. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", "title": "BrokerName", "type": "string" }, "Configuration": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.ConfigurationId", - "markdownDescription": "A list of information about the configuration. Does not apply to RabbitMQ brokers.", + "markdownDescription": "A list of information about the configuration.", "title": "Configuration" }, "DataReplicationMode": { @@ -1928,27 +1928,27 @@ "type": "string" }, "DeploymentMode": { - "markdownDescription": "The deployment mode of the broker. Available values:\n\n- `SINGLE_INSTANCE`\n- `ACTIVE_STANDBY_MULTI_AZ`\n- `CLUSTER_MULTI_AZ`", + "markdownDescription": "Required. The broker's deployment mode.", "title": "DeploymentMode", "type": "string" }, "EncryptionOptions": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.EncryptionOptions", - "markdownDescription": "Encryption options for the broker. Does not apply to RabbitMQ brokers.", + "markdownDescription": "Encryption options for the broker.", "title": "EncryptionOptions" }, "EngineType": { - "markdownDescription": "The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", + "markdownDescription": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", "title": "EngineType", "type": "string" }, "EngineVersion": { - "markdownDescription": "The version of the broker engine. For a list of supported engine versions, see [Engine](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) in the *Amazon MQ Developer Guide* .", + "markdownDescription": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", "title": "EngineVersion", "type": "string" }, "HostInstanceType": { - "markdownDescription": "The broker's instance type.", + "markdownDescription": "Required. The broker's instance type.", "title": "HostInstanceType", "type": "string" }, @@ -1964,11 +1964,11 @@ }, "MaintenanceWindowStartTime": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.MaintenanceWindow", - "markdownDescription": "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.", + "markdownDescription": "The parameters that determine the WeeklyStartTime.", "title": "MaintenanceWindowStartTime" }, "PubliclyAccessible": { - "markdownDescription": "Enables connections from applications outside of the VPC that hosts the broker's subnets.", + "markdownDescription": "Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to `false` by default, if no value is provided.", "title": "PubliclyAccessible", "type": "boolean" }, @@ -1989,7 +1989,7 @@ "items": { "type": "string" }, - "markdownDescription": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC enpoints in VPCs that are not owned by your AWS account .", + "markdownDescription": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a [shared VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html) for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account .", "title": "SubnetIds", "type": "array" }, @@ -1997,7 +1997,7 @@ "items": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.TagsEntry" }, - "markdownDescription": "An array of key-value pairs. For more information, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *Billing and Cost Management User Guide* .", + "markdownDescription": "Create tags when creating the broker.", "title": "Tags", "type": "array" }, @@ -2005,7 +2005,7 @@ "items": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.User" }, - "markdownDescription": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent RabbitMQ users are created by via the RabbitMQ web console or by using the RabbitMQ management API.", + "markdownDescription": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.\n\nWhen OAuth 2.0 is enabled, the broker accepts one or no users.", "title": "Users", "type": "array" } @@ -2047,7 +2047,7 @@ "additionalProperties": false, "properties": { "Id": { - "markdownDescription": "The unique ID that Amazon MQ generates for the configuration.", + "markdownDescription": "Required. The unique ID that Amazon MQ generates for the configuration.", "title": "Id", "type": "string" }, @@ -2089,57 +2089,57 @@ "items": { "type": "string" }, - "markdownDescription": "Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.", + "markdownDescription": "", "title": "Hosts", "type": "array" }, "RoleBase": { - "markdownDescription": "The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, `ou=group` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "RoleBase", "type": "string" }, "RoleName": { - "markdownDescription": "The group name attribute in a role entry whose value is the name of that role. For example, you can specify `cn` for a group entry's common name. If authentication succeeds, then the user is assigned the the value of the `cn` attribute for each role entry that they are a member of.", + "markdownDescription": "", "title": "RoleName", "type": "string" }, "RoleSearchMatching": { - "markdownDescription": "The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the `{0}` placeholder in the search filter. The client's username is substituted into the `{1}` placeholder. For example, if you set this option to `(member=uid={1})` for the user janedoe, the search filter becomes `(member=uid=janedoe)` after string substitution. It matches all role entries that have a member attribute equal to `uid=janedoe` under the subtree selected by the `RoleBases` .", + "markdownDescription": "", "title": "RoleSearchMatching", "type": "string" }, "RoleSearchSubtree": { - "markdownDescription": "The directory search scope for the role. If set to true, scope is to search the entire subtree.", + "markdownDescription": "", "title": "RoleSearchSubtree", "type": "boolean" }, "ServiceAccountPassword": { - "markdownDescription": "Service account password. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "ServiceAccountPassword", "type": "string" }, "ServiceAccountUsername": { - "markdownDescription": "Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "ServiceAccountUsername", "type": "string" }, "UserBase": { - "markdownDescription": "Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` , the search for user entries is restricted to the subtree beneath `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "UserBase", "type": "string" }, "UserRoleName": { - "markdownDescription": "The name of the LDAP attribute in the user's directory entry for the user's group membership. In some cases, user roles may be identified by the value of an attribute in the user's directory entry. The `UserRoleName` option allows you to provide the name of this attribute.", + "markdownDescription": "", "title": "UserRoleName", "type": "string" }, "UserSearchMatching": { - "markdownDescription": "The LDAP search filter used to find users within the `userBase` . The client's username is substituted into the `{0}` placeholder in the search filter. For example, if this option is set to `(uid={0})` and the received username is `janedoe` , the search filter becomes `(uid=janedoe)` after string substitution. It will result in matching an entry like `uid=janedoe` , `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "UserSearchMatching", "type": "string" }, "UserSearchSubtree": { - "markdownDescription": "The directory search scope for the user. If set to true, scope is to search the entire subtree.", + "markdownDescription": "", "title": "UserSearchSubtree", "type": "boolean" } @@ -2175,12 +2175,12 @@ "additionalProperties": false, "properties": { "DayOfWeek": { - "markdownDescription": "The day of the week.", + "markdownDescription": "Required. The day of the week.", "title": "DayOfWeek", "type": "string" }, "TimeOfDay": { - "markdownDescription": "The time, in 24-hour format.", + "markdownDescription": "Required. The time, in 24-hour format.", "title": "TimeOfDay", "type": "string" }, @@ -2201,12 +2201,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The key in a key-value pair.", + "markdownDescription": "", "title": "Key", "type": "string" }, "Value": { - "markdownDescription": "The value in a key-value pair.", + "markdownDescription": "", "title": "Value", "type": "string" } @@ -2221,7 +2221,7 @@ "additionalProperties": false, "properties": { "ConsoleAccess": { - "markdownDescription": "Enables access to the ActiveMQ web console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", + "markdownDescription": "Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", "title": "ConsoleAccess", "type": "boolean" }, @@ -2234,7 +2234,7 @@ "type": "array" }, "Password": { - "markdownDescription": "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", + "markdownDescription": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", "title": "Password", "type": "string" }, @@ -2244,7 +2244,7 @@ "type": "boolean" }, "Username": { - "markdownDescription": "The username of the broker user. For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using guest as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data.", + "markdownDescription": "The username of the broker user. The following restrictions apply to broker usernames:\n\n- For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.\n- For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using `guest` as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data.", "title": "Username", "type": "string" } @@ -2296,7 +2296,7 @@ "type": "string" }, "Data": { - "markdownDescription": "The base64-encoded XML configuration.", + "markdownDescription": "Amazon MQ for Active MQ: The base64-encoded XML configuration. Amazon MQ for RabbitMQ: the base64-encoded Cuttlefish configuration.", "title": "Data", "type": "string" }, @@ -2306,17 +2306,17 @@ "type": "string" }, "EngineType": { - "markdownDescription": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.", + "markdownDescription": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", "title": "EngineType", "type": "string" }, "EngineVersion": { - "markdownDescription": "The version of the broker engine. For a list of supported engine versions, see [](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html)", + "markdownDescription": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", "title": "EngineVersion", "type": "string" }, "Name": { - "markdownDescription": "The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", + "markdownDescription": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", "title": "Name", "type": "string" }, @@ -2362,12 +2362,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The key in a key-value pair.", + "markdownDescription": "", "title": "Key", "type": "string" }, "Value": { - "markdownDescription": "The value in a key-value pair.", + "markdownDescription": "", "title": "Value", "type": "string" } @@ -2414,13 +2414,13 @@ "additionalProperties": false, "properties": { "Broker": { - "markdownDescription": "The broker to associate with a configuration.", + "markdownDescription": "", "title": "Broker", "type": "string" }, "Configuration": { "$ref": "#/definitions/AWS::AmazonMQ::ConfigurationAssociation.ConfigurationId", - "markdownDescription": "The configuration to associate with a broker.", + "markdownDescription": "Returns information about all configurations.", "title": "Configuration" } }, @@ -2455,7 +2455,7 @@ "additionalProperties": false, "properties": { "Id": { - "markdownDescription": "The unique ID that Amazon MQ generates for the configuration.", + "markdownDescription": "Required. The unique ID that Amazon MQ generates for the configuration.", "title": "Id", "type": "string" }, @@ -3059,12 +3059,12 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for a custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", + "markdownDescription": "The Amazon resource name (ARN) for a custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", "title": "CertificateArn", "type": "string" }, "CertificateType": { - "markdownDescription": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "markdownDescription": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", "title": "CertificateType", "type": "string" }, @@ -3080,12 +3080,12 @@ "additionalProperties": false, "properties": { "CertificateType": { - "markdownDescription": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "markdownDescription": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", "title": "CertificateType", "type": "string" }, "CustomCertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for the custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", + "markdownDescription": "The Amazon resource name (ARN) for the custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", "title": "CustomCertificateArn", "type": "string" } @@ -5554,7 +5554,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.", "title": "CertificateArn", "type": "string" }, @@ -5579,7 +5579,7 @@ "type": "string" }, "RegionalCertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.", "title": "RegionalCertificateArn", "type": "string" }, @@ -7964,7 +7964,7 @@ "type": "string" }, "OwnershipVerificationCertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for the public certificate issued by AWS Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", + "markdownDescription": "The Amazon resource name (ARN) for the public certificate issued by Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", "title": "OwnershipVerificationCertificateArn", "type": "string" }, @@ -14804,7 +14804,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayListenerTlsAcmCertificate", - "markdownDescription": "A reference to an object that represents an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15016,7 +15016,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayTlsValidationContextAcmTrust", - "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15540,7 +15540,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.ListenerTlsAcmCertificate", - "markdownDescription": "A reference to an object that represents an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15831,7 +15831,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.TlsValidationContextAcmTrust", - "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -18100,7 +18100,7 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", + "markdownDescription": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", "title": "InstanceType", "type": "string" }, @@ -18346,7 +18346,7 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge", + "markdownDescription": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge", "title": "InstanceType", "type": "string" }, @@ -19531,7 +19531,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the certificate. This will be an AWS Certificate Manager certificate.", + "markdownDescription": "The Amazon Resource Name (ARN) of the certificate. This will be an Certificate Manager certificate.", "title": "CertificateArn", "type": "string" }, @@ -27242,7 +27242,7 @@ "type": "string" }, "ImageType": { - "markdownDescription": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **ECS_AL1** - [Amazon Linux](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami) . Amazon Linux has reached the end-of-life of standard support. For more information, see [Amazon Linux AMI](https://docs.aws.amazon.com/amazon-linux-ami/) .\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types.", + "markdownDescription": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n> AWS will end support for Amazon ECS optimized AL2-optimized and AL2-accelerated AMIs. Starting in January 2026, AWS Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security. For more information on upgrading from AL2 to AL2023, see [How to migrate from ECS AL2 to ECS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/ecs-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/eks-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types.", "title": "ImageType", "type": "string" } @@ -32431,7 +32431,7 @@ "type": "string" }, "CertificateTransparencyLoggingPreference": { - "markdownDescription": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` .\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", + "markdownDescription": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` . This setting doces not apply to private certificates.\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", "title": "CertificateTransparencyLoggingPreference", "type": "string" }, @@ -34538,7 +34538,7 @@ "type": "string" }, "TypeName": { - "markdownDescription": "The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`", + "markdownDescription": "The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your Hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`", "title": "TypeName", "type": "string" } @@ -35621,7 +35621,7 @@ "type": "string" }, "TypeNameAlias": { - "markdownDescription": "An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", + "markdownDescription": "An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", "title": "TypeNameAlias", "type": "string" }, @@ -37304,7 +37304,7 @@ "additionalProperties": false, "properties": { "AcmCertificateArn": { - "markdownDescription": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", + "markdownDescription": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", "title": "AcmCertificateArn", "type": "string" }, @@ -46678,7 +46678,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.", + "markdownDescription": "The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.", "title": "CertificateArn", "type": "string" } @@ -47360,7 +47360,7 @@ "properties": { "ClientMetadata": { "additionalProperties": true, - "markdownDescription": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.\n\nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the *pre sign-up* trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a `ClientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in AWS Lambda , you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nFor more information, see [Using Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", + "markdownDescription": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. You create custom workflows by assigning AWS Lambda functions to user pool triggers.\n\nWhen Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a `clientMetadata` attribute that provides the data that you assigned to the ClientMetadata parameter in your request. In your function code, you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nTo review the Lambda trigger types that Amazon Cognito invokes at runtime with API requests, see [Connecting API actions to Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.html#lambda-triggers-by-event) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -58176,7 +58176,7 @@ "type": "string" }, "KmsKeyArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses an AWS owned encryption key to encrypt your resources.", "title": "KmsKeyArn", "type": "string" }, @@ -68887,7 +68887,7 @@ "type": "string" }, "ServerCertificateArn": { - "markdownDescription": "The ARN of the server certificate. For more information, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", + "markdownDescription": "The ARN of the server certificate. For more information, see the [Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", "title": "ServerCertificateArn", "type": "string" }, @@ -68958,7 +68958,7 @@ "additionalProperties": false, "properties": { "ClientRootCertificateChainArn": { - "markdownDescription": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).", + "markdownDescription": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM).", "title": "ClientRootCertificateChainArn", "type": "string" } @@ -72743,7 +72743,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", + "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", "title": "Iops", "type": "number" }, @@ -72758,12 +72758,12 @@ "type": "string" }, "Throughput": { - "markdownDescription": "The throughput to provision for a `gp3` volume, with a maximum of 1,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 1000.", + "markdownDescription": "The throughput to provision for a `gp3` volume, with a maximum of 2,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 2,000.", "title": "Throughput", "type": "number" }, "VolumeSize": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "title": "VolumeSize", "type": "number" }, @@ -77222,7 +77222,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", + "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", "title": "Iops", "type": "number" }, @@ -77232,7 +77232,7 @@ "type": "string" }, "VolumeSize": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "title": "VolumeSize", "type": "number" }, @@ -80418,7 +80418,7 @@ "additionalProperties": false, "properties": { "PolicyDocument": { - "markdownDescription": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", + "markdownDescription": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", "title": "PolicyDocument", "type": "object" }, @@ -82038,7 +82038,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS. This parameter is not supported for `gp2` , `st1` , `sc1` , or `standard` volumes.", + "markdownDescription": "The number of I/O operations per second (IOPS) to provision for the volume. Required for `io1` and `io2` volumes. Optional for `gp3` volumes. Omit for all other volume types.\n\nValid ranges:\n\n- gp3: `3,000` ( *default* ) `- 80,000` IOPS\n- io1: `100 - 64,000` IOPS\n- io2: `100 - 256,000` IOPS\n\n> [Instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.", "title": "Iops", "type": "number" }, @@ -82058,7 +82058,7 @@ "type": "string" }, "Size": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size, and you can specify a volume size that is equal to or larger than the snapshot size.\n\nValid sizes:\n\n- gp2: `1 - 16,384` GiB\n- gp3: `1 - 65,536` GiB\n- io1: `4 - 16,384` GiB\n- io2: `4 - 65,536` GiB\n- st1 and sc1: `125 - 16,384` GiB\n- standard: `1 - 1024` GiB", "title": "Size", "type": "number" }, @@ -82649,7 +82649,7 @@ }, "ImageScanningConfiguration": { "$ref": "#/definitions/AWS::ECR::Repository.ImageScanningConfiguration", - "markdownDescription": "The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", + "markdownDescription": "> The `imageScanningConfiguration` parameter is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see `PutRegistryScanningConfiguration` . \n\nThe image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", "title": "ImageScanningConfiguration" }, "ImageTagMutability": { @@ -83495,12 +83495,12 @@ "type": "boolean" }, "HealthCheckGracePeriodSeconds": { - "markdownDescription": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of `0` is used. If you don't use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.", + "markdownDescription": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you do not specify a health check grace period value, the default value of 0 is used. If you do not use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.", "title": "HealthCheckGracePeriodSeconds", "type": "number" }, "LaunchType": { - "markdownDescription": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "markdownDescription": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .\n\n> If you want to use Managed Instances, you must use the `capacityProviderStrategy` request parameter", "title": "LaunchType", "type": "string" }, @@ -84258,7 +84258,7 @@ "items": { "type": "string" }, - "markdownDescription": "The task launch types the task definition was validated against. The valid values are `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "markdownDescription": "The task launch types the task definition was validated against. The valid values are `MANAGED_INSTANCES` , `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", "title": "RequiresCompatibilities", "type": "array" }, @@ -92957,7 +92957,7 @@ }, "ForwardConfig": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::Listener.ForwardConfig", - "markdownDescription": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "markdownDescription": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "title": "ForwardConfig" }, "Order": { @@ -92971,7 +92971,7 @@ "title": "RedirectConfig" }, "TargetGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "title": "TargetGroupArn", "type": "string" }, @@ -93240,7 +93240,7 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "markdownDescription": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "title": "DurationSeconds", "type": "number" }, @@ -93465,7 +93465,7 @@ }, "ForwardConfig": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::ListenerRule.ForwardConfig", - "markdownDescription": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "markdownDescription": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "title": "ForwardConfig" }, "Order": { @@ -93479,7 +93479,7 @@ "title": "RedirectConfig" }, "TargetGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "title": "TargetGroupArn", "type": "string" }, @@ -93680,7 +93680,7 @@ "items": { "type": "string" }, - "markdownDescription": "The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name.", + "markdownDescription": "The host names. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name.", "title": "Values", "type": "array" } @@ -93699,7 +93699,7 @@ "items": { "type": "string" }, - "markdownDescription": "The strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.", + "markdownDescription": "The strings to compare against the value of the HTTP header. The maximum length of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.", "title": "Values", "type": "array" } @@ -93713,7 +93713,7 @@ "items": { "type": "string" }, - "markdownDescription": "The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.", + "markdownDescription": "The name of the request method. The maximum length is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.", "title": "Values", "type": "array" } @@ -93741,7 +93741,7 @@ "items": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::ListenerRule.QueryStringKeyValue" }, - "markdownDescription": "The key/value pairs or values to find in the query string. The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.", + "markdownDescription": "The key/value pairs or values to find in the query string. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.", "title": "Values", "type": "array" } @@ -93870,7 +93870,7 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "markdownDescription": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "title": "DurationSeconds", "type": "number" }, @@ -94713,7 +94713,7 @@ "type": "string" }, "CustomEndpointCertificateArn": { - "markdownDescription": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "markdownDescription": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "title": "CustomEndpointCertificateArn", "type": "string" }, @@ -96967,14 +96967,10 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action that you are enabling the other account to perform.", - "title": "Action", "type": "string" }, "Condition": { - "$ref": "#/definitions/AWS::Events::EventBusPolicy.Condition", - "markdownDescription": "This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see [What Is AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html) in the *AWS Organizations User Guide* .\n\nIf you specify `Condition` with an AWS organization ID, and specify \"*\" as the value for `Principal` , you grant permission to all the accounts in the named organization.\n\nThe `Condition` is a JSON string which must contain `Type` , `Key` , and `Value` fields.", - "title": "Condition" + "$ref": "#/definitions/AWS::Events::EventBusPolicy.Condition" }, "EventBusName": { "markdownDescription": "The name of the event bus associated with the rule. If you omit this, the default event bus is used.", @@ -96982,8 +96978,6 @@ "type": "string" }, "Principal": { - "markdownDescription": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.\n\nIf you specify \"*\" without specifying `Condition` , avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an `account` field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.", - "title": "Principal", "type": "string" }, "Statement": { @@ -97027,18 +97021,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "Specifies the key for the condition. Currently the only supported key is `aws:PrincipalOrgID` .", - "title": "Key", "type": "string" }, "Type": { - "markdownDescription": "Specifies the type of condition. Currently the only supported value is `StringEquals` .", - "title": "Type", "type": "string" }, "Value": { - "markdownDescription": "Specifies the value for the key. Currently, this must be the ID of the organization.", - "title": "Value", "type": "string" } }, @@ -97633,7 +97621,7 @@ "additionalProperties": false, "properties": { "MessageGroupId": { - "markdownDescription": "The FIFO message group ID to use as the target.", + "markdownDescription": "The ID of the message group to use as the target.", "title": "MessageGroupId", "type": "string" } @@ -97728,7 +97716,7 @@ }, "SqsParameters": { "$ref": "#/definitions/AWS::Events::Rule.SqsParameters", - "markdownDescription": "Contains the message group ID to use when the target is a FIFO queue.\n\nIf you specify an SQS FIFO queue as a target, the queue must have content-based deduplication enabled.", + "markdownDescription": "Contains the message group ID to use when the target is an Amazon SQS fair or FIFO queue.\n\nIf you specify a fair or FIFO queue as a target, the queue must have content-based deduplication enabled.", "title": "SqsParameters" } }, @@ -100032,7 +100020,7 @@ "title": "DiskIopsConfiguration" }, "EndpointIpAddressRange": { - "markdownDescription": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "title": "EndpointIpAddressRange", "type": "string" }, @@ -100114,7 +100102,7 @@ "title": "DiskIopsConfiguration" }, "EndpointIpAddressRange": { - "markdownDescription": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "title": "EndpointIpAddressRange", "type": "string" }, @@ -103176,7 +103164,7 @@ }, "CertificateConfiguration": { "$ref": "#/definitions/AWS::GameLift::Fleet.CertificateConfiguration", - "markdownDescription": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nAWS Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *AWS Certificate Manager User Guide* .", + "markdownDescription": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nCertificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *Certificate Manager User Guide* .", "title": "CertificateConfiguration" }, "ComputeType": { @@ -126241,7 +126229,7 @@ "properties": { "SuiteDefinitionConfiguration": { "$ref": "#/definitions/AWS::IoTCoreDeviceAdvisor::SuiteDefinition.SuiteDefinitionConfiguration", - "markdownDescription": "The configuration of the Suite Definition. Listed below are the required elements of the `SuiteDefinitionConfiguration` .\n\n- ***devicePermissionRoleArn*** - The device permission arn.\n\nThis is a required element.\n\n*Type:* String\n- ***devices*** - The list of configured devices under test. For more information on devices under test, see [DeviceUnderTest](https://docs.aws.amazon.com/iot/latest/apireference/API_iotdeviceadvisor_DeviceUnderTest.html)\n\nNot a required element.\n\n*Type:* List of devices under test\n- ***intendedForQualification*** - The tests intended for qualification in a suite.\n\nNot a required element.\n\n*Type:* Boolean\n- ***rootGroup*** - The test suite root group. For more information on creating and using root groups see the [Device Advisor workflow](https://docs.aws.amazon.com/iot/latest/developerguide/device-advisor-workflow.html) .\n\nThis is a required element.\n\n*Type:* String\n- ***suiteDefinitionName*** - The Suite Definition Configuration name.\n\nThis is a required element.\n\n*Type:* String", + "markdownDescription": "Gets the suite definition configuration.", "title": "SuiteDefinitionConfiguration" }, "Tags": { @@ -142375,7 +142363,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "title": "Destination", "type": "string" } @@ -142389,7 +142377,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) .", "title": "Destination", "type": "string" } @@ -142674,7 +142662,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "title": "Destination", "type": "string" } @@ -143428,7 +143416,7 @@ "type": "string" }, "FunctionUrlAuthType": { - "markdownDescription": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", + "markdownDescription": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", "title": "FunctionUrlAuthType", "type": "string" }, @@ -151574,7 +151562,7 @@ }, "HighAvailabilityConfig": { "$ref": "#/definitions/AWS::M2::Environment.HighAvailabilityConfig", - "markdownDescription": "Defines the details of a high availability configuration.", + "markdownDescription": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the details of a high availability configuration.", "title": "HighAvailabilityConfig" }, "InstanceType": { @@ -151614,7 +151602,7 @@ "items": { "$ref": "#/definitions/AWS::M2::Environment.StorageConfiguration" }, - "markdownDescription": "Defines the storage configuration for a runtime environment.", + "markdownDescription": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the storage configuration for a runtime environment.", "title": "StorageConfigurations", "type": "array" }, @@ -152508,7 +152496,7 @@ "type": "string" }, "Policy": { - "markdownDescription": "Resource policy for the cluster.", + "markdownDescription": "Resource policy for the cluster. The maximum size supported for a resource-based policy document is 20 KB.", "title": "Policy", "type": "object" } @@ -153256,7 +153244,7 @@ "type": "object" }, "AirflowVersion": { - "markdownDescription": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `1.10.12` | `2.0.2` | `2.2.2` | `2.4.3` | `2.5.1` | `2.6.3` | `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` (latest)", + "markdownDescription": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` | `2.10.3` | `3.0.6` (latest)", "title": "AirflowVersion", "type": "string" }, @@ -153437,7 +153425,7 @@ "type": "boolean" }, "LogLevel": { - "markdownDescription": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs. Valid values: `CRITICAL` , `ERROR` , `WARNING` , `INFO` .", + "markdownDescription": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs.", "title": "LogLevel", "type": "string" } @@ -162637,7 +162625,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", + "markdownDescription": "The Amazon Resource Name (ARN) for the certificate that you imported to Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", "title": "CertificateArn", "type": "string" }, @@ -167699,7 +167687,7 @@ "additionalProperties": false, "properties": { "GeneratedRulesType": { - "markdownDescription": "Whether you want to allow or deny access to the domains in your target list.", + "markdownDescription": "Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.\n\n> When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.", "title": "GeneratedRulesType", "type": "string" }, @@ -167879,7 +167867,7 @@ }, "TLSInspectionConfiguration": { "$ref": "#/definitions/AWS::NetworkFirewall::TLSInspectionConfiguration.TLSInspectionConfiguration", - "markdownDescription": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", + "markdownDescription": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", "title": "TLSInspectionConfiguration" }, "TLSInspectionConfigurationName": { @@ -167977,7 +167965,7 @@ "additionalProperties": false, "properties": { "ResourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.", "title": "ResourceArn", "type": "string" } @@ -167988,7 +167976,7 @@ "additionalProperties": false, "properties": { "CertificateAuthorityArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .", + "markdownDescription": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .", "title": "CertificateAuthorityArn", "type": "string" }, @@ -172326,7 +172314,7 @@ "type": "string" }, "CustomEndpointCertificateArn": { - "markdownDescription": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "markdownDescription": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "title": "CustomEndpointCertificateArn", "type": "string" }, @@ -183015,7 +183003,7 @@ "type": "array" }, "Name": { - "markdownDescription": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon QuickSight console.", + "markdownDescription": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon Quick Sight console.", "title": "Name", "type": "string" }, @@ -183059,7 +183047,7 @@ "type": "array" }, "ThemeArn": { - "markdownDescription": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon QuickSight console, make sure that you have access to it.", + "markdownDescription": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon Quick Sight console, make sure that you have access to it.", "title": "ThemeArn", "type": "string" }, @@ -183198,7 +183186,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterGroup" }, - "markdownDescription": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -183211,7 +183199,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ParameterDeclaration" }, - "markdownDescription": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -184270,12 +184258,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -186297,7 +186285,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -186794,7 +186782,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -188410,7 +188398,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -192164,7 +192152,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -192784,7 +192772,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -192854,7 +192842,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -192862,7 +192850,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -192875,7 +192863,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -194649,22 +194637,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -194674,92 +194662,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -195306,7 +195294,7 @@ }, "DashboardPublishOptions": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.DashboardPublishOptions", - "markdownDescription": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.", + "markdownDescription": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.\n- `AvailabilityStatus` for `QuickSuiteActionsOption` - This status can be either `ENABLED` or `DISABLED` . Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to `DISABLED` . This option is `DISABLED` by default.\n- `AvailabilityStatus` for `ExecutiveSummaryOption` - This status can be either `ENABLED` or `DISABLED` . The option to build an executive summary is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `AvailabilityStatus` for `DataStoriesSharingOption` - This status can be either `ENABLED` or `DISABLED` . The option to share a data story is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.", "title": "DashboardPublishOptions" }, "Definition": { @@ -196461,12 +196449,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -197718,7 +197706,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterGroup" }, - "markdownDescription": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -197731,7 +197719,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ParameterDeclaration" }, - "markdownDescription": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -198783,7 +198771,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -199313,7 +199301,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -200929,7 +200917,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -204697,7 +204685,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -205317,7 +205305,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -205398,7 +205386,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -205406,7 +205394,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -205419,7 +205407,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -207204,22 +207192,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -207229,92 +207217,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -207880,7 +207868,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::DataSet.ColumnGroup" }, - "markdownDescription": "Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.", + "markdownDescription": "Groupings of columns that work together in certain Amazon Quick Sight features. Currently, only geospatial hierarchy is supported.", "title": "ColumnGroups", "type": "array" }, @@ -208016,7 +208004,7 @@ "additionalProperties": false, "properties": { "ColumnId": { - "markdownDescription": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column.", + "markdownDescription": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Quick Sight preserves the existing calculated column.", "title": "ColumnId", "type": "string" }, @@ -208047,7 +208035,7 @@ "type": "string" }, "Format": { - "markdownDescription": "When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.", + "markdownDescription": "When casting a column from string to datetime type, you can supply a string in a format supported by Quick Sight to denote the source data format.", "title": "Format", "type": "string" }, @@ -208105,7 +208093,7 @@ "items": { "type": "string" }, - "markdownDescription": "An array of Amazon Resource Names (ARNs) for QuickSight users or groups.", + "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups.", "title": "Principals", "type": "array" } @@ -208200,7 +208188,7 @@ "type": "boolean" }, "DisableUseAsImportedSource": { - "markdownDescription": "An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source.", + "markdownDescription": "An option that controls whether a child dataset that's stored in Quick Sight can use this dataset as a source.", "title": "DisableUseAsImportedSource", "type": "boolean" } @@ -208532,7 +208520,7 @@ "additionalProperties": false, "properties": { "UniqueKey": { - "markdownDescription": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by QuickSight to optimize query performance.", + "markdownDescription": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick Suite to optimize query performance.", "title": "UniqueKey", "type": "boolean" } @@ -208817,7 +208805,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -209138,7 +209126,7 @@ }, "Credentials": { "$ref": "#/definitions/AWS::QuickSight::DataSource.DataSourceCredentials", - "markdownDescription": "The credentials Amazon QuickSight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", + "markdownDescription": "The credentials Amazon Quick Sight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", "title": "Credentials" }, "DataSourceId": { @@ -209148,7 +209136,7 @@ }, "DataSourceParameters": { "$ref": "#/definitions/AWS::QuickSight::DataSource.DataSourceParameters", - "markdownDescription": "The parameters that Amazon QuickSight uses to connect to your underlying source.", + "markdownDescription": "The parameters that Amazon Quick Sight uses to connect to your underlying source.", "title": "DataSourceParameters" }, "ErrorInfo": { @@ -209171,7 +209159,7 @@ }, "SslProperties": { "$ref": "#/definitions/AWS::QuickSight::DataSource.SslProperties", - "markdownDescription": "Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.", + "markdownDescription": "Secure Socket Layer (SSL) properties that apply when Amazon Quick Sight connects to your underlying source.", "title": "SslProperties" }, "Tags": { @@ -209189,7 +209177,7 @@ }, "VpcConnectionProperties": { "$ref": "#/definitions/AWS::QuickSight::DataSource.VpcConnectionProperties", - "markdownDescription": "Use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source.", + "markdownDescription": "Use this parameter only when you want Amazon Quick Sight to use a VPC connection when connecting to your underlying source.", "title": "VpcConnectionProperties" } }, @@ -209719,7 +209707,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -209735,7 +209723,7 @@ "properties": { "ManifestFileLocation": { "$ref": "#/definitions/AWS::QuickSight::DataSource.ManifestFileLocation", - "markdownDescription": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight.", + "markdownDescription": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Quick Sight.", "title": "ManifestFileLocation" }, "RoleArn": { @@ -210022,7 +210010,7 @@ "additionalProperties": false, "properties": { "RefreshType": { - "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *QuickSight User Guide* .", + "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", "title": "RefreshType", "type": "string" }, @@ -210106,7 +210094,7 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon QuickSight account.", + "markdownDescription": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon Quick Sight account.", "title": "AwsAccountId", "type": "string" }, @@ -210130,7 +210118,7 @@ }, "SourceEntity": { "$ref": "#/definitions/AWS::QuickSight::Template.TemplateSourceEntity", - "markdownDescription": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Amazon QuickSight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", + "markdownDescription": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Quick Sight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", "title": "SourceEntity" }, "Tags": { @@ -211232,12 +211220,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Template.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -213282,7 +213270,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -213779,7 +213767,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Template.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -215395,7 +215383,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -219088,7 +219076,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -219708,7 +219696,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -219778,7 +219766,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -219786,7 +219774,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -219799,7 +219787,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -220922,7 +220910,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterGroup" }, - "markdownDescription": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -220935,7 +220923,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.ParameterDeclaration" }, - "markdownDescription": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -221754,22 +221742,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -221779,92 +221767,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -222405,7 +222393,7 @@ "type": "string" }, "BaseThemeId": { - "markdownDescription": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", + "markdownDescription": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon Quick Sight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", "title": "BaseThemeId", "type": "string" }, @@ -222559,7 +222547,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -222637,7 +222625,7 @@ "type": "string" }, "BaseThemeId": { - "markdownDescription": "The Amazon QuickSight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Amazon QuickSight theme.", + "markdownDescription": "The Quick Sight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Quick Sight theme.", "title": "BaseThemeId", "type": "string" }, @@ -224456,7 +224444,7 @@ "type": "string" }, "PubliclyAccessible": { - "markdownDescription": "Specifies whether the DB cluster is publicly accessible.\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nDefault: The default behavior varies depending on whether `DBSubnetGroupName` is specified.\n\nIf `DBSubnetGroupName` isn't specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the default VPC in the target Region doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.\n\nIf `DBSubnetGroupName` is specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the subnets are part of a VPC that doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.", + "markdownDescription": "Specifies whether the DB cluster is publicly accessible.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its domain name system (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is controlled by its security group settings.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nThe default behavior when `PubliclyAccessible` is not specified depends on whether a `DBSubnetGroup` is specified.\n\nIf `DBSubnetGroup` isn't specified, `PubliclyAccessible` defaults to `true` .\n\nIf `DBSubnetGroup` is specified, `PubliclyAccessible` defaults to `false` unless the value of `DBSubnetGroup` is `default` , in which case `PubliclyAccessible` defaults to `true` .\n\nIf `PubliclyAccessible` is true and the VPC that the `DBSubnetGroup` is in doesn't have an internet gateway attached to it, Amazon RDS returns an error.", "title": "PubliclyAccessible", "type": "boolean" }, @@ -231735,7 +231723,7 @@ "type": "boolean" }, "FailureThreshold": { - "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\nIf you don't specify a value for `FailureThreshold` , the default value is three health checks.", + "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\n`FailureThreshold` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\nOtherwise, if you don't specify a value for `FailureThreshold` , the default value is three health checks.", "title": "FailureThreshold", "type": "number" }, @@ -231765,7 +231753,7 @@ "type": "boolean" }, "MeasureLatency": { - "markdownDescription": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n> You can't change the value of `MeasureLatency` after you create a health check.", + "markdownDescription": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n`MeasureLatency` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `MeasureLatency` after you create a health check.", "title": "MeasureLatency", "type": "boolean" }, @@ -231783,7 +231771,7 @@ "type": "array" }, "RequestInterval": { - "markdownDescription": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", + "markdownDescription": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n`RequestInterval` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", "title": "RequestInterval", "type": "number" }, @@ -232158,7 +232146,7 @@ "type": "boolean" }, "Name": { - "markdownDescription": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "title": "Name", "type": "string" }, @@ -232232,7 +232220,7 @@ "type": "string" }, "EvaluateTargetHealth": { - "markdownDescription": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", + "markdownDescription": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **API Gateway APIs** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an API Gateway API. However, because API Gateway is highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket. However, because S3 buckets are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **VPC interface endpoints** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is a VPC interface endpoint. However, because VPC interface endpoints are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\n> While `EvaluateTargetHealth` can be set to `true` for highly available AWS services (such as S3 buckets, VPC interface endpoints, and API Gateway), these services are designed for high availability and rarely experience outages that would be detected by this feature. For failover scenarios with these services, consider using [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) that monitor your application's ability to access the service instead. \n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", "title": "EvaluateTargetHealth", "type": "boolean" }, @@ -232577,7 +232565,7 @@ "type": "boolean" }, "Name": { - "markdownDescription": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "title": "Name", "type": "string" }, @@ -234585,7 +234573,7 @@ "type": "string" }, "Name": { - "markdownDescription": "The name for the Resolver rule, which you specified when you created the Resolver rule.", + "markdownDescription": "The name for the Resolver rule, which you specified when you created the Resolver rule.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "title": "Name", "type": "string" }, @@ -234705,7 +234693,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of an association between a Resolver rule and a VPC.", + "markdownDescription": "The name of an association between a Resolver rule and a VPC.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "title": "Name", "type": "string" }, @@ -235545,7 +235533,7 @@ "additionalProperties": false, "properties": { "Status": { - "markdownDescription": "Indicates whether to replicate delete markers. Disabled by default.", + "markdownDescription": "Indicates whether to replicate delete markers.", "title": "Status", "type": "string" } @@ -237859,7 +237847,7 @@ }, "ObjectLambdaConfiguration": { "$ref": "#/definitions/AWS::S3ObjectLambda::AccessPoint.ObjectLambdaConfiguration", - "markdownDescription": "A configuration used when creating an Object Lambda Access Point.", + "markdownDescription": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nA configuration used when creating an Object Lambda Access Point.", "title": "ObjectLambdaConfiguration" } }, @@ -238062,7 +238050,7 @@ "additionalProperties": false, "properties": { "ObjectLambdaAccessPoint": { - "markdownDescription": "An access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", + "markdownDescription": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nAn access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", "title": "ObjectLambdaAccessPoint", "type": "string" }, @@ -242133,12 +242121,12 @@ "additionalProperties": false, "properties": { "ApproveAfterDays": { - "markdownDescription": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "markdownDescription": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by `7` is `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", "title": "ApproveAfterDays", "type": "number" }, "ApproveUntilDate": { - "markdownDescription": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2024-12-31` .\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "markdownDescription": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2025-11-16` .\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", "title": "ApproveUntilDate", "type": "string" }, @@ -254334,7 +254322,7 @@ "type": "string" }, "Runtime": { - "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.10. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.10 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.10, enter *python3.10* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "title": "Runtime", "type": "string" }, @@ -261286,7 +261274,7 @@ "additionalProperties": false, "properties": { "Handler": { - "markdownDescription": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .", + "markdownDescription": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .\n\nThis field is required when you don't specify `BlueprintTypes` and is not allowed when you specify `BlueprintTypes` .", "title": "Handler", "type": "string" }, @@ -262762,7 +262750,7 @@ "type": "array" }, "Url": { - "markdownDescription": "The URL of the partner's AS2 or SFTP endpoint.", + "markdownDescription": "The URL of the partner's AS2 or SFTP endpoint.\n\nWhen creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.", "title": "Url", "type": "string" } @@ -262852,7 +262840,7 @@ "items": { "type": "string" }, - "markdownDescription": "The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key.\n\n> `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza... `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nWhen creating connectors with egress config (VPC_LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is `key-type key-body` without the host name. For example: `ssh-rsa AAAAB3Nza...`\n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza...`\n\nCopy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console.\n\nFor VPC Lattice type connectors (VPC_LATTICE), remove the hostname from the key and use only the `key-type key-body` format. In this example, it should be: `ssh-rsa AAAAB3Nza...`", "title": "TrustedHostKeys", "type": "array" }, @@ -262989,7 +262977,7 @@ "additionalProperties": false, "properties": { "Certificate": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", "title": "Certificate", "type": "string" }, @@ -263042,7 +263030,7 @@ "items": { "$ref": "#/definitions/AWS::Transfer::Server.Protocol" }, - "markdownDescription": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", + "markdownDescription": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", "title": "Protocols", "type": "array" }, @@ -263193,7 +263181,7 @@ "type": "array" }, "PassiveIp": { - "markdownDescription": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", + "markdownDescription": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) .\n> \n> Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting `TlsSessionResumptionMode = ENFORCED` . For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see [Avoid placing NLBs and NATs in front of AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", "title": "PassiveIp", "type": "string" }, @@ -275792,6 +275780,9 @@ "DestinationConfig": { "$ref": "#/definitions/PassThroughProp" }, + "Enabled": { + "$ref": "#/definitions/PassThroughProp" + }, "FilterCriteria": { "allOf": [ { @@ -278491,6 +278482,9 @@ "title": "Tags", "type": "object" }, + "TenancyConfig": { + "$ref": "#/definitions/PassThroughProp" + }, "Timeout": { "allOf": [ { @@ -278888,6 +278882,9 @@ "title": "Tags", "type": "object" }, + "TenancyConfig": { + "$ref": "#/definitions/PassThroughProp" + }, "Timeout": { "allOf": [ { diff --git a/schema_source/cloudformation-docs.json b/schema_source/cloudformation-docs.json index 1a5b4f226..21b8388d6 100644 --- a/schema_source/cloudformation-docs.json +++ b/schema_source/cloudformation-docs.json @@ -231,6 +231,41 @@ "Key": "Assigns one or more tags (key-value pairs) to the specified resource.\n\nTags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.\n\nTags don't have any semantic meaning to AWS and are interpreted strictly as strings of characters.\n\nYou can associate as many as 50 tags with a resource.", "Value": "A list of key-value pairs to associate with the investigation group. You can associate as many as 50 tags with an investigation group. To be able to associate tags when you create the investigation group, you must have the `cloudwatch:TagResource` permission.\n\nTags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values." }, + "AWS::APS::AnomalyDetector": { + "Alias": "", + "Configuration": "", + "EvaluationIntervalInSeconds": "", + "Labels": "", + "MissingDataAction": "", + "Tags": "", + "Workspace": "An Amazon Managed Service for Prometheus workspace is a logical and isolated Prometheus server dedicated to ingesting, storing, and querying your Prometheus-compatible metrics." + }, + "AWS::APS::AnomalyDetector AnomalyDetectorConfiguration": { + "RandomCutForest": "" + }, + "AWS::APS::AnomalyDetector IgnoreNearExpected": { + "Amount": "", + "Ratio": "" + }, + "AWS::APS::AnomalyDetector Label": { + "Key": "", + "Value": "" + }, + "AWS::APS::AnomalyDetector MissingDataAction": { + "MarkAsAnomaly": "", + "Skip": "" + }, + "AWS::APS::AnomalyDetector RandomCutForestConfiguration": { + "IgnoreNearExpectedFromAbove": "", + "IgnoreNearExpectedFromBelow": "", + "Query": "", + "SampleSize": "", + "ShingleSize": "" + }, + "AWS::APS::AnomalyDetector Tag": { + "Key": "", + "Value": "" + }, "AWS::APS::ResourcePolicy": { "PolicyDocument": "The JSON to use as the Resource-based Policy.", "WorkspaceArn": "An ARN identifying a Workspace." @@ -250,12 +285,19 @@ "Destination": "The Amazon Managed Service for Prometheus workspace the scraper sends metrics to.", "RoleConfiguration": "The role configuration in an Amazon Managed Service for Prometheus scraper.", "ScrapeConfiguration": "The configuration in use by the scraper.", + "ScraperLoggingConfiguration": "The definition of logging configuration in an Amazon Managed Service for Prometheus workspace.", "Source": "The Amazon EKS cluster from which the scraper collects metrics.", "Tags": "(Optional) The list of tag keys and values associated with the scraper." }, "AWS::APS::Scraper AmpConfiguration": { "WorkspaceArn": "ARN of the Amazon Managed Service for Prometheus workspace." }, + "AWS::APS::Scraper CloudWatchLogDestination": { + "LogGroupArn": "" + }, + "AWS::APS::Scraper ComponentConfig": { + "Options": "Configuration options for the scraper component." + }, "AWS::APS::Scraper Destination": { "AmpConfiguration": "The Amazon Managed Service for Prometheus workspace to send metrics to." }, @@ -271,6 +313,17 @@ "AWS::APS::Scraper ScrapeConfiguration": { "ConfigurationBlob": "The base 64 encoded scrape configuration file." }, + "AWS::APS::Scraper ScraperComponent": { + "Config": "The configuration settings for the scraper component.", + "Type": "The type of the scraper component." + }, + "AWS::APS::Scraper ScraperLoggingConfiguration": { + "LoggingDestination": "", + "ScraperComponents": "" + }, + "AWS::APS::Scraper ScraperLoggingDestination": { + "CloudWatchLogs": "The CloudWatch Logs configuration for the scraper logging destination." + }, "AWS::APS::Scraper Source": { "EksConfiguration": "The Amazon EKS cluster from which a scraper collects metrics." }, @@ -562,28 +615,28 @@ }, "AWS::AmazonMQ::Broker": { "AuthenticationStrategy": "Optional. The authentication strategy used to secure the broker. The default is `SIMPLE` .", - "AutoMinorVersionUpgrade": "Enables automatic upgrades to new minor versions for brokers, as new broker engine versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.", - "BrokerName": "The name of the broker. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including C CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", - "Configuration": "A list of information about the configuration. Does not apply to RabbitMQ brokers.", + "AutoMinorVersionUpgrade": "Enables automatic upgrades to new patch versions for brokers as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window or after a manual broker reboot. Set to `true` by default, if no value is specified.\n\n> Must be set to `true` for ActiveMQ brokers version 5.18 and above and for RabbitMQ brokers version 3.13 and above.", + "BrokerName": "Required. The broker's name. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", + "Configuration": "A list of information about the configuration.", "DataReplicationMode": "Defines whether this broker is a part of a data replication pair.", "DataReplicationPrimaryBrokerArn": "The Amazon Resource Name (ARN) of the primary broker that is used to replicate data from in a data replication pair, and is applied to the replica broker. Must be set when dataReplicationMode is set to CRDR.", - "DeploymentMode": "The deployment mode of the broker. Available values:\n\n- `SINGLE_INSTANCE`\n- `ACTIVE_STANDBY_MULTI_AZ`\n- `CLUSTER_MULTI_AZ`", - "EncryptionOptions": "Encryption options for the broker. Does not apply to RabbitMQ brokers.", - "EngineType": "The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", - "EngineVersion": "The version of the broker engine. For a list of supported engine versions, see [Engine](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) in the *Amazon MQ Developer Guide* .", - "HostInstanceType": "The broker's instance type.", + "DeploymentMode": "Required. The broker's deployment mode.", + "EncryptionOptions": "Encryption options for the broker.", + "EngineType": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", + "EngineVersion": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", + "HostInstanceType": "Required. The broker's instance type.", "LdapServerMetadata": "Optional. The metadata of the LDAP server used to authenticate and authorize connections to the broker. Does not apply to RabbitMQ brokers.", "Logs": "Enables Amazon CloudWatch logging for brokers.", - "MaintenanceWindowStartTime": "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.", - "PubliclyAccessible": "Enables connections from applications outside of the VPC that hosts the broker's subnets.", + "MaintenanceWindowStartTime": "The parameters that determine the WeeklyStartTime.", + "PubliclyAccessible": "Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to `false` by default, if no value is provided.", "SecurityGroups": "The list of rules (1 minimum, 125 maximum) that authorize connections to brokers.", "StorageType": "The broker's storage type.", - "SubnetIds": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC enpoints in VPCs that are not owned by your AWS account .", - "Tags": "An array of key-value pairs. For more information, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *Billing and Cost Management User Guide* .", - "Users": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent RabbitMQ users are created by via the RabbitMQ web console or by using the RabbitMQ management API." + "SubnetIds": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a [shared VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html) for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account .", + "Tags": "Create tags when creating the broker.", + "Users": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.\n\nWhen OAuth 2.0 is enabled, the broker accepts one or no users." }, "AWS::AmazonMQ::Broker ConfigurationId": { - "Id": "The unique ID that Amazon MQ generates for the configuration.", + "Id": "Required. The unique ID that Amazon MQ generates for the configuration.", "Revision": "The revision number of the configuration." }, "AWS::AmazonMQ::Broker EncryptionOptions": { @@ -591,57 +644,57 @@ "UseAwsOwnedKey": "Enables the use of an AWS owned CMK using AWS KMS (KMS). Set to `true` by default, if no value is provided, for example, for RabbitMQ brokers." }, "AWS::AmazonMQ::Broker LdapServerMetadata": { - "Hosts": "Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.", - "RoleBase": "The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, `ou=group` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", - "RoleName": "The group name attribute in a role entry whose value is the name of that role. For example, you can specify `cn` for a group entry's common name. If authentication succeeds, then the user is assigned the the value of the `cn` attribute for each role entry that they are a member of.", - "RoleSearchMatching": "The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the `{0}` placeholder in the search filter. The client's username is substituted into the `{1}` placeholder. For example, if you set this option to `(member=uid={1})` for the user janedoe, the search filter becomes `(member=uid=janedoe)` after string substitution. It matches all role entries that have a member attribute equal to `uid=janedoe` under the subtree selected by the `RoleBases` .", - "RoleSearchSubtree": "The directory search scope for the role. If set to true, scope is to search the entire subtree.", - "ServiceAccountPassword": "Service account password. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `dc=corp` , `dc=example` , `dc=com` .", - "ServiceAccountUsername": "Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", - "UserBase": "Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` , the search for user entries is restricted to the subtree beneath `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", - "UserRoleName": "The name of the LDAP attribute in the user's directory entry for the user's group membership. In some cases, user roles may be identified by the value of an attribute in the user's directory entry. The `UserRoleName` option allows you to provide the name of this attribute.", - "UserSearchMatching": "The LDAP search filter used to find users within the `userBase` . The client's username is substituted into the `{0}` placeholder in the search filter. For example, if this option is set to `(uid={0})` and the received username is `janedoe` , the search filter becomes `(uid=janedoe)` after string substitution. It will result in matching an entry like `uid=janedoe` , `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", - "UserSearchSubtree": "The directory search scope for the user. If set to true, scope is to search the entire subtree." + "Hosts": "", + "RoleBase": "", + "RoleName": "", + "RoleSearchMatching": "", + "RoleSearchSubtree": "", + "ServiceAccountPassword": "", + "ServiceAccountUsername": "", + "UserBase": "", + "UserRoleName": "", + "UserSearchMatching": "", + "UserSearchSubtree": "" }, "AWS::AmazonMQ::Broker LogList": { "Audit": "Enables audit logging. Every user management action made using JMX or the ActiveMQ Web Console is logged. Does not apply to RabbitMQ brokers.", "General": "Enables general logging." }, "AWS::AmazonMQ::Broker MaintenanceWindow": { - "DayOfWeek": "The day of the week.", - "TimeOfDay": "The time, in 24-hour format.", + "DayOfWeek": "Required. The day of the week.", + "TimeOfDay": "Required. The time, in 24-hour format.", "TimeZone": "The time zone, UTC by default, in either the Country/City format, or the UTC offset format." }, "AWS::AmazonMQ::Broker TagsEntry": { - "Key": "The key in a key-value pair.", - "Value": "The value in a key-value pair." + "Key": "", + "Value": "" }, "AWS::AmazonMQ::Broker User": { - "ConsoleAccess": "Enables access to the ActiveMQ web console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", + "ConsoleAccess": "Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", "Groups": "The list of groups (20 maximum) to which the ActiveMQ user belongs. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long. Does not apply to RabbitMQ brokers.", - "Password": "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", + "Password": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", "ReplicationUser": "Defines if this user is intended for CRDR replication purposes.", - "Username": "The username of the broker user. For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using guest as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data." + "Username": "The username of the broker user. The following restrictions apply to broker usernames:\n\n- For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.\n- For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using `guest` as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data." }, "AWS::AmazonMQ::Configuration": { "AuthenticationStrategy": "Optional. The authentication strategy associated with the configuration. The default is `SIMPLE` .", - "Data": "The base64-encoded XML configuration.", + "Data": "Amazon MQ for Active MQ: The base64-encoded XML configuration. Amazon MQ for RabbitMQ: the base64-encoded Cuttlefish configuration.", "Description": "The description of the configuration.", - "EngineType": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.", - "EngineVersion": "The version of the broker engine. For a list of supported engine versions, see [](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html)", - "Name": "The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", + "EngineType": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", + "EngineVersion": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", + "Name": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", "Tags": "Create tags when creating the configuration." }, "AWS::AmazonMQ::Configuration TagsEntry": { - "Key": "The key in a key-value pair.", - "Value": "The value in a key-value pair." + "Key": "", + "Value": "" }, "AWS::AmazonMQ::ConfigurationAssociation": { - "Broker": "The broker to associate with a configuration.", - "Configuration": "The configuration to associate with a broker." + "Broker": "", + "Configuration": "Returns information about all configurations." }, "AWS::AmazonMQ::ConfigurationAssociation ConfigurationId": { - "Id": "The unique ID that Amazon MQ generates for the configuration.", + "Id": "Required. The unique ID that Amazon MQ generates for the configuration.", "Revision": "The revision number of the configuration." }, "AWS::Amplify::App": { @@ -746,13 +799,13 @@ "SubDomainSettings": "The setting for the subdomain." }, "AWS::Amplify::Domain Certificate": { - "CertificateArn": "The Amazon resource name (ARN) for a custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", - "CertificateType": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "CertificateArn": "The Amazon resource name (ARN) for a custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", + "CertificateType": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", "CertificateVerificationDNSRecord": "The DNS record for certificate verification." }, "AWS::Amplify::Domain CertificateSettings": { - "CertificateType": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", - "CustomCertificateArn": "The Amazon resource name (ARN) for the custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` ." + "CertificateType": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "CustomCertificateArn": "The Amazon resource name (ARN) for the custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` ." }, "AWS::Amplify::Domain SubDomainSetting": { "BranchName": "The branch name setting for the subdomain.\n\n*Length Constraints:* Minimum length of 1. Maximum length of 255.\n\n*Pattern:* (?s).+", @@ -1133,12 +1186,12 @@ "RestApiId": "The string identifier of the associated RestApi." }, "AWS::ApiGateway::DomainName": { - "CertificateArn": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "CertificateArn": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.", "DomainName": "The custom domain name as an API host name, for example, `my-api.example.com` .", "EndpointConfiguration": "The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.", "MutualTlsAuthentication": "The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.", "OwnershipVerificationCertificateArn": "The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the RegionalCertificateArn.", - "RegionalCertificateArn": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. AWS Certificate Manager is the only supported source.", + "RegionalCertificateArn": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.", "RoutingMode": "The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your public APIs.", "SecurityPolicy": "The Transport Layer Security (TLS) version + cipher suite for this DomainName. The valid values are `TLS_1_0` and `TLS_1_2` .", "Tags": "The collection of tags. Each tag element is associated with a given resource." @@ -1477,7 +1530,7 @@ "CertificateName": "The user-friendly name of the certificate that will be used by the edge-optimized endpoint for this domain name.", "EndpointType": "The endpoint type.", "IpAddressType": "The IP address types that can invoke the domain name. Use `ipv4` to allow only IPv4 addresses to invoke your domain name, or use `dualstack` to allow both IPv4 and IPv6 addresses to invoke your domain name.", - "OwnershipVerificationCertificateArn": "The Amazon resource name (ARN) for the public certificate issued by AWS Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", + "OwnershipVerificationCertificateArn": "The Amazon resource name (ARN) for the public certificate issued by Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", "SecurityPolicy": "The Transport Layer Security (TLS) version of the security policy for this domain name. The valid values are `TLS_1_0` and `TLS_1_2` ." }, "AWS::ApiGatewayV2::DomainName MutualTlsAuthentication": { @@ -2704,7 +2757,7 @@ "CertificateArn": "The Amazon Resource Name (ARN) for the certificate. The certificate must meet specific requirements and you must have proxy authorization enabled. For more information, see [Transport Layer Security (TLS)](https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites) ." }, "AWS::AppMesh::VirtualGateway VirtualGatewayListenerTlsCertificate": { - "ACM": "A reference to an object that represents an AWS Certificate Manager certificate.", + "ACM": "A reference to an object that represents an Certificate Manager certificate.", "File": "A reference to an object that represents a local file certificate.", "SDS": "A reference to an object that represents a virtual gateway's listener's Secret Discovery Service certificate." }, @@ -2749,7 +2802,7 @@ "SecretName": "A reference to an object that represents the name of the secret for a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust." }, "AWS::AppMesh::VirtualGateway VirtualGatewayTlsValidationContextTrust": { - "ACM": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "ACM": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "File": "An object that represents a Transport Layer Security (TLS) validation context trust for a local file.", "SDS": "A reference to an object that represents a virtual gateway's Transport Layer Security (TLS) Secret Discovery Service validation context trust." }, @@ -2849,7 +2902,7 @@ "CertificateArn": "The Amazon Resource Name (ARN) for the certificate. The certificate must meet specific requirements and you must have proxy authorization enabled. For more information, see [Transport Layer Security (TLS)](https://docs.aws.amazon.com/app-mesh/latest/userguide/tls.html#virtual-node-tls-prerequisites) ." }, "AWS::AppMesh::VirtualNode ListenerTlsCertificate": { - "ACM": "A reference to an object that represents an AWS Certificate Manager certificate.", + "ACM": "A reference to an object that represents an Certificate Manager certificate.", "File": "A reference to an object that represents a local file certificate.", "SDS": "A reference to an object that represents a listener's Secret Discovery Service certificate." }, @@ -2916,7 +2969,7 @@ "SecretName": "A reference to an object that represents the name of the secret for a Transport Layer Security (TLS) Secret Discovery Service validation context trust." }, "AWS::AppMesh::VirtualNode TlsValidationContextTrust": { - "ACM": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "ACM": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "File": "An object that represents a Transport Layer Security (TLS) validation context trust for a local file.", "SDS": "A reference to an object that represents a Transport Layer Security (TLS) Secret Discovery Service validation context trust." }, @@ -3259,7 +3312,7 @@ "IdleDisconnectTimeoutInSeconds": "The amount of time that users can be idle (inactive) before they are disconnected from their streaming session and the `DisconnectTimeoutInSeconds` time interval begins. Users are notified before they are disconnected due to inactivity. If they try to reconnect to the streaming session before the time interval specified in `DisconnectTimeoutInSeconds` elapses, they are connected to their previous session. Users are considered idle when they stop providing keyboard or mouse input during their streaming session. File uploads and downloads, audio in, audio out, and pixels changing do not qualify as user activity. If users continue to be idle after the time interval in `IdleDisconnectTimeoutInSeconds` elapses, they are disconnected.\n\nTo prevent users from being disconnected due to inactivity, specify a value of 0. Otherwise, specify a value between 60 and 36000.\n\nIf you enable this feature, we recommend that you specify a value that corresponds exactly to a whole number of minutes (for example, 60, 120, and 180). If you don't do this, the value is rounded to the nearest minute. For example, if you specify a value of 70, users are disconnected after 1 minute of inactivity. If you specify a value that is at the midpoint between two different minutes, the value is rounded up. For example, if you specify a value of 90, users are disconnected after 2 minutes of inactivity.", "ImageArn": "The ARN of the public, private, or shared image to use.", "ImageName": "The name of the image used to create the fleet.", - "InstanceType": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", + "InstanceType": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", "MaxConcurrentSessions": "The maximum number of concurrent sessions that can be run on an Elastic fleet. This setting is required for Elastic fleets, but is not used for other fleet types.", "MaxSessionsPerInstance": "Max number of user sessions on an instance. This is applicable only for multi-session fleets.", "MaxUserDurationInSeconds": "The maximum amount of time that a streaming session can remain active, in seconds. If users are still connected to a streaming instance five minutes before this limit is reached, they are prompted to save any open documents before being disconnected. After this time elapses, the instance is terminated and replaced by a new instance.\n\nSpecify a value between 600 and 432000.", @@ -3301,7 +3354,7 @@ "IamRoleArn": "The ARN of the IAM role that is applied to the image builder. To assume a role, the image builder calls the AWS Security Token Service `AssumeRole` API operation and passes the ARN of the role to use. The operation creates a new session with temporary credentials. AppStream 2.0 retrieves the temporary credentials and creates the *appstream_machine_role* credential profile on the instance.\n\nFor more information, see [Using an IAM Role to Grant Permissions to Applications and Scripts Running on AppStream 2.0 Streaming Instances](https://docs.aws.amazon.com/appstream2/latest/developerguide/using-iam-roles-to-grant-permissions-to-applications-scripts-streaming-instances.html) in the *Amazon AppStream 2.0 Administration Guide* .", "ImageArn": "The ARN of the public, private, or shared image to use.", "ImageName": "The name of the image used to create the image builder.", - "InstanceType": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge", + "InstanceType": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge", "Name": "A unique name for the image builder.", "Tags": "An array of key-value pairs.", "VpcConfig": "The VPC configuration for the image builder. You can specify only one subnet." @@ -3536,7 +3589,7 @@ "RelationalDatabaseSourceType": "The type of relational data source." }, "AWS::AppSync::DomainName": { - "CertificateArn": "The Amazon Resource Name (ARN) of the certificate. This will be an AWS Certificate Manager certificate.", + "CertificateArn": "The Amazon Resource Name (ARN) of the certificate. This will be an Certificate Manager certificate.", "Description": "The decription for your domain name.", "DomainName": "The domain name.", "Tags": "A set of tags (key-value pairs) for this domain name." @@ -4066,6 +4119,14 @@ "PatternSet": "The log pattern set." }, "AWS::ApplicationSignals::Discovery": {}, + "AWS::ApplicationSignals::GroupingConfiguration": { + "GroupingAttributeDefinitions": "An array of grouping attribute definitions that specify how services should be grouped based on various attributes and source keys." + }, + "AWS::ApplicationSignals::GroupingConfiguration GroupingAttributeDefinition": { + "DefaultGroupingValue": "The default value to use for this grouping attribute when no value can be derived from the source keys. This ensures all services have a grouping value even if the source data is missing.", + "GroupingName": "The friendly name for this grouping attribute, such as `BusinessUnit` or `Environment` . This name is used to identify the grouping in the console and APIs.", + "GroupingSourceKeys": "An array of source keys used to derive the grouping attribute value from telemetry data, AWS tags, or other sources. For example, [\"business_unit\", \"team\"] would look for values in those fields." + }, "AWS::ApplicationSignals::ServiceLevelObjective": { "BurnRateConfigurations": "Each object in this array defines the length of the look-back window used to calculate one burn rate metric for this SLO. The burn rate measures how fast the service is consuming the error budget, relative to the attainment goal of the SLO.", "Description": "An optional description for this SLO.", @@ -5201,7 +5262,7 @@ "AWS::Batch::ComputeEnvironment Ec2ConfigurationObject": { "ImageIdOverride": "The AMI ID used for instances launched in the compute environment that match the image type. This setting overrides the `imageId` set in the `computeResource` object.\n\n> The AMI that you choose for a compute environment must match the architecture of the instance types that you intend to use for that compute environment. For example, if your compute environment uses A1 instance types, the compute resource AMI that you choose must support ARM instances. Amazon ECS vends both x86 and ARM versions of the Amazon ECS-optimized Amazon Linux 2 AMI. For more information, see [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#ecs-optimized-ami-linux-variants.html) in the *Amazon Elastic Container Service Developer Guide* .", "ImageKubernetesVersion": "The Kubernetes version for the compute environment. If you don't specify a value, the latest version that AWS Batch supports is used.", - "ImageType": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **ECS_AL1** - [Amazon Linux](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami) . Amazon Linux has reached the end-of-life of standard support. For more information, see [Amazon Linux AMI](https://docs.aws.amazon.com/amazon-linux-ami/) .\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types." + "ImageType": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n> AWS will end support for Amazon ECS optimized AL2-optimized and AL2-accelerated AMIs. Starting in January 2026, AWS Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security. For more information on upgrading from AL2 to AL2023, see [How to migrate from ECS AL2 to ECS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/ecs-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/eks-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types." }, "AWS::Batch::ComputeEnvironment EksConfiguration": { "EksClusterArn": "The Amazon Resource Name (ARN) of the Amazon EKS cluster. An example is `arn: *aws* :eks: *us-east-1* : *123456789012* :cluster/ *ClusterForBatch*` .", @@ -5733,6 +5794,50 @@ "Key": "The key associated with a tag.", "Value": "The value associated with a tag." }, + "AWS::Bedrock::AutomatedReasoningPolicy": { + "Description": "The description of the policy.", + "Name": "The name of the policy.", + "PolicyDefinition": "The complete policy definition generated by the build workflow, containing all rules, variables, and custom types extracted from the source documents.", + "Tags": "The tags associated with the Automated Reasoning policy." + }, + "AWS::Bedrock::AutomatedReasoningPolicy PolicyDefinition": { + "Rules": "The collection of rules that define the policy logic.", + "Types": "The custom types defined within the policy definition.", + "Variables": "The variables used within the policy definition.", + "Version": "The version of the policy definition." + }, + "AWS::Bedrock::AutomatedReasoningPolicy PolicyDefinitionRule": { + "AlternateExpression": "An alternative expression for the policy rule.", + "Expression": "The logical expression that defines the rule.", + "Id": "The unique identifier for the policy definition rule." + }, + "AWS::Bedrock::AutomatedReasoningPolicy PolicyDefinitionType": { + "Description": "A description of the custom type defined in the policy.", + "Name": "The name of a custom type defined in the policy.", + "Values": "The possible values for a custom type defined in the policy." + }, + "AWS::Bedrock::AutomatedReasoningPolicy PolicyDefinitionTypeValue": { + "Description": "A description of the policy definition type value.", + "Value": "The value associated with a policy definition type." + }, + "AWS::Bedrock::AutomatedReasoningPolicy PolicyDefinitionVariable": { + "Description": "A description of a variable defined in the policy.", + "Name": "The name of a variable defined in the policy.", + "Type": "The data type of a variable defined in the policy." + }, + "AWS::Bedrock::AutomatedReasoningPolicy Tag": { + "Key": "The key associated with a tag.", + "Value": "The value associated with a tag." + }, + "AWS::Bedrock::AutomatedReasoningPolicyVersion": { + "LastUpdatedDefinitionHash": "The hash of the policy definition that was last updated.", + "PolicyArn": "The Amazon Resource Name (ARN) of the policy.", + "Tags": "The tags associated with the Automated Reasoning policy version." + }, + "AWS::Bedrock::AutomatedReasoningPolicyVersion Tag": { + "Key": "The key associated with a tag.", + "Value": "The value associated with a tag." + }, "AWS::Bedrock::Blueprint": { "BlueprintName": "The blueprint's name.", "KmsEncryptionContext": "Name-value pairs to include as an encryption context.", @@ -5757,8 +5862,12 @@ }, "AWS::Bedrock::DataAutomationProject AudioExtractionCategory": { "State": "Whether generating categorical data from audio is enabled.", + "TypeConfiguration": "This element contains information about extractions from different types. Used to enable speaker and channel labeling for transcripts.", "Types": "The types of data to generate." }, + "AWS::Bedrock::DataAutomationProject AudioExtractionCategoryTypeConfiguration": { + "Transcript": "This element allows you to configure different extractions for your transcript data, such as speaker and channel labeling." + }, "AWS::Bedrock::DataAutomationProject AudioOverrideConfiguration": { "ModalityProcessing": "Sets modality processing for audio files. All modalities are enabled by default." }, @@ -5778,6 +5887,9 @@ "BlueprintStage": "The blueprint's stage.", "BlueprintVersion": "The blueprint's version." }, + "AWS::Bedrock::DataAutomationProject ChannelLabelingConfiguration": { + "State": "State of channel labeling, either enabled or disabled." + }, "AWS::Bedrock::DataAutomationProject CustomOutputConfiguration": { "Blueprints": "A list of blueprints." }, @@ -5851,6 +5963,9 @@ "ModalityRouting": "Lets you set which modalities certain file types are processed as.", "Video": "This element declares whether your project will process video files." }, + "AWS::Bedrock::DataAutomationProject SpeakerLabelingConfiguration": { + "State": "State of speaker labeling, either enabled or disabled." + }, "AWS::Bedrock::DataAutomationProject SplitterConfiguration": { "State": "Whether document splitter is enabled for a project." }, @@ -5864,6 +5979,10 @@ "Key": "The key associated with a tag.", "Value": "The value associated with a tag." }, + "AWS::Bedrock::DataAutomationProject TranscriptConfiguration": { + "ChannelLabeling": "Enables channel labeling. Each audio channel will be labeled with a number, and the transcript will indicate which channel is being used.", + "SpeakerLabeling": "Enables speaker labeling. Each speaker within a transcript will recieve a number, and the transcript will note which speaker is talking." + }, "AWS::Bedrock::DataAutomationProject VideoBoundingBox": { "State": "Whether bounding boxes are enabled for video." }, @@ -6480,6 +6599,7 @@ "Type": "The type of reranking to apply to vector search results. Currently, the only supported value is BEDROCK, which uses Amazon Bedrock foundation models for reranking." }, "AWS::Bedrock::Guardrail": { + "AutomatedReasoningPolicyConfig": "Configuration settings for integrating Automated Reasoning policies with Amazon Bedrock Guardrails.", "BlockedInputMessaging": "The message to return when the guardrail blocks a prompt.", "BlockedOutputsMessaging": "The message to return when the guardrail blocks a model response.", "ContentPolicyConfig": "The content filter policies to configure for the guardrail.", @@ -6493,6 +6613,10 @@ "TopicPolicyConfig": "The topic policies to configure for the guardrail.", "WordPolicyConfig": "The word policy you configure for the guardrail." }, + "AWS::Bedrock::Guardrail AutomatedReasoningPolicyConfig": { + "ConfidenceThreshold": "The minimum confidence level required for Automated Reasoning policy violations to trigger guardrail actions. Values range from 0.0 to 1.0.", + "Policies": "The list of Automated Reasoning policy ARNs that should be applied as part of this guardrail configuration." + }, "AWS::Bedrock::Guardrail ContentFilterConfig": { "InputAction": "Specifies the action to take when harmful content is detected. Supported values include:\n\n- `BLOCK` \u2013 Block the content and replace it with blocked messaging.\n- `NONE` \u2013 Take no action but return detection information in the trace response.", "InputEnabled": "Specifies whether to enable guardrail evaluation on the input. When disabled, you aren't charged for the evaluation. The evaluation doesn't appear in the response.", @@ -6978,6 +7102,298 @@ "InputSchema": "The input schema for the tool in JSON format.", "Name": "The name for the tool." }, + "AWS::BedrockAgentCore::BrowserCustom": { + "Description": "The custom browser.", + "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the execution role.", + "Name": "The name of the custom browser.", + "NetworkConfiguration": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", + "RecordingConfig": "THe custom browser configuration.", + "Tags": "The tags for the custom browser." + }, + "AWS::BedrockAgentCore::BrowserCustom BrowserNetworkConfiguration": { + "NetworkMode": "The network mode.", + "VpcConfig": "" + }, + "AWS::BedrockAgentCore::BrowserCustom RecordingConfig": { + "Enabled": "The recording configuration for a browser. This structure defines how browser sessions are recorded.", + "S3Location": "The S3 location." + }, + "AWS::BedrockAgentCore::BrowserCustom S3Location": { + "Bucket": "The S3 location bucket name.", + "Prefix": "The S3 location object prefix." + }, + "AWS::BedrockAgentCore::BrowserCustom VpcConfig": { + "SecurityGroups": "", + "Subnets": "" + }, + "AWS::BedrockAgentCore::CodeInterpreterCustom": { + "Description": "The code interpreter description.", + "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the execution role.", + "Name": "The name of the code interpreter.", + "NetworkConfiguration": "The network configuration for a code interpreter. This structure defines how the code interpreter connects to the network.", + "Tags": "The tags for the code interpreter." + }, + "AWS::BedrockAgentCore::CodeInterpreterCustom CodeInterpreterNetworkConfiguration": { + "NetworkMode": "The network mode.", + "VpcConfig": "" + }, + "AWS::BedrockAgentCore::CodeInterpreterCustom VpcConfig": { + "SecurityGroups": "", + "Subnets": "" + }, + "AWS::BedrockAgentCore::Gateway": { + "AuthorizerConfiguration": "", + "AuthorizerType": "The authorizer type for the gateway.", + "Description": "The description for the gateway.", + "ExceptionLevel": "The exception level for the gateway.", + "KmsKeyArn": "The KMS key ARN for the gateway.", + "Name": "The name for the gateway.", + "ProtocolConfiguration": "The protocol configuration for the gateway target.", + "ProtocolType": "The protocol type for the gateway target.", + "RoleArn": "", + "Tags": "The tags for the gateway." + }, + "AWS::BedrockAgentCore::Gateway AuthorizerConfiguration": { + "CustomJWTAuthorizer": "The authorizer configuration for the gateway." + }, + "AWS::BedrockAgentCore::Gateway CustomJWTAuthorizerConfiguration": { + "AllowedAudience": "The allowed audience authorized for the gateway target.", + "AllowedClients": "", + "DiscoveryUrl": "The discovery URL for the authorizer configuration." + }, + "AWS::BedrockAgentCore::Gateway GatewayProtocolConfiguration": { + "Mcp": "The gateway protocol configuration for MCP." + }, + "AWS::BedrockAgentCore::Gateway MCPGatewayConfiguration": { + "Instructions": "", + "SearchType": "The MCP gateway configuration search type.", + "SupportedVersions": "The supported versions for the MCP configuration for the gateway target." + }, + "AWS::BedrockAgentCore::Gateway WorkloadIdentityDetails": { + "WorkloadIdentityArn": "" + }, + "AWS::BedrockAgentCore::GatewayTarget": { + "CredentialProviderConfigurations": "The OAuth credential provider configuration.", + "Description": "The description for the gateway target.", + "GatewayIdentifier": "The gateway ID for the gateway target.", + "Name": "The name for the gateway target.", + "TargetConfiguration": "The target configuration for the Smithy model target." + }, + "AWS::BedrockAgentCore::GatewayTarget ApiKeyCredentialProvider": { + "CredentialLocation": "The credential location for the gateway target.", + "CredentialParameterName": "The credential parameter name for the provider for the gateway target.", + "CredentialPrefix": "The API key credential provider for the gateway target.", + "ProviderArn": "The provider ARN for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget ApiSchemaConfiguration": { + "InlinePayload": "The inline payload for the gateway.", + "S3": "The API schema configuration." + }, + "AWS::BedrockAgentCore::GatewayTarget CredentialProvider": { + "ApiKeyCredentialProvider": "The API key credential provider.", + "OauthCredentialProvider": "The OAuth credential provider for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget CredentialProviderConfiguration": { + "CredentialProvider": "The credential provider for the gateway target.", + "CredentialProviderType": "The credential provider type for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget McpLambdaTargetConfiguration": { + "LambdaArn": "The ARN of the Lambda target configuration.", + "ToolSchema": "The tool schema configuration for the gateway target MCP configuration for Lambda." + }, + "AWS::BedrockAgentCore::GatewayTarget McpTargetConfiguration": { + "Lambda": "The Lambda MCP configuration for the gateway target.", + "OpenApiSchema": "The OpenApi schema for the gateway target MCP configuration.", + "SmithyModel": "The target configuration for the Smithy model target." + }, + "AWS::BedrockAgentCore::GatewayTarget OAuthCredentialProvider": { + "CustomParameters": "The OAuth credential provider.", + "ProviderArn": "The provider ARN for the gateway target.", + "Scopes": "The OAuth credential provider scopes." + }, + "AWS::BedrockAgentCore::GatewayTarget S3Configuration": { + "BucketOwnerAccountId": "The S3 configuration bucket owner account ID for the gateway target.", + "Uri": "The configuration URI for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget SchemaDefinition": { + "Description": "The workload identity details for the gateway.", + "Items": "", + "Properties": "The schema definition properties for the gateway target.", + "Required": "The schema definition.", + "Type": "The scheme definition type for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget TargetConfiguration": { + "Mcp": "The target configuration definition for MCP." + }, + "AWS::BedrockAgentCore::GatewayTarget ToolDefinition": { + "Description": "", + "InputSchema": "The input schema for the gateway target.", + "Name": "The tool name.", + "OutputSchema": "The tool definition output schema for the gateway target." + }, + "AWS::BedrockAgentCore::GatewayTarget ToolSchema": { + "InlinePayload": "The inline payload for the gateway target.", + "S3": "The S3 tool schema for the gateway target." + }, + "AWS::BedrockAgentCore::Memory": { + "Description": "", + "EncryptionKeyArn": "The memory encryption key Amazon Resource Name (ARN).", + "EventExpiryDuration": "The event expiry configuration.", + "MemoryExecutionRoleArn": "The memory role ARN.", + "MemoryStrategies": "The memory strategies.", + "Name": "The memory name.", + "Tags": "The tags for the resources." + }, + "AWS::BedrockAgentCore::Memory CustomConfigurationInput": { + "SelfManagedConfiguration": "The custom configuration input.", + "SemanticOverride": "The memory override configuration.", + "SummaryOverride": "The memory configuration override.", + "UserPreferenceOverride": "The memory user preference override." + }, + "AWS::BedrockAgentCore::Memory CustomMemoryStrategy": { + "Configuration": "The memory strategy configuration.", + "CreatedAt": "", + "Description": "The memory strategy description.", + "Name": "The memory strategy name.", + "Namespaces": "The memory strategy namespaces.", + "Status": "The memory strategy status.", + "StrategyId": "The memory strategy ID.", + "Type": "The memory strategy type.", + "UpdatedAt": "The memory strategy update date and time." + }, + "AWS::BedrockAgentCore::Memory InvocationConfigurationInput": { + "PayloadDeliveryBucketName": "The message invocation configuration information for the bucket name.", + "TopicArn": "The memory trigger condition topic Amazon Resource Name (ARN)." + }, + "AWS::BedrockAgentCore::Memory MemoryStrategy": { + "CustomMemoryStrategy": "The memory strategy.", + "SemanticMemoryStrategy": "The memory strategy.", + "SummaryMemoryStrategy": "The memory strategy summary.", + "UserPreferenceMemoryStrategy": "The memory strategy." + }, + "AWS::BedrockAgentCore::Memory MessageBasedTriggerInput": { + "MessageCount": "The memory trigger condition input for the message based trigger message count." + }, + "AWS::BedrockAgentCore::Memory SelfManagedConfiguration": { + "HistoricalContextWindowSize": "The memory configuration for self managed.", + "InvocationConfiguration": "The self managed configuration.", + "TriggerConditions": "" + }, + "AWS::BedrockAgentCore::Memory SemanticMemoryStrategy": { + "CreatedAt": "", + "Description": "The memory strategy description.", + "Name": "The memory strategy name.", + "Namespaces": "The memory strategy namespaces.", + "Status": "", + "StrategyId": "The memory strategy ID.", + "Type": "The memory strategy type.", + "UpdatedAt": "" + }, + "AWS::BedrockAgentCore::Memory SemanticOverride": { + "Consolidation": "The memory override consolidation.", + "Extraction": "The memory override extraction." + }, + "AWS::BedrockAgentCore::Memory SemanticOverrideConsolidationConfigurationInput": { + "AppendToPrompt": "The override configuration.", + "ModelId": "The memory override model ID." + }, + "AWS::BedrockAgentCore::Memory SemanticOverrideExtractionConfigurationInput": { + "AppendToPrompt": "The extraction configuration.", + "ModelId": "The memory override configuration model ID." + }, + "AWS::BedrockAgentCore::Memory SummaryMemoryStrategy": { + "CreatedAt": "", + "Description": "The memory strategy description.", + "Name": "The memory strategy name.", + "Namespaces": "The summary memory strategy.", + "Status": "The memory strategy status.", + "StrategyId": "The memory strategy ID.", + "Type": "The memory strategy type.", + "UpdatedAt": "The memory strategy update date and time." + }, + "AWS::BedrockAgentCore::Memory SummaryOverride": { + "Consolidation": "The memory override consolidation." + }, + "AWS::BedrockAgentCore::Memory SummaryOverrideConsolidationConfigurationInput": { + "AppendToPrompt": "The memory override configuration.", + "ModelId": "The memory override configuration model ID." + }, + "AWS::BedrockAgentCore::Memory TimeBasedTriggerInput": { + "IdleSessionTimeout": "The memory trigger condition input for the session timeout." + }, + "AWS::BedrockAgentCore::Memory TokenBasedTriggerInput": { + "TokenCount": "The token based trigger token count." + }, + "AWS::BedrockAgentCore::Memory TriggerConditionInput": { + "MessageBasedTrigger": "The memory trigger condition input for the message based trigger.", + "TimeBasedTrigger": "The memory trigger condition input.", + "TokenBasedTrigger": "The trigger condition information for a token based trigger." + }, + "AWS::BedrockAgentCore::Memory UserPreferenceMemoryStrategy": { + "CreatedAt": "", + "Description": "The memory strategy description.", + "Name": "The memory strategy name.", + "Namespaces": "The memory namespaces.", + "Status": "The memory strategy status.", + "StrategyId": "The memory strategy ID.", + "Type": "The memory strategy type.", + "UpdatedAt": "The memory strategy update date and time." + }, + "AWS::BedrockAgentCore::Memory UserPreferenceOverride": { + "Consolidation": "The memory override consolidation information.", + "Extraction": "The memory user preferences for extraction." + }, + "AWS::BedrockAgentCore::Memory UserPreferenceOverrideConsolidationConfigurationInput": { + "AppendToPrompt": "The memory configuration.", + "ModelId": "The memory override configuration model ID." + }, + "AWS::BedrockAgentCore::Memory UserPreferenceOverrideExtractionConfigurationInput": { + "AppendToPrompt": "The extraction configuration.", + "ModelId": "The memory override for the model ID." + }, + "AWS::BedrockAgentCore::Runtime": { + "AgentRuntimeArtifact": "The artifact of the agent.", + "AgentRuntimeName": "The name of the AgentCore Runtime endpoint.", + "AuthorizerConfiguration": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "Description": "The agent runtime description.", + "EnvironmentVariables": "The environment variables for the agent.", + "NetworkConfiguration": "The network configuration.", + "ProtocolConfiguration": "The protocol configuration for an agent runtime. This structure defines how the agent runtime communicates with clients.", + "RoleArn": "The Amazon Resource Name (ARN) for for the role.", + "Tags": "The tags for the agent." + }, + "AWS::BedrockAgentCore::Runtime AgentRuntimeArtifact": { + "ContainerConfiguration": "Representation of a container configuration." + }, + "AWS::BedrockAgentCore::Runtime AuthorizerConfiguration": { + "CustomJWTAuthorizer": "Represents inbound authorization configuration options used to authenticate incoming requests." + }, + "AWS::BedrockAgentCore::Runtime ContainerConfiguration": { + "ContainerUri": "The container Uri." + }, + "AWS::BedrockAgentCore::Runtime CustomJWTAuthorizerConfiguration": { + "AllowedAudience": "Represents inbound authorization configuration options used to authenticate incoming requests.", + "AllowedClients": "Represents individual client IDs that are validated in the incoming JWT token validation process.", + "DiscoveryUrl": "The configuration authorization." + }, + "AWS::BedrockAgentCore::Runtime NetworkConfiguration": { + "NetworkMode": "The network mode.", + "NetworkModeConfig": "" + }, + "AWS::BedrockAgentCore::Runtime VpcConfig": { + "SecurityGroups": "", + "Subnets": "" + }, + "AWS::BedrockAgentCore::Runtime WorkloadIdentityDetails": { + "WorkloadIdentityArn": "The Amazon Resource Name (ARN) for the workload identity." + }, + "AWS::BedrockAgentCore::RuntimeEndpoint": { + "AgentRuntimeId": "The agent runtime ID.", + "AgentRuntimeVersion": "The version of the agent.", + "Description": "Contains information about an agent runtime endpoint. An agent runtime is the execution environment for a Amazon Bedrock Agent.", + "Name": "The name of the AgentCore Runtime endpoint.", + "Tags": "The tags for the AgentCore Runtime endpoint." + }, "AWS::Billing::BillingView": { "DataFilterExpression": "See [Expression](https://docs.aws.amazon.com/aws-cost-management/latest/APIReference/API_billing_Expression.html) . Billing view only supports `LINKED_ACCOUNT` and `Tags` .", "Description": "The description of the billing view.", @@ -7272,8 +7688,13 @@ "S3Bucket": "The S3 bucket where Amazon Web Services delivers the report.", "S3Prefix": "The prefix that Amazon Web Services adds to the report name when Amazon Web Services delivers the report. Your prefix can't include spaces.", "S3Region": "The Region of the S3 bucket that Amazon Web Services delivers the report into.", + "Tags": "The tags to be assigned to the report definition resource.", "TimeUnit": "The granularity of the line items in the report." }, + "AWS::CUR::ReportDefinition Tag": { + "Key": "The key of the tag. Tag keys are case sensitive. Each report definition can only have up to one tag with the same key. If you try to add an existing tag with the same key, the existing tag value will be updated to the new value.", + "Value": "The value of the tag. Tag values are case-sensitive. This can be an empty string." + }, "AWS::Cassandra::Keyspace": { "ClientSideTimestampsEnabled": "Indicates whether client-side timestamps are enabled (true) or disabled (false) for all tables in the keyspace. To add a Region to a single-Region keyspace with at least one table, the value must be set to true. After you've enabled client-side timestamps for a table, you can\u2019t disable it again.", "KeyspaceName": "The name of the keyspace to be created. The keyspace name is case sensitive. If you don't specify a name, AWS CloudFormation generates a unique ID and uses that ID for the keyspace name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\n*Length constraints:* Minimum length of 1. Maximum length of 48.", @@ -7375,7 +7796,7 @@ "AWS::CertificateManager::Certificate": { "CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the private certificate authority (CA) that will be used to issue the certificate. If you do not provide an ARN and you are trying to request a private certificate, ACM will attempt to issue a public certificate. For more information about private CAs, see the [AWS Private Certificate Authority](https://docs.aws.amazon.com/privateca/latest/userguide/PcaWelcome.html) user guide. The ARN must have the following form:\n\n`arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012`", "CertificateExport": "You can opt out of allowing export of your certificate by specifying the `DISABLED` option. Allow export of your certificate by specifying the `ENABLED` option.\n\nIf you do not specify an export preference in a new CloudFormation template, it is the same as explicitly denying export of your certificate.", - "CertificateTransparencyLoggingPreference": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` .\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", + "CertificateTransparencyLoggingPreference": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` . This setting doces not apply to private certificates.\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", "DomainName": "The fully qualified domain name (FQDN), such as www.example.com, with which you want to secure an ACM certificate. Use an asterisk (*) to create a wildcard certificate that protects several sites in the same domain. For example, `*.example.com` protects `www.example.com` , `site.example.com` , and `images.example.com.`", "DomainValidationOptions": "Domain information that domain name registrars use to verify your identity.\n\n> In order for a AWS::CertificateManager::Certificate to be provisioned and validated in CloudFormation automatically, the `DomainName` property needs to be identical to one of the `DomainName` property supplied in DomainValidationOptions, if the ValidationMethod is **DNS**. Failing to keep them like-for-like will result in failure to create the domain validation records in Route53.", "KeyAlgorithm": "Specifies the algorithm of the public and private key pair that your certificate uses to encrypt data. RSA is the default key algorithm for ACM certificates. Elliptic Curve Digital Signature Algorithm (ECDSA) keys are smaller, offering security comparable to RSA keys but with greater computing efficiency. However, ECDSA is not supported by all network clients. Some AWS services may require RSA keys, or only support ECDSA keys of a particular size, while others allow the use of either RSA and ECDSA keys to ensure that compatibility is not broken. Check the requirements for the AWS service where you plan to deploy your certificate. For more information about selecting an algorithm, see [Key algorithms](https://docs.aws.amazon.com/acm/latest/userguide/acm-certificate-characteristics.html#algorithms-term) .\n\n> Algorithms supported for an ACM certificate request include:\n> \n> - `RSA_2048`\n> - `EC_prime256v1`\n> - `EC_secp384r1`\n> \n> Other listed algorithms are for imported certificates only. > When you request a private PKI certificate signed by a CA from AWS Private CA, the specified signing algorithm family (RSA or ECDSA) must match the algorithm family of the CA's secret key. \n\nDefault: RSA_2048", @@ -7454,6 +7875,7 @@ "AWS::CleanRooms::AnalysisTemplate": { "AnalysisParameters": "The parameters of the analysis template.", "Description": "The description of the analysis template.", + "ErrorMessageConfiguration": "The configuration that specifies the level of detail in error messages returned by analyses using this template. When set to `DETAILED` , error messages include more information to help troubleshoot issues with PySpark jobs. Detailed error messages may expose underlying data, including sensitive information. Recommended for faster troubleshooting in development and testing environments.", "Format": "The format of the analysis template.", "MembershipIdentifier": "The identifier for a membership resource.", "Name": "The name of the analysis template.", @@ -7489,6 +7911,9 @@ "EntryPoint": "The entry point for the analysis template artifacts.", "RoleArn": "The role ARN for the analysis template artifacts." }, + "AWS::CleanRooms::AnalysisTemplate ErrorMessageConfiguration": { + "Type": "The level of detail for error messages returned by the PySpark job. When set to DETAILED, error messages include more information to help troubleshoot issues with your PySpark job.\n\nBecause this setting may expose sensitive data, it is recommended for development and testing environments." + }, "AWS::CleanRooms::AnalysisTemplate Hash": { "Sha256": "The SHA-256 hash value." }, @@ -7502,6 +7927,7 @@ }, "AWS::CleanRooms::Collaboration": { "AnalyticsEngine": "The analytics engine for the collaboration.\n\n> After July 16, 2025, the `CLEAN_ROOMS_SQL` parameter will no longer be available.", + "AutoApprovedChangeTypes": "The types of change requests that are automatically approved for this collaboration.", "CreatorDisplayName": "A display name of the collaboration creator.", "CreatorMLMemberAbilities": "The ML member abilities for a collaboration member.", "CreatorMemberAbilities": "The abilities granted to the collaboration creator.\n\n*Allowed values* `CAN_QUERY` | `CAN_RECEIVE_RESULTS` | `CAN_RUN_JOB`", @@ -7869,7 +8295,7 @@ "Options": "Specifies the S3 location of your input parameters.", "RuleLocation": "Specifies the S3 location of your Guard rules.", "StackFilters": "Specifies the stack level filters for the Hook.\n\nExample stack level filter in JSON:\n\n`\"StackFilters\": {\"FilteringCriteria\": \"ALL\", \"StackNames\": {\"Exclude\": [ \"stack-1\", \"stack-2\"]}}` \n\nExample stack level filter in YAML:\n\n`StackFilters: FilteringCriteria: ALL StackNames: Exclude: - stack-1 - stack-2`", - "TargetFilters": "Specifies the target filters for the Hook.\n\nExample target filter in JSON:\n\n`\"TargetFilters\": {\"Actions\": [ \"Create\", \"Update\", \"Delete\" ]}` \n\nExample target filter in YAML:\n\n`TargetFilters: Actions: - CREATE - UPDATE - DELETE`", + "TargetFilters": "Specifies the target filters for the Hook.\n\nExample target filter in JSON:\n\n`\"TargetFilters\": {\"Actions\": [ \"CREATE\", \"UPDATE\", \"DELETE\" ]}` \n\nExample target filter in YAML:\n\n`TargetFilters: Actions: - CREATE - UPDATE - DELETE`", "TargetOperations": "Specifies the list of operations the Hook is run against. For more information, see [Hook targets](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-concepts.html#hook-terms-hook-target) in the *AWS CloudFormation Hooks User Guide* .\n\nValid values: `STACK` | `RESOURCE` | `CHANGE_SET` | `CLOUD_CONTROL`" }, "AWS::CloudFormation::GuardHook Options": { @@ -7915,7 +8341,7 @@ "ExecutionRoleArn": "The Amazon Resource Name (ARN) of the task execution role that grants the Hook permission.", "LoggingConfig": "Contains logging configuration information for an extension.", "SchemaHandlerPackage": "A URL to the Amazon S3 bucket for the Hook project package that contains the necessary files for the Hook you want to register.\n\nFor information on generating a schema handler package, see [Modeling custom CloudFormation Hooks](https://docs.aws.amazon.com/cloudformation-cli/latest/hooks-userguide/hooks-model.html) in the *AWS CloudFormation Hooks User Guide* .\n\n> To register the Hook, you must have `s3:GetObject` permissions to access the S3 objects.", - "TypeName": "The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`" + "TypeName": "The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your Hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`" }, "AWS::CloudFormation::HookVersion LoggingConfig": { "LogGroupName": "The Amazon CloudWatch Logs group to which CloudFormation sends error logging information when invoking the extension's handlers.", @@ -8026,8 +8452,8 @@ "OutputValue": "The value associated with the output." }, "AWS::CloudFormation::Stack Tag": { - "Key": "*Required* . A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by AWS have the reserved prefix: `aws:` .", - "Value": "*Required* . A string that contains the value for this tag. You can specify a maximum of 256 characters for a tag value." + "Key": "A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by AWS have the reserved prefix: `aws:` .", + "Value": "A string that contains the value for this tag. You can specify a maximum of 256 characters for a tag value." }, "AWS::CloudFormation::StackSet": { "AdministrationRoleARN": "The Amazon Resource Number (ARN) of the IAM role to use to create this StackSet. Specify an IAM role only if you are using customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account.\n\nUse customized administrator roles to control which users or groups can manage specific StackSets within the same administrator account. For more information, see [Grant self-managed permissions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs-self-managed.html) in the *AWS CloudFormation User Guide* .\n\nValid only if the permissions model is `SELF_MANAGED` .", @@ -8078,8 +8504,8 @@ "Regions": "The names of one or more Regions where you want to create stack instances using the specified AWS accounts ." }, "AWS::CloudFormation::StackSet Tag": { - "Key": "*Required* . A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by AWS have the reserved prefix: `aws:` .", - "Value": "*Required* . A string that contains the value for this tag. You can specify a maximum of 256 characters for a tag value." + "Key": "A string used to identify this tag. You can specify a maximum of 128 characters for a tag key. Tags owned by AWS have the reserved prefix: `aws:` .", + "Value": "A string that contains the value for this tag. You can specify a maximum of 256 characters for a tag value." }, "AWS::CloudFormation::TypeActivation": { "AutoUpdate": "Whether to automatically update the extension in this account and Region when a new *minor* version is published by the extension publisher. Major versions released by the publisher must be manually updated.\n\nThe default is `true` .", @@ -8090,7 +8516,7 @@ "PublisherId": "The ID of the extension publisher.\n\nConditional: You must specify `PublicTypeArn` , or `TypeName` , `Type` , and `PublisherId` .", "Type": "The extension type.\n\nConditional: You must specify `PublicTypeArn` , or `TypeName` , `Type` , and `PublisherId` .", "TypeName": "The name of the extension.\n\nConditional: You must specify `PublicTypeArn` , or `TypeName` , `Type` , and `PublisherId` .", - "TypeNameAlias": "An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", + "TypeNameAlias": "An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", "VersionBump": "Manually updates a previously-activated type to a new major or minor version, if available. You can also use this parameter to update the value of `AutoUpdate` .\n\n- `MAJOR` : CloudFormation updates the extension to the newest major version, if one is available.\n- `MINOR` : CloudFormation updates the extension to the newest minor version, if one is available." }, "AWS::CloudFormation::TypeActivation LoggingConfig": { @@ -8104,6 +8530,7 @@ }, "AWS::CloudFormation::WaitConditionHandle": {}, "AWS::CloudFront::AnycastIpList": { + "IpAddressType": "", "IpCount": "The number of IP addresses in the Anycast static IP list.", "Name": "The name of the Anycast static IP list.", "Tags": "A complex type that contains zero or more `Tag` elements." @@ -8112,6 +8539,7 @@ "AnycastIps": "The static IP addresses that are allocated to the Anycast static IP list.", "Arn": "The Amazon Resource Name (ARN) of the Anycast static IP list.", "Id": "The ID of the Anycast static IP list.", + "IpAddressType": "", "IpCount": "The number of IP addresses in the Anycast static IP list.", "LastModifiedTime": "The last time the Anycast static IP list was modified.", "Name": "The name of the Anycast static IP list.", @@ -8247,7 +8675,7 @@ "AWS::CloudFront::Distribution CustomOriginConfig": { "HTTPPort": "The HTTP port that CloudFront uses to connect to the origin. Specify the HTTP port that the origin listens on.", "HTTPSPort": "The HTTPS port that CloudFront uses to connect to the origin. Specify the HTTPS port that the origin listens on.", - "IpAddressType": "", + "IpAddressType": "Specifies which IP protocol CloudFront uses when connecting to your origin. If your origin uses both IPv4 and IPv6 protocols, you can choose `dualstack` to help optimize reliability.", "OriginKeepaliveTimeout": "Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.\n\nFor more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide* .", "OriginProtocolPolicy": "Specifies the protocol (HTTP or HTTPS) that CloudFront uses to connect to the origin. Valid values are:\n\n- `http-only` \u2013 CloudFront always uses HTTP to connect to the origin.\n- `match-viewer` \u2013 CloudFront connects to the origin using the same protocol that the viewer used to connect to CloudFront.\n- `https-only` \u2013 CloudFront always uses HTTPS to connect to the origin.", "OriginReadTimeout": "Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout* . The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.\n\nFor more information, see [Response timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide* .", @@ -8412,7 +8840,7 @@ "ParameterDefinitions": "The parameters that you specify for a distribution tenant." }, "AWS::CloudFront::Distribution ViewerCertificate": { - "AcmCertificateArn": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", + "AcmCertificateArn": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", "CloudFrontDefaultCertificate": "If the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net` , set this field to `true` .\n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs), omit this field and specify values for the following fields:\n\n- `AcmCertificateArn` or `IamCertificateId` (specify a value for one, not both)\n- `MinimumProtocolVersion`\n- `SslSupportMethod`", "IamCertificateId": "> This field only supports standard distributions. You can't specify this field for multi-tenant distributions. For more information, see [Unsupported features for SaaS Manager for Amazon CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-config-options.html#unsupported-saas) in the *Amazon CloudFront Developer Guide* . > In CloudFormation, this field name is `IamCertificateId` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Identity and Access Management (IAM)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_server-certs.html) , provide the ID of the IAM certificate.\n\nIf you specify an IAM certificate ID, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", "MinimumProtocolVersion": "If the distribution uses `Aliases` (alternate domain names or CNAMEs), specify the security policy that you want CloudFront to use for HTTPS connections with viewers. The security policy determines two settings:\n\n- The minimum SSL/TLS protocol that CloudFront can use to communicate with viewers.\n- The ciphers that CloudFront can use to encrypt the content that it returns to viewers.\n\nFor more information, see [Security Policy](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-values-specify.html#DownloadDistValues-security-policy) and [Supported Protocols and Ciphers Between Viewers and CloudFront](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html#secure-connections-supported-ciphers) in the *Amazon CloudFront Developer Guide* .\n\n> On the CloudFront console, this setting is called *Security Policy* . \n\nWhen you're using SNI only (you set `SSLSupportMethod` to `sni-only` ), you must specify `TLSv1` or higher. (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)\n\nIf the distribution uses the CloudFront domain name such as `d111111abcdef8.cloudfront.net` (you set `CloudFrontDefaultCertificate` to `true` ), CloudFront automatically sets the security policy to `TLSv1` regardless of the value that you set here.", @@ -8421,6 +8849,7 @@ "AWS::CloudFront::Distribution VpcOriginConfig": { "OriginKeepaliveTimeout": "Specifies how long, in seconds, CloudFront persists its connection to the origin. The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 5 seconds.\n\nFor more information, see [Keep-alive timeout (custom origins only)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginKeepaliveTimeout) in the *Amazon CloudFront Developer Guide* .", "OriginReadTimeout": "Specifies how long, in seconds, CloudFront waits for a response from the origin. This is also known as the *origin response timeout* . The minimum timeout is 1 second, the maximum is 120 seconds, and the default (if you don't specify otherwise) is 30 seconds.\n\nFor more information, see [Response timeout](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistValuesOrigin.html#DownloadDistValuesOriginResponseTimeout) in the *Amazon CloudFront Developer Guide* .", + "OwnerAccountId": "", "VpcOriginId": "The VPC origin ID." }, "AWS::CloudFront::DistributionTenant": { @@ -8438,7 +8867,7 @@ "Arn": "The Amazon Resource Name (ARN) of the ACM certificate." }, "AWS::CloudFront::DistributionTenant Customizations": { - "Certificate": "The AWS Certificate Manager (ACM) certificate.", + "Certificate": "The Certificate Manager (ACM) certificate.", "GeoRestrictions": "The geographic restrictions.", "WebAcl": "The AWS WAF web ACL." }, @@ -8451,7 +8880,7 @@ "RestrictionType": "The method that you want to use to restrict distribution of your content by country:\n\n- `none` : No geographic restriction is enabled, meaning access to content is not restricted by client geo location.\n- `blacklist` : The `Location` elements specify the countries in which you don't want CloudFront to distribute your content.\n- `whitelist` : The `Location` elements specify the countries in which you want CloudFront to distribute your content." }, "AWS::CloudFront::DistributionTenant ManagedCertificateRequest": { - "CertificateTransparencyLoggingPreference": "You can opt out of certificate transparency logging by specifying the `disabled` option. Opt in by specifying `enabled` . For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the *AWS Certificate Manager User Guide* .", + "CertificateTransparencyLoggingPreference": "You can opt out of certificate transparency logging by specifying the `disabled` option. Opt in by specifying `enabled` . For more information, see [Certificate Transparency Logging](https://docs.aws.amazon.com/acm/latest/userguide/acm-concepts.html#concept-transparency) in the *Certificate Manager User Guide* .", "PrimaryDomainName": "The primary domain name associated with the CloudFront managed ACM certificate.", "ValidationTokenHost": "Specify how the HTTP validation token will be served when requesting the CloudFront managed ACM certificate.\n\n- For `cloudfront` , CloudFront will automatically serve the validation token. Choose this mode if you can point the domain's DNS to CloudFront immediately.\n- For `self-hosted` , you serve the validation token from your existing infrastructure. Choose this mode when you need to maintain current traffic flow while your certificate is being issued. You can place the validation token at the well-known path on your existing web server, wait for ACM to validate and issue the certificate, and then update your DNS to point to CloudFront." }, @@ -10061,7 +10490,7 @@ "UserPoolId": "The ID of the user pool that is associated with the domain you're updating." }, "AWS::Cognito::UserPoolDomain CustomDomainConfigType": { - "CertificateArn": "The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain." + "CertificateArn": "The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain." }, "AWS::Cognito::UserPoolGroup": { "Description": "A description of the group that you're creating.", @@ -10138,7 +10567,7 @@ "UserPoolId": "The ID of the user pool where you want to apply branding to the classic hosted UI." }, "AWS::Cognito::UserPoolUser": { - "ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.\n\nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the *pre sign-up* trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a `ClientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in AWS Lambda , you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nFor more information, see [Using Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", + "ClientMetadata": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. You create custom workflows by assigning AWS Lambda functions to user pool triggers.\n\nWhen Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a `clientMetadata` attribute that provides the data that you assigned to the ClientMetadata parameter in your request. In your function code, you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nTo review the Lambda trigger types that Amazon Cognito invokes at runtime with API requests, see [Connecting API actions to Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.html#lambda-triggers-by-event) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", "DesiredDeliveryMediums": "Specify `EMAIL` if email will be used to send the welcome message. Specify `SMS` if the phone number will be used. The default value is `SMS` . You can specify more than one value.", "ForceAliasCreation": "This parameter is used only if the `phone_number_verified` or `email_verified` attribute is set to `True` . Otherwise, it is ignored.\n\nIf this parameter is set to `True` and the phone number or email address specified in the `UserAttributes` parameter already exists as an alias with a different user, this request migrates the alias from the previous user to the newly-created user. The previous user will no longer be able to log in using that alias.\n\nIf this parameter is set to `False` , the API throws an `AliasExistsException` error if the alias already exists. The default value is `False` .", "MessageAction": "Set to `RESEND` to resend the invitation message to a user that already exists, and to reset the temporary-password duration with a new temporary password. Set to `SUPPRESS` to suppress sending the message. You can specify only one value.", @@ -10503,12 +10932,16 @@ "Description": "The description of the flow version." }, "AWS::Connect::EmailAddress": { + "AliasConfigurations": "A list of alias configurations for this email address, showing which email addresses forward to this primary address. Each configuration contains the email address ID of an alias that forwards emails to this address.", "Description": "The description of the email address.", "DisplayName": "The display name of email address.", "EmailAddress": "The email address, including the domain.", "InstanceArn": "The Amazon Resource Name (ARN) of the instance.", "Tags": "An array of key-value pairs to apply to this resource." }, + "AWS::Connect::EmailAddress AliasConfiguration": { + "EmailAddressArn": "" + }, "AWS::Connect::EmailAddress Tag": { "Key": "The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -", "Value": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -" @@ -10526,6 +10959,9 @@ "AWS::Connect::EvaluationForm AutoEvaluationConfiguration": { "Enabled": "" }, + "AWS::Connect::EvaluationForm AutomaticFailConfiguration": { + "TargetSection": "" + }, "AWS::Connect::EvaluationForm EvaluationFormBaseItem": { "Section": "A subsection or inner section of an item." }, @@ -10533,12 +10969,38 @@ "Question": "The information of the question.", "Section": "The information of the section." }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementCondition": { + "Operands": "", + "Operator": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementConditionOperand": { + "Expression": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementConfiguration": { + "Action": "", + "Condition": "", + "DefaultAction": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementExpression": { + "Comparator": "", + "Source": "", + "Values": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementSource": { + "RefId": "", + "Type": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormItemEnablementSourceValue": { + "RefId": "", + "Type": "" + }, "AWS::Connect::EvaluationForm EvaluationFormNumericQuestionAutomation": { "AnswerSource": "", "PropertyValue": "The property value of the automation." }, "AWS::Connect::EvaluationForm EvaluationFormNumericQuestionOption": { "AutomaticFail": "The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0.", + "AutomaticFailConfiguration": "", "MaxValue": "The maximum answer value of the range option.", "MinValue": "The minimum answer value of the range option.", "Score": "The score assigned to answer values within the range option.\n\n*Minimum* : 0\n\n*Maximum* : 10" @@ -10550,6 +11012,7 @@ "Options": "The scoring options of the numeric question." }, "AWS::Connect::EvaluationForm EvaluationFormQuestion": { + "Enablement": "", "Instructions": "The instructions of the section.\n\n*Length Constraints* : Minimum length of 0. Maximum length of 1024.", "NotApplicableEnabled": "The flag to enable not applicable answers to the question.", "QuestionType": "The type of the question.\n\n*Allowed values* : `NUMERIC` | `SINGLESELECT` | `TEXT`", @@ -10558,9 +11021,13 @@ "Title": "The title of the question.\n\n*Length Constraints* : Minimum length of 1. Maximum length of 350.", "Weight": "The scoring weight of the section.\n\n*Minimum* : 0\n\n*Maximum* : 100" }, + "AWS::Connect::EvaluationForm EvaluationFormQuestionAutomationAnswerSource": { + "SourceType": "" + }, "AWS::Connect::EvaluationForm EvaluationFormQuestionTypeProperties": { "Numeric": "The properties of the numeric question.", - "SingleSelect": "The properties of the numeric question." + "SingleSelect": "The properties of the numeric question.", + "Text": "" }, "AWS::Connect::EvaluationForm EvaluationFormSection": { "Instructions": "The instructions of the section.", @@ -10570,6 +11037,7 @@ "Weight": "The scoring weight of the section.\n\n*Minimum* : 0\n\n*Maximum* : 100" }, "AWS::Connect::EvaluationForm EvaluationFormSingleSelectQuestionAutomation": { + "AnswerSource": "", "DefaultOptionRefId": "The identifier of the default answer option, when none of the automation options match the criteria.\n\n*Length Constraints* : Minimum length of 1. Maximum length of 40.", "Options": "The automation options of the single select question.\n\n*Minimum* : 1\n\n*Maximum* : 20" }, @@ -10578,6 +11046,7 @@ }, "AWS::Connect::EvaluationForm EvaluationFormSingleSelectQuestionOption": { "AutomaticFail": "The flag to mark the option as automatic fail. If an automatic fail answer is provided, the overall evaluation gets a score of 0.", + "AutomaticFailConfiguration": "", "RefId": "The identifier of the answer option. An identifier must be unique within the question.\n\n*Length Constraints* : Minimum length of 1. Maximum length of 40.", "Score": "The score assigned to the answer option.\n\n*Minimum* : 0\n\n*Maximum* : 10", "Text": "The title of the answer option.\n\n*Length Constraints* : Minimum length of 1. Maximum length of 128." @@ -10587,6 +11056,12 @@ "DisplayAs": "The display mode of the single select question.\n\n*Allowed values* : `DROPDOWN` | `RADIO`", "Options": "The answer options of the single select question.\n\n*Minimum* : 2\n\n*Maximum* : 256" }, + "AWS::Connect::EvaluationForm EvaluationFormTextQuestionAutomation": { + "AnswerSource": "" + }, + "AWS::Connect::EvaluationForm EvaluationFormTextQuestionProperties": { + "Automation": "" + }, "AWS::Connect::EvaluationForm NumericQuestionPropertyValueAutomation": { "Label": "The property label of the automation." }, @@ -10619,7 +11094,7 @@ }, "AWS::Connect::HoursOfOperation HoursOfOperationOverride": { "EffectiveFrom": "The date from which the hours of operation override would be effective.", - "EffectiveTill": "The date till which the hours of operation override would be effective.", + "EffectiveTill": "The date until the hours of operation override is effective.", "HoursOfOperationOverrideId": "The identifier for the hours of operation override.", "OverrideConfig": "", "OverrideDescription": "", @@ -10715,10 +11190,10 @@ "Value": "The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -" }, "AWS::Connect::PredefinedAttribute": { - "AttributeConfiguration": "", + "AttributeConfiguration": "Custom metadata that is associated to predefined attributes to control behavior in upstream services, such as controlling how a predefined attribute should be displayed in the Amazon Connect admin website.", "InstanceArn": "The Amazon Resource Name (ARN) of the instance.", "Name": "The name of the predefined attribute.", - "Purposes": "", + "Purposes": "Values that enable you to categorize your predefined attributes. You can use them in custom UI elements across the Amazon Connect admin website.", "Values": "The values of a predefined attribute." }, "AWS::Connect::PredefinedAttribute AttributeConfiguration": { @@ -10796,6 +11271,7 @@ "DefaultOutboundQueueArn": "The Amazon Resource Name (ARN) of the default outbound queue for the routing profile.", "Description": "The description of the routing profile.", "InstanceArn": "The identifier of the Amazon Connect instance.", + "ManualAssignmentQueueConfigs": "Contains information about the queue and channel for manual assignment behaviour can be enabled.", "MediaConcurrencies": "The channels agents can handle in the Contact Control Panel (CCP) for this routing profile.", "Name": "The name of the routing profile.", "QueueConfigs": "The inbound queues associated with the routing profile. If no queue is added, the agent can make only outbound calls.", @@ -10809,6 +11285,9 @@ "Concurrency": "The number of contacts an agent can have on a channel simultaneously.\n\nValid Range for `VOICE` : Minimum value of 1. Maximum value of 1.\n\nValid Range for `CHAT` : Minimum value of 1. Maximum value of 10.\n\nValid Range for `TASK` : Minimum value of 1. Maximum value of 10.", "CrossChannelBehavior": "Defines the cross-channel routing behavior for each channel that is enabled for this Routing Profile. For example, this allows you to offer an agent a different contact from another channel when they are currently working with a contact from a Voice channel." }, + "AWS::Connect::RoutingProfile RoutingProfileManualAssignmentQueueConfig": { + "QueueReference": "Contains information about a queue resource." + }, "AWS::Connect::RoutingProfile RoutingProfileQueueConfig": { "Delay": "The delay, in seconds, a contact should be in the queue before they are routed to an available agent. For more information, see [Queues: priority and delay](https://docs.aws.amazon.com/connect/latest/adminguide/concepts-routing-profiles-priority.html) in the *Amazon Connect Administrator Guide* .", "Priority": "The order in which contacts are to be handled for the queue. For more information, see [Queues: priority and delay](https://docs.aws.amazon.com/connect/latest/adminguide/concepts-routing-profiles-priority.html) .", @@ -10999,7 +11478,7 @@ "AfterContactWorkTimeLimit": "The After Call Work (ACW) timeout setting, in seconds. This parameter has a minimum value of 0 and a maximum value of 2,000,000 seconds (24 days). Enter 0 if you don't want to allocate a specific amount of ACW time. It essentially means an indefinite amount of time. When the conversation ends, ACW starts; the agent must choose Close contact to end ACW.\n\n> When returned by a `SearchUsers` call, `AfterContactWorkTimeLimit` is returned in milliseconds.", "AutoAccept": "The Auto accept setting.", "DeskPhoneNumber": "The phone number for the user's desk phone.", - "PersistentConnection": "", + "PersistentConnection": "The persistent connection setting for the user.", "PhoneType": "The phone type." }, "AWS::Connect::User UserProficiency": { @@ -11666,7 +12145,7 @@ "ClusterName": "The name of the DAX cluster.", "Description": "The description of the cluster.", "IAMRoleARN": "A valid Amazon Resource Name (ARN) that identifies an IAM role. At runtime, DAX will assume this role and use the role's permissions to access DynamoDB on your behalf.", - "NetworkType": "", + "NetworkType": "The IP address type of the cluster. Values are:\n\n- `ipv4` - IPv4 addresses only\n- `ipv6` - IPv6 addresses only\n- `dual_stack` - Both IPv4 and IPv6 addresses", "NodeType": "The node type for the nodes in the cluster. (All nodes in a DAX cluster are of the same type.)", "NotificationTopicARN": "The Amazon Resource Name (ARN) of the Amazon SNS topic to which notifications will be sent.\n\n> The Amazon SNS topic owner must be same as the DAX cluster owner.", "ParameterGroupName": "The parameter group to be associated with the DAX cluster.", @@ -12287,7 +12766,7 @@ "Description": "A description of the instance profile. Descriptions can have up to 31 characters. A description can contain only ASCII letters, digits, and hyphens ('-'). Also, it can't end with a hyphen or contain two consecutive hyphens, and can only begin with a letter.", "InstanceProfileIdentifier": "The identifier of the instance profile. Identifiers must begin with a letter and must contain only ASCII letters, digits, and hyphens. They can't end with a hyphen, or contain two consecutive hyphens.", "InstanceProfileName": "The user-friendly name for the instance profile.", - "KmsKeyArn": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "KmsKeyArn": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses an AWS owned encryption key to encrypt your resources.", "NetworkType": "Specifies the network type for the instance profile. A value of `IPV4` represents an instance profile with IPv4 network type and only supports IPv4 addressing. A value of `IPV6` represents an instance profile with IPv6 network type and only supports IPv6 addressing. A value of `DUAL` represents an instance profile with dual network type that supports IPv4 and IPv6 addressing.", "PubliclyAccessible": "Specifies the accessibility options for the instance profile. A value of `true` represents an instance profile with a public IP address. A value of `false` represents an instance profile with a private IP address. The default value is `true` .", "SubnetGroupIdentifier": "The identifier of the subnet group that is associated with the instance profile.", @@ -13088,6 +13567,8 @@ "AWS::DataSync::LocationSMB": { "AgentArns": "Specifies the DataSync agent (or agents) that can connect to your SMB file server. You specify an agent by using its Amazon Resource Name (ARN).", "AuthenticationType": "", + "CmkSecretConfig": "Specifies configuration information for a DataSync-managed secret, such as an authentication token or secret key that DataSync uses to access a specific storage location, with a customer-managed AWS KMS key .\n\n> You can use either `CmkSecretConfig` or `CustomSecretConfig` to provide credentials for a `CreateLocation` request. Do not provide both parameters for the same request.", + "CustomSecretConfig": "Specifies configuration information for a customer-managed Secrets Manager secret where a storage location authentication token or secret key is stored in plain text. This configuration includes the secret ARN, and the ARN for an IAM role that provides access to the secret.\n\n> You can use either `CmkSecretConfig` or `CustomSecretConfig` to provide credentials for a `CreateLocation` request. Do not provide both parameters for the same request.", "DnsIpAddresses": "", "Domain": "Specifies the Windows domain name that your SMB file server belongs to. This parameter applies only if `AuthenticationType` is set to `NTLM` .\n\nIf you have multiple domains in your environment, configuring this parameter makes sure that DataSync connects to the right file server.", "KerberosKeytab": "", @@ -13100,6 +13581,17 @@ "Tags": "Specifies labels that help you categorize, filter, and search for your AWS resources. We recommend creating at least a name tag for your location.", "User": "Specifies the user that can mount and access the files, folders, and file metadata in your SMB file server. This parameter applies only if `AuthenticationType` is set to `NTLM` .\n\nFor information about choosing a user with the right level of access for your transfer, see [Providing DataSync access to SMB file servers](https://docs.aws.amazon.com/datasync/latest/userguide/create-smb-location.html#configuring-smb-permissions) ." }, + "AWS::DataSync::LocationSMB CmkSecretConfig": { + "KmsKeyArn": "Specifies the ARN for the customer-managed AWS KMS key that DataSync uses to encrypt the DataSync-managed secret stored for `SecretArn` . DataSync provides this key to AWS Secrets Manager .", + "SecretArn": "Specifies the ARN for the DataSync-managed AWS Secrets Manager secret that that is used to access a specific storage location. This property is generated by DataSync and is read-only. DataSync encrypts this secret with the KMS key that you specify for `KmsKeyArn` ." + }, + "AWS::DataSync::LocationSMB CustomSecretConfig": { + "SecretAccessRoleArn": "Specifies the ARN for the AWS Identity and Access Management role that DataSync uses to access the secret specified for `SecretArn` .", + "SecretArn": "Specifies the ARN for an AWS Secrets Manager secret." + }, + "AWS::DataSync::LocationSMB ManagedSecretConfig": { + "SecretArn": "Specifies the ARN for an AWS Secrets Manager secret." + }, "AWS::DataSync::LocationSMB MountOptions": { "Version": "By default, DataSync automatically chooses an SMB protocol version based on negotiation with your SMB file server. You also can configure DataSync to use a specific SMB version, but we recommend doing this only if DataSync has trouble negotiating with the SMB file server automatically.\n\nThese are the following options for configuring the SMB version:\n\n- `AUTOMATIC` (default): DataSync and the SMB file server negotiate the highest version of SMB that they mutually support between 2.1 and 3.1.1.\n\nThis is the recommended option. If you instead choose a specific version that your file server doesn't support, you may get an `Operation Not Supported` error.\n- `SMB3` : Restricts the protocol negotiation to only SMB version 3.0.2.\n- `SMB2` : Restricts the protocol negotiation to only SMB version 2.1.\n- `SMB2_0` : Restricts the protocol negotiation to only SMB version 2.0.\n- `SMB1` : Restricts the protocol negotiation to only SMB version 1.0.\n\n> The `SMB1` option isn't available when [creating an Amazon FSx for NetApp ONTAP location](https://docs.aws.amazon.com/datasync/latest/userguide/API_CreateLocationFsxOntap.html) ." }, @@ -13492,6 +13984,17 @@ "Name": "The name specified in the environment parameter.", "Value": "The value of the environment profile." }, + "AWS::DataZone::FormType": { + "Description": "The description of the metadata form type.", + "DomainIdentifier": "The identifier of the Amazon DataZone domain in which the form type exists.", + "Model": "The model of the form type.", + "Name": "The name of the form type.", + "OwningProjectIdentifier": "The identifier of the project that owns the form type.", + "Status": "The status of the form type." + }, + "AWS::DataZone::FormType Model": { + "Smithy": "" + }, "AWS::DataZone::GroupProfile": { "DomainIdentifier": "The identifier of the Amazon DataZone domain in which a group profile exists.", "GroupIdentifier": "The ID of the group of a project member.", @@ -13648,7 +14151,7 @@ "DeploymentOrder": "The deployment order of the environment.", "Description": "The environment description.", "EnvironmentBlueprintId": "The environment blueprint ID.", - "Id": "The environment ID.", + "EnvironmentConfigurationId": "", "Name": "The environment name." }, "AWS::DataZone::ProjectProfile EnvironmentConfigurationParameter": { @@ -14084,7 +14587,7 @@ "MasterUserPassword": "The password for the master database user. This password can contain any printable ASCII character except forward slash (/), double quote (\"), or the \"at\" symbol (@).\n\nConstraints: Must contain from 8 to 100 characters.", "MasterUserSecretKmsKeyId": "The Amazon Web Services KMS key identifier to encrypt a secret that is automatically generated and managed in Amazon Web Services Secrets Manager. This setting is valid only if the master user password is managed by Amazon DocumentDB in Amazon Web Services Secrets Manager for the DB cluster.\n\nThe Amazon Web Services KMS key identifier is the key ARN, key ID, alias ARN, or alias name for the KMS key. To use a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN.\n\nIf you don't specify `MasterUserSecretKmsKeyId` , then the `aws/secretsmanager` KMS key is used to encrypt the secret. If the secret is in a different Amazon Web Services account, then you can't use the `aws/secretsmanager` KMS key to encrypt the secret, and you must use a customer managed KMS key.\n\nThere is a default KMS key for your Amazon Web Services account. Your Amazon Web Services account has a different default KMS key for each Amazon Web Services Region.", "MasterUsername": "The name of the master user for the cluster.\n\nConstraints:\n\n- Must be from 1 to 63 letters or numbers.\n- The first character must be a letter.\n- Cannot be a reserved word for the chosen database engine.", - "NetworkType": "", + "NetworkType": "The network type of the cluster.\n\nThe network type is determined by the `DBSubnetGroup` specified for the cluster. A `DBSubnetGroup` can support only the IPv4 protocol or the IPv4 and the IPv6 protocols ( `DUAL` ).\n\nFor more information, see [DocumentDB clusters in a VPC](https://docs.aws.amazon.com/documentdb/latest/developerguide/vpc-clusters.html) in the Amazon DocumentDB Developer Guide.\n\nValid Values: `IPV4` | `DUAL`", "Port": "Specifies the port that the database engine is listening on.", "PreferredBackupWindow": "The daily time range during which automated backups are created if automated backups are enabled using the `BackupRetentionPeriod` parameter.\n\nThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region .\n\nConstraints:\n\n- Must be in the format `hh24:mi-hh24:mi` .\n- Must be in Universal Coordinated Time (UTC).\n- Must not conflict with the preferred maintenance window.\n- Must be at least 30 minutes.", "PreferredMaintenanceWindow": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n\nFormat: `ddd:hh24:mi-ddd:hh24:mi`\n\nThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region , occurring on a random day of the week.\n\nValid days: Mon, Tue, Wed, Thu, Fri, Sat, Sun\n\nConstraints: Minimum 30-minute window.", @@ -14416,7 +14919,7 @@ }, "AWS::EC2::CapacityReservation": { "AvailabilityZone": "The Availability Zone in which to create the Capacity Reservation.", - "AvailabilityZoneId": "The Availability Zone ID of the Capacity Reservation.", + "AvailabilityZoneId": "The ID of the Availability Zone in which the capacity is reserved.", "EbsOptimized": "Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.", "EndDate": "The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to `expired` when it reaches its end date and time.\n\nYou must provide an `EndDate` value if `EndDateType` is `limited` . Omit `EndDate` if `EndDateType` is `unlimited` .\n\nIf the `EndDateType` is `limited` , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.\n\nIf you are requesting a future-dated Capacity Reservation, you can't specify an end date and time that is within the commitment duration.", "EndDateType": "Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:\n\n- `unlimited` - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an `EndDate` if the `EndDateType` is `unlimited` .\n- `limited` - The Capacity Reservation expires automatically at a specified date and time. You must provide an `EndDate` value if the `EndDateType` value is `limited` .", @@ -14502,7 +15005,7 @@ "DnsServers": "Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.", "SecurityGroupIds": "The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.", "SelfServicePortal": "Specify whether to enable the self-service portal for the Client VPN endpoint.\n\nDefault Value: `enabled`", - "ServerCertificateArn": "The ARN of the server certificate. For more information, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", + "ServerCertificateArn": "The ARN of the server certificate. For more information, see the [Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", "SessionTimeoutHours": "The maximum VPN session duration time in hours.\n\nValid values: `8 | 10 | 12 | 24`\n\nDefault value: `24`", "SplitTunnel": "Indicates whether split-tunnel is enabled on the AWS Client VPN endpoint.\n\nBy default, split-tunnel on a VPN endpoint is disabled.\n\nFor information about split-tunnel VPN endpoints, see [Split-tunnel AWS Client VPN endpoint](https://docs.aws.amazon.com/vpn/latest/clientvpn-admin/split-tunnel-vpn.html) in the *AWS Client VPN Administrator Guide* .", "TagSpecifications": "The tags to apply to the Client VPN endpoint during creation.", @@ -14511,7 +15014,7 @@ "VpnPort": "The port number to assign to the Client VPN endpoint for TCP and UDP traffic.\n\nValid Values: `443` | `1194`\n\nDefault Value: `443`" }, "AWS::EC2::ClientVpnEndpoint CertificateAuthenticationRequest": { - "ClientRootCertificateChainArn": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM)." + "ClientRootCertificateChainArn": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM)." }, "AWS::EC2::ClientVpnEndpoint ClientAuthenticationRequest": { "ActiveDirectory": "Information about the Active Directory to be used, if applicable. You must provide this information if *Type* is `directory-service-authentication` .", @@ -14634,10 +15137,10 @@ "AWS::EC2::EC2Fleet EbsBlockDevice": { "DeleteOnTermination": "Indicates whether the EBS volume is deleted on instance termination. For more information, see [Preserving Amazon EBS volumes on instance termination](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#preserving-volumes-on-termination) in the *Amazon EC2 User Guide* .", "Encrypted": "Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to `true` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Amazon EBS encryption](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption.html#encryption-parameters) in the *Amazon EBS User Guide* .\n\nIn no case can you remove encryption from an encrypted volume.\n\nEncrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances) .\n\n- If you are creating a block device mapping for a *new (empty) volume* , you can include this parameter, and specify either `true` for an encrypted volume, or `false` for an unencrypted volume. If you omit this parameter, it defaults to `false` (unencrypted).\n- If you are creating a block device mapping from an *existing encrypted or unencrypted snapshot* , you must omit this parameter. If you include this parameter, the request will fail, regardless of the value that you specify.\n- If you are creating a block device mapping from an *existing unencrypted volume* , you can include this parameter, but you must specify `false` . If you specify `true` , the request will fail. In this case, we recommend that you omit the parameter.\n- If you are creating a block device mapping from an *existing encrypted volume* , you can include this parameter, and specify either `true` or `false` . However, if you specify `false` , the parameter is ignored and the block device mapping is always encrypted. In this case, we recommend that you omit the parameter.", - "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", + "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", "KmsKeyId": "Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.\n\nThis parameter is only supported on `BlockDeviceMapping` objects called by [RunInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RunInstances.html) , [RequestSpotFleet](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotFleet.html) , and [RequestSpotInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestSpotInstances.html) .", "SnapshotId": "The ID of the snapshot.", - "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "VolumeType": "The volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide* ." }, "AWS::EC2::EC2Fleet FleetLaunchTemplateConfigRequest": { @@ -15164,12 +15667,12 @@ "AWS::EC2::LaunchTemplate Ebs": { "DeleteOnTermination": "Indicates whether the EBS volume is deleted on instance termination.", "Encrypted": "Indicates whether the EBS volume is encrypted. Encrypted volumes can only be attached to instances that support Amazon EBS encryption. If you are creating a volume from a snapshot, you can't specify an encryption value.", - "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", + "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", "KmsKeyId": "Identifier (key ID, key alias, key ARN, or alias ARN) of the customer managed KMS key to use for EBS encryption.", "SnapshotId": "The ID of the snapshot.", - "Throughput": "The throughput to provision for a `gp3` volume, with a maximum of 1,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 1000.", + "Throughput": "The throughput to provision for a `gp3` volume, with a maximum of 2,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 2,000.", "VolumeInitializationRate": "Specifies the Amazon EBS Provisioned Rate for Volume Initialization (volume initialization rate), in MiB/s, at which to download the snapshot blocks from Amazon S3 to the volume. This is also known as *volume initialization* . Specifying a volume initialization rate ensures that the volume is initialized at a predictable and consistent rate after creation.\n\nThis parameter is supported only for volumes created from snapshots. Omit this parameter if:\n\n- You want to create the volume using fast snapshot restore. You must specify a snapshot that is enabled for fast snapshot restore. In this case, the volume is fully initialized at creation.\n\n> If you specify a snapshot that is enabled for fast snapshot restore and a volume initialization rate, the volume will be initialized at the specified rate instead of fast snapshot restore.\n- You want to create a volume that is initialized at the default rate.\n\nFor more information, see [Initialize Amazon EBS volumes](https://docs.aws.amazon.com/ebs/latest/userguide/initalize-volume.html) in the *Amazon EC2 User Guide* .\n\nValid range: 100 - 300 MiB/s", - "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "VolumeType": "The volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide* ." }, "AWS::EC2::LaunchTemplate EnaSrdSpecification": { @@ -15404,6 +15907,30 @@ "Key": "The tag key.", "Value": "The tag value." }, + "AWS::EC2::LocalGatewayVirtualInterface": { + "LocalAddress": "The local address.", + "LocalGatewayVirtualInterfaceGroupId": "The ID of the local gateway virtual interface group.", + "OutpostLagId": "The Outpost LAG ID.", + "PeerAddress": "The peer address.", + "PeerBgpAsn": "The peer BGP ASN.", + "PeerBgpAsnExtended": "The extended 32-bit ASN of the BGP peer for use with larger ASN values.", + "Tags": "The tags assigned to the virtual interface.", + "Vlan": "The ID of the VLAN." + }, + "AWS::EC2::LocalGatewayVirtualInterface Tag": { + "Key": "The key of the tag.\n\nConstraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with `aws:` .", + "Value": "The value of the tag.\n\nConstraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters." + }, + "AWS::EC2::LocalGatewayVirtualInterfaceGroup": { + "LocalBgpAsn": "The Autonomous System Number(ASN) for the local Border Gateway Protocol (BGP).", + "LocalBgpAsnExtended": "The extended 32-bit ASN for the local BGP configuration.", + "LocalGatewayId": "The ID of the local gateway.", + "Tags": "The tags assigned to the virtual interface group." + }, + "AWS::EC2::LocalGatewayVirtualInterfaceGroup Tag": { + "Key": "The key of the tag.\n\nConstraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with `aws:` .", + "Value": "The value of the tag.\n\nConstraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters." + }, "AWS::EC2::NatGateway": { "AllocationId": "[Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway. This property is required for a public NAT gateway and cannot be specified with a private NAT gateway.", "ConnectivityType": "Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.", @@ -15413,7 +15940,8 @@ "SecondaryPrivateIpAddressCount": "[Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide* .\n\n`SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be set at the same time.", "SecondaryPrivateIpAddresses": "Secondary private IPv4 addresses. For more information about secondary addresses, see [Create a NAT gateway](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html#nat-gateway-creating) in the *Amazon Virtual Private Cloud User Guide* .\n\n`SecondaryPrivateIpAddressCount` and `SecondaryPrivateIpAddresses` cannot be set at the same time.", "SubnetId": "The ID of the subnet in which the NAT gateway is located.", - "Tags": "The tags for the NAT gateway." + "Tags": "The tags for the NAT gateway.", + "VpcId": "The ID of the VPC in which the NAT gateway is located." }, "AWS::EC2::NatGateway Tag": { "Key": "The tag key.", @@ -15713,6 +16241,7 @@ "AWS::EC2::NetworkInterfaceAttachment": { "DeleteOnTermination": "Whether to delete the network interface when the instance terminates. By default, this value is set to `true` .", "DeviceIndex": "The network interface's position in the attachment order. For example, the first attached network interface has a `DeviceIndex` of 0.", + "EnaQueueCount": "The number of ENA queues created with the instance.", "EnaSrdSpecification": "Configures ENA Express for the network interface that this action attaches to the instance.", "InstanceId": "The ID of the instance to which you will attach the ENI.", "NetworkInterfaceId": "The ID of the ENI that you want to attach." @@ -15929,9 +16458,9 @@ "AWS::EC2::SpotFleet EbsBlockDevice": { "DeleteOnTermination": "Indicates whether the EBS volume is deleted on instance termination. For more information, see [Preserving Amazon EBS volumes on instance termination](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/terminating-instances.html#preserving-volumes-on-termination) in the *Amazon EC2 User Guide* .", "Encrypted": "Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to `true` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Amazon EBS Encryption](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#encryption-parameters) in the *Amazon EC2 User Guide* .\n\nIn no case can you remove encryption from an encrypted volume.\n\nEncrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see [Supported Instance Types](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html#EBSEncryption_supported_instances) .\n\nThis parameter is not returned by [DescribeImageAttribute](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImageAttribute.html) .", - "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", + "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", "SnapshotId": "The ID of the snapshot.", - "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "VolumeSize": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "VolumeType": "The volume type. For more information, see [Amazon EBS volume types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-volume-types.html) in the *Amazon EBS User Guide* ." }, "AWS::EC2::SpotFleet FleetLaunchTemplateSpecification": { @@ -16412,7 +16941,7 @@ "AWS::EC2::VPCEndpoint": { "DnsOptions": "Describes the DNS options for an endpoint.", "IpAddressType": "The supported IP address types.", - "PolicyDocument": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", + "PolicyDocument": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", "PrivateDnsEnabled": "Indicate whether to associate a private hosted zone with the specified VPC. The private hosted zone contains a record set for the default public DNS name for the service for the Region (for example, `kinesis.us-east-1.amazonaws.com` ), which resolves to the private IP addresses of the endpoint network interfaces in the VPC. This enables you to make requests to the default public DNS name for the service instead of the public DNS names that are automatically generated by the VPC endpoint service.\n\nTo use a private hosted zone, you must set the following VPC attributes to `true` : `enableDnsHostnames` and `enableDnsSupport` .\n\nThis property is supported only for interface endpoints.\n\nDefault: `false`", "ResourceConfigurationArn": "The Amazon Resource Name (ARN) of the resource configuration.", "RouteTableIds": "The IDs of the route tables. Routing is supported only for gateway endpoints.", @@ -16726,11 +17255,11 @@ "AutoEnableIO": "Indicates whether the volume is auto-enabled for I/O operations. By default, Amazon EBS disables I/O to the volume from attached EC2 instances when it determines that a volume's data is potentially inconsistent. If the consistency of the volume is not a concern, and you prefer that the volume be made available immediately if it's impaired, you can configure the volume to automatically enable I/O.", "AvailabilityZone": "The ID of the Availability Zone in which to create the volume. For example, `us-east-1a` .\n\nEither `AvailabilityZone` or `AvailabilityZoneId` must be specified, but not both.", "Encrypted": "Indicates whether the volume should be encrypted. The effect of setting the encryption state to `true` depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see [Encryption by default](https://docs.aws.amazon.com/ebs/latest/userguide/work-with-ebs-encr.html#encryption-by-default) in the *Amazon EBS User Guide* .\n\nEncrypted Amazon EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see [Supported instance types](https://docs.aws.amazon.com/ebs/latest/userguide/ebs-encryption-requirements.html#ebs-encryption_supported_instances) .", - "Iops": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS. This parameter is not supported for `gp2` , `st1` , `sc1` , or `standard` volumes.", + "Iops": "The number of I/O operations per second (IOPS) to provision for the volume. Required for `io1` and `io2` volumes. Optional for `gp3` volumes. Omit for all other volume types.\n\nValid ranges:\n\n- gp3: `3,000` ( *default* ) `- 80,000` IOPS\n- io1: `100 - 64,000` IOPS\n- io2: `100 - 256,000` IOPS\n\n> [Instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.", "KmsKeyId": "The identifier of the AWS KMS key to use for Amazon EBS encryption. If `KmsKeyId` is specified, the encrypted state must be `true` .\n\nIf you omit this property and your account is enabled for encryption by default, or *Encrypted* is set to `true` , then the volume is encrypted using the default key specified for your account. If your account does not have a default key, then the volume is encrypted using the AWS managed key .\n\nAlternatively, if you want to specify a different key, you can specify one of the following:\n\n- Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.\n- Key alias. Specify the alias for the key, prefixed with `alias/` . For example, for a key with the alias `my_cmk` , use `alias/my_cmk` . Or to specify the AWS managed key , use `alias/aws/ebs` .\n- Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.\n- Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.", "MultiAttachEnabled": "Indicates whether Amazon EBS Multi-Attach is enabled.\n\nAWS CloudFormation does not currently support updating a single-attach volume to be multi-attach enabled, updating a multi-attach enabled volume to be single-attach, or updating the size or number of I/O operations per second (IOPS) of a multi-attach enabled volume.", "OutpostArn": "The Amazon Resource Name (ARN) of the Outpost.", - "Size": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "Size": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size, and you can specify a volume size that is equal to or larger than the snapshot size.\n\nValid sizes:\n\n- gp2: `1 - 16,384` GiB\n- gp3: `1 - 65,536` GiB\n- io1: `4 - 16,384` GiB\n- io2: `4 - 65,536` GiB\n- st1 and sc1: `125 - 16,384` GiB\n- standard: `1 - 1024` GiB", "SnapshotId": "The snapshot from which to create the volume. You must specify either a snapshot ID or a volume size.", "Tags": "The tags to apply to the volume during creation.", "Throughput": "The throughput to provision for a volume, with a maximum of 1,000 MiB/s.\n\nThis parameter is valid only for `gp3` volumes. The default value is 125.\n\nValid Range: Minimum value of 125. Maximum value of 1000.", @@ -16807,9 +17336,9 @@ "AWS::ECR::Repository": { "EmptyOnDelete": "If true, deleting the repository force deletes the contents of the repository. If false, the repository must be empty before attempting to delete it.", "EncryptionConfiguration": "The encryption configuration for the repository. This determines how the contents of your repository are encrypted at rest.", - "ImageScanningConfiguration": "The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", + "ImageScanningConfiguration": "> The `imageScanningConfiguration` parameter is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see `PutRegistryScanningConfiguration` . \n\nThe image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", "ImageTagMutability": "The tag mutability setting for the repository. If this parameter is omitted, the default setting of `MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.", - "ImageTagMutabilityExclusionFilters": "The image tag mutability exclusion filters associated with the repository. These filters specify which image tags can override the repository's default image tag mutability setting.", + "ImageTagMutabilityExclusionFilters": "A list of filters that specify which image tags are excluded from the repository's image tag mutability setting.", "LifecyclePolicy": "Creates or updates a lifecycle policy. For information about lifecycle policy syntax, see [Lifecycle policy template](https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html) .", "RepositoryName": "The name to use for the repository. The repository name may be specified on its own (such as `nginx-web-app` ) or it can be prepended with a namespace to group the repository into a category (such as `project-a/nginx-web-app` ). If you don't specify a name, AWS CloudFormation generates a unique physical ID and uses that ID for the repository name. For more information, see [Name type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-name.html) .\n\nThe repository name must start with a letter and can only contain lowercase letters, numbers, hyphens, underscores, and forward slashes.\n\n> If you specify a name, you cannot perform updates that require replacement of this resource. You can perform updates that require no or some interruption. If you must replace the resource, specify a new name.", "RepositoryPolicyText": "The JSON repository policy text to apply to the repository. For more information, see [Amazon ECR repository policies](https://docs.aws.amazon.com/AmazonECR/latest/userguide/repository-policy-examples.html) in the *Amazon Elastic Container Registry User Guide* .", @@ -16840,7 +17369,7 @@ "Description": "The description associated with the repository creation template.", "EncryptionConfiguration": "The encryption configuration associated with the repository creation template.", "ImageTagMutability": "The tag mutability setting for the repository. If this parameter is omitted, the default setting of `MUTABLE` will be used which will allow image tags to be overwritten. If `IMMUTABLE` is specified, all image tags within the repository will be immutable which will prevent them from being overwritten.", - "ImageTagMutabilityExclusionFilters": "Defines the image tag mutability exclusion filters to apply when creating repositories from this template. These filters specify which image tags can override the repository's default image tag mutability setting.", + "ImageTagMutabilityExclusionFilters": "A list of filters that specify which image tags are excluded from the repository creation template's image tag mutability setting.", "LifecyclePolicy": "The lifecycle policy to use for repositories created using the template.", "Prefix": "The repository namespace prefix associated with the repository creation template.", "RepositoryPolicy": "The repository policy to apply to repositories created using the template. A repository policy is a permissions policy associated with a repository to control access permissions.", @@ -16860,15 +17389,74 @@ }, "AWS::ECS::CapacityProvider": { "AutoScalingGroupProvider": "The Auto Scaling group settings for the capacity provider.", + "ClusterName": "The cluster that this capacity provider is associated with. Managed instances capacity providers are cluster-scoped, meaning they can only be used within their associated cluster.\n\nThis is required for Managed instances.", + "ManagedInstancesProvider": "The configuration for the Amazon ECS Managed Instances provider. This includes the infrastructure role, the launch template configuration, and tag propagation settings.", "Name": "The name of the capacity provider. If a name is specified, it cannot start with `aws` , `ecs` , or `fargate` . If no name is specified, a default name in the `CFNStackName-CFNResourceName-RandomString` format is used.", "Tags": "The metadata that you apply to the capacity provider to help you categorize and organize it. Each tag consists of a key and an optional value. You define both.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource - 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length - 128 Unicode characters in UTF-8\n- Maximum value length - 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit." }, + "AWS::ECS::CapacityProvider AcceleratorCountRequest": { + "Max": "The maximum number of accelerators. Instance types with more accelerators are excluded from selection.", + "Min": "The minimum number of accelerators. Instance types with fewer accelerators are excluded from selection." + }, + "AWS::ECS::CapacityProvider AcceleratorTotalMemoryMiBRequest": { + "Max": "The maximum total accelerator memory in MiB. Instance types with more accelerator memory are excluded from selection.", + "Min": "The minimum total accelerator memory in MiB. Instance types with less accelerator memory are excluded from selection." + }, "AWS::ECS::CapacityProvider AutoScalingGroupProvider": { "AutoScalingGroupArn": "The Amazon Resource Name (ARN) that identifies the Auto Scaling group, or the Auto Scaling group name.", "ManagedDraining": "The managed draining option for the Auto Scaling group capacity provider. When you enable this, Amazon ECS manages and gracefully drains the EC2 container instances that are in the Auto Scaling group capacity provider.", "ManagedScaling": "The managed scaling settings for the Auto Scaling group capacity provider.", "ManagedTerminationProtection": "The managed termination protection setting to use for the Auto Scaling group capacity provider. This determines whether the Auto Scaling group has managed termination protection. The default is off.\n\n> When using managed termination protection, managed scaling must also be used otherwise managed termination protection doesn't work. \n\nWhen managed termination protection is on, Amazon ECS prevents the Amazon EC2 instances in an Auto Scaling group that contain tasks from being terminated during a scale-in action. The Auto Scaling group and each instance in the Auto Scaling group must have instance protection from scale-in actions on as well. For more information, see [Instance Protection](https://docs.aws.amazon.com/autoscaling/ec2/userguide/as-instance-termination.html#instance-protection) in the *AWS Auto Scaling User Guide* .\n\nWhen managed termination protection is off, your Amazon EC2 instances aren't protected from termination when the Auto Scaling group scales in." }, + "AWS::ECS::CapacityProvider BaselineEbsBandwidthMbpsRequest": { + "Max": "The maximum baseline Amazon EBS bandwidth in Mbps. Instance types with higher Amazon EBS bandwidth are excluded from selection.", + "Min": "The minimum baseline Amazon EBS bandwidth in Mbps. Instance types with lower Amazon EBS bandwidth are excluded from selection." + }, + "AWS::ECS::CapacityProvider InstanceLaunchTemplate": { + "Ec2InstanceProfileArn": "The Amazon Resource Name (ARN) of the instance profile that Amazon ECS applies to Amazon ECS Managed Instances. This instance profile must include the necessary permissions for your tasks to access AWS services and resources.\n\nFor more information, see [Amazon ECS instance profile for Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/managed-instances-instance-profile.html) in the *Amazon ECS Developer Guide* .", + "InstanceRequirements": "The instance requirements. You can specify:\n\n- The instance types\n- Instance requirements such as vCPU count, memory, network performance, and accelerator specifications\n\nAmazon ECS automatically selects the instances that match the specified criteria.", + "Monitoring": "CloudWatch provides two categories of monitoring: basic monitoring and detailed monitoring. By default, your managed instance is configured for basic monitoring. You can optionally enable detailed monitoring to help you more quickly identify and act on operational issues. You can enable or turn off detailed monitoring at launch or when the managed instance is running or stopped. For more information, see [Detailed monitoring for Amazon ECS Managed Instances](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/detailed-monitoring-managed-instances.html) in the Amazon ECS Developer Guide.", + "NetworkConfiguration": "The network configuration for Amazon ECS Managed Instances. This specifies the subnets and security groups that instances use for network connectivity.", + "StorageConfiguration": "The storage configuration for Amazon ECS Managed Instances. This defines the root volume size and type for the instances." + }, + "AWS::ECS::CapacityProvider InstanceRequirementsRequest": { + "AcceleratorCount": "The minimum and maximum number of accelerators for the instance types. This is used when you need instances with specific numbers of GPUs or other accelerators.", + "AcceleratorManufacturers": "The accelerator manufacturers to include. You can specify `nvidia` , `amd` , `amazon-web-services` , or `xilinx` depending on your accelerator requirements.", + "AcceleratorNames": "The specific accelerator names to include. For example, you can specify `a100` , `v100` , `k80` , or other specific accelerator models.", + "AcceleratorTotalMemoryMiB": "The minimum and maximum total accelerator memory in mebibytes (MiB). This is important for GPU workloads that require specific amounts of video memory.", + "AcceleratorTypes": "The accelerator types to include. You can specify `gpu` for graphics processing units, `fpga` for field programmable gate arrays, or `inference` for machine learning inference accelerators.", + "AllowedInstanceTypes": "The instance types to include in the selection. When specified, Amazon ECS only considers these instance types, subject to the other requirements specified.", + "BareMetal": "Indicates whether to include bare metal instance types. Set to `included` to allow bare metal instances, `excluded` to exclude them, or `required` to use only bare metal instances.", + "BaselineEbsBandwidthMbps": "The minimum and maximum baseline Amazon EBS bandwidth in megabits per second (Mbps). This is important for workloads with high storage I/O requirements.", + "BurstablePerformance": "Indicates whether to include burstable performance instance types (T2, T3, T3a, T4g). Set to `included` to allow burstable instances, `excluded` to exclude them, or `required` to use only burstable instances.", + "CpuManufacturers": "The CPU manufacturers to include or exclude. You can specify `intel` , `amd` , or `amazon-web-services` to control which CPU types are used for your workloads.", + "ExcludedInstanceTypes": "The instance types to exclude from selection. Use this to prevent Amazon ECS from selecting specific instance types that may not be suitable for your workloads.", + "InstanceGenerations": "The instance generations to include. You can specify `current` to use the latest generation instances, or `previous` to include previous generation instances for cost optimization.", + "LocalStorage": "Indicates whether to include instance types with local storage. Set to `included` to allow local storage, `excluded` to exclude it, or `required` to use only instances with local storage.", + "LocalStorageTypes": "The local storage types to include. You can specify `hdd` for hard disk drives, `ssd` for solid state drives, or both.", + "MaxSpotPriceAsPercentageOfOptimalOnDemandPrice": "The maximum price for Spot instances as a percentage of the optimal On-Demand price. This provides more precise cost control for Spot instance selection.", + "MemoryGiBPerVCpu": "The minimum and maximum amount of memory per vCPU in gibibytes (GiB). This helps ensure that instance types have the appropriate memory-to-CPU ratio for your workloads.", + "MemoryMiB": "The minimum and maximum amount of memory in mebibytes (MiB) for the instance types. Amazon ECS selects instance types that have memory within this range.", + "NetworkBandwidthGbps": "The minimum and maximum network bandwidth in gigabits per second (Gbps). This is crucial for network-intensive workloads that require high throughput.", + "NetworkInterfaceCount": "The minimum and maximum number of network interfaces for the instance types. This is useful for workloads that require multiple network interfaces.", + "OnDemandMaxPricePercentageOverLowestPrice": "The price protection threshold for On-Demand Instances, as a percentage higher than an identified On-Demand price. The identified On-Demand price is the price of the lowest priced current generation C, M, or R instance type with your specified attributes. If no current generation C, M, or R instance type matches your attributes, then the identified price is from either the lowest priced current generation instance types or, failing that, the lowest priced previous generation instance types that match your attributes. When Amazon ECS selects instance types with your attributes, we will exclude instance types whose price exceeds your specified threshold.", + "RequireHibernateSupport": "Indicates whether the instance types must support hibernation. When set to `true` , only instance types that support hibernation are selected.", + "SpotMaxPricePercentageOverLowestPrice": "The maximum price for Spot instances as a percentage over the lowest priced On-Demand instance. This helps control Spot instance costs while maintaining access to capacity.", + "TotalLocalStorageGB": "The minimum and maximum total local storage in gigabytes (GB) for instance types with local storage.", + "VCpuCount": "The minimum and maximum number of vCPUs for the instance types. Amazon ECS selects instance types that have vCPU counts within this range." + }, + "AWS::ECS::CapacityProvider ManagedInstancesNetworkConfiguration": { + "SecurityGroups": "The list of security group IDs to apply to Amazon ECS Managed Instances. These security groups control the network traffic allowed to and from the instances.", + "Subnets": "The list of subnet IDs where Amazon ECS can launch Amazon ECS Managed Instances. Instances are distributed across the specified subnets for high availability. All subnets must be in the same VPC." + }, + "AWS::ECS::CapacityProvider ManagedInstancesProvider": { + "InfrastructureRoleArn": "The Amazon Resource Name (ARN) of the infrastructure role that Amazon ECS assumes to manage instances. This role must include permissions for Amazon EC2 instance lifecycle management, networking, and any additional AWS services required for your workloads.\n\nFor more information, see [Amazon ECS infrastructure IAM role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/infrastructure_IAM_role.html) in the *Amazon ECS Developer Guide* .", + "InstanceLaunchTemplate": "The launch template that defines how Amazon ECS launches Amazon ECS Managed Instances. This includes the instance profile for your tasks, network and storage configuration, and instance requirements that determine which Amazon EC2 instance types can be used.\n\nFor more information, see [Store instance launch parameters in Amazon EC2 launch templates](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-launch-templates.html) in the *Amazon EC2 User Guide* .", + "PropagateTags": "Determines whether tags from the capacity provider are automatically applied to Amazon ECS Managed Instances. This helps with cost allocation and resource management by ensuring consistent tagging across your infrastructure." + }, + "AWS::ECS::CapacityProvider ManagedInstancesStorageConfiguration": { + "StorageSizeGiB": "The size of the tasks volume." + }, "AWS::ECS::CapacityProvider ManagedScaling": { "InstanceWarmupPeriod": "The period of time, in seconds, after a newly launched Amazon EC2 instance can contribute to CloudWatch metrics for Auto Scaling group. If this parameter is omitted, the default value of `300` seconds is used.", "MaximumScalingStepSize": "The maximum number of Amazon EC2 instances that Amazon ECS will scale out at one time. If this parameter is omitted, the default value of `10000` is used.", @@ -16876,10 +17464,34 @@ "Status": "Determines whether to use managed scaling for the capacity provider.", "TargetCapacity": "The target capacity utilization as a percentage for the capacity provider. The specified value must be greater than `0` and less than or equal to `100` . For example, if you want the capacity provider to maintain 10% spare capacity, then that means the utilization is 90%, so use a `targetCapacity` of `90` . The default value of `100` percent results in the Amazon EC2 instances in your Auto Scaling group being completely used." }, + "AWS::ECS::CapacityProvider MemoryGiBPerVCpuRequest": { + "Max": "The maximum amount of memory per vCPU in GiB. Instance types with a higher memory-to-vCPU ratio are excluded from selection.", + "Min": "The minimum amount of memory per vCPU in GiB. Instance types with a lower memory-to-vCPU ratio are excluded from selection." + }, + "AWS::ECS::CapacityProvider MemoryMiBRequest": { + "Max": "The maximum amount of memory in MiB. Instance types with more memory than this value are excluded from selection.", + "Min": "The minimum amount of memory in MiB. Instance types with less memory than this value are excluded from selection." + }, + "AWS::ECS::CapacityProvider NetworkBandwidthGbpsRequest": { + "Max": "The maximum network bandwidth in Gbps. Instance types with higher network bandwidth are excluded from selection.", + "Min": "The minimum network bandwidth in Gbps. Instance types with lower network bandwidth are excluded from selection." + }, + "AWS::ECS::CapacityProvider NetworkInterfaceCountRequest": { + "Max": "The maximum number of network interfaces. Instance types that support more network interfaces are excluded from selection.", + "Min": "The minimum number of network interfaces. Instance types that support fewer network interfaces are excluded from selection." + }, "AWS::ECS::CapacityProvider Tag": { "Key": "One part of a key-value pair that make up a tag. A `key` is a general label that acts like a category for more specific tag values.", "Value": "The optional part of a key-value pair that make up a tag. A `value` acts as a descriptor within a tag category (key)." }, + "AWS::ECS::CapacityProvider TotalLocalStorageGBRequest": { + "Max": "The maximum total local storage in GB. Instance types with more local storage are excluded from selection.", + "Min": "The minimum total local storage in GB. Instance types with less local storage are excluded from selection." + }, + "AWS::ECS::CapacityProvider VCpuCountRangeRequest": { + "Max": "The maximum number of vCPUs. Instance types with more vCPUs than this value are excluded from selection.", + "Min": "The minimum number of vCPUs. Instance types with fewer vCPUs than this value are excluded from selection." + }, "AWS::ECS::Cluster": { "CapacityProviders": "The short name of one or more capacity providers to associate with the cluster. A capacity provider must be associated with a cluster before it can be included as part of the default capacity provider strategy of the cluster or used in a capacity provider strategy when calling the [CreateService](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateService.html) or [RunTask](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_RunTask.html) actions.\n\nIf specifying a capacity provider that uses an Auto Scaling group, the capacity provider must be created but not associated with another cluster. New Auto Scaling group capacity providers can be created with the [CreateCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_CreateCapacityProvider.html) API operation.\n\nTo use a AWS Fargate capacity provider, specify either the `FARGATE` or `FARGATE_SPOT` capacity providers. The AWS Fargate capacity providers are available to all accounts and only need to be associated with a cluster to be used.\n\nThe [PutCapacityProvider](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_PutCapacityProvider.html) API operation is used to update the list of available capacity providers for a cluster after the cluster is created.", "ClusterName": "A user-generated string that you use to identify your cluster. If you don't specify a name, AWS CloudFormation generates a unique physical ID for the name.", @@ -16941,7 +17553,7 @@ "TaskSetId": "The short name or full Amazon Resource Name (ARN) of the task set to set as the primary task set in the deployment." }, "AWS::ECS::Service": { - "AvailabilityZoneRebalancing": "Indicates whether to use Availability Zone rebalancing for the service.\n\nFor more information, see [Balancing an Amazon ECS service across Availability Zones](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html) in the **Amazon Elastic Container Service Developer Guide** .", + "AvailabilityZoneRebalancing": "Indicates whether to use Availability Zone rebalancing for the service.\n\nFor more information, see [Balancing an Amazon ECS service across Availability Zones](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-rebalancing.html) in the **Amazon Elastic Container Service Developer Guide** .\n\nThe default behavior of `AvailabilityZoneRebalancing` differs between create and update requests:\n\n- For create service requests, when no value is specified for `AvailabilityZoneRebalancing` , Amazon ECS defaults the value to `ENABLED` .\n- For update service requests, when no value is specified for `AvailabilityZoneRebalancing` , Amazon ECS defaults to the existing service\u2019s `AvailabilityZoneRebalancing` value. If the service never had an `AvailabilityZoneRebalancing` value set, Amazon ECS treats this as `DISABLED` .", "CapacityProviderStrategy": "The capacity provider strategy to use for the service.\n\nIf a `capacityProviderStrategy` is specified, the `launchType` parameter must be omitted. If no `capacityProviderStrategy` or `launchType` is specified, the `defaultCapacityProviderStrategy` for the cluster is used.\n\nA capacity provider strategy can contain a maximum of 20 capacity providers.\n\n> To remove this property from your service resource, specify an empty `CapacityProviderStrategyItem` array.", "Cluster": "The short name or full Amazon Resource Name (ARN) of the cluster that you run your service on. If you do not specify a cluster, the default cluster is assumed.", "DeploymentConfiguration": "Optional deployment parameters that control how many tasks run during the deployment and the ordering of stopping and starting tasks.", @@ -16950,8 +17562,8 @@ "EnableECSManagedTags": "Specifies whether to turn on Amazon ECS managed tags for the tasks within the service. For more information, see [Tagging your Amazon ECS resources](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-using-tags.html) in the *Amazon Elastic Container Service Developer Guide* .\n\nWhen you use Amazon ECS managed tags, you must set the `propagateTags` request parameter.", "EnableExecuteCommand": "Determines whether the execute command functionality is turned on for the service. If `true` , the execute command functionality is turned on for all containers in tasks as part of the service.", "ForceNewDeployment": "Determines whether to force a new deployment of the service. By default, deployments aren't forced. You can use this option to start a new deployment with no service definition changes. For example, you can update a service's tasks to use a newer Docker image with the same image/tag combination ( `my_image:latest` ) or to roll Fargate tasks onto a newer platform version.", - "HealthCheckGracePeriodSeconds": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of `0` is used. If you don't use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.", - "LaunchType": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "HealthCheckGracePeriodSeconds": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you do not specify a health check grace period value, the default value of 0 is used. If you do not use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.", + "LaunchType": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .\n\n> If you want to use Managed Instances, you must use the `capacityProviderStrategy` request parameter", "LoadBalancers": "A list of load balancer objects to associate with the service. If you specify the `Role` property, `LoadBalancers` must be specified as well. For information about the number of load balancers that you can specify per service, see [Service Load Balancing](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/service-load-balancing.html) in the *Amazon Elastic Container Service Developer Guide* .\n\n> To remove this property from your service resource, specify an empty `LoadBalancer` array.", "NetworkConfiguration": "The network configuration for the service. This parameter is required for task definitions that use the `awsvpc` network mode to receive their own elastic network interface, and it is not supported for other network modes. For more information, see [Task Networking](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-networking.html) in the *Amazon Elastic Container Service Developer Guide* .", "PlacementConstraints": "An array of placement constraint objects to use for tasks in your service. You can specify a maximum of 10 constraints for each task. This limit includes constraints in the task definition and those specified at runtime.\n\n> To remove this property from your service resource, specify an empty `PlacementConstraint` array.", @@ -16996,8 +17608,10 @@ "AWS::ECS::Service DeploymentConfiguration": { "Alarms": "Information about the CloudWatch alarms.", "BakeTimeInMinutes": "The duration when both blue and green service revisions are running simultaneously after the production traffic has shifted.\n\nThe following rules apply when you don't specify a value:\n\n- For rolling deployments, the value is set to 3 hours (180 minutes).\n- When you use an external deployment controller ( `EXTERNAL` ), or the CodeDeploy blue/green deployment controller ( `CODE_DEPLOY` ), the value is set to 3 hours (180 minutes).\n- For all other cases, the value is set to 36 hours (2160 minutes).", + "CanaryConfiguration": "", "DeploymentCircuitBreaker": "> The deployment circuit breaker can only be used for services using the rolling update ( `ECS` ) deployment type. \n\nThe *deployment circuit breaker* determines whether a service deployment will fail if the service can't reach a steady state. If you use the deployment circuit breaker, a service deployment will transition to a failed state and stop launching new tasks. If you use the rollback option, when a service deployment fails, the service is rolled back to the last deployment that completed successfully. For more information, see [Rolling update](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/deployment-type-ecs.html) in the *Amazon Elastic Container Service Developer Guide*", "LifecycleHooks": "An array of deployment lifecycle hook objects to run custom logic at specific stages of the deployment lifecycle.", + "LinearConfiguration": "", "MaximumPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `maximumPercent` parameter represents an upper limit on the number of your service's tasks that are allowed in the `RUNNING` or `PENDING` state during a deployment, as a percentage of the `desiredCount` (rounded down to the nearest integer). This parameter enables you to define the deployment batch size. For example, if your service is using the `REPLICA` service scheduler and has a `desiredCount` of four tasks and a `maximumPercent` value of 200%, the scheduler may start four new tasks before stopping the four older tasks (provided that the cluster resources required to do this are available). The default `maximumPercent` value for a service using the `REPLICA` service scheduler is 200%.\n\nThe Amazon ECS scheduler uses this parameter to replace unhealthy tasks by starting replacement tasks first and then stopping the unhealthy tasks, as long as cluster resources for starting replacement tasks are available. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and tasks in the service use the EC2 launch type, the *maximum percent* value is set to the default value. The *maximum percent* value is used to define the upper limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `maximumPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf the service uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types, and the tasks in the service use the Fargate launch type, the maximum percent value is not used. The value is still returned when describing your service.", "MinimumHealthyPercent": "If a service is using the rolling update ( `ECS` ) deployment type, the `minimumHealthyPercent` represents a lower limit on the number of your service's tasks that must remain in the `RUNNING` state during a deployment, as a percentage of the `desiredCount` (rounded up to the nearest integer). This parameter enables you to deploy without using additional cluster capacity. For example, if your service has a `desiredCount` of four tasks and a `minimumHealthyPercent` of 50%, the service scheduler may stop two existing tasks to free up cluster capacity before starting two new tasks.\n\nIf any tasks are unhealthy and if `maximumPercent` doesn't allow the Amazon ECS scheduler to start replacement tasks, the scheduler stops the unhealthy tasks one-by-one \u2014 using the `minimumHealthyPercent` as a constraint \u2014 to clear up capacity to launch replacement tasks. For more information about how the scheduler replaces unhealthy tasks, see [Amazon ECS services](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs_services.html) .\n\nFor services that *do not* use a load balancer, the following should be noted:\n\n- A service is considered healthy if all essential containers within the tasks in the service pass their health checks.\n- If a task has no essential containers with a health check defined, the service scheduler will wait for 40 seconds after a task reaches a `RUNNING` state before the task is counted towards the minimum healthy percent total.\n- If a task has one or more essential containers with a health check defined, the service scheduler will wait for the task to reach a healthy status before counting it towards the minimum healthy percent total. A task is considered healthy when all essential containers within the task have passed their health checks. The amount of time the service scheduler can wait for is determined by the container health check settings.\n\nFor services that *do* use a load balancer, the following should be noted:\n\n- If a task has no essential containers with a health check defined, the service scheduler will wait for the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n- If a task has an essential container with a health check defined, the service scheduler will wait for both the task to reach a healthy status and the load balancer target group health check to return a healthy status before counting the task towards the minimum healthy percent total.\n\nThe default value for a replica service for `minimumHealthyPercent` is 100%. The default `minimumHealthyPercent` value for a service using the `DAEMON` service schedule is 0% for the AWS CLI , the AWS SDKs, and the APIs and 50% for the AWS Management Console.\n\nThe minimum number of healthy tasks during a deployment is the `desiredCount` multiplied by the `minimumHealthyPercent` /100, rounded up to the nearest integer value.\n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the EC2 launch type, the *minimum healthy percent* value is set to the default value. The *minimum healthy percent* value is used to define the lower limit on the number of the tasks in the service that remain in the `RUNNING` state while the container instances are in the `DRAINING` state.\n\n> You can't specify a custom `minimumHealthyPercent` value for a service that uses either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and has tasks that use the EC2 launch type. \n\nIf a service is using either the blue/green ( `CODE_DEPLOY` ) or `EXTERNAL` deployment types and is running tasks that use the Fargate launch type, the minimum healthy percent value is not used, although it is returned when describing your service.", "Strategy": "The deployment strategy for the service. Choose from these valid values:\n\n- `ROLLING` - When you create a service which uses the rolling update ( `ROLLING` ) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.\n- `BLUE_GREEN` - A blue/green deployment strategy ( `BLUE_GREEN` ) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed." @@ -17006,6 +17620,7 @@ "Type": "The deployment controller type to use.\n\nThe deployment controller is the mechanism that determines how tasks are deployed for your service. The valid options are:\n\n- ECS\n\nWhen you create a service which uses the `ECS` deployment controller, you can choose between the following deployment strategies:\n\n- `ROLLING` : When you create a service which uses the *rolling update* ( `ROLLING` ) deployment strategy, the Amazon ECS service scheduler replaces the currently running tasks with new tasks. The number of tasks that Amazon ECS adds or removes from the service during a rolling update is controlled by the service deployment configuration.\n\nRolling update deployments are best suited for the following scenarios:\n\n- Gradual service updates: You need to update your service incrementally without taking the entire service offline at once.\n- Limited resource requirements: You want to avoid the additional resource costs of running two complete environments simultaneously (as required by blue/green deployments).\n- Acceptable deployment time: Your application can tolerate a longer deployment process, as rolling updates replace tasks one by one.\n- No need for instant roll back: Your service can tolerate a rollback process that takes minutes rather than seconds.\n- Simple deployment process: You prefer a straightforward deployment approach without the complexity of managing multiple environments, target groups, and listeners.\n- No load balancer requirement: Your service doesn't use or require a load balancer, Application Load Balancer , Network Load Balancer , or Service Connect (which are required for blue/green deployments).\n- Stateful applications: Your application maintains state that makes it difficult to run two parallel environments.\n- Cost sensitivity: You want to minimize deployment costs by not running duplicate environments during deployment.\n\nRolling updates are the default deployment strategy for services and provide a balance between deployment safety and resource efficiency for many common application scenarios.\n- `BLUE_GREEN` : A *blue/green* deployment strategy ( `BLUE_GREEN` ) is a release methodology that reduces downtime and risk by running two identical production environments called blue and green. With Amazon ECS blue/green deployments, you can validate new service revisions before directing production traffic to them. This approach provides a safer way to deploy changes with the ability to quickly roll back if needed.\n\nAmazon ECS blue/green deployments are best suited for the following scenarios:\n\n- Service validation: When you need to validate new service revisions before directing production traffic to them\n- Zero downtime: When your service requires zero-downtime deployments\n- Instant roll back: When you need the ability to quickly roll back if issues are detected\n- Load balancer requirement: When your service uses Application Load Balancer , Network Load Balancer , or Service Connect\n- External\n\nUse a third-party deployment controller.\n- Blue/green deployment (powered by CodeDeploy )\n\nCodeDeploy installs an updated version of the application as a new replacement task set and reroutes production traffic from the original application task set to the replacement task set. The original task set is terminated after a successful deployment. Use this deployment controller to verify a new deployment of a service before sending production traffic to it.\n\nWhen updating the deployment controller for a service, consider the following depending on the type of migration you're performing.\n\n- If you have a template that contains the `EXTERNAL` deployment controller information as well as `TaskSet` and `PrimaryTaskSet` resources, and you remove the task set resources from the template when updating from `EXTERNAL` to `ECS` , the `DescribeTaskSet` and `DeleteTaskSet` API calls will return a 400 error after the deployment controller is updated to `ECS` . This results in a delete failure on the task set resources, even though the stack transitions to `UPDATE_COMPLETE` status. For more information, see [Resource removed from stack but not deleted](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/troubleshooting.html#troubleshooting-errors-resource-removed-not-deleted) in the AWS CloudFormation User Guide. To fix this issue, delete the task sets directly using the Amazon ECS `DeleteTaskSet` API. For more information about how to delete a task set, see [DeleteTaskSet](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskSet.html) in the Amazon Elastic Container Service API Reference.\n- If you're migrating from `CODE_DEPLOY` to `ECS` with a new task definition and AWS CloudFormation performs a rollback operation, the Amazon ECS `UpdateService` request fails with the following error:\n\nResource handler returned message: \"Invalid request provided: Unable to update task definition on services with a CODE_DEPLOY deployment controller.\n- After a successful migration from `ECS` to `EXTERNAL` deployment controller, you need to manually remove the `ACTIVE` task set, because Amazon ECS no longer manages the deployment. For information about how to delete a task set, see [DeleteTaskSet](https://docs.aws.amazon.com/AmazonECS/latest/APIReference/API_DeleteTaskSet.html) in the Amazon Elastic Container Service API Reference." }, "AWS::ECS::Service DeploymentLifecycleHook": { + "HookDetails": "Use this field to specify custom parameters that Amazon ECS passes to your hook target invocations (such as a Lambda function).\n\nThis field must be a JSON object as a string.", "HookTargetArn": "The Amazon Resource Name (ARN) of the hook target. Currently, only Lambda function ARNs are supported.\n\nYou must provide this parameter when configuring a deployment lifecycle hook.", "LifecycleStages": "The lifecycle stages at which to run the hook. Choose from these valid values:\n\n- RECONCILE_SERVICE\n\nThe reconciliation stage that only happens when you start a new service deployment with more than 1 service revision in an ACTIVE state.\n\nYou can use a lifecycle hook for this stage.\n- PRE_SCALE_UP\n\nThe green service revision has not started. The blue service revision is handling 100% of the production traffic. There is no test traffic.\n\nYou can use a lifecycle hook for this stage.\n- POST_SCALE_UP\n\nThe green service revision has started. The blue service revision is handling 100% of the production traffic. There is no test traffic.\n\nYou can use a lifecycle hook for this stage.\n- TEST_TRAFFIC_SHIFT\n\nThe blue and green service revisions are running. The blue service revision handles 100% of the production traffic. The green service revision is migrating from 0% to 100% of test traffic.\n\nYou can use a lifecycle hook for this stage.\n- POST_TEST_TRAFFIC_SHIFT\n\nThe test traffic shift is complete. The green service revision handles 100% of the test traffic.\n\nYou can use a lifecycle hook for this stage.\n- PRODUCTION_TRAFFIC_SHIFT\n\nProduction traffic is shifting to the green service revision. The green service revision is migrating from 0% to 100% of production traffic.\n\nYou can use a lifecycle hook for this stage.\n- POST_PRODUCTION_TRAFFIC_SHIFT\n\nThe production traffic shift is complete.\n\nYou can use a lifecycle hook for this stage.\n\nYou must provide this parameter when configuring a deployment lifecycle hook.", "RoleArn": "The Amazon Resource Name (ARN) of the IAM role that grants Amazon ECS permission to call Lambda functions on your behalf.\n\nFor more information, see [Permissions required for Lambda functions in Amazon ECS blue/green deployments](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/blue-green-permissions.html) in the *Amazon Elastic Container Service Developer Guide* ." @@ -17132,7 +17747,7 @@ "PidMode": "The process namespace to use for the containers in the task. The valid values are `host` or `task` . On Fargate for Linux containers, the only valid value is `task` . For example, monitoring sidecars might need `pidMode` to access information about other containers running in the same task.\n\nIf `host` is specified, all containers within the tasks that specified the `host` PID mode on the same container instance share the same process namespace with the host Amazon EC2 instance.\n\nIf `task` is specified, all containers within the specified task share the same process namespace.\n\nIf no value is specified, the default is a private namespace for each container.\n\nIf the `host` PID mode is used, there's a heightened risk of undesired process namespace exposure.\n\n> This parameter is not supported for Windows containers. > This parameter is only supported for tasks that are hosted on AWS Fargate if the tasks are using platform version `1.4.0` or later (Linux). This isn't supported for Windows containers on Fargate.", "PlacementConstraints": "An array of placement constraint objects to use for tasks.\n\n> This parameter isn't supported for tasks run on AWS Fargate .", "ProxyConfiguration": "The configuration details for the App Mesh proxy.\n\nYour Amazon ECS container instances require at least version 1.26.0 of the container agent and at least version 1.26.0-1 of the `ecs-init` package to use a proxy configuration. If your container instances are launched from the Amazon ECS optimized AMI version `20190301` or later, they contain the required versions of the container agent and `ecs-init` . For more information, see [Amazon ECS-optimized Linux AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) in the *Amazon Elastic Container Service Developer Guide* .", - "RequiresCompatibilities": "The task launch types the task definition was validated against. The valid values are `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "RequiresCompatibilities": "The task launch types the task definition was validated against. The valid values are `MANAGED_INSTANCES` , `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", "RuntimePlatform": "The operating system that your tasks definitions run on. A platform family is specified only for tasks using the Fargate launch type.", "Tags": "The metadata that you apply to the task definition to help you categorize and organize them. Each tag consists of a key and an optional value. You define both of them.\n\nThe following basic restrictions apply to tags:\n\n- Maximum number of tags per resource - 50\n- For each resource, each tag key must be unique, and each tag key can have only one value.\n- Maximum key length - 128 Unicode characters in UTF-8\n- Maximum value length - 256 Unicode characters in UTF-8\n- If your tagging schema is used across multiple services and resources, remember that other services may have restrictions on allowed characters. Generally allowed characters are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @.\n- Tag keys and values are case-sensitive.\n- Do not use `aws:` , `AWS:` , or any upper or lowercase combination of such as a prefix for either keys or values as it is reserved for AWS use. You cannot edit or delete tag keys or values with this prefix. Tags with this prefix do not count against your tags per resource limit.", "TaskRoleArn": "The short name or full Amazon Resource Name (ARN) of the AWS Identity and Access Management role that grants containers in the task permission to call AWS APIs on your behalf. For more information, see [Amazon ECS Task Role](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html) in the *Amazon Elastic Container Service Developer Guide* .\n\nIAM roles for tasks on Windows require that the `-EnableTaskIAMRole` option is set when you launch the Amazon ECS-optimized Windows AMI. Your containers must also run some configuration code to use the feature. For more information, see [Windows IAM roles for tasks](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/windows_task_IAM_roles.html) in the *Amazon Elastic Container Service Developer Guide* .\n\n> String validation is done on the ECS side. If an invalid string value is given for `TaskRoleArn` , it may cause the Cloudformation job to hang.", @@ -18161,7 +18776,7 @@ "Architecture": "The CPU architecture of an application.", "AutoStartConfiguration": "The configuration for an application to automatically start on job submission.", "AutoStopConfiguration": "The configuration for an application to automatically stop after a certain amount of time being idle.", - "IdentityCenterConfiguration": "A configuration specification to be used when provisioning an application. A configuration consists of a classification, properties, and optional nested configurations. A classification refers to an application-specific configuration file. Properties are the settings you want to change in that file.", + "IdentityCenterConfiguration": "The IAM Identity Center configuration applied to enable trusted identity propagation.", "ImageConfiguration": "The image configuration applied to all worker types.", "InitialCapacity": "The initial capacity of the application.", "InteractiveConfiguration": "The interactive configuration object that enables the interactive use cases for an application.", @@ -18196,7 +18811,7 @@ "Properties": "A set of properties specified within a configuration classification." }, "AWS::EMRServerless::Application IdentityCenterConfiguration": { - "IdentityCenterInstanceArn": "" + "IdentityCenterInstanceArn": "The ARN of the IAM Identity Center instance." }, "AWS::EMRServerless::Application ImageConfigurationInput": { "ImageUri": "The URI of an image in the Amazon ECR registry. This field is required when you create a new application. If you leave this field blank in an update, Amazon EMR will remove the image configuration." @@ -18298,7 +18913,9 @@ "EdgeVTep": "The edge VTEP VLAN subnet. This VLAN subnet manages traffic flowing between the internal network and external networks, including internet access and other site connections.", "ExpansionVlan1": "An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.", "ExpansionVlan2": "An additional VLAN subnet that can be used to extend VCF capabilities once configured. For example, you can configure an expansion VLAN subnet to use NSX Federation for centralized management and synchronization of multiple NSX deployments across different locations.", - "Hcx": "The HCX VLAN subnet. This VLAN subnet allows the HCX Interconnnect (IX) and HCX Network Extension (NE) to reach their peers and enable HCX Service Mesh creation.", + "Hcx": "The HCX VLAN subnet. This VLAN subnet allows the HCX Interconnnect (IX) and HCX Network Extension (NE) to reach their peers and enable HCX Service Mesh creation.\n\nIf you plan to use a public HCX VLAN subnet, the following requirements must be met:\n\n- Must have a /28 netmask and be allocated from the IPAM public pool. Required for HCX internet access configuration.\n- The HCX public VLAN CIDR block must be added to the VPC as a secondary CIDR block.\n- Must have at least two Elastic IP addresses to be allocated from the public IPAM pool for HCX components.", + "HcxNetworkAclId": "A unique ID for a network access control list that the HCX VLAN uses. Required when `isHcxPublic` is set to `true` .", + "IsHcxPublic": "Determines if the HCX VLAN that Amazon EVS provisions is public or private.", "NsxUpLink": "The NSX uplink VLAN subnet. This VLAN subnet allows connectivity to the NSX overlay network.", "VMotion": "The vMotion VLAN subnet. This VLAN subnet carries traffic for vSphere vMotion.", "VSan": "The vSAN VLAN subnet. This VLAN subnet carries the communication between ESXi hosts to implement a vSAN shared storage pool.", @@ -18732,10 +19349,10 @@ "AuthenticateCognitoConfig": "[HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when `Type` is `authenticate-cognito` .", "AuthenticateOidcConfig": "[HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `Type` is `authenticate-oidc` .", "FixedResponseConfig": "[Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when `Type` is `fixed-response` .", - "ForwardConfig": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "ForwardConfig": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "Order": "The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.", "RedirectConfig": "[Application Load Balancer] Information for creating a redirect action. Specify only when `Type` is `redirect` .", - "TargetGroupArn": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "TargetGroupArn": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "Type": "The type of action." }, "AWS::ElasticLoadBalancingV2::Listener AuthenticateCognitoConfig": { @@ -18793,7 +19410,7 @@ "StatusCode": "The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302)." }, "AWS::ElasticLoadBalancingV2::Listener TargetGroupStickinessConfig": { - "DurationSeconds": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "DurationSeconds": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "Enabled": "Indicates whether target group stickiness is enabled." }, "AWS::ElasticLoadBalancingV2::Listener TargetGroupTuple": { @@ -18811,16 +19428,17 @@ "Actions": "The actions.\n\nThe rule must include exactly one of the following types of actions: `forward` , `fixed-response` , or `redirect` , and it must be the last action to be performed. If the rule is for an HTTPS listener, it can also optionally include an authentication action.", "Conditions": "The conditions.\n\nThe rule can optionally include up to one of each of the following conditions: `http-request-method` , `host-header` , `path-pattern` , and `source-ip` . A rule can also optionally include one or more of each of the following conditions: `http-header` and `query-string` .", "ListenerArn": "The Amazon Resource Name (ARN) of the listener.", - "Priority": "The rule priority. A listener can't have multiple rules with the same priority.\n\nIf you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update." + "Priority": "The rule priority. A listener can't have multiple rules with the same priority.\n\nIf you try to reorder rules by updating their priorities, do not specify a new priority if an existing rule already uses this priority, as this can cause an error. If you need to reuse a priority with a different rule, you must remove it as a priority first, and then specify it in a subsequent update.", + "Transforms": "" }, "AWS::ElasticLoadBalancingV2::ListenerRule Action": { "AuthenticateCognitoConfig": "[HTTPS listeners] Information for using Amazon Cognito to authenticate users. Specify only when `Type` is `authenticate-cognito` .", "AuthenticateOidcConfig": "[HTTPS listeners] Information about an identity provider that is compliant with OpenID Connect (OIDC). Specify only when `Type` is `authenticate-oidc` .", "FixedResponseConfig": "[Application Load Balancer] Information for creating an action that returns a custom HTTP response. Specify only when `Type` is `fixed-response` .", - "ForwardConfig": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "ForwardConfig": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "Order": "The order for the action. This value is required for rules with multiple actions. The action with the lowest value for order is performed first.", "RedirectConfig": "[Application Load Balancer] Information for creating a redirect action. Specify only when `Type` is `redirect` .", - "TargetGroupArn": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "TargetGroupArn": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "Type": "The type of action." }, "AWS::ElasticLoadBalancingV2::ListenerRule AuthenticateCognitoConfig": { @@ -18857,20 +19475,23 @@ "TargetGroups": "Information about how traffic will be distributed between multiple target groups in a forward rule." }, "AWS::ElasticLoadBalancingV2::ListenerRule HostHeaderConfig": { - "Values": "The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name." + "RegexValues": "", + "Values": "The host names. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name." }, "AWS::ElasticLoadBalancingV2::ListenerRule HttpHeaderConfig": { "HttpHeaderName": "The name of the HTTP header field. The maximum size is 40 characters. The header name is case insensitive. The allowed characters are specified by RFC 7230. Wildcards are not supported.", - "Values": "The strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string." + "RegexValues": "", + "Values": "The strings to compare against the value of the HTTP header. The maximum length of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string." }, "AWS::ElasticLoadBalancingV2::ListenerRule HttpRequestMethodConfig": { - "Values": "The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached." + "Values": "The name of the request method. The maximum length is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached." }, "AWS::ElasticLoadBalancingV2::ListenerRule PathPatternConfig": { + "RegexValues": "", "Values": "The path patterns to compare against the request URL. The maximum size of each string is 128 characters. The comparison is case sensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf you specify multiple strings, the condition is satisfied if one of them matches the request URL. The path pattern is compared only to the path of the URL, not to its query string." }, "AWS::ElasticLoadBalancingV2::ListenerRule QueryStringConfig": { - "Values": "The key/value pairs or values to find in the query string. The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string." + "Values": "The key/value pairs or values to find in the query string. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string." }, "AWS::ElasticLoadBalancingV2::ListenerRule QueryStringKeyValue": { "Key": "The key. You can omit the key.", @@ -18884,6 +19505,13 @@ "Query": "The query parameters, URL-encoded when necessary, but not percent-encoded. Do not include the leading \"?\", as it is automatically added. You can specify any of the reserved keywords.", "StatusCode": "The HTTP redirect code. The redirect is either permanent (HTTP 301) or temporary (HTTP 302)." }, + "AWS::ElasticLoadBalancingV2::ListenerRule RewriteConfig": { + "Regex": "The regular expression to match in the input string. The maximum length of the string is 1,024 characters.", + "Replace": "The replacement string to use when rewriting the matched input. The maximum length of the string is 1,024 characters. You can specify capture groups in the regular expression (for example, $1 and $2)." + }, + "AWS::ElasticLoadBalancingV2::ListenerRule RewriteConfigObject": { + "Rewrites": "" + }, "AWS::ElasticLoadBalancingV2::ListenerRule RuleCondition": { "Field": "The field in the HTTP request. The following are the possible values:\n\n- `http-header`\n- `http-request-method`\n- `host-header`\n- `path-pattern`\n- `query-string`\n- `source-ip`", "HostHeaderConfig": "Information for a host header condition. Specify only when `Field` is `host-header` .", @@ -18891,6 +19519,7 @@ "HttpRequestMethodConfig": "Information for an HTTP method condition. Specify only when `Field` is `http-request-method` .", "PathPatternConfig": "Information for a path pattern condition. Specify only when `Field` is `path-pattern` .", "QueryStringConfig": "Information for a query string condition. Specify only when `Field` is `query-string` .", + "RegexValues": "The regular expressions to match against the condition field. The maximum length of each string is 128 characters. Specify only when `Field` is `http-header` , `host-header` , or `path-pattern` .", "SourceIpConfig": "Information for a source IP condition. Specify only when `Field` is `source-ip` .", "Values": "The condition value. Specify only when `Field` is `host-header` or `path-pattern` . Alternatively, to specify multiple host names or multiple path patterns, use `HostHeaderConfig` or `PathPatternConfig` .\n\nIf `Field` is `host-header` and you're not using `HostHeaderConfig` , you can specify a single host name (for example, my.example.com). A host name is case insensitive, can be up to 128 characters in length, and can contain any of the following characters.\n\n- A-Z, a-z, 0-9\n- - .\n- * (matches 0 or more characters)\n- ? (matches exactly 1 character)\n\nIf `Field` is `path-pattern` and you're not using `PathPatternConfig` , you can specify a single path pattern (for example, /img/*). A path pattern is case-sensitive, can be up to 128 characters in length, and can contain any of the following characters.\n\n- A-Z, a-z, 0-9\n- _ - . $ / ~ \" ' @ : +\n- & (using &)\n- * (matches 0 or more characters)\n- ? (matches exactly 1 character)" }, @@ -18898,14 +19527,20 @@ "Values": "The source IP addresses, in CIDR format. You can use both IPv4 and IPv6 addresses. Wildcards are not supported.\n\nIf you specify multiple addresses, the condition is satisfied if the source IP address of the request matches one of the CIDR blocks. This condition is not satisfied by the addresses in the X-Forwarded-For header." }, "AWS::ElasticLoadBalancingV2::ListenerRule TargetGroupStickinessConfig": { - "DurationSeconds": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "DurationSeconds": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "Enabled": "Indicates whether target group stickiness is enabled." }, "AWS::ElasticLoadBalancingV2::ListenerRule TargetGroupTuple": { "TargetGroupArn": "The Amazon Resource Name (ARN) of the target group.", "Weight": "The weight. The range is 0 to 999." }, + "AWS::ElasticLoadBalancingV2::ListenerRule Transform": { + "HostHeaderRewriteConfig": "", + "Type": "", + "UrlRewriteConfig": "" + }, "AWS::ElasticLoadBalancingV2::LoadBalancer": { + "EnableCapacityReservationProvisionStabilize": "Indicates whether to enable stabilization when creating or updating an LCU reservation. This ensures that the final stack status reflects the status of the LCU reservation. The default is `false` .", "EnablePrefixForIpv6SourceNat": "[Network Load Balancers with UDP listeners] Indicates whether to use an IPv6 prefix from each subnet for source NAT. The IP address type must be `dualstack` . The default value is `off` .", "EnforceSecurityGroupInboundRulesOnPrivateLinkTraffic": "Indicates whether to evaluate inbound security group rules for traffic sent to a Network Load Balancer through AWS PrivateLink . The default is `on` .\n\nYou can't configure this property on a Network Load Balancer unless you associated a security group with the load balancer when you created it.", "IpAddressType": "The IP address type. Internal load balancers must use `ipv4` .\n\n[Application Load Balancers] The possible values are `ipv4` (IPv4 addresses), `dualstack` (IPv4 and IPv6 addresses), and `dualstack-without-public-ipv4` (public IPv6 addresses and private IPv4 and IPv6 addresses).\n\nApplication Load Balancer authentication supports IPv4 addresses only when connecting to an Identity Provider (IdP) or Amazon Cognito endpoint. Without a public IPv4 address the load balancer can't complete the authentication process, resulting in HTTP 500 errors.\n\n[Network Load Balancers and Gateway Load Balancers] The possible values are `ipv4` (IPv4 addresses) and `dualstack` (IPv4 and IPv6 addresses).", @@ -19037,7 +19672,7 @@ }, "AWS::Elasticsearch::Domain DomainEndpointOptions": { "CustomEndpoint": "The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.", - "CustomEndpointCertificateArn": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "CustomEndpointCertificateArn": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "CustomEndpointEnabled": "True to enable a custom endpoint for the domain. If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .", "EnforceHTTPS": "True to require that all traffic to the domain arrive over HTTPS.", "TLSSecurityPolicy": "The minimum TLS version required for traffic to the domain. Valid values are TLS 1.3 (recommended) or 1.2:\n\n- `Policy-Min-TLS-1-0-2019-07`\n- `Policy-Min-TLS-1-2-2019-07`" @@ -19112,6 +19747,7 @@ }, "AWS::EntityResolution::IdMappingWorkflow IdMappingTechniques": { "IdMappingType": "The type of ID mapping.", + "NormalizationVersion": "", "ProviderProperties": "An object which defines any additional configurations required by the provider service.", "RuleBasedProperties": "An object which defines any additional configurations required by rule-based matching." }, @@ -19418,18 +20054,10 @@ "Value": "The value for the specified tag key." }, "AWS::Events::EventBusPolicy": { - "Action": "The action that you are enabling the other account to perform.", - "Condition": "This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see [What Is AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html) in the *AWS Organizations User Guide* .\n\nIf you specify `Condition` with an AWS organization ID, and specify \"*\" as the value for `Principal` , you grant permission to all the accounts in the named organization.\n\nThe `Condition` is a JSON string which must contain `Type` , `Key` , and `Value` fields.", "EventBusName": "The name of the event bus associated with the rule. If you omit this, the default event bus is used.", - "Principal": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.\n\nIf you specify \"*\" without specifying `Condition` , avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an `account` field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.", "Statement": "A JSON string that describes the permission policy statement. You can include a `Policy` parameter in the request instead of using the `StatementId` , `Action` , `Principal` , or `Condition` parameters.", "StatementId": "An identifier string for the external account that you are granting permissions to. If you later want to revoke the permission for this external account, specify this `StatementId` when you run [RemovePermission](https://docs.aws.amazon.com/eventbridge/latest/APIReference/API_RemovePermission.html) .\n\n> Each `StatementId` must be unique." }, - "AWS::Events::EventBusPolicy Condition": { - "Key": "Specifies the key for the condition. Currently the only supported key is `aws:PrincipalOrgID` .", - "Type": "Specifies the type of condition. Currently the only supported value is `StringEquals` .", - "Value": "Specifies the value for the key. Currently, this must be the ID of the organization." - }, "AWS::Events::Rule": { "Description": "The description of the rule.", "EventBusName": "The name or ARN of the event bus associated with the rule. If you omit this, the default event bus is used.", @@ -19536,7 +20164,7 @@ "PipelineParameterList": "List of Parameter names and values for SageMaker AI Model Building Pipeline execution." }, "AWS::Events::Rule SqsParameters": { - "MessageGroupId": "The FIFO message group ID to use as the target." + "MessageGroupId": "The ID of the message group to use as the target." }, "AWS::Events::Rule Tag": { "Key": "A string you can use to assign a value. The combination of tag keys and values can help you organize and categorize your resources.", @@ -19559,7 +20187,7 @@ "RoleArn": "The Amazon Resource Name (ARN) of the IAM role to be used for this target when the rule is triggered. If one rule triggers multiple targets, you can use a different IAM role for each target.", "RunCommandParameters": "Parameters used when you are using the rule to invoke Amazon EC2 Run Command.", "SageMakerPipelineParameters": "Contains the SageMaker AI Model Building Pipeline parameters to start execution of a SageMaker AI Model Building Pipeline.\n\nIf you specify a SageMaker AI Model Building Pipeline as a target, you can use this to specify parameters to start a pipeline execution based on EventBridge events.", - "SqsParameters": "Contains the message group ID to use when the target is a FIFO queue.\n\nIf you specify an SQS FIFO queue as a target, the queue must have content-based deduplication enabled." + "SqsParameters": "Contains the message group ID to use when the target is an Amazon SQS fair or FIFO queue.\n\nIf you specify a fair or FIFO queue as a target, the queue must have content-based deduplication enabled." }, "AWS::Evidently::Experiment": { "Description": "An optional description of the experiment.", @@ -19959,7 +20587,8 @@ "DailyAutomaticBackupStartTime": "A recurring daily time, in the format `HH:MM` . `HH` is the zero-padded hour of the day (0-23), and `MM` is the zero-padded minute of the hour. For example, `05:00` specifies 5 AM daily.", "DeploymentType": "Specifies the FSx for ONTAP file system deployment type to use in creating the file system.\n\n- `MULTI_AZ_1` - A high availability file system configured for Multi-AZ redundancy to tolerate temporary Availability Zone (AZ) unavailability. This is a first-generation FSx for ONTAP file system.\n- `MULTI_AZ_2` - A high availability file system configured for Multi-AZ redundancy to tolerate temporary AZ unavailability. This is a second-generation FSx for ONTAP file system.\n- `SINGLE_AZ_1` - A file system configured for Single-AZ redundancy. This is a first-generation FSx for ONTAP file system.\n- `SINGLE_AZ_2` - A file system configured with multiple high-availability (HA) pairs for Single-AZ redundancy. This is a second-generation FSx for ONTAP file system.\n\nFor information about the use cases for Multi-AZ and Single-AZ deployments, refer to [Choosing a file system deployment type](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/high-availability-AZ.html) .", "DiskIopsConfiguration": "The SSD IOPS configuration for the FSx for ONTAP file system.", - "EndpointIpAddressRange": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "EndpointIpAddressRange": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "EndpointIpv6AddressRange": "", "FsxAdminPassword": "The ONTAP administrative password for the `fsxadmin` user with which you administer your file system using the NetApp ONTAP CLI and REST API.", "HAPairs": "Specifies how many high-availability (HA) pairs of file servers will power your file system. First-generation file systems are powered by 1 HA pair. Second-generation multi-AZ file systems are powered by 1 HA pair. Second generation single-AZ file systems are powered by up to 12 HA pairs. The default value is 1. The value of this property affects the values of `StorageCapacity` , `Iops` , and `ThroughputCapacity` . For more information, see [High-availability (HA) pairs](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/administering-file-systems.html#HA-pairs) in the FSx for ONTAP user guide. Block storage protocol support (iSCSI and NVMe over TCP) is disabled on file systems with more than 6 HA pairs. For more information, see [Using block storage protocols](https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/supported-fsx-clients.html#using-block-storage) .\n\nAmazon FSx responds with an HTTP status code 400 (Bad Request) for the following conditions:\n\n- The value of `HAPairs` is less than 1 or greater than 12.\n- The value of `HAPairs` is greater than 1 and the value of `DeploymentType` is `SINGLE_AZ_1` , `MULTI_AZ_1` , or `MULTI_AZ_2` .", "PreferredSubnetId": "Required when `DeploymentType` is set to `MULTI_AZ_1` or `MULTI_AZ_2` . This specifies the subnet in which you want the preferred file server to be located.", @@ -19975,7 +20604,7 @@ "DailyAutomaticBackupStartTime": "A recurring daily time, in the format `HH:MM` . `HH` is the zero-padded hour of the day (0-23), and `MM` is the zero-padded minute of the hour. For example, `05:00` specifies 5 AM daily.", "DeploymentType": "Specifies the file system deployment type. Valid values are the following:\n\n- `MULTI_AZ_1` - Creates file systems with high availability and durability by replicating your data and supporting failover across multiple Availability Zones in the same AWS Region .\n- `SINGLE_AZ_HA_2` - Creates file systems with high availability and throughput capacities of 160 - 10,240 MB/s using an NVMe L2ARC cache by deploying a primary and standby file system within the same Availability Zone.\n- `SINGLE_AZ_HA_1` - Creates file systems with high availability and throughput capacities of 64 - 4,096 MB/s by deploying a primary and standby file system within the same Availability Zone.\n- `SINGLE_AZ_2` - Creates file systems with throughput capacities of 160 - 10,240 MB/s using an NVMe L2ARC cache that automatically recover within a single Availability Zone.\n- `SINGLE_AZ_1` - Creates file systems with throughput capacities of 64 - 4,096 MBs that automatically recover within a single Availability Zone.\n\nFor a list of which AWS Regions each deployment type is available in, see [Deployment type availability](https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/availability-durability.html#available-aws-regions) . For more information on the differences in performance between deployment types, see [File system performance](https://docs.aws.amazon.com/fsx/latest/OpenZFSGuide/performance.html#zfs-fs-performance) in the *Amazon FSx for OpenZFS User Guide* .", "DiskIopsConfiguration": "The SSD IOPS (input/output operations per second) configuration for an Amazon FSx for NetApp ONTAP, Amazon FSx for Windows File Server, or FSx for OpenZFS file system. By default, Amazon FSx automatically provisions 3 IOPS per GB of storage capacity. You can provision additional IOPS per GB of storage. The configuration consists of the total number of provisioned SSD IOPS and how it is was provisioned, or the mode (by the customer or by Amazon FSx).", - "EndpointIpAddressRange": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "EndpointIpAddressRange": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "EndpointIpv6AddressRange": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /118 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "Options": "To delete a file system if there are child volumes present below the root volume, use the string `DELETE_CHILD_VOLUMES_AND_SNAPSHOTS` . If your file system has child volumes and you don't use this option, the delete request will fail.", "PreferredSubnetId": "Required when `DeploymentType` is set to `MULTI_AZ_1` . This specifies the subnet in which you want the preferred file server to be located.", @@ -20595,7 +21224,7 @@ "AnywhereConfiguration": "Amazon GameLift Servers Anywhere configuration options.", "ApplyCapacity": "Current resource capacity settings for managed EC2 fleets and managed container fleets. For multi-location fleets, location values might refer to a fleet's remote location or its home Region.\n\n*Returned by:* [DescribeFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetCapacity.html) , [DescribeFleetLocationCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_DescribeFleetLocationCapacity.html) , [UpdateFleetCapacity](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetCapacity.html)", "BuildId": "A unique identifier for a build to be deployed on the new fleet. If you are deploying the fleet with a custom game build, you must specify this property. The build must have been successfully uploaded to Amazon GameLift and be in a `READY` status. This fleet setting cannot be changed once the fleet is created.", - "CertificateConfiguration": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nAWS Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *AWS Certificate Manager User Guide* .", + "CertificateConfiguration": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nCertificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *Certificate Manager User Guide* .", "ComputeType": "The type of compute resource used to host your game servers.\n\n- `EC2` \u2013 The game server build is deployed to Amazon EC2 instances for cloud hosting. This is the default setting.\n- `ANYWHERE` \u2013 Game servers and supporting software are deployed to compute resources that you provide and manage. With this compute type, you can also set the `AnywhereConfiguration` parameter.", "Description": "A description for the fleet.", "EC2InboundPermissions": "The IP address ranges and port settings that allow inbound traffic to access game server processes and other processes on this fleet. Set this parameter for managed EC2 fleets. You can leave this parameter empty when creating the fleet, but you must call [](https://docs.aws.amazon.com/gamelift/latest/apireference/API_UpdateFleetPortSettings) to set it before players can connect to game sessions. As a best practice, we recommend opening ports for remote access only when you need them and closing them when you're finished. For Amazon GameLift Servers Realtime fleets, Amazon GameLift Servers automatically sets TCP and UDP ranges.", @@ -20799,7 +21428,7 @@ "ApplicationLogPaths": "Locations of log files that your content generates during a stream session. Enter path values that are relative to the `ApplicationSourceUri` location. You can specify up to 10 log paths. Amazon GameLift Streams uploads designated log files to the Amazon S3 bucket that you specify in `ApplicationLogOutputUri` at the end of a stream session. To retrieve stored log files, call [GetStreamSession](https://docs.aws.amazon.com/gameliftstreams/latest/apireference/API_GetStreamSession.html) and get the `LogFileLocationUri` .", "ApplicationSourceUri": "The location of the content that you want to stream. Enter an Amazon S3 URI to a bucket that contains your game or other application. The location can have a multi-level prefix structure, but it must include all the files needed to run the content. Amazon GameLift Streams copies everything under the specified location.\n\nThis value is immutable. To designate a different content location, create a new application.\n\n> The Amazon S3 bucket and the Amazon GameLift Streams application must be in the same AWS Region.", "Description": "A human-readable label for the application. You can update this value later.", - "ExecutablePath": "The path and file name of the executable file that launches the content for streaming. Enter a path value that is relative to the location set in `ApplicationSourceUri` .", + "ExecutablePath": "The relative path and file name of the executable file that Amazon GameLift Streams will stream. Specify a path relative to the location set in `ApplicationSourceUri` . The file must be contained within the application's root folder. For Windows applications, the file must be a valid Windows executable or batch file with a filename ending in .exe, .cmd, or .bat. For Linux applications, the file must be a valid Linux binary executable or a script that contains an initial interpreter line starting with a shebang (' `#!` ').", "RuntimeEnvironment": "A set of configuration settings to run the application on a stream group. This configures the operating system, and can include compatibility layers and other drivers.", "Tags": "A list of labels to assign to the new application resource. Tags are developer-defined key-value pairs. Tagging AWS resources is useful for resource management, access management and cost allocation. See [Tagging AWS Resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) in the *AWS General Reference* ." }, @@ -22753,6 +23382,12 @@ "Uri": "The `uri` of a YAML component document file. This must be an S3 URL ( `s3://bucket/key` ), and the requester must have permission to access the S3 bucket it points to. If you use Amazon S3, you can specify component content up to your service quota.\n\nAlternatively, you can specify the YAML document inline, using the component `data` property. You cannot specify both properties.", "Version": "The component version. For example, `1.0.0` ." }, + "AWS::ImageBuilder::Component LatestVersion": { + "Arn": "", + "Major": "", + "Minor": "", + "Patch": "" + }, "AWS::ImageBuilder::ContainerRecipe": { "Components": "Build and test components that are included in the container recipe. Recipes require a minimum of one build component, and can have a maximum of 20 build and test components in any combination.", "ContainerType": "Specifies the type of container, such as Docker.", @@ -22870,10 +23505,12 @@ "DistributionConfigurationArn": "The Amazon Resource Name (ARN) of the distribution configuration that defines and configures the outputs of your pipeline.", "EnhancedImageMetadataEnabled": "Collects additional information about the image being created, including the operating system (OS) version and package list. This information is used to enhance the overall experience of using EC2 Image Builder. Enabled by default.", "ExecutionRole": "The name or Amazon Resource Name (ARN) for the IAM role you create that grants Image Builder access to perform workflow actions.", + "ImagePipelineExecutionSettings": "", "ImageRecipeArn": "The Amazon Resource Name (ARN) of the image recipe that defines how images are configured, tested, and assessed.", "ImageScanningConfiguration": "Contains settings for vulnerability scans.", "ImageTestsConfiguration": "The image tests configuration of the image.", "InfrastructureConfigurationArn": "The Amazon Resource Name (ARN) of the infrastructure configuration that defines the environment in which your image will be built and tested.", + "LoggingConfiguration": "The logging configuration that's defined for the image. Image Builder uses the defined settings to direct execution log output during image creation.", "Tags": "The tags of the image.", "Workflows": "Contains an array of workflow configuration objects." }, @@ -22881,6 +23518,13 @@ "ContainerTags": "Tags for Image Builder to apply to the output container image that Amazon Inspector scans. Tags can help you identify and manage your scanned images.", "RepositoryName": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don\u2019t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images." }, + "AWS::ImageBuilder::Image ImageLoggingConfiguration": { + "LogGroupName": "The log group name that Image Builder uses for image creation. If not specified, the log group name defaults to `/aws/imagebuilder/image-name` ." + }, + "AWS::ImageBuilder::Image ImagePipelineExecutionSettings": { + "DeploymentId": "", + "OnUpdate": "" + }, "AWS::ImageBuilder::Image ImageScanningConfiguration": { "EcrConfiguration": "Contains Amazon ECR settings for vulnerability scans.", "ImageScanningEnabled": "A setting that indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image." @@ -22889,6 +23533,12 @@ "ImageTestsEnabled": "Determines if tests should run after building the image. Image Builder defaults to enable tests to run following the image build, before image distribution.", "TimeoutMinutes": "The maximum time in minutes that tests are permitted to run.\n\n> The timeout property is not currently active. This value is ignored." }, + "AWS::ImageBuilder::Image LatestVersion": { + "Arn": "", + "Major": "", + "Minor": "", + "Patch": "" + }, "AWS::ImageBuilder::Image WorkflowConfiguration": { "OnFailure": "The action to take if the workflow fails.", "ParallelGroup": "Test workflows are defined within named runtime groups called parallel groups. The parallel group is the named group that contains this test workflow. Test workflows within a parallel group can run at the same time. Image Builder starts up to five test workflows in the group at the same time, and starts additional workflows as others complete, until all workflows in the group have completed. This field only applies for test workflows.", @@ -22909,12 +23559,16 @@ "ImageScanningConfiguration": "Contains settings for vulnerability scans.", "ImageTestsConfiguration": "The configuration of the image tests that run after image creation to ensure the quality of the image that was created.", "InfrastructureConfigurationArn": "The Amazon Resource Name (ARN) of the infrastructure configuration associated with this image pipeline.", + "LoggingConfiguration": "Defines logging configuration for the output image.", "Name": "The name of the image pipeline.", "Schedule": "The schedule of the image pipeline. A schedule configures how often and when a pipeline automatically creates a new image.", "Status": "The status of the image pipeline.", "Tags": "The tags of this image pipeline.", "Workflows": "Contains the workflows that run for the image pipeline." }, + "AWS::ImageBuilder::ImagePipeline AutoDisablePolicy": { + "FailureCount": "The number of consecutive scheduled image pipeline executions that must fail before Image Builder automatically disables the pipeline." + }, "AWS::ImageBuilder::ImagePipeline EcrConfiguration": { "ContainerTags": "Tags for Image Builder to apply to the output container image that Amazon Inspector scans. Tags can help you identify and manage your scanned images.", "RepositoryName": "The name of the container repository that Amazon Inspector scans to identify findings for your container images. The name includes the path for the repository location. If you don\u2019t provide this information, Image Builder creates a repository in your account named `image-builder-image-scanning-repository` for vulnerability scans of your output container images." @@ -22927,7 +23581,12 @@ "ImageTestsEnabled": "Defines if tests should be executed when building this image. For example, `true` or `false` .", "TimeoutMinutes": "The maximum time in minutes that tests are permitted to run.\n\n> The timeout property is not currently active. This value is ignored." }, + "AWS::ImageBuilder::ImagePipeline PipelineLoggingConfiguration": { + "ImageLogGroupName": "The log group name that Image Builder uses for image creation. If not specified, the log group name defaults to `/aws/imagebuilder/image-name` .", + "PipelineLogGroupName": "The log group name that Image Builder uses for the log output during creation of a new pipeline. If not specified, the pipeline log group name defaults to `/aws/imagebuilder/pipeline/pipeline-name` ." + }, "AWS::ImageBuilder::ImagePipeline Schedule": { + "AutoDisablePolicy": "The policy that configures when Image Builder should automatically disable a pipeline that is failing.", "PipelineExecutionStartCondition": "The condition configures when the pipeline should trigger a new image build. When the `pipelineExecutionStartCondition` is set to `EXPRESSION_MATCH_AND_DEPENDENCY_UPDATES_AVAILABLE` , and you use semantic version filters on the base image or components in your image recipe, Image Builder will build a new image only when there are new versions of the image or components in your recipe that match the semantic version filter. When it is set to `EXPRESSION_MATCH_ONLY` , it will build a new image every time the CRON expression matches the current time. For semantic version syntax, see [CreateComponent](https://docs.aws.amazon.com/imagebuilder/latest/APIReference/API_CreateComponent.html) in the *Image Builder API Reference* .", "ScheduleExpression": "The cron expression determines how often EC2 Image Builder evaluates your `pipelineExecutionStartCondition` .\n\nFor information on how to format a cron expression in Image Builder, see [Use cron expressions in EC2 Image Builder](https://docs.aws.amazon.com/imagebuilder/latest/userguide/image-builder-cron.html) ." }, @@ -22943,6 +23602,7 @@ }, "AWS::ImageBuilder::ImageRecipe": { "AdditionalInstanceConfiguration": "Before you create a new AMI, Image Builder launches temporary Amazon EC2 instances to build and test your image configuration. Instance configuration adds a layer of control over those instances. You can define settings and add scripts to run when an instance is launched from your AMI.", + "AmiTags": "Tags that are applied to the AMI that Image Builder creates during the Build phase prior to image distribution.", "BlockDeviceMappings": "The block device mappings to apply when creating images from this recipe.", "Components": "The components that are included in the image recipe. Recipes require a minimum of one build component, and can have a maximum of 20 build and test components in any combination.", "Description": "The description of the image recipe.", @@ -23080,6 +23740,12 @@ "Uri": "The `uri` of a YAML component document file. This must be an S3 URL ( `s3://bucket/key` ), and the requester must have permission to access the S3 bucket it points to. If you use Amazon S3, you can specify component content up to your service quota.\n\nAlternatively, you can specify the YAML document inline, using the component `data` property. You cannot specify both properties.", "Version": "The semantic version of this workflow resource. The semantic version syntax adheres to the following rules.\n\n> The semantic version has four nodes: ../. You can assign values for the first three, and can filter on all of them.\n> \n> *Assignment:* For the first three nodes you can assign any positive integer value, including zero, with an upper limit of 2^30-1, or 1073741823 for each node. Image Builder automatically assigns the build number to the fourth node.\n> \n> *Patterns:* You can use any numeric pattern that adheres to the assignment requirements for the nodes that you can assign. For example, you might choose a software version pattern, such as 1.0.0, or a date, such as 2021.01.01." }, + "AWS::ImageBuilder::Workflow LatestVersion": { + "Arn": "", + "Major": "", + "Minor": "", + "Patch": "" + }, "AWS::Inspector::AssessmentTarget": { "AssessmentTargetName": "The name of the Amazon Inspector assessment target. The name must be unique within the AWS account .", "ResourceGroupArn": "The ARN that specifies the resource group that is used to create the assessment target. If `resourceGroupArn` is not specified, all EC2 instances in the current AWS account and Region are included in the assessment target." @@ -24379,7 +25045,7 @@ "Value": "The tag's value." }, "AWS::IoTCoreDeviceAdvisor::SuiteDefinition": { - "SuiteDefinitionConfiguration": "The configuration of the Suite Definition. Listed below are the required elements of the `SuiteDefinitionConfiguration` .\n\n- ***devicePermissionRoleArn*** - The device permission arn.\n\nThis is a required element.\n\n*Type:* String\n- ***devices*** - The list of configured devices under test. For more information on devices under test, see [DeviceUnderTest](https://docs.aws.amazon.com/iot/latest/apireference/API_iotdeviceadvisor_DeviceUnderTest.html)\n\nNot a required element.\n\n*Type:* List of devices under test\n- ***intendedForQualification*** - The tests intended for qualification in a suite.\n\nNot a required element.\n\n*Type:* Boolean\n- ***rootGroup*** - The test suite root group. For more information on creating and using root groups see the [Device Advisor workflow](https://docs.aws.amazon.com/iot/latest/developerguide/device-advisor-workflow.html) .\n\nThis is a required element.\n\n*Type:* String\n- ***suiteDefinitionName*** - The Suite Definition Configuration name.\n\nThis is a required element.\n\n*Type:* String", + "SuiteDefinitionConfiguration": "Gets the suite definition configuration.", "Tags": "Metadata that can be used to manage the the Suite Definition." }, "AWS::IoTCoreDeviceAdvisor::SuiteDefinition DeviceUnderTest": { @@ -26338,7 +27004,7 @@ "Value": "The value associated with the tag. The value can be an empty string but it can't be null." }, "AWS::Kinesis::ResourcePolicy": { - "ResourceArn": "This is the name for the resource policy.", + "ResourceArn": "Returns the Amazon Resource Name (ARN) of the resource-based policy.", "ResourcePolicy": "This is the description for the resource policy." }, "AWS::Kinesis::Stream": { @@ -27403,10 +28069,10 @@ "OnSuccess": "The destination configuration for successful invocations.\n\n> When using an Amazon SQS queue as a destination, FIFO queues cannot be used." }, "AWS::Lambda::EventInvokeConfig OnFailure": { - "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination." + "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination." }, "AWS::Lambda::EventInvokeConfig OnSuccess": { - "Destination": "The Amazon Resource Name (ARN) of the destination resource." + "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) ." }, "AWS::Lambda::EventSourceMapping": { "AmazonManagedKafkaEventSourceConfig": "Specific configuration settings for an Amazon Managed Streaming for Apache Kafka (Amazon MSK) event source.", @@ -27462,7 +28128,7 @@ "Metrics": "The metrics you want your event source mapping to produce. Include `EventCount` to receive event source mapping metrics related to the number of events processed by your event source mapping. For more information about these metrics, see [Event source mapping metrics](https://docs.aws.amazon.com/lambda/latest/dg/monitoring-metrics-types.html#event-source-mapping-metrics) ." }, "AWS::Lambda::EventSourceMapping OnFailure": { - "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination." + "Destination": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination." }, "AWS::Lambda::EventSourceMapping ProvisionedPollerConfig": { "MaximumPollers": "The maximum number of event pollers this event source can scale up to.", @@ -27605,7 +28271,8 @@ "Action": "The action that the principal can use on the function. For example, `lambda:InvokeFunction` or `lambda:GetFunction` .", "EventSourceToken": "For Alexa Smart Home functions, a token that the invoker must supply.", "FunctionName": "The name or ARN of the Lambda function, version, or alias.\n\n**Name formats** - *Function name* \u2013 `my-function` (name-only), `my-function:v1` (with alias).\n- *Function ARN* \u2013 `arn:aws:lambda:us-west-2:123456789012:function:my-function` .\n- *Partial ARN* \u2013 `123456789012:function:my-function` .\n\nYou can append a version number or alias to any of the formats. The length constraint applies only to the full ARN. If you specify only the function name, it is limited to 64 characters in length.", - "FunctionUrlAuthType": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", + "FunctionUrlAuthType": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", + "InvokedViaFunctionUrl": "Restricts the `lambda:InvokeFunction` action to function URL calls. When set to `true` , this prevents the principal from invoking the function by any means other than the function URL. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", "Principal": "The AWS service , AWS account , IAM user, or IAM role that invokes the function. If you specify a service, use `SourceArn` or `SourceAccount` to limit who can invoke the function through that service.", "PrincipalOrgID": "The identifier for your organization in AWS Organizations . Use this to grant permissions to all the AWS accounts under this organization.", "SourceAccount": "For AWS service , the ID of the AWS account that owns the resource. Use this together with `SourceArn` to ensure that the specified account owns the resource. It is possible for an Amazon S3 bucket to be deleted by its owner and recreated by another account.", @@ -27658,6 +28325,7 @@ "BotTags": "A list of tags to add to the bot. You can only add tags when you import a bot. You can't use the `UpdateBot` operation to update tags. To update tags, use the `TagResource` operation.", "DataPrivacy": "By default, data stored by Amazon Lex is encrypted. The `DataPrivacy` structure provides settings that determine how Amazon Lex handles special cases of securing the data for your bot.", "Description": "The description of the version.", + "ErrorLogSettings": "", "IdleSessionTTLInSeconds": "The time, in seconds, that Amazon Lex should keep information about a user's conversation with the bot.\n\nA user interaction remains active for the amount of time specified. If no conversation occurs during this time, the session expires and Amazon Lex deletes any data provided before the timeout.\n\nYou can specify between 60 (1 minute) and 86,400 (24 hours) seconds.", "Name": "The name of the bot locale.", "Replication": "", @@ -27828,6 +28496,9 @@ "EnableCodeHookInvocation": "Indicates whether a Lambda function should be invoked for the dialog.", "InvocationLabel": "A label that indicates the dialog step from which the dialog code hook is happening." }, + "AWS::Lex::Bot ErrorLogSettings": { + "Enabled": "" + }, "AWS::Lex::Bot ExactResponseFields": { "AnswerField": "The name of the field that contains the answer to the query made to the OpenSearch Service database.", "QuestionField": "The name of the field that contains the query made to the OpenSearch Service database." @@ -28471,6 +29142,19 @@ "Key": "The key of the tag.\n\nConstraints: Tag keys accept a maximum of 128 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @", "Value": "The value of the tag.\n\nConstraints: Tag values accept a maximum of 256 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @" }, + "AWS::Lightsail::DiskSnapshot": { + "DiskName": "The unique name of the disk.", + "DiskSnapshotName": "The name of the disk snapshot ( `my-disk-snapshot` ).", + "Tags": "The tag keys and optional values for the resource. For more information about tags in Lightsail, see the [Amazon Lightsail Developer Guide](https://docs.aws.amazon.com/lightsail/latest/userguide/amazon-lightsail-tags) ." + }, + "AWS::Lightsail::DiskSnapshot Location": { + "AvailabilityZone": "", + "RegionName": "" + }, + "AWS::Lightsail::DiskSnapshot Tag": { + "Key": "The key of the tag.\n\nConstraints: Tag keys accept a maximum of 128 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @", + "Value": "The value of the tag.\n\nConstraints: Tag values accept a maximum of 256 letters, numbers, spaces in UTF-8, or the following characters: + - = . _ : / @" + }, "AWS::Lightsail::Distribution": { "BundleId": "The ID of the bundle applied to the distribution.", "CacheBehaviorSettings": "An object that describes the cache behavior settings of the distribution.", @@ -28758,6 +29442,7 @@ }, "AWS::Logs::DeliveryDestination": { "DeliveryDestinationPolicy": "An IAM policy that grants permissions to CloudWatch Logs to deliver logs cross-account to a specified destination in this account. For examples of this policy, see [Examples](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutDeliveryDestinationPolicy.html#API_PutDeliveryDestinationPolicy_Examples) in the CloudWatch Logs API Reference.", + "DeliveryDestinationType": "Displays whether this delivery destination is CloudWatch Logs, Amazon S3, Firehose, or X-Ray.", "DestinationResourceArn": "The ARN of the AWS destination that this delivery destination represents. That AWS destination can be a log group in CloudWatch Logs , an Amazon S3 bucket, or a Firehose stream.", "Name": "The name of this delivery destination.", "OutputFormat": "The format of the logs that are sent to this delivery destination.", @@ -28836,6 +29521,8 @@ }, "AWS::Logs::MetricFilter": { "ApplyOnTransformedLogs": "This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html) .\n\nIf this value is `true` , the metric filter is applied on the transformed version of the log events instead of the original ingested log events.", + "EmitSystemFieldDimensions": "The list of system fields that are emitted as additional dimensions in the generated metrics. Returns the `emitSystemFieldDimensions` value if it was specified when the metric filter was created.", + "FieldSelectionCriteria": "The filter expression that specifies which log events are processed by this metric filter based on system fields. Returns the `fieldSelectionCriteria` value if it was specified when the metric filter was created.", "FilterName": "The name of the metric filter.", "FilterPattern": "A filter pattern for extracting metric data out of ingested log events. For more information, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", "LogGroupName": "The name of an existing log group that you want to associate with this metric filter.", @@ -28867,6 +29554,8 @@ "ApplyOnTransformedLogs": "This parameter is valid only for log groups that have an active log transformer. For more information about log transformers, see [PutTransformer](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutTransformer.html) .\n\nIf this value is `true` , the subscription filter is applied on the transformed version of the log events instead of the original ingested log events.", "DestinationArn": "The Amazon Resource Name (ARN) of the destination.", "Distribution": "The method used to distribute log data to the destination, which can be either random or grouped by log stream.", + "EmitSystemFields": "The list of system fields that are included in the log events sent to the subscription destination. Returns the `emitSystemFields` value if it was specified when the subscription filter was created.", + "FieldSelectionCriteria": "The filter expression that specifies which log events are processed by this subscription filter based on system fields. Returns the `fieldSelectionCriteria` value if it was specified when the subscription filter was created.", "FilterName": "The name of the subscription filter.", "FilterPattern": "The filtering expressions that restrict what gets delivered to the destination AWS resource. For more information about the filter pattern syntax, see [Filter and Pattern Syntax](https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html) .", "LogGroupName": "The log group to associate with the subscription filter. All log events that are uploaded to this log group are filtered and delivered to the specified AWS resource if the filter pattern matches the log events.", @@ -29197,7 +29886,7 @@ "Description": "The description of the runtime environment.", "EngineType": "The target platform for the runtime environment.", "EngineVersion": "The version of the runtime engine.", - "HighAvailabilityConfig": "Defines the details of a high availability configuration.", + "HighAvailabilityConfig": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the details of a high availability configuration.", "InstanceType": "The instance type of the runtime environment.", "KmsKeyId": "The identifier of a customer managed key.", "Name": "The name of the runtime environment.", @@ -29205,7 +29894,7 @@ "PreferredMaintenanceWindow": "Configures the maintenance window that you want for the runtime environment. The maintenance window must have the format `ddd:hh24:mi-ddd:hh24:mi` and must be less than 24 hours. The following two examples are valid maintenance windows: `sun:23:45-mon:00:15` or `sat:01:00-sat:03:00` .\n\nIf you do not provide a value, a random system-generated value will be assigned.", "PubliclyAccessible": "Specifies whether the runtime environment is publicly accessible.", "SecurityGroupIds": "The list of security groups for the VPC associated with this runtime environment.", - "StorageConfigurations": "Defines the storage configuration for a runtime environment.", + "StorageConfigurations": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the storage configuration for a runtime environment.", "SubnetIds": "The list of subnets associated with the VPC for this runtime environment.", "Tags": "An array of key-value pairs to apply to this resource.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." }, @@ -29406,7 +30095,7 @@ }, "AWS::MSK::ClusterPolicy": { "ClusterArn": "The Amazon Resource Name (ARN) that uniquely identifies the cluster.", - "Policy": "Resource policy for the cluster." + "Policy": "Resource policy for the cluster. The maximum size supported for a resource-based policy document is 20 KB." }, "AWS::MSK::Configuration": { "Description": "The description of the configuration.", @@ -29500,7 +30189,7 @@ }, "AWS::MWAA::Environment": { "AirflowConfigurationOptions": "A list of key-value pairs containing the Airflow configuration options for your environment. For example, `core.default_timezone: utc` . To learn more, see [Apache Airflow configuration options](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-env-variables.html) .", - "AirflowVersion": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `1.10.12` | `2.0.2` | `2.2.2` | `2.4.3` | `2.5.1` | `2.6.3` | `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` (latest)", + "AirflowVersion": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` | `2.10.3` | `3.0.6` (latest)", "DagS3Path": "The relative path to the DAGs folder on your Amazon S3 bucket. For example, `dags` . To learn more, see [Adding or updating DAGs](https://docs.aws.amazon.com/mwaa/latest/userguide/configuring-dag-folder.html) .", "EndpointManagement": "Defines whether the VPC endpoints configured for the environment are created, and managed, by the customer or by Amazon MWAA. If set to `SERVICE` , Amazon MWAA will create and manage the required VPC endpoints in your VPC. If set to `CUSTOMER` , you must create, and manage, the VPC endpoints in your VPC.", "EnvironmentClass": "The environment class type. Valid values: `mw1.micro` , `mw1.small` , `mw1.medium` , `mw1.large` , `mw1.1large` , and `mw1.2large` . To learn more, see [Amazon MWAA environment class](https://docs.aws.amazon.com/mwaa/latest/userguide/environment-class.html) .", @@ -29536,7 +30225,7 @@ "AWS::MWAA::Environment ModuleLoggingConfiguration": { "CloudWatchLogGroupArn": "The ARN of the CloudWatch Logs log group for each type of Apache Airflow log type that you have enabled.\n\n> `CloudWatchLogGroupArn` is available only as a return value, accessible when specified as an attribute in the [`Fn:GetAtt`](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-mwaa-environment.html#aws-resource-mwaa-environment-return-values) intrinsic function. Any value you provide for `CloudWatchLogGroupArn` is discarded by Amazon MWAA.", "Enabled": "Indicates whether to enable the Apache Airflow log type (e.g. `DagProcessingLogs` ) in CloudWatch Logs.", - "LogLevel": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs. Valid values: `CRITICAL` , `ERROR` , `WARNING` , `INFO` ." + "LogLevel": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs." }, "AWS::MWAA::Environment NetworkConfiguration": { "SecurityGroupIds": "A list of one or more security group IDs. Accepts up to 5 security group IDs. A security group must be attached to the same VPC as the subnets. To learn more, see [Security in your VPC on Amazon MWAA](https://docs.aws.amazon.com/mwaa/latest/userguide/vpc-security.html) .", @@ -30090,6 +30779,9 @@ "LfeFilter": "When set to enabled, applies a 120Hz lowpass filter to the LFE channel prior to encoding. This is valid only in codingMode32Lfe mode.", "MetadataControl": "When set to followInput, encoder metadata is sourced from the DD, DD+, or DolbyE decoder that supplies this audio data. If the audio is supplied from one of these streams, the static metadata settings are used." }, + "AWS::MediaLive::Channel AdditionalDestinations": { + "Destination": "" + }, "AWS::MediaLive::Channel AncillarySourceSettings": { "SourceAncillaryChannelNumber": "Specifies the number (1 to 4) of the captions channel you want to extract from the ancillary captions. If you plan to convert the ancillary captions to another format, complete this field. If you plan to choose Embedded as the captions destination in the output (to pass through all the channels in the ancillary captions), leave this field blank because MediaLive ignores the field." }, @@ -30219,6 +30911,7 @@ "Level": "", "LookAheadRateControl": "", "MaxBitrate": "", + "MinBitrate": "", "MinIInterval": "", "ParDenominator": "", "ParNumerator": "", @@ -30266,6 +30959,7 @@ "ShadowOpacity": "Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Keeping this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match.", "ShadowXOffset": "Specifies the horizontal offset of the shadow that is relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match.", "ShadowYOffset": "Specifies the vertical offset of the shadow that is relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match.", + "SubtitleRows": "", "TeletextGridControl": "Controls whether a fixed grid size is used to generate the output subtitles bitmap. This applies only to Teletext inputs and DVB-Sub/Burn-in outputs.", "XPosition": "Specifies the horizontal position of the captions relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal captions position is determined by the alignment parameter. All burn-in and DVB-Sub font settings must match.", "YPosition": "Specifies the vertical position of the captions relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the captions are positioned towards the bottom of the output. All burn-in and DVB-Sub font settings must match." @@ -30331,6 +31025,7 @@ "LanguageCode": "" }, "AWS::MediaLive::Channel CmafIngestGroupSettings": { + "AdditionalDestinations": "", "CaptionLanguageMappings": "", "Destination": "", "Id3Behavior": "", @@ -30385,6 +31080,7 @@ "ShadowOpacity": "Specifies the opacity of the shadow. 255 is opaque; 0 is transparent. Keeping this parameter blank is equivalent to setting it to 0 (transparent). All burn-in and DVB-Sub font settings must match.", "ShadowXOffset": "Specifies the horizontal offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels to the left. All burn-in and DVB-Sub font settings must match.", "ShadowYOffset": "Specifies the vertical offset of the shadow relative to the captions in pixels. A value of -2 would result in a shadow offset 2 pixels above the text. All burn-in and DVB-Sub font settings must match.", + "SubtitleRows": "", "TeletextGridControl": "Controls whether a fixed grid size is used to generate the output subtitles bitmap. This applies to only Teletext inputs and DVB-Sub/Burn-in outputs.", "XPosition": "Specifies the horizontal position of the captions relative to the left side of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the left of the output. If no explicit xPosition is provided, the horizontal captions position is determined by the alignment parameter. This option is not valid for source captions that are STL, 608/embedded, or Teletext. These source settings are already pre-defined by the captions stream. All burn-in and DVB-Sub font settings must match.", "YPosition": "Specifies the vertical position of the captions relative to the top of the output in pixels. A value of 10 would result in the captions starting 10 pixels from the top of the output. If no explicit yPosition is provided, the captions are positioned towards the bottom of the output. This option is not valid for source captions that are STL, 608/embedded, or Teletext. These source settings are already pre-defined by the captions stream. All burn-in and DVB-Sub font settings must match." @@ -30551,6 +31247,7 @@ "Level": "The H.264 level.", "LookAheadRateControl": "The amount of lookahead. A value of low can decrease latency and memory usage, while high can produce better quality for certain content.", "MaxBitrate": "For QVBR: See the tooltip for Quality level. For VBR: Set the maximum bitrate in order to accommodate expected spikes in the complexity of the video.", + "MinBitrate": "", "MinIInterval": "Meaningful only if sceneChangeDetect is set to enabled. This setting enforces separation between repeated (cadence) I-frames and I-frames inserted by Scene Change Detection. If a scene change I-frame is within I-interval frames of a cadence I-frame, the GOP is shrunk or stretched to the scene change I-frame. GOP stretch requires enabling lookahead as well as setting the I-interval. The normal cadence resumes for the next GOP. Note that the maximum GOP stretch = GOP size + Min-I-interval - 1.", "MinQp": "", "NumRefFrames": "The number of reference frames to use. The encoder might use more than requested if you use B-frames or interlaced encoding.", @@ -30597,12 +31294,15 @@ "FlickerAq": "If set to enabled, adjust quantization within each frame to reduce flicker or 'pop' on I-frames.", "FramerateDenominator": "Framerate denominator.", "FramerateNumerator": "Framerate numerator - framerate is a fraction, e.g. 24000 / 1001 = 23.976 fps.", + "GopBReference": "", "GopClosedCadence": "Frequency of closed GOPs. In streaming applications, it is recommended that this be set to 1 so a decoder joining mid-stream will receive an IDR frame as quickly as possible. Setting this value to 0 will break output segmenting.", + "GopNumBFrames": "", "GopSize": "GOP size (keyframe interval) in units of either frames or seconds per gopSizeUnits.\nIf gopSizeUnits is frames, gopSize must be an integer and must be greater than or equal to 1.\nIf gopSizeUnits is seconds, gopSize must be greater than 0, but need not be an integer.", "GopSizeUnits": "Indicates if the gopSize is specified in frames or seconds. If seconds the system will convert the gopSize into a frame count at run time.", "Level": "H.265 Level.", "LookAheadRateControl": "Amount of lookahead. A value of low can decrease latency and memory usage, while high can produce better quality for certain content.", "MaxBitrate": "For QVBR: See the tooltip for Quality level", + "MinBitrate": "", "MinIInterval": "Only meaningful if sceneChangeDetect is set to enabled. Defaults to 5 if multiplex rate control is used. Enforces separation between repeated (cadence) I-frames and I-frames inserted by Scene Change Detection. If a scene change I-frame is within I-interval frames of a cadence I-frame, the GOP is shrunk and/or stretched to the scene change I-frame. GOP stretch requires enabling lookahead as well as setting I-interval. The normal cadence resumes for the next GOP. Note: Maximum GOP stretch = GOP size + Min-I-interval - 1", "MinQp": "", "MvOverPictureBoundaries": "", @@ -30615,6 +31315,7 @@ "ScanType": "Sets the scan type of the output to progressive or top-field-first interlaced.", "SceneChangeDetect": "Scene change detection.", "Slices": "Number of slices per picture. Must be less than or equal to the number of macroblock rows for progressive pictures, and less than or equal to half the number of macroblock rows for interlaced pictures.\nThis field is optional; when no value is specified the encoder will choose the number of slices based on encode resolution.", + "SubgopLength": "", "Tier": "H.265 Tier.", "TileHeight": "", "TilePadding": "", @@ -30871,7 +31572,16 @@ "HlsDefault": "" }, "AWS::MediaLive::Channel MediaPackageV2GroupSettings": { - "CaptionLanguageMappings": "" + "CaptionLanguageMappings": "", + "Id3Behavior": "", + "KlvBehavior": "", + "NielsenId3Behavior": "", + "Scte35Type": "", + "SegmentLength": "", + "SegmentLengthUnits": "", + "TimedMetadataId3Frame": "", + "TimedMetadataId3Period": "", + "TimedMetadataPassthrough": "" }, "AWS::MediaLive::Channel MotionGraphicsConfiguration": { "MotionGraphicsInsertion": "Enables or disables the motion graphics overlay feature in the channel.", @@ -31610,7 +32320,7 @@ "StreamSelection": "Limitations for outputs from the endpoint, based on the video bitrate." }, "AWS::MediaPackage::OriginEndpoint SpekeKeyProvider": { - "CertificateArn": "The Amazon Resource Name (ARN) for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", + "CertificateArn": "The Amazon Resource Name (ARN) for the certificate that you imported to Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", "EncryptionContractConfiguration": "Use `encryptionContractConfiguration` to configure one or more content encryption keys for your endpoints that use SPEKE Version 2.0. The encryption contract defines which content keys are used to encrypt the audio and video tracks in your stream. To configure the encryption contract, specify which audio and video encryption presets to use.", "ResourceId": "Unique identifier for this endpoint, as it is configured in the key provider service.", "RoleArn": "The ARN for the IAM role that's granted by the key provider to provide access to the key provider API. This role must have a trust policy that allows AWS Elemental MediaPackage to assume the role, and it must have a sufficient permissions policy to allow access to the specific key retrieval URL. Valid format: arn:aws:iam::{accountID}:role/{name}", @@ -31779,6 +32489,7 @@ "ForceEndpointErrorConfiguration": "The failover settings for the endpoint.", "HlsManifests": "The HLS manifests associated with the origin endpoint configuration.", "LowLatencyHlsManifests": "The low-latency HLS (LL-HLS) manifests associated with the origin endpoint.", + "MssManifests": "A list of Microsoft Smooth Streaming (MSS) manifest configurations associated with the origin endpoint. Each configuration represents a different MSS streaming option available from this endpoint.", "OriginEndpointName": "The name of the origin endpoint associated with the origin endpoint configuration.", "Segment": "The segment associated with the origin endpoint.", "StartoverWindowSeconds": "The size of the window (in seconds) to specify a window of the live stream that's available for on-demand viewing. Viewers can start-over or catch-up on content that falls within the window.", @@ -31852,6 +32563,7 @@ }, "AWS::MediaPackageV2::OriginEndpoint EncryptionMethod": { "CmafEncryptionMethod": "The encryption method to use.", + "IsmEncryptionMethod": "The encryption method used for Microsoft Smooth Streaming (MSS) content. This specifies how the MSS segments are encrypted to protect the content during delivery to client players.", "TsEncryptionMethod": "The encryption method to use." }, "AWS::MediaPackageV2::OriginEndpoint FilterConfiguration": { @@ -31886,6 +32598,12 @@ "Url": "The URL of the low-latency HLS (LL-HLS) manifest configuration of the origin endpoint.", "UrlEncodeChildManifest": "When enabled, MediaPackage URL-encodes the query string for API requests for LL-HLS child manifests to comply with AWS Signature Version 4 (SigV4) signature signing protocol. For more information, see [AWS Signature Version 4 for API requests](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html) in *AWS Identity and Access Management User Guide* ." }, + "AWS::MediaPackageV2::OriginEndpoint MssManifestConfiguration": { + "FilterConfiguration": "", + "ManifestLayout": "", + "ManifestName": "", + "ManifestWindowSeconds": "" + }, "AWS::MediaPackageV2::OriginEndpoint Scte": { "ScteFilter": "The filter associated with the SCTE-35 configuration." }, @@ -32295,6 +33013,7 @@ "DBParameterGroupName": "The name of an existing DB parameter group or a reference to an AWS::Neptune::DBParameterGroup resource created in the template. If any of the data members of the referenced parameter group are changed during an update, the DB instance might need to be restarted, which causes some interruption. If the parameter group contains static parameters, whether they were changed or not, an update triggers a reboot.", "DBSubnetGroupName": "A DB subnet group to associate with the DB instance. If you update this value, the new subnet group must be a subnet group in a new virtual private cloud (VPC).", "PreferredMaintenanceWindow": "Specifies the weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).", + "PubliclyAccessible": "Indicates whether the DB instance is publicly accessible.\n\nWhen the DB instance is publicly accessible and you connect from outside of the DB instance's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB instance, the endpoint resolves to the private IP address. Access to the DB instance is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.\n\nWhen the DB instance isn't publicly accessible, it is an internal DB instance with a DNS name that resolves to a private IP address.", "Tags": "An arbitrary set of tags (key-value pairs) for this DB instance." }, "AWS::Neptune::DBInstance Tag": { @@ -32327,7 +33046,13 @@ "EventCategories": "", "SnsTopicArn": "The topic ARN of the event notification subscription.", "SourceIds": "", - "SourceType": "The source type for the event notification subscription." + "SourceType": "The source type for the event notification subscription.", + "SubscriptionName": "", + "Tags": "" + }, + "AWS::Neptune::EventSubscription Tag": { + "Key": "A key is the required name of the tag. The string value can be from 1 to 128 Unicode characters in length and can't be prefixed with `aws:` or `rds:` . The string can only contain the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\").", + "Value": "A value is the optional value of the tag. The string value can be from 1 to 256 Unicode characters in length and can't be prefixed with `aws:` or `rds:` . The string can only contain the set of Unicode letters, digits, white-space, '_', '.', '/', '=', '+', '-' (Java regex: \"^([\\\\p{L}\\\\p{Z}\\\\p{N}_.:/=+\\\\-]*)$\")." }, "AWS::NeptuneGraph::Graph": { "DeletionProtection": "A value that indicates whether the graph has deletion protection enabled. The graph can't be deleted when deletion protection is enabled.", @@ -32534,7 +33259,7 @@ "StatelessRulesAndCustomActions": "Stateless inspection criteria to be used in a stateless rule group." }, "AWS::NetworkFirewall::RuleGroup RulesSourceList": { - "GeneratedRulesType": "Whether you want to allow or deny access to the domains in your target list.", + "GeneratedRulesType": "Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.\n\n> When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.", "TargetTypes": "The types of targets to inspect for. Valid values are `TLS_SNI` and `HTTP_HOST` .", "Targets": "The domains that you want to inspect for in your traffic flows. Valid domain specifications are the following:\n\n- Explicit names. For example, `abc.example.com` matches only the domain `abc.example.com` .\n- Names that use a domain wildcard, which you indicate with an initial ' `.` '. For example, `.example.com` matches `example.com` and matches all subdomains of `example.com` , such as `abc.example.com` and `www.example.com` ." }, @@ -32567,7 +33292,7 @@ }, "AWS::NetworkFirewall::TLSInspectionConfiguration": { "Description": "A description of the TLS inspection configuration.", - "TLSInspectionConfiguration": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", + "TLSInspectionConfiguration": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", "TLSInspectionConfigurationName": "The descriptive name of the TLS inspection configuration. You can't change the name of a TLS inspection configuration after you create it.", "Tags": "The key:value pairs to associate with the resource." }, @@ -32583,10 +33308,10 @@ "ToPort": "The upper limit of the port range. This must be greater than or equal to the `FromPort` specification." }, "AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificate": { - "ResourceArn": "The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection." + "ResourceArn": "The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection." }, "AWS::NetworkFirewall::TLSInspectionConfiguration ServerCertificateConfiguration": { - "CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .", + "CertificateAuthorityArn": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .", "CheckCertificateRevocationStatus": "When enabled, Network Firewall checks if the server certificate presented by the server in the SSL/TLS connection has a revoked or unkown status. If the certificate has an unknown or revoked status, you must specify the actions that Network Firewall takes on outbound traffic. To check the certificate revocation status, you must also specify a `CertificateAuthorityArn` in [ServerCertificateConfiguration](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/aws-resource-networkfirewall-servercertificateconfiguration.html) .", "Scopes": "A list of scopes.", "ServerCertificates": "The list of server certificates to use for inbound SSL/TLS inspection." @@ -32931,6 +33656,10 @@ "NotificationHubStatus": "Indicates the current status of the `NotificationHub` .", "NotificationHubStatusReason": "An explanation for the current status." }, + "AWS::Notifications::OrganizationalUnitAssociation": { + "NotificationConfigurationArn": "", + "OrganizationalUnitId": "" + }, "AWS::NotificationsContacts::EmailContact": { "EmailAddress": "The email address of the contact. The activation and notification emails are sent here.", "Name": "The name of the contact.", @@ -32985,6 +33714,7 @@ "CustomerContactsToSendToOCI": "The email addresses of contacts to receive notification from Oracle about maintenance updates for the Exadata infrastructure.", "DatabaseServerType": "The database server model type of the Exadata infrastructure. For the list of valid model names, use the `ListDbSystemShapes` operation.", "DisplayName": "The user-friendly name for the Exadata infrastructure.\n\nRequired when creating an Exadata infrastructure.", + "MaintenanceWindow": "The scheduling details for the maintenance window. Patching and system updates take place during the maintenance window.", "Shape": "The model name of the Exadata infrastructure.\n\nRequired when creating an Exadata infrastructure.", "StorageCount": "The number of storage servers that are activated for the Exadata infrastructure.\n\nRequired when creating an Exadata infrastructure.", "StorageServerType": "The storage server model type of the Exadata infrastructure. For the list of valid model names, use the `ListDbSystemShapes` operation.", @@ -32993,6 +33723,17 @@ "AWS::ODB::CloudExadataInfrastructure CustomerContact": { "Email": "The email address of the contact." }, + "AWS::ODB::CloudExadataInfrastructure MaintenanceWindow": { + "CustomActionTimeoutInMins": "The custom action timeout in minutes for the maintenance window.", + "DaysOfWeek": "The days of the week when maintenance can be performed.", + "HoursOfDay": "The hours of the day when maintenance can be performed.", + "IsCustomActionTimeoutEnabled": "Indicates whether custom action timeout is enabled for the maintenance window.", + "LeadTimeInWeeks": "The lead time in weeks before the maintenance window.", + "Months": "The months when maintenance can be performed.", + "PatchingMode": "The patching mode for the maintenance window.", + "Preference": "The preference for the maintenance window scheduling.", + "WeeksOfMonth": "The weeks of the month when maintenance can be performed." + }, "AWS::ODB::CloudExadataInfrastructure Tag": { "Key": "The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with `aws:` . You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `:` , `/` , `=` , `+` , `@` , `-` , and `\"` .", "Value": "The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `/` , `=` , `+` , and `-` ." @@ -33004,6 +33745,7 @@ "DataCollectionOptions": "The set of diagnostic collection options enabled for the VM cluster.", "DataStorageSizeInTBs": "The size of the data disk group, in terabytes (TB), that's allocated for the VM cluster.", "DbNodeStorageSizeInGBs": "The amount of local node storage, in gigabytes (GB), that's allocated for the VM cluster.", + "DbNodes": "", "DbServers": "The list of database servers for the VM cluster.", "DisplayName": "The user-friendly name for the VM cluster.\n\nRequired when creating a VM cluster.", "GiVersion": "The software version of the Oracle Grid Infrastructure (GI) for the VM cluster.\n\nRequired when creating a VM cluster.", @@ -33024,6 +33766,24 @@ "IsHealthMonitoringEnabled": "Specifies whether health monitoring is enabled for the VM cluster.", "IsIncidentLogsEnabled": "Specifies whether incident logs are enabled for the VM cluster." }, + "AWS::ODB::CloudVmCluster DbNode": { + "BackupIpId": "The Oracle Cloud ID (OCID) of the backup IP address that's associated with the DB node.", + "BackupVnic2Id": "The OCID of the second backup VNIC.", + "CpuCoreCount": "Number of CPU cores enabled on the DB node.", + "DbNodeArn": "The Amazon Resource Name (ARN) of the DB node.", + "DbNodeId": "The unique identifier of the DB node.", + "DbNodeStorageSizeInGBs": "The amount of local node storage, in gigabytes (GBs), that's allocated on the DB node.", + "DbServerId": "The unique identifier of the Db server that is associated with the DB node.", + "DbSystemId": "The OCID of the DB system.", + "HostIpId": "The OCID of the host IP address that's associated with the DB node.", + "Hostname": "The host name for the DB node.", + "MemorySizeInGBs": "The allocated memory in GBs on the DB node.", + "Ocid": "The OCID of the DB node.", + "Status": "The current status of the DB node.", + "Tags": "", + "Vnic2Id": "The OCID of the second VNIC.", + "VnicId": "The OCID of the VNIC." + }, "AWS::ODB::CloudVmCluster Tag": { "Key": "The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with `aws:` . You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `:` , `/` , `=` , `+` , `@` , `-` , and `\"` .", "Value": "The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `/` , `=` , `+` , and `-` ." @@ -33033,15 +33793,56 @@ "AvailabilityZoneId": "The AZ ID of the AZ where the ODB network is located.\n\nRequired when creating an ODB network. Specify either AvailabilityZone or AvailabilityZoneId to define the location of the network.", "BackupSubnetCidr": "The CIDR range of the backup subnet in the ODB network.", "ClientSubnetCidr": "The CIDR range of the client subnet in the ODB network.\n\nRequired when creating an ODB network.", + "CustomDomainName": "The domain name for the resources in the ODB network.", "DefaultDnsPrefix": "The DNS prefix to the default DNS domain name. The default DNS domain name is oraclevcn.com.", "DeleteAssociatedResources": "Specifies whether to delete associated OCI networking resources along with the ODB network.\n\nRequired when creating an ODB network.", "DisplayName": "The user-friendly name of the ODB network.\n\nRequired when creating an ODB network.", - "Tags": "Tags to assign to the Odb Network." + "S3Access": "The configuration for Amazon S3 access from the ODB network.", + "S3PolicyDocument": "", + "Tags": "Tags to assign to the Odb Network.", + "ZeroEtlAccess": "The configuration for Zero-ETL access from the ODB network." + }, + "AWS::ODB::OdbNetwork ManagedS3BackupAccess": { + "Ipv4Addresses": "The IPv4 addresses for the managed Amazon S3 backup access.", + "Status": "The status of the managed Amazon S3 backup access." + }, + "AWS::ODB::OdbNetwork ManagedServices": { + "ManagedS3BackupAccess": "The managed Amazon S3 backup access configuration.", + "ManagedServicesIpv4Cidrs": "The IPv4 CIDR blocks for the managed services.", + "ResourceGatewayArn": "The Amazon Resource Name (ARN) of the resource gateway.", + "S3Access": "The Amazon S3 access configuration.", + "ServiceNetworkArn": "The Amazon Resource Name (ARN) of the service network.", + "ServiceNetworkEndpoint": "The service network endpoint configuration.", + "ZeroEtlAccess": "The Zero-ETL access configuration." + }, + "AWS::ODB::OdbNetwork S3Access": { + "DomainName": "The domain name for the Amazon S3 access.", + "Ipv4Addresses": "The IPv4 addresses for the Amazon S3 access.", + "S3PolicyDocument": "The endpoint policy for the Amazon S3 access.", + "Status": "The status of the Amazon S3 access." + }, + "AWS::ODB::OdbNetwork ServiceNetworkEndpoint": { + "VpcEndpointId": "The identifier of the VPC endpoint.", + "VpcEndpointType": "The type of the VPC endpoint." }, "AWS::ODB::OdbNetwork Tag": { "Key": "The key name of the tag. You can specify a value that's 1 to 128 Unicode characters in length and can't be prefixed with `aws:` . You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `:` , `/` , `=` , `+` , `@` , `-` , and `\"` .", "Value": "The value for the tag. You can specify a value that's 1 to 256 characters in length. You can use any of the following characters: the set of Unicode letters, digits, whitespace, `_` , `.` , `/` , `=` , `+` , and `-` ." }, + "AWS::ODB::OdbNetwork ZeroEtlAccess": { + "Cidr": "The CIDR block for the Zero-ETL access.", + "Status": "The status of the Zero-ETL access." + }, + "AWS::ODB::OdbPeeringConnection": { + "DisplayName": "The display name of the ODB peering connection.", + "OdbNetworkId": "", + "PeerNetworkId": "", + "Tags": "" + }, + "AWS::ODB::OdbPeeringConnection Tag": { + "Key": "", + "Value": "" + }, "AWS::OSIS::Pipeline": { "BufferOptions": "Options that specify the configuration of a persistent buffer. To configure how OpenSearch Ingestion encrypts this data, set the `EncryptionAtRestOptions` . For more information, see [Persistent buffering](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/osis-features-overview.html#persistent-buffering) .", "EncryptionAtRestOptions": "Options to control how OpenSearch encrypts buffer data.", @@ -33050,6 +33851,8 @@ "MinUnits": "The minimum pipeline capacity, in Ingestion Compute Units (ICUs).", "PipelineConfigurationBody": "The Data Prepper pipeline configuration in YAML format.", "PipelineName": "The name of the pipeline.", + "PipelineRoleArn": "The Amazon Resource Name (ARN) of the IAM role that the pipeline uses to access AWS resources.", + "ResourcePolicy": "", "Tags": "List of tags to add to the pipeline upon creation.", "VpcOptions": "Options that specify the subnets and security groups for an OpenSearch Ingestion VPC endpoint." }, @@ -33066,6 +33869,9 @@ "CloudWatchLogDestination": "The destination for OpenSearch Ingestion logs sent to Amazon CloudWatch Logs. This parameter is required if `IsLoggingEnabled` is set to `true` .", "IsLoggingEnabled": "Whether logs should be published." }, + "AWS::OSIS::Pipeline ResourcePolicy": { + "Policy": "" + }, "AWS::OSIS::Pipeline Tag": { "Key": "The tag key. Tag keys must be unique for the pipeline to which they are attached.", "Value": "The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of `project : Trinity` and `cost-center : Trinity`" @@ -33104,6 +33910,99 @@ "Policy": "The IAM policy that grants permissions to source accounts to link to this sink. The policy can grant permission in the following ways:\n\n- Include organization IDs or organization paths to permit all accounts in an organization\n- Include account IDs to permit the specified accounts", "Tags": "An array of key-value pairs to apply to the sink.\n\nFor more information, see [Tag](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html) ." }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule": { + "Rule": "", + "RuleName": "The name of the organization centralization rule.", + "Tags": "A key-value pair to filter resources based on tags associated with the resource. For more information about tags, see [What are tags?](https://docs.aws.amazon.com/whitepapers/latest/tagging-best-practices/what-are-tags.html)" + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRule": { + "Destination": "Configuration determining where the telemetry data should be centralized, backed up, as well as encryption configuration for the primary and backup destinations.", + "Source": "Configuration determining the source of the telemetry data to be centralized." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRuleDestination": { + "Account": "The destination account (within the organization) to which the telemetry data should be centralized.", + "DestinationLogsConfiguration": "Log specific configuration for centralization destination log groups.", + "Region": "The primary destination region to which telemetry data should be centralized." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule CentralizationRuleSource": { + "Regions": "The list of source regions from which telemetry data should be centralized.", + "Scope": "The organizational scope from which telemetry data should be centralized, specified using organization id, accounts or organizational unit ids.", + "SourceLogsConfiguration": "Log specific configuration for centralization source log groups." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule DestinationLogsConfiguration": { + "BackupConfiguration": "Configuration defining the backup region and an optional KMS key for the backup destination.", + "LogsEncryptionConfiguration": "The encryption configuration for centralization destination log groups." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule LogsBackupConfiguration": { + "KmsKeyArn": "KMS Key ARN belonging to the primary destination account and backup region, to encrypt newly created central log groups in the backup destination.", + "Region": "Logs specific backup destination region within the primary destination account to which log data should be centralized." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule LogsEncryptionConfiguration": { + "EncryptionConflictResolutionStrategy": "Conflict resolution strategy for centralization if the encryption strategy is set to CUSTOMER_MANAGED and the destination log group is encrypted with an AWS_OWNED KMS Key. ALLOW lets centralization go through while SKIP prevents centralization into the destination log group.", + "EncryptionStrategy": "Configuration that determines the encryption strategy of the destination log groups. CUSTOMER_MANAGED uses the configured KmsKeyArn to encrypt newly created destination log groups.", + "KmsKeyArn": "KMS Key ARN belonging to the primary destination account and region, to encrypt newly created central log groups in the primary destination." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule SourceLogsConfiguration": { + "EncryptedLogGroupStrategy": "A strategy determining whether to centralize source log groups that are encrypted with customer managed KMS keys (CMK). ALLOW will consider CMK encrypted source log groups for centralization while SKIP will skip CMK encrypted source log groups from centralization.", + "LogGroupSelectionCriteria": "The selection criteria that specifies which source log groups to centralize. The selection criteria uses the same format as OAM link filters." + }, + "AWS::ObservabilityAdmin::OrganizationCentralizationRule Tag": { + "Key": "One part of a key-value pair that makes up a tag associated with the organization's centralization rule resource. A key is a general label that acts like a category for more specific tag values.", + "Value": "One part of a key-value pair that make up a tag associated with the organization's centralization rule resource. A value acts as a descriptor within a tag category (key). The value can be empty or null." + }, + "AWS::ObservabilityAdmin::OrganizationTelemetryRule": { + "Rule": "The name of the organization telemetry rule.", + "RuleName": "The name of the organization centralization rule.", + "Tags": "Lists all tags attached to the specified telemetry rule resource." + }, + "AWS::ObservabilityAdmin::OrganizationTelemetryRule Tag": { + "Key": "One part of a key-value pair that makes up a tag associated with the organization's telemetry rule resource. A key is a general label that acts like a category for more specific tag values.", + "Value": "One part of a key-value pair that make up a tag associated with the organization's telemetry rule resource. A value acts as a descriptor within a tag category (key). The value can be empty or null." + }, + "AWS::ObservabilityAdmin::OrganizationTelemetryRule TelemetryDestinationConfiguration": { + "DestinationPattern": "The pattern used to generate the destination path or name, supporting macros like and .", + "DestinationType": "The type of destination for the telemetry data (e.g., \"Amazon CloudWatch Logs\", \"S3\").", + "RetentionInDays": "The number of days to retain the telemetry data in the destination.", + "VPCFlowLogParameters": "Configuration parameters specific to VPC Flow Logs when VPC is the resource type." + }, + "AWS::ObservabilityAdmin::OrganizationTelemetryRule TelemetryRule": { + "DestinationConfiguration": "Configuration specifying where and how the telemetry data should be delivered.", + "ResourceType": "The type of AWS resource to configure telemetry for (e.g., \"AWS::EC2::VPC\").", + "Scope": "The organizational scope to which the rule applies, specified using accounts or organizational units.", + "SelectionCriteria": "Criteria for selecting which resources the rule applies to, such as resource tags.", + "TelemetryType": "The type of telemetry to collect (Logs, Metrics, or Traces)." + }, + "AWS::ObservabilityAdmin::OrganizationTelemetryRule VPCFlowLogParameters": { + "LogFormat": "The format in which VPC Flow Log entries should be logged.", + "MaxAggregationInterval": "The maximum interval in seconds between the capture of flow log records.", + "TrafficType": "The type of traffic to log (ACCEPT, REJECT, or ALL)." + }, + "AWS::ObservabilityAdmin::TelemetryRule": { + "Rule": "Retrieves the details of a specific telemetry rule in your account.", + "RuleName": "The name of the telemetry rule.", + "Tags": "Lists all tags attached to the specified telemetry rule resource." + }, + "AWS::ObservabilityAdmin::TelemetryRule Tag": { + "Key": "One part of a key-value pair that makes up a tag associated with the telemetry rule resource. A key is a general label that acts like a category for more specific tag values.", + "Value": "One part of a key-value pair that make up a tag associated with the telemetry rule resource. A value acts as a descriptor within a tag category (key). The value can be empty or null." + }, + "AWS::ObservabilityAdmin::TelemetryRule TelemetryDestinationConfiguration": { + "DestinationPattern": "The pattern used to generate the destination path or name, supporting macros like and .", + "DestinationType": "The type of destination for the telemetry data (e.g., \"Amazon CloudWatch Logs\", \"S3\").", + "RetentionInDays": "The number of days to retain the telemetry data in the destination.", + "VPCFlowLogParameters": "Configuration parameters specific to VPC Flow Logs when VPC is the resource type." + }, + "AWS::ObservabilityAdmin::TelemetryRule TelemetryRule": { + "DestinationConfiguration": "Configuration specifying where and how the telemetry data should be delivered.", + "ResourceType": "The type of AWS resource to configure telemetry for (e.g., \"AWS::EC2::VPC\").", + "SelectionCriteria": "Criteria for selecting which resources the rule applies to, such as resource tags.", + "TelemetryType": "The type of telemetry to collect (Logs, Metrics, or Traces)." + }, + "AWS::ObservabilityAdmin::TelemetryRule VPCFlowLogParameters": { + "LogFormat": "The format in which VPC Flow Log entries should be logged.", + "MaxAggregationInterval": "The maximum interval in seconds between the capture of flow log records.", + "TrafficType": "The type of traffic to log (ACCEPT, REJECT, or ALL)." + }, "AWS::Omics::AnnotationStore": { "Description": "A description for the store.", "Name": "The name of the Annotation Store.", @@ -33177,6 +34076,8 @@ }, "AWS::Omics::Workflow": { "Accelerators": "", + "ContainerRegistryMap": "Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see [Container images](https://docs.aws.amazon.com/omics/latest/dev/workflows-ecr.html) in the *AWS HealthOmics User Guide* .", + "ContainerRegistryMapUri": "", "DefinitionRepository": "Contains information about a source code repository that hosts the workflow definition files.", "DefinitionUri": "The URI of a definition for the workflow.", "Description": "The parameter's description.", @@ -33193,12 +34094,26 @@ "readmePath": "", "readmeUri": "" }, + "AWS::Omics::Workflow ContainerRegistryMap": { + "ImageMappings": "Image mappings specify path mappings between the ECR private repository and their corresponding external repositories.", + "RegistryMappings": "Mapping that provides the ECR repository path where upstream container images are pulled and synchronized." + }, "AWS::Omics::Workflow DefinitionRepository": { "connectionArn": "The Amazon Resource Name (ARN) of the connection to the source code repository.", "excludeFilePatterns": "A list of file patterns to exclude when retrieving the workflow definition from the repository.", "fullRepositoryId": "The full repository identifier, including the repository owner and name. For example, 'repository-owner/repository-name'.", "sourceReference": "The source reference for the repository, such as a branch name, tag, or commit ID." }, + "AWS::Omics::Workflow ImageMapping": { + "DestinationImage": "Specifies the URI of the corresponding image in the private ECR registry.", + "SourceImage": "Specifies the URI of the source image in the upstream registry." + }, + "AWS::Omics::Workflow RegistryMapping": { + "EcrAccountId": "Account ID of the account that owns the upstream container image.", + "EcrRepositoryPrefix": "The repository prefix to use in the ECR private repository.", + "UpstreamRegistryUrl": "The URI of the upstream registry.", + "UpstreamRepositoryPrefix": "The repository prefix of the corresponding repository in the upstream registry." + }, "AWS::Omics::Workflow SourceReference": { "type": "The type of source reference, such as branch, tag, or commit.", "value": "The value of the source reference, such as the branch name, tag name, or commit ID." @@ -33209,17 +34124,48 @@ }, "AWS::Omics::WorkflowVersion": { "Accelerators": "", + "ContainerRegistryMap": "Use a container registry map to specify mappings between the ECR private repository and one or more upstream registries. For more information, see [Container images](https://docs.aws.amazon.com/omics/latest/dev/workflows-ecr.html) in the *AWS HealthOmics User Guide* .", + "ContainerRegistryMapUri": "", + "DefinitionRepository": "Contains information about a source code repository that hosts the workflow definition files.", "DefinitionUri": "", "Description": "The description of the workflow version.", "Engine": "", "Main": "", "ParameterTemplate": "", + "ParameterTemplatePath": "", "StorageCapacity": "", "StorageType": "", "Tags": "", "VersionName": "The name of the workflow version.", "WorkflowBucketOwnerId": "", - "WorkflowId": "The workflow's ID." + "WorkflowId": "The workflow's ID.", + "readmeMarkdown": "", + "readmePath": "", + "readmeUri": "" + }, + "AWS::Omics::WorkflowVersion ContainerRegistryMap": { + "ImageMappings": "Image mappings specify path mappings between the ECR private repository and their corresponding external repositories.", + "RegistryMappings": "Mapping that provides the ECR repository path where upstream container images are pulled and synchronized." + }, + "AWS::Omics::WorkflowVersion DefinitionRepository": { + "connectionArn": "The Amazon Resource Name (ARN) of the connection to the source code repository.", + "excludeFilePatterns": "A list of file patterns to exclude when retrieving the workflow definition from the repository.", + "fullRepositoryId": "The full repository identifier, including the repository owner and name. For example, 'repository-owner/repository-name'.", + "sourceReference": "The source reference for the repository, such as a branch name, tag, or commit ID." + }, + "AWS::Omics::WorkflowVersion ImageMapping": { + "DestinationImage": "Specifies the URI of the corresponding image in the private ECR registry.", + "SourceImage": "Specifies the URI of the source image in the upstream registry." + }, + "AWS::Omics::WorkflowVersion RegistryMapping": { + "EcrAccountId": "Account ID of the account that owns the upstream container image.", + "EcrRepositoryPrefix": "The repository prefix to use in the ECR private repository.", + "UpstreamRegistryUrl": "The URI of the upstream registry.", + "UpstreamRepositoryPrefix": "The repository prefix of the corresponding repository in the upstream registry." + }, + "AWS::Omics::WorkflowVersion SourceReference": { + "type": "The type of source reference, such as branch, tag, or commit.", + "value": "The value of the source reference, such as the branch name, tag name, or commit ID." }, "AWS::Omics::WorkflowVersion WorkflowParameter": { "Description": "The parameter's description.", @@ -33285,11 +34231,16 @@ }, "AWS::OpenSearchServerless::SecurityConfig": { "Description": "The description of the security configuration.", + "IamFederationOptions": "Describes IAM federation options in the form of a key-value map. Contains configuration details about how OpenSearch Serverless integrates with external identity providers through federation.", "IamIdentityCenterOptions": "Describes IAM Identity Center options in the form of a key-value map.", "Name": "The name of the security configuration.", "SamlOptions": "SAML options for the security configuration in the form of a key-value map.", "Type": "The type of security configuration. Currently the only option is `saml` ." }, + "AWS::OpenSearchServerless::SecurityConfig IamFederationConfigOptions": { + "GroupAttribute": "The group attribute for this IAM federation integration. This attribute is used to map identity provider groups to OpenSearch Serverless permissions.", + "UserAttribute": "The user attribute for this IAM federation integration. This attribute is used to identify users in the federated authentication process." + }, "AWS::OpenSearchServerless::SecurityConfig IamIdentityCenterConfigOptions": { "ApplicationArn": "The ARN of the IAM Identity Center application used to integrate with OpenSearch Serverless.", "ApplicationDescription": "The description of the IAM Identity Center application used to integrate with OpenSearch Serverless.", @@ -33368,7 +34319,7 @@ "AnonymousAuthDisableDate": "Date and time when the migration period will be disabled. Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) .", "AnonymousAuthEnabled": "True to enable a 30-day migration period during which administrators can create role mappings. Only necessary when [enabling fine-grained access control on an existing domain](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html#fgac-enabling-existing) .", "Enabled": "True to enable fine-grained access control. You must also enable encryption of data at rest and node-to-node encryption. See [Fine-grained access control in Amazon OpenSearch Service](https://docs.aws.amazon.com/opensearch-service/latest/developerguide/fgac.html) .", - "IAMFederationOptions": "", + "IAMFederationOptions": "Input configuration for IAM identity federation within advanced security options.", "InternalUserDatabaseEnabled": "True to enable the internal user database.", "JWTOptions": "Container for information about the JWT configuration of the Amazon OpenSearch Service.", "MasterUserOptions": "Specifies information about the master user.", @@ -33400,7 +34351,7 @@ }, "AWS::OpenSearchService::Domain DomainEndpointOptions": { "CustomEndpoint": "The fully qualified URL for your custom endpoint. Required if you enabled a custom endpoint for the domain.", - "CustomEndpointCertificateArn": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "CustomEndpointCertificateArn": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "CustomEndpointEnabled": "True to enable a custom endpoint for the domain. If enabled, you must also provide values for `CustomEndpoint` and `CustomEndpointCertificateArn` .", "EnforceHTTPS": "True to require that all traffic to the domain arrive over HTTPS. Required if you enable fine-grained access control in [AdvancedSecurityOptions](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-opensearchservice-domain-advancedsecurityoptionsinput.html) .", "TLSSecurityPolicy": "The minimum TLS version required for traffic to the domain. The policy can be one of the following values:\n\n- *Policy-Min-TLS-1-0-2019-07:* TLS security policy that supports TLS version 1.0 to TLS version 1.2\n- *Policy-Min-TLS-1-2-2019-07:* TLS security policy that supports only TLS version 1.2\n- *Policy-Min-TLS-1-2-PFS-2023-10:* TLS security policy that supports TLS version 1.2 to TLS version 1.3 with perfect forward secrecy cipher suites" @@ -34048,12 +34999,12 @@ "Name": "The name that identifies the cluster.", "Networking": "The networking configuration for the cluster's control plane.", "Scheduler": "The cluster management and job scheduling software associated with the cluster.", - "Size": "The size of the cluster.", + "Size": "The size of the cluster.\n\n- `SMALL` : 32 compute nodes and 256 jobs\n- `MEDIUM` : 512 compute nodes and 8192 jobs\n- `LARGE` : 2048 compute nodes and 16,384 jobs", "SlurmConfiguration": "Additional options related to the Slurm scheduler.", "Tags": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string." }, "AWS::PCS::Cluster Accounting": { - "DefaultPurgeTimeInDays": "The default value for all purge settings for `slurmdbd.conf` . For more information, see the [slurmdbd.conf documentation at SchedMD](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurmdbd.conf.html) .\n\nThe default value `-1` means there is no purge time and records persist as long as the cluster exists.\n\n> `0` isn't a valid value.", + "DefaultPurgeTimeInDays": "The default value for all purge settings for `slurmdbd.conf` . For more information, see the [slurmdbd.conf documentation at SchedMD](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurmdbd.conf.html) .\n\nThe default value for `defaultPurgeTimeInDays` is `-1` .\n\nA value of `-1` means there is no purge time and records persist as long as the cluster exists.\n\n> `0` isn't a valid value.", "Mode": "The default value for `mode` is `STANDARD` . A value of `STANDARD` means Slurm accounting is enabled." }, "AWS::PCS::Cluster AuthKey": { @@ -34062,9 +35013,9 @@ }, "AWS::PCS::Cluster Endpoint": { "Ipv6Address": "The endpoint's IPv6 address.\n\nExample: `2001:db8::1`", - "Port": "The endpoint's connection port number.", + "Port": "The endpoint's connection port number.\n\nExample: `1234`", "PrivateIpAddress": "For clusters that use IPv4, this is the endpoint's private IP address.\n\nExample: `10.1.2.3`\n\nFor clusters configured to use IPv6, this is an empty string.", - "PublicIpAddress": "The endpoint's public IP address.", + "PublicIpAddress": "The endpoint's public IP address.\n\nExample: `192.0.2.1`", "Type": "Indicates the type of endpoint running at the specific IP address." }, "AWS::PCS::Cluster ErrorInfo": { @@ -34073,34 +35024,34 @@ }, "AWS::PCS::Cluster Networking": { "NetworkType": "The IP address version the cluster uses. The default is `IPV4` .", - "SecurityGroupIds": "The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.", - "SubnetIds": "The list of subnet IDs where AWS PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and AWS PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts, AWS Wavelength, or an AWS Local Zone. AWS PCS currently supports only 1 subnet in this list." + "SecurityGroupIds": "The list of security group IDs associated with the Elastic Network Interface (ENI) created in subnets.\n\nThe following rules are required:\n\n- Inbound rule 1\n\n- Protocol: All\n- Ports: All\n- Source: Self\n- Outbound rule 1\n\n- Protocol: All\n- Ports: All\n- Destination: 0.0.0.0/0 (IPv4) or ::/0 (IPv6)\n- Outbound rule 2\n\n- Protocol: All\n- Ports: All\n- Destination: Self", + "SubnetIds": "The ID of the subnet where AWS PCS creates an Elastic Network Interface (ENI) to enable communication between managed controllers and AWS PCS resources. The subnet must have an available IP address, cannot reside in AWS Outposts , AWS Wavelength , or an AWS Local Zone.\n\nExample: `subnet-abcd1234`" }, "AWS::PCS::Cluster Scheduler": { "Type": "The software AWS PCS uses to manage cluster scaling and job scheduling.", - "Version": "The version of the specified scheduling software that AWS PCS uses to manage cluster scaling and job scheduling." + "Version": "The version of the specified scheduling software that AWS PCS uses to manage cluster scaling and job scheduling. For more information, see [Slurm versions in AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/slurm-versions.html) in the *AWS PCS User Guide* .\n\nValid Values: `23.11 | 24.05 | 24.11`" }, "AWS::PCS::Cluster SlurmConfiguration": { "Accounting": "The accounting configuration includes configurable settings for Slurm accounting.", - "AuthKey": "The shared Slurm key for authentication, also known as the cluster secret.", - "ScaleDownIdleTimeInSeconds": "The time before an idle node is scaled down.", + "AuthKey": "The shared Slurm key for authentication, also known as the *cluster secret* .", + "ScaleDownIdleTimeInSeconds": "The time (in seconds) before an idle node is scaled down.\n\nDefault: `600`", "SlurmCustomSettings": "Additional Slurm-specific configuration that directly maps to Slurm settings." }, "AWS::PCS::Cluster SlurmCustomSetting": { - "ParameterName": "AWS PCS supports configuration of the following Slurm parameters:\n\n- For *clusters*\n\n- [`Prolog`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Prolog_1)\n- [`Epilog`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Epilog_1)\n- [`SelectTypeParameters`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_SelectTypeParameters)\n- For *compute node groups*\n\n- [`Weight`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Weight)\n- [`RealMemory`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Weight)", + "ParameterName": "AWS PCS supports custom Slurm settings for clusters, compute node groups, and queues. For more information, see [Configuring custom Slurm settings in AWS PCS](https://docs.aws.amazon.com//pcs/latest/userguide/slurm-custom-settings.html) in the *AWS PCS User Guide* .", "ParameterValue": "The values for the configured Slurm settings." }, "AWS::PCS::ComputeNodeGroup": { "AmiId": "The ID of the Amazon Machine Image (AMI) that AWS PCS uses to launch instances. If not provided, AWS PCS uses the AMI ID specified in the custom launch template.", "ClusterId": "The ID of the cluster of the compute node group.", "CustomLaunchTemplate": "An Amazon EC2 launch template AWS PCS uses to launch compute nodes.", - "IamInstanceProfileArn": "The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have pcs:RegisterComputeNodeGroupInstance permissions attached to provision instances correctly.", + "IamInstanceProfileArn": "The Amazon Resource Name (ARN) of the IAM instance profile used to pass an IAM role when launching EC2 instances. The role contained in your instance profile must have the `pcs:RegisterComputeNodeGroupInstance` permission and the role name must start with `AWSPCS` or must have the path `/aws-pcs/` . For more information, see [IAM instance profiles for AWS PCS](https://docs.aws.amazon.com//pcs/latest/userguide/security-instance-profiles.html) in the *AWS PCS User Guide* .", "InstanceConfigs": "A list of EC2 instance configurations that AWS PCS can provision in the compute node group.", "Name": "The name that identifies the compute node group.", - "PurchaseOption": "Specifies how EC2 instances are purchased on your behalf. AWS PCS supports On-Demand and Spot instances. For more information, see Instance purchasing options in the Amazon Elastic Compute Cloud User Guide. If you don't provide this option, it defaults to On-Demand.", + "PurchaseOption": "Specifies how EC2 instances are purchased on your behalf. AWS PCS supports On-Demand Instances, Spot Instances, and Amazon EC2 Capacity Blocks for ML. For more information, see [Amazon EC2 billing and purchasing options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html) in the *Amazon Elastic Compute Cloud User Guide* . For more information about AWS PCS support for Capacity Blocks, see [Using Amazon EC2 Capacity Blocks for ML with AWS PCS](https://docs.aws.amazon.com/pcs/latest/userguide/capacity-blocks.html) in the *AWS PCS User Guide* . If you don't provide this option, it defaults to On-Demand.", "ScalingConfiguration": "Specifies the boundaries of the compute node group auto scaling.", "SlurmConfiguration": "Additional options related to the Slurm scheduler.", - "SpotOptions": "Additional configuration when you specify `SPOT` as the `purchaseOption` .", + "SpotOptions": "Additional configuration when you specify `SPOT` as the `purchaseOption` for the `CreateComputeNodeGroup` API action.", "SubnetIds": "The list of subnet IDs where instances are provisioned by the compute node group. The subnets must be in the same VPC as the cluster.", "Tags": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string." }, @@ -34123,16 +35074,17 @@ "SlurmCustomSettings": "Additional Slurm-specific configuration that directly maps to Slurm settings." }, "AWS::PCS::ComputeNodeGroup SlurmCustomSetting": { - "ParameterName": "AWS PCS supports configuration of the following Slurm parameters:\n\n- For *clusters*\n\n- [`Prolog`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Prolog_1)\n- [`Epilog`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Epilog_1)\n- [`SelectTypeParameters`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_SelectTypeParameters)\n- For *compute node groups*\n\n- [`Weight`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Weight)\n- [`RealMemory`](https://docs.aws.amazon.com/https://slurm.schedmd.com/slurm.conf.html#OPT_Weight)", + "ParameterName": "AWS PCS supports custom Slurm settings for clusters, compute node groups, and queues. For more information, see [Configuring custom Slurm settings in AWS PCS](https://docs.aws.amazon.com//pcs/latest/userguide/slurm-custom-settings.html) in the *AWS PCS User Guide* .", "ParameterValue": "The values for the configured Slurm settings." }, "AWS::PCS::ComputeNodeGroup SpotOptions": { - "AllocationStrategy": "The Amazon EC2 allocation strategy AWS PCS uses to provision EC2 instances. AWS PCS supports lowest price, capacity optimized, and price capacity optimized. If you don't provide this option, it defaults to price capacity optimized." + "AllocationStrategy": "The Amazon EC2 allocation strategy AWS PCS uses to provision EC2 instances. AWS PCS supports *lowest price* , *capacity optimized* , and *price capacity optimized* . For more information, see [Use allocation strategies to determine how EC2 Fleet or Spot Fleet fulfills Spot and On-Demand capacity](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-allocation-strategy.html) in the *Amazon Elastic Compute Cloud User Guide* . If you don't provide this option, it defaults to *price capacity optimized* ." }, "AWS::PCS::Queue": { "ClusterId": "The ID of the cluster of the queue.", "ComputeNodeGroupConfigurations": "The list of compute node group configurations associated with the queue. Queues assign jobs to associated compute node groups.", "Name": "The name that identifies the queue.", + "SlurmConfiguration": "Additional options related to the Slurm scheduler.", "Tags": "1 or more tags added to the resource. Each tag consists of a tag key and tag value. The tag value is optional and can be an empty string." }, "AWS::PCS::Queue ComputeNodeGroupConfiguration": { @@ -34142,6 +35094,13 @@ "Code": "The short-form error code.", "Message": "The detailed error information." }, + "AWS::PCS::Queue SlurmConfiguration": { + "SlurmCustomSettings": "" + }, + "AWS::PCS::Queue SlurmCustomSetting": { + "ParameterName": "", + "ParameterValue": "" + }, "AWS::Panorama::ApplicationInstance": { "ApplicationInstanceIdToReplace": "The ID of an application instance to replace with the new instance.", "DefaultRuntimeContextDevice": "The device's ID.", @@ -35518,14 +36477,14 @@ "Definition": "", "Errors": "Errors associated with the analysis.", "FolderArns": "", - "Name": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon QuickSight console.", + "Name": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon Quick Sight console.", "Parameters": "The parameter names and override values that you want to use. An analysis can have any parameter type, and some parameters might accept multiple values.", "Permissions": "A structure that describes the principals and the resource-level permissions on an analysis. You can use the `Permissions` structure to grant permissions by providing a list of AWS Identity and Access Management (IAM) action information for each principal listed by Amazon Resource Name (ARN).\n\nTo specify no permissions, omit `Permissions` .", "Sheets": "A list of the associated sheets with the unique identifier and name of each sheet.", "SourceEntity": "A source entity to use for the analysis that you're creating. This metadata structure contains details that describe a source template and one or more datasets.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", "Status": "Status associated with the analysis.", "Tags": "Contains a map of the key-value pairs for the resource tag or tags assigned to the analysis.", - "ThemeArn": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon QuickSight console, make sure that you have access to it.", + "ThemeArn": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon Quick Sight console, make sure that you have access to it.", "ValidationStrategy": "The option to relax the validation that is required to create and update analyses, dashboards, and templates with definition objects. When you set this value to `LENIENT` , validation is skipped for specific errors." }, "AWS::QuickSight::Analysis AggregationFunction": { @@ -35547,9 +36506,9 @@ "CalculatedFields": "An array of calculated field definitions for the analysis.", "ColumnConfigurations": "An array of analysis-level column configurations. Column configurations can be used to set default formatting for a column to be used throughout an analysis.", "DataSetIdentifierDeclarations": "An array of dataset identifier declarations. This mapping allows the usage of dataset identifiers instead of dataset ARNs throughout analysis sub-structures.", - "FilterGroups": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "FilterGroups": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "Options": "An array of option definitions for an analysis.", - "ParameterDeclarations": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "ParameterDeclarations": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "QueryExecutionOptions": "", "Sheets": "An array of sheet definitions for an analysis. Each `SheetDefinition` provides detailed information about a sheet within this analysis.", "StaticFiles": "The static files for the definition." @@ -35803,8 +36762,8 @@ }, "AWS::QuickSight::Analysis CategoryFilterConfiguration": { "CustomFilterConfiguration": "A custom filter that filters based on a single value. This filter can be partially matched.", - "CustomFilterListConfiguration": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", - "FilterListConfiguration": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list." + "CustomFilterListConfiguration": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", + "FilterListConfiguration": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list." }, "AWS::QuickSight::Analysis CategoryInnerFilter": { "Column": "", @@ -36250,7 +37209,7 @@ "NumericalDimensionField": "The dimension type field with numerical type columns." }, "AWS::QuickSight::Analysis DonutCenterOptions": { - "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` ." + "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` ." }, "AWS::QuickSight::Analysis DonutOptions": { "ArcOptions": "The option for define the arc of the chart shape. Valid values are as follows:\n\n- `WHOLE` - A pie chart\n- `SMALL` - A small-sized donut chart\n- `MEDIUM` - A medium-sized donut chart\n- `LARGE` - A large-sized donut chart", @@ -36357,7 +37316,7 @@ "VisualId": "The unique identifier of a visual. This identifier must be unique within the context of a dashboard, template, or analysis. Two dashboards, analyses, or templates can have visuals with the same identifiers.." }, "AWS::QuickSight::Analysis Filter": { - "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "NestedFilter": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter.", "NumericEqualityFilter": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value.", "NumericRangeFilter": "A `NumericRangeFilter` filters numeric values that are either inside or outside a given numeric range.", @@ -36834,7 +37793,7 @@ }, "AWS::QuickSight::Analysis GridLayoutScreenCanvasSizeOptions": { "OptimizedViewPortWidth": "The width that the view port will be optimized for when the layout renders.", - "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` ." + "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` ." }, "AWS::QuickSight::Analysis GrowthRateComputation": { "ComputationId": "The ID for a computation.", @@ -37729,7 +38688,7 @@ }, "AWS::QuickSight::Analysis ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Analysis RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -37863,7 +38822,7 @@ "BackgroundColor": "The conditional formatting for the shape background color of a filled map visual." }, "AWS::QuickSight::Analysis Sheet": { - "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "SheetId": "The unique identifier associated with a sheet." }, "AWS::QuickSight::Analysis SheetControlInfoIconLabelOptions": { @@ -37879,11 +38838,11 @@ "AWS::QuickSight::Analysis SheetDefinition": { "ContentType": "The layout content type of the sheet. Choose one of the following options:\n\n- `PAGINATED` : Creates a sheet for a paginated report.\n- `INTERACTIVE` : Creates a sheet for an interactive dashboard.", "Description": "A description of the sheet.", - "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "Images": "A list of images on a sheet.", - "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "Name": "The name of the sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", - "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "SheetControlLayouts": "The control layouts of the sheet.", "SheetId": "The unique identifier of a sheet.", "TextBoxes": "The text boxes that are on a sheet.", @@ -38325,31 +39284,31 @@ "PercentRange": "The percent range in the visible range." }, "AWS::QuickSight::Analysis Visual": { - "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", - "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", - "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", - "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", + "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", + "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", + "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "EmptyVisual": "An empty visual.", - "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", - "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", - "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", - "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", - "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", - "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", - "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", - "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", + "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", + "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", + "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", + "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", + "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", + "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", + "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "LayerMapVisual": "The properties for a layer map visual", - "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", - "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", - "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", + "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", + "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "PluginVisual": "The custom plugin visual type.", - "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", - "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", - "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", - "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", - "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", - "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", - "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* ." + "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", + "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", + "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", + "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", + "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", + "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", + "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* ." }, "AWS::QuickSight::Analysis VisualCustomAction": { "ActionOperations": "A list of `VisualCustomActionOperations` .\n\nThis is a union type structure. For this structure to be valid, only one of the attributes can be defined.", @@ -38484,6 +39443,7 @@ }, "AWS::QuickSight::CustomPermissions Capabilities": { "AddOrRunAnomalyDetectionForAnalyses": "The ability to add or run anomaly detection.", + "Analysis": "The ability to perform analysis-related actions.", "CreateAndUpdateDashboardEmailReports": "The ability to create and update email reports.", "CreateAndUpdateDataSources": "The ability to create and update data sources.", "CreateAndUpdateDatasets": "The ability to create and update datasets.", @@ -38491,6 +39451,7 @@ "CreateAndUpdateThresholdAlerts": "The ability to create and update threshold alerts.", "CreateSPICEDataset": "The ability to create a SPICE dataset.", "CreateSharedFolders": "The ability to create shared folders.", + "Dashboard": "The ability to perform dashboard-related actions.", "ExportToCsv": "The ability to export to CSV files from the UI.", "ExportToCsvInScheduledReports": "The ability to export to CSV files in scheduled email reports.", "ExportToExcel": "The ability to export to Excel files from the UI.", @@ -38514,7 +39475,7 @@ "AWS::QuickSight::Dashboard": { "AwsAccountId": "The ID of the AWS account where you want to create the dashboard.", "DashboardId": "The ID for the dashboard, also added to the IAM policy.", - "DashboardPublishOptions": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.", + "DashboardPublishOptions": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.\n- `AvailabilityStatus` for `QuickSuiteActionsOption` - This status can be either `ENABLED` or `DISABLED` . Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to `DISABLED` . This option is `DISABLED` by default.\n- `AvailabilityStatus` for `ExecutiveSummaryOption` - This status can be either `ENABLED` or `DISABLED` . The option to build an executive summary is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `AvailabilityStatus` for `DataStoriesSharingOption` - This status can be either `ENABLED` or `DISABLED` . The option to share a data story is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.", "Definition": "", "FolderArns": "", "LinkEntities": "A list of analysis Amazon Resource Names (ARNs) to be linked to the dashboard.", @@ -38565,6 +39526,8 @@ "ArcThickness": "The arc thickness of a `GaugeChartVisual` ." }, "AWS::QuickSight::Dashboard AssetOptions": { + "ExcludedDataSetArns": "A list of dataset ARNS to exclude from Dashboard Q&A.", + "QBusinessInsightsStatus": "Determines whether insight summaries from Amazon Q Business are allowed in Dashboard Q&A.", "Timezone": "Determines the timezone for the analysis.", "WeekStart": "Determines the week start day for an analysis." }, @@ -38782,8 +39745,8 @@ }, "AWS::QuickSight::Dashboard CategoryFilterConfiguration": { "CustomFilterConfiguration": "A custom filter that filters based on a single value. This filter can be partially matched.", - "CustomFilterListConfiguration": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", - "FilterListConfiguration": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list." + "CustomFilterListConfiguration": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", + "FilterListConfiguration": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list." }, "AWS::QuickSight::Dashboard CategoryInnerFilter": { "Column": "", @@ -39020,8 +39983,12 @@ "DataPointDrillUpDownOption": "The drill-down options of data points in a dashboard.", "DataPointMenuLabelOption": "The data point menu label options of a dashboard.", "DataPointTooltipOption": "The data point tool tip options of a dashboard.", + "DataQAEnabledOption": "Adds Q&A capabilities to an Quick Sight dashboard. If no topic is linked, Dashboard Q&A uses the data values that are rendered on the dashboard. End users can use Dashboard Q&A to ask for different slices of the data that they see on the dashboard. If a topic is linked, Topic Q&A is used.", + "DataStoriesSharingOption": "Data stories sharing option.", + "ExecutiveSummaryOption": "Executive summary option.", "ExportToCSVOption": "Export to .csv option.", "ExportWithHiddenFieldsOption": "Determines if hidden fields are exported with a dashboard.", + "QuickSuiteActionsOption": "Determines if Actions in Amazon Quick Suite are enabled in a dashboard.", "SheetControlsOption": "Sheet controls option.", "SheetLayoutElementMaximizationOption": "The sheet layout maximization options of a dashbaord.", "VisualAxisSortOption": "The axis sort options of a dashboard.", @@ -39052,9 +40019,9 @@ "CalculatedFields": "An array of calculated field definitions for the dashboard.", "ColumnConfigurations": "An array of dashboard-level column configurations. Column configurations are used to set the default formatting for a column that is used throughout a dashboard.", "DataSetIdentifierDeclarations": "An array of dataset identifier declarations. With this mapping,you can use dataset identifiers instead of dataset Amazon Resource Names (ARNs) throughout the dashboard's sub-structures.", - "FilterGroups": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "FilterGroups": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "Options": "An array of option definitions for a dashboard.", - "ParameterDeclarations": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "ParameterDeclarations": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "Sheets": "An array of sheet definitions for a dashboard.", "StaticFiles": "The static files for the definition." }, @@ -39126,6 +40093,9 @@ "AWS::QuickSight::Dashboard DataPointTooltipOption": { "AvailabilityStatus": "The status of the data point tool tip options." }, + "AWS::QuickSight::Dashboard DataQAEnabledOption": { + "AvailabilityStatus": "The status of the Data Q&A option on the dashboard." + }, "AWS::QuickSight::Dashboard DataSetIdentifierDeclaration": { "DataSetArn": "The Amazon Resource Name (ARN) of the data set.", "Identifier": "The identifier of the data set, typically the data set's name." @@ -39134,6 +40104,9 @@ "DataSetArn": "Dataset Amazon Resource Name (ARN).", "DataSetPlaceholder": "Dataset placeholder." }, + "AWS::QuickSight::Dashboard DataStoriesSharingOption": { + "AvailabilityStatus": "Availability status." + }, "AWS::QuickSight::Dashboard DateAxisOptions": { "MissingDateVisibility": "Determines whether or not missing dates are displayed." }, @@ -39289,7 +40262,7 @@ "NumericalDimensionField": "The dimension type field with numerical type columns." }, "AWS::QuickSight::Dashboard DonutCenterOptions": { - "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` ." + "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` ." }, "AWS::QuickSight::Dashboard DonutOptions": { "ArcOptions": "The option for define the arc of the chart shape. Valid values are as follows:\n\n- `WHOLE` - A pie chart\n- `SMALL` - A small-sized donut chart\n- `MEDIUM` - A medium-sized donut chart\n- `LARGE` - A large-sized donut chart", @@ -39323,6 +40296,9 @@ "Granularity": "The granularity or unit (day, month, year) of the exclude period.", "Status": "The status of the exclude period. Choose from the following options:\n\n- `ENABLED`\n- `DISABLED`" }, + "AWS::QuickSight::Dashboard ExecutiveSummaryOption": { + "AvailabilityStatus": "Availability status." + }, "AWS::QuickSight::Dashboard ExplicitHierarchy": { "Columns": "The list of columns that define the explicit hierarchy.", "DrillDownFilters": "The option that determines the drill down filters for the explicit hierarchy.", @@ -39405,7 +40381,7 @@ "VisualId": "The unique identifier of a visual. This identifier must be unique within the context of a dashboard, template, or analysis. Two dashboards, analyses, or templates can have visuals with the same identifiers.." }, "AWS::QuickSight::Dashboard Filter": { - "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "NestedFilter": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter.", "NumericEqualityFilter": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value.", "NumericRangeFilter": "A `NumericRangeFilter` filters numeric values that are either inside or outside a given numeric range.", @@ -39882,7 +40858,7 @@ }, "AWS::QuickSight::Dashboard GridLayoutScreenCanvasSizeOptions": { "OptimizedViewPortWidth": "The width that the view port will be optimized for when the layout renders.", - "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` ." + "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` ." }, "AWS::QuickSight::Dashboard GrowthRateComputation": { "ComputationId": "The ID for a computation.", @@ -40668,6 +41644,9 @@ "AWS::QuickSight::Dashboard ProgressBarOptions": { "Visibility": "The visibility of the progress bar." }, + "AWS::QuickSight::Dashboard QuickSuiteActionsOption": { + "AvailabilityStatus": "Availability status." + }, "AWS::QuickSight::Dashboard RadarChartAggregatedFieldWells": { "Category": "The aggregated field well categories of a radar chart.", "Color": "The color that are assigned to the aggregated field wells of a radar chart.", @@ -40777,7 +41756,7 @@ }, "AWS::QuickSight::Dashboard ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Dashboard RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -40911,7 +41890,7 @@ "BackgroundColor": "The conditional formatting for the shape background color of a filled map visual." }, "AWS::QuickSight::Dashboard Sheet": { - "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "SheetId": "The unique identifier associated with a sheet." }, "AWS::QuickSight::Dashboard SheetControlInfoIconLabelOptions": { @@ -40930,11 +41909,11 @@ "AWS::QuickSight::Dashboard SheetDefinition": { "ContentType": "The layout content type of the sheet. Choose one of the following options:\n\n- `PAGINATED` : Creates a sheet for a paginated report.\n- `INTERACTIVE` : Creates a sheet for an interactive dashboard.", "Description": "A description of the sheet.", - "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "Images": "A list of images on a sheet.", - "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "Name": "The name of the sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", - "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "SheetControlLayouts": "The control layouts of the sheet.", "SheetId": "The unique identifier of a sheet.", "TextBoxes": "The text boxes that are on a sheet.", @@ -41379,31 +42358,31 @@ "PercentRange": "The percent range in the visible range." }, "AWS::QuickSight::Dashboard Visual": { - "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", - "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", - "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", - "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", + "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", + "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", + "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "EmptyVisual": "An empty visual.", - "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", - "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", - "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", - "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", - "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", - "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", - "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", - "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", + "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", + "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", + "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", + "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", + "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", + "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", + "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "LayerMapVisual": "The properties for a layer map visual", - "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", - "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", - "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", + "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", + "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "PluginVisual": "The custom plugin visual type.", - "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", - "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", - "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", - "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", - "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", - "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", - "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* ." + "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", + "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", + "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", + "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", + "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", + "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", + "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* ." }, "AWS::QuickSight::Dashboard VisualAxisSortOption": { "AvailabilityStatus": "The availaiblity status of a visual's axis sort options." @@ -41535,7 +42514,7 @@ }, "AWS::QuickSight::DataSet": { "AwsAccountId": "The AWS account ID.", - "ColumnGroups": "Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.", + "ColumnGroups": "Groupings of columns that work together in certain Amazon Quick Sight features. Currently, only geospatial hierarchy is supported.", "ColumnLevelPermissionRules": "A set of one or more definitions of a `ColumnLevelPermissionRule` .", "DataSetId": "An ID for the dataset that you want to create. This ID is unique per AWS Region for each AWS account.", "DataSetRefreshProperties": "The refresh properties of a dataset.", @@ -41556,13 +42535,13 @@ "UseAs": "The usage of the dataset." }, "AWS::QuickSight::DataSet CalculatedColumn": { - "ColumnId": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column.", + "ColumnId": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Quick Sight preserves the existing calculated column.", "ColumnName": "Column name.", "Expression": "An expression that defines the calculated column." }, "AWS::QuickSight::DataSet CastColumnTypeOperation": { "ColumnName": "Column name.", - "Format": "When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.", + "Format": "When casting a column from string to datetime type, you can supply a string in a format supported by Quick Sight to denote the source data format.", "NewColumnType": "New column data type.", "SubType": "The sub data type of the new column. Sub types are only available for decimal columns that are part of a SPICE dataset." }, @@ -41574,7 +42553,7 @@ }, "AWS::QuickSight::DataSet ColumnLevelPermissionRule": { "ColumnNames": "An array of column names.", - "Principals": "An array of Amazon Resource Names (ARNs) for QuickSight users or groups." + "Principals": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups." }, "AWS::QuickSight::DataSet ColumnTag": { "ColumnDescription": "A description for a column.", @@ -41595,7 +42574,7 @@ }, "AWS::QuickSight::DataSet DataSetUsageConfiguration": { "DisableUseAsDirectQuerySource": "An option that controls whether a child dataset of a direct query can use this dataset as a source.", - "DisableUseAsImportedSource": "An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source." + "DisableUseAsImportedSource": "An option that controls whether a child dataset that's stored in Quick Sight can use this dataset as a source." }, "AWS::QuickSight::DataSet DatasetParameter": { "DateTimeDatasetParameter": "A date time parameter that is created in the dataset.", @@ -41664,7 +42643,7 @@ "Type": "The type of join that it is." }, "AWS::QuickSight::DataSet JoinKeyProperties": { - "UniqueKey": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by QuickSight to optimize query performance." + "UniqueKey": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick Suite to optimize query performance." }, "AWS::QuickSight::DataSet LogicalTable": { "Alias": "A display name for the logical table.", @@ -41731,7 +42710,7 @@ }, "AWS::QuickSight::DataSet ResourcePermission": { "Actions": "The IAM action to grant or revoke permisions on", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::DataSet RowLevelPermissionDataSet": { "Arn": "The Amazon Resource Name (ARN) of the dataset that contains permissions for RLS.", @@ -41800,17 +42779,17 @@ "AWS::QuickSight::DataSource": { "AlternateDataSourceParameters": "A set of alternate data source parameters that you want to share for the credentials stored with this data source. The credentials are applied in tandem with the data source parameters when you copy a data source by using a create or update request. The API operation compares the `DataSourceParameters` structure that's in the request with the structures in the `AlternateDataSourceParameters` allow list. If the structures are an exact match, the request is allowed to use the credentials from this existing data source. If the `AlternateDataSourceParameters` list is null, the `Credentials` originally used with this `DataSourceParameters` are automatically allowed.", "AwsAccountId": "The AWS account ID.", - "Credentials": "The credentials Amazon QuickSight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", + "Credentials": "The credentials Amazon Quick Sight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", "DataSourceId": "An ID for the data source. This ID is unique per AWS Region for each AWS account.", - "DataSourceParameters": "The parameters that Amazon QuickSight uses to connect to your underlying source.", + "DataSourceParameters": "The parameters that Amazon Quick Sight uses to connect to your underlying source.", "ErrorInfo": "Error information from the last update or the creation of the data source.", "FolderArns": "", "Name": "A display name for the data source.", "Permissions": "A list of resource permissions on the data source.", - "SslProperties": "Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.", + "SslProperties": "Secure Socket Layer (SSL) properties that apply when Amazon Quick Sight connects to your underlying source.", "Tags": "Contains a map of the key-value pairs for the resource tag or tags assigned to the data source.", "Type": "The type of the data source. To return a list of all data sources, use `ListDataSources` .\n\nUse `AMAZON_ELASTICSEARCH` for Amazon OpenSearch Service.", - "VpcConnectionProperties": "Use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source." + "VpcConnectionProperties": "Use this parameter only when you want Amazon Quick Sight to use a VPC connection when connecting to your underlying source." }, "AWS::QuickSight::DataSource AmazonElasticsearchParameters": { "Domain": "The OpenSearch domain." @@ -41819,7 +42798,7 @@ "Domain": "The OpenSearch domain." }, "AWS::QuickSight::DataSource AthenaParameters": { - "IdentityCenterConfiguration": "An optional parameter that configures IAM Identity Center authentication to grant Amazon QuickSight access to your workgroup.\n\nThis parameter can only be specified if your Amazon QuickSight account is configured with IAM Identity Center.", + "IdentityCenterConfiguration": "An optional parameter that configures IAM Identity Center authentication to grant Quick Sight access to your workgroup.\n\nThis parameter can only be specified if your Quick Sight account is configured with IAM Identity Center.", "RoleArn": "Use the `RoleArn` structure to override an account-wide role for a specific Athena data source. For example, say an account administrator has turned off all Athena access with an account-wide role. The administrator can then use `RoleArn` to bypass the account-wide role and allow Athena access for the single Athena data source that is specified in the structure, even if the account-wide role forbidding Athena access is still active.", "WorkGroup": "The workgroup that Amazon Athena uses." }, @@ -41918,26 +42897,26 @@ "InstanceId": "Instance ID." }, "AWS::QuickSight::DataSource RedshiftIAMParameters": { - "AutoCreateDatabaseUser": "Automatically creates a database user. If your database doesn't have a `DatabaseUser` , set this parameter to `True` . If there is no `DatabaseUser` , Amazon QuickSight can't connect to your cluster. The `RoleArn` that you use for this operation must grant access to `redshift:CreateClusterUser` to successfully create the user.", - "DatabaseGroups": "A list of groups whose permissions will be granted to Amazon QuickSight to access the cluster. These permissions are combined with the permissions granted to Amazon QuickSight by the `DatabaseUser` . If you choose to include this parameter, the `RoleArn` must grant access to `redshift:JoinGroup` .", - "DatabaseUser": "The user whose permissions and group memberships will be used by Amazon QuickSight to access the cluster. If this user already exists in your database, Amazon QuickSight is granted the same permissions that the user has. If the user doesn't exist, set the value of `AutoCreateDatabaseUser` to `True` to create a new user with PUBLIC permissions.", - "RoleArn": "Use the `RoleArn` structure to allow Amazon QuickSight to call `redshift:GetClusterCredentials` on your cluster. The calling principal must have `iam:PassRole` access to pass the role to Amazon QuickSight. The role's trust policy must allow the Amazon QuickSight service principal to assume the role." + "AutoCreateDatabaseUser": "Automatically creates a database user. If your database doesn't have a `DatabaseUser` , set this parameter to `True` . If there is no `DatabaseUser` , Quick Sight can't connect to your cluster. The `RoleArn` that you use for this operation must grant access to `redshift:CreateClusterUser` to successfully create the user.", + "DatabaseGroups": "A list of groups whose permissions will be granted to Quick Sight to access the cluster. These permissions are combined with the permissions granted to Quick Sight by the `DatabaseUser` . If you choose to include this parameter, the `RoleArn` must grant access to `redshift:JoinGroup` .", + "DatabaseUser": "The user whose permissions and group memberships will be used by Quick Sight to access the cluster. If this user already exists in your database, Amazon Quick Sight is granted the same permissions that the user has. If the user doesn't exist, set the value of `AutoCreateDatabaseUser` to `True` to create a new user with PUBLIC permissions.", + "RoleArn": "Use the `RoleArn` structure to allow Quick Sight to call `redshift:GetClusterCredentials` on your cluster. The calling principal must have `iam:PassRole` access to pass the role to Quick Sight. The role's trust policy must allow the Quick Sight service principal to assume the role." }, "AWS::QuickSight::DataSource RedshiftParameters": { "ClusterId": "Cluster ID. This field can be blank if the `Host` and `Port` are provided.", "Database": "Database.", "Host": "Host. This field can be blank if `ClusterId` is provided.", - "IAMParameters": "An optional parameter that uses IAM authentication to grant Amazon QuickSight access to your cluster. This parameter can be used instead of [DataSourceCredentials](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DataSourceCredentials.html) .", - "IdentityCenterConfiguration": "An optional parameter that configures IAM Identity Center authentication to grant Amazon QuickSight access to your cluster.\n\nThis parameter can only be specified if your Amazon QuickSight account is configured with IAM Identity Center.", + "IAMParameters": "An optional parameter that uses IAM authentication to grant Quick Sight access to your cluster. This parameter can be used instead of [DataSourceCredentials](https://docs.aws.amazon.com/quicksight/latest/APIReference/API_DataSourceCredentials.html) .", + "IdentityCenterConfiguration": "An optional parameter that configures IAM Identity Center authentication to grant Quick Sight access to your cluster.\n\nThis parameter can only be specified if your Quick Sight account is configured with IAM Identity Center.", "Port": "Port. This field can be blank if the `ClusterId` is provided." }, "AWS::QuickSight::DataSource ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "Resource": "" }, "AWS::QuickSight::DataSource S3Parameters": { - "ManifestFileLocation": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight.", + "ManifestFileLocation": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Quick Sight.", "RoleArn": "Use the `RoleArn` structure to override an account-wide role for a specific S3 data source. For example, say an account administrator has turned off all S3 access with an account-wide role. The administrator can then use `RoleArn` to bypass the account-wide role and allow S3 access for the single S3 data source that is specified in the structure, even if the account-wide role forbidding S3 access is still active." }, "AWS::QuickSight::DataSource SnowflakeParameters": { @@ -41945,7 +42924,7 @@ "Database": "Database.", "DatabaseAccessControlRole": "The database access control role.", "Host": "Host.", - "OAuthParameters": "An object that contains information needed to create a data source connection between an Amazon QuickSight account and Snowflake.", + "OAuthParameters": "An object that contains information needed to create a data source connection between an Quick Sight account and Snowflake.", "Warehouse": "Warehouse." }, "AWS::QuickSight::DataSource SparkParameters": { @@ -41965,7 +42944,7 @@ "Catalog": "The catalog name for the Starburst data source.", "DatabaseAccessControlRole": "The database access control role.", "Host": "The host name of the Starburst data source.", - "OAuthParameters": "An object that contains information needed to create a data source connection between an Amazon QuickSight account and Starburst.", + "OAuthParameters": "An object that contains information needed to create a data source connection between an Quick Sight account and Starburst.", "Port": "The port for the Starburst data source.", "ProductType": "The product type for the Starburst data source." }, @@ -42014,7 +42993,7 @@ "DayOfWeek": "The day of the week that you want to schedule the refresh on. This value is required for weekly and monthly refresh intervals." }, "AWS::QuickSight::RefreshSchedule RefreshScheduleMap": { - "RefreshType": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *QuickSight User Guide* .", + "RefreshType": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", "ScheduleFrequency": "The frequency for the refresh schedule.", "ScheduleId": "An identifier for the refresh schedule.", "StartAfterDateTime": "Time after which the refresh schedule can be started, expressed in `YYYY-MM-DDTHH:MM:SS` format." @@ -42026,11 +43005,11 @@ "TimeZone": "The timezone that you want the refresh schedule to use. The timezone ID must match a corresponding ID found on `java.util.time.getAvailableIDs()` ." }, "AWS::QuickSight::Template": { - "AwsAccountId": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon QuickSight account.", + "AwsAccountId": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon Quick Sight account.", "Definition": "", "Name": "A display name for the template.", "Permissions": "A list of resource permissions to be set on the template.", - "SourceEntity": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Amazon QuickSight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", + "SourceEntity": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Quick Sight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", "Tags": "Contains a map of the key-value pairs for the resource tag or tags assigned to the resource.", "TemplateId": "An ID for the template that you want to create. This template is unique per AWS Region ; in each AWS account.", "ValidationStrategy": "The option to relax the validation that is required to create and update analyses, dashboards, and templates with definition objects. When you set this value to `LENIENT` , validation is skipped for specific errors.", @@ -42287,8 +43266,8 @@ }, "AWS::QuickSight::Template CategoryFilterConfiguration": { "CustomFilterConfiguration": "A custom filter that filters based on a single value. This filter can be partially matched.", - "CustomFilterListConfiguration": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", - "FilterListConfiguration": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list." + "CustomFilterListConfiguration": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", + "FilterListConfiguration": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list." }, "AWS::QuickSight::Template CategoryInnerFilter": { "Column": "", @@ -42742,7 +43721,7 @@ "NumericalDimensionField": "The dimension type field with numerical type columns." }, "AWS::QuickSight::Template DonutCenterOptions": { - "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` ." + "LabelVisibility": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` ." }, "AWS::QuickSight::Template DonutOptions": { "ArcOptions": "The option for define the arc of the chart shape. Valid values are as follows:\n\n- `WHOLE` - A pie chart\n- `SMALL` - A small-sized donut chart\n- `MEDIUM` - A medium-sized donut chart\n- `LARGE` - A large-sized donut chart", @@ -42849,7 +43828,7 @@ "VisualId": "The unique identifier of a visual. This identifier must be unique within the context of a dashboard, template, or analysis. Two dashboards, analyses, or templates can have visuals with the same identifiers.." }, "AWS::QuickSight::Template Filter": { - "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "CategoryFilter": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "NestedFilter": "A `NestedFilter` filters data with a subset of data that is defined by the nested inner filter.", "NumericEqualityFilter": "A `NumericEqualityFilter` filters numeric values that equal or do not equal a given numeric value.", "NumericRangeFilter": "A `NumericRangeFilter` filters numeric values that are either inside or outside a given numeric range.", @@ -43202,7 +44181,7 @@ }, "AWS::QuickSight::Template GridLayoutScreenCanvasSizeOptions": { "OptimizedViewPortWidth": "The width that the view port will be optimized for when the layout renders.", - "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` ." + "ResizeOption": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` ." }, "AWS::QuickSight::Template GrowthRateComputation": { "ComputationId": "The ID for a computation.", @@ -44062,7 +45041,7 @@ }, "AWS::QuickSight::Template ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Template RollingDateConfiguration": { "DataSetIdentifier": "The data set that is used in the rolling date configuration.", @@ -44196,7 +45175,7 @@ "BackgroundColor": "The conditional formatting for the shape background color of a filled map visual." }, "AWS::QuickSight::Template Sheet": { - "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "Name": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "SheetId": "The unique identifier associated with a sheet." }, "AWS::QuickSight::Template SheetControlInfoIconLabelOptions": { @@ -44212,11 +45191,11 @@ "AWS::QuickSight::Template SheetDefinition": { "ContentType": "The layout content type of the sheet. Choose one of the following options:\n\n- `PAGINATED` : Creates a sheet for a paginated report.\n- `INTERACTIVE` : Creates a sheet for an interactive dashboard.", "Description": "A description of the sheet.", - "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "FilterControls": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "Images": "A list of images on a sheet.", - "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "Layouts": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "Name": "The name of the sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", - "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "ParameterControls": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "SheetControlLayouts": "The control layouts of the sheet.", "SheetId": "The unique identifier of a sheet.", "TextBoxes": "The text boxes that are on a sheet.", @@ -44489,9 +45468,9 @@ "CalculatedFields": "An array of calculated field definitions for the template.", "ColumnConfigurations": "An array of template-level column configurations. Column configurations are used to set default formatting for a column that's used throughout a template.", "DataSetConfigurations": "An array of dataset configurations. These configurations define the required columns for each dataset used within a template.", - "FilterGroups": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon QuickSight User Guide* .", + "FilterGroups": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon Quick Suite User Guide* .", "Options": "An array of option definitions for a template.", - "ParameterDeclarations": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "ParameterDeclarations": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "QueryExecutionOptions": "", "Sheets": "An array of sheet definitions for a template." }, @@ -44672,30 +45651,30 @@ "PercentRange": "The percent range in the visible range." }, "AWS::QuickSight::Template Visual": { - "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", - "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", - "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", - "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "BarChartVisual": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", + "BoxPlotVisual": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", + "ComboChartVisual": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", + "CustomContentVisual": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "EmptyVisual": "An empty visual.", - "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", - "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", - "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", - "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", - "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", - "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", - "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", - "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", - "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", - "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", - "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "FilledMapVisual": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", + "FunnelChartVisual": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", + "GaugeChartVisual": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", + "GeospatialMapVisual": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", + "HeatMapVisual": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", + "HistogramVisual": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", + "InsightVisual": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", + "KPIVisual": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", + "LineChartVisual": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", + "PieChartVisual": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", + "PivotTableVisual": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "PluginVisual": "The custom plugin visual type.", - "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", - "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", - "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", - "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", - "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", - "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", - "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* ." + "RadarChartVisual": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", + "SankeyDiagramVisual": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", + "ScatterPlotVisual": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", + "TableVisual": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", + "TreeMapVisual": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", + "WaterfallVisual": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", + "WordCloudVisual": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* ." }, "AWS::QuickSight::Template VisualCustomAction": { "ActionOperations": "A list of `VisualCustomActionOperations` .\n\nThis is a union type structure. For this structure to be valid, only one of the attributes can be defined.", @@ -44824,7 +45803,7 @@ }, "AWS::QuickSight::Theme": { "AwsAccountId": "The ID of the AWS account where you want to store the new theme.", - "BaseThemeId": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", + "BaseThemeId": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon Quick Sight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", "Configuration": "The theme configuration, which contains the theme display properties.", "Name": "A display name for the theme.", "Permissions": "A valid grouping of resource permissions to apply to the new theme.", @@ -44851,7 +45830,7 @@ }, "AWS::QuickSight::Theme ResourcePermission": { "Actions": "The IAM action to grant or revoke permissions on.", - "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" + "Principal": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)" }, "AWS::QuickSight::Theme SheetStyle": { "Tile": "The display options for tiles.", @@ -44873,7 +45852,7 @@ }, "AWS::QuickSight::Theme ThemeVersion": { "Arn": "The Amazon Resource Name (ARN) of the resource.", - "BaseThemeId": "The Amazon QuickSight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Amazon QuickSight theme.", + "BaseThemeId": "The Quick Sight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Quick Sight theme.", "Configuration": "The theme configuration, which contains all the theme display properties.", "CreatedTime": "The date and time that this theme version was created.", "Description": "The description of the theme.", @@ -45200,6 +46179,7 @@ "Iops": "The amount of Provisioned IOPS (input/output operations per second) to be initially allocated for each DB instance in the Multi-AZ DB cluster.\n\nFor information about valid IOPS values, see [Provisioned IOPS storage](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/CHAP_Storage.html#USER_PIOPS) in the *Amazon RDS User Guide* .\n\nThis setting is required to create a Multi-AZ DB cluster.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nConstraints:\n\n- Must be a multiple between .5 and 50 of the storage amount for the DB cluster.", "KmsKeyId": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the database instances in the DB cluster, such as `arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef` . If you enable the `StorageEncrypted` property but don't specify this property, the default KMS key is used. If you specify this property, you must set the `StorageEncrypted` property to `true` .\n\nIf you specify the `SnapshotIdentifier` property, the `StorageEncrypted` property value is inherited from the snapshot, and if the DB cluster is encrypted, the specified `KmsKeyId` property is used.\n\nIf you create a read replica of an encrypted DB cluster in another AWS Region, make sure to set `KmsKeyId` to a KMS key identifier that is valid in the destination AWS Region. This KMS key is used to encrypt the read replica in that AWS Region.\n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", "ManageMasterUserPassword": "Specifies whether to manage the master user password with AWS Secrets Manager.\n\nFor more information, see [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.*\n\nValid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n\nConstraints:\n\n- Can't manage the master user password with AWS Secrets Manager if `MasterUserPassword` is specified.", + "MasterUserAuthenticationType": "Specifies the authentication type for the master user. With IAM master user authentication, you can configure the master DB user with IAM database authentication when you create a DB cluster.\n\nYou can specify one of the following values:\n\n- `password` - Use standard database authentication with a password.\n- `iam-db-auth` - Use IAM database authentication for the master user.\n\nValid for Cluster Type: Aurora DB clusters and Multi-AZ DB clusters\n\nThis option is only valid for RDS for MySQL, RDS for MariaDB, RDS for PostgreSQL, Aurora MySQL, and Aurora PostgreSQL engines.", "MasterUserPassword": "The master password for the DB instance.\n\n> If you specify the `SourceDBClusterIdentifier` , `SnapshotIdentifier` , or `GlobalClusterIdentifier` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. \n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", "MasterUserSecret": "The secret managed by RDS in AWS Secrets Manager for the master user password.\n\n> When you restore a DB cluster from a snapshot, Amazon RDS generates a new secret instead of reusing the secret specified in the `SecretArn` property. This ensures that the restored DB cluster is securely managed with a dedicated secret. To maintain consistent integration with your application, you might need to update resource configurations to reference the newly created secret. \n\nFor more information, see [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide* and [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/rds-secrets-manager.html) in the *Amazon Aurora User Guide.*", "MasterUsername": "The name of the master user for the DB cluster.\n\n> If you specify the `SourceDBClusterIdentifier` , `SnapshotIdentifier` , or `GlobalClusterIdentifier` property, don't specify this property. The value is inherited from the source DB cluster, the snapshot, or the primary DB cluster for the global database cluster, respectively. \n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", @@ -45212,7 +46192,7 @@ "Port": "The port number on which the DB instances in the DB cluster accept connections.\n\nDefault:\n\n- When `EngineMode` is `provisioned` , `3306` (for both Aurora MySQL and Aurora PostgreSQL)\n- When `EngineMode` is `serverless` :\n\n- `3306` when `Engine` is `aurora` or `aurora-mysql`\n- `5432` when `Engine` is `aurora-postgresql`\n\n> The `No interruption` on update behavior only applies to DB clusters. If you are updating a DB instance, see [Port](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-rds-database-instance.html#cfn-rds-dbinstance-port) for the AWS::RDS::DBInstance resource. \n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", "PreferredBackupWindow": "The daily time range during which automated backups are created. For more information, see [Backup Window](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/Aurora.Managing.Backups.html#Aurora.Managing.Backups.BackupWindow) in the *Amazon Aurora User Guide.*\n\nConstraints:\n\n- Must be in the format `hh24:mi-hh24:mi` .\n- Must be in Universal Coordinated Time (UTC).\n- Must not conflict with the preferred maintenance window.\n- Must be at least 30 minutes.\n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", "PreferredMaintenanceWindow": "The weekly time range during which system maintenance can occur, in Universal Coordinated Time (UTC).\n\nFormat: `ddd:hh24:mi-ddd:hh24:mi`\n\nThe default is a 30-minute window selected at random from an 8-hour block of time for each AWS Region, occurring on a random day of the week. To see the time blocks available, see [Maintaining an Amazon Aurora DB cluster](https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_UpgradeDBInstance.Maintenance.html#AdjustingTheMaintenanceWindow.Aurora) in the *Amazon Aurora User Guide.*\n\nValid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun.\n\nConstraints: Minimum 30-minute window.\n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", - "PubliclyAccessible": "Specifies whether the DB cluster is publicly accessible.\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nDefault: The default behavior varies depending on whether `DBSubnetGroupName` is specified.\n\nIf `DBSubnetGroupName` isn't specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the default VPC in the target Region doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.\n\nIf `DBSubnetGroupName` is specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the subnets are part of a VPC that doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.", + "PubliclyAccessible": "Specifies whether the DB cluster is publicly accessible.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its domain name system (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is controlled by its security group settings.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nThe default behavior when `PubliclyAccessible` is not specified depends on whether a `DBSubnetGroup` is specified.\n\nIf `DBSubnetGroup` isn't specified, `PubliclyAccessible` defaults to `true` .\n\nIf `DBSubnetGroup` is specified, `PubliclyAccessible` defaults to `false` unless the value of `DBSubnetGroup` is `default` , in which case `PubliclyAccessible` defaults to `true` .\n\nIf `PubliclyAccessible` is true and the VPC that the `DBSubnetGroup` is in doesn't have an internet gateway attached to it, Amazon RDS returns an error.", "ReplicationSourceIdentifier": "The Amazon Resource Name (ARN) of the source DB instance or DB cluster if this DB cluster is created as a read replica.\n\nValid for: Aurora DB clusters only", "RestoreToTime": "The date and time to restore the DB cluster to.\n\nValid Values: Value must be a time in Universal Coordinated Time (UTC) format\n\nConstraints:\n\n- Must be before the latest restorable time for the DB instance\n- Must be specified if `UseLatestRestorableTime` parameter isn't provided\n- Can't be specified if the `UseLatestRestorableTime` parameter is enabled\n- Can't be specified if the `RestoreType` parameter is `copy-on-write`\n\nThis property must be used with `SourceDBClusterIdentifier` property. The resulting cluster will have the identifier that matches the value of the `DBclusterIdentifier` property.\n\nExample: `2015-03-07T23:45:00Z`\n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", "RestoreType": "The type of restore to be performed. You can specify one of the following values:\n\n- `full-copy` - The new DB cluster is restored as a full copy of the source DB cluster.\n- `copy-on-write` - The new DB cluster is restored as a clone of the source DB cluster.\n\nIf you don't specify a `RestoreType` value, then the new DB cluster is restored as a full copy of the source DB cluster.\n\nValid for: Aurora DB clusters and Multi-AZ DB clusters", @@ -45318,6 +46298,7 @@ "KmsKeyId": "The ARN of the AWS KMS key that's used to encrypt the DB instance, such as `arn:aws:kms:us-east-1:012345678910:key/abcd1234-a123-456a-a12b-a123b4cd56ef` . If you enable the StorageEncrypted property but don't specify this property, AWS CloudFormation uses the default KMS key. If you specify this property, you must set the StorageEncrypted property to true.\n\nIf you specify the `SourceDBInstanceIdentifier` or `SourceDbiResourceId` property, don't specify this property. The value is inherited from the source DB instance, and if the DB instance is encrypted, the specified `KmsKeyId` property is used. However, if the source DB instance is in a different AWS Region, you must specify a KMS key ID.\n\nIf you specify the `SourceDBInstanceAutomatedBackupsArn` property, don't specify this property. The value is inherited from the source DB instance automated backup, and if the automated backup is encrypted, the specified `KmsKeyId` property is used.\n\nIf you create an encrypted read replica in a different AWS Region, then you must specify a KMS key for the destination AWS Region. KMS encryption keys are specific to the region that they're created in, and you can't use encryption keys from one region in another region.\n\nIf you specify the `DBSnapshotIdentifier` property, don't specify this property. The `StorageEncrypted` property value is inherited from the snapshot. If the DB instance is encrypted, the specified `KmsKeyId` property is also inherited from the snapshot.\n\nIf you specify `DBSecurityGroups` , AWS CloudFormation ignores this property. To specify both a security group and this property, you must use a VPC security group. For more information about Amazon RDS and VPC, see [Using Amazon RDS with Amazon VPC](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_VPC.html) in the *Amazon RDS User Guide* .\n\n*Amazon Aurora*\n\nNot applicable. The KMS key identifier is managed by the DB cluster.", "LicenseModel": "License model information for this DB instance.\n\nValid Values:\n\n- Aurora MySQL - `general-public-license`\n- Aurora PostgreSQL - `postgresql-license`\n- RDS for Db2 - `bring-your-own-license` . For more information about RDS for Db2 licensing, see [](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/db2-licensing.html) in the *Amazon RDS User Guide.*\n- RDS for MariaDB - `general-public-license`\n- RDS for Microsoft SQL Server - `license-included`\n- RDS for MySQL - `general-public-license`\n- RDS for Oracle - `bring-your-own-license` or `license-included`\n- RDS for PostgreSQL - `postgresql-license`\n\n> If you've specified `DBSecurityGroups` and then you update the license model, AWS CloudFormation replaces the underlying DB instance. This will incur some interruptions to database availability.", "ManageMasterUserPassword": "Specifies whether to manage the master user password with AWS Secrets Manager.\n\nFor more information, see [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*\n\nConstraints:\n\n- Can't manage the master user password with AWS Secrets Manager if `MasterUserPassword` is specified.", + "MasterUserAuthenticationType": "Specifies the authentication type for the master user. With IAM master user authentication, you can configure the master DB user with IAM database authentication when you create a DB instance.\n\nYou can specify one of the following values:\n\n- `password` - Use standard database authentication with a password.\n- `iam-db-auth` - Use IAM database authentication for the master user.\n\nThis option is only valid for RDS for MySQL, RDS for MariaDB, RDS for PostgreSQL, Aurora MySQL, and Aurora PostgreSQL engines.", "MasterUserPassword": "The password for the master user. The password can include any printable ASCII character except \"/\", \"\"\", or \"@\".\n\n*Amazon Aurora*\n\nNot applicable. The password for the master user is managed by the DB cluster.\n\n*RDS for Db2*\n\nMust contain from 8 to 255 characters.\n\n*RDS for MariaDB*\n\nConstraints: Must contain from 8 to 41 characters.\n\n*RDS for Microsoft SQL Server*\n\nConstraints: Must contain from 8 to 128 characters.\n\n*RDS for MySQL*\n\nConstraints: Must contain from 8 to 41 characters.\n\n*RDS for Oracle*\n\nConstraints: Must contain from 8 to 30 characters.\n\n*RDS for PostgreSQL*\n\nConstraints: Must contain from 8 to 128 characters.", "MasterUserSecret": "The secret managed by RDS in AWS Secrets Manager for the master user password.\n\nFor more information, see [Password management with AWS Secrets Manager](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/rds-secrets-manager.html) in the *Amazon RDS User Guide.*", "MasterUsername": "The master user name for the DB instance.\n\n> If you specify the `SourceDBInstanceIdentifier` or `DBSnapshotIdentifier` property, don't specify this property. The value is inherited from the source DB instance or snapshot.\n> \n> When migrating a self-managed Db2 database, we recommend that you use the same master username as your self-managed Db2 instance name. \n\n*Amazon Aurora*\n\nNot applicable. The name for the master user is managed by the DB cluster.\n\n*RDS for Db2*\n\nConstraints:\n\n- Must be 1 to 16 letters or numbers.\n- First character must be a letter.\n- Can't be a reserved word for the chosen database engine.\n\n*RDS for MariaDB*\n\nConstraints:\n\n- Must be 1 to 16 letters or numbers.\n- Can't be a reserved word for the chosen database engine.\n\n*RDS for Microsoft SQL Server*\n\nConstraints:\n\n- Must be 1 to 128 letters or numbers.\n- First character must be a letter.\n- Can't be a reserved word for the chosen database engine.\n\n*RDS for MySQL*\n\nConstraints:\n\n- Must be 1 to 16 letters or numbers.\n- First character must be a letter.\n- Can't be a reserved word for the chosen database engine.\n\n*RDS for Oracle*\n\nConstraints:\n\n- Must be 1 to 30 letters or numbers.\n- First character must be a letter.\n- Can't be a reserved word for the chosen database engine.\n\n*RDS for PostgreSQL*\n\nConstraints:\n\n- Must be 1 to 63 letters or numbers.\n- First character must be a letter.\n- Can't be a reserved word for the chosen database engine.", @@ -45398,11 +46379,14 @@ "Auth": "The authorization mechanism that the proxy uses.", "DBProxyName": "The identifier for the proxy. This name must be unique for all proxies owned by your AWS account in the specified AWS Region . An identifier must begin with a letter and must contain only ASCII letters, digits, and hyphens; it can't end with a hyphen or contain two consecutive hyphens.", "DebugLogging": "Specifies whether the proxy logs detailed connection and query information. When you enable `DebugLogging` , the proxy captures connection details and connection pool behavior from your queries. Debug logging increases CloudWatch costs and can impact proxy performance. Enable this option only when you need to troubleshoot connection or performance issues.", + "DefaultAuthScheme": "The default authentication scheme that the proxy uses for client connections to the proxy and connections from the proxy to the underlying database. Valid values are `NONE` and `IAM_AUTH` . When set to `IAM_AUTH` , the proxy uses end-to-end IAM authentication to connect to the database.", + "EndpointNetworkType": "The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.\n\nValid values:\n\n- `IPV4` - The proxy endpoint supports IPv4 only.\n- `IPV6` - The proxy endpoint supports IPv6 only.\n- `DUAL` - The proxy endpoint supports both IPv4 and IPv6.", "EngineFamily": "The kinds of databases that the proxy can connect to. This value determines which database network protocol the proxy recognizes when it interprets network traffic to and from the database. For Aurora MySQL, RDS for MariaDB, and RDS for MySQL databases, specify `MYSQL` . For Aurora PostgreSQL and RDS for PostgreSQL databases, specify `POSTGRESQL` . For RDS for Microsoft SQL Server, specify `SQLSERVER` .", "IdleClientTimeout": "The number of seconds that a connection to the proxy can be inactive before the proxy disconnects it. You can set this value higher or lower than the connection timeout limit for the associated database.", "RequireTLS": "Specifies whether Transport Layer Security (TLS) encryption is required for connections to the proxy. By enabling this setting, you can enforce encrypted TLS connections to the proxy.", "RoleArn": "The Amazon Resource Name (ARN) of the IAM role that the proxy uses to access secrets in AWS Secrets Manager.", "Tags": "An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy.", + "TargetConnectionNetworkType": "The network type that the proxy uses to connect to the target database. The network type determines the IP version that the proxy uses for connections to the database.\n\nValid values:\n\n- `IPV4` - The proxy connects to the database using IPv4 only.\n- `IPV6` - The proxy connects to the database using IPv6 only.", "VpcSecurityGroupIds": "One or more VPC security group IDs to associate with the new proxy.\n\nIf you plan to update the resource, don't specify VPC security groups in a shared VPC.", "VpcSubnetIds": "One or more VPC subnet IDs to associate with the new proxy." }, @@ -45420,6 +46404,7 @@ "AWS::RDS::DBProxyEndpoint": { "DBProxyEndpointName": "The name of the DB proxy endpoint to create.", "DBProxyName": "The name of the DB proxy associated with the DB proxy endpoint that you create.", + "EndpointNetworkType": "The network type of the DB proxy endpoint. The network type determines the IP version that the proxy endpoint supports.\n\nValid values:\n\n- `IPV4` - The proxy endpoint supports IPv4 only.\n- `IPV6` - The proxy endpoint supports IPv6 only.\n- `DUAL` - The proxy endpoint supports both IPv4 and IPv6.", "Tags": "An optional set of key-value pairs to associate arbitrary data of your choosing with the proxy.", "TargetRole": "A value that indicates whether the DB proxy endpoint can be used for read/write or read-only operations.", "VpcSecurityGroupIds": "The VPC security group IDs for the DB proxy endpoint that you create. You can specify a different set of security group IDs than for the original DB proxy. The default is the default security group for the VPC.", @@ -46348,16 +47333,16 @@ "AlarmIdentifier": "A complex type that identifies the CloudWatch alarm that you want Amazon Route 53 health checkers to use to determine whether the specified health check is healthy.", "ChildHealthChecks": "(CALCULATED Health Checks Only) A complex type that contains one `ChildHealthCheck` element for each health check that you want to associate with a `CALCULATED` health check.", "EnableSNI": "Specify whether you want Amazon Route 53 to send the value of `FullyQualifiedDomainName` to the endpoint in the `client_hello` message during TLS negotiation. This allows the endpoint to respond to `HTTPS` health check requests with the applicable SSL/TLS certificate.\n\nSome endpoints require that `HTTPS` requests include the host name in the `client_hello` message. If you don't enable SNI, the status of the health check will be `SSL alert handshake_failure` . A health check can also have that status for other reasons. If SNI is enabled and you're still getting the error, check the SSL/TLS configuration on your endpoint and confirm that your certificate is valid.\n\nThe SSL/TLS certificate on your endpoint includes a domain name in the `Common Name` field and possibly several more in the `Subject Alternative Names` field. One of the domain names in the certificate should match the value that you specify for `FullyQualifiedDomainName` . If the endpoint responds to the `client_hello` message with a certificate that does not include the domain name that you specified in `FullyQualifiedDomainName` , a health checker will retry the handshake. In the second attempt, the health checker will omit `FullyQualifiedDomainName` from the `client_hello` message.", - "FailureThreshold": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\nIf you don't specify a value for `FailureThreshold` , the default value is three health checks.", + "FailureThreshold": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\n`FailureThreshold` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\nOtherwise, if you don't specify a value for `FailureThreshold` , the default value is three health checks.", "FullyQualifiedDomainName": "Amazon Route 53 behavior depends on whether you specify a value for `IPAddress` .\n\n*If you specify a value for* `IPAddress` :\n\nAmazon Route 53 sends health check requests to the specified IPv4 or IPv6 address and passes the value of `FullyQualifiedDomainName` in the `Host` header for all health checks except TCP health checks. This is typically the fully qualified DNS name of the endpoint on which you want Route 53 to perform health checks.\n\nWhen Route 53 checks the health of an endpoint, here is how it constructs the `Host` header:\n\n- If you specify a value of `80` for `Port` and `HTTP` or `HTTP_STR_MATCH` for `Type` , Route 53 passes the value of `FullyQualifiedDomainName` to the endpoint in the Host header.\n- If you specify a value of `443` for `Port` and `HTTPS` or `HTTPS_STR_MATCH` for `Type` , Route 53 passes the value of `FullyQualifiedDomainName` to the endpoint in the `Host` header.\n- If you specify another value for `Port` and any value except `TCP` for `Type` , Route 53 passes `FullyQualifiedDomainName:Port` to the endpoint in the `Host` header.\n\nIf you don't specify a value for `FullyQualifiedDomainName` , Route 53 substitutes the value of `IPAddress` in the `Host` header in each of the preceding cases.\n\n*If you don't specify a value for `IPAddress`* :\n\nRoute 53 sends a DNS request to the domain that you specify for `FullyQualifiedDomainName` at the interval that you specify for `RequestInterval` . Using an IPv4 address that DNS returns, Route 53 then checks the health of the endpoint.\n\n> If you don't specify a value for `IPAddress` , Route 53 uses only IPv4 to send health checks to the endpoint. If there's no record with a type of A for the name that you specify for `FullyQualifiedDomainName` , the health check fails with a \"DNS resolution failed\" error. \n\nIf you want to check the health of multiple records that have the same name and type, such as multiple weighted records, and if you choose to specify the endpoint only by `FullyQualifiedDomainName` , we recommend that you create a separate health check for each endpoint. For example, create a health check for each HTTP server that is serving content for www.example.com. For the value of `FullyQualifiedDomainName` , specify the domain name of the server (such as us-east-2-www.example.com), not the name of the records (www.example.com).\n\n> In this configuration, if you create a health check for which the value of `FullyQualifiedDomainName` matches the name of the records and you then associate the health check with those records, health check results will be unpredictable. \n\nIn addition, if the value that you specify for `Type` is `HTTP` , `HTTPS` , `HTTP_STR_MATCH` , or `HTTPS_STR_MATCH` , Route 53 passes the value of `FullyQualifiedDomainName` in the `Host` header, as it does when you specify a value for `IPAddress` . If the value of `Type` is `TCP` , Route 53 doesn't pass a `Host` header.", "HealthThreshold": "The number of child health checks that are associated with a `CALCULATED` health check that Amazon Route 53 must consider healthy for the `CALCULATED` health check to be considered healthy. To specify the child health checks that you want to associate with a `CALCULATED` health check, use the [ChildHealthChecks](https://docs.aws.amazon.com/Route53/latest/APIReference/API_UpdateHealthCheck.html#Route53-UpdateHealthCheck-request-ChildHealthChecks) element.\n\nNote the following:\n\n- If you specify a number greater than the number of child health checks, Route 53 always considers this health check to be unhealthy.\n- If you specify `0` , Route 53 always considers this health check to be healthy.", "IPAddress": "The IPv4 or IPv6 IP address of the endpoint that you want Amazon Route 53 to perform health checks on. If you don't specify a value for `IPAddress` , Route 53 sends a DNS request to resolve the domain name that you specify in `FullyQualifiedDomainName` at the interval that you specify in `RequestInterval` . Using an IP address returned by DNS, Route 53 then checks the health of the endpoint.\n\nUse one of the following formats for the value of `IPAddress` :\n\n- *IPv4 address* : four values between 0 and 255, separated by periods (.), for example, `192.0.2.44` .\n- *IPv6 address* : eight groups of four hexadecimal values, separated by colons (:), for example, `2001:0db8:85a3:0000:0000:abcd:0001:2345` . You can also shorten IPv6 addresses as described in RFC 5952, for example, `2001:db8:85a3::abcd:1:2345` .\n\nIf the endpoint is an EC2 instance, we recommend that you create an Elastic IP address, associate it with your EC2 instance, and specify the Elastic IP address for `IPAddress` . This ensures that the IP address of your instance will never change.\n\nFor more information, see [FullyQualifiedDomainName](https://docs.aws.amazon.com/Route53/latest/APIReference/API_UpdateHealthCheck.html#Route53-UpdateHealthCheck-request-FullyQualifiedDomainName) .\n\nConstraints: Route 53 can't check the health of endpoints for which the IP address is in local, private, non-routable, or multicast ranges. For more information about IP addresses for which you can't create health checks, see the following documents:\n\n- [RFC 5735, Special Use IPv4 Addresses](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5735)\n- [RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc6598)\n- [RFC 5156, Special-Use IPv6 Addresses](https://docs.aws.amazon.com/https://tools.ietf.org/html/rfc5156)\n\nWhen the value of `Type` is `CALCULATED` or `CLOUDWATCH_METRIC` , omit `IPAddress` .", "InsufficientDataHealthStatus": "When CloudWatch has insufficient data about the metric to determine the alarm state, the status that you want Amazon Route 53 to assign to the health check:\n\n- `Healthy` : Route 53 considers the health check to be healthy.\n- `Unhealthy` : Route 53 considers the health check to be unhealthy.\n- `LastKnownStatus` : Route 53 uses the status of the health check from the last time that CloudWatch had sufficient data to determine the alarm state. For new health checks that have no last known status, the default status for the health check is healthy.", "Inverted": "Specify whether you want Amazon Route 53 to invert the status of a health check, for example, to consider a health check unhealthy when it otherwise would be considered healthy.", - "MeasureLatency": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n> You can't change the value of `MeasureLatency` after you create a health check.", + "MeasureLatency": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n`MeasureLatency` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `MeasureLatency` after you create a health check.", "Port": "The port on the endpoint that you want Amazon Route 53 to perform health checks on.\n\n> Don't specify a value for `Port` when you specify a value for [Type](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-route53-healthcheck-healthcheckconfig.html#cfn-route53-healthcheck-healthcheckconfig-type) of `CLOUDWATCH_METRIC` or `CALCULATED` .", "Regions": "A complex type that contains one `Region` element for each region from which you want Amazon Route 53 health checkers to check the specified endpoint.\n\nIf you don't specify any regions, Route 53 health checkers automatically performs checks from all of the regions that are listed under *Valid Values* .\n\nIf you update a health check to remove a region that has been performing health checks, Route 53 will briefly continue to perform checks from that region to ensure that some health checkers are always checking the endpoint (for example, if you replace three regions with four different regions).", - "RequestInterval": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", + "RequestInterval": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n`RequestInterval` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", "ResourcePath": "The path, if any, that you want Amazon Route 53 to request when performing health checks. The path can be any value for which your endpoint will return an HTTP status code of 2xx or 3xx when the endpoint is healthy, for example, the file /docs/route53-health-check.html. You can also include query string parameters, for example, `/welcome.html?language=jp&login=y` .", "RoutingControlArn": "The Amazon Resource Name (ARN) for the Route 53 Application Recovery Controller routing control.\n\nFor more information about Route 53 Application Recovery Controller, see [Route 53 Application Recovery Controller Developer Guide.](https://docs.aws.amazon.com/r53recovery/latest/dg/what-is-route-53-recovery.html) .", "SearchString": "If the value of Type is `HTTP_STR_MATCH` or `HTTPS_STR_MATCH` , the string that you want Amazon Route 53 to search for in the response body from the specified resource. If the string appears in the response body, Route 53 considers the resource healthy.\n\nRoute 53 considers case when searching for `SearchString` in the response body.", @@ -46405,7 +47390,7 @@ "HostedZoneId": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", "HostedZoneName": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an AWS::Route53::RecordSet that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the HostedZoneName. If AWS CloudFormation cannot find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", "MultiValueAnswer": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", - "Name": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "Name": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "Region": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", "ResourceRecords": "One or more values that correspond with the value that you specified for the `Type` property. For example, if you specified `A` for `Type` , you specify one or more IP addresses in IPv4 format for `ResourceRecords` . For information about the format of values for each record type, see [Supported DNS Resource Record Types](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html) in the *Amazon Route 53 Developer Guide* .\n\nNote the following:\n\n- You can specify more than one value for all record types except CNAME and SOA.\n- The maximum length of a value is 4000 characters.\n- If you're creating an alias record, omit `ResourceRecords` .", "SetIdentifier": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", @@ -46415,7 +47400,7 @@ }, "AWS::Route53::RecordSet AliasTarget": { "DNSName": "*Alias records only:* The value that you specify depends on where you want to route queries:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the applicable domain name for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalDomainName` .\n- For edge-optimized APIs, specify the value of `distributionDomainName` . This is the name of the associated CloudFront distribution, such as `da1b2c3d4e5.cloudfront.net` .\n\n> The name of the record that you're creating must match a custom domain name for your API, such as `api.example.com` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Enter the API endpoint for the interface endpoint, such as `vpce-123456789abcdef01-example-us-east-1a.elasticloadbalancing.us-east-1.vpce.amazonaws.com` . For edge-optimized APIs, this is the domain name for the corresponding CloudFront distribution. You can get the value of `DnsName` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify the domain name that CloudFront assigned when you created your distribution.\n\nYour CloudFront distribution must include an alternate domain name that matches the name of the record. For example, if the name of the record is *acme.example.com* , your CloudFront distribution must include *acme.example.com* as one of the alternate domain names. For more information, see [Using Alternate Domain Names (CNAMEs)](https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html) in the *Amazon CloudFront Developer Guide* .\n\nYou can't create a record in a private hosted zone to route traffic to a CloudFront distribution.\n\n> For failover alias records, you can't specify a CloudFront distribution for both the primary and secondary records. A distribution must include an alternate domain name that matches the name of the record. However, the primary and secondary records have the same name, and you can't include the same alternate domain name in more than one distribution.\n- **Elastic Beanstalk environment** - If the domain name for your Elastic Beanstalk environment includes the region that you deployed the environment in, you can create an alias record that routes traffic to the environment. For example, the domain name `my-environment. *us-west-2* .elasticbeanstalk.com` is a regionalized domain name.\n\n> For environments that were created before early 2016, the domain name doesn't include the region. To route traffic to these environments, you must create a CNAME record instead of an alias record. Note that you can't create a CNAME record for the root domain name. For example, if your domain name is example.com, you can create a record that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you can't create a record that routes traffic for example.com to your Elastic Beanstalk environment. \n\nFor Elastic Beanstalk environments that have regionalized subdomains, specify the `CNAME` attribute for the environment. You can use the following methods to get the value of the CNAME attribute:\n\n- *AWS Management Console* : For information about how to get the value by using the console, see [Using Custom Domains with AWS Elastic Beanstalk](https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customdomains.html) in the *AWS Elastic Beanstalk Developer Guide* .\n- *Elastic Beanstalk API* : Use the `DescribeEnvironments` action to get the value of the `CNAME` attribute. For more information, see [DescribeEnvironments](https://docs.aws.amazon.com/elasticbeanstalk/latest/api/API_DescribeEnvironments.html) in the *AWS Elastic Beanstalk API Reference* .\n- *AWS CLI* : Use the `describe-environments` command to get the value of the `CNAME` attribute. For more information, see [describe-environments](https://docs.aws.amazon.com/cli/latest/reference/elasticbeanstalk/describe-environments.html) in the *AWS CLI* .\n- **ELB load balancer** - Specify the DNS name that is associated with the load balancer. Get the DNS name by using the AWS Management Console , the ELB API, or the AWS CLI .\n\n- *AWS Management Console* : Go to the EC2 page, choose *Load Balancers* in the navigation pane, choose the load balancer, choose the *Description* tab, and get the value of the *DNS name* field.\n\nIf you're routing traffic to a Classic Load Balancer, get the value that begins with *dualstack* . If you're routing traffic to another type of load balancer, get the value that applies to the record type, A or AAAA.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html)\n- Application and Network Load Balancers: [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html)\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the value of `DNSName` :\n\n- [Classic Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- [Application and Network Load Balancers](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the value of `DNSName` . For more information, see the applicable guide:\n\n- Classic Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html)\n- Application and Network Load Balancers: [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html)\n- **Global Accelerator accelerator** - Specify the DNS name for your accelerator:\n\n- *Global Accelerator API* : To get the DNS name, use [DescribeAccelerator](https://docs.aws.amazon.com/global-accelerator/latest/api/API_DescribeAccelerator.html) .\n- *AWS CLI* : To get the DNS name, use [describe-accelerator](https://docs.aws.amazon.com/cli/latest/reference/globalaccelerator/describe-accelerator.html) .\n- **Amazon S3 bucket that is configured as a static website** - Specify the domain name of the Amazon S3 website endpoint that you created the bucket in, for example, `s3-website.us-east-2.amazonaws.com` . For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* . For more information about using S3 buckets for websites, see [Getting Started with Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/getting-started.html) in the *Amazon Route 53 Developer Guide.*\n- **Another Route 53 record** - Specify the value of the `Name` element for a record in the current hosted zone.\n\n> If you're creating an alias record that has the same name as the hosted zone (known as the zone apex), you can't specify the domain name for a record for which the value of `Type` is `CNAME` . This is because the alias record must have the same type as the record that you're routing traffic to, and creating a CNAME record for the zone apex isn't supported even for an alias record.", - "EvaluateTargetHealth": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", + "EvaluateTargetHealth": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **API Gateway APIs** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an API Gateway API. However, because API Gateway is highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket. However, because S3 buckets are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **VPC interface endpoints** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is a VPC interface endpoint. However, because VPC interface endpoints are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\n> While `EvaluateTargetHealth` can be set to `true` for highly available AWS services (such as S3 buckets, VPC interface endpoints, and API Gateway), these services are designed for high availability and rarely experience outages that would be detected by this feature. For failover scenarios with these services, consider using [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) that monitor your application's ability to access the service instead. \n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", "HostedZoneId": "*Alias resource records sets only* : The value used depends on where you want to route traffic:\n\n- **Amazon API Gateway custom regional APIs and edge-optimized APIs** - Specify the hosted zone ID for your API. You can get the applicable value using the AWS CLI command [get-domain-names](https://docs.aws.amazon.com/cli/latest/reference/apigateway/get-domain-names.html) :\n\n- For regional APIs, specify the value of `regionalHostedZoneId` .\n- For edge-optimized APIs, specify the value of `distributionHostedZoneId` .\n- **Amazon Virtual Private Cloud interface VPC endpoint** - Specify the hosted zone ID for your interface endpoint. You can get the value of `HostedZoneId` using the AWS CLI command [describe-vpc-endpoints](https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-vpc-endpoints.html) .\n- **CloudFront distribution** - Specify `Z2FDTNDATAQYW2` . This is always the hosted zone ID when you create an alias record that routes traffic to a CloudFront distribution.\n\n> Alias records for CloudFront can't be created in a private zone.\n- **Elastic Beanstalk environment** - Specify the hosted zone ID for the region that you created the environment in. The environment must have a regionalized subdomain. For a list of regions and the corresponding hosted zone IDs, see [AWS Elastic Beanstalk endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/elasticbeanstalk.html) in the *Amazon Web Services General Reference* .\n- **ELB load balancer** - Specify the value of the hosted zone ID for the load balancer. Use the following methods to get the hosted zone ID:\n\n- [Service Endpoints](https://docs.aws.amazon.com/general/latest/gr/elb.html) table in the \"Elastic Load Balancing Endpoints and Quotas\" topic in the *Amazon Web Services General Reference* : Use the value that corresponds with the region that you created your load balancer in. Note that there are separate columns for Application and Classic Load Balancers and for Network Load Balancers.\n- *AWS Management Console* : Go to the Amazon EC2 page, choose *Load Balancers* in the navigation pane, select the load balancer, and get the value of the *Hosted zone* field on the *Description* tab.\n- *Elastic Load Balancing API* : Use `DescribeLoadBalancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/2012-06-01/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [DescribeLoadBalancers](https://docs.aws.amazon.com/elasticloadbalancing/latest/APIReference/API_DescribeLoadBalancers.html) to get the value of `CanonicalHostedZoneID` .\n- *CloudFormation Fn::GetAtt intrinsic function* : Use the [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html) intrinsic function to get the applicable value:\n\n- Classic Load Balancers: Get [CanonicalHostedZoneNameID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-elb.html#aws-properties-ec2-elb-return-values) .\n- Application and Network Load Balancers: Get [CanonicalHostedZoneID](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticloadbalancingv2-loadbalancer.html#aws-resource-elasticloadbalancingv2-loadbalancer-return-values) .\n- *AWS CLI* : Use `describe-load-balancers` to get the applicable value. For more information, see the applicable guide:\n\n- Classic Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elb/describe-load-balancers.html) to get the value of `CanonicalHostedZoneNameID` .\n- Application and Network Load Balancers: Use [describe-load-balancers](https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-load-balancers.html) to get the value of `CanonicalHostedZoneID` .\n- **Global Accelerator accelerator** - Specify `Z2BJ6XQ5FK7U4H` .\n- **An Amazon S3 bucket configured as a static website** - Specify the hosted zone ID for the region that you created the bucket in. For more information about valid values, see the table [Amazon S3 Website Endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html#s3_website_region_endpoints) in the *Amazon Web Services General Reference* .\n- **Another Route 53 record in your hosted zone** - Specify the hosted zone ID of your hosted zone. (An alias record can't reference a record in a different hosted zone.)" }, "AWS::Route53::RecordSet CidrRoutingConfig": { @@ -46477,7 +47462,7 @@ "HostedZoneId": "The ID of the hosted zone that you want to create records in.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .\n\nDo not provide the `HostedZoneId` if it is already defined in `AWS::Route53::RecordSetGroup` . The creation fails if `HostedZoneId` is defined in both.", "HostedZoneName": "The name of the hosted zone that you want to create records in. You must include a trailing dot (for example, `www.example.com.` ) as part of the `HostedZoneName` .\n\nWhen you create a stack using an `AWS::Route53::RecordSet` that specifies `HostedZoneName` , AWS CloudFormation attempts to find a hosted zone whose name matches the `HostedZoneName` . If AWS CloudFormation can't find a hosted zone with a matching domain name, or if there is more than one hosted zone with the specified domain name, AWS CloudFormation will not create the stack.\n\nSpecify either `HostedZoneName` or `HostedZoneId` , but not both. If you have multiple hosted zones with the same domain name, you must specify the hosted zone using `HostedZoneId` .", "MultiValueAnswer": "*Multivalue answer resource record sets only* : To route traffic approximately randomly to multiple resources, such as web servers, create one multivalue answer record for each resource and specify `true` for `MultiValueAnswer` . Note the following:\n\n- If you associate a health check with a multivalue answer resource record set, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.\n- If you don't associate a health check with a multivalue answer record, Route 53 always considers the record to be healthy.\n- Route 53 responds to DNS queries with up to eight healthy records; if you have eight or fewer healthy records, Route 53 responds to all DNS queries with all the healthy records.\n- If you have more than eight healthy records, Route 53 responds to different DNS resolvers with different combinations of healthy records.\n- When all records are unhealthy, Route 53 responds to DNS queries with up to eight unhealthy records.\n- If a resource becomes unavailable after a resolver caches a response, client software typically tries another of the IP addresses in the response.\n\nYou can't create multivalue answer alias records.", - "Name": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "Name": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "Region": "*Latency-based resource record sets only:* The Amazon EC2 Region where you created the resource that this resource record set refers to. The resource typically is an AWS resource, such as an EC2 instance or an ELB load balancer, and is referred to by an IP address or a DNS domain name, depending on the record type.\n\nWhen Amazon Route 53 receives a DNS query for a domain name and type for which you have created latency resource record sets, Route 53 selects the latency resource record set that has the lowest latency between the end user and the associated Amazon EC2 Region. Route 53 then returns the value that is associated with the selected resource record set.\n\nNote the following:\n\n- You can only specify one `ResourceRecord` per latency resource record set.\n- You can only create one latency resource record set for each Amazon EC2 Region.\n- You aren't required to create latency resource record sets for all Amazon EC2 Regions. Route 53 will choose the region with the best latency from among the regions that you create latency resource record sets for.\n- You can't create non-latency resource record sets that have the same values for the `Name` and `Type` elements as latency resource record sets.", "ResourceRecords": "Information about the records that you want to create. Each record should be in the format appropriate for the record type specified by the `Type` property. For information about different record types and their record formats, see [Values That You Specify When You Create or Edit Amazon Route 53 Records](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values.html) in the *Amazon Route 53 Developer Guide* .", "SetIdentifier": "*Resource record sets that have a routing policy other than simple:* An identifier that differentiates among multiple resource record sets that have the same combination of name and type, such as multiple weighted resource record sets named acme.example.com that have a type of A. In a group of resource record sets that have the same name and type, the value of `SetIdentifier` must be unique for each resource record set.\n\nFor information about routing policies, see [Choosing a Routing Policy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html) in the *Amazon Route 53 Developer Guide* .", @@ -46723,7 +47708,7 @@ "AWS::Route53Resolver::ResolverRule": { "DelegationRecord": "DNS queries with delegation records that point to this domain name are forwarded to resolvers on your network.", "DomainName": "DNS queries for this domain name are forwarded to the IP addresses that are specified in `TargetIps` . If a query matches multiple Resolver rules (example.com and www.example.com), the query is routed using the Resolver rule that contains the most specific domain name (www.example.com).", - "Name": "The name for the Resolver rule, which you specified when you created the Resolver rule.", + "Name": "The name for the Resolver rule, which you specified when you created the Resolver rule.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "ResolverEndpointId": "The ID of the endpoint that the rule is associated with.", "RuleType": "When you want to forward DNS queries for specified domain name to resolvers on your network, specify `FORWARD` or `DELEGATE` . If a query matches multiple Resolver rules (example.com and www.example.com), outbound DNS queries are routed using the Resolver rule that contains the most specific domain name (www.example.com).\n\nWhen you have a forwarding rule to forward DNS queries for a domain to your network and you want Resolver to process queries for a subdomain of that domain, specify `SYSTEM` .\n\nFor example, to forward DNS queries for example.com to resolvers on your network, you create a rule and specify `FORWARD` for `RuleType` . To then have Resolver process queries for apex.example.com, you create a rule and specify `SYSTEM` for `RuleType` .\n\nCurrently, only Resolver can create rules that have a value of `RECURSIVE` for `RuleType` .", "Tags": "Tags help organize and categorize your Resolver rules. Each tag consists of a key and an optional value, both of which you define.", @@ -46741,7 +47726,7 @@ "ServerNameIndication": "The Server Name Indication of the DoH server that you want to forward queries to. This is only used if the Protocol of the `TargetAddress` is `DoH` ." }, "AWS::Route53Resolver::ResolverRuleAssociation": { - "Name": "The name of an association between a Resolver rule and a VPC.", + "Name": "The name of an association between a Resolver rule and a VPC.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "ResolverRuleId": "The ID of the Resolver rule that you associated with the VPC that is specified by `VPCId` .", "VPCId": "The ID of the VPC that you associated the Resolver rule with." }, @@ -46867,7 +47852,7 @@ "Years": "The number of years that you want to specify for the default retention period. If Object Lock is turned on, you must specify `Mode` and specify either `Days` or `Years` ." }, "AWS::S3::Bucket DeleteMarkerReplication": { - "Status": "Indicates whether to replicate delete markers. Disabled by default." + "Status": "Indicates whether to replicate delete markers." }, "AWS::S3::Bucket Destination": { "BucketAccountId": "The account ID that owns the destination S3 bucket. If no account ID is provided, the owner is not validated before exporting data.\n\n> Although this value is optional, we strongly recommend that you set it to help prevent problems if the destination bucket ownership changes.", @@ -47374,7 +48359,7 @@ }, "AWS::S3ObjectLambda::AccessPoint": { "Name": "The name of this access point.", - "ObjectLambdaConfiguration": "A configuration used when creating an Object Lambda Access Point." + "ObjectLambdaConfiguration": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nA configuration used when creating an Object Lambda Access Point." }, "AWS::S3ObjectLambda::AccessPoint Alias": { "Status": "The status of the Object Lambda Access Point alias. If the status is `PROVISIONING` , the Object Lambda Access Point is provisioning the alias and the alias is not ready for use yet. If the status is `READY` , the Object Lambda Access Point alias is successfully provisioned and ready for use.", @@ -47404,7 +48389,7 @@ "ContentTransformation": "A container for the content transformation of an Object Lambda Access Point configuration. Can include the FunctionArn and FunctionPayload. For more information, see [AwsLambdaTransformation](https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_AwsLambdaTransformation.html) in the *Amazon S3 API Reference* ." }, "AWS::S3ObjectLambda::AccessPointPolicy": { - "ObjectLambdaAccessPoint": "An access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", + "ObjectLambdaAccessPoint": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nAn access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", "PolicyDocument": "Object Lambda Access Point resource policy document." }, "AWS::S3Outposts::AccessPoint": { @@ -48042,6 +49027,142 @@ "AWS::SES::VdmAttributes GuardianAttributes": { "OptimizedSharedDelivery": "Specifies the status of your VDM optimized shared delivery. Can be one of the following:\n\n- `ENABLED` \u2013 Amazon SES enables optimized shared delivery for your account.\n- `DISABLED` \u2013 Amazon SES disables optimized shared delivery for your account." }, + "AWS::SMSVOICE::ConfigurationSet": { + "ConfigurationSetName": "The name of the ConfigurationSet.", + "DefaultSenderId": "The default sender ID used by the ConfigurationSet.", + "EventDestinations": "An array of EventDestination objects that describe any events to log and where to log them.", + "MessageFeedbackEnabled": "Set to true to enable feedback for the message.", + "ProtectConfigurationId": "The unique identifier for the protect configuration.", + "Tags": "An array of key and value pair tags that's associated with the new configuration set." + }, + "AWS::SMSVOICE::ConfigurationSet CloudWatchLogsDestination": { + "IamRoleArn": "The Amazon Resource Name (ARN) of an AWS Identity and Access Management role that is able to write event data to an Amazon CloudWatch destination.", + "LogGroupArn": "The name of the Amazon CloudWatch log group that you want to record events in." + }, + "AWS::SMSVOICE::ConfigurationSet EventDestination": { + "CloudWatchLogsDestination": "An object that contains information about an event destination that sends logging events to Amazon CloudWatch logs.", + "Enabled": "When set to true events will be logged.", + "EventDestinationName": "The name of the EventDestination.", + "KinesisFirehoseDestination": "An object that contains information about an event destination for logging to Amazon Data Firehose.", + "MatchingEventTypes": "An array of event types that determine which events to log.\n\n> The `TEXT_SENT` event type is not supported.", + "SnsDestination": "An object that contains information about an event destination that sends logging events to Amazon SNS." + }, + "AWS::SMSVOICE::ConfigurationSet KinesisFirehoseDestination": { + "DeliveryStreamArn": "The Amazon Resource Name (ARN) of the delivery stream.", + "IamRoleArn": "The ARN of an AWS Identity and Access Management role that is able to write event data to an Amazon Data Firehose destination." + }, + "AWS::SMSVOICE::ConfigurationSet SnsDestination": { + "TopicArn": "The Amazon Resource Name (ARN) of the Amazon SNS topic that you want to publish events to." + }, + "AWS::SMSVOICE::ConfigurationSet Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, + "AWS::SMSVOICE::OptOutList": { + "OptOutListName": "The name of the OptOutList.", + "Tags": "An array of tags (key and value pairs) to associate with the new OptOutList." + }, + "AWS::SMSVOICE::OptOutList Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, + "AWS::SMSVOICE::PhoneNumber": { + "DeletionProtectionEnabled": "By default this is set to false. When set to true the phone number can't be deleted.", + "IsoCountryCode": "The two-character code, in ISO 3166-1 alpha-2 format, for the country or region.", + "MandatoryKeywords": "Creates or updates a `MandatoryKeyword` configuration on an origination phone number For more information, see [Keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords.html) in the End User Messaging User Guide.", + "NumberCapabilities": "Indicates if the phone number will be used for text messages, voice messages, or both.", + "NumberType": "The type of phone number to request.\n\n> The `ShortCode` number type is not supported in AWS CloudFormation .", + "OptOutListName": "The name of the OptOutList associated with the phone number.", + "OptionalKeywords": "A keyword is a word that you can search for on a particular phone number or pool. It is also a specific word or phrase that an end user can send to your number to elicit a response, such as an informational message or a special offer. When your number receives a message that begins with a keyword, End User Messaging responds with a customizable message. Optional keywords are differentiated from mandatory keywords. For more information, see [Keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords.html) in the End User Messaging User Guide.", + "SelfManagedOptOutsEnabled": "When set to false and an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User Messaging automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out request. For more information see [Self-managed opt-outs](https://docs.aws.amazon.com/sms-voice/latest/userguide/opt-out-list-self-managed.html)", + "Tags": "An array of tags (key and value pairs) to associate with the requested phone number.", + "TwoWay": "Describes the two-way SMS configuration for a phone number. For more information, see [Two-way SMS messaging](https://docs.aws.amazon.com/sms-voice/latest/userguide/two-way-sms.html) in the End User Messaging User Guide." + }, + "AWS::SMSVOICE::PhoneNumber MandatoryKeyword": { + "Message": "The message associated with the keyword." + }, + "AWS::SMSVOICE::PhoneNumber MandatoryKeywords": { + "HELP": "Specifies the `HELP` keyword that customers use to obtain customer support for this phone number. For more information, see [Keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords.html) in the End User Messaging User Guide.", + "STOP": "Specifies the `STOP` keyword that customers use to opt out of receiving messages from this phone number. For more information, see [Required opt-out keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords-required.html) in the End User Messaging User Guide." + }, + "AWS::SMSVOICE::PhoneNumber OptionalKeyword": { + "Action": "The action to perform when the keyword is used.", + "Keyword": "The new keyword to add.", + "Message": "The message associated with the keyword." + }, + "AWS::SMSVOICE::PhoneNumber Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, + "AWS::SMSVOICE::PhoneNumber TwoWay": { + "ChannelArn": "The Amazon Resource Name (ARN) of the two way channel.", + "ChannelRole": "An optional IAM Role Arn for a service to assume, to be able to post inbound SMS messages.", + "Enabled": "By default this is set to false. When set to true you can receive incoming text messages from your end recipients using the TwoWayChannelArn." + }, + "AWS::SMSVOICE::Pool": { + "DeletionProtectionEnabled": "When set to true the pool can't be deleted.", + "MandatoryKeywords": "Creates or updates the pool's `MandatoryKeyword` configuration. For more information, see [Keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords.html) in the End User Messaging User Guide.", + "OptOutListName": "The name of the OptOutList associated with the pool.", + "OptionalKeywords": "Specifies any optional keywords to associate with the pool. For more information, see [Keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords.html) in the End User Messaging User Guide.", + "OriginationIdentities": "The list of origination identities to apply to the pool, either `PhoneNumberArn` or `SenderIdArn` . For more information, see [Registrations](https://docs.aws.amazon.com/sms-voice/latest/userguide/registrations.html) in the End User Messaging User Guide.\n\n> If you are using a shared End User Messaging resource then you must use the full Amazon Resource Name (ARN).", + "SelfManagedOptOutsEnabled": "When set to false, an end recipient sends a message that begins with HELP or STOP to one of your dedicated numbers, End User Messaging automatically replies with a customizable message and adds the end recipient to the OptOutList. When set to true you're responsible for responding to HELP and STOP requests. You're also responsible for tracking and honoring opt-out requests. For more information see [Self-managed opt-outs](https://docs.aws.amazon.com//pinpoint/latest/userguide/settings-sms-managing.html#settings-account-sms-self-managed-opt-out)", + "SharedRoutesEnabled": "Allows you to enable shared routes on your pool.\n\nBy default, this is set to `False` . If you set this value to `True` , your messages are sent using phone numbers or sender IDs (depending on the country) that are shared with other users. In some countries, such as the United States, senders aren't allowed to use shared routes and must use a dedicated phone number or short code.", + "Tags": "An array of tags (key and value pairs) associated with the pool.", + "TwoWay": "Describes the two-way SMS configuration for a phone number. For more information, see [Two-way SMS messaging](https://docs.aws.amazon.com/sms-voice/latest/userguide/two-way-sms.html) in the End User Messaging User Guide." + }, + "AWS::SMSVOICE::Pool MandatoryKeyword": { + "Message": "The message associated with the keyword." + }, + "AWS::SMSVOICE::Pool MandatoryKeywords": { + "HELP": "Specifies the pool's `HELP` keyword. For more information, see [Opt out list required keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/opt-out-list-keywords.html) in the End User Messaging User Guide.", + "STOP": "Specifies the pool's opt-out keyword. For more information, see [Required opt-out keywords](https://docs.aws.amazon.com/sms-voice/latest/userguide/keywords-required.html) in the End User Messaging User Guide." + }, + "AWS::SMSVOICE::Pool OptionalKeyword": { + "Action": "The action to perform when the keyword is used.", + "Keyword": "The new keyword to add.", + "Message": "The message associated with the keyword." + }, + "AWS::SMSVOICE::Pool Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, + "AWS::SMSVOICE::Pool TwoWay": { + "ChannelArn": "The Amazon Resource Name (ARN) of the two way channel.", + "ChannelRole": "An optional IAM Role Arn for a service to assume, to be able to post inbound SMS messages.", + "Enabled": "By default this is set to false. When set to true you can receive incoming text messages from your end recipients using the TwoWayChannelArn." + }, + "AWS::SMSVOICE::ProtectConfiguration": { + "CountryRuleSet": "The set of `CountryRules` you specify to control which countries End User Messaging can send your messages to.", + "DeletionProtectionEnabled": "The status of deletion protection for the protect configuration. When set to true deletion protection is enabled. By default this is set to false.", + "Tags": "An array of key and value pair tags that are associated with the resource." + }, + "AWS::SMSVOICE::ProtectConfiguration CountryRule": { + "CountryCode": "The two-character code, in ISO 3166-1 alpha-2 format, for the country or region.", + "ProtectStatus": "The types of protection that can be used." + }, + "AWS::SMSVOICE::ProtectConfiguration CountryRuleSet": { + "MMS": "The set of `CountryRule` s to control which destination countries End User Messaging can send your MMS messages to.", + "SMS": "The set of `CountryRule` s to control which destination countries End User Messaging can send your SMS messages to.", + "VOICE": "The set of `CountryRule` s to control which destination countries End User Messaging can send your VOICE messages to." + }, + "AWS::SMSVOICE::ProtectConfiguration Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, + "AWS::SMSVOICE::ResourcePolicy": { + "PolicyDocument": "The JSON formatted resource-based policy to attach.", + "ResourceArn": "The Amazon Resource Name (ARN) of the End User Messaging resource attached to the resource-based policy." + }, + "AWS::SMSVOICE::SenderId": { + "DeletionProtectionEnabled": "By default this is set to false. When set to true the sender ID can't be deleted.", + "IsoCountryCode": "The two-character code, in ISO 3166-1 alpha-2 format, for the country or region.", + "SenderId": "The sender ID string to request.", + "Tags": "An array of tags (key and value pairs) to associate with the sender ID." + }, + "AWS::SMSVOICE::SenderId Tag": { + "Key": "The key identifier, or name, of the tag.", + "Value": "The string value associated with the key of the tag." + }, "AWS::SNS::Subscription": { "DeliveryPolicy": "The delivery policy JSON assigned to the subscription. Enables the subscriber to define the message delivery retry strategy in the case of an HTTP/S endpoint subscribed to the topic. For more information, see `[GetSubscriptionAttributes](https://docs.aws.amazon.com/sns/latest/api/API_GetSubscriptionAttributes.html)` in the *Amazon SNS API Reference* and [Message delivery retries](https://docs.aws.amazon.com/sns/latest/dg/sns-message-delivery-retries.html) in the *Amazon SNS Developer Guide* .", "Endpoint": "The subscription's endpoint. The endpoint value depends on the protocol that you specify. For more information, see the `Endpoint` parameter of the `[Subscribe](https://docs.aws.amazon.com/sns/latest/api/API_Subscribe.html)` action in the *Amazon SNS API Reference* .", @@ -48314,8 +49435,8 @@ "Products": "The specific operating system versions a patch repository applies to, such as \"Ubuntu16.04\", \"RedhatEnterpriseLinux7.2\" or \"Suse12.7\". For lists of supported product values, see [PatchFilter](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_PatchFilter.html) in the *AWS Systems Manager API Reference* ." }, "AWS::SSM::PatchBaseline Rule": { - "ApproveAfterDays": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", - "ApproveUntilDate": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2024-12-31` .\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "ApproveAfterDays": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by `7` is `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "ApproveUntilDate": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2025-11-16` .\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", "ComplianceLevel": "A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: `UNSPECIFIED` , `CRITICAL` , `HIGH` , `MEDIUM` , `LOW` , and `INFORMATIONAL` .", "EnableNonSecurity": "For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is `false` . Applies to Linux managed nodes only.", "PatchFilterGroup": "The patch filter group that defines the criteria for the rule." @@ -48551,7 +49672,7 @@ "AWS::SSMQuickSetup::ConfigurationManager ConfigurationDefinition": { "LocalDeploymentAdministrationRoleArn": "The ARN of the IAM role used to administrate local configuration deployments.\n\n> Although this element is listed as \"Required: No\", a value can be omitted only for organizational deployments of types other than `AWSQuickSetupType-PatchPolicy` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.", "LocalDeploymentExecutionRoleName": "The name of the IAM role used to deploy local configurations.\n\n> Although this element is listed as \"Required: No\", a value can be omitted only for organizational deployments of types other than `AWSQuickSetupType-PatchPolicy` . A value must be provided when you are running an organizational deployment for a patch policy or running any type of deployment for a single account.", - "Parameters": "The parameters for the configuration definition type. Parameters for configuration definitions vary based the configuration type. The following lists outline the parameters for each configuration type.\n\n- **AWS Config Recording (Type: AWS QuickSetupType-CFGRecording)** - - `RecordAllResources`\n\n- Description: (Optional) A boolean value that determines whether all supported resources are recorded. The default value is \" `true` \".\n- `ResourceTypesToRecord`\n\n- Description: (Optional) A comma separated list of resource types you want to record.\n- `RecordGlobalResourceTypes`\n\n- Description: (Optional) A boolean value that determines whether global resources are recorded with all resource configurations. The default value is \" `false` \".\n- `GlobalResourceTypesRegion`\n\n- Description: (Optional) Determines the AWS Region where global resources are recorded.\n- `UseCustomBucket`\n\n- Description: (Optional) A boolean value that determines whether a custom Amazon S3 bucket is used for delivery. The default value is \" `false` \".\n- `DeliveryBucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want AWS Config to deliver configuration snapshots and configuration history files to.\n- `DeliveryBucketPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `NotificationOptions`\n\n- Description: (Optional) Determines the notification configuration for the recorder. The valid values are `NoStreaming` , `UseExistingTopic` , and `CreateTopic` . The default value is `NoStreaming` .\n- `CustomDeliveryTopicAccountId`\n\n- Description: (Optional) The ID of the AWS account where the Amazon SNS topic you want to use for notifications resides. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `CustomDeliveryTopicName`\n\n- Description: (Optional) The name of the Amazon SNS topic you want to use for notifications. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(7 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Change Manager (Type: AWS QuickSetupType-SSMChangeMgr)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `JobFunction`\n\n- Description: (Required) The name for the Change Manager job function.\n- `PermissionType`\n\n- Description: (Optional) Specifies whether you want to use default administrator permissions for the job function role, or provide a custom IAM policy. The valid values are `CustomPermissions` and `AdminPermissions` . The default value for the parameter is `CustomerPermissions` .\n- `CustomPermissions`\n\n- Description: (Optional) A JSON string containing the IAM policy you want your job function to use. You must provide a value for this parameter if you specify `CustomPermissions` for the `PermissionType` parameter.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Conformance Packs (Type: AWS QuickSetupType-CFGCPacks)** - - `DelegatedAccountId`\n\n- Description: (Optional) The ID of the delegated administrator account. This parameter is required for Organization deployments.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `none` \".\n- `CPackNames`\n\n- Description: (Required) A comma separated list of AWS Config conformance packs.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Default Host Management Configuration (Type: AWS QuickSetupType-DHMC)** - - `UpdateSSMAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **DevOps\u00a0Guru (Type: AWS QuickSetupType-DevOpsGuru)** - - `AnalyseAllResources`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru analyzes all AWS CloudFormation stacks in the account. The default value is \" `false` \".\n- `EnableSnsNotifications`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru sends notifications when an insight is created. The default value is \" `true` \".\n- `EnableSsmOpsItems`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru creates an OpsCenter OpsItem when an insight is created. The default value is \" `true` \".\n- `EnableDriftRemediation`\n\n- Description: (Optional) A boolean value that determines whether a drift remediation schedule is used. The default value is \" `false` \".\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Distributor (Type: AWS QuickSetupType-Distributor)** - - `PackagesToInstall`\n\n- Description: (Required) A comma separated list of packages you want to install on the target instances. The valid values are `AWSEFSTools` , `AWSCWAgent` , and `AWSEC2LaunchAgent` .\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `rate(30 days)` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Host Management (Type: AWS QuickSetupType-SSMHostMgmt)** - - `UpdateSSMAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `UpdateEc2LaunchAgent`\n\n- Description: (Optional) A boolean value that determines whether the EC2 Launch agent is updated on the target instances every month. The default value is \" `false` \".\n- `CollectInventory`\n\n- Description: (Optional) A boolean value that determines whether instance metadata is collected on the target instances every 30 minutes. The default value is \" `true` \".\n- `ScanInstances`\n\n- Description: (Optional) A boolean value that determines whether the target instances are scanned daily for available patches. The default value is \" `true` \".\n- `InstallCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is installed on the target instances. The default value is \" `false` \".\n- `UpdateCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is updated on the target instances every month. The default value is \" `false` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Optional) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Optional) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Optional) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **OpsCenter (Type: AWS QuickSetupType-SSMOpsCenter)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Patch Policy (Type: AWS QuickSetupType-PatchPolicy)** - - `PatchPolicyName`\n\n- Description: (Required) A name for the patch policy. The value you provide is applied to target Amazon EC2 instances as a tag.\n- `SelectedPatchBaselines`\n\n- Description: (Required) An array of JSON objects containing the information for the patch baselines to include in your patch policy.\n- `PatchBaselineUseDefault`\n\n- Description: (Optional) A value that determines whether the selected patch baselines are all AWS provided. Supported values are `default` and `custom` .\n- `PatchBaselineRegion`\n\n- Description: (Required) The AWS Region where the patch baseline exist.\n- `ConfigurationOptionsPatchOperation`\n\n- Description: (Optional) Determines whether target instances scan for available patches, or scan and install available patches. The valid values are `Scan` and `ScanAndInstall` . The default value for the parameter is `Scan` .\n- `ConfigurationOptionsScanValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances scan for available patches.\n- `ConfigurationOptionsInstallValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances install available patches.\n- `ConfigurationOptionsScanNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `ConfigurationOptionsInstallNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `RebootOption`\n\n- Description: (Optional) Determines whether instances are rebooted after patches are installed. Valid values are `RebootIfNeeded` and `NoReboot` .\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `OutputLogEnableS3`\n\n- Description: (Optional) A boolean value that determines whether command output logs are sent to Amazon S3.\n- `OutputS3Location`\n\n- Description: (Optional) Information about the Amazon S3 bucket where you want to store the output details of the request.\n\n- `OutputBucketRegion`\n\n- Description: (Optional) The AWS Region where the Amazon S3 bucket you want to deliver command output to is located.\n- `OutputS3BucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want to deliver command output to.\n- `OutputS3KeyPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Explorer (Type: AWS QuickSetupType-ResourceExplorer)** - - `SelectedAggregatorRegion`\n\n- Description: (Required) The AWS Region where you want to create the aggregator index.\n- `ReplaceExistingAggregator`\n\n- Description: (Required) A boolean value that determines whether to demote an existing aggregator if it is in a Region that differs from the value you specify for the `SelectedAggregatorRegion` .\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Scheduler (Type: AWS QuickSetupType-Scheduler)** - - `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target.\n- `ICalendarString`\n\n- Description: (Required) An iCalendar formatted string containing the schedule you want Change Manager to use.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.", + "Parameters": "The parameters for the configuration definition type. Parameters for configuration definitions vary based the configuration type. The following lists outline the parameters for each configuration type.\n\n- **AWS Config Recording (Type: AWS QuickSetupType-CFGRecording)** - - `RecordAllResources`\n\n- Description: (Optional) A boolean value that determines whether all supported resources are recorded. The default value is \" `true` \".\n- `ResourceTypesToRecord`\n\n- Description: (Optional) A comma separated list of resource types you want to record.\n- `RecordGlobalResourceTypes`\n\n- Description: (Optional) A boolean value that determines whether global resources are recorded with all resource configurations. The default value is \" `false` \".\n- `GlobalResourceTypesRegion`\n\n- Description: (Optional) Determines the AWS Region where global resources are recorded.\n- `UseCustomBucket`\n\n- Description: (Optional) A boolean value that determines whether a custom Amazon S3 bucket is used for delivery. The default value is \" `false` \".\n- `DeliveryBucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want AWS Config to deliver configuration snapshots and configuration history files to.\n- `DeliveryBucketPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `NotificationOptions`\n\n- Description: (Optional) Determines the notification configuration for the recorder. The valid values are `NoStreaming` , `UseExistingTopic` , and `CreateTopic` . The default value is `NoStreaming` .\n- `CustomDeliveryTopicAccountId`\n\n- Description: (Optional) The ID of the AWS account where the Amazon SNS topic you want to use for notifications resides. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `CustomDeliveryTopicName`\n\n- Description: (Optional) The name of the Amazon SNS topic you want to use for notifications. You must specify a value for this parameter if you use the `UseExistingTopic` notification option.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(7 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Change Manager (Type: AWS QuickSetupType-SSMChangeMgr)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `JobFunction`\n\n- Description: (Required) The name for the Change Manager job function.\n- `PermissionType`\n\n- Description: (Optional) Specifies whether you want to use default administrator permissions for the job function role, or provide a custom IAM policy. The valid values are `CustomPermissions` and `AdminPermissions` . The default value for the parameter is `CustomerPermissions` .\n- `CustomPermissions`\n\n- Description: (Optional) A JSON string containing the IAM policy you want your job function to use. You must provide a value for this parameter if you specify `CustomPermissions` for the `PermissionType` parameter.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Conformance Packs (Type: AWS QuickSetupType-CFGCPacks)** - - `DelegatedAccountId`\n\n- Description: (Optional) The ID of the delegated administrator account. This parameter is required for Organization deployments.\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `none` \".\n- `CPackNames`\n\n- Description: (Required) A comma separated list of AWS Config conformance packs.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) The ID of the root of your Organization. This configuration type doesn't currently support choosing specific OUs. The configuration will be deployed to all the OUs in the Organization.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Default Host Management Configuration (Type: AWS QuickSetupType-DHMC)** - - `UpdateSsmAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **DevOps\u00a0Guru (Type: AWS QuickSetupType-DevOpsGuru)** - - `AnalyseAllResources`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru analyzes all AWS CloudFormation stacks in the account. The default value is \" `false` \".\n- `EnableSnsNotifications`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru sends notifications when an insight is created. The default value is \" `true` \".\n- `EnableSsmOpsItems`\n\n- Description: (Optional) A boolean value that determines whether DevOps\u00a0Guru creates an OpsCenter OpsItem when an insight is created. The default value is \" `true` \".\n- `EnableDriftRemediation`\n\n- Description: (Optional) A boolean value that determines whether a drift remediation schedule is used. The default value is \" `false` \".\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(1 days)` , and `none` . The default value is \" `none` \".\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Distributor (Type: AWS QuickSetupType-Distributor)** - - `PackagesToInstall`\n\n- Description: (Required) A comma separated list of packages you want to install on the target instances. The valid values are `AWSEFSTools` , `AWSCWAgent` , and `AWSEC2LaunchAgent` .\n- `RemediationSchedule`\n\n- Description: (Optional) A rate expression that defines the schedule for drift remediation. The valid values are `rate(30 days)` , `rate(14 days)` , `rate(2 days)` , and `none` . The default value is \" `rate(30 days)` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Host Management (Type: AWS QuickSetupType-SSMHostMgmt)** - - `UpdateSsmAgent`\n\n- Description: (Optional) A boolean value that determines whether the SSM Agent is updated on the target instances every 2 weeks. The default value is \" `true` \".\n- `UpdateEc2LaunchAgent`\n\n- Description: (Optional) A boolean value that determines whether the EC2 Launch agent is updated on the target instances every month. The default value is \" `false` \".\n- `CollectInventory`\n\n- Description: (Optional) A boolean value that determines whether instance metadata is collected on the target instances every 30 minutes. The default value is \" `true` \".\n- `ScanInstances`\n\n- Description: (Optional) A boolean value that determines whether the target instances are scanned daily for available patches. The default value is \" `true` \".\n- `InstallCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is installed on the target instances. The default value is \" `false` \".\n- `UpdateCloudWatchAgent`\n\n- Description: (Optional) A boolean value that determines whether the Amazon CloudWatch agent is updated on the target instances every month. The default value is \" `false` \".\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Optional) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Optional) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Optional) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **OpsCenter (Type: AWS QuickSetupType-SSMOpsCenter)** - - `DelegatedAccountId`\n\n- Description: (Required) The ID of the delegated administrator account.\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Patch Policy (Type: AWS QuickSetupType-PatchPolicy)** - - `PatchPolicyName`\n\n- Description: (Required) A name for the patch policy. The value you provide is applied to target Amazon EC2 instances as a tag.\n- `SelectedPatchBaselines`\n\n- Description: (Required) An array of JSON objects containing the information for the patch baselines to include in your patch policy.\n- `PatchBaselineUseDefault`\n\n- Description: (Optional) A value that determines whether the selected patch baselines are all AWS provided. Supported values are `default` and `custom` .\n- `PatchBaselineRegion`\n\n- Description: (Required) The AWS Region where the patch baseline exist.\n- `ConfigurationOptionsPatchOperation`\n\n- Description: (Optional) Determines whether target instances scan for available patches, or scan and install available patches. The valid values are `Scan` and `ScanAndInstall` . The default value for the parameter is `Scan` .\n- `ConfigurationOptionsScanValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances scan for available patches.\n- `ConfigurationOptionsInstallValue`\n\n- Description: (Optional) A cron expression that is used as the schedule for when instances install available patches.\n- `ConfigurationOptionsScanNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `ConfigurationOptionsInstallNextInterval`\n\n- Description: (Optional) A boolean value that determines whether instances should scan for available patches at the next cron interval. The default value is \" `false` \".\n- `RebootOption`\n\n- Description: (Optional) Determines whether instances are rebooted after patches are installed. Valid values are `RebootIfNeeded` and `NoReboot` .\n- `IsPolicyAttachAllowed`\n\n- Description: (Optional) A boolean value that determines whether Quick Setup attaches policies to instances profiles already associated with the target instances. The default value is \" `false` \".\n- `OutputLogEnableS3`\n\n- Description: (Optional) A boolean value that determines whether command output logs are sent to Amazon S3.\n- `OutputS3Location`\n\n- Description: (Optional) Information about the Amazon S3 bucket where you want to store the output details of the request.\n\n- `OutputBucketRegion`\n\n- Description: (Optional) The AWS Region where the Amazon S3 bucket you want to deliver command output to is located.\n- `OutputS3BucketName`\n\n- Description: (Optional) The name of the Amazon S3 bucket you want to deliver command output to.\n- `OutputS3KeyPrefix`\n\n- Description: (Optional) The key prefix you want to use in the custom Amazon S3 bucket.\n- `TargetType`\n\n- Description: (Optional) Determines how instances are targeted for local account deployments. Don't specify a value for this parameter if you're deploying to OUs. The valid values are `*` , `InstanceIds` , `ResourceGroups` , and `Tags` . Use `*` to target all instances in the account.\n- `TargetInstances`\n\n- Description: (Optional) A comma separated list of instance IDs. You must provide a value for this parameter if you specify `InstanceIds` for the `TargetType` parameter.\n- `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target. You must provide a value for this parameter if you specify `Tags` for the `TargetType` parameter.\n- `ResourceGroupName`\n\n- Description: (Required) The name of the resource group associated with the instances you want to target. You must provide a value for this parameter if you specify `ResourceGroups` for the `TargetType` parameter.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Explorer (Type: AWS QuickSetupType-ResourceExplorer)** - - `SelectedAggregatorRegion`\n\n- Description: (Required) The AWS Region where you want to create the aggregator index.\n- `ReplaceExistingAggregator`\n\n- Description: (Required) A boolean value that determines whether to demote an existing aggregator if it is in a Region that differs from the value you specify for the `SelectedAggregatorRegion` .\n- `TargetOrganizationalUnits`\n\n- Description: (Required) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.\n- **Resource Scheduler (Type: AWS QuickSetupType-Scheduler)** - - `TargetTagKey`\n\n- Description: (Required) The tag key assigned to the instances you want to target.\n- `TargetTagValue`\n\n- Description: (Required) The value of the tag key assigned to the instances you want to target.\n- `ICalendarString`\n\n- Description: (Required) An iCalendar formatted string containing the schedule you want Change Manager to use.\n- `TargetAccounts`\n\n- Description: (Optional) The ID of the AWS account initiating the configuration deployment. You only need to provide a value for this parameter if you want to deploy the configuration locally. A value must be provided for either `TargetAccounts` or `TargetOrganizationalUnits` .\n- `TargetOrganizationalUnits`\n\n- Description: (Optional) A comma separated list of organizational units (OUs) you want to deploy the configuration to.\n- `TargetRegions`\n\n- Description: (Required) A comma separated list of AWS Regions you want to deploy the configuration to.", "Type": "The type of the Quick Setup configuration.", "TypeVersion": "The version of the Quick Setup type used.", "id": "The ID of the configuration definition." @@ -48563,6 +49684,12 @@ "StatusMessage": "When applicable, returns an informational message relevant to the current status and status type of the status summary object. We don't recommend implementing parsing logic around this value since the messages returned can vary in format.", "StatusType": "The type of a status summary." }, + "AWS::SSMQuickSetup::LifecycleAutomation": { + "AutomationDocument": "The name of the SSM Automation document to execute in response to AWS CloudFormation lifecycle events (CREATE, UPDATE, DELETE).", + "AutomationParameters": "A map of key-value parameters passed to the Automation document during execution. Each parameter name maps to a list of values, even for single values. Parameters can include configuration-specific values for your automation workflow.", + "ResourceKey": "A unique identifier used for generating the SSM Association name. This ensures uniqueness when multiple lifecycle automation resources exist in the same stack.", + "Tags": "Tags applied to the underlying SSM Association created by this resource. Tags help identify and organize automation executions." + }, "AWS::SSO::Application": { "ApplicationProviderArn": "The ARN of the application provider for this application.", "Description": "The description of the application.", @@ -48699,13 +49826,16 @@ "Value": "The tag value." }, "AWS::SageMaker::Cluster": { + "AutoScaling": "", "ClusterName": "The name of the SageMaker HyperPod cluster.", + "ClusterRole": "", "InstanceGroups": "The instance groups of the SageMaker HyperPod cluster. To delete an instance group, remove it from the array.", "NodeProvisioningMode": "", "NodeRecovery": "Specifies whether to enable or disable the automatic node recovery feature of SageMaker HyperPod. Available values are `Automatic` for enabling and `None` for disabling.", "Orchestrator": "The orchestrator type for the SageMaker HyperPod cluster. Currently, `'eks'` is the only available option.", "RestrictedInstanceGroups": "", "Tags": "A tag object that consists of a key and an optional value, used to manage metadata for SageMaker AWS resources.\n\nYou can add tags to notebook instances, training jobs, hyperparameter tuning jobs, batch transform jobs, models, labeling jobs, work teams, endpoint configurations, and endpoints. For more information on adding tags to SageMaker resources, see [AddTags](https://docs.aws.amazon.com/sagemaker/latest/APIReference/API_AddTags.html) .\n\nFor more information on adding metadata to your AWS resources with tagging, see [Tagging AWS resources](https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html) . For advice on best practices for managing AWS resources with tagging, see [Tagging Best Practices: Implement an Effective AWS Resource Tagging Strategy](https://docs.aws.amazon.com/https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf) .", + "TieredStorageConfig": "", "VpcConfig": "Specifies an Amazon Virtual Private Cloud (VPC) that your SageMaker jobs, hosted models, and compute resources have access to. You can control access to and from your resources by configuring a VPC. For more information, see [Give SageMaker Access to Resources in your Amazon VPC](https://docs.aws.amazon.com/sagemaker/latest/dg/infrastructure-give-access.html) ." }, "AWS::SageMaker::Cluster AlarmDetails": { @@ -48715,7 +49845,13 @@ "Type": "Specifies whether SageMaker should process the update by amount or percentage of instances.", "Value": "Specifies the amount or percentage of instances SageMaker updates at a time." }, + "AWS::SageMaker::Cluster ClusterAutoScalingConfig": { + "AutoScalerType": "The type of autoscaler to use. Currently supported value is `Karpenter` .", + "Mode": "Describes whether autoscaling is enabled or disabled for the cluster. Valid values are `Enable` and `Disable` ." + }, "AWS::SageMaker::Cluster ClusterEbsVolumeConfig": { + "RootVolume": "Specifies whether the configuration is for the cluster's root or secondary Amazon EBS volume. You can specify two `ClusterEbsVolumeConfig` fields to configure both the root and secondary volumes. Set the value to `True` if you'd like to provide your own customer managed AWS KMS key to encrypt the root volume. When `True` :\n\n- The configuration is applied to the root volume.\n- You can't specify the `VolumeSizeInGB` field. The size of the root volume is determined for you.\n- You must specify a KMS key ID for `VolumeKmsKeyId` to encrypt the root volume with your own KMS key instead of an AWS owned KMS key.\n\nOtherwise, by default, the value is `False` , and the following applies:\n\n- The configuration is applied to the secondary volume, while the root volume is encrypted with an AWS owned key.\n- You must specify the `VolumeSizeInGB` field.\n- You can optionally specify the `VolumeKmsKeyId` to encrypt the secondary volume with your own KMS key instead of an AWS owned KMS key.", + "VolumeKmsKeyId": "The ID of a KMS key to encrypt the Amazon EBS volume.", "VolumeSizeInGB": "The size in gigabytes (GB) of the additional EBS volume to be attached to the instances in the SageMaker HyperPod cluster instance group. The additional EBS volume is attached to each instance within the SageMaker HyperPod cluster instance group and mounted to `/opt/sagemaker` ." }, "AWS::SageMaker::Cluster ClusterInstanceGroup": { @@ -48783,6 +49919,10 @@ "Key": "The tag key. Tag keys must be unique per resource.", "Value": "The tag value." }, + "AWS::SageMaker::Cluster TieredStorageConfig": { + "InstanceMemoryAllocationPercentage": "", + "Mode": "" + }, "AWS::SageMaker::Cluster VpcConfig": { "SecurityGroupIds": "The VPC security group IDs, in the form `sg-xxxxxxxx` . Specify the security groups for the VPC that is specified in the `Subnets` field.", "Subnets": "The ID of the subnets in the VPC to which you want to connect your training job or model. For information about the availability of specific instance types, see [Supported Instance Types and Availability Zones](https://docs.aws.amazon.com/sagemaker/latest/dg/instance-types-az.html) ." @@ -48994,6 +50134,7 @@ "AWS::SageMaker::Domain DomainSettings": { "DockerSettings": "A collection of settings that configure the domain's Docker interaction.", "ExecutionRoleIdentityConfig": "The configuration for attaching a SageMaker AI user profile name to the execution role as a [sts:SourceIdentity key](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_control-access_monitor.html) .", + "IpAddressType": "The IP address type for the domain. Specify `ipv4` for IPv4-only connectivity or `dualstack` for both IPv4 and IPv6 connectivity. When you specify `dualstack` , the subnet must support IPv6 CIDR blocks. If not specified, defaults to `ipv4` .", "RStudioServerProDomainSettings": "A collection of settings that configure the `RStudioServerPro` Domain-level app.", "SecurityGroupIds": "The security groups for the Amazon Virtual Private Cloud that the `Domain` uses for communication between Domain-level apps and user apps.", "UnifiedStudioSettings": "The settings that apply to an SageMaker AI domain when you use it in Amazon SageMaker Unified Studio." @@ -50914,7 +52055,7 @@ "MasterSecretKmsKeyArn": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the [alternating users strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key `aws/secretsmanager` . CloudFormation grants the execution role for the Lambda rotation function `Decrypt` , `DescribeKey` , and `GenerateDataKey` permission to the key in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou can specify `MasterSecretKmsKeyArn` or `SuperuserSecretKmsKeyArn` but not both. They represent the same superuser secret KMS key .", "RotationLambdaName": "The name of the Lambda rotation function.", "RotationType": "The rotation template to base the rotation function on, one of the following:\n\n- `Db2SingleUser` to use the template [SecretsManagerRDSDb2RotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-singleuser) .\n- `Db2MultiUser` to use the template [SecretsManagerRDSDb2RotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-db2-multiuser) .\n- `MySQLSingleUser` to use the template [SecretsManagerRDSMySQLRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-singleuser) .\n- `MySQLMultiUser` to use the template [SecretsManagerRDSMySQLRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mysql-multiuser) .\n- `PostgreSQLSingleUser` to use the template [SecretsManagerRDSPostgreSQLRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-singleuser)\n- `PostgreSQLMultiUser` to use the template [SecretsManagerRDSPostgreSQLRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-postgre-multiuser) .\n- `OracleSingleUser` to use the template [SecretsManagerRDSOracleRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-singleuser) .\n- `OracleMultiUser` to use the template [SecretsManagerRDSOracleRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-oracle-multiuser) .\n- `MariaDBSingleUser` to use the template [SecretsManagerRDSMariaDBRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-singleuser) .\n- `MariaDBMultiUser` to use the template [SecretsManagerRDSMariaDBRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mariadb-multiuser) .\n- `SQLServerSingleUser` to use the template [SecretsManagerRDSSQLServerRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-singleuser) .\n- `SQLServerMultiUser` to use the template [SecretsManagerRDSSQLServerRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-sqlserver-multiuser) .\n- `RedshiftSingleUser` to use the template [SecretsManagerRedshiftRotationSingleUsr](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-singleuser) .\n- `RedshiftMultiUser` to use the template [SecretsManagerRedshiftRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-redshift-multiuser) .\n- `MongoDBSingleUser` to use the template [SecretsManagerMongoDBRotationSingleUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-singleuser) .\n- `MongoDBMultiUser` to use the template [SecretsManagerMongoDBRotationMultiUser](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_available-rotation-templates.html#sar-template-mongodb-multiuser) .", - "Runtime": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "Runtime": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.10. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.10 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.10, enter *python3.10* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "SuperuserSecretArn": "The ARN of the secret that contains superuser credentials, if you use the [Alternating users rotation strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) . CloudFormation grants the execution role for the Lambda rotation function `GetSecretValue` permission to the secret in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou must create the superuser secret before you can set this property.\n\nYou must also include the superuser secret ARN as a key in the JSON of the rotating secret so that the Lambda rotation function can find it. CloudFormation does not hardcode secret ARNs in the Lambda rotation function, so you can use the function to rotate multiple secrets. For more information, see [JSON structure of Secrets Manager secrets](https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_secret_json_structure.html) .\n\nYou can specify `MasterSecretArn` or `SuperuserSecretArn` but not both. They represent the same superuser secret.", "SuperuserSecretKmsKeyArn": "The ARN of the KMS key that Secrets Manager used to encrypt the superuser secret, if you use the [alternating users strategy](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets_strategies.html#rotating-secrets-two-users) and the superuser secret is encrypted with a customer managed key. You don't need to specify this property if the superuser secret is encrypted using the key `aws/secretsmanager` . CloudFormation grants the execution role for the Lambda rotation function `Decrypt` , `DescribeKey` , and `GenerateDataKey` permission to the key in this property. For more information, see [Lambda rotation function execution role permissions for Secrets Manager](https://docs.aws.amazon.com/secretsmanager/latest/userguide/rotating-secrets-required-permissions-function.html) .\n\nYou can specify `MasterSecretKmsKeyArn` or `SuperuserSecretKmsKeyArn` but not both. They represent the same superuser secret KMS key .", "VpcSecurityGroupIds": "A comma-separated list of security group IDs applied to the target database.\n\nThe template applies the same security groups as on the Lambda rotation function that is created as part of this stack.", @@ -51910,7 +53051,7 @@ "AWS::Synthetics::Canary": { "ArtifactConfig": "A structure that contains the configuration for canary artifacts, including the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3.", "ArtifactS3Location": "The location in Amazon S3 where Synthetics stores artifacts from the runs of this canary. Artifacts include the log file, screenshots, and HAR files. Specify the full location path, including `s3://` at the beginning of the path.", - "BrowserConfigs": "", + "BrowserConfigs": "A structure that specifies the browser type to use for a canary run. CloudWatch Synthetics supports running canaries on both `CHROME` and `FIREFOX` browsers.\n\n> If not specified, `browserConfigs` defaults to Chrome.", "Code": "Use this structure to input your script code for the canary. This structure contains the Lambda handler with the location where the canary should start running the script. If the script is stored in an S3 bucket, the bucket name, key, and version are also included. If the script is passed into the canary directly, the script code is contained in the value of `Script` .", "DryRunAndUpdate": "Specifies whether to perform a dry run before updating the canary. If set to `true` , CloudFormation will execute a dry run to validate the changes before applying them to the canary. If the dry run succeeds, the canary will be updated with the changes. If the dry run fails, the CloudFormation deployment will fail with the dry run\u2019s failure reason.\n\nIf set to `false` or omitted, the canary will be updated directly without first performing a dry run. The default value is `false` .\n\nFor more information, see [Performing safe canary updates](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/performing-safe-canary-upgrades.html) .", "ExecutionRoleArn": "The ARN of the IAM role to be used to run the canary. This role must already exist, and must include `lambda.amazonaws.com` as a principal in the trust policy. The role must also have the following permissions:\n\n- `s3:PutObject`\n- `s3:GetBucketLocation`\n- `s3:ListAllMyBuckets`\n- `cloudwatch:PutMetricData`\n- `logs:CreateLogGroup`\n- `logs:CreateLogStream`\n- `logs:PutLogEvents`", @@ -51925,7 +53066,7 @@ "SuccessRetentionPeriod": "The number of days to retain data about successful runs of this canary. If you omit this field, the default of 31 days is used. The valid range is 1 to 455 days.\n\nThis setting affects the range of information returned by [GetCanaryRuns](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_GetCanaryRuns.html) , as well as the range of information displayed in the Synthetics console.", "Tags": "The list of key-value pairs that are associated with the canary.", "VPCConfig": "If this canary is to test an endpoint in a VPC, this structure contains information about the subnet and security groups of the VPC endpoint. For more information, see [Running a Canary in a VPC](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_Canaries_VPC.html) .", - "VisualReferences": "" + "VisualReferences": "A list of visual reference configurations for the canary, one for each browser type that the canary is configured to run on. Visual references are used for visual monitoring comparisons.\n\n`syn-nodejs-puppeteer-11.0` and above, and `syn-nodejs-playwright-3.0` and above, only supports `visualReferences` . `visualReference` field is not supported.\n\nVersions older than `syn-nodejs-puppeteer-11.0` supports both `visualReference` and `visualReferences` for backward compatibility. It is recommended to use `visualReferences` for consistency and future compatibility." }, "AWS::Synthetics::Canary ArtifactConfig": { "S3Encryption": "A structure that contains the configuration of the encryption-at-rest settings for artifacts that the canary uploads to Amazon S3 . Artifact encryption functionality is available only for canaries that use Synthetics runtime version syn-nodejs-puppeteer-3.3 or later. For more information, see [Encrypting canary artifacts](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Synthetics_artifact_encryption.html) ." @@ -51935,11 +53076,12 @@ "ScreenshotName": "The name of the screenshot. This is generated the first time the canary is run after the `UpdateCanary` operation that specified for this canary to perform visual monitoring." }, "AWS::Synthetics::Canary BrowserConfig": { - "BrowserType": "" + "BrowserType": "The browser type associated with this browser configuration." }, "AWS::Synthetics::Canary Code": { + "BlueprintTypes": "`BlueprintTypes` are a list of templates that enable simplified canary creation. You can create canaries for common monitoring scenarios by providing only a JSON configuration file instead of writing custom scripts. `multi-checks` is the only supported value.\n\nWhen you specify `BlueprintTypes` , the `Handler` field cannot be specified since the blueprint provides a pre-defined entry point.", "Dependencies": "", - "Handler": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .", + "Handler": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .\n\nThis field is required when you don't specify `BlueprintTypes` and is not allowed when you specify `BlueprintTypes` .", "S3Bucket": "If your canary script is located in S3, specify the bucket name here. The bucket must already exist.", "S3Key": "The Amazon S3 key of your script. For more information, see [Working with Amazon S3 Objects](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingObjects.html) .", "S3ObjectVersion": "The Amazon S3 version ID of your script.", @@ -51982,7 +53124,7 @@ "AWS::Synthetics::Canary VisualReference": { "BaseCanaryRunId": "Specifies which canary run to use the screenshots from as the baseline for future visual monitoring with this canary. Valid values are `nextrun` to use the screenshots from the next run after this update is made, `lastrun` to use the screenshots from the most recent run before this update was made, or the value of `Id` in the [CanaryRun](https://docs.aws.amazon.com/AmazonSynthetics/latest/APIReference/API_CanaryRun.html) from any past run of this canary.", "BaseScreenshots": "An array of screenshots that are used as the baseline for comparisons during visual monitoring.", - "BrowserType": "" + "BrowserType": "The browser type associated with this visual reference configuration. Valid values are `CHROME` and `FIREFOX` ." }, "AWS::Synthetics::Group": { "Name": "A name for the group. It can include any Unicode characters.\n\nThe names for all groups in your account, across all Regions, must be unique.", @@ -52204,7 +53346,7 @@ "SecurityPolicyName": "The text name of the security policy for the specified connector.", "SftpConfig": "A structure that contains the parameters for an SFTP connector object.", "Tags": "Key-value pairs that can be used to group and search for connectors.", - "Url": "The URL of the partner's AS2 or SFTP endpoint." + "Url": "The URL of the partner's AS2 or SFTP endpoint.\n\nWhen creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null." }, "AWS::Transfer::Connector As2Config": { "BasicAuthSecretId": "Provides Basic authentication support to the AS2 Connectors API. To use Basic authentication, you must provide the name or Amazon Resource Name (ARN) of a secret in AWS Secrets Manager .\n\nThe default value for this parameter is `null` , which indicates that Basic authentication is not enabled for the connector.\n\nIf the connector should use Basic authentication, the secret needs to be in the following format:\n\n`{ \"Username\": \"user-name\", \"Password\": \"user-password\" }`\n\nReplace `user-name` and `user-password` with the credentials for the actual user that is being authenticated.\n\nNote the following:\n\n- You are storing these credentials in Secrets Manager, *not passing them directly* into this API.\n- If you are using the API, SDKs, or CloudFormation to configure your connector, then you must create the secret before you can enable Basic authentication. However, if you are using the AWS management console, you can have the system create the secret for you.\n\nIf you have previously enabled Basic authentication for a connector, you can disable it by using the `UpdateConnector` API call. For example, if you are using the CLI, you can run the following command to remove Basic authentication:\n\n`update-connector --connector-id my-connector-id --as2-config 'BasicAuthSecretId=\"\"'`", @@ -52220,7 +53362,7 @@ }, "AWS::Transfer::Connector SftpConfig": { "MaxConcurrentConnections": "Specify the number of concurrent connections that your connector creates to the remote server. The default value is `1` . The maximum values is `5` .\n\n> If you are using the AWS Management Console , the default value is `5` . \n\nThis parameter specifies the number of active connections that your connector can establish with the remote server at the same time. Increasing this value can enhance connector performance when transferring large file batches by enabling parallel operations.", - "TrustedHostKeys": "The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key.\n\n> `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza... `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nWhen creating connectors with egress config (VPC_LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is `key-type key-body` without the host name. For example: `ssh-rsa AAAAB3Nza...`\n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza...`\n\nCopy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console.\n\nFor VPC Lattice type connectors (VPC_LATTICE), remove the hostname from the key and use only the `key-type key-body` format. In this example, it should be: `ssh-rsa AAAAB3Nza...`", "UserSecretId": "The identifier for the secret (in AWS Secrets Manager) that contains the SFTP user's private key, password, or both. The identifier must be the Amazon Resource Name (ARN) of the secret.\n\n> - Required when creating an SFTP connector\n> - Optional when updating an existing SFTP connector" }, "AWS::Transfer::Connector Tag": { @@ -52238,7 +53380,7 @@ "Value": "Contains one or more values that you assigned to the key name you create." }, "AWS::Transfer::Server": { - "Certificate": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", + "Certificate": "The Amazon Resource Name (ARN) of the Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", "Domain": "Specifies the domain of the storage system that is used for file transfers. There are two domains available: Amazon Simple Storage Service (Amazon S3) and Amazon Elastic File System (Amazon EFS). The default value is S3.", "EndpointDetails": "The virtual private cloud (VPC) endpoint settings that are configured for your server. When you host your endpoint within your VPC, you can make your endpoint accessible only to resources within your VPC, or you can attach Elastic IP addresses and make your endpoint accessible to clients over the internet. Your VPC's default security groups are automatically assigned to your endpoint.", "EndpointType": "The type of endpoint that you want your server to use. You can choose to make your server's endpoint publicly accessible (PUBLIC) or host it inside your VPC. With an endpoint that is hosted in a VPC, you can restrict access to your server and resources only within your VPC or choose to make it internet facing by attaching Elastic IP addresses directly to it.\n\n> After May 19, 2021, you won't be able to create a server using `EndpointType=VPC_ENDPOINT` in your AWS account if your account hasn't already done so before May 19, 2021. If you have already created servers with `EndpointType=VPC_ENDPOINT` in your AWS account on or before May 19, 2021, you will not be affected. After this date, use `EndpointType` = `VPC` .\n> \n> For more information, see [Discontinuing the use of VPC_ENDPOINT](https://docs.aws.amazon.com//transfer/latest/userguide/create-server-in-vpc.html#deprecate-vpc-endpoint) .\n> \n> It is recommended that you use `VPC` as the `EndpointType` . With this endpoint type, you have the option to directly associate up to three Elastic IPv4 addresses (BYO IP included) with your server's endpoint and use VPC security groups to restrict traffic by the client's public IP address. This is not possible with `EndpointType` set to `VPC_ENDPOINT` .", @@ -52249,7 +53391,7 @@ "PostAuthenticationLoginBanner": "Specifies a string to display when users connect to a server. This string is displayed after the user authenticates.\n\n> The SFTP protocol does not support post-authentication display banners.", "PreAuthenticationLoginBanner": "Specifies a string to display when users connect to a server. This string is displayed before the user authenticates. For example, the following banner displays details about using the system:\n\n`This system is for the use of authorized users only. Individuals using this computer system without authority, or in excess of their authority, are subject to having all of their activities on this system monitored and recorded by system personnel.`", "ProtocolDetails": "The protocol settings that are configured for your server.\n\n- To indicate passive mode (for FTP and FTPS protocols), use the `PassiveIp` parameter. Enter a single dotted-quad IPv4 address, such as the external IP address of a firewall, router, or load balancer.\n- To ignore the error that is generated when the client attempts to use the `SETSTAT` command on a file that you are uploading to an Amazon S3 bucket, use the `SetStatOption` parameter. To have the AWS Transfer Family server ignore the `SETSTAT` command and upload files without needing to make any changes to your SFTP client, set the value to `ENABLE_NO_OP` . If you set the `SetStatOption` parameter to `ENABLE_NO_OP` , Transfer Family generates a log entry to Amazon CloudWatch Logs, so that you can determine when the client is making a `SETSTAT` call.\n- To determine whether your AWS Transfer Family server resumes recent, negotiated sessions through a unique session ID, use the `TlsSessionResumptionMode` parameter.\n- `As2Transports` indicates the transport method for the AS2 messages. Currently, only HTTP is supported.\n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", - "Protocols": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", + "Protocols": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", "S3StorageOptions": "Specifies whether or not performance for your Amazon S3 directories is optimized.\n\n- If using the console, this is enabled by default.\n- If using the API or CLI, this is disabled by default.\n\nBy default, home directory mappings have a `TYPE` of `DIRECTORY` . If you enable this option, you would then need to explicitly set the `HomeDirectoryMapEntry` `Type` to `FILE` if you want a mapping to have a file target.", "SecurityPolicyName": "Specifies the name of the security policy for the server.", "StructuredLogDestinations": "Specifies the log groups to which your server logs are sent.\n\nTo specify a log group, you must provide the ARN for an existing log group. In this case, the format of the log group is as follows:\n\n`arn:aws:logs:region-name:amazon-account-id:log-group:log-group-name:*`\n\nFor example, `arn:aws:logs:us-east-1:111122223333:log-group:mytestgroup:*`\n\nIf you have previously specified a log group for a server, you can clear it, and in effect turn off structured logging, by providing an empty value for this parameter in an `update-server` call. For example:\n\n`update-server --server-id s-1234567890abcdef0 --structured-log-destinations`", @@ -52272,7 +53414,7 @@ }, "AWS::Transfer::Server ProtocolDetails": { "As2Transports": "List of `As2Transport` objects.", - "PassiveIp": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", + "PassiveIp": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) .\n> \n> Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting `TlsSessionResumptionMode = ENFORCED` . For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see [Avoid placing NLBs and NATs in front of AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", "SetStatOption": "Use the `SetStatOption` to ignore the error that is generated when the client attempts to use `SETSTAT` on a file you are uploading to an S3 bucket.\n\nSome SFTP file transfer clients can attempt to change the attributes of remote files, including timestamp and permissions, using commands, such as `SETSTAT` when uploading the file. However, these commands are not compatible with object storage systems, such as Amazon S3. Due to this incompatibility, file uploads from these clients can result in errors even when the file is otherwise successfully uploaded.\n\nSet the value to `ENABLE_NO_OP` to have the Transfer Family server ignore the `SETSTAT` command, and upload files without needing to make any changes to your SFTP client. While the `SetStatOption` `ENABLE_NO_OP` setting ignores the error, it does generate a log entry in Amazon CloudWatch Logs, so you can determine when the client is making a `SETSTAT` call.\n\n> If you want to preserve the original timestamp for your file, and modify other file attributes using `SETSTAT` , you can use Amazon EFS as backend storage with Transfer Family.", "TlsSessionResumptionMode": "A property used with Transfer Family servers that use the FTPS protocol. TLS Session Resumption provides a mechanism to resume or share a negotiated secret key between the control and data connection for an FTPS session. `TlsSessionResumptionMode` determines whether or not the server resumes recent, negotiated sessions through a unique session ID. This property is available during `CreateServer` and `UpdateServer` calls. If a `TlsSessionResumptionMode` value is not specified during `CreateServer` , it is set to `ENFORCED` by default.\n\n- `DISABLED` : the server does not process TLS session resumption client requests and creates a new TLS session for each request.\n- `ENABLED` : the server processes and accepts clients that are performing TLS session resumption. The server doesn't reject client data connections that do not perform the TLS session resumption client processing.\n- `ENFORCED` : the server processes and accepts clients that are performing TLS session resumption. The server rejects client data connections that do not perform the TLS session resumption client processing. Before you set the value to `ENFORCED` , test your clients.\n\n> Not all FTPS clients perform TLS session resumption. So, if you choose to enforce TLS session resumption, you prevent any connections from FTPS clients that don't perform the protocol negotiation. To determine whether or not you can use the `ENFORCED` value, you need to test your clients." }, @@ -52573,7 +53715,7 @@ }, "AWS::VpcLattice::ResourceGateway": { "IpAddressType": "The type of IP address used by the resource gateway.", - "Ipv4AddressesPerEni": "", + "Ipv4AddressesPerEni": "The number of IPv4 addresses in each ENI for the resource gateway.", "Name": "The name of the resource gateway.", "SecurityGroupIds": "The IDs of the security groups applied to the resource gateway.", "SubnetIds": "The IDs of the VPC subnets for the resource gateway.", diff --git a/schema_source/cloudformation.schema.json b/schema_source/cloudformation.schema.json index edeef21b9..a90540b59 100644 --- a/schema_source/cloudformation.schema.json +++ b/schema_source/cloudformation.schema.json @@ -1903,18 +1903,18 @@ "type": "string" }, "AutoMinorVersionUpgrade": { - "markdownDescription": "Enables automatic upgrades to new minor versions for brokers, as new broker engine versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window of the broker or after a manual broker reboot.", + "markdownDescription": "Enables automatic upgrades to new patch versions for brokers as new versions are released and supported by Amazon MQ. Automatic upgrades occur during the scheduled maintenance window or after a manual broker reboot. Set to `true` by default, if no value is specified.\n\n> Must be set to `true` for ActiveMQ brokers version 5.18 and above and for RabbitMQ brokers version 3.13 and above.", "title": "AutoMinorVersionUpgrade", "type": "boolean" }, "BrokerName": { - "markdownDescription": "The name of the broker. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including C CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", + "markdownDescription": "Required. The broker's name. This value must be unique in your AWS account , 1-50 characters long, must contain only letters, numbers, dashes, and underscores, and must not contain white spaces, brackets, wildcard characters, or special characters.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker names. Broker names are accessible to other AWS services, including CloudWatch Logs . Broker names are not intended to be used for private or sensitive data.", "title": "BrokerName", "type": "string" }, "Configuration": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.ConfigurationId", - "markdownDescription": "A list of information about the configuration. Does not apply to RabbitMQ brokers.", + "markdownDescription": "A list of information about the configuration.", "title": "Configuration" }, "DataReplicationMode": { @@ -1928,27 +1928,27 @@ "type": "string" }, "DeploymentMode": { - "markdownDescription": "The deployment mode of the broker. Available values:\n\n- `SINGLE_INSTANCE`\n- `ACTIVE_STANDBY_MULTI_AZ`\n- `CLUSTER_MULTI_AZ`", + "markdownDescription": "Required. The broker's deployment mode.", "title": "DeploymentMode", "type": "string" }, "EncryptionOptions": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.EncryptionOptions", - "markdownDescription": "Encryption options for the broker. Does not apply to RabbitMQ brokers.", + "markdownDescription": "Encryption options for the broker.", "title": "EncryptionOptions" }, "EngineType": { - "markdownDescription": "The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", + "markdownDescription": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", "title": "EngineType", "type": "string" }, "EngineVersion": { - "markdownDescription": "The version of the broker engine. For a list of supported engine versions, see [Engine](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html) in the *Amazon MQ Developer Guide* .", + "markdownDescription": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", "title": "EngineVersion", "type": "string" }, "HostInstanceType": { - "markdownDescription": "The broker's instance type.", + "markdownDescription": "Required. The broker's instance type.", "title": "HostInstanceType", "type": "string" }, @@ -1964,11 +1964,11 @@ }, "MaintenanceWindowStartTime": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.MaintenanceWindow", - "markdownDescription": "The scheduled time period relative to UTC during which Amazon MQ begins to apply pending updates or patches to the broker.", + "markdownDescription": "The parameters that determine the WeeklyStartTime.", "title": "MaintenanceWindowStartTime" }, "PubliclyAccessible": { - "markdownDescription": "Enables connections from applications outside of the VPC that hosts the broker's subnets.", + "markdownDescription": "Enables connections from applications outside of the VPC that hosts the broker's subnets. Set to `false` by default, if no value is provided.", "title": "PubliclyAccessible", "type": "boolean" }, @@ -1989,7 +1989,7 @@ "items": { "type": "string" }, - "markdownDescription": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ deployment (ACTIVEMQ) requires two subnets. A CLUSTER_MULTI_AZ deployment (RABBITMQ) has no subnet requirements when deployed with public accessibility, deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a shared VPC for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC enpoints in VPCs that are not owned by your AWS account .", + "markdownDescription": "The list of groups that define which subnets and IP ranges the broker can use from different Availability Zones. If you specify more than one subnet, the subnets must be in different Availability Zones. Amazon MQ will not be able to create VPC endpoints for your broker with multiple subnets in the same Availability Zone. A SINGLE_INSTANCE deployment requires one subnet (for example, the default subnet). An ACTIVE_STANDBY_MULTI_AZ Amazon MQ for ActiveMQ deployment requires two subnets. A CLUSTER_MULTI_AZ Amazon MQ for RabbitMQ deployment has no subnet requirements when deployed with public accessibility. Deployment without public accessibility requires at least one subnet.\n\n> If you specify subnets in a [shared VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html) for a RabbitMQ broker, the associated VPC to which the specified subnets belong must be owned by your AWS account . Amazon MQ will not be able to create VPC endpoints in VPCs that are not owned by your AWS account .", "title": "SubnetIds", "type": "array" }, @@ -1997,7 +1997,7 @@ "items": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.TagsEntry" }, - "markdownDescription": "An array of key-value pairs. For more information, see [Using Cost Allocation Tags](https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-alloc-tags.html) in the *Billing and Cost Management User Guide* .", + "markdownDescription": "Create tags when creating the broker.", "title": "Tags", "type": "array" }, @@ -2005,7 +2005,7 @@ "items": { "$ref": "#/definitions/AWS::AmazonMQ::Broker.User" }, - "markdownDescription": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent RabbitMQ users are created by via the RabbitMQ web console or by using the RabbitMQ management API.", + "markdownDescription": "The list of broker users (persons or applications) who can access queues and topics. For Amazon MQ for RabbitMQ brokers, one and only one administrative user is accepted and created when a broker is first provisioned. All subsequent broker users are created by making RabbitMQ API calls directly to brokers or via the RabbitMQ web console.\n\nWhen OAuth 2.0 is enabled, the broker accepts one or no users.", "title": "Users", "type": "array" } @@ -2047,7 +2047,7 @@ "additionalProperties": false, "properties": { "Id": { - "markdownDescription": "The unique ID that Amazon MQ generates for the configuration.", + "markdownDescription": "Required. The unique ID that Amazon MQ generates for the configuration.", "title": "Id", "type": "string" }, @@ -2089,57 +2089,57 @@ "items": { "type": "string" }, - "markdownDescription": "Specifies the location of the LDAP server such as AWS Directory Service for Microsoft Active Directory . Optional failover server.", + "markdownDescription": "", "title": "Hosts", "type": "array" }, "RoleBase": { - "markdownDescription": "The distinguished name of the node in the directory information tree (DIT) to search for roles or groups. For example, `ou=group` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "RoleBase", "type": "string" }, "RoleName": { - "markdownDescription": "The group name attribute in a role entry whose value is the name of that role. For example, you can specify `cn` for a group entry's common name. If authentication succeeds, then the user is assigned the the value of the `cn` attribute for each role entry that they are a member of.", + "markdownDescription": "", "title": "RoleName", "type": "string" }, "RoleSearchMatching": { - "markdownDescription": "The LDAP search filter used to find roles within the roleBase. The distinguished name of the user matched by userSearchMatching is substituted into the `{0}` placeholder in the search filter. The client's username is substituted into the `{1}` placeholder. For example, if you set this option to `(member=uid={1})` for the user janedoe, the search filter becomes `(member=uid=janedoe)` after string substitution. It matches all role entries that have a member attribute equal to `uid=janedoe` under the subtree selected by the `RoleBases` .", + "markdownDescription": "", "title": "RoleSearchMatching", "type": "string" }, "RoleSearchSubtree": { - "markdownDescription": "The directory search scope for the role. If set to true, scope is to search the entire subtree.", + "markdownDescription": "", "title": "RoleSearchSubtree", "type": "boolean" }, "ServiceAccountPassword": { - "markdownDescription": "Service account password. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "ServiceAccountPassword", "type": "string" }, "ServiceAccountUsername": { - "markdownDescription": "Service account username. A service account is an account in your LDAP server that has access to initiate a connection. For example, `cn=admin` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "ServiceAccountUsername", "type": "string" }, "UserBase": { - "markdownDescription": "Select a particular subtree of the directory information tree (DIT) to search for user entries. The subtree is specified by a DN, which specifies the base node of the subtree. For example, by setting this option to `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` , the search for user entries is restricted to the subtree beneath `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "UserBase", "type": "string" }, "UserRoleName": { - "markdownDescription": "The name of the LDAP attribute in the user's directory entry for the user's group membership. In some cases, user roles may be identified by the value of an attribute in the user's directory entry. The `UserRoleName` option allows you to provide the name of this attribute.", + "markdownDescription": "", "title": "UserRoleName", "type": "string" }, "UserSearchMatching": { - "markdownDescription": "The LDAP search filter used to find users within the `userBase` . The client's username is substituted into the `{0}` placeholder in the search filter. For example, if this option is set to `(uid={0})` and the received username is `janedoe` , the search filter becomes `(uid=janedoe)` after string substitution. It will result in matching an entry like `uid=janedoe` , `ou=Users` , `ou=corp` , `dc=corp` , `dc=example` , `dc=com` .", + "markdownDescription": "", "title": "UserSearchMatching", "type": "string" }, "UserSearchSubtree": { - "markdownDescription": "The directory search scope for the user. If set to true, scope is to search the entire subtree.", + "markdownDescription": "", "title": "UserSearchSubtree", "type": "boolean" } @@ -2175,12 +2175,12 @@ "additionalProperties": false, "properties": { "DayOfWeek": { - "markdownDescription": "The day of the week.", + "markdownDescription": "Required. The day of the week.", "title": "DayOfWeek", "type": "string" }, "TimeOfDay": { - "markdownDescription": "The time, in 24-hour format.", + "markdownDescription": "Required. The time, in 24-hour format.", "title": "TimeOfDay", "type": "string" }, @@ -2201,12 +2201,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The key in a key-value pair.", + "markdownDescription": "", "title": "Key", "type": "string" }, "Value": { - "markdownDescription": "The value in a key-value pair.", + "markdownDescription": "", "title": "Value", "type": "string" } @@ -2221,7 +2221,7 @@ "additionalProperties": false, "properties": { "ConsoleAccess": { - "markdownDescription": "Enables access to the ActiveMQ web console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", + "markdownDescription": "Enables access to the ActiveMQ Web Console for the ActiveMQ user. Does not apply to RabbitMQ brokers.", "title": "ConsoleAccess", "type": "boolean" }, @@ -2234,7 +2234,7 @@ "type": "array" }, "Password": { - "markdownDescription": "The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", + "markdownDescription": "Required. The password of the user. This value must be at least 12 characters long, must contain at least 4 unique characters, and must not contain commas, colons, or equal signs (,:=).", "title": "Password", "type": "string" }, @@ -2244,7 +2244,7 @@ "type": "boolean" }, "Username": { - "markdownDescription": "The username of the broker user. For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using guest as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data.", + "markdownDescription": "The username of the broker user. The following restrictions apply to broker usernames:\n\n- For Amazon MQ for ActiveMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 2-100 characters long.\n- For Amazon MQ for RabbitMQ brokers, this value can contain only alphanumeric characters, dashes, periods, underscores (- . _). This value must not contain a tilde (~) character. Amazon MQ prohibts using `guest` as a valid usename. This value must be 2-100 characters long.\n\n> Do not add personally identifiable information (PII) or other confidential or sensitive information in broker usernames. Broker usernames are accessible to other AWS services, including CloudWatch Logs . Broker usernames are not intended to be used for private or sensitive data.", "title": "Username", "type": "string" } @@ -2296,7 +2296,7 @@ "type": "string" }, "Data": { - "markdownDescription": "The base64-encoded XML configuration.", + "markdownDescription": "Amazon MQ for Active MQ: The base64-encoded XML configuration. Amazon MQ for RabbitMQ: the base64-encoded Cuttlefish configuration.", "title": "Data", "type": "string" }, @@ -2306,17 +2306,17 @@ "type": "string" }, "EngineType": { - "markdownDescription": "The type of broker engine. Note: Currently, Amazon MQ only supports ACTIVEMQ for creating and editing broker configurations.", + "markdownDescription": "Required. The type of broker engine. Currently, Amazon MQ supports `ACTIVEMQ` and `RABBITMQ` .", "title": "EngineType", "type": "string" }, "EngineVersion": { - "markdownDescription": "The version of the broker engine. For a list of supported engine versions, see [](https://docs.aws.amazon.com/amazon-mq/latest/developer-guide/broker-engine.html)", + "markdownDescription": "The broker engine version. Defaults to the latest available version for the specified broker engine type. For more information, see the [ActiveMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/activemq-version-management.html) and the [RabbitMQ version management](https://docs.aws.amazon.com//amazon-mq/latest/developer-guide/rabbitmq-version-management.html) sections in the Amazon MQ Developer Guide.", "title": "EngineVersion", "type": "string" }, "Name": { - "markdownDescription": "The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", + "markdownDescription": "Required. The name of the configuration. This value can contain only alphanumeric characters, dashes, periods, underscores, and tildes (- . _ ~). This value must be 1-150 characters long.", "title": "Name", "type": "string" }, @@ -2362,12 +2362,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "The key in a key-value pair.", + "markdownDescription": "", "title": "Key", "type": "string" }, "Value": { - "markdownDescription": "The value in a key-value pair.", + "markdownDescription": "", "title": "Value", "type": "string" } @@ -2414,13 +2414,13 @@ "additionalProperties": false, "properties": { "Broker": { - "markdownDescription": "The broker to associate with a configuration.", + "markdownDescription": "", "title": "Broker", "type": "string" }, "Configuration": { "$ref": "#/definitions/AWS::AmazonMQ::ConfigurationAssociation.ConfigurationId", - "markdownDescription": "The configuration to associate with a broker.", + "markdownDescription": "Returns information about all configurations.", "title": "Configuration" } }, @@ -2455,7 +2455,7 @@ "additionalProperties": false, "properties": { "Id": { - "markdownDescription": "The unique ID that Amazon MQ generates for the configuration.", + "markdownDescription": "Required. The unique ID that Amazon MQ generates for the configuration.", "title": "Id", "type": "string" }, @@ -3059,12 +3059,12 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for a custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", + "markdownDescription": "The Amazon resource name (ARN) for a custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", "title": "CertificateArn", "type": "string" }, "CertificateType": { - "markdownDescription": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "markdownDescription": "The type of SSL/TLS certificate that you want to use.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", "title": "CertificateType", "type": "string" }, @@ -3080,12 +3080,12 @@ "additionalProperties": false, "properties": { "CertificateType": { - "markdownDescription": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to AWS Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into AWS Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", + "markdownDescription": "The certificate type.\n\nSpecify `AMPLIFY_MANAGED` to use the default certificate that Amplify provisions for you.\n\nSpecify `CUSTOM` to use your own certificate that you have already added to Certificate Manager in your AWS account . Make sure you request (or import) the certificate in the US East (N. Virginia) Region (us-east-1). For more information about using ACM, see [Importing certificates into Certificate Manager](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *ACM User guide* .", "title": "CertificateType", "type": "string" }, "CustomCertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for the custom certificate that you have already added to AWS Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", + "markdownDescription": "The Amazon resource name (ARN) for the custom certificate that you have already added to Certificate Manager in your AWS account .\n\nThis field is required only when the certificate type is `CUSTOM` .", "title": "CustomCertificateArn", "type": "string" } @@ -5554,7 +5554,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.", "title": "CertificateArn", "type": "string" }, @@ -5579,7 +5579,7 @@ "type": "string" }, "RegionalCertificateArn": { - "markdownDescription": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. AWS Certificate Manager is the only supported source.", + "markdownDescription": "The reference to an AWS -managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.", "title": "RegionalCertificateArn", "type": "string" }, @@ -7950,7 +7950,7 @@ "type": "string" }, "OwnershipVerificationCertificateArn": { - "markdownDescription": "The Amazon resource name (ARN) for the public certificate issued by AWS Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", + "markdownDescription": "The Amazon resource name (ARN) for the public certificate issued by Certificate Manager . This ARN is used to validate custom domain ownership. It's required only if you configure mutual TLS and use either an ACM-imported or a private CA certificate ARN as the regionalCertificateArn.", "title": "OwnershipVerificationCertificateArn", "type": "string" }, @@ -14790,7 +14790,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayListenerTlsAcmCertificate", - "markdownDescription": "A reference to an object that represents an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15002,7 +15002,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualGateway.VirtualGatewayTlsValidationContextAcmTrust", - "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15526,7 +15526,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.ListenerTlsAcmCertificate", - "markdownDescription": "A reference to an object that represents an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -15817,7 +15817,7 @@ "properties": { "ACM": { "$ref": "#/definitions/AWS::AppMesh::VirtualNode.TlsValidationContextAcmTrust", - "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an AWS Certificate Manager certificate.", + "markdownDescription": "A reference to an object that represents a Transport Layer Security (TLS) validation context trust for an Certificate Manager certificate.", "title": "ACM" }, "File": { @@ -18086,7 +18086,7 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", + "markdownDescription": "The instance type to use when launching fleet instances. The following instance types are available for non-Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge\n\nThe following instance types are available for Elastic fleets:\n\n- stream.standard.small\n- stream.standard.medium", "title": "InstanceType", "type": "string" }, @@ -18332,7 +18332,7 @@ "type": "string" }, "InstanceType": { - "markdownDescription": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge", + "markdownDescription": "The instance type to use when launching the image builder. The following instance types are available:\n\n- stream.standard.small\n- stream.standard.medium\n- stream.standard.large\n- stream.compute.large\n- stream.compute.xlarge\n- stream.compute.2xlarge\n- stream.compute.4xlarge\n- stream.compute.8xlarge\n- stream.memory.large\n- stream.memory.xlarge\n- stream.memory.2xlarge\n- stream.memory.4xlarge\n- stream.memory.8xlarge\n- stream.memory.z1d.large\n- stream.memory.z1d.xlarge\n- stream.memory.z1d.2xlarge\n- stream.memory.z1d.3xlarge\n- stream.memory.z1d.6xlarge\n- stream.memory.z1d.12xlarge\n- stream.graphics-design.large\n- stream.graphics-design.xlarge\n- stream.graphics-design.2xlarge\n- stream.graphics-design.4xlarge\n- stream.graphics-desktop.2xlarge\n- stream.graphics.g4dn.xlarge\n- stream.graphics.g4dn.2xlarge\n- stream.graphics.g4dn.4xlarge\n- stream.graphics.g4dn.8xlarge\n- stream.graphics.g4dn.12xlarge\n- stream.graphics.g4dn.16xlarge\n- stream.graphics-pro.4xlarge\n- stream.graphics-pro.8xlarge\n- stream.graphics-pro.16xlarge\n- stream.graphics.g5.xlarge\n- stream.graphics.g5.2xlarge\n- stream.graphics.g5.4xlarge\n- stream.graphics.g5.8xlarge\n- stream.graphics.g5.16xlarge\n- stream.graphics.g5.12xlarge\n- stream.graphics.g5.24xlarge\n- stream.graphics.g6.xlarge\n- stream.graphics.g6.2xlarge\n- stream.graphics.g6.4xlarge\n- stream.graphics.g6.8xlarge\n- stream.graphics.g6.16xlarge\n- stream.graphics.g6.12xlarge\n- stream.graphics.g6.24xlarge\n- stream.graphics.gr6.4xlarge\n- stream.graphics.gr6.8xlarge\n- stream.graphics.g6f.large\n- stream.graphics.g6f.xlarge\n- stream.graphics.g6f.2xlarge\n- stream.graphics.g6f.4xlarge\n- stream.graphics.gr6f.4xlarge", "title": "InstanceType", "type": "string" }, @@ -19510,7 +19510,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the certificate. This will be an AWS Certificate Manager certificate.", + "markdownDescription": "The Amazon Resource Name (ARN) of the certificate. This will be an Certificate Manager certificate.", "title": "CertificateArn", "type": "string" }, @@ -27214,7 +27214,7 @@ "type": "string" }, "ImageType": { - "markdownDescription": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **ECS_AL1** - [Amazon Linux](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#alami) . Amazon Linux has reached the end-of-life of standard support. For more information, see [Amazon Linux AMI](https://docs.aws.amazon.com/amazon-linux-ami/) .\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types.", + "markdownDescription": "The image type to match with the instance type to select an AMI. The supported values are different for `ECS` and `EKS` resources.\n\n- **ECS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon ECS-optimized Amazon Linux 2 AMI](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) ( `ECS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon ECS optimized AMI for that image type that's supported by AWS Batch is used.\n\n> AWS will end support for Amazon ECS optimized AL2-optimized and AL2-accelerated AMIs. Starting in January 2026, AWS Batch will change the default AMI for new Amazon ECS compute environments from Amazon Linux 2 to Amazon Linux 2023. We recommend migrating AWS Batch Amazon ECS compute environments to Amazon Linux 2023 to maintain optimal performance and security. For more information on upgrading from AL2 to AL2023, see [How to migrate from ECS AL2 to ECS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/ecs-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **ECS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#al2ami) : Default for all non-GPU instance families.\n- **ECS_AL2_NVIDIA** - [Amazon Linux 2 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : Default for all GPU instance families (for example `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **ECS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **ECS_AL2023_NVIDIA** - [Amazon Linux 2023 (GPU)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html#gpuami) : For all GPU instance families and can be used for all non AWS Graviton-based instance types.\n\n> ECS_AL2023_NVIDIA doesn't support `p3` and `g3` instance types.\n- **EKS** - If the `imageIdOverride` parameter isn't specified, then a recent [Amazon EKS-optimized Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) ( `EKS_AL2` ) is used. If a new image type is specified in an update, but neither an `imageId` nor a `imageIdOverride` parameter is specified, then the latest Amazon EKS optimized AMI for that image type that AWS Batch supports is used.\n\n> Starting end of October 2025 Amazon EKS optimized Amazon Linux 2023 AMIs will be the default on AWS Batch for EKS versions prior to 1.33. Starting from Kubernetes version 1.33, EKS optimized Amazon Linux 2023 AMIs will be the default when it becomes supported on AWS Batch .\n> \n> AWS will end support for Amazon EKS AL2-optimized and AL2-accelerated AMIs, starting 11/26/25. You can continue using AWS Batch -provided Amazon EKS optimized Amazon Linux 2 AMIs on your Amazon EKS compute environments beyond the 11/26/25 end-of-support date, these compute environments will no longer receive any new software updates, security patches, or bug fixes from AWS . For more information on upgrading from AL2 to AL2023, see [How to upgrade from EKS AL2 to EKS AL2023](https://docs.aws.amazon.com/batch/latest/userguide/eks-migration-2023.html) in the *AWS Batch User Guide* . \n\n- **EKS_AL2** - [Amazon Linux 2](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all non-GPU instance families.\n- **EKS_AL2_NVIDIA** - [Amazon Linux 2 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : Default for all GPU instance families (for example, `P4` and `G4` ) and can be used for all non AWS Graviton-based instance types.\n- **EKS_AL2023** - [Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : AWS Batch supports Amazon Linux 2023.\n\n> Amazon Linux 2023 does not support `A1` instances.\n- **EKS_AL2023_NVIDIA** - [Amazon Linux 2023 (accelerated)](https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html) : GPU instance families and can be used for all non AWS Graviton-based instance types.", "title": "ImageType", "type": "string" } @@ -32403,7 +32403,7 @@ "type": "string" }, "CertificateTransparencyLoggingPreference": { - "markdownDescription": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` .\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", + "markdownDescription": "You can opt out of certificate transparency logging by specifying the `DISABLED` option. Opt in by specifying `ENABLED` . This setting doces not apply to private certificates.\n\nIf you do not specify a certificate transparency logging preference on a new CloudFormation template, or if you remove the logging preference from an existing template, this is the same as explicitly enabling the preference.\n\nChanging the certificate transparency logging preference will update the existing resource by calling `UpdateCertificateOptions` on the certificate. This action will not create a new resource.", "title": "CertificateTransparencyLoggingPreference", "type": "string" }, @@ -34510,7 +34510,7 @@ "type": "string" }, "TypeName": { - "markdownDescription": "The unique name for your hook. Specifies a three-part namespace for your hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`", + "markdownDescription": "The unique name for your Hook. Specifies a three-part namespace for your Hook, with a recommended pattern of `Organization::Service::Hook` .\n\n> The following organization namespaces are reserved and can't be used in your Hook type names:\n> \n> - `Alexa`\n> - `AMZN`\n> - `Amazon`\n> - `ASK`\n> - `AWS`\n> - `Custom`\n> - `Dev`", "title": "TypeName", "type": "string" } @@ -35593,7 +35593,7 @@ "type": "string" }, "TypeNameAlias": { - "markdownDescription": "An alias to assign to the public extension, in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", + "markdownDescription": "An alias to assign to the public extension in this account and Region. If you specify an alias for the extension, CloudFormation treats the alias as the extension type name within this account and Region. You must use the alias to refer to the extension in your templates, API calls, and CloudFormation console.\n\nAn extension alias must be unique within a given account and Region. You can activate the same public resource multiple times in the same account and Region, using different type name aliases.", "title": "TypeNameAlias", "type": "string" }, @@ -37276,7 +37276,7 @@ "additionalProperties": false, "properties": { "AcmCertificateArn": { - "markdownDescription": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [AWS Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", + "markdownDescription": "> In CloudFormation, this field name is `AcmCertificateArn` . Note the different capitalization. \n\nIf the distribution uses `Aliases` (alternate domain names or CNAMEs) and the SSL/TLS certificate is stored in [Certificate Manager (ACM)](https://docs.aws.amazon.com/acm/latest/userguide/acm-overview.html) , provide the Amazon Resource Name (ARN) of the ACM certificate. CloudFront only supports ACM certificates in the US East (N. Virginia) Region ( `us-east-1` ).\n\nIf you specify an ACM certificate ARN, you must also specify values for `MinimumProtocolVersion` and `SSLSupportMethod` . (In CloudFormation, the field name is `SslSupportMethod` . Note the different capitalization.)", "title": "AcmCertificateArn", "type": "string" }, @@ -46650,7 +46650,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of an AWS Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.", + "markdownDescription": "The Amazon Resource Name (ARN) of an Certificate Manager SSL certificate. You use this certificate for the subdomain of your custom domain.", "title": "CertificateArn", "type": "string" } @@ -47332,7 +47332,7 @@ "properties": { "ClientMetadata": { "additionalProperties": true, - "markdownDescription": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers.\n\nYou create custom workflows by assigning AWS Lambda functions to user pool triggers. When you use the AdminCreateUser API action, Amazon Cognito invokes the function that is assigned to the *pre sign-up* trigger. When Amazon Cognito invokes this function, it passes a JSON payload, which the function receives as input. This payload contains a `ClientMetadata` attribute, which provides the data that you assigned to the ClientMetadata parameter in your AdminCreateUser request. In your function code in AWS Lambda , you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nFor more information, see [Using Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-identity-pools-working-with-aws-lambda-triggers.html) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", + "markdownDescription": "A map of custom key-value pairs that you can provide as input for any custom workflows that this action triggers. You create custom workflows by assigning AWS Lambda functions to user pool triggers.\n\nWhen Amazon Cognito invokes any of these functions, it passes a JSON payload, which the function receives as input. This payload contains a `clientMetadata` attribute that provides the data that you assigned to the ClientMetadata parameter in your request. In your function code, you can process the `clientMetadata` value to enhance your workflow for your specific needs.\n\nTo review the Lambda trigger types that Amazon Cognito invokes at runtime with API requests, see [Connecting API actions to Lambda triggers](https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-working-with-lambda-triggers.html#lambda-triggers-by-event) in the *Amazon Cognito Developer Guide* .\n\n> When you use the `ClientMetadata` parameter, note that Amazon Cognito won't do the following:\n> \n> - Store the `ClientMetadata` value. This data is available only to AWS Lambda triggers that are assigned to a user pool to support custom workflows. If your user pool configuration doesn't include triggers, the `ClientMetadata` parameter serves no purpose.\n> - Validate the `ClientMetadata` value.\n> - Encrypt the `ClientMetadata` value. Don't send sensitive information in this parameter.", "patternProperties": { "^[a-zA-Z0-9]+$": { "type": "string" @@ -58148,7 +58148,7 @@ "type": "string" }, "KmsKeyArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses your default encryption key.\n\nAWS KMS creates the default encryption key for your AWS account . Your AWS account has a different default encryption key for each AWS Region .", + "markdownDescription": "The Amazon Resource Name (ARN) of the AWS KMS key that is used to encrypt the connection parameters for the instance profile.\n\nIf you don't specify a value for the `KmsKeyArn` parameter, then AWS DMS uses an AWS owned encryption key to encrypt your resources.", "title": "KmsKeyArn", "type": "string" }, @@ -68852,7 +68852,7 @@ "type": "string" }, "ServerCertificateArn": { - "markdownDescription": "The ARN of the server certificate. For more information, see the [AWS Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", + "markdownDescription": "The ARN of the server certificate. For more information, see the [Certificate Manager User Guide](https://docs.aws.amazon.com/acm/latest/userguide/) .", "title": "ServerCertificateArn", "type": "string" }, @@ -68923,7 +68923,7 @@ "additionalProperties": false, "properties": { "ClientRootCertificateChainArn": { - "markdownDescription": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in AWS Certificate Manager (ACM).", + "markdownDescription": "The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM).", "title": "ClientRootCertificateChainArn", "type": "string" } @@ -72708,7 +72708,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", + "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is supported for `io1` , `io2` , and `gp3` volumes only.", "title": "Iops", "type": "number" }, @@ -72723,12 +72723,12 @@ "type": "string" }, "Throughput": { - "markdownDescription": "The throughput to provision for a `gp3` volume, with a maximum of 1,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 1000.", + "markdownDescription": "The throughput to provision for a `gp3` volume, with a maximum of 2,000 MiB/s.\n\nValid Range: Minimum value of 125. Maximum value of 2,000.", "title": "Throughput", "type": "number" }, "VolumeSize": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. The following are the supported volumes sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "title": "VolumeSize", "type": "number" }, @@ -77187,7 +77187,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", + "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 80,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-types.html#ec2-nitro-instances) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS.", "title": "Iops", "type": "number" }, @@ -77197,7 +77197,7 @@ "type": "string" }, "VolumeSize": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported sizes for each volume type:\n\n- `gp2` : 1 - 16,384 GiB\n- `gp3` : 1 - 65,536 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", "title": "VolumeSize", "type": "number" }, @@ -80383,7 +80383,7 @@ "additionalProperties": false, "properties": { "PolicyDocument": { - "markdownDescription": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", + "markdownDescription": "An endpoint policy, which controls access to the service from the VPC. The default endpoint policy allows full access to the service. Endpoint policies are supported only for gateway and interface endpoints.\n\nFor CloudFormation templates in YAML, you can provide the policy in JSON or YAML format. For example, if you have a JSON policy, you can convert it to YAML before including it in the YAML template, and AWS CloudFormation converts the policy to JSON format before calling the API actions for AWS PrivateLink . Alternatively, you can include the JSON directly in the YAML, as shown in the following `Properties` section:\n\n`Properties: VpcEndpointType: 'Interface' ServiceName: !Sub 'com.amazonaws.${AWS::Region}.logs' PolicyDocument: '{ \"Version\":\"2012-10-17\", \"Statement\": [{ \"Effect\":\"Allow\", \"Principal\":\"*\", \"Action\":[\"logs:Describe*\",\"logs:Get*\",\"logs:List*\",\"logs:FilterLogEvents\"], \"Resource\":\"*\" }] }'`", "title": "PolicyDocument", "type": "object" }, @@ -82003,7 +82003,7 @@ "type": "boolean" }, "Iops": { - "markdownDescription": "The number of I/O operations per second (IOPS). For `gp3` , `io1` , and `io2` volumes, this represents the number of IOPS that are provisioned for the volume. For `gp2` volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.\n\nThe following are the supported values for each volume type:\n\n- `gp3` : 3,000 - 16,000 IOPS\n- `io1` : 100 - 64,000 IOPS\n- `io2` : 100 - 256,000 IOPS\n\nFor `io2` volumes, you can achieve up to 256,000 IOPS on [instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) . On other instances, you can achieve performance up to 32,000 IOPS.\n\nThis parameter is required for `io1` and `io2` volumes. The default for `gp3` volumes is 3,000 IOPS. This parameter is not supported for `gp2` , `st1` , `sc1` , or `standard` volumes.", + "markdownDescription": "The number of I/O operations per second (IOPS) to provision for the volume. Required for `io1` and `io2` volumes. Optional for `gp3` volumes. Omit for all other volume types.\n\nValid ranges:\n\n- gp3: `3,000` ( *default* ) `- 80,000` IOPS\n- io1: `100 - 64,000` IOPS\n- io2: `100 - 256,000` IOPS\n\n> [Instances built on the Nitro System](https://docs.aws.amazon.com/ec2/latest/instancetypes/ec2-nitro-instances.html) can support up to 256,000 IOPS. Other instances can support up to 32,000 IOPS.", "title": "Iops", "type": "number" }, @@ -82023,7 +82023,7 @@ "type": "string" }, "Size": { - "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.\n\nThe following are the supported volumes sizes for each volume type:\n\n- `gp2` and `gp3` : 1 - 16,384 GiB\n- `io1` : 4 - 16,384 GiB\n- `io2` : 4 - 65,536 GiB\n- `st1` and `sc1` : 125 - 16,384 GiB\n- `standard` : 1 - 1024 GiB", + "markdownDescription": "The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size, and you can specify a volume size that is equal to or larger than the snapshot size.\n\nValid sizes:\n\n- gp2: `1 - 16,384` GiB\n- gp3: `1 - 65,536` GiB\n- io1: `4 - 16,384` GiB\n- io2: `4 - 65,536` GiB\n- st1 and sc1: `125 - 16,384` GiB\n- standard: `1 - 1024` GiB", "title": "Size", "type": "number" }, @@ -82614,7 +82614,7 @@ }, "ImageScanningConfiguration": { "$ref": "#/definitions/AWS::ECR::Repository.ImageScanningConfiguration", - "markdownDescription": "The image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", + "markdownDescription": "> The `imageScanningConfiguration` parameter is being deprecated, in favor of specifying the image scanning configuration at the registry level. For more information, see `PutRegistryScanningConfiguration` . \n\nThe image scanning configuration for the repository. This determines whether images are scanned for known vulnerabilities after being pushed to the repository.", "title": "ImageScanningConfiguration" }, "ImageTagMutability": { @@ -83460,12 +83460,12 @@ "type": "boolean" }, "HealthCheckGracePeriodSeconds": { - "markdownDescription": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you don't specify a health check grace period value, the default value of `0` is used. If you don't use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service's tasks take a while to start and respond to health checks, you can specify a health check grace period of up to 2,147,483,647 seconds (about 69 years). During that time, the Amazon ECS service scheduler ignores health check status. This grace period can prevent the service scheduler from marking tasks as unhealthy and stopping them before they have time to come up.", + "markdownDescription": "The period of time, in seconds, that the Amazon ECS service scheduler ignores unhealthy Elastic Load Balancing, VPC Lattice, and container health checks after a task has first started. If you do not specify a health check grace period value, the default value of 0 is used. If you do not use any of the health checks, then `healthCheckGracePeriodSeconds` is unused.\n\nIf your service has more running tasks than desired, unhealthy tasks in the grace period might be stopped to reach the desired count.", "title": "HealthCheckGracePeriodSeconds", "type": "number" }, "LaunchType": { - "markdownDescription": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "markdownDescription": "The launch type on which to run your service. For more information, see [Amazon ECS Launch Types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .\n\n> If you want to use Managed Instances, you must use the `capacityProviderStrategy` request parameter", "title": "LaunchType", "type": "string" }, @@ -84223,7 +84223,7 @@ "items": { "type": "string" }, - "markdownDescription": "The task launch types the task definition was validated against. The valid values are `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", + "markdownDescription": "The task launch types the task definition was validated against. The valid values are `MANAGED_INSTANCES` , `EC2` , `FARGATE` , and `EXTERNAL` . For more information, see [Amazon ECS launch types](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html) in the *Amazon Elastic Container Service Developer Guide* .", "title": "RequiresCompatibilities", "type": "array" }, @@ -92922,7 +92922,7 @@ }, "ForwardConfig": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::Listener.ForwardConfig", - "markdownDescription": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "markdownDescription": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "title": "ForwardConfig" }, "Order": { @@ -92936,7 +92936,7 @@ "title": "RedirectConfig" }, "TargetGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "title": "TargetGroupArn", "type": "string" }, @@ -93205,7 +93205,7 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "markdownDescription": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "title": "DurationSeconds", "type": "number" }, @@ -93430,7 +93430,7 @@ }, "ForwardConfig": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::ListenerRule.ForwardConfig", - "markdownDescription": "Information for creating an action that distributes requests among one or more target groups. For Network Load Balancers, you can specify a single target group. Specify only when `Type` is `forward` . If you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", + "markdownDescription": "Information for creating an action that distributes requests among multiple target groups. Specify only when `Type` is `forward` .\n\nIf you specify both `ForwardConfig` and `TargetGroupArn` , you can specify only one target group using `ForwardConfig` and it must be the same target group specified in `TargetGroupArn` .", "title": "ForwardConfig" }, "Order": { @@ -93444,7 +93444,7 @@ "title": "RedirectConfig" }, "TargetGroupArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to one or more target groups, use `ForwardConfig` instead.", + "markdownDescription": "The Amazon Resource Name (ARN) of the target group. Specify only when `Type` is `forward` and you want to route to a single target group. To route to multiple target groups, you must use `ForwardConfig` instead.", "title": "TargetGroupArn", "type": "string" }, @@ -93645,7 +93645,7 @@ "items": { "type": "string" }, - "markdownDescription": "The host names. The maximum size of each name is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name.", + "markdownDescription": "The host names. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). You must include at least one \".\" character. You can include only alphabetical characters after the final \".\" character.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the host name.", "title": "Values", "type": "array" } @@ -93664,7 +93664,7 @@ "items": { "type": "string" }, - "markdownDescription": "The strings to compare against the value of the HTTP header. The maximum size of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.", + "markdownDescription": "The strings to compare against the value of the HTTP header. The maximum length of each string is 128 characters. The comparison strings are case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character).\n\nIf the same header appears multiple times in the request, we search them in order until a match is found.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the value of the HTTP header. To require that all of the strings are a match, create one condition per string.", "title": "Values", "type": "array" } @@ -93678,7 +93678,7 @@ "items": { "type": "string" }, - "markdownDescription": "The name of the request method. The maximum size is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.", + "markdownDescription": "The name of the request method. The maximum length is 40 characters. The allowed characters are A-Z, hyphen (-), and underscore (_). The comparison is case sensitive. Wildcards are not supported; therefore, the method name must be an exact match.\n\nIf you specify multiple strings, the condition is satisfied if one of the strings matches the HTTP request method. We recommend that you route GET and HEAD requests in the same way, because the response to a HEAD request may be cached.", "title": "Values", "type": "array" } @@ -93706,7 +93706,7 @@ "items": { "$ref": "#/definitions/AWS::ElasticLoadBalancingV2::ListenerRule.QueryStringKeyValue" }, - "markdownDescription": "The key/value pairs or values to find in the query string. The maximum size of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.", + "markdownDescription": "The key/value pairs or values to find in the query string. The maximum length of each string is 128 characters. The comparison is case insensitive. The following wildcard characters are supported: * (matches 0 or more characters) and ? (matches exactly 1 character). To search for a literal '*' or '?' character in a query string, you must escape these characters in `Values` using a '\\' character.\n\nIf you specify multiple key/value pairs or values, the condition is satisfied if one of them is found in the query string.", "title": "Values", "type": "array" } @@ -93835,7 +93835,7 @@ "additionalProperties": false, "properties": { "DurationSeconds": { - "markdownDescription": "The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", + "markdownDescription": "[Application Load Balancers] The time period, in seconds, during which requests from a client should be routed to the same target group. The range is 1-604800 seconds (7 days). You must specify this value when enabling target group stickiness.", "title": "DurationSeconds", "type": "number" }, @@ -94678,7 +94678,7 @@ "type": "string" }, "CustomEndpointCertificateArn": { - "markdownDescription": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "markdownDescription": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "title": "CustomEndpointCertificateArn", "type": "string" }, @@ -96932,14 +96932,10 @@ "additionalProperties": false, "properties": { "Action": { - "markdownDescription": "The action that you are enabling the other account to perform.", - "title": "Action", "type": "string" }, "Condition": { - "$ref": "#/definitions/AWS::Events::EventBusPolicy.Condition", - "markdownDescription": "This parameter enables you to limit the permission to accounts that fulfill a certain condition, such as being a member of a certain AWS organization. For more information about AWS Organizations, see [What Is AWS Organizations](https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html) in the *AWS Organizations User Guide* .\n\nIf you specify `Condition` with an AWS organization ID, and specify \"*\" as the value for `Principal` , you grant permission to all the accounts in the named organization.\n\nThe `Condition` is a JSON string which must contain `Type` , `Key` , and `Value` fields.", - "title": "Condition" + "$ref": "#/definitions/AWS::Events::EventBusPolicy.Condition" }, "EventBusName": { "markdownDescription": "The name of the event bus associated with the rule. If you omit this, the default event bus is used.", @@ -96947,8 +96943,6 @@ "type": "string" }, "Principal": { - "markdownDescription": "The 12-digit AWS account ID that you are permitting to put events to your default event bus. Specify \"*\" to permit any account to put events to your default event bus.\n\nIf you specify \"*\" without specifying `Condition` , avoid creating rules that may match undesirable events. To create more secure rules, make sure that the event pattern for each rule contains an `account` field with a specific account ID from which to receive events. Rules with an account field do not match any events sent from other accounts.", - "title": "Principal", "type": "string" }, "Statement": { @@ -96992,18 +96986,12 @@ "additionalProperties": false, "properties": { "Key": { - "markdownDescription": "Specifies the key for the condition. Currently the only supported key is `aws:PrincipalOrgID` .", - "title": "Key", "type": "string" }, "Type": { - "markdownDescription": "Specifies the type of condition. Currently the only supported value is `StringEquals` .", - "title": "Type", "type": "string" }, "Value": { - "markdownDescription": "Specifies the value for the key. Currently, this must be the ID of the organization.", - "title": "Value", "type": "string" } }, @@ -97591,7 +97579,7 @@ "additionalProperties": false, "properties": { "MessageGroupId": { - "markdownDescription": "The FIFO message group ID to use as the target.", + "markdownDescription": "The ID of the message group to use as the target.", "title": "MessageGroupId", "type": "string" } @@ -97686,7 +97674,7 @@ }, "SqsParameters": { "$ref": "#/definitions/AWS::Events::Rule.SqsParameters", - "markdownDescription": "Contains the message group ID to use when the target is a FIFO queue.\n\nIf you specify an SQS FIFO queue as a target, the queue must have content-based deduplication enabled.", + "markdownDescription": "Contains the message group ID to use when the target is an Amazon SQS fair or FIFO queue.\n\nIf you specify a fair or FIFO queue as a target, the queue must have content-based deduplication enabled.", "title": "SqsParameters" } }, @@ -99990,7 +99978,7 @@ "title": "DiskIopsConfiguration" }, "EndpointIpAddressRange": { - "markdownDescription": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API, Amazon FSx selects an unused IP address range for you from the 198.19.* range. By default in the Amazon FSx console, Amazon FSx chooses the last 64 IP addresses from the VPC\u2019s primary CIDR range to use as the endpoint IP address range for the file system. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "title": "EndpointIpAddressRange", "type": "string" }, @@ -100072,7 +100060,7 @@ "title": "DiskIopsConfiguration" }, "EndpointIpAddressRange": { - "markdownDescription": "(Multi-AZ only) Specifies the IP address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", + "markdownDescription": "(Multi-AZ only) Specifies the IPv4 address range in which the endpoints to access your file system will be created. By default in the Amazon FSx API and Amazon FSx console, Amazon FSx selects an available /28 IP address range for you from one of the VPC's CIDR ranges. You can have overlapping endpoint IP addresses for file systems deployed in the same VPC/route tables, as long as they don't overlap with any subnet.", "title": "EndpointIpAddressRange", "type": "string" }, @@ -103134,7 +103122,7 @@ }, "CertificateConfiguration": { "$ref": "#/definitions/AWS::GameLift::Fleet.CertificateConfiguration", - "markdownDescription": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nAWS Certificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *AWS Certificate Manager User Guide* .", + "markdownDescription": "Prompts Amazon GameLift Servers to generate a TLS/SSL certificate for the fleet. Amazon GameLift Servers uses the certificates to encrypt traffic between game clients and the game servers running on Amazon GameLift Servers. By default, the `CertificateConfiguration` is `DISABLED` . You can't change this property after you create the fleet.\n\nCertificate Manager (ACM) certificates expire after 13 months. Certificate expiration can cause fleets to fail, preventing players from connecting to instances in the fleet. We recommend you replace fleets before 13 months, consider using fleet aliases for a smooth transition.\n\n> ACM isn't available in all AWS regions. A fleet creation request with certificate generation enabled in an unsupported Region, fails with a 4xx error. For more information about the supported Regions, see [Supported Regions](https://docs.aws.amazon.com/acm/latest/userguide/acm-regions.html) in the *Certificate Manager User Guide* .", "title": "CertificateConfiguration" }, "ComputeType": { @@ -126199,7 +126187,7 @@ "properties": { "SuiteDefinitionConfiguration": { "$ref": "#/definitions/AWS::IoTCoreDeviceAdvisor::SuiteDefinition.SuiteDefinitionConfiguration", - "markdownDescription": "The configuration of the Suite Definition. Listed below are the required elements of the `SuiteDefinitionConfiguration` .\n\n- ***devicePermissionRoleArn*** - The device permission arn.\n\nThis is a required element.\n\n*Type:* String\n- ***devices*** - The list of configured devices under test. For more information on devices under test, see [DeviceUnderTest](https://docs.aws.amazon.com/iot/latest/apireference/API_iotdeviceadvisor_DeviceUnderTest.html)\n\nNot a required element.\n\n*Type:* List of devices under test\n- ***intendedForQualification*** - The tests intended for qualification in a suite.\n\nNot a required element.\n\n*Type:* Boolean\n- ***rootGroup*** - The test suite root group. For more information on creating and using root groups see the [Device Advisor workflow](https://docs.aws.amazon.com/iot/latest/developerguide/device-advisor-workflow.html) .\n\nThis is a required element.\n\n*Type:* String\n- ***suiteDefinitionName*** - The Suite Definition Configuration name.\n\nThis is a required element.\n\n*Type:* String", + "markdownDescription": "Gets the suite definition configuration.", "title": "SuiteDefinitionConfiguration" }, "Tags": { @@ -142333,7 +142321,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "title": "Destination", "type": "string" } @@ -142347,7 +142335,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) .", "title": "Destination", "type": "string" } @@ -142632,7 +142620,7 @@ "additionalProperties": false, "properties": { "Destination": { - "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", + "markdownDescription": "The Amazon Resource Name (ARN) of the destination resource.\n\nTo retain records of unsuccessful [asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html#invocation-async-destinations) , you can configure an Amazon SNS topic, Amazon SQS queue, Amazon S3 bucket, Lambda function, or Amazon EventBridge event bus as the destination.\n\n> Amazon SNS destinations have a message size limit of 256 KB. If the combined size of the function request and response payload exceeds the limit, Lambda will drop the payload when sending `OnFailure` event to the destination. For details on this behavior, refer to [Retaining records of asynchronous invocations](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async-retain-records.html) . \n\nTo retain records of failed invocations from [Kinesis](https://docs.aws.amazon.com/lambda/latest/dg/with-kinesis.html) , [DynamoDB](https://docs.aws.amazon.com/lambda/latest/dg/with-ddb.html) , [self-managed Kafka](https://docs.aws.amazon.com/lambda/latest/dg/with-kafka.html#services-smaa-onfailure-destination) or [Amazon MSK](https://docs.aws.amazon.com/lambda/latest/dg/with-msk.html#services-msk-onfailure-destination) , you can configure an Amazon SNS topic, Amazon SQS queue, or Amazon S3 bucket as the destination.", "title": "Destination", "type": "string" } @@ -143379,7 +143367,7 @@ "type": "string" }, "FunctionUrlAuthType": { - "markdownDescription": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Security and auth model for Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", + "markdownDescription": "The type of authentication that your function URL uses. Set to `AWS_IAM` if you want to restrict access to authenticated users only. Set to `NONE` if you want to bypass IAM authentication to create a public endpoint. For more information, see [Control access to Lambda function URLs](https://docs.aws.amazon.com/lambda/latest/dg/urls-auth.html) .", "title": "FunctionUrlAuthType", "type": "string" }, @@ -151525,7 +151513,7 @@ }, "HighAvailabilityConfig": { "$ref": "#/definitions/AWS::M2::Environment.HighAvailabilityConfig", - "markdownDescription": "Defines the details of a high availability configuration.", + "markdownDescription": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the details of a high availability configuration.", "title": "HighAvailabilityConfig" }, "InstanceType": { @@ -151565,7 +151553,7 @@ "items": { "$ref": "#/definitions/AWS::M2::Environment.StorageConfiguration" }, - "markdownDescription": "Defines the storage configuration for a runtime environment.", + "markdownDescription": "> AWS Mainframe Modernization Service (Managed Runtime Environment experience) will no longer be open to new customers starting on November 7, 2025. If you would like to use the service, please sign up prior to November 7, 2025. For capabilities similar to AWS Mainframe Modernization Service (Managed Runtime Environment experience) explore AWS Mainframe Modernization Service (Self-Managed Experience). Existing customers can continue to use the service as normal. For more information, see [AWS Mainframe Modernization availability change](https://docs.aws.amazon.com/m2/latest/userguide/mainframe-modernization-availability-change.html) . \n\nDefines the storage configuration for a runtime environment.", "title": "StorageConfigurations", "type": "array" }, @@ -152459,7 +152447,7 @@ "type": "string" }, "Policy": { - "markdownDescription": "Resource policy for the cluster.", + "markdownDescription": "Resource policy for the cluster. The maximum size supported for a resource-based policy document is 20 KB.", "title": "Policy", "type": "object" } @@ -153207,7 +153195,7 @@ "type": "object" }, "AirflowVersion": { - "markdownDescription": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `1.10.12` | `2.0.2` | `2.2.2` | `2.4.3` | `2.5.1` | `2.6.3` | `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` (latest)", + "markdownDescription": "The version of Apache Airflow to use for the environment. If no value is specified, defaults to the latest version.\n\nIf you specify a newer version number for an existing environment, the version update requires some service interruption before taking effect.\n\n*Allowed Values* : `2.7.2` | `2.8.1` | `2.9.2` | `2.10.1` | `2.10.3` | `3.0.6` (latest)", "title": "AirflowVersion", "type": "string" }, @@ -153388,7 +153376,7 @@ "type": "boolean" }, "LogLevel": { - "markdownDescription": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs. Valid values: `CRITICAL` , `ERROR` , `WARNING` , `INFO` .", + "markdownDescription": "Defines the Apache Airflow logs to send for the log type (e.g. `DagProcessingLogs` ) to CloudWatch Logs.", "title": "LogLevel", "type": "string" } @@ -162588,7 +162576,7 @@ "additionalProperties": false, "properties": { "CertificateArn": { - "markdownDescription": "The Amazon Resource Name (ARN) for the certificate that you imported to AWS Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", + "markdownDescription": "The Amazon Resource Name (ARN) for the certificate that you imported to Certificate Manager to add content key encryption to this endpoint. For this feature to work, your DRM key provider must support content key encryption.", "title": "CertificateArn", "type": "string" }, @@ -167650,7 +167638,7 @@ "additionalProperties": false, "properties": { "GeneratedRulesType": { - "markdownDescription": "Whether you want to allow or deny access to the domains in your target list.", + "markdownDescription": "Whether you want to apply allow, reject, alert, or drop behavior to the domains in your target list.\n\n> When logging is enabled and you choose Alert, traffic that matches the domain specifications generates an alert in the firewall's logs. Then, traffic either passes, is rejected, or drops based on other rules in the firewall policy.", "title": "GeneratedRulesType", "type": "string" }, @@ -167830,7 +167818,7 @@ }, "TLSInspectionConfiguration": { "$ref": "#/definitions/AWS::NetworkFirewall::TLSInspectionConfiguration.TLSInspectionConfiguration", - "markdownDescription": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using AWS Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", + "markdownDescription": "The object that defines a TLS inspection configuration. AWS Network Firewall uses TLS inspection configurations to decrypt your firewall's inbound and outbound SSL/TLS traffic. After decryption, AWS Network Firewall inspects the traffic according to your firewall policy's stateful rules, and then re-encrypts it before sending it to its destination. You can enable inspection of your firewall's inbound traffic, outbound traffic, or both. To use TLS inspection with your firewall, you must first import or provision certificates using Certificate Manager , create a TLS inspection configuration, add that configuration to a new firewall policy, and then associate that policy with your firewall. For more information about using TLS inspection configurations, see [Inspecting SSL/TLS traffic with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection.html) in the *AWS Network Firewall Developer Guide* .", "title": "TLSInspectionConfiguration" }, "TLSInspectionConfigurationName": { @@ -167928,7 +167916,7 @@ "additionalProperties": false, "properties": { "ResourceArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Certificate Manager SSL/TLS server certificate that's used for inbound SSL/TLS inspection.", "title": "ResourceArn", "type": "string" } @@ -167939,7 +167927,7 @@ "additionalProperties": false, "properties": { "CertificateAuthorityArn": { - "markdownDescription": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within AWS Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .", + "markdownDescription": "The Amazon Resource Name (ARN) of the imported certificate authority (CA) certificate within Certificate Manager (ACM) to use for outbound SSL/TLS inspection.\n\nThe following limitations apply:\n\n- You can use CA certificates that you imported into ACM, but you can't generate CA certificates with ACM.\n- You can't use certificates issued by AWS Private Certificate Authority .\n\nFor more information about configuring certificates for outbound inspection, see [Using SSL/TLS certificates with TLS inspection configurations](https://docs.aws.amazon.com/network-firewall/latest/developerguide/tls-inspection-certificate-requirements.html) in the *AWS Network Firewall Developer Guide* .\n\nFor information about working with certificates in ACM, see [Importing certificates](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .", "title": "CertificateAuthorityArn", "type": "string" }, @@ -172277,7 +172265,7 @@ "type": "string" }, "CustomEndpointCertificateArn": { - "markdownDescription": "The AWS Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", + "markdownDescription": "The Certificate Manager ARN for your domain's SSL/TLS certificate. Required if you enabled a custom endpoint for the domain.", "title": "CustomEndpointCertificateArn", "type": "string" }, @@ -182966,7 +182954,7 @@ "type": "array" }, "Name": { - "markdownDescription": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon QuickSight console.", + "markdownDescription": "A descriptive name for the analysis that you're creating. This name displays for the analysis in the Amazon Quick Sight console.", "title": "Name", "type": "string" }, @@ -183010,7 +182998,7 @@ "type": "array" }, "ThemeArn": { - "markdownDescription": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon QuickSight console, make sure that you have access to it.", + "markdownDescription": "The ARN for the theme to apply to the analysis that you're creating. To see the theme in the Amazon Quick Sight console, make sure that you have access to it.", "title": "ThemeArn", "type": "string" }, @@ -183149,7 +183137,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterGroup" }, - "markdownDescription": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Filter definitions for an analysis.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -183162,7 +183150,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ParameterDeclaration" }, - "markdownDescription": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An array of parameter declarations for an analysis.\n\nParameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -184221,12 +184209,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -186248,7 +186236,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -186745,7 +186733,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -188361,7 +188349,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -192115,7 +192103,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -192735,7 +192723,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -192805,7 +192793,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -192813,7 +192801,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -192826,7 +192814,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -194600,22 +194588,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -194625,92 +194613,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Analysis.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -195257,7 +195245,7 @@ }, "DashboardPublishOptions": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.DashboardPublishOptions", - "markdownDescription": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon QuickSight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.", + "markdownDescription": "Options for publishing the dashboard when you create it:\n\n- `AvailabilityStatus` for `AdHocFilteringOption` - This status can be either `ENABLED` or `DISABLED` . When this is set to `DISABLED` , Amazon Quick Sight disables the left filter pane on the published dashboard, which can be used for ad hoc (one-time) filtering. This option is `ENABLED` by default.\n- `AvailabilityStatus` for `ExportToCSVOption` - This status can be either `ENABLED` or `DISABLED` . The visual option to export data to .CSV format isn't enabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `VisibilityState` for `SheetControlsOption` - This visibility state can be either `COLLAPSED` or `EXPANDED` . This option is `COLLAPSED` by default.\n- `AvailabilityStatus` for `QuickSuiteActionsOption` - This status can be either `ENABLED` or `DISABLED` . Features related to Actions in Amazon Quick Suite on dashboards are disabled when this is set to `DISABLED` . This option is `DISABLED` by default.\n- `AvailabilityStatus` for `ExecutiveSummaryOption` - This status can be either `ENABLED` or `DISABLED` . The option to build an executive summary is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.\n- `AvailabilityStatus` for `DataStoriesSharingOption` - This status can be either `ENABLED` or `DISABLED` . The option to share a data story is disabled when this is set to `DISABLED` . This option is `ENABLED` by default.", "title": "DashboardPublishOptions" }, "Definition": { @@ -196412,12 +196400,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -197669,7 +197657,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterGroup" }, - "markdownDescription": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The filter definitions for a dashboard.\n\nFor more information, see [Filtering Data in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/adding-a-filter.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -197682,7 +197670,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ParameterDeclaration" }, - "markdownDescription": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The parameter declarations for a dashboard. Parameters are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -198734,7 +198722,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -199264,7 +199252,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -200880,7 +200868,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -204648,7 +204636,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -205268,7 +205256,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -205349,7 +205337,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -205357,7 +205345,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -205370,7 +205358,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -207155,22 +207143,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -207180,92 +207168,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Dashboard.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -207831,7 +207819,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::DataSet.ColumnGroup" }, - "markdownDescription": "Groupings of columns that work together in certain Amazon QuickSight features. Currently, only geospatial hierarchy is supported.", + "markdownDescription": "Groupings of columns that work together in certain Amazon Quick Sight features. Currently, only geospatial hierarchy is supported.", "title": "ColumnGroups", "type": "array" }, @@ -207967,7 +207955,7 @@ "additionalProperties": false, "properties": { "ColumnId": { - "markdownDescription": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Amazon QuickSight preserves the existing calculated column.", + "markdownDescription": "A unique ID to identify a calculated column. During a dataset update, if the column ID of a calculated column matches that of an existing calculated column, Quick Sight preserves the existing calculated column.", "title": "ColumnId", "type": "string" }, @@ -207998,7 +207986,7 @@ "type": "string" }, "Format": { - "markdownDescription": "When casting a column from string to datetime type, you can supply a string in a format supported by Amazon QuickSight to denote the source data format.", + "markdownDescription": "When casting a column from string to datetime type, you can supply a string in a format supported by Quick Sight to denote the source data format.", "title": "Format", "type": "string" }, @@ -208056,7 +208044,7 @@ "items": { "type": "string" }, - "markdownDescription": "An array of Amazon Resource Names (ARNs) for QuickSight users or groups.", + "markdownDescription": "An array of Amazon Resource Names (ARNs) for Quick Suite users or groups.", "title": "Principals", "type": "array" } @@ -208151,7 +208139,7 @@ "type": "boolean" }, "DisableUseAsImportedSource": { - "markdownDescription": "An option that controls whether a child dataset that's stored in QuickSight can use this dataset as a source.", + "markdownDescription": "An option that controls whether a child dataset that's stored in Quick Sight can use this dataset as a source.", "title": "DisableUseAsImportedSource", "type": "boolean" } @@ -208483,7 +208471,7 @@ "additionalProperties": false, "properties": { "UniqueKey": { - "markdownDescription": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by QuickSight to optimize query performance.", + "markdownDescription": "A value that indicates that a row in a table is uniquely identified by the columns in a join key. This is used by Quick Suite to optimize query performance.", "title": "UniqueKey", "type": "boolean" } @@ -208768,7 +208756,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -209089,7 +209077,7 @@ }, "Credentials": { "$ref": "#/definitions/AWS::QuickSight::DataSource.DataSourceCredentials", - "markdownDescription": "The credentials Amazon QuickSight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", + "markdownDescription": "The credentials Amazon Quick Sight that uses to connect to your underlying source. Currently, only credentials based on user name and password are supported.", "title": "Credentials" }, "DataSourceId": { @@ -209099,7 +209087,7 @@ }, "DataSourceParameters": { "$ref": "#/definitions/AWS::QuickSight::DataSource.DataSourceParameters", - "markdownDescription": "The parameters that Amazon QuickSight uses to connect to your underlying source.", + "markdownDescription": "The parameters that Amazon Quick Sight uses to connect to your underlying source.", "title": "DataSourceParameters" }, "ErrorInfo": { @@ -209122,7 +209110,7 @@ }, "SslProperties": { "$ref": "#/definitions/AWS::QuickSight::DataSource.SslProperties", - "markdownDescription": "Secure Socket Layer (SSL) properties that apply when Amazon QuickSight connects to your underlying source.", + "markdownDescription": "Secure Socket Layer (SSL) properties that apply when Amazon Quick Sight connects to your underlying source.", "title": "SslProperties" }, "Tags": { @@ -209140,7 +209128,7 @@ }, "VpcConnectionProperties": { "$ref": "#/definitions/AWS::QuickSight::DataSource.VpcConnectionProperties", - "markdownDescription": "Use this parameter only when you want Amazon QuickSight to use a VPC connection when connecting to your underlying source.", + "markdownDescription": "Use this parameter only when you want Amazon Quick Sight to use a VPC connection when connecting to your underlying source.", "title": "VpcConnectionProperties" } }, @@ -209670,7 +209658,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -209686,7 +209674,7 @@ "properties": { "ManifestFileLocation": { "$ref": "#/definitions/AWS::QuickSight::DataSource.ManifestFileLocation", - "markdownDescription": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Amazon QuickSight.", + "markdownDescription": "Location of the Amazon S3 manifest file. This is NULL if the manifest file was uploaded into Quick Sight.", "title": "ManifestFileLocation" }, "RoleArn": { @@ -209973,7 +209961,7 @@ "additionalProperties": false, "properties": { "RefreshType": { - "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *QuickSight User Guide* .", + "markdownDescription": "The type of refresh that a dataset undergoes. Valid values are as follows:\n\n- `FULL_REFRESH` : A complete refresh of a dataset.\n- `INCREMENTAL_REFRESH` : A partial refresh of some rows of a dataset, based on the time window specified.\n\nFor more information on full and incremental refreshes, see [Refreshing SPICE data](https://docs.aws.amazon.com/quicksight/latest/user/refreshing-imported-data.html) in the *Quick Suite User Guide* .", "title": "RefreshType", "type": "string" }, @@ -210057,7 +210045,7 @@ "additionalProperties": false, "properties": { "AwsAccountId": { - "markdownDescription": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon QuickSight account.", + "markdownDescription": "The ID for the AWS account that the group is in. You use the ID for the AWS account that contains your Amazon Quick Sight account.", "title": "AwsAccountId", "type": "string" }, @@ -210081,7 +210069,7 @@ }, "SourceEntity": { "$ref": "#/definitions/AWS::QuickSight::Template.TemplateSourceEntity", - "markdownDescription": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Amazon QuickSight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", + "markdownDescription": "The entity that you are using as a source when you create the template. In `SourceEntity` , you specify the type of object you're using as source: `SourceTemplate` for a template or `SourceAnalysis` for an analysis. Both of these require an Amazon Resource Name (ARN). For `SourceTemplate` , specify the ARN of the source template. For `SourceAnalysis` , specify the ARN of the source analysis. The `SourceTemplate` ARN can contain any AWS account and any Quick Sight-supported AWS Region .\n\nUse the `DataSetReferences` entity within `SourceTemplate` or `SourceAnalysis` to list the replacement datasets for the placeholders listed in the original. The schema in each dataset must match its placeholder.\n\nEither a `SourceEntity` or a `Definition` must be provided in order for the request to be valid.", "title": "SourceEntity" }, "Tags": { @@ -211183,12 +211171,12 @@ }, "CustomFilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Template.CustomFilterListConfiguration", - "markdownDescription": "A list of custom filter values. In the Amazon QuickSight console, this filter type is called a custom filter list.", + "markdownDescription": "A list of custom filter values. In the Quick Sight console, this filter type is called a custom filter list.", "title": "CustomFilterListConfiguration" }, "FilterListConfiguration": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterListConfiguration", - "markdownDescription": "A list of filter configurations. In the Amazon QuickSight console, this filter type is called a filter list.", + "markdownDescription": "A list of filter configurations. In the Quick Sight console, this filter type is called a filter list.", "title": "FilterListConfiguration" } }, @@ -213233,7 +213221,7 @@ "additionalProperties": false, "properties": { "LabelVisibility": { - "markdownDescription": "Determines the visibility of the label in a donut chart. In the Amazon QuickSight console, this option is called `'Show total'` .", + "markdownDescription": "Determines the visibility of the label in a donut chart. In the Quick Sight console, this option is called `'Show total'` .", "title": "LabelVisibility", "type": "string" } @@ -213730,7 +213718,7 @@ "properties": { "CategoryFilter": { "$ref": "#/definitions/AWS::QuickSight::Template.CategoryFilter", - "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A `CategoryFilter` filters text values.\n\nFor more information, see [Adding text filters](https://docs.aws.amazon.com/quicksight/latest/user/add-a-text-filter-data-prep.html) in the *Amazon Quick Suite User Guide* .", "title": "CategoryFilter" }, "NumericEqualityFilter": { @@ -215346,7 +215334,7 @@ "type": "string" }, "ResizeOption": { - "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Amazon QuickSight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Amazon QuickSight console, this option is called `Tiled` .", + "markdownDescription": "This value determines the layout behavior when the viewport is resized.\n\n- `FIXED` : A fixed width will be used when optimizing the layout. In the Quick Sight console, this option is called `Classic` .\n- `RESPONSIVE` : The width of the canvas will be responsive and optimized to the view port. In the Quick Sight console, this option is called `Tiled` .", "title": "ResizeOption", "type": "string" } @@ -219039,7 +219027,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -219659,7 +219647,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Amazon QuickSight console.", + "markdownDescription": "The name of a sheet. This name is displayed on the sheet's tab in the Quick Sight console.", "title": "Name", "type": "string" }, @@ -219729,7 +219717,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterControl" }, - "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of filter controls that are on a sheet.\n\nFor more information, see [Adding filter controls to analysis sheets](https://docs.aws.amazon.com/quicksight/latest/user/filter-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterControls", "type": "array" }, @@ -219737,7 +219725,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.Layout" }, - "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Layouts define how the components of a sheet are arranged.\n\nFor more information, see [Types of layout](https://docs.aws.amazon.com/quicksight/latest/user/types-of-layout.html) in the *Amazon Quick Suite User Guide* .", "title": "Layouts", "type": "array" }, @@ -219750,7 +219738,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.ParameterControl" }, - "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "The list of parameter controls that are on a sheet.\n\nFor more information, see [Using a Control with a Parameter in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-controls.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterControls", "type": "array" }, @@ -220873,7 +220861,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.FilterGroup" }, - "markdownDescription": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "Filter definitions for a template.\n\nFor more information, see [Filtering Data](https://docs.aws.amazon.com/quicksight/latest/user/filtering-visual-data.html) in the *Amazon Quick Suite User Guide* .", "title": "FilterGroups", "type": "array" }, @@ -220886,7 +220874,7 @@ "items": { "$ref": "#/definitions/AWS::QuickSight::Template.ParameterDeclaration" }, - "markdownDescription": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon QuickSight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An array of parameter declarations for a template.\n\n*Parameters* are named variables that can transfer a value for use by an action or an object.\n\nFor more information, see [Parameters in Amazon Quick Sight](https://docs.aws.amazon.com/quicksight/latest/user/parameters-in-quicksight.html) in the *Amazon Quick Suite User Guide* .", "title": "ParameterDeclarations", "type": "array" }, @@ -221705,22 +221693,22 @@ "properties": { "BarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.BarChartVisual", - "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A bar chart.\n\nFor more information, see [Using bar charts](https://docs.aws.amazon.com/quicksight/latest/user/bar-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "BarChartVisual" }, "BoxPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.BoxPlotVisual", - "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A box plot.\n\nFor more information, see [Using box plots](https://docs.aws.amazon.com/quicksight/latest/user/box-plots.html) in the *Amazon Quick Suite User Guide* .", "title": "BoxPlotVisual" }, "ComboChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.ComboChartVisual", - "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A combo chart.\n\nFor more information, see [Using combo charts](https://docs.aws.amazon.com/quicksight/latest/user/combo-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "ComboChartVisual" }, "CustomContentVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.CustomContentVisual", - "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A visual that contains custom content.\n\nFor more information, see [Using custom visual content](https://docs.aws.amazon.com/quicksight/latest/user/custom-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "CustomContentVisual" }, "EmptyVisual": { @@ -221730,92 +221718,92 @@ }, "FilledMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.FilledMapVisual", - "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A filled map.\n\nFor more information, see [Creating filled maps](https://docs.aws.amazon.com/quicksight/latest/user/filled-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "FilledMapVisual" }, "FunnelChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.FunnelChartVisual", - "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A funnel chart.\n\nFor more information, see [Using funnel charts](https://docs.aws.amazon.com/quicksight/latest/user/funnel-visual-content.html) in the *Amazon Quick Suite User Guide* .", "title": "FunnelChartVisual" }, "GaugeChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.GaugeChartVisual", - "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A gauge chart.\n\nFor more information, see [Using gauge charts](https://docs.aws.amazon.com/quicksight/latest/user/gauge-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "GaugeChartVisual" }, "GeospatialMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.GeospatialMapVisual", - "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A geospatial map or a points on map visual.\n\nFor more information, see [Creating point maps](https://docs.aws.amazon.com/quicksight/latest/user/point-maps.html) in the *Amazon Quick Suite User Guide* .", "title": "GeospatialMapVisual" }, "HeatMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.HeatMapVisual", - "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A heat map.\n\nFor more information, see [Using heat maps](https://docs.aws.amazon.com/quicksight/latest/user/heat-map.html) in the *Amazon Quick Suite User Guide* .", "title": "HeatMapVisual" }, "HistogramVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.HistogramVisual", - "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A histogram.\n\nFor more information, see [Using histograms](https://docs.aws.amazon.com/quicksight/latest/user/histogram-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "HistogramVisual" }, "InsightVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.InsightVisual", - "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "An insight visual.\n\nFor more information, see [Working with insights](https://docs.aws.amazon.com/quicksight/latest/user/computational-insights.html) in the *Amazon Quick Suite User Guide* .", "title": "InsightVisual" }, "KPIVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.KPIVisual", - "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A key performance indicator (KPI).\n\nFor more information, see [Using KPIs](https://docs.aws.amazon.com/quicksight/latest/user/kpi.html) in the *Amazon Quick Suite User Guide* .", "title": "KPIVisual" }, "LineChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.LineChartVisual", - "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A line chart.\n\nFor more information, see [Using line charts](https://docs.aws.amazon.com/quicksight/latest/user/line-charts.html) in the *Amazon Quick Suite User Guide* .", "title": "LineChartVisual" }, "PieChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.PieChartVisual", - "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pie or donut chart.\n\nFor more information, see [Using pie charts](https://docs.aws.amazon.com/quicksight/latest/user/pie-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "PieChartVisual" }, "PivotTableVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.PivotTableVisual", - "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A pivot table.\n\nFor more information, see [Using pivot tables](https://docs.aws.amazon.com/quicksight/latest/user/pivot-table.html) in the *Amazon Quick Suite User Guide* .", "title": "PivotTableVisual" }, "RadarChartVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.RadarChartVisual", - "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A radar chart visual.\n\nFor more information, see [Using radar charts](https://docs.aws.amazon.com/quicksight/latest/user/radar-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "RadarChartVisual" }, "SankeyDiagramVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.SankeyDiagramVisual", - "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A sankey diagram.\n\nFor more information, see [Using Sankey diagrams](https://docs.aws.amazon.com/quicksight/latest/user/sankey-diagram.html) in the *Amazon Quick Suite User Guide* .", "title": "SankeyDiagramVisual" }, "ScatterPlotVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.ScatterPlotVisual", - "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A scatter plot.\n\nFor more information, see [Using scatter plots](https://docs.aws.amazon.com/quicksight/latest/user/scatter-plot.html) in the *Amazon Quick Suite User Guide* .", "title": "ScatterPlotVisual" }, "TableVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.TableVisual", - "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A table visual.\n\nFor more information, see [Using tables as visuals](https://docs.aws.amazon.com/quicksight/latest/user/tabular.html) in the *Amazon Quick Suite User Guide* .", "title": "TableVisual" }, "TreeMapVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.TreeMapVisual", - "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A tree map.\n\nFor more information, see [Using tree maps](https://docs.aws.amazon.com/quicksight/latest/user/tree-map.html) in the *Amazon Quick Suite User Guide* .", "title": "TreeMapVisual" }, "WaterfallVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.WaterfallVisual", - "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A waterfall chart.\n\nFor more information, see [Using waterfall charts](https://docs.aws.amazon.com/quicksight/latest/user/waterfall-chart.html) in the *Amazon Quick Suite User Guide* .", "title": "WaterfallVisual" }, "WordCloudVisual": { "$ref": "#/definitions/AWS::QuickSight::Template.WordCloudVisual", - "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon QuickSight User Guide* .", + "markdownDescription": "A word cloud.\n\nFor more information, see [Using word clouds](https://docs.aws.amazon.com/quicksight/latest/user/word-cloud.html) in the *Amazon Quick Suite User Guide* .", "title": "WordCloudVisual" } }, @@ -222356,7 +222344,7 @@ "type": "string" }, "BaseThemeId": { - "markdownDescription": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon QuickSight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", + "markdownDescription": "The ID of the theme that a custom theme will inherit from. All themes inherit from one of the starting themes defined by Amazon Quick Sight. For a list of the starting themes, use `ListThemes` or choose *Themes* from within an analysis.", "title": "BaseThemeId", "type": "string" }, @@ -222510,7 +222498,7 @@ "type": "array" }, "Principal": { - "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon QuickSight user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon QuickSight user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a QuickSight ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", + "markdownDescription": "The Amazon Resource Name (ARN) of the principal. This can be one of the following:\n\n- The ARN of an Amazon Quick Suite user or group associated with a data source or dataset. (This is common.)\n- The ARN of an Amazon Quick Suite user, group, or namespace associated with an analysis, dashboard, template, or theme. (This is common.)\n- The ARN of an AWS account root: This is an IAM ARN rather than a Quick Suite ARN. Use this option only to share resources (templates) across AWS accounts . (This is less common.)", "title": "Principal", "type": "string" } @@ -222588,7 +222576,7 @@ "type": "string" }, "BaseThemeId": { - "markdownDescription": "The Amazon QuickSight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Amazon QuickSight theme.", + "markdownDescription": "The Quick Sight-defined ID of the theme that a custom theme inherits from. All themes initially inherit from a default Quick Sight theme.", "title": "BaseThemeId", "type": "string" }, @@ -224407,7 +224395,7 @@ "type": "string" }, "PubliclyAccessible": { - "markdownDescription": "Specifies whether the DB cluster is publicly accessible.\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its Domain Name System (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is ultimately controlled by the security group it uses. That public access isn't permitted if the security group assigned to the DB cluster doesn't permit it.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nDefault: The default behavior varies depending on whether `DBSubnetGroupName` is specified.\n\nIf `DBSubnetGroupName` isn't specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the default VPC in the target Region doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the default VPC in the target Region has an internet gateway attached to it, the DB cluster is public.\n\nIf `DBSubnetGroupName` is specified, and `PubliclyAccessible` isn't specified, the following applies:\n\n- If the subnets are part of a VPC that doesn\u2019t have an internet gateway attached to it, the DB cluster is private.\n- If the subnets are part of a VPC that has an internet gateway attached to it, the DB cluster is public.", + "markdownDescription": "Specifies whether the DB cluster is publicly accessible.\n\nValid for Cluster Type: Multi-AZ DB clusters only\n\nWhen the DB cluster is publicly accessible and you connect from outside of the DB cluster's virtual private cloud (VPC), its domain name system (DNS) endpoint resolves to the public IP address. When you connect from within the same VPC as the DB cluster, the endpoint resolves to the private IP address. Access to the DB cluster is controlled by its security group settings.\n\nWhen the DB cluster isn't publicly accessible, it is an internal DB cluster with a DNS name that resolves to a private IP address.\n\nThe default behavior when `PubliclyAccessible` is not specified depends on whether a `DBSubnetGroup` is specified.\n\nIf `DBSubnetGroup` isn't specified, `PubliclyAccessible` defaults to `true` .\n\nIf `DBSubnetGroup` is specified, `PubliclyAccessible` defaults to `false` unless the value of `DBSubnetGroup` is `default` , in which case `PubliclyAccessible` defaults to `true` .\n\nIf `PubliclyAccessible` is true and the VPC that the `DBSubnetGroup` is in doesn't have an internet gateway attached to it, Amazon RDS returns an error.", "title": "PubliclyAccessible", "type": "boolean" }, @@ -231686,7 +231674,7 @@ "type": "boolean" }, "FailureThreshold": { - "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\nIf you don't specify a value for `FailureThreshold` , the default value is three health checks.", + "markdownDescription": "The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53 to change the current status of the endpoint from unhealthy to healthy or vice versa. For more information, see [How Amazon Route 53 Determines Whether an Endpoint Is Healthy](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-determining-health-of-endpoints.html) in the *Amazon Route 53 Developer Guide* .\n\n`FailureThreshold` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\nOtherwise, if you don't specify a value for `FailureThreshold` , the default value is three health checks.", "title": "FailureThreshold", "type": "number" }, @@ -231716,7 +231704,7 @@ "type": "boolean" }, "MeasureLatency": { - "markdownDescription": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n> You can't change the value of `MeasureLatency` after you create a health check.", + "markdownDescription": "Specify whether you want Amazon Route 53 to measure the latency between health checkers in multiple AWS regions and your endpoint, and to display CloudWatch latency graphs on the *Health Checks* page in the Route 53 console.\n\n`MeasureLatency` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `MeasureLatency` after you create a health check.", "title": "MeasureLatency", "type": "boolean" }, @@ -231734,7 +231722,7 @@ "type": "array" }, "RequestInterval": { - "markdownDescription": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", + "markdownDescription": "The number of seconds between the time that Amazon Route 53 gets a response from your endpoint and the time that it sends the next health check request. Each Route 53 health checker makes requests at this interval.\n\n`RequestInterval` is not supported when you specify a value for `Type` of `RECOVERY_CONTROL` .\n\n> You can't change the value of `RequestInterval` after you create a health check. \n\nIf you don't specify a value for `RequestInterval` , the default value is `30` seconds.", "title": "RequestInterval", "type": "number" }, @@ -232109,7 +232097,7 @@ "type": "boolean" }, "Name": { - "markdownDescription": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "title": "Name", "type": "string" }, @@ -232183,7 +232171,7 @@ "type": "string" }, "EvaluateTargetHealth": { - "markdownDescription": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", + "markdownDescription": "*Applies only to alias, failover alias, geolocation alias, latency alias, and weighted alias resource record sets:* When `EvaluateTargetHealth` is `true` , an alias resource record set inherits the health of the referenced AWS resource, such as an ELB load balancer or another resource record set in the hosted zone.\n\nNote the following:\n\n- **CloudFront distributions** - You can't set `EvaluateTargetHealth` to `true` when the alias target is a CloudFront distribution.\n- **Elastic Beanstalk environments that have regionalized subdomains** - If you specify an Elastic Beanstalk environment in `DNSName` and the environment contains an ELB load balancer, Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. (An environment automatically contains an ELB load balancer if it includes more than one Amazon EC2 instance.) If you set `EvaluateTargetHealth` to `true` and either no Amazon EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other available resources that are healthy, if any.\n\nIf the environment contains a single Amazon EC2 instance, there are no special requirements.\n- **ELB load balancers** - Health checking behavior depends on the type of load balancer:\n\n- *Classic Load Balancers* : If you specify an ELB Classic Load Balancer in `DNSName` , Elastic Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If you set `EvaluateTargetHealth` to `true` and either no EC2 instances are healthy or the load balancer itself is unhealthy, Route 53 routes queries to other resources.\n- *Application and Network Load Balancers* : If you specify an ELB Application or Network Load Balancer and you set `EvaluateTargetHealth` to `true` , Route 53 routes queries to the load balancer based on the health of the target groups that are associated with the load balancer:\n\n- For an Application or Network Load Balancer to be considered healthy, every target group that contains targets must contain at least one healthy target. If any target group contains only unhealthy targets, the load balancer is considered unhealthy, and Route 53 routes queries to other resources.\n- A target group that has no registered targets is considered unhealthy.\n\n> When you create a load balancer, you configure settings for Elastic Load Balancing health checks; they're not Route 53 health checks, but they perform a similar function. Do not create Route 53 health checks for the EC2 instances that you register with an ELB load balancer.\n- **API Gateway APIs** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an API Gateway API. However, because API Gateway is highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **S3 buckets** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is an S3 bucket. However, because S3 buckets are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **VPC interface endpoints** - There are no special requirements for setting `EvaluateTargetHealth` to `true` when the alias target is a VPC interface endpoint. However, because VPC interface endpoints are highly available by design, `EvaluateTargetHealth` provides no operational benefit and [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) are recommended instead for failover scenarios.\n- **Other records in the same hosted zone** - If the AWS resource that you specify in `DNSName` is a record or a group of records (for example, a group of weighted records) but is not another alias record, we recommend that you associate a health check with all of the records in the alias target. For more information, see [What Happens When You Omit Health Checks?](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover-complex-configs.html#dns-failover-complex-configs-hc-omitting) in the *Amazon Route 53 Developer Guide* .\n\n> While `EvaluateTargetHealth` can be set to `true` for highly available AWS services (such as S3 buckets, VPC interface endpoints, and API Gateway), these services are designed for high availability and rarely experience outages that would be detected by this feature. For failover scenarios with these services, consider using [Route 53 health checks](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) that monitor your application's ability to access the service instead. \n\nFor more information and examples, see [Amazon Route 53 Health Checks and DNS Failover](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-failover.html) in the *Amazon Route 53 Developer Guide* .", "title": "EvaluateTargetHealth", "type": "boolean" }, @@ -232528,7 +232516,7 @@ "type": "boolean" }, "Name": { - "markdownDescription": "For `ChangeResourceRecordSets` requests, the name of the record that you want to create, update, or delete. For `ListResourceRecordSets` responses, the name of a record in the specified hosted zone.\n\n*ChangeResourceRecordSets Only*\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", + "markdownDescription": "The name of the record that you want to create, update, or delete.\n\nEnter a fully qualified domain name, for example, `www.example.com` . You can optionally include a trailing dot. If you omit the trailing dot, Amazon Route 53 assumes that the domain name that you specify is fully qualified. This means that Route 53 treats `www.example.com` (without a trailing dot) and `www.example.com.` (with a trailing dot) as identical.\n\nFor information about how to specify characters other than `a-z` , `0-9` , and `-` (hyphen) and how to specify internationalized domain names, see [DNS Domain Name Format](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/DomainNameFormat.html) in the *Amazon Route 53 Developer Guide* .\n\nYou can use the asterisk (*) wildcard to replace the leftmost label in a domain name, for example, `*.example.com` . Note the following:\n\n- The * must replace the entire label. For example, you can't specify `*prod.example.com` or `prod*.example.com` .\n- The * can't replace any of the middle labels, for example, marketing.*.example.com.\n- If you include * in any position other than the leftmost label in a domain name, DNS treats it as an * character (ASCII 42), not as a wildcard.\n\n> You can't use the * wildcard for resource records sets that have a type of NS.", "title": "Name", "type": "string" }, @@ -234536,7 +234524,7 @@ "type": "string" }, "Name": { - "markdownDescription": "The name for the Resolver rule, which you specified when you created the Resolver rule.", + "markdownDescription": "The name for the Resolver rule, which you specified when you created the Resolver rule.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "title": "Name", "type": "string" }, @@ -234656,7 +234644,7 @@ "additionalProperties": false, "properties": { "Name": { - "markdownDescription": "The name of an association between a Resolver rule and a VPC.", + "markdownDescription": "The name of an association between a Resolver rule and a VPC.\n\nThe name can be up to 64 characters long and can contain letters (a-z, A-Z), numbers (0-9), hyphens (-), underscores (_), and spaces. The name cannot consist of only numbers.", "title": "Name", "type": "string" }, @@ -235489,7 +235477,7 @@ "additionalProperties": false, "properties": { "Status": { - "markdownDescription": "Indicates whether to replicate delete markers. Disabled by default.", + "markdownDescription": "Indicates whether to replicate delete markers.", "title": "Status", "type": "string" } @@ -237803,7 +237791,7 @@ }, "ObjectLambdaConfiguration": { "$ref": "#/definitions/AWS::S3ObjectLambda::AccessPoint.ObjectLambdaConfiguration", - "markdownDescription": "A configuration used when creating an Object Lambda Access Point.", + "markdownDescription": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nA configuration used when creating an Object Lambda Access Point.", "title": "ObjectLambdaConfiguration" } }, @@ -238006,7 +237994,7 @@ "additionalProperties": false, "properties": { "ObjectLambdaAccessPoint": { - "markdownDescription": "An access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", + "markdownDescription": "> Amazon S3 Object Lambda will no longer be open to new customers starting on 11/7/2025. If you would like to use the service, please sign up prior to 11/7/2025. For capabilities similar to S3 Object Lambda, learn more here - [Amazon S3 Object Lambda availability change](https://docs.aws.amazon.com/AmazonS3/latest/userguide/amazons3-ol-change.html) . \n\nAn access point with an attached AWS Lambda function used to access transformed data from an Amazon S3 bucket.", "title": "ObjectLambdaAccessPoint", "type": "string" }, @@ -242063,12 +242051,12 @@ "additionalProperties": false, "properties": { "ApproveAfterDays": { - "markdownDescription": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "markdownDescription": "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of `7` means that patches are approved seven days after they are released.\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If the day represented by `7` is `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveAfterDays` or `ApproveUntilDate` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", "title": "ApproveAfterDays", "type": "number" }, "ApproveUntilDate": { - "markdownDescription": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2024-12-31` .\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", + "markdownDescription": "The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.\n\nEnter dates in the format `YYYY-MM-DD` . For example, `2025-11-16` .\n\nPatch Manager evaluates patch release dates using Coordinated Universal Time (UTC). If you enter the date `2025-11-16` , patches released between `2025-11-16T00:00:00Z` and `2025-11-16T23:59:59Z` will be included in the approval.\n\nThis parameter is marked as `Required: No` , but your request must include a value for either `ApproveUntilDate` or `ApproveAfterDays` .\n\nNot supported for Debian Server or Ubuntu Server.\n\n> Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the *Windows Server* tab in the topic [How security patches are selected](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-selecting-patches.html) in the *AWS Systems Manager User Guide* .", "title": "ApproveUntilDate", "type": "string" }, @@ -254264,7 +254252,7 @@ "type": "string" }, "Runtime": { - "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.9. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.9 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.7, enter *python3.7* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", + "markdownDescription": "> Do not set this value if you are using `Transform: AWS::SecretsManager-2024-09-16` . Over time, the updated rotation lambda artifacts vended by AWS may not be compatible with the code or shared object files defined in the rotation function deployment package.\n> \n> Only define the `Runtime` key if:\n> \n> - You are using `Transform: AWS::SecretsManager-2020-07-23` .\n> - The code or shared object files defined in the rotation function deployment package are incompatible with Python 3.10. \n\nThe Python Runtime version for with the rotation function. By default, CloudFormation deploys Python 3.10 binaries for the rotation function. To use a different version of Python, you must do the following two steps:\n\n- Deploy the matching version Python binaries with your rotation function.\n- Set the version number in this field. For example, for Python 3.10, enter *python3.10* .\n\nIf you only do one of the steps, your rotation function will be incompatible with the binaries. For more information, see [Why did my Lambda rotation function fail with a \"pg module not found\" error](https://docs.aws.amazon.com/https://repost.aws/knowledge-center/secrets-manager-lambda-rotation) .", "title": "Runtime", "type": "string" }, @@ -261209,7 +261197,7 @@ "additionalProperties": false, "properties": { "Handler": { - "markdownDescription": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .", + "markdownDescription": "The entry point to use for the source code when running the canary. For canaries that use the `syn-python-selenium-1.0` runtime or a `syn-nodejs.puppeteer` runtime earlier than `syn-nodejs.puppeteer-3.4` , the handler must be specified as `*fileName* .handler` . For `syn-python-selenium-1.1` , `syn-nodejs.puppeteer-3.4` , and later runtimes, the handler can be specified as `*fileName* . *functionName*` , or you can specify a folder where canary scripts reside as `*folder* / *fileName* . *functionName*` .\n\nThis field is required when you don't specify `BlueprintTypes` and is not allowed when you specify `BlueprintTypes` .", "title": "Handler", "type": "string" }, @@ -262685,7 +262673,7 @@ "type": "array" }, "Url": { - "markdownDescription": "The URL of the partner's AS2 or SFTP endpoint.", + "markdownDescription": "The URL of the partner's AS2 or SFTP endpoint.\n\nWhen creating AS2 connectors or service-managed SFTP connectors (connectors without egress configuration), you must provide a URL to specify the remote server endpoint. For VPC Lattice type connectors, the URL must be null.", "title": "Url", "type": "string" } @@ -262775,7 +262763,7 @@ "items": { "type": "string" }, - "markdownDescription": "The public portion of the host key, or keys, that are used to identify the external server to which you are connecting. You can use the `ssh-keyscan` command against the SFTP server to retrieve the necessary key.\n\n> `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza... `TrustedHostKeys` is optional for `CreateConnector` . If not provided, you can use `TestConnection` to retrieve the server host key during the initial connection attempt, and subsequently update the connector with the observed host key. \n\nWhen creating connectors with egress config (VPC_LATTICE type connectors), since host name is not something we can verify, the only accepted trusted host key format is `key-type key-body` without the host name. For example: `ssh-rsa AAAAB3Nza...`\n\nThe three standard SSH public key format elements are `` , `` , and an optional `` , with spaces between each element. Specify only the `` and `` : do not enter the `` portion of the key.\n\nFor the trusted host key, AWS Transfer Family accepts RSA and ECDSA keys.\n\n- For RSA keys, the `` string is `ssh-rsa` .\n- For ECDSA keys, the `` string is either `ecdsa-sha2-nistp256` , `ecdsa-sha2-nistp384` , or `ecdsa-sha2-nistp521` , depending on the size of the key you generated.\n\nRun this command to retrieve the SFTP server host key, where your SFTP server name is `ftp.host.com` .\n\n`ssh-keyscan ftp.host.com`\n\nThis prints the public host key to standard output.\n\n`ftp.host.com ssh-rsa AAAAB3Nza...`\n\nCopy and paste this string into the `TrustedHostKeys` field for the `create-connector` command or into the *Trusted host keys* field in the console.\n\nFor VPC Lattice type connectors (VPC_LATTICE), remove the hostname from the key and use only the `key-type key-body` format. In this example, it should be: `ssh-rsa AAAAB3Nza...`", "title": "TrustedHostKeys", "type": "array" }, @@ -262912,7 +262900,7 @@ "additionalProperties": false, "properties": { "Certificate": { - "markdownDescription": "The Amazon Resource Name (ARN) of the AWS Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *AWS Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *AWS Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *AWS Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", + "markdownDescription": "The Amazon Resource Name (ARN) of the Certificate Manager (ACM) certificate. Required when `Protocols` is set to `FTPS` .\n\nTo request a new public certificate, see [Request a public certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html) in the *Certificate Manager User Guide* .\n\nTo import an existing certificate into ACM, see [Importing certificates into ACM](https://docs.aws.amazon.com/acm/latest/userguide/import-certificate.html) in the *Certificate Manager User Guide* .\n\nTo request a private certificate to use FTPS through private IP addresses, see [Request a private certificate](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-private.html) in the *Certificate Manager User Guide* .\n\nCertificates with the following cryptographic algorithms and key sizes are supported:\n\n- 2048-bit RSA (RSA_2048)\n- 4096-bit RSA (RSA_4096)\n- Elliptic Prime Curve 256 bit (EC_prime256v1)\n- Elliptic Prime Curve 384 bit (EC_secp384r1)\n- Elliptic Prime Curve 521 bit (EC_secp521r1)\n\n> The certificate must be a valid SSL/TLS X.509 version 3 certificate with FQDN or IP address specified and information about the issuer.", "title": "Certificate", "type": "string" }, @@ -262965,7 +262953,7 @@ "items": { "$ref": "#/definitions/AWS::Transfer::Server.Protocol" }, - "markdownDescription": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in AWS Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", + "markdownDescription": "Specifies the file transfer protocol or protocols over which your file transfer protocol client can connect to your server's endpoint. The available protocols are:\n\n- `SFTP` (Secure Shell (SSH) File Transfer Protocol): File transfer over SSH\n- `FTPS` (File Transfer Protocol Secure): File transfer with TLS encryption\n- `FTP` (File Transfer Protocol): Unencrypted file transfer\n- `AS2` (Applicability Statement 2): used for transporting structured business-to-business data\n\n> - If you select `FTPS` , you must choose a certificate stored in Certificate Manager (ACM) which is used to identify your server when clients connect to it over FTPS.\n> - If `Protocol` includes either `FTP` or `FTPS` , then the `EndpointType` must be `VPC` and the `IdentityProviderType` must be either `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `FTP` , then `AddressAllocationIds` cannot be associated.\n> - If `Protocol` is set only to `SFTP` , the `EndpointType` can be set to `PUBLIC` and the `IdentityProviderType` can be set any of the supported identity types: `SERVICE_MANAGED` , `AWS_DIRECTORY_SERVICE` , `AWS_LAMBDA` , or `API_GATEWAY` .\n> - If `Protocol` includes `AS2` , then the `EndpointType` must be `VPC` , and domain must be Amazon S3. \n\nThe `Protocols` parameter is an array of strings.\n\n*Allowed values* : One or more of `SFTP` , `FTPS` , `FTP` , `AS2`", "title": "Protocols", "type": "array" }, @@ -263116,7 +263104,7 @@ "type": "array" }, "PassiveIp": { - "markdownDescription": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", + "markdownDescription": "Indicates passive mode, for FTP and FTPS protocols. Enter a single IPv4 address, such as the public IP address of a firewall, router, or load balancer. For example:\n\n`aws transfer update-server --protocol-details PassiveIp=0.0.0.0`\n\nReplace `0.0.0.0` in the example above with the actual IP address you want to use.\n\n> If you change the `PassiveIp` value, you must stop and then restart your Transfer Family server for the change to take effect. For details on using passive mode (PASV) in a NAT environment, see [Configuring your FTPS server behind a firewall or NAT with AWS Transfer Family](https://docs.aws.amazon.com/storage/configuring-your-ftps-server-behind-a-firewall-or-nat-with-aws-transfer-family/) .\n> \n> Additionally, avoid placing Network Load Balancers (NLBs) or NAT gateways in front of AWS Transfer Family servers. This configuration increases costs and can cause performance issues. When NLBs or NATs are in the communication path, Transfer Family cannot accurately recognize client IP addresses, which impacts connection sharding and limits FTPS servers to only 300 simultaneous connections instead of 10,000. If you must use an NLB, use port 21 for health checks and enable TLS session resumption by setting `TlsSessionResumptionMode = ENFORCED` . For optimal performance, migrate to VPC endpoints with Elastic IP addresses instead of using NLBs. For more details, see [Avoid placing NLBs and NATs in front of AWS Transfer Family](https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html#nlb-considerations) . \n\n*Special values*\n\nThe `AUTO` and `0.0.0.0` are special values for the `PassiveIp` parameter. The value `PassiveIp=AUTO` is assigned by default to FTP and FTPS type servers. In this case, the server automatically responds with one of the endpoint IPs within the PASV response. `PassiveIp=0.0.0.0` has a more unique application for its usage. For example, if you have a High Availability (HA) Network Load Balancer (NLB) environment, where you have 3 subnets, you can only specify a single IP address using the `PassiveIp` parameter. This reduces the effectiveness of having High Availability. In this case, you can specify `PassiveIp=0.0.0.0` . This tells the client to use the same IP address as the Control connection and utilize all AZs for their connections. Note, however, that not all FTP clients support the `PassiveIp=0.0.0.0` response. FileZilla and WinSCP do support it. If you are using other clients, check to see if your client supports the `PassiveIp=0.0.0.0` response.", "title": "PassiveIp", "type": "string" }, diff --git a/schema_source/sam.schema.json b/schema_source/sam.schema.json index 169a78c7f..2a12354af 100644 --- a/schema_source/sam.schema.json +++ b/schema_source/sam.schema.json @@ -2397,6 +2397,9 @@ "DestinationConfig": { "$ref": "#/definitions/PassThroughProp" }, + "Enabled": { + "$ref": "#/definitions/PassThroughProp" + }, "FilterCriteria": { "allOf": [ { @@ -5572,6 +5575,9 @@ "title": "Tags", "type": "object" }, + "TenancyConfig": { + "$ref": "#/definitions/PassThroughProp" + }, "Timeout": { "allOf": [ { @@ -6160,6 +6166,9 @@ "title": "Tags", "type": "object" }, + "TenancyConfig": { + "$ref": "#/definitions/PassThroughProp" + }, "Timeout": { "allOf": [ { diff --git a/tests/intrinsics/test_resolver.py b/tests/intrinsics/test_resolver.py index 38fbefb4b..42f22fd1f 100644 --- a/tests/intrinsics/test_resolver.py +++ b/tests/intrinsics/test_resolver.py @@ -119,6 +119,133 @@ def test_short_circuit_on_empty_parameters(self): self.assertEqual(resolver.resolve_parameter_refs(input), expected) resolver._try_resolve_parameter_refs.assert_not_called() + def test_cloudformation_internal_placeholder_not_resolved(self): + """Test that CloudFormation internal placeholders are not resolved""" + parameter_values = { + "UserPoolArn": "{{IntrinsicFunction:debugging-cloudformation-issues4/Cognito.Outputs.UserPoolArn/Fn::GetAtt}}", + "NormalParam": "normal-value", + } + resolver = IntrinsicsResolver(parameter_values) + + # CloudFormation placeholder should not be resolved + input1 = {"Ref": "UserPoolArn"} + expected1 = {"Ref": "UserPoolArn"} + output1 = resolver.resolve_parameter_refs(input1) + self.assertEqual(output1, expected1) + + # Normal parameter should still be resolved + input2 = {"Ref": "NormalParam"} + expected2 = "normal-value" + output2 = resolver.resolve_parameter_refs(input2) + self.assertEqual(output2, expected2) + + def test_cloudformation_placeholders_in_nested_structure(self): + """Test CloudFormation placeholders in nested structures""" + parameter_values = { + "Placeholder1": "{{IntrinsicFunction:stack/Output1/Fn::GetAtt}}", + "Placeholder2": "{{IntrinsicFunction:stack/Output2/Fn::GetAtt}}", + "NormalParam": "value", + } + resolver = IntrinsicsResolver(parameter_values) + + input = { + "Resources": { + "Resource1": { + "Properties": { + "Prop1": {"Ref": "Placeholder1"}, + "Prop2": {"Ref": "NormalParam"}, + "Prop3": {"Ref": "Placeholder2"}, + } + } + } + } + + expected = { + "Resources": { + "Resource1": { + "Properties": { + "Prop1": {"Ref": "Placeholder1"}, # Not resolved + "Prop2": "value", # Resolved + "Prop3": {"Ref": "Placeholder2"}, # Not resolved + } + } + } + } + + output = resolver.resolve_parameter_refs(input) + self.assertEqual(output, expected) + + def test_cloudformation_placeholders_in_lists(self): + """Test CloudFormation placeholders in list structures""" + parameter_values = { + "VpceId": "{{IntrinsicFunction:stack/VpcEndpoint.Outputs.Id/Fn::GetAtt}}", + "Region": "us-east-1", + } + resolver = IntrinsicsResolver(parameter_values) + + input = [{"Ref": "VpceId"}, {"Ref": "Region"}, "static-value", {"Ref": "VpceId"}] + + expected = [ + {"Ref": "VpceId"}, # Not resolved + "us-east-1", # Resolved + "static-value", + {"Ref": "VpceId"}, # Not resolved + ] + + output = resolver.resolve_parameter_refs(input) + self.assertEqual(output, expected) + + def test_cloudformation_placeholders_with_sub(self): + """Test that CloudFormation placeholders inside Fn::Sub are not substituted + + Similar to Ref, Fn::Sub should not substitute CloudFormation internal placeholders. + This prevents the placeholders from being embedded in strings where they can't be + properly handled by CloudFormation. + """ + parameter_values = { + "Placeholder": "{{IntrinsicFunction:stack/Output/Fn::GetAtt}}", + "NormalParam": "normal-value", + } + resolver = IntrinsicsResolver(parameter_values) + + # Sub should not substitute CloudFormation placeholders, but should substitute normal params + input = {"Fn::Sub": "Value is ${Placeholder} and ${NormalParam}"} + expected = {"Fn::Sub": "Value is ${Placeholder} and normal-value"} + + output = resolver.resolve_parameter_refs(input) + self.assertEqual(output, expected) + + def test_various_cloudformation_placeholder_formats(self): + """Test various CloudFormation placeholder formats""" + parameter_values = { + "Valid1": "{{IntrinsicFunction:stack/Resource.Outputs.Value/Fn::GetAtt}}", + "Valid2": "{{IntrinsicFunction:name-with-dashes/Out/Fn::GetAtt}}", + "Valid3": "{{IntrinsicFunction:stack123/Resource.Out/Fn::GetAtt}}", + "NotPlaceholder1": "{{SomethingElse}}", + "NotPlaceholder2": "{{intrinsicfunction:lowercase}}", + "NotPlaceholder3": "normal-string", + } + resolver = IntrinsicsResolver(parameter_values) + + # Valid placeholders should not be resolved + for param in ["Valid1", "Valid2", "Valid3"]: + input = {"Ref": param} + expected = {"Ref": param} + output = resolver.resolve_parameter_refs(input) + self.assertEqual(output, expected, f"Failed for {param}") + + # Non-placeholders should be resolved + test_cases = [ + ("NotPlaceholder1", "{{SomethingElse}}"), + ("NotPlaceholder2", "{{intrinsicfunction:lowercase}}"), + ("NotPlaceholder3", "normal-string"), + ] + + for param, expected_value in test_cases: + input = {"Ref": param} + output = resolver.resolve_parameter_refs(input) + self.assertEqual(output, expected_value, f"Failed for {param}") + class TestResourceReferenceResolution(TestCase): def setUp(self): diff --git a/tests/translator/input/error_tenancy_with_dynamodb_event.yaml b/tests/translator/input/error_tenancy_with_dynamodb_event.yaml new file mode 100644 index 000000000..46d8add3b --- /dev/null +++ b/tests/translator/input/error_tenancy_with_dynamodb_event.yaml @@ -0,0 +1,32 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyTable: + Type: AWS::DynamoDB::Table + Properties: + AttributeDefinitions: + - AttributeName: id + AttributeType: S + KeySchema: + - AttributeName: id + KeyType: HASH + BillingMode: PAY_PER_REQUEST + StreamSpecification: + StreamViewType: NEW_AND_OLD_IMAGES + + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + Events: + MyDynamoDBEvent: + Type: DynamoDB + Properties: + Stream: !GetAtt MyTable.StreamArn + StartingPosition: LATEST diff --git a/tests/translator/input/error_tenancy_with_function_url.yaml b/tests/translator/input/error_tenancy_with_function_url.yaml new file mode 100644 index 000000000..9eca91d27 --- /dev/null +++ b/tests/translator/input/error_tenancy_with_function_url.yaml @@ -0,0 +1,15 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + FunctionUrlConfig: + AuthType: AWS_IAM diff --git a/tests/translator/input/error_tenancy_with_provisioned_concurrency.yaml b/tests/translator/input/error_tenancy_with_provisioned_concurrency.yaml new file mode 100644 index 000000000..e20056b6f --- /dev/null +++ b/tests/translator/input/error_tenancy_with_provisioned_concurrency.yaml @@ -0,0 +1,16 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + AutoPublishAlias: live + ProvisionedConcurrencyConfig: + ProvisionedConcurrentExecutions: 5 diff --git a/tests/translator/input/error_tenancy_with_snapstart.yaml b/tests/translator/input/error_tenancy_with_snapstart.yaml new file mode 100644 index 000000000..d8e8cdcb1 --- /dev/null +++ b/tests/translator/input/error_tenancy_with_snapstart.yaml @@ -0,0 +1,15 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + SnapStart: + ApplyOn: PublishedVersions diff --git a/tests/translator/input/error_tenancy_with_sns_event.yaml b/tests/translator/input/error_tenancy_with_sns_event.yaml new file mode 100644 index 000000000..731569e32 --- /dev/null +++ b/tests/translator/input/error_tenancy_with_sns_event.yaml @@ -0,0 +1,21 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyTopic: + Type: AWS::SNS::Topic + + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + Events: + MySNSEvent: + Type: SNS + Properties: + Topic: !Ref MyTopic diff --git a/tests/translator/input/error_tenancy_with_sqs_event.yaml b/tests/translator/input/error_tenancy_with_sqs_event.yaml new file mode 100644 index 000000000..355736a5c --- /dev/null +++ b/tests/translator/input/error_tenancy_with_sqs_event.yaml @@ -0,0 +1,21 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyQueue: + Type: AWS::SQS::Queue + + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {} + TenancyConfig: + TenantIsolationMode: PER_TENANT + Events: + MySQSEvent: + Type: SQS + Properties: + Queue: !GetAtt MyQueue.Arn diff --git a/tests/translator/input/function_with_tenancy_and_api_event.yaml b/tests/translator/input/function_with_tenancy_and_api_event.yaml new file mode 100644 index 000000000..f82c9fb71 --- /dev/null +++ b/tests/translator/input/function_with_tenancy_and_api_event.yaml @@ -0,0 +1,19 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {'statusCode': 200, 'body': 'Hello'} + TenancyConfig: + TenantIsolationMode: PER_TENANT + Events: + MyApiEvent: + Type: Api + Properties: + Path: /hello + Method: get diff --git a/tests/translator/input/function_with_tenancy_and_httpapi_event.yaml b/tests/translator/input/function_with_tenancy_and_httpapi_event.yaml new file mode 100644 index 000000000..6407f37e6 --- /dev/null +++ b/tests/translator/input/function_with_tenancy_and_httpapi_event.yaml @@ -0,0 +1,19 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + MyFunction: + Type: AWS::Serverless::Function + Properties: + Runtime: python3.11 + Handler: index.handler + InlineCode: | + def handler(event, context): + return {'statusCode': 200, 'body': 'Hello'} + TenancyConfig: + TenantIsolationMode: PER_TENANT + Events: + MyHttpApiEvent: + Type: HttpApi + Properties: + Path: /hello + Method: get diff --git a/tests/translator/input/function_with_tenancy_config.yaml b/tests/translator/input/function_with_tenancy_config.yaml new file mode 100644 index 000000000..2605a500b --- /dev/null +++ b/tests/translator/input/function_with_tenancy_config.yaml @@ -0,0 +1,11 @@ +Transform: AWS::Serverless-2016-10-31 + +Resources: + FunctionWithTenancyConfig: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/hello.zip + Handler: hello.handler + Runtime: python3.11 + TenancyConfig: + TenantIsolationMode: PER_TENANT diff --git a/tests/translator/input/function_with_tenancy_config_global.yaml b/tests/translator/input/function_with_tenancy_config_global.yaml new file mode 100644 index 000000000..e962c6d26 --- /dev/null +++ b/tests/translator/input/function_with_tenancy_config_global.yaml @@ -0,0 +1,18 @@ +Globals: + Function: + Runtime: python3.8 + Handler: hello.handler + TenancyConfig: + TenantIsolationMode: PER_TENANT + +Resources: + MinimalFunction: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/hello.zip + + FunctionWithOverride: + Type: AWS::Serverless::Function + Properties: + CodeUri: s3://sam-demo-bucket/world.zip + Runtime: nodejs18.x diff --git a/tests/translator/output/aws-cn/function_with_tenancy_and_api_event.json b/tests/translator/output/aws-cn/function_with_tenancy_and_api_event.json new file mode 100644 index 000000000..c685847e6 --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_tenancy_and_api_event.json @@ -0,0 +1,138 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-cn:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-cn:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeployment5cbed9eb47": { + "Properties": { + "Description": "RestApi deployment id: 5cbed9eb470e4da861c9f37642669fe49ac6de08", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment5cbed9eb47" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-cn/function_with_tenancy_and_httpapi_event.json b/tests/translator/output/aws-cn/function_with_tenancy_and_httpapi_event.json new file mode 100644 index 000000000..fcc031050 --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_tenancy_and_httpapi_event.json @@ -0,0 +1,128 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyHttpApiEventPermission": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessHttpApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessHttpApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "openapi": "3.0.1", + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "payloadFormatVersion": "2.0", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "tags": [ + { + "name": "httpapi:createdBy", + "x-amazon-apigateway-tag-value": "SAM" + } + ] + } + }, + "Type": "AWS::ApiGatewayV2::Api" + }, + "ServerlessHttpApiApiGatewayDefaultStage": { + "Properties": { + "ApiId": { + "Ref": "ServerlessHttpApi" + }, + "AutoDeploy": true, + "StageName": "$default", + "Tags": { + "httpapi:createdBy": "SAM" + } + }, + "Type": "AWS::ApiGatewayV2::Stage" + } + } +} diff --git a/tests/translator/output/aws-cn/function_with_tenancy_config.json b/tests/translator/output/aws-cn/function_with_tenancy_config.json new file mode 100644 index 000000000..75f0e0517 --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_tenancy_config.json @@ -0,0 +1,60 @@ +{ + "Resources": { + "FunctionWithTenancyConfig": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithTenancyConfigRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithTenancyConfigRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-cn/function_with_tenancy_config_global.json b/tests/translator/output/aws-cn/function_with_tenancy_config_global.json new file mode 100644 index 000000000..cf18d7480 --- /dev/null +++ b/tests/translator/output/aws-cn/function_with_tenancy_config_global.json @@ -0,0 +1,116 @@ +{ + "Resources": { + "FunctionWithOverride": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "world.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithOverrideRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithOverrideRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "MinimalFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.8", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MinimalFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-cn:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-us-gov/function_with_tenancy_and_api_event.json b/tests/translator/output/aws-us-gov/function_with_tenancy_and_api_event.json new file mode 100644 index 000000000..86aeeaca7 --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_tenancy_and_api_event.json @@ -0,0 +1,138 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws-us-gov:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws-us-gov:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + }, + "EndpointConfiguration": { + "Types": [ + "REGIONAL" + ] + }, + "Parameters": { + "endpointConfigurationTypes": "REGIONAL" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeployment41f4d38e59": { + "Properties": { + "Description": "RestApi deployment id: 41f4d38e591445f4e00f2a02eeb3f6ea34c41480", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment41f4d38e59" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/aws-us-gov/function_with_tenancy_and_httpapi_event.json b/tests/translator/output/aws-us-gov/function_with_tenancy_and_httpapi_event.json new file mode 100644 index 000000000..570cd4569 --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_tenancy_and_httpapi_event.json @@ -0,0 +1,128 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyHttpApiEventPermission": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessHttpApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessHttpApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "openapi": "3.0.1", + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "payloadFormatVersion": "2.0", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "tags": [ + { + "name": "httpapi:createdBy", + "x-amazon-apigateway-tag-value": "SAM" + } + ] + } + }, + "Type": "AWS::ApiGatewayV2::Api" + }, + "ServerlessHttpApiApiGatewayDefaultStage": { + "Properties": { + "ApiId": { + "Ref": "ServerlessHttpApi" + }, + "AutoDeploy": true, + "StageName": "$default", + "Tags": { + "httpapi:createdBy": "SAM" + } + }, + "Type": "AWS::ApiGatewayV2::Stage" + } + } +} diff --git a/tests/translator/output/aws-us-gov/function_with_tenancy_config.json b/tests/translator/output/aws-us-gov/function_with_tenancy_config.json new file mode 100644 index 000000000..c418dc524 --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_tenancy_config.json @@ -0,0 +1,60 @@ +{ + "Resources": { + "FunctionWithTenancyConfig": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithTenancyConfigRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithTenancyConfigRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/aws-us-gov/function_with_tenancy_config_global.json b/tests/translator/output/aws-us-gov/function_with_tenancy_config_global.json new file mode 100644 index 000000000..8253d42b9 --- /dev/null +++ b/tests/translator/output/aws-us-gov/function_with_tenancy_config_global.json @@ -0,0 +1,116 @@ +{ + "Resources": { + "FunctionWithOverride": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "world.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithOverrideRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithOverrideRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "MinimalFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.8", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MinimalFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws-us-gov:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/error_tenancy_with_dynamodb_event.json b/tests/translator/output/error_tenancy_with_dynamodb_event.json new file mode 100644 index 000000000..8e1aeb157 --- /dev/null +++ b/tests/translator/output/error_tenancy_with_dynamodb_event.json @@ -0,0 +1,10 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Event source 'DynamoDB' is not supported for functions enabled with tenancy configuration. ", + "Only Api and HttpApi event sources are supported." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Event source 'DynamoDB' is not supported for functions enabled with tenancy configuration. Only Api and HttpApi event sources are supported." +} diff --git a/tests/translator/output/error_tenancy_with_function_url.json b/tests/translator/output/error_tenancy_with_function_url.json new file mode 100644 index 000000000..735282d3f --- /dev/null +++ b/tests/translator/output/error_tenancy_with_function_url.json @@ -0,0 +1,9 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Function URL is not supported for functions enabled with tenancy configuration." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Function URL is not supported for functions enabled with tenancy configuration." +} diff --git a/tests/translator/output/error_tenancy_with_provisioned_concurrency.json b/tests/translator/output/error_tenancy_with_provisioned_concurrency.json new file mode 100644 index 000000000..e8cf0efa2 --- /dev/null +++ b/tests/translator/output/error_tenancy_with_provisioned_concurrency.json @@ -0,0 +1,9 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Provisioned concurrency is not supported for functions enabled with tenancy configuration." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Provisioned concurrency is not supported for functions enabled with tenancy configuration." +} diff --git a/tests/translator/output/error_tenancy_with_snapstart.json b/tests/translator/output/error_tenancy_with_snapstart.json new file mode 100644 index 000000000..33032ec63 --- /dev/null +++ b/tests/translator/output/error_tenancy_with_snapstart.json @@ -0,0 +1,9 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "SnapStart is not supported for functions enabled with tenancy configuration." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. SnapStart is not supported for functions enabled with tenancy configuration." +} diff --git a/tests/translator/output/error_tenancy_with_sns_event.json b/tests/translator/output/error_tenancy_with_sns_event.json new file mode 100644 index 000000000..c68fcbcb8 --- /dev/null +++ b/tests/translator/output/error_tenancy_with_sns_event.json @@ -0,0 +1,10 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Event source 'SNS' is not supported for functions enabled with tenancy configuration. ", + "Only Api and HttpApi event sources are supported." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Event source 'SNS' is not supported for functions enabled with tenancy configuration. Only Api and HttpApi event sources are supported." +} diff --git a/tests/translator/output/error_tenancy_with_sqs_event.json b/tests/translator/output/error_tenancy_with_sqs_event.json new file mode 100644 index 000000000..b062bcd98 --- /dev/null +++ b/tests/translator/output/error_tenancy_with_sqs_event.json @@ -0,0 +1,10 @@ +{ + "_autoGeneratedBreakdownErrorMessage": [ + "Invalid Serverless Application Specification document. ", + "Number of errors found: 1. ", + "Resource with id [MyFunction] is invalid. ", + "Event source 'SQS' is not supported for functions enabled with tenancy configuration. ", + "Only Api and HttpApi event sources are supported." + ], + "errorMessage": "Invalid Serverless Application Specification document. Number of errors found: 1. Resource with id [MyFunction] is invalid. Event source 'SQS' is not supported for functions enabled with tenancy configuration. Only Api and HttpApi event sources are supported." +} diff --git a/tests/translator/output/function_with_tenancy_and_api_event.json b/tests/translator/output/function_with_tenancy_and_api_event.json new file mode 100644 index 000000000..6fed7c899 --- /dev/null +++ b/tests/translator/output/function_with_tenancy_and_api_event.json @@ -0,0 +1,130 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyApiEventPermissionProd": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:aws:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessRestApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessRestApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "swagger": "2.0" + } + }, + "Type": "AWS::ApiGateway::RestApi" + }, + "ServerlessRestApiDeployment5c4e8a6a13": { + "Properties": { + "Description": "RestApi deployment id: 5c4e8a6a1322dd51f1bb880a3926ffdbc929ad66", + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Stage" + }, + "Type": "AWS::ApiGateway::Deployment" + }, + "ServerlessRestApiProdStage": { + "Properties": { + "DeploymentId": { + "Ref": "ServerlessRestApiDeployment5c4e8a6a13" + }, + "RestApiId": { + "Ref": "ServerlessRestApi" + }, + "StageName": "Prod" + }, + "Type": "AWS::ApiGateway::Stage" + } + } +} diff --git a/tests/translator/output/function_with_tenancy_and_httpapi_event.json b/tests/translator/output/function_with_tenancy_and_httpapi_event.json new file mode 100644 index 000000000..531738697 --- /dev/null +++ b/tests/translator/output/function_with_tenancy_and_httpapi_event.json @@ -0,0 +1,128 @@ +{ + "Resources": { + "MyFunction": { + "Properties": { + "Code": { + "ZipFile": "def handler(event, context):\n return {'statusCode': 200, 'body': 'Hello'}\n" + }, + "Handler": "index.handler", + "Role": { + "Fn::GetAtt": [ + "MyFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MyFunctionMyHttpApiEventPermission": { + "Properties": { + "Action": "lambda:InvokeFunction", + "FunctionName": { + "Ref": "MyFunction" + }, + "Principal": "apigateway.amazonaws.com", + "SourceArn": { + "Fn::Sub": [ + "arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello", + { + "__ApiId__": { + "Ref": "ServerlessHttpApi" + }, + "__Stage__": "*" + } + ] + } + }, + "Type": "AWS::Lambda::Permission" + }, + "MyFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "ServerlessHttpApi": { + "Properties": { + "Body": { + "info": { + "title": { + "Ref": "AWS::StackName" + }, + "version": "1.0" + }, + "openapi": "3.0.1", + "paths": { + "/hello": { + "get": { + "responses": {}, + "x-amazon-apigateway-integration": { + "httpMethod": "POST", + "payloadFormatVersion": "2.0", + "type": "aws_proxy", + "uri": { + "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${MyFunction.Arn}/invocations" + } + } + } + } + }, + "tags": [ + { + "name": "httpapi:createdBy", + "x-amazon-apigateway-tag-value": "SAM" + } + ] + } + }, + "Type": "AWS::ApiGatewayV2::Api" + }, + "ServerlessHttpApiApiGatewayDefaultStage": { + "Properties": { + "ApiId": { + "Ref": "ServerlessHttpApi" + }, + "AutoDeploy": true, + "StageName": "$default", + "Tags": { + "httpapi:createdBy": "SAM" + } + }, + "Type": "AWS::ApiGatewayV2::Stage" + } + } +} diff --git a/tests/translator/output/function_with_tenancy_config.json b/tests/translator/output/function_with_tenancy_config.json new file mode 100644 index 000000000..f8463ac44 --- /dev/null +++ b/tests/translator/output/function_with_tenancy_config.json @@ -0,0 +1,60 @@ +{ + "Resources": { + "FunctionWithTenancyConfig": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithTenancyConfigRole", + "Arn" + ] + }, + "Runtime": "python3.11", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithTenancyConfigRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +} diff --git a/tests/translator/output/function_with_tenancy_config_global.json b/tests/translator/output/function_with_tenancy_config_global.json new file mode 100644 index 000000000..b86fa7931 --- /dev/null +++ b/tests/translator/output/function_with_tenancy_config_global.json @@ -0,0 +1,116 @@ +{ + "Resources": { + "FunctionWithOverride": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "world.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "FunctionWithOverrideRole", + "Arn" + ] + }, + "Runtime": "nodejs18.x", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "FunctionWithOverrideRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + }, + "MinimalFunction": { + "Properties": { + "Code": { + "S3Bucket": "sam-demo-bucket", + "S3Key": "hello.zip" + }, + "Handler": "hello.handler", + "Role": { + "Fn::GetAtt": [ + "MinimalFunctionRole", + "Arn" + ] + }, + "Runtime": "python3.8", + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ], + "TenancyConfig": { + "TenantIsolationMode": "PER_TENANT" + } + }, + "Type": "AWS::Lambda::Function" + }, + "MinimalFunctionRole": { + "Properties": { + "AssumeRolePolicyDocument": { + "Statement": [ + { + "Action": [ + "sts:AssumeRole" + ], + "Effect": "Allow", + "Principal": { + "Service": [ + "lambda.amazonaws.com" + ] + } + } + ], + "Version": "2012-10-17" + }, + "ManagedPolicyArns": [ + "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" + ], + "Tags": [ + { + "Key": "lambda:createdBy", + "Value": "SAM" + } + ] + }, + "Type": "AWS::IAM::Role" + } + } +}